diff options
| author | thomascube <thomas@roundcube.net> | 2006-07-19 19:36:35 +0000 |
|---|---|---|
| committer | thomascube <thomas@roundcube.net> | 2006-07-19 19:36:35 +0000 |
| commit | 078adf9da77f7ca6a3c02f9ef71be687aedb8856 (patch) | |
| tree | 5a1c53d1835d4941ae4be4694ee62ef4dac8bf33 /program/steps/mail/show.inc | |
| parent | 66e2bfa5507ebbbc73dc5fcabe511cd473e0c62a (diff) | |
Improved usability (Ticket #1483807) and HTML validity; applied patch #1328032; fixed bug #1443200
Diffstat (limited to 'program/steps/mail/show.inc')
| -rw-r--r-- | program/steps/mail/show.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/program/steps/mail/show.inc b/program/steps/mail/show.inc index 27fc44b3f..26a3d3312 100644 --- a/program/steps/mail/show.inc +++ b/program/steps/mail/show.inc @@ -109,8 +109,8 @@ function rcmail_message_attachments($attrib) $attach_prop['filename'], show_bytes($attach_prop['size'])); else - $out .= sprintf('<li><a href="%s&_part=%s" onclick="return %s.command(\'load-attachment\',{part:\'%s\', mimetype:\'%s\'},this)">%s</a></li>'."\n", - $GET_URL, + $out .= sprintf('<li><a href="%s&_part=%s" onclick="return %s.command(\'load-attachment\',{part:\'%s\', mimetype:\'%s\'},this)">%s</a></li>'."\n", + htmlentities($GET_URL), $attach_prop['part_id'], $JS_OBJECT_NAME, $attach_prop['part_id'], |