githubFork/roundcubemail.git

Roundcubemail devel

parent: a5c8786a | patch | commit | ignore whitespace

Fix XSS vulnerability in handling of text/enriched messages (#1488806)

Aleksander Machniak

2012-11-14 377793d67c6b19327212bf2ac5647a4f01a48a48

Fix XSS vulnerability in handling of text/enriched messages (#1488806)

Conflicts:

	CHANGELOG

2 files modified

	CHANGELOG	1 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/mail/func.inc	4 ●●●●● patch \| view \| raw \| blame \| history

 CHANGELOG

@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================

- Fix XSS vulnerability in handling of text/enriched messages (#1488806)
- Fix compatybility with MDB2 2.5.0b4 (#1488779)
- Fix lower-casing email address on replies (#1488598)
- Fix so subscribed non-existing/non-accessible shared folder can be unsubscribed

 program/steps/mail/func.inc

@@ -743,7 +743,9 @@
  else if ($data['type'] == 'enriched') {
    $part->ctype_secondary = 'html';
    require_once(INSTALL_PATH . 'program/lib/enriched.inc');
    $body = Q(enriched_to_html($data['body']), 'show');
    $body = enriched_to_html($data['body']);
    $body = rcmail_wash_html($body, $data, $part->replaces);
    $part->ctype_secondary = 'html';
  }
  else {
    // assert plaintext

			@@ -1,6 +1,7 @@
			CHANGELOG Roundcube Webmail
			===========================

			- Fix XSS vulnerability in handling of text/enriched messages (#1488806)
			- Fix compatybility with MDB2 2.5.0b4 (#1488779)
			- Fix lower-casing email address on replies (#1488598)
			- Fix so subscribed non-existing/non-accessible shared folder can be unsubscribed

			@@ -743,7 +743,9 @@
			else if ($data['type'] == 'enriched') {
			$part->ctype_secondary = 'html';
			require_once(INSTALL_PATH . 'program/lib/enriched.inc');
			$body = Q(enriched_to_html($data['body']), 'show');
			$body = enriched_to_html($data['body']);
			$body = rcmail_wash_html($body, $data, $part->replaces);
			$part->ctype_secondary = 'html';
			}
			else {
			// assert plaintext