use ENT_SUBSTITUTE on htmlspecialchars to harden display of message as source

This commit is contained in:
Klaus Leithoff 2015-04-02 08:49:28 +00:00
parent 5a42714aee
commit 90200ea1ec

View File

@ -2595,7 +2595,7 @@ class mail_ui
else
{
html::safe_content_header($message, $subject.".eml", $mime='text/html', $size=0, true, false);
print '<pre>'. htmlspecialchars($message, ENT_NOQUOTES, 'utf-8') .'</pre>';
print '<pre>'. htmlspecialchars($message, ENT_NOQUOTES|ENT_SUBSTITUTE, 'utf-8') .'</pre>';
}
}