From 084b53971c5b204607c44ad79b27db2bc8f0537e Mon Sep 17 00:00:00 2001
From: Ralf Becker <ralfbecker@outdoor-training.de>
Date: Mon, 13 Nov 2006 11:59:59 +0000
Subject: [PATCH] fixing the fix: explicitly disallowing "javascript:" url's to
 be used as menuaction: fixes not working add email links in the addressbook
 popup for FMail

---
 phpgwapi/inc/class.html.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/phpgwapi/inc/class.html.inc.php b/phpgwapi/inc/class.html.inc.php
index 1694c2e2cc..0c36cd4bf6 100644
--- a/phpgwapi/inc/class.html.inc.php
+++ b/phpgwapi/inc/class.html.inc.php
@@ -1005,7 +1005,7 @@ class html
 			$vars = $url;
 			$url = '/index.php';
 		}
-		elseif (!strstr($url,'/') && count(explode('.',$url)) >= 3 && !(strstr($url,'mailto:') || strstr($url,'://')))
+		elseif (!strstr($url,'/') && count(explode('.',$url)) >= 3 && !(strstr($url,'mailto:') || strstr($url,'://') || strstr($url,'javascript:')))
 		{
 			$url = "/index.php?menuaction=$url";
 		}