From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 plugins/help/help.php |   14 ++++++--------
 1 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/plugins/help/help.php b/plugins/help/help.php
index ad7dbf0..4b11dce 100644
--- a/plugins/help/help.php
+++ b/plugins/help/help.php
@@ -42,12 +42,11 @@
             'label'      => 'help.help',
         ), 'taskbar');
 
-        $skin = $rcmail->config->get('skin');
-        if (!file_exists($this->home."/skins/$skin/help.css"))
-            $skin = 'default';
-
-        // add style for taskbar button (must be here) and Help UI    
-        $this->include_stylesheet("skins/$skin/help.css");
+        // add style for taskbar button (must be here) and Help UI
+        $skin_path = $this->local_skin_path();
+        if (is_file($this->home . "/$skin_path/help.css")) {
+            $this->include_stylesheet("$skin_path/help.css");
+        }
     }
 
     function action()
@@ -91,8 +90,7 @@
 
         $attrib['name'] = $attrib['id'];
 
-        return html::tag('iframe', $attrib, '', array(
-            'id', 'class', 'style', 'src', 'width', 'height', 'frameborder'));
+        return $rcmail->output->frame($attrib);
     }
 
 }

--
Gitblit v1.9.1