popfile-commit

[<ssc...@us...>]

Update of /cvsroot/popfile/engine/UI
In directory sc8-pr-cvs1:/tmp/cvs-serv386

Modified Files:
      Tag: v0/18/1
	HTML.pm 
Log Message:
Backport of jgrahamc security patch:
Fix nasty security problem with jump_to_message where it was possible with the right combination of things to get the session key when you shouldn't be able to, and bypass the password screen

Index: HTML.pm
===================================================================
RCS file: /cvsroot/popfile/engine/UI/HTML.pm,v
retrieving revision 1.98.2.6
retrieving revision 1.98.2.7
diff -C2 -d -r1.98.2.6 -r1.98.2.7
*** HTML.pm	26 Apr 2003 10:21:39 -0000	1.98.2.6
--- HTML.pm	25 May 2003 03:10:42 -0000	1.98.2.7
***************
*** 3207,3234 ****
      }
  
-     if ( $url eq '/jump_to_message' )  {
-         my $found = 0;
-         my $file = $self->{form}{view};
-         foreach my $akey ( keys %{ $self->{history_} } ) {
-             if ($akey eq $file) {
-                 $found = 1;
-                 last;
-             }
-         }
-         
-         #Reset any filters
-         $self->{form}{filter}    = '';
-         $self->{form}{search}    = '';
-         $self->{form}{setsearch} = 1;        
- 
-         # Force a history_reload if we did not find this file in the history cache
-         # but we do find it on disk using perl's -e file test operator (returns
-         # true if the file exists).
- 
-         $self->invalidate_history_cache() if ( !$found && ( -e ("$self->{configuration}->{configuration}{msgdir}$file") ) );
-         $self->http_redirect( $client, "/history?session=$self->{session_key}&start_message=0&view=$self->{form}{view}#$self->{form}{view}" );
-         return 1;
-     }
- 
      if ( $url =~ /\/(.+\.gif)/ ) {
          http_file( $self,  $client, $1, 'image/gif' );
--- 3207,3210 ----
***************
*** 3267,3270 ****
--- 3243,3270 ----
      if ( ( (!defined($self->{form}{session})) || ($self->{form}{session} eq '' ) || ( $self->{form}{session} ne $self->{session_key} ) ) && ( $self->{configuration}->{configuration}{password} ne '' ) ) {
          password_page( $self, $client, 0, $url );
+         return 1;
+     }
+     
+     if ( $url eq '/jump_to_message' )  {
+         my $found = 0;
+         my $file = $self->{form}{view};
+         foreach my $akey ( keys %{ $self->{history_} } ) {
+             if ($akey eq $file) {
+                 $found = 1;
+                 last;
+             }
+         }
+         
+         #Reset any filters
+         $self->{form}{filter}    = '';
+         $self->{form}{search}    = '';
+         $self->{form}{setsearch} = 1;        
+ 
+         # Force a history_reload if we did not find this file in the history cache
+         # but we do find it on disk using perl's -e file test operator (returns
+         # true if the file exists).
+ 
+         $self->invalidate_history_cache() if ( !$found && ( -e ("$self->{configuration}->{configuration}{msgdir}$file") ) );
+         $self->http_redirect( $client, "/history?session=$self->{session_key}&start_message=0&view=$self->{form}{view}#$self->{form}{view}" );
          return 1;
      }