Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix XSS vulnerability in _mbox argument handling (#1490417)
  • Loading branch information
alecpl committed May 30, 2015
1 parent 9877f89 commit b782815
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG
Expand Up @@ -39,6 +39,7 @@ RELEASE 1.1.2
- Fix potential info disclosure issue by protecting directory access (#1490378)
- Fix blank image in html_signature when saving identity changes (#1490412)
- Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402)
- Fix XSS vulnerability in _mbox argument handling (#1490417)

RELEASE 1.1.1
-------------
Expand Down
2 changes: 1 addition & 1 deletion program/include/rcmail.php
Expand Up @@ -1822,7 +1822,7 @@ public function display_server_error($fallback = null, $fallback_args = null, $s
}
else {
$error = 'servererrormsg';
$args = array('msg' => $err_str);
$args = array('msg' => rcube::Q($err_str));
}
}
else if ($err_code < 0) {
Expand Down

0 comments on commit b782815

Please sign in to comment.