banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix XSS vulnerability in message subject handling using Larry skin (#1488519)

Browse Source
pull/17/head
Aleksander Machniak 12 years ago
parent 51809bd66c
commit a7d5e3e858
2 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File

1
CHANGELOG
Unescape Escape View File

@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
- Fix XSS vulnerability in message subject handling using Larry skin (#1488519)
- Fix handling of links with various URI schemes e.g. "skype:" (#1488106)
- Fix handling of links inside PRE elements on html to text conversion
- Fix indexing of links on html to text conversion

2
program/steps/mail/func.inc
Unescape Escape View File

@ -947,7 +947,7 @@ function rcmail_message_headers($attrib, $headers=NULL)
// single header value is requested
if (!empty($attrib['valueof']))
return Q($plugin['output'][$attrib['valueof']]['value'], ($hkey == 'subject' ? 'strict' : 'show'));
return Q($plugin['output'][$attrib['valueof']]['value'], ($attrib['valueof'] == 'subject' ? 'strict' : 'show'));
// compose html table
$table = new html_table(array('cols' => 2));

Write Preview
Loading…
Cancel
Save