[SM-CVS] CVS: squirrelmail/src addressbook.php,1.58.2.19,1.58.2.20 printer_friendly_bottom.php,1.29.2.6,1.29.2.7 right_main.php,1.104.2.8,1.104.2.9

[Thijs K. <ki...@us...>]

Update of /cvsroot/squirrelmail/squirrelmail/src
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv32199/src

Modified Files:
      Tag: SM-1_4-STABLE
	addressbook.php printer_friendly_bottom.php right_main.php 
Log Message:
Fix serveral cross site scripting bugs found by Martijn Brinkers and
ourselves. Part 1/2, patch to magicHTML will follow. This is CAN-2005-1769.


Index: addressbook.php
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/src/addressbook.php,v
retrieving revision 1.58.2.19
retrieving revision 1.58.2.20
diff -u -w -r1.58.2.19 -r1.58.2.20
--- addressbook.php	8 Mar 2005 16:53:29 -0000	1.58.2.19
+++ addressbook.php	15 Jun 2005 21:12:04 -0000	1.58.2.20
@@ -282,7 +282,7 @@
                                  html_tag( 'tr',
                                      html_tag( 'td',
                                                "\n". '<strong><font color="' . $color[2] .
-                                               '">' . _("ERROR") . ': ' . $abook->error . '</font></strong>' ."\n",
+                                               '">' . _("ERROR") . ': ' . htmlspecialchars($abook->error) . '</font></strong>' ."\n",
                                                'center' )
                                            ),
                                        'center', '', 'width="100%"' );
@@ -336,7 +336,7 @@
             html_tag( 'tr',
                 html_tag( 'td',
                     "\n". '<br /><strong><font color="' . $color[2] .
-                    '">' . _("ERROR") . ': ' . $formerror . '</font></strong>' ."\n",
+                    '">' . _("ERROR") . ': ' . htmlspecialchars($formerror) . '</font></strong>' ."\n",
                     'center' )
                 ),
             'center', '', 'width="100%"' );
@@ -348,6 +348,7 @@
     /* Get and sort address list */
     $alist = $abook->list_addr();
     if(!is_array($alist)) {
+        $abook_error = htmlspecialchars($abook_error);
         plain_error_message($abook->error, $color);
         exit;
     }

Index: printer_friendly_bottom.php
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/src/printer_friendly_bottom.php,v
retrieving revision 1.29.2.6
retrieving revision 1.29.2.7
diff -u -w -r1.29.2.6 -r1.29.2.7
--- printer_friendly_bottom.php	28 Dec 2004 13:02:49 -0000	1.29.2.6
+++ printer_friendly_bottom.php	15 Jun 2005 21:12:05 -0000	1.29.2.7
@@ -33,7 +33,8 @@
 sqgetGlobalVar('passed_id', $passed_id, SQ_GET);
 sqgetGlobalVar('mailbox', $mailbox, SQ_GET);
 
-if (! sqgetGlobalVar('passed_ent_id', $passed_ent_id, SQ_GET) ) {
+if (! sqgetGlobalVar('passed_ent_id', $passed_ent_id, SQ_GET) ||
+    ! preg_match('/^\d+(\.\d+)*$/', $passed_ent_id) ) {
     $passed_ent_id = '';
 } 
 /* end globals */

Index: right_main.php
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/src/right_main.php,v
retrieving revision 1.104.2.8
retrieving revision 1.104.2.9
diff -u -w -r1.104.2.8 -r1.104.2.9
--- right_main.php	27 Dec 2004 15:04:00 -0000	1.104.2.8
+++ right_main.php	15 Jun 2005 21:12:05 -0000	1.104.2.9
@@ -165,7 +165,7 @@
 
 do_hook('right_main_after_header');
 if (isset($note)) {
-    echo html_tag( 'div', '<b>' . $note .'</b>', 'center' ) . "<br />\n";
+    echo html_tag( 'div', '<b>' . htmlspecialchars($note) .'</b>', 'center' ) . "<br />\n";
 }
 
 if ( sqgetGlobalVar('just_logged_in', $just_logged_in, SQ_SESSION) ) {