summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorthomascube <thomas@roundcube.net>2006-09-03 12:17:35 +0000
committerthomascube <thomas@roundcube.net>2006-09-03 12:17:35 +0000
commitbf0452585baf0f8a1d72095095bc06b132217dbb (patch)
treedfb5494bcc676bcf90e58ee4df46cb6f120f2a38
parentfda695f29732f5e5bcaa55e7e7abd090d2359927 (diff)
Fixed another XSS issue: #1483830
-rw-r--r--program/steps/mail/get.inc2
1 files changed, 1 insertions, 1 deletions
diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc
index 083de8664..e1ae281e4 100644
--- a/program/steps/mail/get.inc
+++ b/program/steps/mail/get.inc
@@ -29,7 +29,7 @@ if ($_GET['_preload'])
$message = rcube_label('loadingdata');
print "<html>\n<head>\n" .
- '<meta http-equiv="refresh" content="0; url='.$url.'">' .
+ '<meta http-equiv="refresh" content="0; url='.htmlspecialchars($url).'">' .
"\n</head>\n<body>" .
$message .
"\n</body>\n</html>";