Applied security patches by Kees Cook (Ubuntu) + little visual enhancements

author: thomascube <thomas@roundcube.net> 2006-12-22 21:45:21 +0000
committer: thomascube <thomas@roundcube.net> 2006-12-22 21:45:21 +0000
commit: ee883ad73d64639eb994a71e15b1a37c07ff3cb9 (patch)
tree: 2dd00a5976d0cb31a006f6489b9b9d3d0438abb3 /program/include
parent: 8af7757525b312b001bede8b044b83e993860878 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/program/include/main.inc b/program/include/main.inc
index c57aa8a9f..a1c00d340 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -450,6 +450,26 @@ function rcmail_login($user, $pass, $host=NULL)
   if (!$host)
     $host = $CONFIG['default_host'];
 
+  // Validate that selected host is in the list of configured hosts
+  if (is_array($CONFIG['default_host']))
+    {
+    $allowed = FALSE;
+    foreach ($CONFIG['default_host'] as $key => $host_allowed)
+      {
+      if (!is_numeric($key))
+        $host_allowed = $key;
+      if ($host == $host_allowed)
+        {
+        $allowed = TRUE;
+        break;
+        }
+      }
+    if (!$allowed)
+      return FALSE;
+    }
+  else if (!empty($CONFIG['default_host']) && $host != $CONFIG['default_host'])
+    return FALSE;
+
   // parse $host URL
   $a_host = parse_url($host);
   if ($a_host['host'])
author	thomascube <thomas@roundcube.net>	2006-12-22 21:45:21 +0000
committer	thomascube <thomas@roundcube.net>	2006-12-22 21:45:21 +0000
commit	ee883ad73d64639eb994a71e15b1a37c07ff3cb9 (patch)
tree	2dd00a5976d0cb31a006f6489b9b9d3d0438abb3 /program/include
parent	8af7757525b312b001bede8b044b83e993860878 (diff)