Changeset a7d5e3e8 in github


Ignore:
Timestamp:
Jun 8, 2012 3:22:49 AM (13 months ago)
Author:
Aleksander Machniak <alec@…>
Branches:
release-0.8
Children:
16114e6
Parents:
51809bd
Message:

Fix XSS vulnerability in message subject handling using Larry skin (#1488519)

Files:
2 edited

Legend:

Unmodified
Added
Removed

  • CHANGELOG

    r51809bd ra7d5e3e8  
    22=========================== 
    33 
     4- Fix XSS vulnerability in message subject handling using Larry skin (#1488519) 
    45- Fix handling of links with various URI schemes e.g. "skype:" (#1488106) 
    56- Fix handling of links inside PRE elements on html to text conversion 

  • program/steps/mail/func.inc

    r951c9b3a ra7d5e3e8  
    948948  // single header value is requested 
    949949  if (!empty($attrib['valueof'])) 
    950     return Q($plugin['output'][$attrib['valueof']]['value'], ($hkey == 'subject' ? 'strict' : 'show')); 
     950    return Q($plugin['output'][$attrib['valueof']]['value'], ($attrib['valueof'] == 'subject' ? 'strict' : 'show')); 
    951951 
    952952  // compose html table 
Note: See TracChangeset for help on using the changeset viewer.