From ee883ad73d64639eb994a71e15b1a37c07ff3cb9 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 22 Dec 2006 16:45:21 -0500
Subject: [PATCH] Applied security patches by Kees Cook (Ubuntu) + little visual enhancements

---
 program/include/main.inc |   20 ++++++++++++++++++++
 1 files changed, 20 insertions(+), 0 deletions(-)

diff --git a/program/include/main.inc b/program/include/main.inc
index c57aa8a..a1c00d3 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -450,6 +450,26 @@
   if (!$host)
     $host = $CONFIG['default_host'];
 
+  // Validate that selected host is in the list of configured hosts
+  if (is_array($CONFIG['default_host']))
+    {
+    $allowed = FALSE;
+    foreach ($CONFIG['default_host'] as $key => $host_allowed)
+      {
+      if (!is_numeric($key))
+        $host_allowed = $key;
+      if ($host == $host_allowed)
+        {
+        $allowed = TRUE;
+        break;
+        }
+      }
+    if (!$allowed)
+      return FALSE;
+    }
+  else if (!empty($CONFIG['default_host']) && $host != $CONFIG['default_host'])
+    return FALSE;
+
   // parse $host URL
   $a_host = parse_url($host);
   if ($a_host['host'])

--
Gitblit v1.9.1