diff options
Diffstat (limited to 'mail/roundcube/files/patch-CVE-2016-5103')
| -rw-r--r-- | mail/roundcube/files/patch-CVE-2016-5103 | 19 |
1 files changed, 0 insertions, 19 deletions
diff --git a/mail/roundcube/files/patch-CVE-2016-5103 b/mail/roundcube/files/patch-CVE-2016-5103 deleted file mode 100644 index 0014f6676fb8..000000000000 --- a/mail/roundcube/files/patch-CVE-2016-5103 +++ /dev/null @@ -1,19 +0,0 @@ -commit 6652367d656de7e5f404935be04e10aa281add53 -Author: Aleksander Machniak <alec@alec.pl> -Date: Fri May 6 08:28:15 2016 +0200 - - Fix XSS issue in href attribute on area tag (#5240, #5241) - -diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php -index 5938d9b..d03f04a 100644 ---- program/lib/Roundcube/rcube_washtml.php -+++ program/lib/Roundcube/rcube_washtml.php -@@ -370,7 +370,7 @@ class rcube_washtml - */ - private function is_link_attribute($tag, $attr) - { -- return $tag == 'a' && $attr == 'href'; -+ return ($tag == 'a' || $tag == 'area') && $attr == 'href'; - } - - /** |