extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2025-04-17 12:38:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

fixing the fix: explicitly disallowing "javascript:" url's to be used as menuaction: fixes not working add email links in the addressbook popup for FMail

Browse Source
This commit is contained in:
Ralf Becker 2006-11-13 11:59:59 +00:00
parent e0e16ab18d
commit 084b53971c
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
phpgwapi/inc/class.html.inc.php
View File

@ -1005,7 +1005,7 @@ class html
$vars = $url; $vars = $url;
$url = '/index.php'; $url = '/index.php';
} }
elseif (!strstr($url,'/') && count(explode('.',$url)) >= 3 && !(strstr($url,'mailto:') || strstr($url,'://'))) elseif (!strstr($url,'/') && count(explode('.',$url)) >= 3 && !(strstr($url,'mailto:') || strstr($url,'://') || strstr($url,'javascript:')))
{ {
$url = "/index.php?menuaction=$url"; $url = "/index.php?menuaction=$url";
} }