diff options
| author | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2006-09-03 12:17:35 +0000 |
|---|---|---|
| committer | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2006-09-03 12:17:35 +0000 |
| commit | 77d16b46a9a76581d8f20bd8e1c6ee39bd5aff54 (patch) | |
| tree | a2ab2faafffcc325b9274fe5e61df01b7e114b2b /roundcubemail/program/steps | |
| parent | 47e9fff6bc7cfed24efaf9531c3e98f83e790d38 (diff) | |
Fixed another XSS issue: #1483830
git-svn-id: https://svn.roundcube.net/trunk@335 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/program/steps')
| -rw-r--r-- | roundcubemail/program/steps/mail/get.inc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/roundcubemail/program/steps/mail/get.inc b/roundcubemail/program/steps/mail/get.inc index 083de8664..e1ae281e4 100644 --- a/roundcubemail/program/steps/mail/get.inc +++ b/roundcubemail/program/steps/mail/get.inc @@ -29,7 +29,7 @@ if ($_GET['_preload']) $message = rcube_label('loadingdata'); print "<html>\n<head>\n" . - '<meta http-equiv="refresh" content="0; url='.$url.'">' . + '<meta http-equiv="refresh" content="0; url='.htmlspecialchars($url).'">' . "\n</head>\n<body>" . $message . "\n</body>\n</html>"; |