Menu
▾
▴
[SM-CVS] SF.net SVN: squirrelmail:[13957] trunk/squirrelmail/include/init.php
|
From: <pdo...@us...> - 2010-06-26 10:15:55
|
Revision: 13957
http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13957&view=rev
Author: pdontthink
Date: 2010-06-26 10:15:49 +0000 (Sat, 26 Jun 2010)
Log Message:
-----------
Aggressive sanitizing of REQUEST_URI, PHP_SELF, and QUERY_STRING corrupted page URIs by encoding ampersands in the query string, so we have to un-sanitize ampersands. Will this cause any security/XSS issues?
Modified Paths:
--------------
trunk/squirrelmail/include/init.php
Modified: trunk/squirrelmail/include/init.php
===================================================================
--- trunk/squirrelmail/include/init.php 2010-06-25 21:31:10 UTC (rev 13956)
+++ trunk/squirrelmail/include/init.php 2010-06-26 10:15:49 UTC (rev 13957)
@@ -275,13 +275,17 @@
* htmlspecialchars() is the preferred method.
* QUERY_STRING also needs the same treatment since it is
* used in php_self().
+ * Update again: the encoding of ampersands that occurs
+ * using htmlspecialchars() corrupts the query strings
+ * in normal URIs, so we have to let those through.
+FIXME: will the de-sanitizing of ampersands create any security/XSS problems?
*/
if (isset($_SERVER['REQUEST_URI']))
- $_SERVER['REQUEST_URI'] = htmlspecialchars($_SERVER['REQUEST_URI']);
+ $_SERVER['REQUEST_URI'] = str_replace('&', '&', htmlspecialchars($_SERVER['REQUEST_URI']));
if (isset($_SERVER['PHP_SELF']))
- $_SERVER['PHP_SELF'] = htmlspecialchars($_SERVER['PHP_SELF']);
+ $_SERVER['PHP_SELF'] = str_replace('&', '&', htmlspecialchars($_SERVER['PHP_SELF']));
if (isset($_SERVER['QUERY_STRING']))
- $_SERVER['QUERY_STRING'] = htmlspecialchars($_SERVER['QUERY_STRING']);
+ $_SERVER['QUERY_STRING'] = str_replace('&', '&', htmlspecialchars($_SERVER['QUERY_STRING']));
$PHP_SELF = php_self();
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|