From acf633c73bc8df9a5036bc52d7568f4213ab73c7 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 06 May 2016 02:32:01 -0400
Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241)

---
 program/lib/Roundcube/rcube_plugin.php |    6 +++++-
 1 files changed, 5 insertions(+), 1 deletions(-)

diff --git a/program/lib/Roundcube/rcube_plugin.php b/program/lib/Roundcube/rcube_plugin.php
index aa6d837..f0af953 100644
--- a/program/lib/Roundcube/rcube_plugin.php
+++ b/program/lib/Roundcube/rcube_plugin.php
@@ -125,13 +125,17 @@
         $fpath = $this->home.'/'.$fname;
         $rcube = rcube::get_instance();
 
-        if (is_file($fpath) && !$rcube->config->load_from_file($fpath)) {
+        if (($is_local = is_file($fpath)) && !$rcube->config->load_from_file($fpath)) {
             rcube::raise_error(array(
                 'code' => 527, 'type' => 'php',
                 'file' => __FILE__, 'line' => __LINE__,
                 'message' => "Failed to load config from $fpath"), true, false);
             return false;
         }
+        else if (!$is_local) {
+            // Search plugin_name.inc.php file in any configured path
+            return $rcube->config->load_from_file($this->ID . '.inc.php');
+        }
 
         return true;
     }

--
Gitblit v1.9.1