Fix HTTP User-Agent XSS vulnerability (#1488737)

pull/37/head
Thomas Bruederli 12 years ago
parent 0c1005da3f
commit 95d2892686

@ -5,7 +5,7 @@
| program/steps/utils/error.inc |
| |
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2005-2011, The Roundcube Dev Team |
| Copyright (C) 2005-2012, The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
@ -23,11 +23,11 @@ $rcmail = rcmail::get_instance();
// browser is not compatible with this application
if ($ERROR_CODE==409) {
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$user_agent = htmlentities($_SERVER['HTTP_USER_AGENT']);
$__error_title = 'Your browser does not suit the requirements for this application';
$__error_text = <<<EOF
<i>Supported browsers:</i><br />
&raquo; &nbsp;Microsoft Internet Explorer 6+<br />
&raquo; &nbsp;Microsoft Internet Explorer 7+<br />
&raquo; &nbsp;Mozilla Firefox 3+<br />
&raquo; &nbsp;Chrome 10+<br />
&raquo; &nbsp;Safari 4+<br />

Loading…
Cancel
Save