Parent Directory | Revision Log
add upstream patch to fix CVE-2017-6820
1 | --- roundcubemail-1.0.9/program/lib/Roundcube/rcube_utils.php.orig 2017-03-18 15:23:35.124352403 -0400 |
2 | +++ roundcubemail-1.0.9/program/lib/Roundcube/rcube_utils.php 2017-03-18 15:24:17.222227045 -0400 |
3 | @@ -550,6 +550,7 @@ class rcube_utils |
4 | $out = preg_replace_callback('/\\\([0-9a-f]{4})/i', |
5 | array(self, 'xss_entity_decode_callback'), $out); |
6 | $out = preg_replace('#/\*.*\*/#Ums', '', $out); |
7 | + $out = strip_tags($out); |
8 | |
9 | return $out; |
10 | } |
ViewVC Help | |
Powered by ViewVC 1.1.30 |