diff -up squirrelmail-1.4.8/functions/mime.php.CVE-2008-2379 squirrelmail-1.4.8/functions/mime.php --- squirrelmail-1.4.8/functions/mime.php.CVE-2008-2379 2008-12-01 11:31:08.091364591 +0100 +++ squirrelmail-1.4.8/functions/mime.php 2008-12-01 12:29:26.111156027 +0100 @@ -1739,6 +1739,8 @@ function sq_fix_url($attname, &$attvalue $attvalue = $sQuote . SM_PATH . 'images/blank.png'. $sQuote; } } + } else { + $attvalue = $sQuote . $attvalue . $sQuote; } break; case 'outbind': @@ -1747,13 +1749,13 @@ function sq_fix_url($attname, &$attvalue * One day MS might actually make it match something useful, for now, falling * back to using cid2http, so we can grab the blank.png. */ - $attvalue = sq_cid2http($message, $id, $attvalue, $mailbox); + $attvalue = $sQuote . sq_cid2http($message, $id, $attvalue, $mailbox) . $sQuote; break; case 'cid': /** * Turn cid: urls into http-friendly ones. */ - $attvalue = sq_cid2http($message, $id, $attvalue, $mailbox); + $attvalue = $sQuote . sq_cid2http($message, $id, $attvalue, $mailbox) . $sQuote; break; default: $attvalue = $sQuote . SM_PATH . 'images/blank.png' . $sQuote;