From: Tyler A. <fi...@us...> - 2001-03-16 15:42:29
|
Update of /cvsroot/squirrelmail/squirrelmail/src In directory usw-pr-cvs1:/tmp/cvs-serv30806 Modified Files: right_main.php Log Message: * Added the !== false bit to the strstr so that even if the first three characters are ../, this would register a hit properly. Index: right_main.php =================================================================== RCS file: /cvsroot/squirrelmail/squirrelmail/src/right_main.php,v retrieving revision 1.47 retrieving revision 1.48 diff -u -w -r1.47 -r1.48 --- right_main.php 2001/03/15 16:39:10 1.47 +++ right_main.php 2001/03/16 15:44:35 1.48 @@ -81,7 +81,7 @@ } // compensate for the UW vulnerability - if ($imap_server_type == 'uw' && (strstr($mailbox, '../') || + if ($imap_server_type == 'uw' && (strstr($mailbox, '../') !== false || substr($mailbox, 0, 1) == '/')) { $mailbox = 'INBOX'; } |