diff options
author | Aleksander Machniak <alec@alec.pl> | 2012-11-14 13:29:58 +0100 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2012-11-14 13:29:58 +0100 |
commit | d15163ab6ecabde9d12e8674bee37cbe562bd850 (patch) | |
tree | 0e106b5c1bb7e447e5490f9b1313bd4a6263d17b | |
parent | d9698de979f6d30b5126472edd4af60c43aba870 (diff) |
Fix XSS vulnerability in handling of text/enriched messages (#1488806)
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | program/steps/mail/func.inc | 4 |
2 files changed, 4 insertions, 1 deletions
@@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Fix XSS vulnerability in handling of text/enriched messages (#1488806) - Fix handling of 'media' attribute on linked css (#1488789) - Fix excessive LFs at the end of composed message with top_posting=true (#1488797) - Option to display attached images as thumbnails below message body diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 5e24a4311..3668cd7b2 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -753,7 +753,9 @@ function rcmail_print_body($part, $p = array()) else if ($data['type'] == 'enriched') { $part->ctype_secondary = 'html'; require_once(INSTALL_PATH . 'program/lib/enriched.inc'); - $body = Q(enriched_to_html($data['body']), 'show'); + $body = enriched_to_html($data['body']); + $body = rcmail_wash_html($body, $data, $part->replaces); + $part->ctype_secondary = 'html'; } else { // assert plaintext |