Query string sanitation in attachment_common.php
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
Query string sanitation in attachment_common.php
by jeffplang
::
Rate this Message:
In revision 13767, some calls to htmlspecialcharacters() in
functions/attachment_common.php were removed because it was sanitizing query strings that were already sanitized for generating "View" links for text file attachments. However, this bug was not fixed for the functions that generate "View" links for image or vCard attachments. Was there a reason for this? I've attached a patch to correct the behavior. Jeff Lang ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ----- squirrelmail-devel mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-devel@... List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel |
|
|
Re: Query string sanitation in attachment_common.php
by Paul Lesniewski
::
Rate this Message:
|
view_image_fix.diff (1K) | Free embeddable forum powered by Nabble | Forum Help |
