Fixed XSS vulnerability (Bug #1484109)

thomascube

2006-11-22 e34ae17809c3dff8ed870405ffed4e0077cb8512

Fixed XSS vulnerability (Bug #1484109)

 index.php

@@ -2,7 +2,7 @@
/*
 +-----------------------------------------------------------------------+
 | RoundCube Webmail IMAP Client                                         |
 | Version 0.1-20060907                                                  |
 | Version 0.1-20061122                                                  |
 |                                                                       |
 | Copyright (C) 2005-2006, RoundCube Dev. - Switzerland                 |
 | Licensed under the GNU GPL                                            |
@@ -40,7 +40,7 @@

*/

define('RCMAIL_VERSION', '0.1-20060907');
define('RCMAIL_VERSION', '0.1-20061122');

// define global vars
$CHARSET = 'UTF-8';
@@ -90,11 +90,12 @@


// catch some url/post parameters
$_task = get_input_value('_task', RCUBE_INPUT_GPC);
$_action = get_input_value('_action', RCUBE_INPUT_GPC);
$_task = strip_quotes(get_input_value('_task', RCUBE_INPUT_GPC));
$_action = strip_quotes(get_input_value('_action', RCUBE_INPUT_GPC));
$_framed = (!empty($_GET['_framed']) || !empty($_POST['_framed']));

if (empty($_task))
// use main task if empty or invalid value
if (empty($_task) || !in_array($_task, $MAIN_TASKS))
  $_task = 'mail';

if (!empty($_GET['_remote']))
@@ -372,9 +373,7 @@


// parse main template
// only allow these templates to be included
if (in_array($_task, $MAIN_TASKS))
  parse_template($_task);
parse_template($_task);


// if we arrive here, something went wrong

 program/include/main.inc

@@ -1063,7 +1063,13 @@
    return $value;
  }


/**
 * Remove single and double quotes from given string
 */
function strip_quotes($str)
{
  return preg_replace('/[\'"]/', '', $str);
}


// ************** template parsing and gui functions **************