| Summary | unescaped html entities |
| Queue | IMP |
| Queue Version | HEAD |
| Type | Bug |
| State | Resolved |
| Priority | 2. Medium |
| Owners | selsky (at) columbia (dot) edu, slusarz (at) horde (dot) org |
| Requester | selsky (at) columbia (dot) edu |
| Created | 8/5/06 (7266 days ago) |
| Due | |
| Updated | 11/8/06 (7171 days ago) |
| Assigned | 11/4/06 (7175 days ago) |
| Resolved | 11/8/06 (7171 days ago) |
| Github Issue Link | |
| Github Pull Request | |
| Milestone | |
| Patch | No |
Assigned to Michael Slusarz
State ⇒ Resolved
Priority ⇒ 2. Medium
pop-up blocking enabled in Safari, "&actionID" is not escaped properly:
<a href="#"
onclick="popup_imp('/horde/imp/pgp.php?reload=%2Fhorde%2Fimp%2Fmessage.php%3Fmailbox%3D%252A%252Asearch_5quwy0lckx44ss440480ks%26amp%3Bindex%3D6595%26amp%3Bthismailbox%3DSent%2BMessages&actionID=open_passphrase_dialog',450,200); return false;" title="This message has been encrypted with PGP. You must enter the passphrase for your PGP private key before it can be decrypted.">You must enter the passphrase for your PGP private key to view this
message.</a>
State ⇒ Resolved
there is a hidden input set called "reload" with a value of:
<input type="hidden" name="reload"
value="/horde/imp/message.php?mailbox=%2A%2Asearch_1g35vp0dm3k0swc4ko0so4&index=19386&thismailbox=INBOX"
/>
&index and &thismailbox need to be escaped.
an unescaped entity "&reload".
State ⇒ Assigned
Priority ⇒ 1. Low
Type ⇒ Bug
Summary ⇒ unescaped html entities
Queue ⇒ IMP
State ⇒ Unconfirmed
there is a hidden input set called "reload" with a value of:
<input type="hidden" name="reload"
value="/horde/imp/message.php?mailbox=%2A%2Asearch_1g35vp0dm3k0swc4ko0so4&index=19386&thismailbox=INBOX"
/>
&index and &thismailbox need to be escaped.
Also, on the message page, before the passphrase is entered, there is
an unescaped entity "&reload".