From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 program/steps/mail/headers.inc |   14 +++++---------
 1 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/program/steps/mail/headers.inc b/program/steps/mail/headers.inc
index 0892247..7fb8d58 100644
--- a/program/steps/mail/headers.inc
+++ b/program/steps/mail/headers.inc
@@ -1,5 +1,6 @@
 <?php
-/*
+
+/**
  +-----------------------------------------------------------------------+
  | program/steps/mail/headers.inc                                        |
  |                                                                       |
@@ -16,17 +17,14 @@
  +-----------------------------------------------------------------------+
  | Author: Aleksander Machniak <alec@alec.pl>                            |
  +-----------------------------------------------------------------------+
-
- $Id$
-
 */
 
-if ($uid = get_input_value('_uid', RCUBE_INPUT_POST))
-{
+if ($uid = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_POST)) {
     $source = $RCMAIL->storage->get_raw_headers($uid);
 
     if ($source !== false) {
-        $source = htmlspecialchars(trim($source));
+        $source = trim(rcube_charset::clean($source));
+        $source = htmlspecialchars($source);
         $source = preg_replace(
             array(
                 '/\n[\t\s]+/',
@@ -49,5 +47,3 @@
 }
 
 exit;
-
-

--
Gitblit v1.9.1