Update of /cvsroot/squirrelmail/squirrelmail/src
In directory usw-pr-cvs1:/tmp/cvs-serv4846/src
* Removed potential security loophole that I inadvertantly added.
Config vars used to be able to be overwritten by global data if
gpc_magic_quotes() was enabled.
RCS file: /cvsroot/squirrelmail/squirrelmail/src/validate.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -w -r1.3 -r1.4
--- validate.php 2001/04/26 14:28:02 1.3
+++ validate.php 2001/04/26 17:32:22 1.4
@@ -17,11 +17,6 @@
- // Everyone needs stuff from config, and config needs stuff from
- // strings.php, so include them both here.
- include ('../functions/strings.php');
- include ('../config/config.php');
@@ -105,4 +100,11 @@
+ // Everyone needs stuff from config, and config needs stuff from
+ // strings.php, so include them both here.
+ // Include them down here instead of at the top so that all config
+ // variables overwrite any passed in variables (for security)
+ include ('../functions/strings.php');
+ include ('../config/config.php');
Get latest updates about Open Source Projects, Conferences and News.