[prev in list] [next in list] [prev in thread] [next in thread]
List: squirrelmail-cvs
Subject: [SM-CVS] CVS: squirrelmail/functions mime.php,1.265.2.27,1.265.2.28
From: Marc Groot Koerkamp <stekkel () users ! sourceforge ! net>
Date: 2004-05-23 16:14:15
Message-ID: E1BRvc7-0004o8-Dn () sc8-pr-cvs1 ! sourceforge ! net
[Download RAW message or body]
Update of /cvsroot/squirrelmail/squirrelmail/functions
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv18342/functions
Modified Files:
Tag: SM-1_4-STABLE
mime.php
Log Message:
Fixed XSS vulnarability spotted by "Roman Medina" after a very
thorough research of the SquirrelMail source. I was impressed.
Index: mime.php
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/functions/mime.php,v
retrieving revision 1.265.2.27
retrieving revision 1.265.2.28
diff -u -w -r1.265.2.27 -r1.265.2.28
--- mime.php 3 May 2004 18:50:15 -0000 1.265.2.27
+++ mime.php 23 May 2004 16:14:11 -0000 1.265.2.28
@@ -505,7 +505,9 @@
'<A \
HREF="'.$defaultlink.'">'.decodeHeader($display_filename).'</A> </TD>' \
.
'<TD><SMALL><b>' . show_readable_size($header->size) .
'</b> </small></TD>' .
- "<TD><SMALL>[ $type0/$type1 ] </SMALL></TD>" .
+ '<TD><SMALL>[ '.
+ htmlspecialchars($type0).'/'.htmlspecialchars($type1).
+ ' ] </SMALL></TD>'.
'<TD><SMALL>';
$attachments .= '<b>' . $description . '</b>';
$attachments .= '</SMALL></TD><TD><SMALL> ';
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
--
squirrelmail-cvs mailing list
List Address: squirrelmail-cvs@lists.sourceforge.net
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
http://squirrelmail.org/cvs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic