[Tickets #7926] Re: Message option "Show All Headers" causes error
bugs at horde.org
bugs at horde.org
Fri Feb 20 12:53:48 UTC 2009
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/7926
------------------------------------------------------------------------------
Ticket | 7926
Updated By | Chuck Hagenbuch <chuck at horde.org>
Summary | Message option "Show All Headers" causes error
Queue | IMP
Version | 4.3.3
Type | Bug
State | Feedback
Priority | 2. Medium
Milestone |
Patch |
Owners | Horde Developers, Michael Slusarz
------------------------------------------------------------------------------
Chuck Hagenbuch <chuck at horde.org> (2009-02-20 07:53) wrote:
> I am not following you here... Are you talking about the current
> code or potential future code? Because for current code, the only
> reason the html-entity detection (&) detection is in there is to
> allow successive calls to Util::addParameter() rather than any kind
> of security checking.
I'm talking about the current code, because it *is* a security check -
if you expect URLs to be encoded, but based on user input, they might
not be, that's a problem.
More information about the bugs
mailing list