Another XSS problem, carefully constructed X-Mailer header would result in

XSS vulnerabilities.  Thanks to Masato Higashiyama for spotting this.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4500 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/ChangeLog b/ChangeLog
index 9bbc7e34e3f8542db92732a1ebaab245ccb83851..0a41316d964ef123239e3ccb9736cfba60e49fb8 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -36,7 +36,9 @@ Version 1.4.0 RC 2a
   - Fix prefs caching not working correctly in PHP 4.3 caused by a stupid
     version checking mechanism.
   - Fix XXS hole that allowed JavaScript execution by sending someone
-    an email with specially crafted headers. Thanks Jason Munro.
+    an email with specially crafted headers. Thanks Jason Munro, and
+    Masato Higashiyama.
+
 
 Version 1.4.0 RC 1
 ------------------

diff --git a/src/read_body.php b/src/read_body.php
index 873a35984caa7d3f5dc80137be6981c82c4007e3..7eb195682cfa67618bedd2608213ffb207bc10c7 100644 (file)
--- a/src/read_body.php
+++ b/src/read_body.php
@@ -417,7 +417,7 @@ function formatEnvheader($mailbox, $passed_id, $passed_ent_id, $message,
         $env[_("Priority")] = getPriorityStr($header->priority);
     }
     if ($show_xmailer_default) {
-        $env[_("Mailer")] = decodeHeader($header->xmailer);
+        $env[_("Mailer")] = htmlentities(decodeHeader($header->xmailer));
     }
     if ($default_use_mdn) {
         if ($mdn_user_support) {