From 2af37485965d0fd0a121a0f23f821138ad1a5529 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Thu, 14 Nov 2013 19:20:36 +0100
Subject: Clean HTML message body from URL parameters after enabling HTML mode
 in commit e957bfec

---
 program/steps/mail/compose.inc | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'program/steps/mail/compose.inc')

diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index 987cdb9a1..f75b219ff 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -446,6 +446,11 @@ function rcmail_process_compose_params(&$COMPOSE)
     }
   }
 
+  // clean HTML message body which can be submitted by URL
+  if ($COMPOSE['param']['body']) {
+    $COMPOSE['param']['body'] = rcmail_wash_html($COMPOSE['param']['body'], array('safe' => false, 'inline_html' => true), array());
+  }
+
   $RCMAIL = rcmail::get_instance();
 
   // select folder where to save the sent message
-- 
cgit v1.2.3