From 95d28926865d8a0d6fd009ebd73c0fc78c19d183 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Thu, 04 Oct 2012 10:59:37 -0400
Subject: [PATCH] Fix HTTP User-Agent XSS vulnerability (#1488737)

---
 program/include/rcube_result_index.php |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/program/include/rcube_result_index.php b/program/include/rcube_result_index.php
index cc1615d..334ec85 100644
--- a/program/include/rcube_result_index.php
+++ b/program/include/rcube_result_index.php
@@ -61,10 +61,14 @@
         for ($i=0, $len=count($data); $i<$len; $i++) {
             $data_item = &$data[$i];
             if (preg_match('/^ SORT/i', $data_item)) {
+                // valid response, initialize raw_data for is_error()
+                $this->raw_data = '';
                 $data_item = substr($data_item, 5);
                 break;
             }
             else if (preg_match('/^ (E?SEARCH)/i', $data_item, $m)) {
+                // valid response, initialize raw_data for is_error()
+                $this->raw_data = '';
                 $data_item = substr($data_item, strlen($m[0]));
 
                 if (strtoupper($m[1]) == 'ESEARCH') {

--
Gitblit v1.9.1