From: Jonathan A. <jan...@us...> - 2004-03-28 12:01:29
|
Update of /cvsroot/squirrelmail/squirrelmail/functions In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv21243/functions Modified Files: page_header.php Log Message: Fix part 1 for XSS issue... call page like this: src/compose.php?mailbox="><script>alert('Nuts!');</script> Because this file is included in other pages, it could affect others too. Index: page_header.php =================================================================== RCS file: /cvsroot/squirrelmail/squirrelmail/functions/page_header.php,v retrieving revision 1.163 retrieving revision 1.164 diff -u -w -r1.163 -r1.164 --- page_header.php 24 Feb 2004 15:50:52 -0000 1.163 +++ page_header.php 28 Mar 2004 11:50:13 -0000 1.164 @@ -277,8 +277,8 @@ echo "<body text=\"$color[8]\" bgcolor=\"$color[4]\" link=\"$color[7]\" vlink=\"$color[7]\" alink=\"$color[7]\" $onload>\n\n"; /** Here is the header and wrapping table **/ - $shortBoxName = imap_utf7_decode_local( - readShortMailboxName($mailbox, $delimiter)); + $shortBoxName = htmlspecialchars(imap_utf7_decode_local( + readShortMailboxName($mailbox, $delimiter))); if ( $shortBoxName == 'INBOX' ) { $shortBoxName = _("INBOX"); } |