From 358f007e212ad7428914c505f44f9ac192465224 Mon Sep 17 00:00:00 2001
From: phutnick <phutnick@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Tue, 4 Sep 2001 18:46:51 +0000
Subject: [PATCH] Added a conversion from < to &lt; when viewing "non-HTML"
 email for security reasons.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@1486 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 functions/mime.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/functions/mime.php b/functions/mime.php
index a347425b..278c0d95 100644
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -679,6 +679,8 @@
       $body = str_replace("\r\n", "\n", $body);
       $encoding = strtolower($encoding);
 
+      global $show_html_default;
+
       if ($encoding == "quoted-printable") {
          $body = quoted_printable_decode($body);
 
@@ -688,6 +690,13 @@
          $body = base64_decode($body);
       }
 
+      if (!$show_html_default) {
+         $body = str_replace('<', '&lt;', $body);
+//         $body = str_replace('>', '&gt;', $body);
+// Both this and $body = htmlspecialchars($body); mess up inline
+//  quoting :-(  Anyway, just replacing < gets the job done.
+      }
+
       // All other encodings are returned raw.
       return $body;
    }
-- 
2.25.1