ExternalVendorCode/devilbox
1
0
Fork 0
mirror of https://github.com/cytopia/devilbox.git synced 2025-01-31 08:25:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #327 from cytopia/fix-email-xss

Browse Source 
Fix #326 XSS vulnerability in email display
This commit is contained in:
cytopia 2018-07-28 09:23:54 +02:00 committed by GitHub
commit fa238275ac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.devilbox/www/htdocs/mail.php
View File

@ -157,7 +157,7 @@ $messages = $MyMbox->get($sortOrderArr);
<tbody> <tbody>
<?php foreach ($messages as $data): ?> <?php foreach ($messages as $data): ?>
<?php <?php
$message = $data['raw']; $message = htmlentities($data['raw']);
$structure = $data['decoded']; $structure = $data['decoded'];
?> ?>
<tr id="<?php echo $data['num'];?>" class="subject"> <tr id="<?php echo $data['num'];?>" class="subject">
@ -167,17 +167,17 @@ $messages = $MyMbox->get($sortOrderArr);
<small><?php echo date('Y-m-d', strtotime($structure->headers['date']));?></small> <small><?php echo date('Y-m-d', strtotime($structure->headers['date']));?></small>
</td> </td>
<td><?php echo htmlentities($structure->headers['from']);?></td> <td><?php echo htmlentities($structure->headers['from']);?></td>
<td><?php echo $structure->headers['x-original-to'];?></td> <td><?php echo htmlentities($structure->headers['x-original-to']);?></td>
<td><?php echo $structure->headers['subject'];?></td> <td><?php echo htmlentities($structure->headers['subject']);?></td>
</tr> </tr>
<tr></tr> <tr></tr>
<tr id="mail-<?php echo $data['num'];?>" style="display:none"> <tr id="mail-<?php echo $data['num'];?>" style="display:none">
<td></td> <td></td>
<td colspan="4"> <td colspan="4">
<?php if (isset($structure->body)): ?> <?php if (isset($structure->body)): ?>
<?php echo $structure->body ?> <?php echo htmlentities($structure->body) ?>
<?php elseif(isset($structure->parts[1]->body)): ?> <?php elseif(isset($structure->parts[1]->body)): ?>
<?php echo $structure->parts[1]->body ?> <?php echo htmlentities($structure->parts[1]->body) ?>
<?php elseif(isset($structure->parts[0]->body)): ?> <?php elseif(isset($structure->parts[0]->body)): ?>
<?php echo htmlentities($structure->parts[0]->body) ?> <?php echo htmlentities($structure->parts[0]->body) ?>
<?php else: ?> <?php else: ?>