use ENT_SUBSTITUTE on htmlspecialchars to harden display of message as source

This commit is contained in:
Klaus Leithoff 2015-04-02 08:48:34 +00:00
parent ed092a5887
commit e3d4a685af

View File

@ -2611,7 +2611,7 @@ class mail_ui
else else
{ {
html::safe_content_header($message, $subject.".eml", $mime='text/html', $size=0, true, false); html::safe_content_header($message, $subject.".eml", $mime='text/html', $size=0, true, false);
print '<pre>'. htmlspecialchars($message, ENT_NOQUOTES, 'utf-8') .'</pre>'; print '<pre>'. htmlspecialchars($message, ENT_NOQUOTES|ENT_SUBSTITUTE, 'utf-8') .'</pre>';
} }
} }