| Summary | unescaped html entities |
| Queue | IMP |
| Queue Version | HEAD |
| Type | Bug |
| State | Resolved |
| Priority | 2. Medium |
| Owners | Matt Selsky <selsky (at) columbia (dot) edu>, Michael Slusarz <slusarz (at) horde (dot) org> |
| Requester | Matt Selsky <selsky (at) columbia (dot) edu> |
| Created | 08/05/2006 (802 days ago) |
| Due | |
| Updated | 11/08/2006 (707 days ago) |
| Assigned | 11/04/2006 (711 days ago) |
| Resolved | 11/08/2006 (707 days ago) |
| Attachments | |
| Milestone | |
| Patch | No |
State ⇒ Resolved
Assigned to Michael Slusarz
Priority ⇒ 2. Medium
pop-up blocking enabled in Safari, "&actionID" is not escaped properly:
<a href="#"
onclick="popup_imp('/horde/imp/pgp.php?reload=%2Fhorde%2Fimp%2Fmessage.php%3Fmailbox%3D%252A%252Asearch_5quwy0lckx44ss440480ks%26amp%3Bindex%3D6595%26amp%3Bthismailbox%3DSent%2BMessages&actionID=open_passphrase_dialog',450,200); return false;" title="This message has been encrypted with PGP. You must enter the passphrase for your PGP private key before it can be decrypted.">You must enter the passphrase for your PGP private key to view this
message.</a>
State ⇒ Resolved
there is a hidden input set called "reload" with a value of:
<input type="hidden" name="reload"
value="/horde/imp/message.php?mailbox=%2A%2Asearch_1g35vp0dm3k0swc4ko0so4&index=19386&thismailbox=INBOX"
/>
&index and &thismailbox need to be escaped.
an unescaped entity "&reload".
Assigned to Matt Selsky
Queue ⇒ IMP
State ⇒ Unconfirmed
Summary ⇒ unescaped html entities
Priority ⇒ 1. Low
Type ⇒ Bug
there is a hidden input set called "reload" with a value of:
<input type="hidden" name="reload"
value="/horde/imp/message.php?mailbox=%2A%2Asearch_1g35vp0dm3k0swc4ko0so4&index=19386&thismailbox=INBOX"
/>
&index and &thismailbox need to be escaped.
Also, on the message page, before the passphrase is entered, there is
an unescaped entity "&reload".