banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix XSS vulnerability in handling of text/enriched messages (#1488806)

Browse Source 
Conflicts:

	CHANGELOG
release-0.7
Aleksander Machniak 12 years ago
parent a5c8786a34
commit 377793d67c
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File

1
CHANGELOG
Unescape Escape View File

@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
- Fix XSS vulnerability in handling of text/enriched messages (#1488806)
- Fix compatybility with MDB2 2.5.0b4 (#1488779)
- Fix lower-casing email address on replies (#1488598)
- Fix so subscribed non-existing/non-accessible shared folder can be unsubscribed

4
program/steps/mail/func.inc
Unescape Escape View File

@ -743,7 +743,9 @@ function rcmail_print_body($part, $p = array())
else if ($data['type'] == 'enriched') {
$part->ctype_secondary = 'html';
require_once(INSTALL_PATH . 'program/lib/enriched.inc');
$body = Q(enriched_to_html($data['body']), 'show');
$body = enriched_to_html($data['body']);
$body = rcmail_wash_html($body, $data, $part->replaces);
$part->ctype_secondary = 'html';
}
else {
// assert plaintext

Write Preview
Loading…
Cancel
Save