diff options
| author | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2006-11-22 11:42:37 +0000 |
|---|---|---|
| committer | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2006-11-22 11:42:37 +0000 |
| commit | 8e8daf41abb1fb9863e482d8f4eae48abe60ca6b (patch) | |
| tree | d23d2ba913ddd549faacdd0b9f66de637fd68ddc /roundcubemail/program/include | |
| parent | a84ebbddf66a55cff1f8631b08eef93a8a67a4b6 (diff) | |
Fixed XSS vulnerability (Bug #1484109)
git-svn-id: https://svn.roundcube.net/trunk@382 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/program/include')
| -rw-r--r-- | roundcubemail/program/include/main.inc | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/roundcubemail/program/include/main.inc b/roundcubemail/program/include/main.inc index da449c64c..55336fd30 100644 --- a/roundcubemail/program/include/main.inc +++ b/roundcubemail/program/include/main.inc @@ -1063,7 +1063,13 @@ function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL) return $value; } - +/** + * Remove single and double quotes from given string + */ +function strip_quotes($str) +{ + return preg_replace('/[\'"]/', '', $str); +} // ************** template parsing and gui functions ************** |