githubFork/roundcubemail.git

Roundcubemail devel

parent: 5529d94e | patch | commit | ignore whitespace

Fix XSS vulnerability in _mbox argument handling (#1490417)

Aleksander Machniak

2015-05-30 15fd8f9dc7e3919de5747a7bd3087be101daee5a

Fix XSS vulnerability in _mbox argument handling (#1490417)

2 files modified

	CHANGELOG	1 ●●●●● patch \| view \| raw \| blame \| history
	program/include/rcmail.php	2 ●●●●● patch \| view \| raw \| blame \| history

 CHANGELOG

@@ -28,6 +28,7 @@
- Fix potential info disclosure issue by protecting directory access (#1490378)
- Fix blank image in html_signature when saving identity changes (#1490412)
- Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402)
- Fix XSS vulnerability in _mbox argument handling (#1490417)

RELEASE 1.1.1
-------------

 program/include/rcmail.php

@@ -1820,7 +1820,7 @@
            }
            else {
                $error = 'servererrormsg';
                $args  = array('msg' => $err_str);
                $args  = array('msg' => rcube::Q($err_str));
            }
        }
        else if ($err_code < 0) {

			@@ -28,6 +28,7 @@
			- Fix potential info disclosure issue by protecting directory access (#1490378)
			- Fix blank image in html_signature when saving identity changes (#1490412)
			- Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402)
			- Fix XSS vulnerability in _mbox argument handling (#1490417)

			RELEASE 1.1.1
			-------------

			@@ -1820,7 +1820,7 @@
			}
			else {
			$error = 'servererrormsg';
			$args = array('msg' => $err_str);
			$args = array('msg' => rcube::Q($err_str));
			}
			}
			else if ($err_code < 0) {