From 2af37485965d0fd0a121a0f23f821138ad1a5529 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Thu, 14 Nov 2013 13:20:36 -0500
Subject: [PATCH] Clean HTML message body from URL parameters after enabling HTML mode in commit e957bfec

---
 program/steps/mail/compose.inc |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index 987cdb9..f75b219 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -446,6 +446,11 @@
     }
   }
 
+  // clean HTML message body which can be submitted by URL
+  if ($COMPOSE['param']['body']) {
+    $COMPOSE['param']['body'] = rcmail_wash_html($COMPOSE['param']['body'], array('safe' => false, 'inline_html' => true), array());
+  }
+
   $RCMAIL = rcmail::get_instance();
 
   // select folder where to save the sent message

--
Gitblit v1.9.1