Fix for [ 544658 ] Cross-site scripting vulnerability.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@2735 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/functions/mime.php b/functions/mime.php
index 6187e6c8fc1dc80e235e0916cc38cbcc0b6ff3f0..4451dbfce8ea27ca42d8cafbb444243ca782a991 100644 (file)
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -1085,12 +1085,16 @@ function MagicHTML( $body, $id ) {
             $pos = $i + 1;
             $tag = '';
             while ($body{$pos} == ' ' || $body{$pos} == "\t" ||
-                   $body{$pos} == "\n" ) {
+                   $body{$pos} == "\n") {
                 $pos ++;
             }
             while (strlen($tag) < 4 && $body{$pos} != ' ' &&
                    $body{$pos} != "\t" && $body{$pos} != "\n" &&
                    $pos < $j ) {
+                if ($body{$pos} == "<"){
+                    $tag = '';
+                    $pos++;
+                }
                 $tag .= $body{$pos};
                 $pos ++;
             }