Fix some interesting behavior when adding a signature to a message that
authorebullient <ebullient@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Mon, 10 Mar 2003 07:08:15 +0000 (07:08 +0000)
committerebullient <ebullient@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Mon, 10 Mar 2003 07:08:15 +0000 (07:08 +0000)
included personal names with quotes in them. I stumbled on to this,
and Jon pointed out it was actually an XSS bug. Whee. ;)

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4628 7612ce4b-ef26-0410-bec9-ea0150e637f0

src/compose.php

index c594a67..22a7027 100644 (file)
@@ -853,6 +853,10 @@ function showInputForm ($session, $values=false) {
        $mailprio = $values['mailprio'];
        $body = $values['body'];
        $identity = (int) $values['identity'];
+    } else {
+       $send_to = decodeHeader($send_to);
+       $send_to_cc = decodeHeader($send_to_cc);
+       $send_to_bcc = decodeHeader($send_to_bcc);
     }
     
     if ($use_javascript_addr_book) {