projects / squirrelmail.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Security: fixes for the HTML filter to counter further XSS exploits:
[squirrelmail.git] / src / view_text.php
diff --git a/src/view_text.php b/src/view_text.php
index ce84feb44bc81aecd1b4016c69d18a2954bf4bc4..e2ea3f02e4bec4f6345560867b15390e4bc24e0a 100644 (file)
--- a/src/view_text.php
+++ b/src/view_text.php
@@ -65,11 +65,11 @@ if (isset($languages[$squirrelmail_language]['XTRA_CODE']) &&
 
 if ($type1 == 'html' || (isset($override_type1) &&  $override_type1 == 'html')) {
     $ishtml = TRUE;
-    $body = MagicHTML( $body, $passed_id, $message, $mailbox);
     // html attachment with character set information
     if (! empty($charset)) {
         $body = charset_decode($charset,$body,false,true);
     }
+    $body = MagicHTML( $body, $passed_id, $message, $mailbox);
 } else {
     $ishtml = FALSE;
     translateText($body, $wrap_at, $charset);
Unnamed repository; edit this file 'description' to name the repository.