From 7f71a4b8f899b2213216f76c4a39fcf6d50de9c7 Mon Sep 17 00:00:00 2001
From: Ilia <gpg@ilia.engineer>
Date: Mon, 13 Jun 2022 11:38:58 +0300
Subject: [PATCH] Add missed patch to address XSS (in Usermin)

---
 mailboxes/folders-lib.pl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mailboxes/folders-lib.pl b/mailboxes/folders-lib.pl
index 115e41031..998099d79 100755
--- a/mailboxes/folders-lib.pl
+++ b/mailboxes/folders-lib.pl
@@ -2533,7 +2533,7 @@ foreach my $f (@$folders) {
 			}
 		}
 	push(@opts, [ $byid ? &folder_name($f) : $f->{'index'},
-		      $f->{'name'}.$umsg ]);
+		      &html_escape($f->{'name'}).$umsg ]);
 	}
 return &ui_select($name, $byid ? &folder_name($folder) : $folder->{'index'},
 		  \@opts, 1, 0, 0, 0, $auto ? "onChange='form.submit()'" : "");