projects / squirrelmail.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2714d4f)
Fixed XSS vulnarability spotted by "Roman Medina" after a very thorough
authorstekkel <stekkel@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Sun, 23 May 2004 16:09:48 +0000 (16:09 +0000)
committerstekkel <stekkel@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Sun, 23 May 2004 16:09:48 +0000 (16:09 +0000)
research of the SquirrelMail source. I was impressed.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@7529 7612ce4b-ef26-0410-bec9-ea0150e637f0

functions/mime.php patch | blob | blame | history

diff --git a/functions/mime.php b/functions/mime.php
index 35892b7b9ee0b33c103057cffd59925f41669657..3c2a532b5d7da1dd5b790df1cefd24dfd37bb103 100644 (file)
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -526,7 +526,7 @@ function formatAttachments($message, $exclude_id, $mailbox, $id) {
                         '<A HREF="'.$defaultlink.'">'.decodeHeader($display_filename).'</A>&nbsp;</TD>' .
                         '<TD><SMALL><b>' . show_readable_size($header->size) .
                         '</b>&nbsp;&nbsp;</small></TD>' .
                         '<A HREF="'.$defaultlink.'">'.decodeHeader($display_filename).'</A>&nbsp;</TD>' .
                         '<TD><SMALL><b>' . show_readable_size($header->size) .
                         '</b>&nbsp;&nbsp;</small></TD>' .
-                        "<TD><SMALL>[ $type0/$type1 ]&nbsp;</SMALL></TD>" .
+                        '<TD><SMALL>[ '.htmlspecialchars($type0).'/'.htmlspecialchars($type1).' ]&nbsp;</SMALL></TD>' .
                         '<TD><SMALL>';
         $attachments .= '<b>' . $description . '</b>';
         $attachments .= '</SMALL></TD><TD><SMALL>&nbsp;';
                         '<TD><SMALL>';
         $attachments .= '<b>' . $description . '</b>';
         $attachments .= '</SMALL></TD><TD><SMALL>&nbsp;';
@@ -558,7 +558,7 @@ function sqimap_base64_decode(&$string) {
     // remove the noise in order to check if the 4 bytes pairs are complete
     $string = str_replace(array("\r\n","\n", "\r", " "),array('','','',''),$string);
 
     // remove the noise in order to check if the 4 bytes pairs are complete
     $string = str_replace(array("\r\n","\n", "\r", " "),array('','','',''),$string);
 
-    $sStringRem = '';    
+    $sStringRem = '';
     $iMod = strlen($string) % 4;
     if ($iMod) {
         $sStringRem = substr($string,-$iMod);
     $iMod = strlen($string) % 4;
     if ($iMod) {
         $sStringRem = substr($string,-$iMod);
Unnamed repository; edit this file 'description' to name the repository.