summaryrefslogtreecommitdiff
path: root/program/include
diff options
context:
space:
mode:
authorthomascube <thomas@roundcube.net>2011-11-29 10:16:42 +0000
committerthomascube <thomas@roundcube.net>2011-11-29 10:16:42 +0000
commit57486f6e58d602413b58f780bf3a94ad6d2af8ce (patch)
tree9f538706c8b5e86cce4f00e9d3b25c343210760c /program/include
parent6bddd9ba44e4dcb69e8d22fcaf21ec017d78e0fc (diff)
Content filter for embedded attachments to protect from XSS on IE<=8 (#1487895)
Diffstat (limited to 'program/include')
-rw-r--r--program/include/rcube_message.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/program/include/rcube_message.php b/program/include/rcube_message.php
index 0ecd86c4c..633f59be2 100644
--- a/program/include/rcube_message.php
+++ b/program/include/rcube_message.php
@@ -142,10 +142,10 @@ class rcube_message
* @param string $mime_id Part MIME-ID
* @return string URL or false if part does not exist
*/
- public function get_part_url($mime_id)
+ public function get_part_url($mime_id, $embed = false)
{
if ($this->mime_parts[$mime_id])
- return $this->opt['get_url'] . '&_part=' . $mime_id;
+ return $this->opt['get_url'] . '&_part=' . $mime_id . ($embed ? '&_embed=1' : '');
else
return false;
}
@@ -511,7 +511,7 @@ class rcube_message
$img_regexp = '/^image\/(gif|jpe?g|png|tiff|bmp|svg)/';
foreach ($this->inline_parts as $inline_object) {
- $part_url = $this->get_part_url($inline_object->mime_id);
+ $part_url = $this->get_part_url($inline_object->mime_id, true);
if ($inline_object->content_id)
$a_replaces['cid:'.$inline_object->content_id] = $part_url;
if ($inline_object->content_location) {