banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix XSS vulnerability in _mbox argument handling (#1490417)

Browse Source
pull/280/head
Aleksander Machniak 9 years ago
parent 5529d94ed7
commit 15fd8f9dc7
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File

1
CHANGELOG
Unescape Escape View File

@ -28,6 +28,7 @@ RELEASE 1.1.2
- Fix potential info disclosure issue by protecting directory access (#1490378)
- Fix blank image in html_signature when saving identity changes (#1490412)
- Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402)
- Fix XSS vulnerability in _mbox argument handling (#1490417)
RELEASE 1.1.1
-------------

2
program/include/rcmail.php
Unescape Escape View File

@ -1820,7 +1820,7 @@ class rcmail extends rcube
}
else {
$error = 'servererrormsg';
$args = array('msg' => $err_str);
$args = array('msg' => rcube::Q($err_str));
}
}
else if ($err_code < 0) {

Write Preview
Loading…
Cancel
Save