Workaround for & encoding in links

mailwatch · Apr 28, 2017 · 438afdd · 438afdd
1 parent e7d6546
commit 438afdd
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 5 deletions.
diff --git a/mailscanner/auto-release.php b/mailscanner/auto-release.php
@@ -32,13 +32,17 @@
 require_once __DIR__ . '/functions.php';
 if (file_exists('conf.php')) {
     $output = array();
-    if (isset($_GET['mid'], $_GET['r'])) {
+    if (isset($_GET['mid']) && (isset($_GET['r']) || isset($_GET['amp;r']))) {
         dbconn();
         $mid = deepSanitizeInput($_GET['mid'], 'url');
         if ($mid === false || !validateInput($mid, 'msgid')) {
             die();
         }
-        $token = deepSanitizeInput($_GET['r'], 'url');
+        if (isset($_GET['amp;r'])) {
+            $token = deepSanitizeInput($_GET['amp;r'], 'url');
+        } else {
+            $token = deepSanitizeInput($_GET['r'], 'url');
+        }
         if (!validateInput($token, 'releasetoken')) {
             die(__('dietoken99'));
         }

diff --git a/mailscanner/viewmail.php b/mailscanner/viewmail.php
@@ -47,11 +47,14 @@ function do_action(id, token, action) {
     </SCRIPT>
 <?php
 dbconn();
-if (!isset($_GET['id'])) {
+if (!isset($_GET['id']) && !isset($_GET['amp;id'])) {
     die(__('nomessid06'));
 }
-
-$message_id = deepSanitizeInput($_GET['id'], 'url');
+if (isset($_GET['amp;id'])) {
+    $message_id = deepSanitizeInput($_GET['amp;id'], 'url');
+} else {
+    $message_id = deepSanitizeInput($_GET['id'], 'url');
+}
 if (!validateInput($message_id, 'msgid')) {
     die();
 }