From 15fd8f9dc7e3919de5747a7bd3087be101daee5a Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 30 May 2015 11:39:37 -0400
Subject: [PATCH] Fix XSS vulnerability in _mbox argument handling (#1490417)

---
 program/include/rcmail.php |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index 0e01bda..0bcedeb 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -1820,7 +1820,7 @@
             }
             else {
                 $error = 'servererrormsg';
-                $args  = array('msg' => $err_str);
+                $args  = array('msg' => rcube::Q($err_str));
             }
         }
         else if ($err_code < 0) {

--
Gitblit v1.9.1