From 6d26369021d24f19528de59f79f668b745b1322b Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Sun, 4 Aug 2013 12:41:30 +0200 Subject: Fix XSS vulnerability when saving HTML signatures (#1489251) Conflicts: CHANGELOG --- program/steps/settings/edit_identity.inc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'program/steps/settings/edit_identity.inc') diff --git a/program/steps/settings/edit_identity.inc b/program/steps/settings/edit_identity.inc index d70a7aef7..edd4ba60d 100644 --- a/program/steps/settings/edit_identity.inc +++ b/program/steps/settings/edit_identity.inc @@ -77,7 +77,7 @@ function rcube_identity_form($attrib) 'signature' => array( 'name' => rcube_label('signature'), 'content' => array( - 'signature' => array('type' => 'textarea', 'size' => $t_cols, 'rows' => $t_rows, + 'signature' => array('type' => 'textarea', 'size' => $t_cols, 'rows' => $t_rows, 'spellcheck' => true), 'html_signature' => array('type' => 'checkbox', 'label' => rcube_label('htmlsignature'), 'onclick' => 'return rcmail_toggle_editor(this, \'rcmfd_signature\');'), @@ -138,6 +138,7 @@ function rcube_identity_form($attrib) $label = !empty($colprop['label']) ? $colprop['label'] : rcube_label(str_replace('-', '', $col)); + $value = !empty($colprop['value']) ? $colprop['value'] : rcmail_get_edit_field($col, $IDENTITY_RECORD[$col], $colprop, $colprop['type']); -- cgit v1.2.3