From e13ad37d8984b8b7a1a0ab96e4f2a561ef459265 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Wed, 14 Nov 2012 13:29:58 +0100 Subject: Fix XSS vulnerability in handling of text/enriched messages (#1488806) --- CHANGELOG | 1 + program/steps/mail/func.inc | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 5edf0d646..29a9adb4a 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Fix XSS vulnerability in handling of text/enriched messages (#1488806) - Fix handling of 'media' attribute on linked css (#1488789) - Fix regression where unintentional page reload was done after request abort (#1488802) - Fix excessive LFs at the end of composed message with top_posting=true (#1488797) diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 6712f2516..9b5b4f9d6 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -740,7 +740,9 @@ function rcmail_print_body($part, $p = array()) else if ($data['type'] == 'enriched') { $part->ctype_secondary = 'html'; require_once(INSTALL_PATH . 'program/lib/enriched.inc'); - $body = Q(enriched_to_html($data['body']), 'show'); + $body = enriched_to_html($data['body']); + $body = rcmail_wash_html($body, $data, $part->replaces); + $part->ctype_secondary = 'html'; } else { // assert plaintext -- cgit v1.2.3