[Tickets #7926] Re: Message option "Show All Headers" causes error
bugs at horde.org
bugs at horde.org
Fri Feb 20 05:25:40 UTC 2009
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/7926
------------------------------------------------------------------------------
Ticket | 7926
Updated By | Michael Slusarz <slusarz at horde.org>
Summary | Message option "Show All Headers" causes error
Queue | IMP
Version | 4.3.3
Type | Bug
State | Feedback
Priority | 2. Medium
Milestone |
Patch |
Owners | Horde Developers, Michael Slusarz
------------------------------------------------------------------------------
Michael Slusarz <slusarz at horde.org> (2009-02-20 00:25) wrote:
> Theoretically I agree. Realistically, though, we shouldn't be letting
> through potentially unencoded data, but we also have this encoding
> detection that tries to see if a URL is already html-entity encoded.
> Do you see any way to reconcile that?
I am not following you here... Are you talking about the current code
or potential future code? Because for current code, the only reason
the html-entity detection (&) detection is in there is to allow
successive calls to Util::addParameter() rather than any kind of
security checking.
More information about the bugs
mailing list