From bf0452585baf0f8a1d72095095bc06b132217dbb Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Sun, 03 Sep 2006 08:17:35 -0400
Subject: [PATCH] Fixed another XSS issue: #1483830

---
 program/steps/mail/get.inc |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc
index 083de86..e1ae281 100644
--- a/program/steps/mail/get.inc
+++ b/program/steps/mail/get.inc
@@ -29,7 +29,7 @@
   $message = rcube_label('loadingdata');
 
   print "<html>\n<head>\n" .
-        '<meta http-equiv="refresh" content="0; url='.$url.'">' .
+        '<meta http-equiv="refresh" content="0; url='.htmlspecialchars($url).'">' .
         "\n</head>\n<body>" .
         $message .
         "\n</body>\n</html>";

--
Gitblit v1.9.1