[Tickets #7926] Re: Message option "Show All Headers" causes error

bugs at horde.org bugs at horde.org
Fri Feb 20 05:25:40 UTC 2009


DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/7926
------------------------------------------------------------------------------
  Ticket             | 7926
  Updated By         | Michael Slusarz <slusarz at horde.org>
  Summary            | Message option "Show All Headers" causes error
  Queue              | IMP
  Version            | 4.3.3
  Type               | Bug
  State              | Feedback
  Priority           | 2. Medium
  Milestone          |
  Patch              |
  Owners             | Horde Developers, Michael Slusarz
------------------------------------------------------------------------------


Michael Slusarz <slusarz at horde.org> (2009-02-20 00:25) wrote:

> Theoretically I agree. Realistically, though, we shouldn't be letting
> through potentially unencoded data, but we also have this encoding
> detection that tries to see if a URL is already html-entity encoded.
> Do you see any way to reconcile that?

I am not following you here...  Are you talking about the current code  
or potential future code?  Because for current code, the only reason  
the html-entity detection (&amp) detection is in there is to allow  
successive calls to Util::addParameter() rather than any kind of  
security checking.






More information about the bugs mailing list