[Tickets #4253] NEW: unescaped html entities
bugs@bugs.horde.org
bugs at bugs.horde.org
Fri Aug 4 21:41:22 PDT 2006
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: https://dev.horde.org/horde/whups/ticket/?id=4253
-----------------------------------------------------------------------
Ticket | 4253
Created By | Matt Selsky <selsky at columbia.edu>
Summary | unescaped html entities
Queue | IMP
Version | HEAD
Type | Bug
State | Unconfirmed
Priority | 1. Low
Owners |
-----------------------------------------------------------------------
Matt Selsky <selsky at columbia.edu> (2006-08-04 21:41) wrote:
On the PGP passphrase pop-up page, if you get the passphrase wrong, there
is a hidden input set called "reload" with a value of:
<input type="hidden" name="reload"
value="/horde/imp/message.php?mailbox=%2A%2Asearch_1g35vp0dm3k0swc4ko0so4&index=19386&thismailbox=INBOX"
/>
&index and &thismailbox need to be escaped.
Also, on the message page, before the passphrase is entered, there is an
unescaped entity "&reload".
More information about the bugs
mailing list