From: Jonathan A. <jan...@us...> - 2004-03-28 12:00:36
|
Update of /cvsroot/squirrelmail/squirrelmail/functions In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv20852/functions Modified Files: Tag: SM-1_4-STABLE page_header.php Log Message: Fix part 1 for XSS issue... call page like this: src/compose.php?mailbox="><script>alert('Nuts!');</script> Because this file is included in other pages, it could affect others too. Index: page_header.php =================================================================== RCS file: /cvsroot/squirrelmail/squirrelmail/functions/page_header.php,v retrieving revision 1.148.2.9 retrieving revision 1.148.2.10 diff -u -w -r1.148.2.9 -r1.148.2.10 --- page_header.php 24 Feb 2004 15:57:26 -0000 1.148.2.9 +++ page_header.php 28 Mar 2004 11:49:19 -0000 1.148.2.10 @@ -243,8 +243,8 @@ echo "<body text=\"$color[8]\" bgcolor=\"$color[4]\" link=\"$color[7]\" vlink=\"$color[7]\" alink=\"$color[7]\" $onload>\n\n"; /** Here is the header and wrapping table **/ - $shortBoxName = imap_utf7_decode_local( - readShortMailboxName($mailbox, $delimiter)); + $shortBoxName = htmlspecialchars(imap_utf7_decode_local( + readShortMailboxName($mailbox, $delimiter))); if ( $shortBoxName == 'INBOX' ) { $shortBoxName = _("INBOX"); } |