]>
Commit | Line | Data |
---|---|---|
401c2ccb | 1 | diff -urw squirrelmail-1.4.4.orig/functions/addressbook.php squirrelmail-1.4.4/functions/addressbook.php |
2 | --- squirrelmail-1.4.4.orig/functions/addressbook.php Mon Dec 27 16:03:42 2004 | |
3 | +++ squirrelmail-1.4.4/functions/addressbook.php Wed Jun 15 23:50:03 2005 | |
4 | @@ -108,7 +108,7 @@ | |
5 | if (!$r && $showerr) { | |
6 | printf( ' ' . _("Error initializing LDAP server %s:") . | |
7 | "<br />\n", $param['host']); | |
8 | - echo ' ' . $abook->error; | |
9 | + echo ' ' . htmlspecialchars($abook->error); | |
10 | exit; | |
11 | } | |
12 | } | |
13 | @@ -239,7 +239,7 @@ | |
14 | if (is_array($res)) { | |
15 | $ret = array_merge($ret, $res); | |
16 | } else { | |
17 | - $this->error .= "<br />\n" . $backend->error; | |
18 | + $this->error .= "\n" . $backend->error; | |
19 | $failed++; | |
20 | } | |
21 | } | |
22 | @@ -255,7 +255,7 @@ | |
23 | ||
24 | $ret = $this->backends[$bnum]->search($expression); | |
25 | if (!is_array($ret)) { | |
26 | - $this->error .= "<br />\n" . $this->backends[$bnum]->error; | |
27 | + $this->error .= "\n" . $this->backends[$bnum]->error; | |
28 | $ret = FALSE; | |
29 | } | |
30 | } | |
31 | diff -urw squirrelmail-1.4.4.orig/functions/mime.php squirrelmail-1.4.4/functions/mime.php | |
32 | --- squirrelmail-1.4.4.orig/functions/mime.php Mon Jan 10 19:52:48 2005 | |
33 | +++ squirrelmail-1.4.4/functions/mime.php Wed Jun 15 23:50:03 2005 | |
34 | @@ -1388,12 +1388,33 @@ | |
35 | } | |
36 | } | |
37 | } | |
38 | + | |
39 | + /** | |
40 | + * Replace empty src tags with the blank image. src is only used | |
41 | + * for frames, images, and image inputs. Doing a replace should | |
42 | + * not affect them working as should be, however it will stop | |
43 | + * IE from being kicked off when src for img tags are not set | |
44 | + */ | |
45 | + if (($attname == 'src') && ($attvalue == '""')) { | |
46 | + $attary{$attname} = '"' . SM_PATH . 'images/blank.png"'; | |
47 | + } | |
48 | + | |
49 | /** | |
50 | * Turn cid: urls into http-friendly ones. | |
51 | */ | |
52 | if (preg_match("/^[\'\"]\s*cid:/si", $attvalue)){ | |
53 | $attary{$attname} = sq_cid2http($message, $id, $attvalue, $mailbox); | |
54 | } | |
55 | + | |
56 | + /** | |
57 | + * "Hack" fix for Outlook using propriatary outbind:// protocol in img tags. | |
58 | + * One day MS might actually make it match something useful, for now, falling | |
59 | + * back to using cid2http, so we can grab the blank.png. | |
60 | + */ | |
61 | + if (preg_match("/^[\'\"]\s*outbind:\/\//si", $attvalue)) { | |
62 | + $attary{$attname} = sq_cid2http($message, $id, $attvalue, $mailbox); | |
63 | + } | |
64 | + | |
65 | } | |
66 | /** | |
67 | * See if we need to append any attributes to this tag. | |
68 | @@ -1408,7 +1429,7 @@ | |
69 | ||
70 | /** | |
71 | * This function edits the style definition to make them friendly and | |
72 | - * usable in squirrelmail. | |
73 | + * usable in SquirrelMail. | |
74 | * | |
75 | * @param $message the message object | |
76 | * @param $id the message id | |
77 | @@ -1436,27 +1457,54 @@ | |
78 | /** | |
79 | * Fix url('blah') declarations. | |
80 | */ | |
81 | - $content = preg_replace("|url\s*\(\s*([\'\"])\s*\S+script\s*:.*?([\'\"])\s*\)|si", | |
82 | - "url(\\1$secremoveimg\\2)", $content); | |
83 | + // $content = preg_replace("|url\s*\(\s*([\'\"])\s*\S+script\s*:.*?([\'\"])\s*\)|si", | |
84 | + // "url(\\1$secremoveimg\\2)", $content); | |
85 | + // remove NUL | |
86 | + $content = str_replace("\0", "", $content); | |
87 | + // NB I insert NUL characters to keep to avoid an infinite loop. They are removed after the loop. | |
88 | + while (preg_match("/url\s*\(\s*[\'\"]?([^:]+):(.*)?[\'\"]?\s*\)/si", $content, $matches)) { | |
89 | + $sProto = strtolower($matches[1]); | |
90 | + switch ($sProto) { | |
91 | /** | |
92 | * Fix url('https*://.*) declarations but only if $view_unsafe_images | |
93 | * is false. | |
94 | */ | |
95 | + case 'https': | |
96 | + case 'http': | |
97 | if (!$view_unsafe_images){ | |
98 | - $content = preg_replace("|url\s*\(\s*([\'\"])\s*https*:.*?([\'\"])\s*\)|si", | |
99 | - "url(\\1$secremoveimg\\2)", $content); | |
100 | + $sExpr = "/url\s*\(\s*([\'\"])\s*$sProto*:.*?([\'\"])\s*\)/si"; | |
101 | + $content = preg_replace($sExpr, "u\0r\0l(\\1$secremoveimg\\2)", $content); | |
102 | } | |
103 | - | |
104 | + break; | |
105 | /** | |
106 | * Fix urls that refer to cid: | |
107 | */ | |
108 | - while (preg_match("|url\s*\(\s*([\'\"]\s*cid:.*?[\'\"])\s*\)|si", | |
109 | - $content, $matches)){ | |
110 | - $cidurl = $matches{1}; | |
111 | + case 'cid': | |
112 | + $cidurl = 'cid:'. $matches[2]; | |
113 | $httpurl = sq_cid2http($message, $id, $cidurl, $mailbox); | |
114 | $content = preg_replace("|url\s*\(\s*$cidurl\s*\)|si", | |
115 | - "url($httpurl)", $content); | |
116 | + "u\0r\0l($httpurl)", $content); | |
117 | + break; | |
118 | + default: | |
119 | + /** | |
120 | + * replace url with protocol other then the white list | |
121 | + * http,https and cid by an empty string. | |
122 | + */ | |
123 | + $content = preg_replace("/url\s*\(\s*[\'\"]?([^:]+):(.*)?[\'\"]?\s*\)/si", | |
124 | + "", $content); | |
125 | + break; | |
126 | } | |
127 | + break; | |
128 | + } | |
129 | + // remove NUL | |
130 | + $content = str_replace("\0", "", $content); | |
131 | + | |
132 | + /** | |
133 | + * Remove any backslashes, entities, and extraneous whitespace. | |
134 | + */ | |
135 | + $contentTemp = $content; | |
136 | + sq_defang($contentTemp); | |
137 | + sq_unspace($contentTemp); | |
138 | ||
139 | /** | |
140 | * Fix stupid css declarations which lead to vulnerabilities | |
141 | @@ -1467,10 +1515,16 @@ | |
142 | '/binding/i', | |
143 | '/include-source/i'); | |
144 | $replace = Array('idiocy', 'idiocy', 'idiocy', 'idiocy'); | |
145 | - $content = preg_replace($match, $replace, $content); | |
146 | + $contentNew = preg_replace($match, $replace, $contentTemp); | |
147 | + if ($contentNew !== $contentTemp) { | |
148 | + // insecure css declarations are used. From now on we don't care | |
149 | + // anymore if the css is destroyed by sq_deent, sq_unspace or sq_unbackslash | |
150 | + $content = $contentNew; | |
151 | + } | |
152 | return array($content, $newpos); | |
153 | } | |
154 | ||
155 | + | |
156 | /** | |
157 | * This function converts cid: url's into the ones that can be viewed in | |
158 | * the browser. | |
159 | @@ -1492,15 +1546,46 @@ | |
160 | $quotchar = ''; | |
161 | } | |
162 | $cidurl = substr(trim($cidurl), 4); | |
163 | + | |
164 | + $match_str = '/\{.*?\}\//'; | |
165 | + $str_rep = ''; | |
166 | + $cidurl = preg_replace($match_str, $str_rep, $cidurl); | |
167 | + | |
168 | $linkurl = find_ent_id($cidurl, $message); | |
169 | /* in case of non-save cid links $httpurl should be replaced by a sort of | |
170 | unsave link image */ | |
171 | $httpurl = ''; | |
172 | - if ($linkurl) { | |
173 | + | |
174 | + /** | |
175 | + * This is part of a fix for Outlook Express 6.x generating | |
176 | + * cid URLs without creating content-id headers. These images are | |
177 | + * not part of the multipart/related html mail. The html contains | |
178 | + * <img src="cid:{some_id}/image_filename.ext"> references to | |
179 | + * attached images with as goal to render them inline although | |
180 | + * the attachment disposition property is not inline. | |
181 | + */ | |
182 | + | |
183 | + if (empty($linkurl)) { | |
184 | + if (preg_match('/{.*}\//', $cidurl)) { | |
185 | + $cidurl = preg_replace('/{.*}\//','', $cidurl); | |
186 | + if (!empty($cidurl)) { | |
187 | + $linkurl = find_ent_id($cidurl, $message); | |
188 | + } | |
189 | + } | |
190 | + } | |
191 | + | |
192 | + if (!empty($linkurl)) { | |
193 | $httpurl = $quotchar . SM_PATH . 'src/download.php?absolute_dl=true&' . | |
194 | "passed_id=$id&mailbox=" . urlencode($mailbox) . | |
195 | '&ent_id=' . $linkurl . $quotchar; | |
196 | + } else { | |
197 | + /** | |
198 | + * If we couldn't generate a proper img url, drop in a blank image | |
199 | + * instead of sending back empty, otherwise it causes unusual behaviour | |
200 | + */ | |
201 | + $httpurl = $quotchar . SM_PATH . 'images/blank.png'; | |
202 | } | |
203 | + | |
204 | return $httpurl; | |
205 | } | |
206 | ||
207 | @@ -1526,8 +1611,7 @@ | |
208 | $attvalue = str_replace($quotchar, "", $attvalue); | |
209 | switch ($attname){ | |
210 | case 'background': | |
211 | - $attvalue = sq_cid2http($message, $id, | |
212 | - $attvalue, $mailbox); | |
213 | + $attvalue = sq_cid2http($message, $id, $attvalue, $mailbox); | |
214 | $styledef .= "background-image: url('$attvalue'); "; | |
215 | break; | |
216 | case 'bgcolor': | |
217 | @@ -1754,6 +1838,7 @@ | |
218 | "embed", | |
219 | "title", | |
220 | "frameset", | |
221 | + "xmp", | |
222 | "xml" | |
223 | ); | |
224 | ||
225 | @@ -1761,7 +1846,8 @@ | |
226 | "img", | |
227 | "br", | |
228 | "hr", | |
229 | - "input" | |
230 | + "input", | |
231 | + "outbind" | |
232 | ); | |
233 | ||
234 | $force_tag_closing = true; | |
235 | @@ -1816,6 +1902,7 @@ | |
236 | "/binding/i", | |
237 | "/behaviou*r/i", | |
238 | "/include-source/i", | |
239 | + "/position\s*:\s*absolute/i", | |
240 | "/url\s*\(\s*([\'\"])\s*\S+script\s*:.*([\'\"])\s*\)/si", | |
241 | "/url\s*\(\s*([\'\"])\s*mocha\s*:.*([\'\"])\s*\)/si", | |
242 | "/url\s*\(\s*([\'\"])\s*about\s*:.*([\'\"])\s*\)/si", | |
243 | @@ -1826,6 +1913,7 @@ | |
244 | "idiocy", | |
245 | "idiocy", | |
246 | "idiocy", | |
247 | + "", | |
248 | "url(\\1#\\1)", | |
249 | "url(\\1#\\1)", | |
250 | "url(\\1#\\1)", | |
251 | @@ -1856,7 +1944,7 @@ | |
252 | ||
253 | $add_attr_to_tag = Array( | |
254 | "/^a$/i" => | |
255 | - Array('target'=>'"_new"', | |
256 | + Array('target'=>'"_blank"', | |
257 | 'title'=>'"'._("This external link will open in a new window").'"' | |
258 | ) | |
259 | ); | |
260 | diff -urw squirrelmail-1.4.4.orig/functions/page_header.php squirrelmail-1.4.4/functions/page_header.php | |
261 | --- squirrelmail-1.4.4.orig/functions/page_header.php Mon Dec 27 22:08:58 2004 | |
262 | +++ squirrelmail-1.4.4/functions/page_header.php Wed Jun 15 23:50:03 2005 | |
263 | @@ -275,6 +275,7 @@ | |
264 | : html_tag( 'td', '', 'left' ) ) | |
265 | . "\n"; | |
266 | $urlMailbox = urlencode($mailbox); | |
267 | + $startMessage = (int)$startMessage; | |
268 | echo makeComposeLink('src/compose.php?mailbox='.$urlMailbox.'&startMessage='.$startMessage); | |
269 | echo " \n"; | |
270 | displayInternalLink ('src/addressbook.php', _("Addresses")); | |
271 | diff -urw squirrelmail-1.4.4.orig/plugins/calendar/calendar.php squirrelmail-1.4.4/plugins/calendar/calendar.php | |
272 | --- squirrelmail-1.4.4.orig/plugins/calendar/calendar.php Mon Dec 27 16:03:49 2004 | |
273 | +++ squirrelmail-1.4.4/plugins/calendar/calendar.php Wed Jun 15 23:51:15 2005 | |
274 | @@ -28,17 +28,17 @@ | |
275 | require_once(SM_PATH . 'functions/html.php'); | |
276 | ||
277 | /* get globals */ | |
278 | - | |
279 | -if (isset($_GET['month'])) { | |
280 | +unset($month, $year); | |
281 | +if (isset($_GET['month']) && is_numeric($_GET['month'])) { | |
282 | $month = $_GET['month']; | |
283 | } | |
284 | -if (isset($_GET['year'])) { | |
285 | +if (isset($_GET['year']) && is_numeric($_GET['year'])) { | |
286 | $year = $_GET['year']; | |
287 | } | |
288 | -if (isset($_POST['year'])) { | |
289 | +if (isset($_POST['year']) && is_numeric($_POST['year'])) { | |
290 | $year = $_POST['year']; | |
291 | } | |
292 | -if (isset($_POST['month'])) { | |
293 | +if (isset($_POST['month']) && is_numeric($_POST['month'])) { | |
294 | $month = $_POST['month']; | |
295 | } | |
296 | /* got 'em */ | |
297 | diff -urw squirrelmail-1.4.4.orig/plugins/calendar/day.php squirrelmail-1.4.4/plugins/calendar/day.php | |
298 | --- squirrelmail-1.4.4.orig/plugins/calendar/day.php Mon Dec 27 16:03:49 2004 | |
299 | +++ squirrelmail-1.4.4/plugins/calendar/day.php Wed Jun 15 23:51:52 2005 | |
300 | @@ -29,22 +29,23 @@ | |
301 | require_once(SM_PATH . 'functions/html.php'); | |
302 | ||
303 | /* get globals */ | |
304 | -if (isset($_GET['year'])) { | |
305 | +unset($year, $month, $day); | |
306 | +if (isset($_GET['year']) && is_numeric($_GET['year'])) { | |
307 | $year = $_GET['year']; | |
308 | } | |
309 | -elseif (isset($_POST['year'])) { | |
310 | +elseif (isset($_POST['year']) && is_numeric($_POST['year'])) { | |
311 | $year = $_POST['year']; | |
312 | } | |
313 | -if (isset($_GET['month'])) { | |
314 | +if (isset($_GET['month']) && is_numeric($_GET['month'])) { | |
315 | $month = $_GET['month']; | |
316 | } | |
317 | -elseif (isset($_POST['month'])) { | |
318 | +elseif (isset($_POST['month']) && is_numeric($_POST['month'])) { | |
319 | $month = $_POST['month']; | |
320 | } | |
321 | -if (isset($_GET['day'])) { | |
322 | +if (isset($_GET['day']) && is_numeric($_GET['day'])) { | |
323 | $day = $_GET['day']; | |
324 | } | |
325 | -elseif (isset($_POST['day'])) { | |
326 | +elseif (isset($_POST['day']) && is_numeric($_POST['day'])) { | |
327 | $day = $_POST['day']; | |
328 | } | |
329 | ||
330 | diff -urw squirrelmail-1.4.4.orig/plugins/calendar/event_create.php squirrelmail-1.4.4/plugins/calendar/event_create.php | |
331 | --- squirrelmail-1.4.4.orig/plugins/calendar/event_create.php Mon Dec 27 16:03:49 2004 | |
332 | +++ squirrelmail-1.4.4/plugins/calendar/event_create.php Wed Jun 15 23:52:34 2005 | |
333 | @@ -28,41 +28,42 @@ | |
334 | require_once(SM_PATH . 'functions/html.php'); | |
335 | ||
336 | /* get globals */ | |
337 | - | |
338 | -if (isset($_POST['year'])) { | |
339 | +unset($year, $month, $day, $hour, $event_hour, $event_minute, | |
340 | + $event_length, $event_priority); | |
341 | +if (isset($_POST['year']) && is_numeric($_POST['year'])) { | |
342 | $year = $_POST['year']; | |
343 | } | |
344 | -elseif (isset($_GET['year'])) { | |
345 | +elseif (isset($_GET['year']) && is_numeric($_GET['year'])) { | |
346 | $year = $_GET['year']; | |
347 | } | |
348 | -if (isset($_POST['month'])) { | |
349 | +if (isset($_POST['month']) && is_numeric($_POST['month'])) { | |
350 | $month = $_POST['month']; | |
351 | } | |
352 | -elseif (isset($_GET['month'])) { | |
353 | +elseif (isset($_GET['month']) && is_numeric($_GET['month'])) { | |
354 | $month = $_GET['month']; | |
355 | } | |
356 | -if (isset($_POST['day'])) { | |
357 | +if (isset($_POST['day']) && is_numeric($_POST['day'])) { | |
358 | $day = $_POST['day']; | |
359 | } | |
360 | -elseif (isset($_GET['day'])) { | |
361 | +elseif (isset($_GET['day']) && is_numeric($_GET['day'])) { | |
362 | $day = $_GET['day']; | |
363 | } | |
364 | -if (isset($_POST['hour'])) { | |
365 | +if (isset($_POST['hour']) && is_numeric($_POST['hour'])) { | |
366 | $hour = $_POST['hour']; | |
367 | } | |
368 | -elseif (isset($_GET['hour'])) { | |
369 | +elseif (isset($_GET['hour']) && is_numeric($_GET['hour'])) { | |
370 | $hour = $_GET['hour']; | |
371 | } | |
372 | -if (isset($_POST['event_hour'])) { | |
373 | +if (isset($_POST['event_hour']) && is_numeric($_POST['event_hour'])) { | |
374 | $event_hour = $_POST['event_hour']; | |
375 | } | |
376 | -if (isset($_POST['event_minute'])) { | |
377 | +if (isset($_POST['event_minute']) && is_numeric($_POST['event_minute'])) { | |
378 | $event_minute = $_POST['event_minute']; | |
379 | } | |
380 | -if (isset($_POST['event_length'])) { | |
381 | +if (isset($_POST['event_length']) && is_numeric($_POST['event_length'])) { | |
382 | $event_length = $_POST['event_length']; | |
383 | } | |
384 | -if (isset($_POST['event_priority'])) { | |
385 | +if (isset($_POST['event_priority']) && is_numeric($_POST['event_priority'])) { | |
386 | $event_priority = $_POST['event_priority']; | |
387 | } | |
388 | if (isset($_POST['event_title'])) { | |
389 | diff -urw squirrelmail-1.4.4.orig/plugins/calendar/event_edit.php squirrelmail-1.4.4/plugins/calendar/event_edit.php | |
390 | --- squirrelmail-1.4.4.orig/plugins/calendar/event_edit.php Mon Dec 27 16:03:49 2004 | |
391 | +++ squirrelmail-1.4.4/plugins/calendar/event_edit.php Wed Jun 15 23:53:22 2005 | |
392 | @@ -29,26 +29,27 @@ | |
393 | ||
394 | ||
395 | /* get globals */ | |
396 | - | |
397 | +unset($event_year, $event_month, $event_day, $event_hour, $event_minute, | |
398 | + $event_length, $event_priority, $year, $month, $day, $hour, $minute); | |
399 | if (isset($_POST['updated'])) { | |
400 | $updated = $_POST['updated']; | |
401 | } | |
402 | -if (isset($_POST['event_year'])) { | |
403 | +if (isset($_POST['event_year']) && is_numeric($_POST['event_year'])) { | |
404 | $event_year = $_POST['event_year']; | |
405 | } | |
406 | -if (isset($_POST['event_month'])) { | |
407 | +if (isset($_POST['event_month']) && is_numeric($_POST['event_month'])) { | |
408 | $event_month = $_POST['event_month']; | |
409 | } | |
410 | -if (isset($_POST['event_day'])) { | |
411 | +if (isset($_POST['event_day']) && is_numeric($_POST['event_day'])) { | |
412 | $event_day = $_POST['event_day']; | |
413 | } | |
414 | -if (isset($_POST['event_hour'])) { | |
415 | +if (isset($_POST['event_hour']) && is_numeric($_POST['event_hour'])) { | |
416 | $event_hour = $_POST['event_hour']; | |
417 | } | |
418 | -if (isset($_POST['event_minute'])) { | |
419 | +if (isset($_POST['event_minute']) && is_numeric($_POST['event_minute'])) { | |
420 | $event_minute = $_POST['event_minute']; | |
421 | } | |
422 | -if (isset($_POST['event_length'])) { | |
423 | +if (isset($_POST['event_length']) && is_numeric($_POST['event_length'])) { | |
424 | $event_length = $_POST['event_length']; | |
425 | } | |
426 | if (isset($_POST['event_title'])) { | |
427 | @@ -60,40 +61,40 @@ | |
428 | if (isset($_POST['send'])) { | |
429 | $send = $_POST['send']; | |
430 | } | |
431 | -if (isset($_POST['event_priority'])) { | |
432 | +if (isset($_POST['event_priority']) && is_numeric($_POST['event_priority'])) { | |
433 | $event_priority = $_POST['event_priority']; | |
434 | } | |
435 | if (isset($_POST['confirmed'])) { | |
436 | $confirmed = $_POST['confirmed']; | |
437 | } | |
438 | -if (isset($_POST['year'])) { | |
439 | +if (isset($_POST['year']) && is_numeric($_POST['year'])) { | |
440 | $year = $_POST['year']; | |
441 | } | |
442 | -elseif (isset($_GET['year'])) { | |
443 | +elseif (isset($_GET['year']) && is_numeric($_GET['year'])) { | |
444 | $year = $_GET['year']; | |
445 | } | |
446 | -if (isset($_POST['month'])) { | |
447 | +if (isset($_POST['month']) && is_numeric($_POST['month'])) { | |
448 | $month = $_POST['month']; | |
449 | } | |
450 | -elseif (isset($_GET['month'])) { | |
451 | +elseif (isset($_GET['month']) && is_numeric($_GET['month'])) { | |
452 | $month = $_GET['month']; | |
453 | } | |
454 | -if (isset($_POST['day'])) { | |
455 | +if (isset($_POST['day']) && is_numeric($_POST['day'])) { | |
456 | $day = $_POST['day']; | |
457 | } | |
458 | -elseif (isset($_GET['day'])) { | |
459 | +elseif (isset($_GET['day']) && is_numeric($_GET['day'])) { | |
460 | $day = $_GET['day']; | |
461 | } | |
462 | -if (isset($_POST['hour'])) { | |
463 | +if (isset($_POST['hour']) && is_numeric($_POST['hour'])) { | |
464 | $hour = $_POST['hour']; | |
465 | } | |
466 | -elseif (isset($_GET['hour'])) { | |
467 | +elseif (isset($_GET['hour']) && is_numeric($_GET['hour'])) { | |
468 | $hour = $_GET['hour']; | |
469 | } | |
470 | -if (isset($_POST['minute'])) { | |
471 | +if (isset($_POST['minute']) && is_numeric($_POST['minute'])) { | |
472 | $minute = $_POST['minute']; | |
473 | } | |
474 | -elseif (isset($_GET['minute'])) { | |
475 | +elseif (isset($_GET['minute']) && is_numeric($_GET['minute'])) { | |
476 | $minute = $_GET['minute']; | |
477 | } | |
478 | /* got 'em */ | |
479 | diff -urw squirrelmail-1.4.4.orig/plugins/filters/options.php squirrelmail-1.4.4/plugins/filters/options.php | |
480 | --- squirrelmail-1.4.4.orig/plugins/filters/options.php Mon Dec 27 16:03:57 2004 | |
481 | +++ squirrelmail-1.4.4/plugins/filters/options.php Wed Jun 15 23:50:03 2005 | |
482 | @@ -189,7 +189,7 @@ | |
483 | html_tag( 'td', '', 'left' ) . | |
484 | '<input type="text" size="32" name="filter_what" value="'; | |
485 | if (isset($filters[$theid]['what'])) { | |
486 | - echo $filters[$theid]['what']; | |
487 | + echo htmlspecialchars($filters[$theid]['what']); | |
488 | } | |
489 | echo '" />'. | |
490 | '</td>'. | |
491 | diff -urw squirrelmail-1.4.4.orig/plugins/filters/spamoptions.php squirrelmail-1.4.4/plugins/filters/spamoptions.php | |
492 | --- squirrelmail-1.4.4.orig/plugins/filters/spamoptions.php Mon Dec 27 16:03:57 2004 | |
493 | +++ squirrelmail-1.4.4/plugins/filters/spamoptions.php Wed Jun 15 23:50:03 2005 | |
494 | @@ -199,7 +199,7 @@ | |
495 | echo html_tag( 'p', '', 'center' ) . | |
496 | '[<a href="spamoptions.php?action=spam">' . _("Edit") . '</a>]' . | |
497 | ' - [<a href="../../src/options.php">' . _("Done") . '</a>]</center><br /><br />'; | |
498 | - printf( _("Spam is sent to %s."), ($filters_spam_folder?'<b>'.imap_utf7_decode_local($filters_spam_folder).'</b>':'[<i>'._("not set yet").'</i>]' ) ); | |
499 | + printf( _("Spam is sent to %s."), ($filters_spam_folder?'<b>'.htmlspecialchars(imap_utf7_decode_local($filters_spam_folder)).'</b>':'[<i>'._("not set yet").'</i>]' ) ); | |
500 | echo '<br />'; | |
501 | printf( _("Spam scan is limited to %s."), '<b>' . ( ($filters_spam_scan == 'new')?_("Unread messages only"):_("All messages") ) . '</b>' ); | |
502 | echo '</p>'. | |
503 | diff -urw squirrelmail-1.4.4.orig/plugins/listcommands/mailout.php squirrelmail-1.4.4/plugins/listcommands/mailout.php | |
504 | --- squirrelmail-1.4.4.orig/plugins/listcommands/mailout.php Mon Dec 27 16:03:58 2004 | |
505 | +++ squirrelmail-1.4.4/plugins/listcommands/mailout.php Wed Jun 15 23:50:03 2005 | |
506 | @@ -25,14 +25,6 @@ | |
507 | sqgetGlobalVar('body', $body, SQ_GET); | |
508 | sqgetGlobalVar('action', $action, SQ_GET); | |
509 | ||
510 | -echo html_tag('p', '', 'left' ) . | |
511 | -html_tag( 'table', '', 'center', $color[0], 'border="0" width="75%"' ) . "\n" . | |
512 | - html_tag( 'tr', | |
513 | - html_tag( 'th', _("Mailinglist") . ' ' . _($action), '', $color[9] ) | |
514 | - ) . | |
515 | - html_tag( 'tr' ) . | |
516 | - html_tag( 'td', '', 'left' ); | |
517 | - | |
518 | switch ( $action ) { | |
519 | case 'help': | |
520 | $out_string = _("This will send a message to %s requesting help for this list. You will receive an emailed response at the address below."); | |
521 | @@ -42,7 +34,19 @@ | |
522 | break; | |
523 | case 'unsubscribe': | |
524 | $out_string = _("This will send a message to %s requesting that you will be unsubscribed from this list. It will try to unsubscribe the adress below."); | |
525 | +default: | |
526 | + error_box(sprintf(_("Unknown action: %s"),htmlspecialchars($action)), $color); | |
527 | + exit; | |
528 | } | |
529 | + | |
530 | +echo html_tag('p', '', 'left' ) . | |
531 | +html_tag( 'table', '', 'center', $color[0], 'border="0" width="75%"' ) . "\n" . | |
532 | + html_tag( 'tr', | |
533 | + html_tag( 'th', _("Mailinglist") . ' ' . _($action), '', $color[9] ) | |
534 | + ) . | |
535 | + html_tag( 'tr' ) . | |
536 | + html_tag( 'td', '', 'left' ); | |
537 | + | |
538 | ||
539 | printf( $out_string, htmlspecialchars($send_to) ); | |
540 | ||
541 | diff -urw squirrelmail-1.4.4.orig/plugins/newmail/newmail.php squirrelmail-1.4.4/plugins/newmail/newmail.php | |
542 | --- squirrelmail-1.4.4.orig/plugins/newmail/newmail.php Mon Dec 27 16:03:58 2004 | |
543 | +++ squirrelmail-1.4.4/plugins/newmail/newmail.php Wed Jun 15 23:50:03 2005 | |
544 | @@ -22,6 +22,7 @@ | |
545 | require_once(SM_PATH . 'functions/page_header.php'); | |
546 | ||
547 | sqGetGlobalVar('numnew', $numnew, SQ_GET); | |
548 | +$numnew = (int)$numnew; | |
549 | ||
550 | displayHtmlHeader( _("New Mail"), '', FALSE ); | |
551 | ||
552 | diff -urw squirrelmail-1.4.4.orig/plugins/spamcop/setup.php squirrelmail-1.4.4/plugins/spamcop/setup.php | |
553 | --- squirrelmail-1.4.4.orig/plugins/spamcop/setup.php Mon Dec 27 16:03:58 2004 | |
554 | +++ squirrelmail-1.4.4/plugins/spamcop/setup.php Wed Jun 15 23:50:03 2005 | |
555 | @@ -75,6 +75,9 @@ | |
556 | sqgetGlobalVar('passed_ent_id',$passed_ent_id,SQ_FORM); | |
557 | sqgetGlobalVar('mailbox', $mailbox, SQ_FORM); | |
558 | sqgetGlobalVar('startMessage', $startMessage, SQ_FORM); | |
559 | + if ( sqgetGlobalVar('startMessage', $startMessage, SQ_FORM) ) { | |
560 | + $startMessage = (int)$startMessage; | |
561 | + } | |
562 | /* END GLOBALS */ | |
563 | ||
564 | // catch unset passed_ent_id | |
565 | diff -urw squirrelmail-1.4.4.orig/plugins/squirrelspell/modules/lang_change.mod squirrelmail-1.4.4/plugins/squirrelspell/modules/lang_change.mod | |
566 | --- squirrelmail-1.4.4.orig/plugins/squirrelspell/modules/lang_change.mod Sat Jun 12 18:39:48 2004 | |
567 | +++ squirrelmail-1.4.4/plugins/squirrelspell/modules/lang_change.mod Wed Jun 15 23:50:03 2005 | |
568 | @@ -69,11 +69,11 @@ | |
569 | $lang_array = explode( ',', $lang_string ); | |
570 | $dsp_string = ''; | |
571 | foreach( $lang_array as $a) { | |
572 | - $dsp_string .= _(trim($a)) . ', '; | |
573 | + $dsp_string .= _(htmlspecialchars(trim($a))) . ', '; | |
574 | } | |
575 | $dsp_string = substr( $dsp_string, 0, -2 ); | |
576 | $msg = '<p>' | |
577 | - . sprintf(_("Settings adjusted to: %s with %s as default dictionary."), '<strong>'.$dsp_string.'</strong>', '<strong>'._($lang_default).'</strong>') | |
578 | + . sprintf(_("Settings adjusted to: %s with %s as default dictionary."), '<strong>'.$dsp_string.'</strong>', '<strong>'._(htmlspecialchars($lang_default)).'</strong>') | |
579 | . '</p>'; | |
580 | } else { | |
581 | /** | |
582 | diff -urw squirrelmail-1.4.4.orig/src/addressbook.php squirrelmail-1.4.4/src/addressbook.php | |
583 | --- squirrelmail-1.4.4.orig/src/addressbook.php Mon Dec 27 16:03:59 2004 | |
584 | +++ squirrelmail-1.4.4/src/addressbook.php Wed Jun 15 23:50:03 2005 | |
585 | @@ -279,7 +279,7 @@ | |
586 | html_tag( 'tr', | |
587 | html_tag( 'td', | |
588 | "\n". '<strong><font color="' . $color[2] . | |
589 | - '">' . _("ERROR") . ': ' . $abook->error . '</font></strong>' ."\n", | |
590 | + '">' . _("ERROR") . ': ' . htmlspecialchars($abook->error) . '</font></strong>' ."\n", | |
591 | 'center' ) | |
592 | ), | |
593 | 'center', '', 'width="100%"' ); | |
594 | @@ -331,7 +331,7 @@ | |
595 | html_tag( 'tr', | |
596 | html_tag( 'td', | |
597 | "\n". '<br /><strong><font color="' . $color[2] . | |
598 | - '">' . _("ERROR") . ': ' . $formerror . '</font></strong>' ."\n", | |
599 | + '">' . _("ERROR") . ': ' . htmlspecialchars($formerror) . '</font></strong>' ."\n", | |
600 | 'center' ) | |
601 | ), | |
602 | 'center', '', 'width="100%"' ); | |
603 | @@ -343,6 +343,7 @@ | |
604 | /* Get and sort address list */ | |
605 | $alist = $abook->list_addr(); | |
606 | if(!is_array($alist)) { | |
607 | + $abook->error = htmlspecialchars($abook->error); | |
608 | plain_error_message($abook->error, $color); | |
609 | exit; | |
610 | } | |
611 | diff -urw squirrelmail-1.4.4.orig/src/compose.php squirrelmail-1.4.4/src/compose.php | |
612 | --- squirrelmail-1.4.4.orig/src/compose.php Mon Jan 3 16:06:28 2005 | |
613 | +++ squirrelmail-1.4.4/src/compose.php Wed Jun 15 23:50:03 2005 | |
614 | @@ -76,6 +76,11 @@ | |
615 | sqgetGlobalVar('saved_draft',$saved_draft); | |
616 | sqgetGlobalVar('delete_draft',$delete_draft); | |
617 | sqgetGlobalVar('startMessage',$startMessage); | |
618 | +if ( sqgetGlobalVar('startMessage',$startMessage) ) { | |
619 | + $startMessage = (int)$startMessage; | |
620 | +} else { | |
621 | + $startMessage = 1; | |
622 | +} | |
623 | ||
624 | /** POST VARS */ | |
625 | sqgetGlobalVar('sigappend', $sigappend, SQ_POST); | |
626 | diff -urw squirrelmail-1.4.4.orig/src/printer_friendly_bottom.php squirrelmail-1.4.4/src/printer_friendly_bottom.php | |
627 | --- squirrelmail-1.4.4.orig/src/printer_friendly_bottom.php Tue Dec 28 14:02:49 2004 | |
628 | +++ squirrelmail-1.4.4/src/printer_friendly_bottom.php Wed Jun 15 23:50:03 2005 | |
629 | @@ -33,7 +33,8 @@ | |
630 | sqgetGlobalVar('passed_id', $passed_id, SQ_GET); | |
631 | sqgetGlobalVar('mailbox', $mailbox, SQ_GET); | |
632 | ||
633 | -if (! sqgetGlobalVar('passed_ent_id', $passed_ent_id, SQ_GET) ) { | |
634 | +if (! sqgetGlobalVar('passed_ent_id', $passed_ent_id, SQ_GET) || | |
635 | + ! preg_match('/^\d+(\.\d+)*$/', $passed_ent_id) ) { | |
636 | $passed_ent_id = ''; | |
637 | } | |
638 | /* end globals */ | |
639 | diff -urw squirrelmail-1.4.4.orig/src/right_main.php squirrelmail-1.4.4/src/right_main.php | |
640 | --- squirrelmail-1.4.4.orig/src/right_main.php Mon Dec 27 16:04:00 2004 | |
641 | +++ squirrelmail-1.4.4/src/right_main.php Wed Jun 15 23:50:03 2005 | |
642 | @@ -165,7 +165,7 @@ | |
643 | ||
644 | do_hook('right_main_after_header'); | |
645 | if (isset($note)) { | |
646 | - echo html_tag( 'div', '<b>' . $note .'</b>', 'center' ) . "<br />\n"; | |
647 | + echo html_tag( 'div', '<b>' . htmlspecialchars($note) .'</b>', 'center' ) . "<br />\n"; | |
648 | } | |
649 | ||
650 | if ( sqgetGlobalVar('just_logged_in', $just_logged_in, SQ_SESSION) ) { |