diff options
| author | thomascube <thomas@roundcube.net> | 2005-09-29 20:30:10 +0000 |
|---|---|---|
| committer | thomascube <thomas@roundcube.net> | 2005-09-29 20:30:10 +0000 |
| commit | 539cd47824ec6b03b44f9f7c5af8a1e60df0458b (patch) | |
| tree | ec90fc2acd6dab9ad71bc19a51ee9d989a4e3ef5 | |
| parent | 30233b8dfb7fe5070dfa11b3e6d2015fb50aa769 (diff) | |
Fix for URL injection vulnerability (Bug #1307966)
| -rw-r--r-- | index.php | 14 | ||||
| -rw-r--r-- | program/steps/error.inc | 2 |
2 files changed, 14 insertions, 2 deletions
@@ -267,7 +267,19 @@ if ($_task=='settings') } +// only allow these templates to be included +$valid_tasks = array('mail','settings','addressbook'); + // parse main template -parse_template($_task); +if (in_array($_task, $valid_tasks)) + parse_template($_task); + +// if we arrive here, something went wrong +raise_error(array('code' => 404, + 'type' => 'php', + 'line' => __LINE__, + 'file' => __FILE__, + 'message' => "Invalid request"), TRUE, TRUE); + ?>
\ No newline at end of file diff --git a/program/steps/error.inc b/program/steps/error.inc index efe30407e..9e5757d7b 100644 --- a/program/steps/error.inc +++ b/program/steps/error.inc @@ -52,7 +52,7 @@ else if ($ERROR_CODE==401) else if ($ERROR_CODE==404) { $__error_title = "REQUEST FAILED/FILE NOT FOUND"; - $request_url = $GLOBALS['HTTP_HOST'].$GLOBALS['REQUEST_URI']; + $request_url = $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; $__error_text = <<<EOF The requested page was not found!<br /> Please contact your server-administrator. |