From 72520f77e8cd4d3416f07e0c0e9c1476eb99a713 Mon Sep 17 00:00:00 2001
From: jangliss <jangliss@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Sun, 28 Mar 2004 11:50:13 +0000
Subject: [PATCH] Fix part 1 for XSS issue... call page like this:

  src/compose.php?mailbox="><script>alert('Nuts!');</script>

Because this file is included in other pages, it could affect others too.


git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@6911 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 functions/page_header.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/functions/page_header.php b/functions/page_header.php
index 180968da..0228eeba 100644
--- a/functions/page_header.php
+++ b/functions/page_header.php
@@ -277,8 +277,8 @@ function displayPageHeader($color, $mailbox, $xtra='', $session=false) {
 
     echo "<body text=\"$color[8]\" bgcolor=\"$color[4]\" link=\"$color[7]\" vlink=\"$color[7]\" alink=\"$color[7]\" $onload>\n\n";
     /** Here is the header and wrapping table **/
-    $shortBoxName = imap_utf7_decode_local(
-		      readShortMailboxName($mailbox, $delimiter));
+    $shortBoxName = htmlspecialchars(imap_utf7_decode_local(
+		      readShortMailboxName($mailbox, $delimiter)));
     if ( $shortBoxName == 'INBOX' ) {
         $shortBoxName = _("INBOX");
     }
-- 
2.25.1