From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/steps/settings/edit_prefs.inc |   12 +++++++-----
 1 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/program/steps/settings/edit_prefs.inc b/program/steps/settings/edit_prefs.inc
index 6e03b08..971ed60 100644
--- a/program/steps/settings/edit_prefs.inc
+++ b/program/steps/settings/edit_prefs.inc
@@ -17,9 +17,6 @@
  +-----------------------------------------------------------------------+
  | Author: Thomas Bruederli <roundcube@gmail.com>                        |
  +-----------------------------------------------------------------------+
-
- $Id: func.inc 2822 2009-07-31 09:07:54Z alec $
-
 */
 
 if (!$OUTPUT->ajax_call)
@@ -51,8 +48,13 @@
         if ($option['advanced'])
 	      $table->set_row_attribs('advanced');
 
-        $table->add('title', $option['title']);
-	    $table->add(null, $option['content']);
+        if (isset($option['title'])) {
+          $table->add('title', $option['title']);
+  	      $table->add(null, $option['content']);
+        }
+        else {
+          $table->add(array('colspan' => 2), $option['content']);
+        }
       }
 
       $out .= html::tag('fieldset', null, html::tag('legend', null, $block['name']) . $table->show($attrib));

--
Gitblit v1.9.1