Menu
▾
▴
Bug in X-mailer, maybe a potential security problem
|
From: Pontus U. <po...@ul...> - 2001-06-20 09:30:29
|
Hello! Almost by mistake I found a bug i the x-mailer plug in. If the X-Mailer-header field contains html-characters, such as < and >. They are not displayed in a proper manner. This is first of all a graphical bug but I guess maybe one could use this to execute some evil javascript code inserted in the X-Mailer field of the header. I've made a quick fix using the htmlentities function but this function only use ISO-8859-1 charset so I guess a better fix should be made. !!! This fix is untested but you probably get the general idea. !!! Diff file is attached -- Virtually Yours Pontus Ullgren Linux Zealot & Software Designer e-mail: po...@ul... URL: http://pontus.ullgren.com/ Say NO to HTML in mail and news |