From acf633c73bc8df9a5036bc52d7568f4213ab73c7 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 06 May 2016 02:32:01 -0400
Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241)

---
 plugins/additional_message_headers/additional_message_headers.php |   20 +++++++++++++++++++-
 1 files changed, 19 insertions(+), 1 deletions(-)

diff --git a/plugins/additional_message_headers/additional_message_headers.php b/plugins/additional_message_headers/additional_message_headers.php
index 58e4d41..5c07ec8 100644
--- a/plugins/additional_message_headers/additional_message_headers.php
+++ b/plugins/additional_message_headers/additional_message_headers.php
@@ -30,7 +30,25 @@
         $additional_headers = $rcube->config->get('additional_message_headers', array());
 
         if (!empty($additional_headers)) {
-            $args['message']->headers($additional_headers, true);
+            // Mail_mime >= 1.9.0
+            if (method_exists($message, 'isMultipart')) {
+                $args['message']->headers($additional_headers, true);
+            }
+            else {
+                $headers = $args['message']->headers();
+
+                foreach ((array) $additional_headers as $header => $value) {
+                    if ($value === null) {
+                        unset($headers[$header]);
+                    }
+                    else {
+                        $headers[$header] = $value;
+                    }
+                }
+
+                $args['message']->_headers = array();
+                $args['message']->headers($headers);
+            }
         }
 
         return $args;

--
Gitblit v1.9.1