From 078adf9da77f7ca6a3c02f9ef71be687aedb8856 Mon Sep 17 00:00:00 2001 From: thomascube <thomas@roundcube.net> Date: Wed, 19 Jul 2006 15:36:35 -0400 Subject: [PATCH] Improved usability (Ticket #1483807) and HTML validity; applied patch #1328032; fixed bug #1443200 --- program/steps/mail/show.inc | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/program/steps/mail/show.inc b/program/steps/mail/show.inc index 27fc44b..26a3d33 100644 --- a/program/steps/mail/show.inc +++ b/program/steps/mail/show.inc @@ -109,8 +109,8 @@ $attach_prop['filename'], show_bytes($attach_prop['size'])); else - $out .= sprintf('<li><a href="%s&_part=%s" onclick="return %s.command(\'load-attachment\',{part:\'%s\', mimetype:\'%s\'},this)">%s</a></li>'."\n", - $GET_URL, + $out .= sprintf('<li><a href="%s&_part=%s" onclick="return %s.command(\'load-attachment\',{part:\'%s\', mimetype:\'%s\'},this)">%s</a></li>'."\n", + htmlentities($GET_URL), $attach_prop['part_id'], $JS_OBJECT_NAME, $attach_prop['part_id'], -- Gitblit v1.9.1