I applied the patch proposed in (patch #516542)

https://sourceforge.net/tracker/index.php?func=detail&aid=516542&group_id=311&atid=300311

please all: be alert whether as to stripping dangerous html is still fully functional

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@2513 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/ChangeLog b/ChangeLog
index a6c0e5d629472146d6539d234b859edd1185e5ab..5eaa2473337296126bd46ac3722a754f1515e54e 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,7 @@ Version 1.2.6 -- CVS
 --------------------
   - Fixed resume draft bug #513521, #514639
   - Newmail plugin: admin can disablethe use of audio (patch #517698)
+  - Fixed quoting problem in safe html (patch #516542)
        
 Version 1.2.5 -- 22 February 2002
 ---------------------------------

diff --git a/functions/mime.php b/functions/mime.php
index 6973c86ef048020c9e87411930d4500aefb14d5f..92927d68f7a89cc5fa3f0a795397c9127694b5d2 100644 (file)
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -1168,10 +1168,12 @@ function stripEvent( &$i, $j, &$body, $id, $base ) {
                     $src .= $body{$k};
                     $k++;
                 }
+                $k++;
                 while( !isNoSep( $body{$k} ) &&
                        $k < $j ) {
                     $k++;
                 }
+                $k++;
                 if ( strtolower( substr( $src, 0, 4 ) ) == 'cid:' ) {
                     $src = substr( $src, 4 );
                     $src = "../src/download.php?absolute_dl=true&amp;passed_id=$id&amp;mailbox=" .