From e3d4a685af012a839d840ca03482270dfbe5640b Mon Sep 17 00:00:00 2001 From: Klaus Leithoff Date: Thu, 2 Apr 2015 08:48:34 +0000 Subject: [PATCH] use ENT_SUBSTITUTE on htmlspecialchars to harden display of message as source --- mail/inc/class.mail_ui.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mail/inc/class.mail_ui.inc.php b/mail/inc/class.mail_ui.inc.php index 4e72b41d83..2531225496 100644 --- a/mail/inc/class.mail_ui.inc.php +++ b/mail/inc/class.mail_ui.inc.php @@ -2611,7 +2611,7 @@ class mail_ui else { html::safe_content_header($message, $subject.".eml", $mime='text/html', $size=0, true, false); - print '
'. htmlspecialchars($message, ENT_NOQUOTES, 'utf-8') .'
'; + print '
'. htmlspecialchars($message, ENT_NOQUOTES|ENT_SUBSTITUTE, 'utf-8') .'
'; } }