We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
squirrelmail
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fixed XSS vulnarability spotted by "Roman Medina" after a very thorough
research of the SquirrelMail source. I was impressed.

stekkel 21 years ago
parent
e3c519e440
commit
ed5d1bb09f
1 changed files with 2 additions and 2 deletions
Split View Show Diff Stats
  1. 2 2
      functions/mime.php

+ 2 - 2
functions/mime.php
View File 

@@ -526,7 +526,7 @@ function formatAttachments($message, $exclude_id, $mailbox, $id) {
 
                         '<A HREF="'.$defaultlink.'">'.decodeHeader($display_filename).'</A>&nbsp;</TD>' .
 
                         '<TD><SMALL><b>' . show_readable_size($header->size) .
 
                         '</b>&nbsp;&nbsp;</small></TD>' .
 
-                        "<TD><SMALL>[ $type0/$type1 ]&nbsp;</SMALL></TD>" .
 
+                        '<TD><SMALL>[ '.htmlspecialchars($type0).'/'.htmlspecialchars($type1).' ]&nbsp;</SMALL></TD>' .
 
                         '<TD><SMALL>';
 
         $attachments .= '<b>' . $description . '</b>';
 
         $attachments .= '</SMALL></TD><TD><SMALL>&nbsp;';
 
@@ -558,7 +558,7 @@ function sqimap_base64_decode(&$string) {
 
     // remove the noise in order to check if the 4 bytes pairs are complete
 
     $string = str_replace(array("\r\n","\n", "\r", " "),array('','','',''),$string);
 
 
-    $sStringRem = '';    
+    $sStringRem = '';
 
     $iMod = strlen($string) % 4;
 
     if ($iMod) {
 
         $sStringRem = substr($string,-$iMod);

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5