diff options
author | thomascube <thomas@roundcube.net> | 2011-11-29 10:16:42 +0000 |
---|---|---|
committer | thomascube <thomas@roundcube.net> | 2011-11-29 10:16:42 +0000 |
commit | 57486f6e58d602413b58f780bf3a94ad6d2af8ce (patch) | |
tree | 9f538706c8b5e86cce4f00e9d3b25c343210760c /program/include/rcube_message.php | |
parent | 6bddd9ba44e4dcb69e8d22fcaf21ec017d78e0fc (diff) |
Content filter for embedded attachments to protect from XSS on IE<=8 (#1487895)
Diffstat (limited to 'program/include/rcube_message.php')
-rw-r--r-- | program/include/rcube_message.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/program/include/rcube_message.php b/program/include/rcube_message.php index 0ecd86c4c..633f59be2 100644 --- a/program/include/rcube_message.php +++ b/program/include/rcube_message.php @@ -142,10 +142,10 @@ class rcube_message * @param string $mime_id Part MIME-ID * @return string URL or false if part does not exist */ - public function get_part_url($mime_id) + public function get_part_url($mime_id, $embed = false) { if ($this->mime_parts[$mime_id]) - return $this->opt['get_url'] . '&_part=' . $mime_id; + return $this->opt['get_url'] . '&_part=' . $mime_id . ($embed ? '&_embed=1' : ''); else return false; } @@ -511,7 +511,7 @@ class rcube_message $img_regexp = '/^image\/(gif|jpe?g|png|tiff|bmp|svg)/'; foreach ($this->inline_parts as $inline_object) { - $part_url = $this->get_part_url($inline_object->mime_id); + $part_url = $this->get_part_url($inline_object->mime_id, true); if ($inline_object->content_id) $a_replaces['cid:'.$inline_object->content_id] = $part_url; if ($inline_object->content_location) { |