diff options
author | thomascube <thomas@roundcube.net> | 2008-11-03 08:01:18 +0000 |
---|---|---|
committer | thomascube <thomas@roundcube.net> | 2008-11-03 08:01:18 +0000 |
commit | c21d6d713e0320b7b61bff1fa0e05bbd250455bb (patch) | |
tree | 309840400c4e31fa90c5daf73779f49b7265c1d1 /program/steps/mail | |
parent | f35a226447e578b9859e1f933f7c09c5d20a3ca9 (diff) |
Don't use addslashes() which could produce unexpected results when magic_quotes_sybase is on
Diffstat (limited to 'program/steps/mail')
-rw-r--r-- | program/steps/mail/get.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc index fc3ee83ea..2d51ffc46 100644 --- a/program/steps/mail/get.inc +++ b/program/steps/mail/get.inc @@ -90,7 +90,7 @@ else if ($pid = get_input_value('_part', RCUBE_INPUT_GET)) { $filename = $part->filename ? $part->filename : ($MESSAGE->subject ? $MESSAGE->subject : 'roundcube') . '.'.$ctype_secondary; $filename = abbreviate_string($part->filename, 55); - $filename = $browser->ie ? rawurlencode($filename) : addslashes($filename); + $filename = $browser->ie ? rawurlencode($filename) : addcslashes($filename, '"'); $disposition = !empty($_GET['_download']) ? 'attachment' : 'inline'; header("Content-Disposition: $disposition; filename=\"$filename\""); |