summaryrefslogtreecommitdiff
path: root/program/steps/settings/edit_identity.inc
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2013-08-04 12:41:30 +0200
committerAleksander Machniak <alec@alec.pl>2013-08-04 12:42:25 +0200
commit6d26369021d24f19528de59f79f668b745b1322b (patch)
tree97f60190877f782993c9cd718e6319a6ce5ac977 /program/steps/settings/edit_identity.inc
parent5591a63d70775f2995611ae3d29dd55e8f4a1695 (diff)
Fix XSS vulnerability when saving HTML signatures (#1489251)
Conflicts: CHANGELOG
Diffstat (limited to 'program/steps/settings/edit_identity.inc')
-rw-r--r--program/steps/settings/edit_identity.inc3
1 files changed, 2 insertions, 1 deletions
diff --git a/program/steps/settings/edit_identity.inc b/program/steps/settings/edit_identity.inc
index d70a7aef7..edd4ba60d 100644
--- a/program/steps/settings/edit_identity.inc
+++ b/program/steps/settings/edit_identity.inc
@@ -77,7 +77,7 @@ function rcube_identity_form($attrib)
'signature' => array(
'name' => rcube_label('signature'),
'content' => array(
- 'signature' => array('type' => 'textarea', 'size' => $t_cols, 'rows' => $t_rows,
+ 'signature' => array('type' => 'textarea', 'size' => $t_cols, 'rows' => $t_rows,
'spellcheck' => true),
'html_signature' => array('type' => 'checkbox', 'label' => rcube_label('htmlsignature'),
'onclick' => 'return rcmail_toggle_editor(this, \'rcmfd_signature\');'),
@@ -138,6 +138,7 @@ function rcube_identity_form($attrib)
$label = !empty($colprop['label']) ? $colprop['label'] :
rcube_label(str_replace('-', '', $col));
+
$value = !empty($colprop['value']) ? $colprop['value'] :
rcmail_get_edit_field($col, $IDENTITY_RECORD[$col], $colprop, $colprop['type']);