Backport XSS vulnerability fix to 0.5 branch
| | |
| | | CHANGELOG Roundcube Webmail |
| | | =========================== |
| | | |
| | | - Fix XSS vulnerability in UI messages (#1488030) |
| | | - Fix identities "reply-to" and "bcc" fields have a bogus value when left empty (#1487943) |
| | | - Fix issue which cases IMAP disconnection when encrypt() method was used (#1487900) |
| | | - Fix some CSS issues in Settings for Internet Explorer |
| | |
| | | public function show_message($message, $type='notice', $vars=null, $override=true) |
| | | { |
| | | if ($override || !$this->message) { |
| | | if (rcube_label_exists($message)) { |
| | | if (!empty($vars)) |
| | | $vars = array_map('Q', $vars); |
| | | $msgtext = rcube_label(array('name' => $message, 'vars' => $vars)); |
| | | } |
| | | else |
| | | $msgtext = $message; |
| | | |
| | | $this->message = $message; |
| | | $this->command( |
| | | 'display_message', |
| | | rcube_label(array('name' => $message, 'vars' => $vars)), |
| | | $type |
| | | ); |
| | | $this->command('display_message', $msgtext, $type, $timeout * 1000); |
| | | } |
| | | } |
| | | |
| | |
| | | public function show_message($message, $type='notice', $vars=null, $override=true) |
| | | { |
| | | if ($override || !$this->message) { |
| | | if (rcube_label_exists($message)) { |
| | | if (!empty($vars)) |
| | | $vars = array_map('Q', $vars); |
| | | $msgtext = rcube_label(array('name' => $message, 'vars' => $vars)); |
| | | } |
| | | else |
| | | $msgtext = $message; |
| | | |
| | | $this->message = $message; |
| | | $this->command( |
| | | 'display_message', |
| | | rcube_label(array('name' => $message, 'vars' => $vars)), |
| | | $type); |
| | | $this->command('display_message', $msgtext, $type, $timeout * 1000); |
| | | } |
| | | } |
| | | |