Roundcubemail devel
parent: 9fbabc46 | patch | commit | ignore whitespace
Aleksander Machniak
2015-12-22 89a5dcb946fb34d39617b52572d8e9fe90d10617 
Fix path traversal vulnerability in setting a skin (#1490620)

Conflicts:

	CHANGELOG
2 files modified
12 ■■■■■ changed files
CHANGELOG 1 ●●●● patch | view | raw | blame | history
program/include/rcmail_output_html.php 11 ●●●●● patch | view | raw | blame | history 
 CHANGELOG


@@ -17,6 +17,7 @@


- Fix regression in displaying contents of message/rfc822 parts (#1490606)


- Fix handling of message/rfc822 attachments on replies and forwards (#1490607)


- Fix PDF support detection in Firefox > 19 (#1490610)


- Fix path traversal vulnerability in setting a skin (#1490620)




RELEASE 1.1.3


-------------




 program/include/rcmail_output_html.php


@@ -225,6 +225,17 @@


     */


    public function set_skin($skin)


    {


        // Sanity check to prevent from path traversal vulnerability (#1490620)


        if (strpos($skin, '/') !== false || strpos($skin, "\\") !== false) {


            rcube::raise_error(array(


                    'file'    => __FILE__,


                    'line'    => __LINE__,


                    'message' => 'Invalid skin name'


                ), true, false);




            return false;


        }




        $valid = false;


        $path  = RCUBE_INSTALL_PATH . 'skins/';