[SM-CVS] CVS: squirrelmail/src read_body.php,1.276,1.277

[Marc G. K. <st...@us...>]

Update of /cvsroot/squirrelmail/squirrelmail/src
In directory sc8-pr-cvs1:/tmp/cvs-serv31105

Modified Files:
	read_body.php 
Log Message:
fixed problems with subjects with html special chars in it.
Fix for possible xss holes



Index: read_body.php
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/src/read_body.php,v
retrieving revision 1.276
retrieving revision 1.277
diff -u -w -r1.276 -r1.277
--- read_body.php	6 Feb 2003 04:55:20 -0000	1.276
+++ read_body.php	24 Feb 2003 18:51:33 -0000	1.277
@@ -368,7 +368,7 @@
 
         $cnt = count($recipients);
         foreach($recipients as $r) {
-            $add = htmlspecialchars($r->getAddress());
+            $add = htmlspecialchars(decodeHeader($r->getAddress()));
             if ($string) {
                 $string .= '<BR>' . $add;
             } else {
@@ -396,11 +396,7 @@
 
     $header = $message->rfc822_header;
     $env = array();
-    if ($squirrelmail_language == 'ja_JP') {
         $env[_("Subject")] = htmlspecialchars(decodeHeader($header->subject));
-    } else {
-	$env[_("Subject")] = decodeHeader(htmlspecialchars($header->subject));
-    }   
     $from_name = $header->getAddr_s('from');
     if (!$from_name) {
         $from_name = $header->getAddr_s('sender');
@@ -414,10 +410,10 @@
     $env[_("Cc")] = formatRecipientString($header->cc, "cc");
     $env[_("Bcc")] = formatRecipientString($header->bcc, "bcc");
     if ($default_use_priority) {
-        $env[_("Priority")] = getPriorityStr($header->priority);
+        $env[_("Priority")] = htmlspecialchars(getPriorityStr($header->priority));
     }
     if ($show_xmailer_default) {
-        $env[_("Mailer")] = htmlentities(decodeHeader($header->xmailer));
+        $env[_("Mailer")] = htmlspecialchars(decodeHeader($header->xmailer));
     }
     if ($default_use_mdn) {
         if ($mdn_user_support) {