We use cookies to ensure you get the best experience on our website
Inicio Explorar Axuda
Rexistro Iniciar sesión
0ct0pu5
/
squirrelmail
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

Fix some interesting behavior when adding a signature to a message that
included personal names with quotes in them. I stumbled on to this,
and Jon pointed out it was actually an XSS bug. Whee. ;)

Erin Schnabel %!s(int64=22) %!d(string=hai) anos
pai
6f762a62a0
achega
4540915508
Modificáronse 1 ficheiros con 4 adicións e 0 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 4 0
      src/compose.php

+ 4 - 0
src/compose.php
Ver ficheiro 

@@ -853,6 +853,10 @@ function showInputForm ($session, $values=false) {
 
        $mailprio = $values['mailprio'];
 
        $body = $values['body'];
 
        $identity = (int) $values['identity'];
 
+    } else {
 
+       $send_to = decodeHeader($send_to);
 
+       $send_to_cc = decodeHeader($send_to_cc);
 
+       $send_to_bcc = decodeHeader($send_to_bcc);
 
     }
 
     
     if ($use_javascript_addr_book) {

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5