From 676bb189f81c8eecc9e50516ae08809f1a941966 Mon Sep 17 00:00:00 2001 From: ebullient Date: Mon, 10 Mar 2003 07:08:15 +0000 Subject: [PATCH] Fix some interesting behavior when adding a signature to a message that included personal names with quotes in them. I stumbled on to this, and Jon pointed out it was actually an XSS bug. Whee. ;) git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4628 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- src/compose.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/compose.php b/src/compose.php index c594a679..22a70278 100644 --- a/src/compose.php +++ b/src/compose.php @@ -853,6 +853,10 @@ function showInputForm ($session, $values=false) { $mailprio = $values['mailprio']; $body = $values['body']; $identity = (int) $values['identity']; + } else { + $send_to = decodeHeader($send_to); + $send_to_cc = decodeHeader($send_to_cc); + $send_to_bcc = decodeHeader($send_to_bcc); } if ($use_javascript_addr_book) { -- 2.25.1