githubFork/roundcubemail.git - Solinfo Gitblit

githubFork / roundcubemail

Roundcubemail devel

blame | history | patch | commit | commitdiff | ignore whitespace

Fix XSS issue in href attribute on area tag (#5240, #5241)

Aleksander Machniak

2016-05-06 acf633c73bc8df9a5036bc52d7568f4213ab73c7

 program/include/rcmail_output_html.php

@@ -153,6 +153,17 @@
     */
    public function set_skin($skin)
    {
        // Sanity check to prevent from path traversal vulnerability (#1490620)
        if (strpos($skin, '/') !== false || strpos($skin, "\\") !== false) {
            rcube::raise_error(array(
                    'file'    => __FILE__,
                    'line'    => __LINE__,
                    'message' => 'Invalid skin name'
                ), true, false);

            return false;
        }

        $valid = false;
        $path  = RCUBE_INSTALL_PATH . 'skins/';

@@ -168,6 +179,8 @@
            $valid = !$skin;
        }

        $skin_path = rtrim($skin_path, '/');

        $this->config->set('skin_path', $skin_path);
        $this->base_path = $skin_path;