githubFork/roundcubemail.git

parent: 8af77575 | patch | commit | ignore whitespace

Applied security patches by Kees Cook (Ubuntu) + little visual enhancements

thomascube

2006-12-22 ee883ad73d64639eb994a71e15b1a37c07ff3cb9

Applied security patches by Kees Cook (Ubuntu) + little visual enhancements

1 files added

7 files modified

	CHANGELOG	9 ●●●●● patch \| view \| raw \| blame \| history
	program/blocked.gif	patch \| view \| raw \| blame \| history
	program/include/main.inc	20 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/addressbook/delete.inc	4 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/mail/func.inc	7 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/mail/sendmail.inc	2 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/settings/delete_identity.inc	4 ●●●●● patch \| view \| raw \| blame \| history
	skins/default/mail.css	9 ●●●●● patch \| view \| raw \| blame \| history

 CHANGELOG

@@ -1,6 +1,15 @@
CHANGELOG RoundCube Webmail
---------------------------

2006/12/22 (thomasb)
----------
- Applied security patch to validate the submitted host value (by Kees Cook)
- Applied security patch to validate input values when deleting contacts (by Kees Cook)
- Applied security patch that sanitizes emoticon paths when attaching them (by Kees Cook)
- Applied a patch to more aggressively sanitize a HTML message
- Visualize blocked images in HTML messages


2006/12/20 (thomasb)
----------
- Fixed wrong message listing when showing search results (closes #1484131)

 program/blocked.gif


 program/include/main.inc

@@ -450,6 +450,26 @@
  if (!$host)
    $host = $CONFIG['default_host'];

  // Validate that selected host is in the list of configured hosts
  if (is_array($CONFIG['default_host']))
    {
    $allowed = FALSE;
    foreach ($CONFIG['default_host'] as $key => $host_allowed)
      {
      if (!is_numeric($key))
        $host_allowed = $key;
      if ($host == $host_allowed)
        {
        $allowed = TRUE;
        break;
        }
      }
    if (!$allowed)
      return FALSE;
    }
  else if (!empty($CONFIG['default_host']) && $host != $CONFIG['default_host'])
    return FALSE;

  // parse $host URL
  $a_host = parse_url($host);
  if ($a_host['host'])

 program/steps/addressbook/delete.inc

@@ -21,7 +21,7 @@

$REMOTE_REQUEST = TRUE;

if ($_GET['_cid'])
if ($_GET['_cid'] && preg_match('/^[0-9]+(,[0-9]+)*$/',$_GET['_cid']))
  {
  $DB->query("UPDATE ".get_table_name('contacts')."
              SET    del=1
@@ -96,4 +96,4 @@
  }

exit;
?>
?>

 program/steps/mail/func.inc

@@ -739,7 +739,7 @@
                               '/url\s*\(["\']?([\.\/]+[^"\'\s]+)["\']?\)/i',
                               '/<script.+<\/script>/Umis');

      $remote_replaces = array('<img \\1src=\\2./program/blank.gif\\4',
      $remote_replaces = array('<img \\1src=\\2./program/blocked.gif\\4',
                               '',
                               '',
                               '',
@@ -1210,7 +1210,8 @@
    }

  // replace event handlers on any object
  $body = preg_replace('/\s(on[a-z]+)=/im', ' __removed=', $body);  
  $body = preg_replace('/\s(on[^=]+)=/im', ' __removed=', $body);  
  $body = preg_replace('/\shref=["\']?(javascript:)/im', 'null:', $body);

  // resolve <base href>
  $base_reg = '/(<base.*href=["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)([^<]*>)/i';
@@ -1251,7 +1252,7 @@
  if (stristr((string)$attrib['href'], 'mailto:'))
    $attrib['onclick'] = sprintf("return %s.command('compose','%s',this)",
                                 $GLOBALS['JS_OBJECT_NAME'],
                                 substr($attrib['href'], 7));
                                 JQ(substr($attrib['href'], 7)));
  else if (!empty($attrib['href']) && $attrib['href']{0}!='#')
    $attrib['target'] = '_blank';
  

 program/steps/mail/sendmail.inc

@@ -100,6 +100,8 @@
    $image_name = substr($body,
                         $pos + strlen($searchstr),
                         $pos2 - ($pos + strlen($searchstr)));
    // sanitize image name so resulting attachment doesn't leave images dir
    $image_name = preg_replace('/[^a-zA-Z0-9_\.\-]/i','',$image_name);

    $body_post = substr($body, $pos2);


 program/steps/settings/delete_identity.inc

@@ -21,7 +21,7 @@

$REMOTE_REQUEST = $_GET['_remote'] ? TRUE : FALSE;

if ($_GET['_iid'])
if ($_GET['_iid'] && preg_match('/^[0-9]+(,[0-9]+)*$/',$_GET['_iid']))
  {
  $DB->query("UPDATE ".get_table_name('identities')."
              SET    del=1
@@ -50,4 +50,4 @@

// overwrite action variable  
$OUTPUT->add_script(sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $_action));
?>
?>

 skins/default/mail.css

@@ -152,8 +152,15 @@

#messagepartframe
{
  position: absolute;
  top: 0px;
  left: 0px;
  right: 0px;
  bottom: 0px;
  width: auto;
  height: auto;
  border: 1px solid #999999;
  background-color: #F9F9F9;  
  background-color: #F9F9F9;
}

			@@ -1,6 +1,15 @@
			CHANGELOG RoundCube Webmail
			---------------------------

			2006/12/22 (thomasb)
			----------
			- Applied security patch to validate the submitted host value (by Kees Cook)
			- Applied security patch to validate input values when deleting contacts (by Kees Cook)
			- Applied security patch that sanitizes emoticon paths when attaching them (by Kees Cook)
			- Applied a patch to more aggressively sanitize a HTML message
			- Visualize blocked images in HTML messages


			2006/12/20 (thomasb)
			----------
			- Fixed wrong message listing when showing search results (closes #1484131)

			@@ -450,6 +450,26 @@
			if (!$host)
			$host = $CONFIG['default_host'];

			// Validate that selected host is in the list of configured hosts
			if (is_array($CONFIG['default_host']))
			{
			$allowed = FALSE;
			foreach ($CONFIG['default_host'] as $key => $host_allowed)
			{
			if (!is_numeric($key))
			$host_allowed = $key;
			if ($host == $host_allowed)
			{
			$allowed = TRUE;
			break;
			}
			}
			if (!$allowed)
			return FALSE;
			}
			else if (!empty($CONFIG['default_host']) && $host != $CONFIG['default_host'])
			return FALSE;

			// parse $host URL
			$a_host = parse_url($host);
			if ($a_host['host'])

			@@ -21,7 +21,7 @@

			$REMOTE_REQUEST = TRUE;

			if ($_GET['_cid'])
			if ($_GET['_cid'] && preg_match('/^[0-9]+(,[0-9]+)*$/',$_GET['_cid']))
			{
			$DB->query("UPDATE ".get_table_name('contacts')."
			SET del=1
			@@ -96,4 +96,4 @@
			}

			exit;
			?>
			?>

			@@ -739,7 +739,7 @@
			'/url\s*\(["\']?([\.\/]+[^"\'\s]+)["\']?\)/i',
			'/<script.+<\/script>/Umis');

			$remote_replaces = array('<img \\1src=\\2./program/blank.gif\\4',
			$remote_replaces = array('<img \\1src=\\2./program/blocked.gif\\4',
			'',
			'',
			'',
			@@ -1210,7 +1210,8 @@
			}

			// replace event handlers on any object
			$body = preg_replace('/\s(on[a-z]+)=/im', ' __removed=', $body);
			$body = preg_replace('/\s(on[^=]+)=/im', ' __removed=', $body);
			$body = preg_replace('/\shref=["\']?(javascript:)/im', 'null:', $body);

			// resolve <base href>
			$base_reg = '/(<base.href=["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)([^<]>)/i';
			@@ -1251,7 +1252,7 @@
			if (stristr((string)$attrib['href'], 'mailto:'))
			$attrib['onclick'] = sprintf("return %s.command('compose','%s',this)",
			$GLOBALS['JS_OBJECT_NAME'],
			substr($attrib['href'], 7));
			JQ(substr($attrib['href'], 7)));
			else if (!empty($attrib['href']) && $attrib['href']{0}!='#')
			$attrib['target'] = '_blank';

			@@ -100,6 +100,8 @@
			$image_name = substr($body,
			$pos + strlen($searchstr),
			$pos2 - ($pos + strlen($searchstr)));
			// sanitize image name so resulting attachment doesn't leave images dir
			$image_name = preg_replace('/[^a-zA-Z0-9_\.\-]/i','',$image_name);

			$body_post = substr($body, $pos2);

			@@ -21,7 +21,7 @@

			$REMOTE_REQUEST = $_GET['_remote'] ? TRUE : FALSE;

			if ($_GET['_iid'])
			if ($_GET['_iid'] && preg_match('/^[0-9]+(,[0-9]+)*$/',$_GET['_iid']))
			{
			$DB->query("UPDATE ".get_table_name('identities')."
			SET del=1
			@@ -50,4 +50,4 @@

			// overwrite action variable
			$OUTPUT->add_script(sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $_action));
			?>
			?>

			@@ -152,8 +152,15 @@

			#messagepartframe
			{
			position: absolute;
			top: 0px;
			left: 0px;
			right: 0px;
			bottom: 0px;
			width: auto;
			height: auto;
			border: 1px solid #999999;
			background-color: #F9F9F9;
			background-color: #F9F9F9;
			}