diff options
| author | thomascube <thomas@roundcube.net> | 2006-11-22 11:42:37 +0000 |
|---|---|---|
| committer | thomascube <thomas@roundcube.net> | 2006-11-22 11:42:37 +0000 |
| commit | e34ae17809c3dff8ed870405ffed4e0077cb8512 (patch) | |
| tree | ab8abe4cd31c0702cb60a2c550a8f650c07d4758 /index.php | |
| parent | 0023c18291a077d983e457f07f59108338d17f8f (diff) | |
Fixed XSS vulnerability (Bug #1484109)
Diffstat (limited to 'index.php')
| -rw-r--r-- | index.php | 15 |
1 files changed, 7 insertions, 8 deletions
@@ -2,7 +2,7 @@ /* +-----------------------------------------------------------------------+ | RoundCube Webmail IMAP Client | - | Version 0.1-20060907 | + | Version 0.1-20061122 | | | | Copyright (C) 2005-2006, RoundCube Dev. - Switzerland | | Licensed under the GNU GPL | @@ -40,7 +40,7 @@ */ -define('RCMAIL_VERSION', '0.1-20060907'); +define('RCMAIL_VERSION', '0.1-20061122'); // define global vars $CHARSET = 'UTF-8'; @@ -90,11 +90,12 @@ require_once('PEAR.php'); // catch some url/post parameters -$_task = get_input_value('_task', RCUBE_INPUT_GPC); -$_action = get_input_value('_action', RCUBE_INPUT_GPC); +$_task = strip_quotes(get_input_value('_task', RCUBE_INPUT_GPC)); +$_action = strip_quotes(get_input_value('_action', RCUBE_INPUT_GPC)); $_framed = (!empty($_GET['_framed']) || !empty($_POST['_framed'])); -if (empty($_task)) +// use main task if empty or invalid value +if (empty($_task) || !in_array($_task, $MAIN_TASKS)) $_task = 'mail'; if (!empty($_GET['_remote'])) @@ -372,9 +373,7 @@ if ($_task=='settings') // parse main template -// only allow these templates to be included -if (in_array($_task, $MAIN_TASKS)) - parse_template($_task); +parse_template($_task); // if we arrive here, something went wrong |