XSS vulnerabilities. Thanks to Masato Higashiyama for spotting this.
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4500
7612ce4b-ef26-0410-bec9-
ea0150e637f0
- Fix prefs caching not working correctly in PHP 4.3 caused by a stupid
version checking mechanism.
- Fix XXS hole that allowed JavaScript execution by sending someone
- an email with specially crafted headers. Thanks Jason Munro.
+ an email with specially crafted headers. Thanks Jason Munro, and
+ Masato Higashiyama.
+
Version 1.4.0 RC 1
------------------
$env[_("Priority")] = getPriorityStr($header->priority);
}
if ($show_xmailer_default) {
- $env[_("Mailer")] = decodeHeader($header->xmailer);
+ $env[_("Mailer")] = htmlentities(decodeHeader($header->xmailer));
}
if ($default_use_mdn) {
if ($mdn_user_support) {