]> git.pld-linux.org Git - packages/squirrelmail.git/blame - sqm-144-xss.patch
projects / packages / squirrelmail.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- rel 1, works
[packages/squirrelmail.git] / sqm-144-xss.patch
CommitLineData
401c2ccb 1diff -urw squirrelmail-1.4.4.orig/functions/addressbook.php squirrelmail-1.4.4/functions/addressbook.php
2--- squirrelmail-1.4.4.orig/functions/addressbook.php Mon Dec 27 16:03:42 2004
3+++ squirrelmail-1.4.4/functions/addressbook.php Wed Jun 15 23:50:03 2005
4@@ -108,7 +108,7 @@
5 if (!$r && $showerr) {
6 printf( ' ' . _("Error initializing LDAP server %s:") .
7 "<br />\n", $param['host']);
8- echo '&nbsp;' . $abook->error;
9+ echo '&nbsp;' . htmlspecialchars($abook->error);
10 exit;
11 }
12 }
13@@ -239,7 +239,7 @@
14 if (is_array($res)) {
15 $ret = array_merge($ret, $res);
16 } else {
17- $this->error .= "<br />\n" . $backend->error;
18+ $this->error .= "\n" . $backend->error;
19 $failed++;
20 }
21 }
22@@ -255,7 +255,7 @@
23
24 $ret = $this->backends[$bnum]->search($expression);
25 if (!is_array($ret)) {
26- $this->error .= "<br />\n" . $this->backends[$bnum]->error;
27+ $this->error .= "\n" . $this->backends[$bnum]->error;
28 $ret = FALSE;
29 }
30 }
31diff -urw squirrelmail-1.4.4.orig/functions/mime.php squirrelmail-1.4.4/functions/mime.php
32--- squirrelmail-1.4.4.orig/functions/mime.php Mon Jan 10 19:52:48 2005
33+++ squirrelmail-1.4.4/functions/mime.php Wed Jun 15 23:50:03 2005
34@@ -1388,12 +1388,33 @@
35 }
36 }
37 }
38+
39+ /**
40+ * Replace empty src tags with the blank image. src is only used
41+ * for frames, images, and image inputs. Doing a replace should
42+ * not affect them working as should be, however it will stop
43+ * IE from being kicked off when src for img tags are not set
44+ */
45+ if (($attname == 'src') && ($attvalue == '""')) {
46+ $attary{$attname} = '"' . SM_PATH . 'images/blank.png"';
47+ }
48+
49 /**
50 * Turn cid: urls into http-friendly ones.
51 */
52 if (preg_match("/^[\'\"]\s*cid:/si", $attvalue)){
53 $attary{$attname} = sq_cid2http($message, $id, $attvalue, $mailbox);
54 }
55+
56+ /**
57+ * "Hack" fix for Outlook using propriatary outbind:// protocol in img tags.
58+ * One day MS might actually make it match something useful, for now, falling
59+ * back to using cid2http, so we can grab the blank.png.
60+ */
61+ if (preg_match("/^[\'\"]\s*outbind:\/\//si", $attvalue)) {
62+ $attary{$attname} = sq_cid2http($message, $id, $attvalue, $mailbox);
63+ }
64+
65 }
66 /**
67 * See if we need to append any attributes to this tag.
68@@ -1408,7 +1429,7 @@
69
70 /**
71 * This function edits the style definition to make them friendly and
72- * usable in squirrelmail.
73+ * usable in SquirrelMail.
74 *
75 * @param $message the message object
76 * @param $id the message id
77@@ -1436,27 +1457,54 @@
78 /**
79 * Fix url('blah') declarations.
80 */
81- $content = preg_replace("|url\s*\(\s*([\'\"])\s*\S+script\s*:.*?([\'\"])\s*\)|si",
82- "url(\\1$secremoveimg\\2)", $content);
83+ // $content = preg_replace("|url\s*\(\s*([\'\"])\s*\S+script\s*:.*?([\'\"])\s*\)|si",
84+ // "url(\\1$secremoveimg\\2)", $content);
85+ // remove NUL
86+ $content = str_replace("\0", "", $content);
87+ // NB I insert NUL characters to keep to avoid an infinite loop. They are removed after the loop.
88+ while (preg_match("/url\s*\(\s*[\'\"]?([^:]+):(.*)?[\'\"]?\s*\)/si", $content, $matches)) {
89+ $sProto = strtolower($matches[1]);
90+ switch ($sProto) {
91 /**
92 * Fix url('https*://.*) declarations but only if $view_unsafe_images
93 * is false.
94 */
95+ case 'https':
96+ case 'http':
97 if (!$view_unsafe_images){
98- $content = preg_replace("|url\s*\(\s*([\'\"])\s*https*:.*?([\'\"])\s*\)|si",
99- "url(\\1$secremoveimg\\2)", $content);
100+ $sExpr = "/url\s*\(\s*([\'\"])\s*$sProto*:.*?([\'\"])\s*\)/si";
101+ $content = preg_replace($sExpr, "u\0r\0l(\\1$secremoveimg\\2)", $content);
102 }
103-
104+ break;
105 /**
106 * Fix urls that refer to cid:
107 */
108- while (preg_match("|url\s*\(\s*([\'\"]\s*cid:.*?[\'\"])\s*\)|si",
109- $content, $matches)){
110- $cidurl = $matches{1};
111+ case 'cid':
112+ $cidurl = 'cid:'. $matches[2];
113 $httpurl = sq_cid2http($message, $id, $cidurl, $mailbox);
114 $content = preg_replace("|url\s*\(\s*$cidurl\s*\)|si",
115- "url($httpurl)", $content);
116+ "u\0r\0l($httpurl)", $content);
117+ break;
118+ default:
119+ /**
120+ * replace url with protocol other then the white list
121+ * http,https and cid by an empty string.
122+ */
123+ $content = preg_replace("/url\s*\(\s*[\'\"]?([^:]+):(.*)?[\'\"]?\s*\)/si",
124+ "", $content);
125+ break;
126 }
127+ break;
128+ }
129+ // remove NUL
130+ $content = str_replace("\0", "", $content);
131+
132+ /**
133+ * Remove any backslashes, entities, and extraneous whitespace.
134+ */
135+ $contentTemp = $content;
136+ sq_defang($contentTemp);
137+ sq_unspace($contentTemp);
138
139 /**
140 * Fix stupid css declarations which lead to vulnerabilities
141@@ -1467,10 +1515,16 @@
142 '/binding/i',
143 '/include-source/i');
144 $replace = Array('idiocy', 'idiocy', 'idiocy', 'idiocy');
145- $content = preg_replace($match, $replace, $content);
146+ $contentNew = preg_replace($match, $replace, $contentTemp);
147+ if ($contentNew !== $contentTemp) {
148+ // insecure css declarations are used. From now on we don't care
149+ // anymore if the css is destroyed by sq_deent, sq_unspace or sq_unbackslash
150+ $content = $contentNew;
151+ }
152 return array($content, $newpos);
153 }
154
155+
156 /**
157 * This function converts cid: url's into the ones that can be viewed in
158 * the browser.
159@@ -1492,15 +1546,46 @@
160 $quotchar = '';
161 }
162 $cidurl = substr(trim($cidurl), 4);
163+
164+ $match_str = '/\{.*?\}\//';
165+ $str_rep = '';
166+ $cidurl = preg_replace($match_str, $str_rep, $cidurl);
167+
168 $linkurl = find_ent_id($cidurl, $message);
169 /* in case of non-save cid links $httpurl should be replaced by a sort of
170 unsave link image */
171 $httpurl = '';
172- if ($linkurl) {
173+
174+ /**
175+ * This is part of a fix for Outlook Express 6.x generating
176+ * cid URLs without creating content-id headers. These images are
177+ * not part of the multipart/related html mail. The html contains
178+ * <img src="cid:{some_id}/image_filename.ext"> references to
179+ * attached images with as goal to render them inline although
180+ * the attachment disposition property is not inline.
181+ */
182+
183+ if (empty($linkurl)) {
184+ if (preg_match('/{.*}\//', $cidurl)) {
185+ $cidurl = preg_replace('/{.*}\//','', $cidurl);
186+ if (!empty($cidurl)) {
187+ $linkurl = find_ent_id($cidurl, $message);
188+ }
189+ }
190+ }
191+
192+ if (!empty($linkurl)) {
193 $httpurl = $quotchar . SM_PATH . 'src/download.php?absolute_dl=true&amp;' .
194 "passed_id=$id&amp;mailbox=" . urlencode($mailbox) .
195 '&amp;ent_id=' . $linkurl . $quotchar;
196+ } else {
197+ /**
198+ * If we couldn't generate a proper img url, drop in a blank image
199+ * instead of sending back empty, otherwise it causes unusual behaviour
200+ */
201+ $httpurl = $quotchar . SM_PATH . 'images/blank.png';
202 }
203+
204 return $httpurl;
205 }
206
207@@ -1526,8 +1611,7 @@
208 $attvalue = str_replace($quotchar, "", $attvalue);
209 switch ($attname){
210 case 'background':
211- $attvalue = sq_cid2http($message, $id,
212- $attvalue, $mailbox);
213+ $attvalue = sq_cid2http($message, $id, $attvalue, $mailbox);
214 $styledef .= "background-image: url('$attvalue'); ";
215 break;
216 case 'bgcolor':
217@@ -1754,6 +1838,7 @@
218 "embed",
219 "title",
220 "frameset",
221+ "xmp",
222 "xml"
223 );
224
225@@ -1761,7 +1846,8 @@
226 "img",
227 "br",
228 "hr",
229- "input"
230+ "input",
231+ "outbind"
232 );
233
234 $force_tag_closing = true;
235@@ -1816,6 +1902,7 @@
236 "/binding/i",
237 "/behaviou*r/i",
238 "/include-source/i",
239+ "/position\s*:\s*absolute/i",
240 "/url\s*\(\s*([\'\"])\s*\S+script\s*:.*([\'\"])\s*\)/si",
241 "/url\s*\(\s*([\'\"])\s*mocha\s*:.*([\'\"])\s*\)/si",
242 "/url\s*\(\s*([\'\"])\s*about\s*:.*([\'\"])\s*\)/si",
243@@ -1826,6 +1913,7 @@
244 "idiocy",
245 "idiocy",
246 "idiocy",
247+ "",
248 "url(\\1#\\1)",
249 "url(\\1#\\1)",
250 "url(\\1#\\1)",
251@@ -1856,7 +1944,7 @@
252
253 $add_attr_to_tag = Array(
254 "/^a$/i" =>
255- Array('target'=>'"_new"',
256+ Array('target'=>'"_blank"',
257 'title'=>'"'._("This external link will open in a new window").'"'
258 )
259 );
260diff -urw squirrelmail-1.4.4.orig/functions/page_header.php squirrelmail-1.4.4/functions/page_header.php
261--- squirrelmail-1.4.4.orig/functions/page_header.php Mon Dec 27 22:08:58 2004
262+++ squirrelmail-1.4.4/functions/page_header.php Wed Jun 15 23:50:03 2005
263@@ -275,6 +275,7 @@
264 : html_tag( 'td', '', 'left' ) )
265 . "\n";
266 $urlMailbox = urlencode($mailbox);
267+ $startMessage = (int)$startMessage;
268 echo makeComposeLink('src/compose.php?mailbox='.$urlMailbox.'&amp;startMessage='.$startMessage);
269 echo "&nbsp;&nbsp;\n";
270 displayInternalLink ('src/addressbook.php', _("Addresses"));
271diff -urw squirrelmail-1.4.4.orig/plugins/calendar/calendar.php squirrelmail-1.4.4/plugins/calendar/calendar.php
272--- squirrelmail-1.4.4.orig/plugins/calendar/calendar.php Mon Dec 27 16:03:49 2004
273+++ squirrelmail-1.4.4/plugins/calendar/calendar.php Wed Jun 15 23:51:15 2005
274@@ -28,17 +28,17 @@
275 require_once(SM_PATH . 'functions/html.php');
276
277 /* get globals */
278-
279-if (isset($_GET['month'])) {
280+unset($month, $year);
281+if (isset($_GET['month']) && is_numeric($_GET['month'])) {
282 $month = $_GET['month'];
283 }
284-if (isset($_GET['year'])) {
285+if (isset($_GET['year']) && is_numeric($_GET['year'])) {
286 $year = $_GET['year'];
287 }
288-if (isset($_POST['year'])) {
289+if (isset($_POST['year']) && is_numeric($_POST['year'])) {
290 $year = $_POST['year'];
291 }
292-if (isset($_POST['month'])) {
293+if (isset($_POST['month']) && is_numeric($_POST['month'])) {
294 $month = $_POST['month'];
295 }
296 /* got 'em */
297diff -urw squirrelmail-1.4.4.orig/plugins/calendar/day.php squirrelmail-1.4.4/plugins/calendar/day.php
298--- squirrelmail-1.4.4.orig/plugins/calendar/day.php Mon Dec 27 16:03:49 2004
299+++ squirrelmail-1.4.4/plugins/calendar/day.php Wed Jun 15 23:51:52 2005
300@@ -29,22 +29,23 @@
301 require_once(SM_PATH . 'functions/html.php');
302
303 /* get globals */
304-if (isset($_GET['year'])) {
305+unset($year, $month, $day);
306+if (isset($_GET['year']) && is_numeric($_GET['year'])) {
307 $year = $_GET['year'];
308 }
309-elseif (isset($_POST['year'])) {
310+elseif (isset($_POST['year']) && is_numeric($_POST['year'])) {
311 $year = $_POST['year'];
312 }
313-if (isset($_GET['month'])) {
314+if (isset($_GET['month']) && is_numeric($_GET['month'])) {
315 $month = $_GET['month'];
316 }
317-elseif (isset($_POST['month'])) {
318+elseif (isset($_POST['month']) && is_numeric($_POST['month'])) {
319 $month = $_POST['month'];
320 }
321-if (isset($_GET['day'])) {
322+if (isset($_GET['day']) && is_numeric($_GET['day'])) {
323 $day = $_GET['day'];
324 }
325-elseif (isset($_POST['day'])) {
326+elseif (isset($_POST['day']) && is_numeric($_POST['day'])) {
327 $day = $_POST['day'];
328 }
329
330diff -urw squirrelmail-1.4.4.orig/plugins/calendar/event_create.php squirrelmail-1.4.4/plugins/calendar/event_create.php
331--- squirrelmail-1.4.4.orig/plugins/calendar/event_create.php Mon Dec 27 16:03:49 2004
332+++ squirrelmail-1.4.4/plugins/calendar/event_create.php Wed Jun 15 23:52:34 2005
333@@ -28,41 +28,42 @@
334 require_once(SM_PATH . 'functions/html.php');
335
336 /* get globals */
337-
338-if (isset($_POST['year'])) {
339+unset($year, $month, $day, $hour, $event_hour, $event_minute,
340+ $event_length, $event_priority);
341+if (isset($_POST['year']) && is_numeric($_POST['year'])) {
342 $year = $_POST['year'];
343 }
344-elseif (isset($_GET['year'])) {
345+elseif (isset($_GET['year']) && is_numeric($_GET['year'])) {
346 $year = $_GET['year'];
347 }
348-if (isset($_POST['month'])) {
349+if (isset($_POST['month']) && is_numeric($_POST['month'])) {
350 $month = $_POST['month'];
351 }
352-elseif (isset($_GET['month'])) {
353+elseif (isset($_GET['month']) && is_numeric($_GET['month'])) {
354 $month = $_GET['month'];
355 }
356-if (isset($_POST['day'])) {
357+if (isset($_POST['day']) && is_numeric($_POST['day'])) {
358 $day = $_POST['day'];
359 }
360-elseif (isset($_GET['day'])) {
361+elseif (isset($_GET['day']) && is_numeric($_GET['day'])) {
362 $day = $_GET['day'];
363 }
364-if (isset($_POST['hour'])) {
365+if (isset($_POST['hour']) && is_numeric($_POST['hour'])) {
366 $hour = $_POST['hour'];
367 }
368-elseif (isset($_GET['hour'])) {
369+elseif (isset($_GET['hour']) && is_numeric($_GET['hour'])) {
370 $hour = $_GET['hour'];
371 }
372-if (isset($_POST['event_hour'])) {
373+if (isset($_POST['event_hour']) && is_numeric($_POST['event_hour'])) {
374 $event_hour = $_POST['event_hour'];
375 }
376-if (isset($_POST['event_minute'])) {
377+if (isset($_POST['event_minute']) && is_numeric($_POST['event_minute'])) {
378 $event_minute = $_POST['event_minute'];
379 }
380-if (isset($_POST['event_length'])) {
381+if (isset($_POST['event_length']) && is_numeric($_POST['event_length'])) {
382 $event_length = $_POST['event_length'];
383 }
384-if (isset($_POST['event_priority'])) {
385+if (isset($_POST['event_priority']) && is_numeric($_POST['event_priority'])) {
386 $event_priority = $_POST['event_priority'];
387 }
388 if (isset($_POST['event_title'])) {
389diff -urw squirrelmail-1.4.4.orig/plugins/calendar/event_edit.php squirrelmail-1.4.4/plugins/calendar/event_edit.php
390--- squirrelmail-1.4.4.orig/plugins/calendar/event_edit.php Mon Dec 27 16:03:49 2004
391+++ squirrelmail-1.4.4/plugins/calendar/event_edit.php Wed Jun 15 23:53:22 2005
392@@ -29,26 +29,27 @@
393
394
395 /* get globals */
396-
397+unset($event_year, $event_month, $event_day, $event_hour, $event_minute,
398+ $event_length, $event_priority, $year, $month, $day, $hour, $minute);
399 if (isset($_POST['updated'])) {
400 $updated = $_POST['updated'];
401 }
402-if (isset($_POST['event_year'])) {
403+if (isset($_POST['event_year']) && is_numeric($_POST['event_year'])) {
404 $event_year = $_POST['event_year'];
405 }
406-if (isset($_POST['event_month'])) {
407+if (isset($_POST['event_month']) && is_numeric($_POST['event_month'])) {
408 $event_month = $_POST['event_month'];
409 }
410-if (isset($_POST['event_day'])) {
411+if (isset($_POST['event_day']) && is_numeric($_POST['event_day'])) {
412 $event_day = $_POST['event_day'];
413 }
414-if (isset($_POST['event_hour'])) {
415+if (isset($_POST['event_hour']) && is_numeric($_POST['event_hour'])) {
416 $event_hour = $_POST['event_hour'];
417 }
418-if (isset($_POST['event_minute'])) {
419+if (isset($_POST['event_minute']) && is_numeric($_POST['event_minute'])) {
420 $event_minute = $_POST['event_minute'];
421 }
422-if (isset($_POST['event_length'])) {
423+if (isset($_POST['event_length']) && is_numeric($_POST['event_length'])) {
424 $event_length = $_POST['event_length'];
425 }
426 if (isset($_POST['event_title'])) {
427@@ -60,40 +61,40 @@
428 if (isset($_POST['send'])) {
429 $send = $_POST['send'];
430 }
431-if (isset($_POST['event_priority'])) {
432+if (isset($_POST['event_priority']) && is_numeric($_POST['event_priority'])) {
433 $event_priority = $_POST['event_priority'];
434 }
435 if (isset($_POST['confirmed'])) {
436 $confirmed = $_POST['confirmed'];
437 }
438-if (isset($_POST['year'])) {
439+if (isset($_POST['year']) && is_numeric($_POST['year'])) {
440 $year = $_POST['year'];
441 }
442-elseif (isset($_GET['year'])) {
443+elseif (isset($_GET['year']) && is_numeric($_GET['year'])) {
444 $year = $_GET['year'];
445 }
446-if (isset($_POST['month'])) {
447+if (isset($_POST['month']) && is_numeric($_POST['month'])) {
448 $month = $_POST['month'];
449 }
450-elseif (isset($_GET['month'])) {
451+elseif (isset($_GET['month']) && is_numeric($_GET['month'])) {
452 $month = $_GET['month'];
453 }
454-if (isset($_POST['day'])) {
455+if (isset($_POST['day']) && is_numeric($_POST['day'])) {
456 $day = $_POST['day'];
457 }
458-elseif (isset($_GET['day'])) {
459+elseif (isset($_GET['day']) && is_numeric($_GET['day'])) {
460 $day = $_GET['day'];
461 }
462-if (isset($_POST['hour'])) {
463+if (isset($_POST['hour']) && is_numeric($_POST['hour'])) {
464 $hour = $_POST['hour'];
465 }
466-elseif (isset($_GET['hour'])) {
467+elseif (isset($_GET['hour']) && is_numeric($_GET['hour'])) {
468 $hour = $_GET['hour'];
469 }
470-if (isset($_POST['minute'])) {
471+if (isset($_POST['minute']) && is_numeric($_POST['minute'])) {
472 $minute = $_POST['minute'];
473 }
474-elseif (isset($_GET['minute'])) {
475+elseif (isset($_GET['minute']) && is_numeric($_GET['minute'])) {
476 $minute = $_GET['minute'];
477 }
478 /* got 'em */
479diff -urw squirrelmail-1.4.4.orig/plugins/filters/options.php squirrelmail-1.4.4/plugins/filters/options.php
480--- squirrelmail-1.4.4.orig/plugins/filters/options.php Mon Dec 27 16:03:57 2004
481+++ squirrelmail-1.4.4/plugins/filters/options.php Wed Jun 15 23:50:03 2005
482@@ -189,7 +189,7 @@
483 html_tag( 'td', '', 'left' ) .
484 '<input type="text" size="32" name="filter_what" value="';
485 if (isset($filters[$theid]['what'])) {
486- echo $filters[$theid]['what'];
487+ echo htmlspecialchars($filters[$theid]['what']);
488 }
489 echo '" />'.
490 '</td>'.
491diff -urw squirrelmail-1.4.4.orig/plugins/filters/spamoptions.php squirrelmail-1.4.4/plugins/filters/spamoptions.php
492--- squirrelmail-1.4.4.orig/plugins/filters/spamoptions.php Mon Dec 27 16:03:57 2004
493+++ squirrelmail-1.4.4/plugins/filters/spamoptions.php Wed Jun 15 23:50:03 2005
494@@ -199,7 +199,7 @@
495 echo html_tag( 'p', '', 'center' ) .
496 '[<a href="spamoptions.php?action=spam">' . _("Edit") . '</a>]' .
497 ' - [<a href="../../src/options.php">' . _("Done") . '</a>]</center><br /><br />';
498- printf( _("Spam is sent to %s."), ($filters_spam_folder?'<b>'.imap_utf7_decode_local($filters_spam_folder).'</b>':'[<i>'._("not set yet").'</i>]' ) );
499+ printf( _("Spam is sent to %s."), ($filters_spam_folder?'<b>'.htmlspecialchars(imap_utf7_decode_local($filters_spam_folder)).'</b>':'[<i>'._("not set yet").'</i>]' ) );
500 echo '<br />';
501 printf( _("Spam scan is limited to %s."), '<b>' . ( ($filters_spam_scan == 'new')?_("Unread messages only"):_("All messages") ) . '</b>' );
502 echo '</p>'.
503diff -urw squirrelmail-1.4.4.orig/plugins/listcommands/mailout.php squirrelmail-1.4.4/plugins/listcommands/mailout.php
504--- squirrelmail-1.4.4.orig/plugins/listcommands/mailout.php Mon Dec 27 16:03:58 2004
505+++ squirrelmail-1.4.4/plugins/listcommands/mailout.php Wed Jun 15 23:50:03 2005
506@@ -25,14 +25,6 @@
507 sqgetGlobalVar('body', $body, SQ_GET);
508 sqgetGlobalVar('action', $action, SQ_GET);
509
510-echo html_tag('p', '', 'left' ) .
511-html_tag( 'table', '', 'center', $color[0], 'border="0" width="75%"' ) . "\n" .
512- html_tag( 'tr',
513- html_tag( 'th', _("Mailinglist") . ' ' . _($action), '', $color[9] )
514- ) .
515- html_tag( 'tr' ) .
516- html_tag( 'td', '', 'left' );
517-
518 switch ( $action ) {
519 case 'help':
520 $out_string = _("This will send a message to %s requesting help for this list. You will receive an emailed response at the address below.");
521@@ -42,7 +34,19 @@
522 break;
523 case 'unsubscribe':
524 $out_string = _("This will send a message to %s requesting that you will be unsubscribed from this list. It will try to unsubscribe the adress below.");
525+default:
526+ error_box(sprintf(_("Unknown action: %s"),htmlspecialchars($action)), $color);
527+ exit;
528 }
529+
530+echo html_tag('p', '', 'left' ) .
531+html_tag( 'table', '', 'center', $color[0], 'border="0" width="75%"' ) . "\n" .
532+ html_tag( 'tr',
533+ html_tag( 'th', _("Mailinglist") . ' ' . _($action), '', $color[9] )
534+ ) .
535+ html_tag( 'tr' ) .
536+ html_tag( 'td', '', 'left' );
537+
538
539 printf( $out_string, htmlspecialchars($send_to) );
540
541diff -urw squirrelmail-1.4.4.orig/plugins/newmail/newmail.php squirrelmail-1.4.4/plugins/newmail/newmail.php
542--- squirrelmail-1.4.4.orig/plugins/newmail/newmail.php Mon Dec 27 16:03:58 2004
543+++ squirrelmail-1.4.4/plugins/newmail/newmail.php Wed Jun 15 23:50:03 2005
544@@ -22,6 +22,7 @@
545 require_once(SM_PATH . 'functions/page_header.php');
546
547 sqGetGlobalVar('numnew', $numnew, SQ_GET);
548+$numnew = (int)$numnew;
549
550 displayHtmlHeader( _("New Mail"), '', FALSE );
551
552diff -urw squirrelmail-1.4.4.orig/plugins/spamcop/setup.php squirrelmail-1.4.4/plugins/spamcop/setup.php
553--- squirrelmail-1.4.4.orig/plugins/spamcop/setup.php Mon Dec 27 16:03:58 2004
554+++ squirrelmail-1.4.4/plugins/spamcop/setup.php Wed Jun 15 23:50:03 2005
555@@ -75,6 +75,9 @@
556 sqgetGlobalVar('passed_ent_id',$passed_ent_id,SQ_FORM);
557 sqgetGlobalVar('mailbox', $mailbox, SQ_FORM);
558 sqgetGlobalVar('startMessage', $startMessage, SQ_FORM);
559+ if ( sqgetGlobalVar('startMessage', $startMessage, SQ_FORM) ) {
560+ $startMessage = (int)$startMessage;
561+ }
562 /* END GLOBALS */
563
564 // catch unset passed_ent_id
565diff -urw squirrelmail-1.4.4.orig/plugins/squirrelspell/modules/lang_change.mod squirrelmail-1.4.4/plugins/squirrelspell/modules/lang_change.mod
566--- squirrelmail-1.4.4.orig/plugins/squirrelspell/modules/lang_change.mod Sat Jun 12 18:39:48 2004
567+++ squirrelmail-1.4.4/plugins/squirrelspell/modules/lang_change.mod Wed Jun 15 23:50:03 2005
568@@ -69,11 +69,11 @@
569 $lang_array = explode( ',', $lang_string );
570 $dsp_string = '';
571 foreach( $lang_array as $a) {
572- $dsp_string .= _(trim($a)) . ', ';
573+ $dsp_string .= _(htmlspecialchars(trim($a))) . ', ';
574 }
575 $dsp_string = substr( $dsp_string, 0, -2 );
576 $msg = '<p>'
577- . sprintf(_("Settings adjusted to: %s with %s as default dictionary."), '<strong>'.$dsp_string.'</strong>', '<strong>'._($lang_default).'</strong>')
578+ . sprintf(_("Settings adjusted to: %s with %s as default dictionary."), '<strong>'.$dsp_string.'</strong>', '<strong>'._(htmlspecialchars($lang_default)).'</strong>')
579 . '</p>';
580 } else {
581 /**
582diff -urw squirrelmail-1.4.4.orig/src/addressbook.php squirrelmail-1.4.4/src/addressbook.php
583--- squirrelmail-1.4.4.orig/src/addressbook.php Mon Dec 27 16:03:59 2004
584+++ squirrelmail-1.4.4/src/addressbook.php Wed Jun 15 23:50:03 2005
585@@ -279,7 +279,7 @@
586 html_tag( 'tr',
587 html_tag( 'td',
588 "\n". '<strong><font color="' . $color[2] .
589- '">' . _("ERROR") . ': ' . $abook->error . '</font></strong>' ."\n",
590+ '">' . _("ERROR") . ': ' . htmlspecialchars($abook->error) . '</font></strong>' ."\n",
591 'center' )
592 ),
593 'center', '', 'width="100%"' );
594@@ -331,7 +331,7 @@
595 html_tag( 'tr',
596 html_tag( 'td',
597 "\n". '<br /><strong><font color="' . $color[2] .
598- '">' . _("ERROR") . ': ' . $formerror . '</font></strong>' ."\n",
599+ '">' . _("ERROR") . ': ' . htmlspecialchars($formerror) . '</font></strong>' ."\n",
600 'center' )
601 ),
602 'center', '', 'width="100%"' );
603@@ -343,6 +343,7 @@
604 /* Get and sort address list */
605 $alist = $abook->list_addr();
606 if(!is_array($alist)) {
607+ $abook->error = htmlspecialchars($abook->error);
608 plain_error_message($abook->error, $color);
609 exit;
610 }
611diff -urw squirrelmail-1.4.4.orig/src/compose.php squirrelmail-1.4.4/src/compose.php
612--- squirrelmail-1.4.4.orig/src/compose.php Mon Jan 3 16:06:28 2005
613+++ squirrelmail-1.4.4/src/compose.php Wed Jun 15 23:50:03 2005
614@@ -76,6 +76,11 @@
615 sqgetGlobalVar('saved_draft',$saved_draft);
616 sqgetGlobalVar('delete_draft',$delete_draft);
617 sqgetGlobalVar('startMessage',$startMessage);
618+if ( sqgetGlobalVar('startMessage',$startMessage) ) {
619+ $startMessage = (int)$startMessage;
620+} else {
621+ $startMessage = 1;
622+}
623
624 /** POST VARS */
625 sqgetGlobalVar('sigappend', $sigappend, SQ_POST);
626diff -urw squirrelmail-1.4.4.orig/src/printer_friendly_bottom.php squirrelmail-1.4.4/src/printer_friendly_bottom.php
627--- squirrelmail-1.4.4.orig/src/printer_friendly_bottom.php Tue Dec 28 14:02:49 2004
628+++ squirrelmail-1.4.4/src/printer_friendly_bottom.php Wed Jun 15 23:50:03 2005
629@@ -33,7 +33,8 @@
630 sqgetGlobalVar('passed_id', $passed_id, SQ_GET);
631 sqgetGlobalVar('mailbox', $mailbox, SQ_GET);
632
633-if (! sqgetGlobalVar('passed_ent_id', $passed_ent_id, SQ_GET) ) {
634+if (! sqgetGlobalVar('passed_ent_id', $passed_ent_id, SQ_GET) ||
635+ ! preg_match('/^\d+(\.\d+)*$/', $passed_ent_id) ) {
636 $passed_ent_id = '';
637 }
638 /* end globals */
639diff -urw squirrelmail-1.4.4.orig/src/right_main.php squirrelmail-1.4.4/src/right_main.php
640--- squirrelmail-1.4.4.orig/src/right_main.php Mon Dec 27 16:04:00 2004
641+++ squirrelmail-1.4.4/src/right_main.php Wed Jun 15 23:50:03 2005
642@@ -165,7 +165,7 @@
643
644 do_hook('right_main_after_header');
645 if (isset($note)) {
646- echo html_tag( 'div', '<b>' . $note .'</b>', 'center' ) . "<br />\n";
647+ echo html_tag( 'div', '<b>' . htmlspecialchars($note) .'</b>', 'center' ) . "<br />\n";
648 }
649
650 if ( sqgetGlobalVar('just_logged_in', $just_logged_in, SQ_SESSION) ) {
The SquirrelMail, a WebMail package
This page took 0.125972 seconds and 4 git commands to generate.