Skip to content
Browse files

Fix HTTP User-Agent XSS vulnerability (#1488737)

  • Loading branch information...
1 parent 0c1005d commit 95d28926865d8a0d6fd009ebd73c0fc78c19d183 @thomascube thomascube committed
Showing with 3 additions and 3 deletions.
  1. +3 −3 program/steps/utils/error.inc
View
6 program/steps/utils/error.inc
@@ -5,7 +5,7 @@
| program/steps/utils/error.inc |
| |
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2005-2011, The Roundcube Dev Team |
+ | Copyright (C) 2005-2012, The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
@@ -23,11 +23,11 @@ $rcmail = rcmail::get_instance();
// browser is not compatible with this application
if ($ERROR_CODE==409) {
- $user_agent = $_SERVER['HTTP_USER_AGENT'];
+ $user_agent = htmlentities($_SERVER['HTTP_USER_AGENT']);
$__error_title = 'Your browser does not suit the requirements for this application';
$__error_text = <<<EOF
<i>Supported browsers:</i><br />
-&raquo; &nbsp;Microsoft Internet Explorer 6+<br />
+&raquo; &nbsp;Microsoft Internet Explorer 7+<br />
&raquo; &nbsp;Mozilla Firefox 3+<br />
&raquo; &nbsp;Chrome 10+<br />
&raquo; &nbsp;Safari 4+<br />

0 comments on commit 95d2892

Please sign in to comment.
Something went wrong with that request. Please try again.