diff options
| author | Thomas Bruederli <thomas@roundcube.net> | 2012-11-27 16:25:42 +0100 |
|---|---|---|
| committer | Thomas Bruederli <thomas@roundcube.net> | 2012-11-27 16:25:42 +0100 |
| commit | c14b337450bb546f5c1b18b1a66481844a3e79d0 (patch) | |
| tree | 1e4307f9ac1e3c634f51531ce025e493641e5454 /program/steps/mail/func.inc | |
| parent | dff2c713fbc5dd8a501a31f3c158b8be412f46d0 (diff) | |
Fix XSS vulnerability using Flash files (#1488828) by comparing mimetypes and filename extensions
Diffstat (limited to 'program/steps/mail/func.inc')
| -rw-r--r-- | program/steps/mail/func.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index ff442ad60..cb1a5ddae 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -1664,7 +1664,7 @@ function rcmail_message_part_frame($attrib) $part = $MESSAGE->mime_parts[asciiwords(get_input_value('_part', RCUBE_INPUT_GPC))]; $ctype_primary = strtolower($part->ctype_primary); - $attrib['src'] = './?' . str_replace('_frame=', ($ctype_primary=='text' ? '_show=' : '_preload='), $_SERVER['QUERY_STRING']); + $attrib['src'] = './?' . str_replace('_frame=', ($ctype_primary=='text' ? '_embed=' : '_preload='), $_SERVER['QUERY_STRING']); return html::iframe($attrib); } |