diff options
| author | thomascube <thomas@roundcube.net> | 2006-12-22 21:45:21 +0000 |
|---|---|---|
| committer | thomascube <thomas@roundcube.net> | 2006-12-22 21:45:21 +0000 |
| commit | ee883ad73d64639eb994a71e15b1a37c07ff3cb9 (patch) | |
| tree | 2dd00a5976d0cb31a006f6489b9b9d3d0438abb3 /program/include | |
| parent | 8af7757525b312b001bede8b044b83e993860878 (diff) | |
Applied security patches by Kees Cook (Ubuntu) + little visual enhancements
Diffstat (limited to 'program/include')
| -rw-r--r-- | program/include/main.inc | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/program/include/main.inc b/program/include/main.inc index c57aa8a9f..a1c00d340 100644 --- a/program/include/main.inc +++ b/program/include/main.inc @@ -450,6 +450,26 @@ function rcmail_login($user, $pass, $host=NULL) if (!$host) $host = $CONFIG['default_host']; + // Validate that selected host is in the list of configured hosts + if (is_array($CONFIG['default_host'])) + { + $allowed = FALSE; + foreach ($CONFIG['default_host'] as $key => $host_allowed) + { + if (!is_numeric($key)) + $host_allowed = $key; + if ($host == $host_allowed) + { + $allowed = TRUE; + break; + } + } + if (!$allowed) + return FALSE; + } + else if (!empty($CONFIG['default_host']) && $host != $CONFIG['default_host']) + return FALSE; + // parse $host URL $a_host = parse_url($host); if ($a_host['host']) |