Content filter for embedded attachments to protect from XSS on IE<=8 (#1487895)

git-svn-id: https://svn.roundcube.net/trunk@5509 208e9e7b-5314-0410-a742-e7e81cd9613c
author: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> 2011-11-29 10:16:42 +0000
committer: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> 2011-11-29 10:16:42 +0000
commit: c37e6abc97a1c0fa3a27c73b1fdf32d82f043813 (patch)
tree: d3685da11b9e2293c9042c2e90f5e75c31886837 /roundcubemail/program/steps/mail/func.inc
parent: 2e56553b595d6fbb17e2abb7684994759fd005d1 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/roundcubemail/program/steps/mail/func.inc b/roundcubemail/program/steps/mail/func.inc
index b06feda7e..07a3f071d 100644
--- a/roundcubemail/program/steps/mail/func.inc
+++ b/roundcubemail/program/steps/mail/func.inc
@@ -551,7 +551,7 @@ function rcmail_check_safe(&$message)
  * @param array  CID map replaces (inline images)
  * @return string Clean HTML
  */
-function rcmail_wash_html($html, $p = array(), $cid_replaces)
+function rcmail_wash_html($html, $p, $cid_replaces)
 {
   global $REMOTE_OBJECTS;
 
@@ -1068,7 +1068,7 @@ function rcmail_message_body($attrib)
       ) {
         $out .= html::tag('hr') . html::p(array('align' => "center"),
           html::img(array(
-            'src' => $MESSAGE->get_part_url($attach_prop->mime_id),
+            'src' => $MESSAGE->get_part_url($attach_prop->mime_id, true),
             'title' => $attach_prop->filename,
             'alt' => $attach_prop->filename,
           )));
author	thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>	2011-11-29 10:16:42 +0000
committer	thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>	2011-11-29 10:16:42 +0000
commit	c37e6abc97a1c0fa3a27c73b1fdf32d82f043813 (patch)
tree	d3685da11b9e2293c9042c2e90f5e75c31886837 /roundcubemail/program/steps/mail/func.inc
parent	2e56553b595d6fbb17e2abb7684994759fd005d1 (diff)