diff options
author | alecpl <alec@alec.pl> | 2011-11-24 07:34:32 +0000 |
---|---|---|
committer | alecpl <alec@alec.pl> | 2011-11-24 07:34:32 +0000 |
commit | 5510a5278b0001b79501ecce82a87ba9797d86e1 (patch) | |
tree | 7b214a7232e6576ff216cc5a98564f5476df4349 | |
parent | f78b944779d01953f7ee4b522e208a5bc4b30af8 (diff) |
- Fix possible infinite redirect on attachment preview (#1488199)
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | program/steps/mail/get.inc | 2 |
2 files changed, 2 insertions, 1 deletions
@@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Fix possible infinite redirect on attachment preview (#1488199) - Improved clickjacking protection for browsers which don't support X-Frame-Options headers - Fixed bug where similiar folder names were highlighted wrong (#1487860) - Fixed bug in handling link with '!' character in it (#1488195) diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc index d4dcd0a84..828f8debc 100644 --- a/program/steps/mail/get.inc +++ b/program/steps/mail/get.inc @@ -22,7 +22,7 @@ // show loading page if (!empty($_GET['_preload'])) { - $url = str_replace('&_preload=1', '', $_SERVER['REQUEST_URI']); + $url = preg_replace('/[&?]+_preload=1/', '', $_SERVER['REQUEST_URI']); $message = rcube_label('loadingdata'); header('Content-Type: text/html; charset=' . RCMAIL_CHARSET); |