From: Jonathan A. <jan...@us...> - 2004-02-05 05:02:17
|
Update of /cvsroot/squirrelmail/squirrelmail/src In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2378/src Modified Files: Tag: SM-1_4-STABLE compose.php Log Message: XSS Fixes Index: compose.php =================================================================== RCS file: /cvsroot/squirrelmail/squirrelmail/src/compose.php,v retrieving revision 1.319.2.23 retrieving revision 1.319.2.24 diff -u -w -r1.319.2.23 -r1.319.2.24 --- compose.php 5 Feb 2004 03:41:15 -0000 1.319.2.23 +++ compose.php 5 Feb 2004 04:59:47 -0000 1.319.2.24 @@ -49,11 +49,24 @@ sqgetGlobalVar('session',$session); sqgetGlobalVar('mailbox',$mailbox); sqgetGlobalVar('identity',$identity); -sqgetGlobalVar('send_to',$send_to); -sqgetGlobalVar('send_to_cc',$send_to_cc); -sqgetGlobalVar('send_to_bcc',$send_to_bcc); -sqgetGlobalVar('subject',$subject); -sqgetGlobalVar('body',$body); + +if (sqgetGlobalVar('send_to',$send_to)) { + $send_to = decodeHeader($send_to); +} +if (sqgetGlobalVar('send_to_cc',$send_to_cc)) { + $send_to_cc = decodeHeader($send_to_cc); +} +if (sqgetGlobalVar('send_to_bcc',$send_to_bcc)) { + $send_to_bcc = decodeHeader($send_to_bcc); +} +if (sqgetGlobalVar('subject',$subject)) { + $subject = decodeHeader($subject); +} +if (sqgetGlobalVar('body',$body)) { + $body = decodeHeader($body); +} + + sqgetGlobalVar('mailprio',$mailprio); sqgetGlobalVar('request_mdn',$request_mdn); sqgetGlobalVar('request_dr',$request_dr); |