bug-1390: added escaping wit htmlspecialchars function and encoding UTF-8 bug-1390
authorINOPIAE <inopiae@cacert.org>
Wed, 22 Jul 2015 18:43:26 +0000 (20:43 +0200)
committerINOPIAE <inopiae@cacert.org>
Wed, 22 Jul 2015 20:19:09 +0000 (22:19 +0200)
manager/application/views/scripts/mail/read.phtml

index ac6c183..21ac131 100644 (file)
@@ -7,4 +7,4 @@ $this->headLink()->appendStylesheet('/css/mail.css');
 ?>\r
 <H1><?php print I18n::_('Read Mail'); ?></H1>\r
 <?php\r
-print nl2br(quoted_printable_decode($this->mail_body));\r
+print nl2br(htmlspecialchars(quoted_printable_decode($this->mail_body), ENT_QUOTES | ENT_SUBSTITUTE, 'UTF-8'));\r