diff options
author | thomascube <thomas@roundcube.net> | 2006-09-03 12:17:35 +0000 |
---|---|---|
committer | thomascube <thomas@roundcube.net> | 2006-09-03 12:17:35 +0000 |
commit | bf0452585baf0f8a1d72095095bc06b132217dbb (patch) | |
tree | dfb5494bcc676bcf90e58ee4df46cb6f120f2a38 /program | |
parent | fda695f29732f5e5bcaa55e7e7abd090d2359927 (diff) |
Fixed another XSS issue: #1483830
Diffstat (limited to 'program')
-rw-r--r-- | program/steps/mail/get.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc index 083de8664..e1ae281e4 100644 --- a/program/steps/mail/get.inc +++ b/program/steps/mail/get.inc @@ -29,7 +29,7 @@ if ($_GET['_preload']) $message = rcube_label('loadingdata'); print "<html>\n<head>\n" . - '<meta http-equiv="refresh" content="0; url='.$url.'">' . + '<meta http-equiv="refresh" content="0; url='.htmlspecialchars($url).'">' . "\n</head>\n<body>" . $message . "\n</body>\n</html>"; |