summaryrefslogtreecommitdiff
path: root/program
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2012-06-08 09:22:49 +0200
committerAleksander Machniak <alec@alec.pl>2012-06-08 09:22:49 +0200
commita7d5e3e8580466639a18da35af13b97dc3765c16 (patch)
tree4598c6ce454593442d1c6ceb3d7e5151450bc3e9 /program
parent51809bd66c3dc08fb578950a0394c8603a419b9e (diff)
Fix XSS vulnerability in message subject handling using Larry skin (#1488519)
Diffstat (limited to 'program')
-rw-r--r--program/steps/mail/func.inc2
1 files changed, 1 insertions, 1 deletions
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 854298d8b..208b2b345 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -947,7 +947,7 @@ function rcmail_message_headers($attrib, $headers=NULL)
// single header value is requested
if (!empty($attrib['valueof']))
- return Q($plugin['output'][$attrib['valueof']]['value'], ($hkey == 'subject' ? 'strict' : 'show'));
+ return Q($plugin['output'][$attrib['valueof']]['value'], ($attrib['valueof'] == 'subject' ? 'strict' : 'show'));
// compose html table
$table = new html_table(array('cols' => 2));