From cca46357afd0ea48aec2b7f7904c67b430f36fc3 Mon Sep 17 00:00:00 2001
From: graf25 <graf25@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Fri, 19 Apr 2002 03:52:36 +0000
Subject: [PATCH] Fix for [ 545933 ] Cross-site scripting vulnerability.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@2750 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 functions/mime.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/functions/mime.php b/functions/mime.php
index 4451dbfc..14caa71b 100644
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -1361,6 +1361,22 @@ function stripEvent( &$i, $j, &$body, $id, $base ) {
 
     while ( $body{$i} <> '>' &&
            $i < $j ) {
+        /**
+         * [ 545933 ] Cross-site scripting vulnerability
+         * <hr>
+         * <img x="<foo>" src=javascript:alert(1) y="</foo>">
+         * <hr>
+         *
+         * This code will ignore anything within the quotes
+         * so they don't mess us up.
+         */
+        if ( $body{$i} == '"' || $body{$i} == "'" ){
+            $quotechar = $body{$i};
+            do {
+                $ret .= $body{$i};
+                $i++;
+            } while ($body{$i} != $quotechar && $i < $j);
+        }
         $etg = strtolower($body{$i}.$body{$i+1}.$body{$i+2});
         switch( $etg ) {
         case 'src':
-- 
2.25.1