SquirrelMail

Check-in [012588bb90]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Security patch
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256:012588bb9010eecaefb80fc0a1cc6a2effdadb2273cf6543fc9a10ce47cd0cd4
User & Date: ajv 2018-09-29 18:00:54
Context
2018-10-28
14:55
Security patch from Debian check-in: 3baa0de570 user: ajv tags: trunk
2018-09-29
18:00
Security patch check-in: 012588bb90 user: ajv tags: trunk
2018-04-19
03:12
Ignore our link to external config check-in: 172df82f66 user: ajv tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/compose.php.

365
366
367
368
369
370
371
372
















373

374
375
376
377
378
379
380
}

// re-add attachments that were already in this message
// FIXME: note that technically this is very bad form - 
// should never directly manipulate an object like this
if (!empty($attachments)) {
    $attachments = unserialize($attachments);
    if (!empty($attachments) && is_array($attachments))
















        $composeMessage->entities = $attachments;

}

if (!isset($mailbox) || $mailbox == '' || ($mailbox == 'None')) {
    $mailbox = 'INBOX';
}

if ($draft) {







|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
>







365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
}

// re-add attachments that were already in this message
// FIXME: note that technically this is very bad form - 
// should never directly manipulate an object like this
if (!empty($attachments)) {
    $attachments = unserialize($attachments);
    if (!empty($attachments) && is_array($attachments)) {
        // sanitize the "att_local_name" since it is user-supplied and used to access the file system
        // it must be alpha-numeric and 32 characters long (see the use of GenerateRandomString() below)
        foreach ($attachments as $i => $attachment) {
            if (empty($attachment->att_local_name) || strlen($attachment->att_local_name) !== 32) {
                unset($attachments[$i]);
                continue;
            }
            // probably marginal difference between (ctype_alnum + function_exists) and preg_match
            if (function_exists('ctype_alnum')) {
                if (!ctype_alnum($attachment->att_local_name))
                    unset($attachments[$i]);
            }
            else if (preg_match('/[^0-9a-zA-Z]/', $attachment->att_local_name))
                unset($attachments[$i]);
        }
        if (!empty($attachments))
            $composeMessage->entities = $attachments;
    }
}

if (!isset($mailbox) || $mailbox == '' || ($mailbox == 'None')) {
    $mailbox = 'INBOX';
}

if ($draft) {