We use cookies to ensure you get the best experience on our website
Accueil Explorer Aide
S'inscrire Connexion
0ct0pu5
/
squirrelmail
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

Fixes XSS bug in mailbox_display with malicious From: headers.
Thanks to sailfrog for finding this one!

tassium il y a 22 ans
Parent
68df2a38fd
commit
5e5cc2c2bc
1 fichiers modifiés avec 1 ajouts et 1 suppressions
Vue séparée Afficher les stats Diff
  1. 1 1
      functions/mailbox_display.php

+ 1 - 1
functions/mailbox_display.php
Voir le fichier 

@@ -155,7 +155,7 @@ function printMessageInfo($imapConnection, $t, $not_last=true, $key, $mailbox,
 
                 break;
 
             case 2: /* from */
 
                 echo html_tag( 'td',
 
-                               $italic . $bold . $flag . $fontstr . $senderName .
 
+                               $italic . $bold . $flag . $fontstr . htmlentities($senderName) .
 
                                $fontstr_end . $flag_end . $bold_end . $italic_end,
 
                                'left',
 
                                $hlt_color );

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5