Using QUERY_STRING without sanitizing it is BAD... Encoding it for URL use

should get rid of XSS issue.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@7164 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/src/read_body.php b/src/read_body.php
index 0d740c7d2e58fe9a9c8d4adf9b86b68240e98ec9..60aad1a41af45328a89fae9525eb9dcf7a24ce93 100644 (file)
--- a/src/read_body.php
+++ b/src/read_body.php
@@ -735,7 +735,11 @@ function formatToolbar($mailbox, $passed_id, $passed_ent_id, $message, $color) {
     global $base_uri;
 
     $urlMailbox = urlencode($mailbox);
-    sqgetGlobalVar('QUERY_STRING', $query_string, SQ_SERVER);
+    if (sqgetGlobalVar('QUERY_STRING', $query_string, SQ_SERVER)) {                                                                 
+        $query_string = urlencode($query_string);                                                                                   
+    } else {                                                                                                                        
+        $query_string = '';                                                                                                         
+    } 
     $url = $base_uri.'src/view_header.php?'.$query_string;
 
     $s  = "<TR>\n" .