From: <pdo...@us...> - 2011-07-12 04:53:42
|
Revision: 14121 http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=14121&view=rev Author: pdontthink Date: 2011-07-12 04:53:35 +0000 (Tue, 12 Jul 2011) Log Message: ----------- Fix XSS problem with unsanitized style tags in messages [CVE-2011-2023] Modified Paths: -------------- branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog branches/SM-1_4-STABLE/squirrelmail/functions/mime.php Modified: branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog 2011-07-12 04:45:49 UTC (rev 14120) +++ branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog 2011-07-12 04:53:35 UTC (rev 14121) @@ -62,6 +62,7 @@ plugin, XSS hole in the Index Order page, and added anti-CSRF protection to the empty trash feature and the Index Order page (thanks to Nicholas Carlini for finding all these issues). [CVE-2010-4555] + - Fixed XSS problem with unsanitized style tags in messages. [CVE-2011-2023] Version 1.4.21 - 23 Jul 2010 ---------------------------- Modified: branches/SM-1_4-STABLE/squirrelmail/functions/mime.php =================================================================== --- branches/SM-1_4-STABLE/squirrelmail/functions/mime.php 2011-07-12 04:45:49 UTC (rev 14120) +++ branches/SM-1_4-STABLE/squirrelmail/functions/mime.php 2011-07-12 04:53:35 UTC (rev 14121) @@ -2159,6 +2159,15 @@ list($free_content, $curpos) = sq_fixstyle($body, $gt+1, $message, $id, $mailbox); if ($free_content != FALSE){ + $attary = sq_fixatts($tagname, + $attary, + $rm_attnames, + $bad_attvals, + $add_attr_to_tag, + $message, + $id, + $mailbox + ); $trusted .= sq_tagprint($tagname, $attary, $tagtype); $trusted .= $free_content; $trusted .= sq_tagprint($tagname, false, 2); This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |