From c21d6d713e0320b7b61bff1fa0e05bbd250455bb Mon Sep 17 00:00:00 2001 From: thomascube Date: Mon, 3 Nov 2008 08:01:18 +0000 Subject: Don't use addslashes() which could produce unexpected results when magic_quotes_sybase is on --- program/steps/mail/get.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'program/steps') diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc index fc3ee83ea..2d51ffc46 100644 --- a/program/steps/mail/get.inc +++ b/program/steps/mail/get.inc @@ -90,7 +90,7 @@ else if ($pid = get_input_value('_part', RCUBE_INPUT_GET)) { $filename = $part->filename ? $part->filename : ($MESSAGE->subject ? $MESSAGE->subject : 'roundcube') . '.'.$ctype_secondary; $filename = abbreviate_string($part->filename, 55); - $filename = $browser->ie ? rawurlencode($filename) : addslashes($filename); + $filename = $browser->ie ? rawurlencode($filename) : addcslashes($filename, '"'); $disposition = !empty($_GET['_download']) ? 'attachment' : 'inline'; header("Content-Disposition: $disposition; filename=\"$filename\""); -- cgit v1.2.3