Roundcubemail devel
parent: 6521c207 | patch | commit | ignore whitespace
Aleksander Machniak
2015-12-22 10e5192a2b1bc90ec137f5e69d0aa072c1210d6d 
Fix path traversal vulnerability in setting a skin (#1490620)
2 files modified
12 ■■■■■ changed files
CHANGELOG 1 ●●●● patch | view | raw | blame | history
program/include/rcmail_output_html.php 11 ●●●●● patch | view | raw | blame | history 
 CHANGELOG


@@ -5,6 +5,7 @@


- Fix regression in displaying contents of message/rfc822 parts (#1490606)


- Fix handling of message/rfc822 attachments on replies and forwards (#1490607)


- Fix PDF support detection in Firefox > 19 (#1490610)


- Fix path traversal vulnerability in setting a skin (#1490620)




RELEASE 1.2-beta


----------------




 program/include/rcmail_output_html.php


@@ -224,6 +224,17 @@


     */


    public function set_skin($skin)


    {


        // Sanity check to prevent from path traversal vulnerability (#1490620)


        if (strpos($skin, '/') !== false || strpos($skin, "\\") !== false) {


            rcube::raise_error(array(


                    'file'    => __FILE__,


                    'line'    => __LINE__,


                    'message' => 'Invalid skin name'


                ), true, false);




            return false;


        }




        $valid = false;


        $path  = RCUBE_INSTALL_PATH . 'skins/';