From: Tomas K. <to...@us...> - 2006-09-30 07:38:07
|
Update of /cvsroot/squirrelmail/squirrelmail In directory sc8-pr-cvs8.sourceforge.net:/tmp/cvs-serv5404 Modified Files: Tag: SM-1_4-STABLE ChangeLog Log Message: block uw mailbox abuse in imap select command instead of applying same code in all scripts that get $mailbox from GET or POST. don't check imap_server_type, because interface can be used with different type setting. display error message instead of silently overriding $mailbox. (#1557078) Index: ChangeLog =================================================================== RCS file: /cvsroot/squirrelmail/squirrelmail/ChangeLog,v retrieving revision 1.332.2.385 retrieving revision 1.332.2.386 diff -u -w -r1.332.2.385 -r1.332.2.386 --- ChangeLog 30 Aug 2006 07:44:54 -0000 1.332.2.385 +++ ChangeLog 30 Sep 2006 07:38:03 -0000 1.332.2.386 @@ -15,6 +15,8 @@ - Provide View Unsafe Images link on viewing a text/html attachment. - Fix variable typo in folders_create.php (#1545316). - Added Courier IMAP OUTBOX check to configtest utility. + - If mailbox name starts with slash or contains ../, error message is + generated. Safety check for insecure default UW IMAP setup (#1557078). Version 1.4.8 - 11th August 2006 -------------------------------- |