[SM-CVS] CVS: squirrelmail/src compose.php,1.319.2.23,1.319.2.24

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Update of /cvsroot/squirrelmail/squirrelmail/src
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2378/src

Modified Files:
      Tag: SM-1_4-STABLE
	compose.php 
Log Message:

XSS Fixes



Index: compose.php
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/src/compose.php,v
retrieving revision 1.319.2.23
retrieving revision 1.319.2.24
diff -u -w -r1.319.2.23 -r1.319.2.24

--- compose.php	5 Feb 2004 03:41:15 -0000	1.319.2.23
+++ compose.php	5 Feb 2004 04:59:47 -0000	1.319.2.24
@@ -49,11 +49,24 @@
 sqgetGlobalVar('session',$session);
 sqgetGlobalVar('mailbox',$mailbox);
 sqgetGlobalVar('identity',$identity);
-sqgetGlobalVar('send_to',$send_to);
-sqgetGlobalVar('send_to_cc',$send_to_cc);
-sqgetGlobalVar('send_to_bcc',$send_to_bcc);
-sqgetGlobalVar('subject',$subject);
-sqgetGlobalVar('body',$body);
+
+if (sqgetGlobalVar('send_to',$send_to)) {
+    $send_to = decodeHeader($send_to);
+}
+if (sqgetGlobalVar('send_to_cc',$send_to_cc)) {
+    $send_to_cc = decodeHeader($send_to_cc);
+}
+if (sqgetGlobalVar('send_to_bcc',$send_to_bcc)) {
+    $send_to_bcc = decodeHeader($send_to_bcc);
+}
+if (sqgetGlobalVar('subject',$subject)) {
+    $subject = decodeHeader($subject);
+}
+if (sqgetGlobalVar('body',$body)) {
+    $body = decodeHeader($body);
+}
+
+
 sqgetGlobalVar('mailprio',$mailprio);
 sqgetGlobalVar('request_mdn',$request_mdn);
 sqgetGlobalVar('request_dr',$request_dr);



