Improve HTML sanitization with washtml

author: thomascube <thomas@roundcube.net> 2008-07-22 08:01:42 +0000
committer: thomascube <thomas@roundcube.net> 2008-07-22 08:01:42 +0000
commit: 21e724153e80249d0b0f0aaa2f730ad2c045532c (patch)
tree: 08d5f1b5d29b089e09bdcfdb7f17e696759b402e /program/steps/mail/get.inc
parent: 808fb26b619bb858cd77010a7d42648e21f07f81 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc
index 4d7895269..842c60536 100644
--- a/program/steps/mail/get.inc
+++ b/program/steps/mail/get.inc
@@ -65,6 +65,8 @@ else if ($pid = get_input_value('_part', RCUBE_INPUT_GET)) {
       header("Cache-Control: private", false);
       header("Content-Type: application/octet-stream");
     }
+    else if ($ctype_primary == 'text')
+      header("Content-Type: text/$ctype_secondary; charset=" . RCMAIL_CHARSET);
     else
       header("Content-Type: $mimetype");
 
@@ -95,7 +97,7 @@ else if ($pid = get_input_value('_part', RCUBE_INPUT_GET)) {
         $part->body = $MESSAGE->get_part_content($part->mime_id);
 
       $OUTPUT = new rcube_html_page();
-      $OUTPUT->write(rcmail_print_body($part, $MESSAGE->is_safe));
+      $OUTPUT->write(rcmail_print_body($part, array('safe' => $MESSAGE->is_safe, 'inline_html' => false)));
     }
     else {
       header(sprintf('Content-Disposition: %s; filename="%s";',
author	thomascube <thomas@roundcube.net>	2008-07-22 08:01:42 +0000
committer	thomascube <thomas@roundcube.net>	2008-07-22 08:01:42 +0000
commit	21e724153e80249d0b0f0aaa2f730ad2c045532c (patch)
tree	08d5f1b5d29b089e09bdcfdb7f17e696759b402e /program/steps/mail/get.inc
parent	808fb26b619bb858cd77010a7d42648e21f07f81 (diff)