From 879694a5dec8ecc4fa9156d7fd30eee9788067ac Mon Sep 17 00:00:00 2001
From: jangliss <jangliss@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Thu, 6 Feb 2003 04:56:10 +0000
Subject: [PATCH] Another XSS problem, carefully constructed X-Mailer header
 would result in XSS vulnerabilities.  Thanks to Masato Higashiyama for
 spotting this.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4500 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 ChangeLog         | 4 +++-
 src/read_body.php | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 9bbc7e34..0a41316d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -36,7 +36,9 @@ Version 1.4.0 RC 2a
   - Fix prefs caching not working correctly in PHP 4.3 caused by a stupid
     version checking mechanism.
   - Fix XXS hole that allowed JavaScript execution by sending someone
-    an email with specially crafted headers. Thanks Jason Munro.
+    an email with specially crafted headers. Thanks Jason Munro, and
+    Masato Higashiyama.
+
 
 Version 1.4.0 RC 1
 ------------------
diff --git a/src/read_body.php b/src/read_body.php
index 873a3598..7eb19568 100644
--- a/src/read_body.php
+++ b/src/read_body.php
@@ -417,7 +417,7 @@ function formatEnvheader($mailbox, $passed_id, $passed_ent_id, $message,
         $env[_("Priority")] = getPriorityStr($header->priority);
     }
     if ($show_xmailer_default) {
-        $env[_("Mailer")] = decodeHeader($header->xmailer);
+        $env[_("Mailer")] = htmlentities(decodeHeader($header->xmailer));
     }
     if ($default_use_mdn) {
         if ($mdn_user_support) {
-- 
2.25.1