From 57486f6e58d602413b58f780bf3a94ad6d2af8ce Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Tue, 29 Nov 2011 10:16:42 +0000
Subject: Content filter for embedded attachments to protect from XSS on IE<=8
 (#1487895)

---
 program/steps/mail/show.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'program/steps/mail/show.inc')

diff --git a/program/steps/mail/show.inc b/program/steps/mail/show.inc
index 8976e863a..d928cfd68 100644
--- a/program/steps/mail/show.inc
+++ b/program/steps/mail/show.inc
@@ -132,7 +132,7 @@ function rcmail_message_attachments($attrib)
 
         $ol .= html::tag('li', null,
           html::a(array(
-            'href' => $MESSAGE->get_part_url($attach_prop->mime_id),
+            'href' => $MESSAGE->get_part_url($attach_prop->mime_id, false),
             'onclick' => sprintf(
               'return %s.command(\'load-attachment\',{part:\'%s\', mimetype:\'%s\'},this)',
               JS_OBJECT_NAME,
-- 
cgit v1.2.3