From 95d28926865d8a0d6fd009ebd73c0fc78c19d183 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Thu, 04 Oct 2012 10:59:37 -0400
Subject: [PATCH] Fix HTTP User-Agent XSS vulnerability (#1488737)

---
 program/include/clisetup.php |   65 +++++++++++++++++---------------
 1 files changed, 35 insertions(+), 30 deletions(-)

diff --git a/program/include/clisetup.php b/program/include/clisetup.php
index 01d7291..a9af90a 100644
--- a/program/include/clisetup.php
+++ b/program/include/clisetup.php
@@ -5,8 +5,11 @@
  | program/include/clisetup.php                                          |
  |                                                                       |
  | This file is part of the Roundcube Webmail client                     |
- | Copyright (C) 2010, The Roundcube Dev Team                            |
- | Licensed under the GNU GPL                                            |
+ | Copyright (C) 2010-2012, The Roundcube Dev Team                       |
+ |                                                                       |
+ | Licensed under the GNU General Public License version 3 or            |
+ | any later version with exceptions for skins & plugins.                |
+ | See the README file for a full license statement.                     |
  |                                                                       |
  | PURPOSE:                                                              |
  |   Setup the command line environment and provide some utitlity        |
@@ -14,9 +17,6 @@
  +-----------------------------------------------------------------------+
  | Author: Thomas Bruederli <roundcube@gmail.com>                        |
  +-----------------------------------------------------------------------+
-
- $Id$
-
 */
 
 if (php_sapi_name() != 'cli') {
@@ -31,33 +31,38 @@
 /**
  * Parse commandline arguments into a hash array
  */
-function get_opt($aliases=array())
+function get_opt($aliases = array())
 {
-	$args = array();
-	for ($i=1; $i<count($_SERVER['argv']); $i++)
-	{
-		$arg = $_SERVER['argv'][$i];
-		if (substr($arg, 0, 2) == '--')
-		{
-			$sp = strpos($arg, '=');
-			$key = substr($arg, 2, $sp - 2);
-			$value = substr($arg, $sp+1);
-		}
-		else if ($arg{0} == '-')
-		{
-			$key = substr($arg, 1);
-			$value = $_SERVER['argv'][++$i];
-		}
-		else
-			continue;
+    $args = array();
 
-		$args[$key] = preg_replace(array('/^["\']/', '/["\']$/'), '', $value);
-		
-		if ($alias = $aliases[$key])
-			$args[$alias] = $args[$key];
-	}
+    for ($i=1; $i < count($_SERVER['argv']); $i++) {
+        $arg   = $_SERVER['argv'][$i];
+        $value = true;
+        $key   = null;
 
-	return $args;
+        if ($arg[0] == '-') {
+            $key = preg_replace('/^-+/', '', $arg);
+            $sp  = strpos($arg, '=');
+            if ($sp > 0) {
+                $key   = substr($key, 0, $sp - 2);
+                $value = substr($arg, $sp+1);
+            }
+            else if (strlen($_SERVER['argv'][$i+1]) && $_SERVER['argv'][$i+1][0] != '-') {
+                $value = $_SERVER['argv'][++$i];
+            }
+
+            $args[$key] = is_string($value) ? preg_replace(array('/^["\']/', '/["\']$/'), '', $value) : $value;
+        }
+        else {
+            $args[] = $arg;
+        }
+
+        if ($alias = $aliases[$key]) {
+            $args[$alias] = $args[$key];
+        }
+    }
+
+    return $args;
 }
 
 
@@ -89,4 +94,4 @@
   }
 }
 
-?>
\ No newline at end of file
+?>

--
Gitblit v1.9.1