projects
/
squirrelmail.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
Fixes XSS bug in mailbox_display with malicious From: headers.
[squirrelmail.git]
/
functions
/
mailbox_display.php
diff --git
a/functions/mailbox_display.php
b/functions/mailbox_display.php
index 8861f11c0fac82b6eb857a314bec295e19f6720f..f5cdda6182c33496985a8a15bc3939e276fcc052 100644
(file)
--- a/
functions/mailbox_display.php
+++ b/
functions/mailbox_display.php
@@
-155,7
+155,7
@@
function printMessageInfo($imapConnection, $t, $not_last=true, $key, $mailbox,
break;
case 2: /* from */
echo html_tag( 'td',
- $italic . $bold . $flag . $fontstr .
$senderName
.
+ $italic . $bold . $flag . $fontstr .
htmlentities($senderName)
.
$fontstr_end . $flag_end . $bold_end . $italic_end,
'left',
$hlt_color );