Mirrors/roundcubemail
2
0
Fork 0
mirror of https://github.com/roundcube/roundcubemail.git synced 2026-03-09 01:26:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix HTTP User-Agent XSS vulnerability (#1488737)

Browse Source
This commit is contained in:
Thomas Bruederli
2012-10-04 16:59:37 +02:00
parent 0c1005da3f
commit 95d2892686
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
program/steps/utils/error.inc
View File

@@ -5,7 +5,7 @@
| program/steps/utils/error.inc |
| |
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2005-2011, The Roundcube Dev Team |
| Copyright (C) 2005-2012, The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
@@ -23,11 +23,11 @@ $rcmail = rcmail::get_instance();
// browser is not compatible with this application
if ($ERROR_CODE==409) {
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$user_agent = htmlentities($_SERVER['HTTP_USER_AGENT']);
$__error_title = 'Your browser does not suit the requirements for this application';
$__error_text = <<<EOF
<i>Supported browsers:</i><br />
&raquo; &nbsp;Microsoft Internet Explorer 6+<br />
&raquo; &nbsp;Microsoft Internet Explorer 7+<br />
&raquo; &nbsp;Mozilla Firefox 3+<br />
&raquo; &nbsp;Chrome 10+<br />
&raquo; &nbsp;Safari 4+<br />