Another XSS problem, carefully constructed X-Mailer header would result in
authorjangliss <jangliss@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Thu, 6 Feb 2003 04:56:10 +0000 (04:56 +0000)
committerjangliss <jangliss@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Thu, 6 Feb 2003 04:56:10 +0000 (04:56 +0000)
XSS vulnerabilities.  Thanks to Masato Higashiyama for spotting this.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4500 7612ce4b-ef26-0410-bec9-ea0150e637f0

ChangeLog
src/read_body.php

index 9bbc7e3..0a41316 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -36,7 +36,9 @@ Version 1.4.0 RC 2a
   - Fix prefs caching not working correctly in PHP 4.3 caused by a stupid
     version checking mechanism.
   - Fix XXS hole that allowed JavaScript execution by sending someone
-    an email with specially crafted headers. Thanks Jason Munro.
+    an email with specially crafted headers. Thanks Jason Munro, and
+    Masato Higashiyama.
+
 
 Version 1.4.0 RC 1
 ------------------
index 873a359..7eb1956 100644 (file)
@@ -417,7 +417,7 @@ function formatEnvheader($mailbox, $passed_id, $passed_ent_id, $message,
         $env[_("Priority")] = getPriorityStr($header->priority);
     }
     if ($show_xmailer_default) {
-        $env[_("Mailer")] = decodeHeader($header->xmailer);
+        $env[_("Mailer")] = htmlentities(decodeHeader($header->xmailer));
     }
     if ($default_use_mdn) {
         if ($mdn_user_support) {