From 197203727417a03d87053a47e5aa5175a76e3e0b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 17 Oct 2013 04:24:53 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/steps/mail/func.inc |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 6cb7b75..84d2dd8 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -743,7 +743,9 @@
   else if ($data['type'] == 'enriched') {
     $part->ctype_secondary = 'html';
     require_once(INSTALL_PATH . 'program/lib/enriched.inc');
-    $body = Q(enriched_to_html($data['body']), 'show');
+    $body = enriched_to_html($data['body']);
+    $body = rcmail_wash_html($body, $data, $part->replaces);
+    $part->ctype_secondary = 'html';
   }
   else {
     // assert plaintext

--
Gitblit v1.9.1