SquirrelMail

Check-in [3baa0de570]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Security patch from Debian
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256:3baa0de570e2907776e8687bdf2e840e8e151e21b825d0a1eac20f5d38768ff3
User & Date: ajv 2018-10-28 14:55:52
Context
2019-02-21
05:36
PHP deprecated regexp nonsense. check-in: a0f3042315 user: vandys tags: trunk
2018-10-28
14:55
Security patch from Debian check-in: 3baa0de570 user: ajv tags: trunk
2018-09-29
18:00
Security patch check-in: 012588bb90 user: ajv tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to functions/mime.php.

1664
1665
1666
1667
1668
1669
1670
1671

1672
1673
1674
1675
1676
1677
1678
....
2307
2308
2309
2310
2311
2312
2313
2314




2315
2316
2317
2318
2319
2320
2321
2322
2323
2324

2325
2326
2327
2328
2329
2330
2331
                    $attary{$attname} = str_replace($sMatch,$urlvalue,$attvalue);
                }
            }
        }
        /**
         * Use white list based filtering on attributes which can contain url's
         */
        else if ($attname == 'href' || $attname == 'src' || $attname == 'background') {

            sq_fix_url($attname, $attvalue, $message, $id, $mailbox);
            $attary{$attname} = $attvalue;
        }
    }
    /**
     * See if we need to append any attributes to this tag.
     */
................................................................................
            "html",
            "head",
            "base",
            "link",
            "frame",
            "iframe",
            "plaintext",
            "marquee"




            );

    $rm_tags_with_content = Array(
            "script",
            "applet",
            "embed",
            "title",
            "frameset",
            "xmp",
            "xml"

            );

    $self_closing_tags =  Array(
            "img",
            "br",
            "hr",
            "input",







|
>







 







|
>
>
>
>









|
>







1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
....
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
                    $attary{$attname} = str_replace($sMatch,$urlvalue,$attvalue);
                }
            }
        }
        /**
         * Use white list based filtering on attributes which can contain url's
         */
        else if ($attname == 'href' || $attname == 'src' || $attname == 'background' || $attname == 'xlink:href' ||
                $attname == 'action' || $attname == 'formaction' || $attname == 'to') {
            sq_fix_url($attname, $attvalue, $message, $id, $mailbox);
            $attary{$attname} = $attvalue;
        }
    }
    /**
     * See if we need to append any attributes to this tag.
     */
................................................................................
            "html",
            "head",
            "base",
            "link",
            "frame",
            "iframe",
            "plaintext",
            "marquee",
            "animate",
            "form",
            "math",
            "param"
            );

    $rm_tags_with_content = Array(
            "script",
            "applet",
            "embed",
            "title",
            "frameset",
            "xmp",
            "xml",
            "svg"
            );

    $self_closing_tags =  Array(
            "img",
            "br",
            "hr",
            "input",