diff options
author | Aleksander Machniak <alec@alec.pl> | 2013-08-01 14:49:55 +0200 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2013-08-01 14:49:55 +0200 |
commit | 93b0a30c1c8aa29d862b587b31e52bcc344b8d16 (patch) | |
tree | 0eae27915d0c4054aaf80e59a26f9eccf16ae678 | |
parent | 9f324e3a1bf3ddac141015746bd015df7e0ee853 (diff) |
Fix XSS vulnerability when editing a message "as new" or draft (#1489251) - added HTML content "washing"
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | program/steps/mail/compose.inc | 10 |
2 files changed, 8 insertions, 3 deletions
@@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Fix XSS vulnerability when editing a message "as new" or draft (#1489251) - Fix downloading binary files with (wrong) text/* content-type (#1489267) - Fix rewrite rule in .htaccess (#1489240) - Fix detecting Turkish language in ISO-8859-9 encoding (#1489252) diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc index 2330bc040..590d9c27f 100644 --- a/program/steps/mail/compose.inc +++ b/program/steps/mail/compose.inc @@ -1000,10 +1000,14 @@ function rcmail_create_draft_body($body, $bodyIsHtml) && count($MESSAGE->mime_parts) > 0) { $cid_map = rcmail_write_compose_attachments($MESSAGE, $bodyIsHtml); + } + + // clean up html tags - XSS prevention (#1489251) + $body = rcmail_wash_html($body, array('safe' => 1), $cid_map); - // replace cid with href in inline images links - if ($cid_map) - $body = str_replace(array_keys($cid_map), array_values($cid_map), $body); + // replace cid with href in inline images links + if ($cid_map) { + $body = str_replace(array_keys($cid_map), array_values($cid_map), $body); } return $body; |