From acf633c73bc8df9a5036bc52d7568f4213ab73c7 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 06 May 2016 02:32:01 -0400
Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241)

---
 bin/decrypt.sh |   16 ++++++++--------
 1 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/bin/decrypt.sh b/bin/decrypt.sh
index c1ddd1c..ff7c430 100755
--- a/bin/decrypt.sh
+++ b/bin/decrypt.sh
@@ -1,13 +1,15 @@
 #!/usr/bin/env php
 <?php
 /*
-
  +-----------------------------------------------------------------------+
  | bin/decrypt.sh                                                        |
  |                                                                       |
  | This file is part of the Roundcube Webmail client                     |
  | Copyright (C) 2005-2009, The Roundcube Dev Team                       |
- | Licensed under the GNU GPL                                            |
+ |                                                                       |
+ | Licensed under the GNU General Public License version 3 or            |
+ | any later version with exceptions for skins & plugins.                |
+ | See the README file for a full license statement.                     |
  |                                                                       |
  | PURPOSE:                                                              |
  |   Decrypt the encrypted parts of the HTTP Received: headers           |
@@ -15,11 +17,9 @@
  +-----------------------------------------------------------------------+
  | Author: Tomas Tevesz <ice@extreme.hu>                                 |
  +-----------------------------------------------------------------------+
-
- $Id$
 */
 
-/*-
+/**
  * If http_received_header_encrypt is configured, the IP address and the
  * host name of the added Received: header is encrypted with 3DES, to
  * protect information that some could consider sensitve, yet their
@@ -28,8 +28,8 @@
  * Such an encrypted Received: header might look like:
  *
  * Received: from DzgkvJBO5+bw+oje5JACeNIa/uSI4mRw2cy5YoPBba73eyBmjtyHnQ==
- * 	[my0nUbjZXKtl7KVBZcsvWOxxtyVFxza4]
- *	with HTTP/1.1 (POST); Thu, 14 May 2009 19:17:28 +0200
+ *  [my0nUbjZXKtl7KVBZcsvWOxxtyVFxza4]
+ *  with HTTP/1.1 (POST); Thu, 14 May 2009 19:17:28 +0200
  *
  * In this example, the two encrypted components are the sender host name
  * (DzgkvJBO5+bw+oje5JACeNIa/uSI4mRw2cy5YoPBba73eyBmjtyHnQ==) and the IP
@@ -48,7 +48,7 @@
  *
  * If (most likely binary) junk is shown, then
  *  - either the encryption password has, between the time the mail was sent
- *    and `now', changed, or
+ *    and 'now', changed, or
  *  - you are dealing with counterfeit header data.
  */
 

--
Gitblit v1.9.1