Added a conversion from < to &lt; when viewing "non-HTML" email for
authorphutnick <phutnick@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Tue, 4 Sep 2001 18:46:51 +0000 (18:46 +0000)
committerphutnick <phutnick@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Tue, 4 Sep 2001 18:46:51 +0000 (18:46 +0000)
security reasons.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@1486 7612ce4b-ef26-0410-bec9-ea0150e637f0

functions/mime.php

index a347425..278c0d9 100644 (file)
       $body = str_replace("\r\n", "\n", $body);
       $encoding = strtolower($encoding);
 
+      global $show_html_default;
+
       if ($encoding == "quoted-printable") {
          $body = quoted_printable_decode($body);
 
          $body = base64_decode($body);
       }
 
+      if (!$show_html_default) {
+         $body = str_replace('<', '&lt;', $body);
+//         $body = str_replace('>', '&gt;', $body);
+// Both this and $body = htmlspecialchars($body); mess up inline
+//  quoting :-(  Anyway, just replacing < gets the job done.
+      }
+
       // All other encodings are returned raw.
       return $body;
    }