From cb718de0920480d89b64994c0bf287b94dc6b0c1 Mon Sep 17 00:00:00 2001
From: stekkel <stekkel@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Sat, 23 Oct 2004 09:18:12 +0000
Subject: [PATCH] Fixed XSS vulnarability in decodeHeader function spotted by
 Joost Pol

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@8230 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 functions/mime.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/functions/mime.php b/functions/mime.php
index 7bacc862..ca700c83 100644
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -659,7 +659,11 @@ function decodeHeader ($string, $utfencode=true,$htmlsave=true,$decide=false) {
             }
             $iLastMatch = $i;
             $j = $i;
-            $ret .= $res[1];
+            if ($htmlsave) {
+                $ret .= htmlspecialchars($res[1]);
+            } else {
+                $ret .= $res[1];
+            }
             $encoding = ucfirst($res[3]);
 
             /* decide about valid decoding */
-- 
2.25.1