use ENT_SUBSTITUTE on htmlspecialchars to harden display of message as source

2024-10-07 10:42:31 +02:00 · 2015-04-02 08:49:28 +00:00 · 2015-04-02 08:49:28 +00:00 · 90200ea1ec
commit 90200ea1ec
parent 5a42714aee
1 changed files with 1 additions and 1 deletions
--- a/mail/inc/class.mail_ui.inc.php
+++ b/mail/inc/class.mail_ui.inc.php
@ -2595,7 +2595,7 @@ class mail_ui
 		else
 		{
 			html::safe_content_header($message, $subject.".eml", $mime='text/html', $size=0, true, false);
-			print '<pre>'. htmlspecialchars($message, ENT_NOQUOTES, 'utf-8') .'</pre>';
+			print '<pre>'. htmlspecialchars($message, ENT_NOQUOTES|ENT_SUBSTITUTE, 'utf-8') .'</pre>';
 		}
 	}