From: stekkel Date: Mon, 24 Feb 2003 18:51:33 +0000 (+0000) Subject: fixed problems with subjects with html special chars in it. X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=commitdiff_plain;h=0e8006dcfdd5b8964977d27bd96d154434cd2fe9 fixed problems with subjects with html special chars in it. Fix for possible xss holes git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4542 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- diff --git a/src/read_body.php b/src/read_body.php index 7eb19568..f1662978 100644 --- a/src/read_body.php +++ b/src/read_body.php @@ -368,7 +368,7 @@ function formatRecipientString($recipients, $item ) { $cnt = count($recipients); foreach($recipients as $r) { - $add = htmlspecialchars($r->getAddress()); + $add = htmlspecialchars(decodeHeader($r->getAddress())); if ($string) { $string .= '
' . $add; } else { @@ -396,11 +396,7 @@ function formatEnvheader($mailbox, $passed_id, $passed_ent_id, $message, $header = $message->rfc822_header; $env = array(); - if ($squirrelmail_language == 'ja_JP') { - $env[_("Subject")] = htmlspecialchars(decodeHeader($header->subject)); - } else { - $env[_("Subject")] = decodeHeader(htmlspecialchars($header->subject)); - } + $env[_("Subject")] = htmlspecialchars(decodeHeader($header->subject)); $from_name = $header->getAddr_s('from'); if (!$from_name) { $from_name = $header->getAddr_s('sender'); @@ -414,10 +410,10 @@ function formatEnvheader($mailbox, $passed_id, $passed_ent_id, $message, $env[_("Cc")] = formatRecipientString($header->cc, "cc"); $env[_("Bcc")] = formatRecipientString($header->bcc, "bcc"); if ($default_use_priority) { - $env[_("Priority")] = getPriorityStr($header->priority); + $env[_("Priority")] = htmlspecialchars(getPriorityStr($header->priority)); } if ($show_xmailer_default) { - $env[_("Mailer")] = htmlentities(decodeHeader($header->xmailer)); + $env[_("Mailer")] = htmlspecialchars(decodeHeader($header->xmailer)); } if ($default_use_mdn) { if ($mdn_user_support) {