diff -up squirrelmail-1.4.8/functions/mime.php.CVE-2008-2379 squirrelmail-1.4.8/functions/mime.php
--- squirrelmail-1.4.8/functions/mime.php.CVE-2008-2379 2008-12-01 11:31:08.091364591 +0100
+++ squirrelmail-1.4.8/functions/mime.php 2008-12-01 12:29:26.111156027 +0100
@@ -1739,6 +1739,8 @@ function sq_fix_url($attname, &$attvalue
$attvalue = $sQuote . SM_PATH . 'images/blank.png'. $sQuote;
}
}
+ } else {
+ $attvalue = $sQuote . $attvalue . $sQuote;
}
break;
case 'outbind':
@@ -1747,13 +1749,13 @@ function sq_fix_url($attname, &$attvalue
* One day MS might actually make it match something useful, for now, falling
* back to using cid2http, so we can grab the blank.png.
*/
- $attvalue = sq_cid2http($message, $id, $attvalue, $mailbox);
+ $attvalue = $sQuote . sq_cid2http($message, $id, $attvalue, $mailbox) . $sQuote;
break;
case 'cid':
/**
* Turn cid: urls into http-friendly ones.
*/
- $attvalue = sq_cid2http($message, $id, $attvalue, $mailbox);
+ $attvalue = $sQuote . sq_cid2http($message, $id, $attvalue, $mailbox) . $sQuote;
break;
default:
$attvalue = $sQuote . SM_PATH . 'images/blank.png' . $sQuote;
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
990dbf0cedc5e7df39833eaf1ef25821
>
files
>
11
