[prev in list] [next in list] [prev in thread] [next in thread]
List: squirrelmail-cvs
Subject: [SM-CVS] SF.net SVN: squirrelmail:[13903] trunk/squirrelmail
From: kink () users ! sourceforge ! net
Date: 2010-02-13 16:27:53
Message-ID: E1NgKqX-0007Qq-0j () sfp-svn-2 ! v30 ! ch3 ! sourceforge ! com
[Download RAW message or body]
Revision: 13903
http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13903&view=rev
Author: kink
Date: 2010-02-13 16:27:52 +0000 (Sat, 13 Feb 2010)
Log Message:
-----------
Send X-DNS-Prefetch-Control: off header to browsers to prevent information
leakage when Firefox does DNS prefetching for URL's contained in emails.
https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail
Modified Paths:
--------------
trunk/squirrelmail/doc/ChangeLog
trunk/squirrelmail/functions/page_header.php
Modified: trunk/squirrelmail/doc/ChangeLog
===================================================================
--- trunk/squirrelmail/doc/ChangeLog 2010-02-04 20:13:23 UTC (rev 13902)
+++ trunk/squirrelmail/doc/ChangeLog 2010-02-13 16:27:52 UTC (rev 13903)
@@ -333,6 +333,8 @@
- Encoded From headers now properly quoted (#2830141).
- Multibyte strings (notably subjects) are now handled correctly (#2824813,
#2925731).
+ - Send X-DNS-Prefetch-Control: off header to browsers to prevent information
+ leakage when Firefox does DNS prefetching for URL's contained in emails.
Version 1.5.1 (branched on 2006-02-12)
--------------------------------------
Modified: trunk/squirrelmail/functions/page_header.php
===================================================================
--- trunk/squirrelmail/functions/page_header.php 2010-02-04 20:13:23 UTC (rev 13902)
+++ trunk/squirrelmail/functions/page_header.php 2010-02-13 16:27:52 UTC (rev 13903)
@@ -40,6 +40,9 @@
//FIXME: should change all header() calls in SM core to use $oTemplate->header()!!
$oTemplate->header('Pragma: no-cache'); // http 1.0 (rfc1945)
$oTemplate->header('Cache-Control: private, no-cache, no-store'); // http 1.1 \
(rfc2616) + /* prevent information leakage about read emails by forbidding Firefox
+ * to do preemptive DNS requests for any links in the message body. */
+ $oTemplate->header('X-DNS-Prefetch-Control: off');
// don't show version as a security measure
//$oTemplate->header('X-Powered-By: SquirrelMail/' . SM_VERSION, FALSE);
This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.
------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
-----
squirrelmail-cvs mailing list
List address: squirrelmail-cvs@lists.sourceforge.net
List info (subscribe/unsubscribe/change options): \
https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
Repository: http://squirrelmail.org/svn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic