From 539cd47824ec6b03b44f9f7c5af8a1e60df0458b Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Thu, 29 Sep 2005 16:30:10 -0400
Subject: [PATCH] Fix for URL injection vulnerability (Bug #1307966)

---
 index.php |   16 ++++++++++++++--
 1 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/index.php b/index.php
index 19623aa..bdccd37 100644
--- a/index.php
+++ b/index.php
@@ -267,7 +267,19 @@
   }
 
 
-// parse main template
-parse_template($_task);
+// only allow these templates to be included
+$valid_tasks = array('mail','settings','addressbook');
 
+// parse main template
+if (in_array($_task, $valid_tasks))
+  parse_template($_task);
+
+
+// if we arrive here, something went wrong
+raise_error(array('code' => 404,
+                  'type' => 'php',
+                  'line' => __LINE__,
+                  'file' => __FILE__,
+                  'message' => "Invalid request"), TRUE, TRUE);
+                      
 ?>
\ No newline at end of file

--
Gitblit v1.9.1