From c14b337450bb546f5c1b18b1a66481844a3e79d0 Mon Sep 17 00:00:00 2001 From: Thomas Bruederli Date: Tue, 27 Nov 2012 16:25:42 +0100 Subject: Fix XSS vulnerability using Flash files (#1488828) by comparing mimetypes and filename extensions --- program/localization/en_US/labels.inc | 1 + program/localization/en_US/messages.inc | 1 + 2 files changed, 2 insertions(+) (limited to 'program/localization/en_US') diff --git a/program/localization/en_US/labels.inc b/program/localization/en_US/labels.inc index c8cbf1841..abb0dca5d 100644 --- a/program/localization/en_US/labels.inc +++ b/program/localization/en_US/labels.inc @@ -64,6 +64,7 @@ $labels['move'] = 'Move'; $labels['moveto'] = 'Move to...'; $labels['download'] = 'Download'; $labels['showattachment'] = 'Show'; +$labels['showanyway'] = 'Show it anyway'; $labels['filename'] = 'File name'; $labels['filesize'] = 'File size'; diff --git a/program/localization/en_US/messages.inc b/program/localization/en_US/messages.inc index a900fae18..68cf314e7 100644 --- a/program/localization/en_US/messages.inc +++ b/program/localization/en_US/messages.inc @@ -163,6 +163,7 @@ $messages['invalidimageformat'] = 'Not a valid image format.'; $messages['mispellingsfound'] = 'Spelling errors detected in the message.'; $messages['parentnotwritable'] = 'Unable to create/move folder into selected parent folder. No access rights.'; $messages['messagetoobig'] = 'The message part is too big to process it.'; +$messages['attachmentvalidationerror'] = 'WARNING! This attachment is suspicious because its type doesn\'t match the type declared in the message. If you do not trust the sender, you shouldn\'t open it in the browser because it may contain malicious contents.

Expected: $expected; found: $detected'; $messages['noscriptwarning'] = 'Warning: This webmail service requires Javascript! In order to use it please enable Javascript in your browser\'s settings.'; ?> -- cgit v1.2.3