summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2012-11-14 13:29:58 +0100
committerAleksander Machniak <alec@alec.pl>2012-11-14 13:29:58 +0100
commitd15163ab6ecabde9d12e8674bee37cbe562bd850 (patch)
tree0e106b5c1bb7e447e5490f9b1313bd4a6263d17b
parentd9698de979f6d30b5126472edd4af60c43aba870 (diff)
Fix XSS vulnerability in handling of text/enriched messages (#1488806)
-rw-r--r--CHANGELOG1
-rw-r--r--program/steps/mail/func.inc4
2 files changed, 4 insertions, 1 deletions
diff --git a/CHANGELOG b/CHANGELOG
index dc2d182cf..6ce469cd5 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
+- Fix XSS vulnerability in handling of text/enriched messages (#1488806)
- Fix handling of 'media' attribute on linked css (#1488789)
- Fix excessive LFs at the end of composed message with top_posting=true (#1488797)
- Option to display attached images as thumbnails below message body
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 5e24a4311..3668cd7b2 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -753,7 +753,9 @@ function rcmail_print_body($part, $p = array())
else if ($data['type'] == 'enriched') {
$part->ctype_secondary = 'html';
require_once(INSTALL_PATH . 'program/lib/enriched.inc');
- $body = Q(enriched_to_html($data['body']), 'show');
+ $body = enriched_to_html($data['body']);
+ $body = rcmail_wash_html($body, $data, $part->replaces);
+ $part->ctype_secondary = 'html';
}
else {
// assert plaintext