githubFork/roundcubemail.git

Roundcubemail devel

parent: 9877f898 | patch | commit | ignore whitespace

Fix XSS vulnerability in _mbox argument handling (#1490417)

Aleksander Machniak

2015-05-30 b782815dacda55eee6793249b5da1789256206fc

Fix XSS vulnerability in _mbox argument handling (#1490417)

2 files modified

	CHANGELOG	1 ●●●●● patch \| view \| raw \| blame \| history
	program/include/rcmail.php	2 ●●●●● patch \| view \| raw \| blame \| history

 CHANGELOG

@@ -39,6 +39,7 @@
- Fix potential info disclosure issue by protecting directory access (#1490378)
- Fix blank image in html_signature when saving identity changes (#1490412)
- Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402)
- Fix XSS vulnerability in _mbox argument handling (#1490417)

RELEASE 1.1.1
-------------

 program/include/rcmail.php

@@ -1822,7 +1822,7 @@
            }
            else {
                $error = 'servererrormsg';
                $args  = array('msg' => $err_str);
                $args  = array('msg' => rcube::Q($err_str));
            }
        }
        else if ($err_code < 0) {

			@@ -39,6 +39,7 @@
			- Fix potential info disclosure issue by protecting directory access (#1490378)
			- Fix blank image in html_signature when saving identity changes (#1490412)
			- Installer: Use openssl_random_pseudo_bytes() (if available) to generate des_key (#1490402)
			- Fix XSS vulnerability in _mbox argument handling (#1490417)

			RELEASE 1.1.1
			-------------

			@@ -1822,7 +1822,7 @@
			}
			else {
			$error = 'servererrormsg';
			$args = array('msg' => $err_str);
			$args = array('msg' => rcube::Q($err_str));
			}
			}
			else if ($err_code < 0) {