From 88104625cc762185b3361f1b347c89900280e2e4 Mon Sep 17 00:00:00 2001
From: graf25 <graf25@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Tue, 16 Apr 2002 15:01:47 +0000
Subject: [PATCH] Fix for [ 544658 ] Cross-site scripting vulnerability.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@2735 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 functions/mime.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/functions/mime.php b/functions/mime.php
index 6187e6c8..4451dbfc 100644
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -1085,12 +1085,16 @@ function MagicHTML( $body, $id ) {
             $pos = $i + 1;
             $tag = '';
             while ($body{$pos} == ' ' || $body{$pos} == "\t" ||
-                   $body{$pos} == "\n" ) {
+                   $body{$pos} == "\n") {
                 $pos ++;
             }
             while (strlen($tag) < 4 && $body{$pos} != ' ' &&
                    $body{$pos} != "\t" && $body{$pos} != "\n" &&
                    $pos < $j ) {
+                if ($body{$pos} == "<"){
+                    $tag = '';
+                    $pos++;
+                }
                 $tag .= $body{$pos};
                 $pos ++;
             }
-- 
2.25.1