From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001 From: Aleksander Machniak <alec@alec.pl> Date: Tue, 22 Oct 2013 08:17:26 -0400 Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382) --- program/steps/settings/about.inc | 17 +++++++++-------- 1 files changed, 9 insertions(+), 8 deletions(-) diff --git a/program/steps/settings/about.inc b/program/steps/settings/about.inc index 6776321..9b13402 100644 --- a/program/steps/settings/about.inc +++ b/program/steps/settings/about.inc @@ -7,7 +7,10 @@ | This file is part of the Roundcube Webmail client | | Copyright (C) 2005-2011, The Roundcube Dev Team | | Copyright (C) 2011, Kolab Systems AG | - | Licensed under the GNU GPL | + | | + | Licensed under the GNU General Public License version 3 or | + | any later version with exceptions for skins & plugins. | + | See the README file for a full license statement. | | | | PURPOSE: | | Display license information about program and enabled plugins | @@ -15,18 +18,15 @@ +-----------------------------------------------------------------------+ | Author: Aleksander Machniak <alec@alec.pl> | +-----------------------------------------------------------------------+ - - $Id: identities.inc 4410 2011-01-12 18:25:02Z thomasb $ - */ function rcmail_supportlink($attrib) { global $RCMAIL; - + if ($url = $RCMAIL->config->get('support_url')) { - $label = $attrub['label'] ? $attrub['label'] : 'support'; + $label = $attrib['label'] ? $attrib['label'] : 'support'; $attrib['href'] = $url; return html::a($attrib, rcube_label($label)); } @@ -61,11 +61,11 @@ $table->add_header('source', rcube_label('source')); foreach ($plugins as $name => $data) { - $uri = $data['srcuri']; + $uri = $data['srcuri'] ? $data['srcuri'] : $data['uri']; if ($uri && stripos($uri, 'http') !== 0) { $uri = 'http://' . $uri; } - + $table->add_row(); $table->add('name', Q($data['name'] ? $data['name'] : $name)); $table->add('version', Q($data['version'])); @@ -87,6 +87,7 @@ 'license' => 'string(//rc:package/rc:license)', 'license_uri' => 'string(//rc:package/rc:license/@uri)', 'srcuri' => 'string(//rc:package/rc:srcuri)', + 'uri' => 'string(//rc:package/rc:uri)', ); $package = INSTALL_PATH . "/plugins/$name/package.xml"; -- Gitblit v1.9.1