From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 program/steps/utils/text2html.inc |    7 ++++++-
 1 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/program/steps/utils/text2html.inc b/program/steps/utils/text2html.inc
index 1672436..fdfb696 100644
--- a/program/steps/utils/text2html.inc
+++ b/program/steps/utils/text2html.inc
@@ -1,6 +1,6 @@
 <?php
 
-/*
+/**
  +-----------------------------------------------------------------------+
  | program/steps/utils/text2html.inc                                     |
  |                                                                       |
@@ -21,6 +21,11 @@
 
 $text = stream_get_contents(fopen('php://input', 'r'));
 
+// strip slashes if magic_quotes enabled
+if (get_magic_quotes_gpc() || get_magic_quotes_runtime()) {
+    $html = stripslashes($html);
+}
+
 $converter = new rcube_text2html($text, false, array('wrap' => true));
 
 header('Content-Type: text/html; charset=' . RCUBE_CHARSET);

--
Gitblit v1.9.1