extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-02-23 05:41:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixing the fix: explicitly disallowing "javascript:" url's to be used as menuaction: fixes not working add email links in the addressbook popup for FMail

Browse Source
This commit is contained in:
Ralf Becker 2006-11-13 11:59:59 +00:00
parent e0e16ab18d
commit 084b53971c
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
phpgwapi/inc/class.html.inc.php
View File

@ -1005,7 +1005,7 @@ class html
$vars = $url;
$url = '/index.php';
}
elseif (!strstr($url,'/') && count(explode('.',$url)) >= 3 && !(strstr($url,'mailto:') || strstr($url,'://')))
elseif (!strstr($url,'/') && count(explode('.',$url)) >= 3 && !(strstr($url,'mailto:') || strstr($url,'://') || strstr($url,'javascript:')))
{
$url = "/index.php?menuaction=$url";
}