summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2013-08-01 14:49:55 +0200
committerAleksander Machniak <alec@alec.pl>2013-08-01 14:49:55 +0200
commit93b0a30c1c8aa29d862b587b31e52bcc344b8d16 (patch)
tree0eae27915d0c4054aaf80e59a26f9eccf16ae678
parent9f324e3a1bf3ddac141015746bd015df7e0ee853 (diff)
Fix XSS vulnerability when editing a message "as new" or draft (#1489251) - added HTML content "washing"
-rw-r--r--CHANGELOG1
-rw-r--r--program/steps/mail/compose.inc10
2 files changed, 8 insertions, 3 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 64ccc77c8..1ee745d40 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
+- Fix XSS vulnerability when editing a message "as new" or draft (#1489251)
- Fix downloading binary files with (wrong) text/* content-type (#1489267)
- Fix rewrite rule in .htaccess (#1489240)
- Fix detecting Turkish language in ISO-8859-9 encoding (#1489252)
diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index 2330bc040..590d9c27f 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -1000,10 +1000,14 @@ function rcmail_create_draft_body($body, $bodyIsHtml)
&& count($MESSAGE->mime_parts) > 0)
{
$cid_map = rcmail_write_compose_attachments($MESSAGE, $bodyIsHtml);
+ }
+
+ // clean up html tags - XSS prevention (#1489251)
+ $body = rcmail_wash_html($body, array('safe' => 1), $cid_map);
- // replace cid with href in inline images links
- if ($cid_map)
- $body = str_replace(array_keys($cid_map), array_values($cid_map), $body);
+ // replace cid with href in inline images links
+ if ($cid_map) {
+ $body = str_replace(array_keys($cid_map), array_values($cid_map), $body);
}
return $body;