Fix some interesting behavior when adding a signature to a message that

included personal names with quotes in them. I stumbled on to this,
and Jon pointed out it was actually an XSS bug. Whee. ;)

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4628 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/src/compose.php b/src/compose.php
index c594a6791c76a00ab46fa1ff0682678144c4ffec..22a7027806cd8f9bacb041bef56bfd8fe42a77dc 100644 (file)
--- a/src/compose.php
+++ b/src/compose.php
@@ -853,6 +853,10 @@ function showInputForm ($session, $values=false) {
        $mailprio = $values['mailprio'];
        $body = $values['body'];
        $identity = (int) $values['identity'];
+    } else {
+       $send_to = decodeHeader($send_to);
+       $send_to_cc = decodeHeader($send_to_cc);
+       $send_to_bcc = decodeHeader($send_to_bcc);
     }
     
     if ($use_javascript_addr_book) {