githubFork/roundcubemail.git

Roundcubemail devel

parent: 8c188058 | patch | commit | ignore whitespace

Fix XSS vulnerability in message subject handling using Larry skin (#1488519)

Aleksander Machniak

2012-06-08 54be5ccb50be664ca4cc30fab6fb84e7be8e223e

Fix XSS vulnerability in message subject handling using Larry skin (#1488519)

2 files modified

	CHANGELOG	1 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/mail/func.inc	2 ●●●●● patch \| view \| raw \| blame \| history

 CHANGELOG

@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================

- Fix XSS vulnerability in message subject handling using Larry skin (#1488519)
- Fix handling of links with various URI schemes e.g. "skype:" (#1488106)
- Fix handling of links inside PRE elements on html to text conversion
- Fix indexing of links on html to text conversion

 program/steps/mail/func.inc

@@ -947,7 +947,7 @@

  // single header value is requested
  if (!empty($attrib['valueof']))
    return Q($plugin['output'][$attrib['valueof']]['value'], ($hkey == 'subject' ? 'strict' : 'show'));
    return Q($plugin['output'][$attrib['valueof']]['value'], ($attrib['valueof'] == 'subject' ? 'strict' : 'show'));

  // compose html table
  $table = new html_table(array('cols' => 2));

			@@ -1,6 +1,7 @@
			CHANGELOG Roundcube Webmail
			===========================

			- Fix XSS vulnerability in message subject handling using Larry skin (#1488519)
			- Fix handling of links with various URI schemes e.g. "skype:" (#1488106)
			- Fix handling of links inside PRE elements on html to text conversion
			- Fix indexing of links on html to text conversion

			@@ -947,7 +947,7 @@

			// single header value is requested
			if (!empty($attrib['valueof']))
			return Q($plugin['output'][$attrib['valueof']]['value'], ($hkey == 'subject' ? 'strict' : 'show'));
			return Q($plugin['output'][$attrib['valueof']]['value'], ($attrib['valueof'] == 'subject' ? 'strict' : 'show'));

			// compose html table
			$table = new html_table(array('cols' => 2));