From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 plugins/vcard_attachments/vcardattach.js |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/vcard_attachments/vcardattach.js b/plugins/vcard_attachments/vcardattach.js
index 31df246..29bc1a6 100644
--- a/plugins/vcard_attachments/vcardattach.js
+++ b/plugins/vcard_attachments/vcardattach.js
@@ -5,8 +5,8 @@
 function plugin_vcard_save_contact(mime_id)
 {
   var lock = rcmail.set_busy(true, 'loading');
-  rcmail.http_post('plugin.savevcard', { _uid: rcmail.env.uid, _mbox: urlencode(rcmail.env.mailbox), _part: urlencode(mime_id) }, lock);
-  
+  rcmail.http_post('plugin.savevcard', { _uid: rcmail.env.uid, _mbox: rcmail.env.mailbox, _part: mime_id }, lock);
+
   return false;
 }
 

--
Gitblit v1.9.1