diff options
| author | Norikatsu Shigemura <nork@FreeBSD.org> | 2004-11-09 01:17:43 +0800 |
|---|---|---|
| committer | Norikatsu Shigemura <nork@FreeBSD.org> | 2004-11-09 01:17:43 +0800 |
| commit | 6d37a26663a5338f26204d4bb6b35edfd049dbc8 (patch) | |
| tree | fee85d0bef45e0f0d3626b94033bc3379e5f8267 /mail | |
| parent | 4896daab2c5cd4bce20cd22213daaf0bb3175ca6 (diff) | |
| download | freebsd-ports-gnome-6d37a26663a5338f26204d4bb6b35edfd049dbc8.tar.gz freebsd-ports-gnome-6d37a26663a5338f26204d4bb6b35edfd049dbc8.tar.zst freebsd-ports-gnome-6d37a26663a5338f26204d4bb6b35edfd049dbc8.zip | |
Fix for XSS scripting flaw.
PR: ports/73667
Submitted by: Simon Dick <simond@home.irrelevant.org> (maintainer)
Diffstat (limited to 'mail')
| -rw-r--r-- | mail/squirrelmail/Makefile | 2 | ||||
| -rw-r--r-- | mail/squirrelmail/files/patch-sm143a-xss.diff | 28 |
2 files changed, 29 insertions, 1 deletions
diff --git a/mail/squirrelmail/Makefile b/mail/squirrelmail/Makefile index 7b70327e8fcf..620e2adc71f5 100644 --- a/mail/squirrelmail/Makefile +++ b/mail/squirrelmail/Makefile @@ -7,7 +7,7 @@ PORTNAME= squirrelmail PORTVERSION?= 1.4.3a -PORTREVISION?= 2 +PORTREVISION?= 3 CATEGORIES?= mail www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= squirrelmail diff --git a/mail/squirrelmail/files/patch-sm143a-xss.diff b/mail/squirrelmail/files/patch-sm143a-xss.diff new file mode 100644 index 000000000000..7786892d2f4b --- /dev/null +++ b/mail/squirrelmail/files/patch-sm143a-xss.diff @@ -0,0 +1,28 @@ +diff -urN functions/mime.php functions/mime.php +--- functions/mime.php 2004-05-23 19:14:11.000000000 +0300 ++++ functions/mime.php 2004-11-03 19:16:50.000000000 +0200 +@@ -602,13 +602,22 @@ + } + $iLastMatch = $i; + $j = $i; +- $ret .= $res[1]; ++ if ($htmlsave) { ++ $ret .= htmlspecialchars($res[1]); ++ } else { ++ $ret .= $res[1]; ++ } + $encoding = ucfirst($res[3]); + switch ($encoding) + { + case 'B': + $replace = base64_decode($res[4]); +- $ret .= charset_decode($res[2],$replace); ++ if ($utfencode) { ++ $replace = charset_decode($res[2],$replace); ++ } elseif ($htmlsave) { ++ $replace = htmlspecialchars($replace); ++ } ++ $ret .= $replace; + break; + case 'Q': + $replace = str_replace('_', ' ', $res[4]); |