diff options
author | Thomas Bruederli <thomas@roundcube.net> | 2012-10-04 16:59:37 +0200 |
---|---|---|
committer | Thomas Bruederli <thomas@roundcube.net> | 2012-10-04 16:59:37 +0200 |
commit | 95d28926865d8a0d6fd009ebd73c0fc78c19d183 (patch) | |
tree | 28d8ac9a52bb7a88644061dac019784fb13a032c /program | |
parent | 0c1005da3f470226e2f6ac7e38ee206f0a7b3625 (diff) |
Fix HTTP User-Agent XSS vulnerability (#1488737)
Diffstat (limited to 'program')
-rw-r--r-- | program/steps/utils/error.inc | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/program/steps/utils/error.inc b/program/steps/utils/error.inc index e6e409a21..9fb71c528 100644 --- a/program/steps/utils/error.inc +++ b/program/steps/utils/error.inc @@ -5,7 +5,7 @@ | program/steps/utils/error.inc | | | | This file is part of the Roundcube Webmail client | - | Copyright (C) 2005-2011, The Roundcube Dev Team | + | Copyright (C) 2005-2012, The Roundcube Dev Team | | | | Licensed under the GNU General Public License version 3 or | | any later version with exceptions for skins & plugins. | @@ -23,11 +23,11 @@ $rcmail = rcmail::get_instance(); // browser is not compatible with this application if ($ERROR_CODE==409) { - $user_agent = $_SERVER['HTTP_USER_AGENT']; + $user_agent = htmlentities($_SERVER['HTTP_USER_AGENT']); $__error_title = 'Your browser does not suit the requirements for this application'; $__error_text = <<<EOF <i>Supported browsers:</i><br /> -» Microsoft Internet Explorer 6+<br /> +» Microsoft Internet Explorer 7+<br /> » Mozilla Firefox 3+<br /> » Chrome 10+<br /> » Safari 4+<br /> |