From b782815dacda55eee6793249b5da1789256206fc Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 30 May 2015 11:37:06 -0400
Subject: [PATCH] Fix XSS vulnerability in _mbox argument handling (#1490417)

---
 program/include/rcmail.php |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index e3e45e2..490e836 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -1822,7 +1822,7 @@
             }
             else {
                 $error = 'servererrormsg';
-                $args  = array('msg' => $err_str);
+                $args  = array('msg' => rcube::Q($err_str));
             }
         }
         else if ($err_code < 0) {

--
Gitblit v1.9.1