File tree 2 files changed +3
-2
lines changed
2 files changed +3
-2
lines changed Original file line number Diff line number Diff line change @@ -11,6 +11,7 @@ CHANGELOG Roundcube Webmail
1111- Fix handling of custom sender addresses with names (#8106)
1212- Fix shift + drag'n'drop menu not working in Elastic skin with Chrome browser (#8107)
1313- Fix Firefox infinate loading display on mail screen (#8128)
14+ - Fix XSS issue in handling attachment filename extension in mimetype mismatch warning (#8193)
1415
1516RELEASE 1.4.11
1617--------------
Original file line number Diff line number Diff line change @@ -187,8 +187,8 @@ if (empty($_GET['_thumb']) && $attachment->is_valid()) {
187187 $ RCMAIL ->gettext (array (
188188 'name ' => 'attachmentvalidationerror ' ,
189189 'vars ' => array (
190- 'expected ' => $ mimetype . ($ file_extension ? " (. $ file_extension) " : '' ),
191- 'detected ' => $ real_mimetype . ($ extensions [0 ] ? " (. $ extensions [0 ]) " : '' ),
190+ 'expected ' => $ mimetype . (! empty ( $ file_extension) ? rcube:: Q ( " (. { $ file_extension} ) " ) : '' ),
191+ 'detected ' => $ real_mimetype . (! empty ( $ extensions [0 ]) ? " (. { $ extensions [0 ]} ) " : '' ),
192192 )
193193 )
194194 ),
You can’t perform that action at this time.
0 commit comments