From 078adf9da77f7ca6a3c02f9ef71be687aedb8856 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Wed, 19 Jul 2006 15:36:35 -0400
Subject: [PATCH] Improved usability (Ticket #1483807) and HTML validity; applied patch #1328032; fixed bug #1443200

---
 program/steps/mail/show.inc |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/program/steps/mail/show.inc b/program/steps/mail/show.inc
index 27fc44b..26a3d33 100644
--- a/program/steps/mail/show.inc
+++ b/program/steps/mail/show.inc
@@ -109,8 +109,8 @@
                         $attach_prop['filename'],
                         show_bytes($attach_prop['size']));
       else
-        $out .= sprintf('<li><a href="%s&_part=%s" onclick="return %s.command(\'load-attachment\',{part:\'%s\', mimetype:\'%s\'},this)">%s</a></li>'."\n",
-                        $GET_URL,
+        $out .= sprintf('<li><a href="%s&amp;_part=%s" onclick="return %s.command(\'load-attachment\',{part:\'%s\', mimetype:\'%s\'},this)">%s</a></li>'."\n",
+                        htmlentities($GET_URL),
                         $attach_prop['part_id'],
                         $JS_OBJECT_NAME,
                         $attach_prop['part_id'],

--
Gitblit v1.9.1