From acf633c73bc8df9a5036bc52d7568f4213ab73c7 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 06 May 2016 02:32:01 -0400
Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241)
---
program/include/iniset.php | 25 +++++++------------------
1 files changed, 7 insertions(+), 18 deletions(-)
diff --git a/program/include/iniset.php b/program/include/iniset.php
index b32ae4e..29f267b 100644
--- a/program/include/iniset.php
+++ b/program/include/iniset.php
@@ -5,7 +5,7 @@
| program/include/iniset.php |
| |
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2008-2013, The Roundcube Dev Team |
+ | Copyright (C) 2008-2014, The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
@@ -21,23 +21,8 @@
*/
// application constants
-define('RCMAIL_VERSION', '1.0-git');
+define('RCMAIL_VERSION', '1.0.9');
define('RCMAIL_START', microtime(true));
-
-$config = array(
- // Some users are not using Installer, so we'll check some
- // critical PHP settings here. Only these, which doesn't provide
- // an error/warning in the logs later. See (#1486307).
- 'suhosin.session.encrypt' => 0,
- 'session.auto_start' => 0,
- 'file_uploads' => 1,
-);
-foreach ($config as $optname => $optval) {
- if ($optval != ini_get($optname) && @ini_set($optname, $optval) === false) {
- die("ERROR: Wrong '$optname' option value and it wasn't possible to set it to required value ($optval).\n"
- ."Check your PHP configuration (including php_admin_flag).");
- }
-}
if (!defined('INSTALL_PATH')) {
define('INSTALL_PATH', dirname($_SERVER['SCRIPT_FILENAME']).'/');
@@ -69,6 +54,11 @@
// (does not work in safe mode)
@set_time_limit(120);
+// include composer autoloader (if available)
+if (@file_exists('vendor/autoload.php')) {
+ require 'vendor/autoload.php';
+}
+
// include Roundcube Framework
require_once 'Roundcube/bootstrap.php';
@@ -94,4 +84,3 @@
return false;
}
-
--
Gitblit v1.9.1