From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 plugins/userinfo/userinfo.php |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/plugins/userinfo/userinfo.php b/plugins/userinfo/userinfo.php
index 0f1b18c..efb65f5 100644
--- a/plugins/userinfo/userinfo.php
+++ b/plugins/userinfo/userinfo.php
@@ -6,7 +6,9 @@
  */
 class userinfo extends rcube_plugin
 {
-  public $task = 'settings';
+  public $task    = 'settings';
+  public $noajax  = true;
+  public $noframe = true;
 
   function init()
   {
@@ -50,4 +52,4 @@
     return html::tag('h4', null, Q('Infos for ' . $user->get_username())) . $table->show();
   }
 
-}
\ No newline at end of file
+}

--
Gitblit v1.9.1