summaryrefslogtreecommitdiff
path: root/program/steps/mail
diff options
context:
space:
mode:
Diffstat (limited to 'program/steps/mail')
-rw-r--r--program/steps/mail/show.inc4
1 files changed, 2 insertions, 2 deletions
diff --git a/program/steps/mail/show.inc b/program/steps/mail/show.inc
index 27fc44b3f..26a3d3312 100644
--- a/program/steps/mail/show.inc
+++ b/program/steps/mail/show.inc
@@ -109,8 +109,8 @@ function rcmail_message_attachments($attrib)
$attach_prop['filename'],
show_bytes($attach_prop['size']));
else
- $out .= sprintf('<li><a href="%s&_part=%s" onclick="return %s.command(\'load-attachment\',{part:\'%s\', mimetype:\'%s\'},this)">%s</a></li>'."\n",
- $GET_URL,
+ $out .= sprintf('<li><a href="%s&amp;_part=%s" onclick="return %s.command(\'load-attachment\',{part:\'%s\', mimetype:\'%s\'},this)">%s</a></li>'."\n",
+ htmlentities($GET_URL),
$attach_prop['part_id'],
$JS_OBJECT_NAME,
$attach_prop['part_id'],