From e34ae17809c3dff8ed870405ffed4e0077cb8512 Mon Sep 17 00:00:00 2001 From: thomascube <thomas@roundcube.net> Date: Wed, 22 Nov 2006 06:42:37 -0500 Subject: [PATCH] Fixed XSS vulnerability (Bug #1484109) --- index.php | 15 +++++++-------- program/include/main.inc | 8 +++++++- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/index.php b/index.php index 4e9dee1..4bf9d94 100644 --- a/index.php +++ b/index.php @@ -2,7 +2,7 @@ /* +-----------------------------------------------------------------------+ | RoundCube Webmail IMAP Client | - | Version 0.1-20060907 | + | Version 0.1-20061122 | | | | Copyright (C) 2005-2006, RoundCube Dev. - Switzerland | | Licensed under the GNU GPL | @@ -40,7 +40,7 @@ */ -define('RCMAIL_VERSION', '0.1-20060907'); +define('RCMAIL_VERSION', '0.1-20061122'); // define global vars $CHARSET = 'UTF-8'; @@ -90,11 +90,12 @@ // catch some url/post parameters -$_task = get_input_value('_task', RCUBE_INPUT_GPC); -$_action = get_input_value('_action', RCUBE_INPUT_GPC); +$_task = strip_quotes(get_input_value('_task', RCUBE_INPUT_GPC)); +$_action = strip_quotes(get_input_value('_action', RCUBE_INPUT_GPC)); $_framed = (!empty($_GET['_framed']) || !empty($_POST['_framed'])); -if (empty($_task)) +// use main task if empty or invalid value +if (empty($_task) || !in_array($_task, $MAIN_TASKS)) $_task = 'mail'; if (!empty($_GET['_remote'])) @@ -372,9 +373,7 @@ // parse main template -// only allow these templates to be included -if (in_array($_task, $MAIN_TASKS)) - parse_template($_task); +parse_template($_task); // if we arrive here, something went wrong diff --git a/program/include/main.inc b/program/include/main.inc index da449c6..55336fd 100644 --- a/program/include/main.inc +++ b/program/include/main.inc @@ -1063,7 +1063,13 @@ return $value; } - +/** + * Remove single and double quotes from given string + */ +function strip_quotes($str) +{ + return preg_replace('/[\'"]/', '', $str); +} // ************** template parsing and gui functions ************** -- Gitblit v1.9.1