Hello,
if you apply this patch to the upstream IlohaMail-0.8.14-rc3 version,
it should display ilohamail1.msg correctly even when Show HTML messages
is on.
// Ulf Harnhammar
--- include/read_message_print.inc.old 2005-04-15 08:30:52.000000000 +0200
+++ include/read_message_print.inc 2006-03-26 20:54:40.000000000 +0200
@@ -102,6 +102,7 @@
$body=strip_tags($body,
'<a><b><i><u><p><br><font><div>');
}
$body =
eregi_replace("src=\"cid:",
"src=\"view.php?user=$user&folder=$folder&id=$id&cid=", $body);
+ sanitizeHTML($body);
echo $body;
}else{
/* quote colorization */
>From [EMAIL PROTECTED] Wed Apr 13 21:11:18 2005
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: ilohamail message #1
MIME-Version: 1.0
Content-type: text/html
Content-Transfer-Encoding: 7bit
<h1>ilohamail message #1</h1>
<b>ilohamail</b><br>
<a href="http://www.debian.org/";>Debian</a><br>
<script>alert("XSS!")</script>
