We use cookies to ensure you get the best experience on our website
Inicio Explorar Axuda
Rexistro Iniciar sesión
0ct0pu5
/
squirrelmail
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Explorar o código

Fixed XSS vulnarability in decodeHeader function spotted by Joost Pol

stekkel %!s(int64=21) %!d(string=hai) anos
pai
65c8ef8037
achega
c903e1f8c6
Modificáronse 1 ficheiros con 5 adicións e 1 borrados
Dividir vista Mostrar estatísticas de Diff
  1. 5 1
      functions/mime.php

+ 5 - 1
functions/mime.php
Ver ficheiro 

@@ -659,7 +659,11 @@ function decodeHeader ($string, $utfencode=true,$htmlsave=true,$decide=false) {
 
             }
 
             $iLastMatch = $i;
 
             $j = $i;
 
-            $ret .= $res[1];
 
+            if ($htmlsave) {
 
+                $ret .= htmlspecialchars($res[1]);
 
+            } else {
 
+                $ret .= $res[1];
 
+            }
 
             $encoding = ucfirst($res[3]);
 
 
             /* decide about valid decoding */

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5