use purify to clean potential malicious content out of msg/message

2025-01-22 05:49:03 +01:00 · 2010-04-23 09:38:12 +00:00 · 2010-04-23 09:38:12 +00:00 · 3377fbf6c6
commit 3377fbf6c6
parent 4bde0157f8
1 changed files with 2 additions and 2 deletions
--- a/felamimail/inc/class.uifelamimail.inc.php
+++ b/felamimail/inc/class.uifelamimail.inc.php
@ -452,8 +452,8 @@
 		function viewMainScreen()
 		{
 			// get passed messages
-			if (!empty($_GET["msg"])) $message[] = $_GET["msg"];
-			if (!empty($_GET["message"])) $message[] = $_GET["message"];
+			if (!empty($_GET["msg"])) $message[] = html::purify($_GET["msg"]);
+			if (!empty($_GET["message"])) $message[] = html::purify($_GET["message"]);
 			unset($_GET["msg"]);
 			unset($_GET["message"]);
 			#printf ("this->uifelamimail->viewMainScreen() start: %s<br>",date("H:i:s",mktime()));