From 334475a50bcc97a8c326aadff0dcbb61fad40a4f Mon Sep 17 00:00:00 2001
From: Till Krüss <me@tillkruess.com>
Date: Mon, 10 Feb 2014 11:02:06 -0500
Subject: [PATCH] prevent unwanted code execution via CURLOPT_POSTFIELDS

---
 program/steps/mail/viewsource.inc |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/program/steps/mail/viewsource.inc b/program/steps/mail/viewsource.inc
index 59ccb38..c560d7d 100644
--- a/program/steps/mail/viewsource.inc
+++ b/program/steps/mail/viewsource.inc
@@ -44,7 +44,7 @@
     header("Content-Disposition: attachment; filename=\"$filename\"");
   }
 
-  $RCMAIL->storage->print_raw_body($uid);
+  $RCMAIL->storage->print_raw_body($uid, empty($_GET['_save']));
 }
 else
 {

--
Gitblit v1.9.1