From c14b337450bb546f5c1b18b1a66481844a3e79d0 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Tue, 27 Nov 2012 10:25:42 -0500
Subject: [PATCH] Fix XSS vulnerability using Flash files (#1488828) by comparing mimetypes and filename extensions

---
 program/steps/mail/func.inc |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index ff442ad..cb1a5dd 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -1664,7 +1664,7 @@
   $part = $MESSAGE->mime_parts[asciiwords(get_input_value('_part', RCUBE_INPUT_GPC))];
   $ctype_primary = strtolower($part->ctype_primary);
 
-  $attrib['src'] = './?' . str_replace('_frame=', ($ctype_primary=='text' ? '_show=' : '_preload='), $_SERVER['QUERY_STRING']);
+  $attrib['src'] = './?' . str_replace('_frame=', ($ctype_primary=='text' ? '_embed=' : '_preload='), $_SERVER['QUERY_STRING']);
 
   return html::iframe($attrib);
 }

--
Gitblit v1.9.1