From 57486f6e58d602413b58f780bf3a94ad6d2af8ce Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Tue, 29 Nov 2011 10:16:42 +0000
Subject: Content filter for embedded attachments to protect from XSS on IE<=8
 (#1487895)

---
 program/steps/mail/func.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'program/steps/mail/func.inc')

diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index b06feda7e..07a3f071d 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -551,7 +551,7 @@ function rcmail_check_safe(&$message)
  * @param array  CID map replaces (inline images)
  * @return string Clean HTML
  */
-function rcmail_wash_html($html, $p = array(), $cid_replaces)
+function rcmail_wash_html($html, $p, $cid_replaces)
 {
   global $REMOTE_OBJECTS;
 
@@ -1068,7 +1068,7 @@ function rcmail_message_body($attrib)
       ) {
         $out .= html::tag('hr') . html::p(array('align' => "center"),
           html::img(array(
-            'src' => $MESSAGE->get_part_url($attach_prop->mime_id),
+            'src' => $MESSAGE->get_part_url($attach_prop->mime_id, true),
             'title' => $attach_prop->filename,
             'alt' => $attach_prop->filename,
           )));
-- 
cgit v1.2.3