diff -up squirrelmail-1.4.8/functions/mime.php.CVE-2011-2023 squirrelmail-1.4.8/functions/mime.php --- squirrelmail-1.4.8/functions/mime.php.CVE-2011-2023 2011-09-14 16:54:02.734818366 +0200 +++ squirrelmail-1.4.8/functions/mime.php 2011-09-14 16:55:21.590480575 +0200 @@ -2092,6 +2092,15 @@ function sq_sanitize($body, list($free_content, $curpos) = sq_fixstyle($body, $gt+1, $message, $id, $mailbox); if ($free_content != FALSE){ + $attary = sq_fixatts($tagname, + $attary, + $rm_attnames, + $bad_attvals, + $add_attr_to_tag, + $message, + $id, + $mailbox + ); $trusted .= sq_tagprint($tagname, $attary, $tagtype); $trusted .= $free_content; $trusted .= sq_tagprint($tagname, false, 2); @@ -2496,4 +2505,4 @@ function SendDownloadHeaders($type0, $ty } // end fn SendDownloadHeaders -?> \ No newline at end of file +?>