'[SM-CVS] SF.net SVN: squirrelmail:[13903] trunk/squirrelmail'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squirrelmail-cvs
Subject:    [SM-CVS] SF.net SVN: squirrelmail:[13903] trunk/squirrelmail
From:       kink () users ! sourceforge ! net
Date:       2010-02-13 16:27:53
Message-ID: E1NgKqX-0007Qq-0j () sfp-svn-2 ! v30 ! ch3 ! sourceforge ! com
[Download RAW message or body]

Revision: 13903
          http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13903&view=rev
Author:   kink
Date:     2010-02-13 16:27:52 +0000 (Sat, 13 Feb 2010)

Log Message:
-----------
Send X-DNS-Prefetch-Control: off header to browsers to prevent information
leakage when Firefox does DNS prefetching for URL's contained in emails.
https://secure.grepular.com/DNS_Prefetch_Exposure_on_Thunderbird_and_Webmail

Modified Paths:
--------------
    trunk/squirrelmail/doc/ChangeLog
    trunk/squirrelmail/functions/page_header.php

Modified: trunk/squirrelmail/doc/ChangeLog
===================================================================
--- trunk/squirrelmail/doc/ChangeLog	2010-02-04 20:13:23 UTC (rev 13902)
+++ trunk/squirrelmail/doc/ChangeLog	2010-02-13 16:27:52 UTC (rev 13903)
@@ -333,6 +333,8 @@
   - Encoded From headers now properly quoted (#2830141).
   - Multibyte strings (notably subjects) are now handled correctly (#2824813,
     #2925731).
+  - Send X-DNS-Prefetch-Control: off header to browsers to prevent information
+    leakage when Firefox does DNS prefetching for URL's contained in emails.
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------

Modified: trunk/squirrelmail/functions/page_header.php
===================================================================
--- trunk/squirrelmail/functions/page_header.php	2010-02-04 20:13:23 UTC (rev 13902)
+++ trunk/squirrelmail/functions/page_header.php	2010-02-13 16:27:52 UTC (rev 13903)
@@ -40,6 +40,9 @@
 //FIXME: should change all header() calls in SM core to use $oTemplate->header()!!
     $oTemplate->header('Pragma: no-cache'); // http 1.0 (rfc1945)
     $oTemplate->header('Cache-Control: private, no-cache, no-store'); // http 1.1 \
(rfc2616) +    /* prevent information leakage about read emails by forbidding Firefox
+     * to do preemptive DNS requests for any links in the message body. */
+    $oTemplate->header('X-DNS-Prefetch-Control: off');
 
     // don't show version as a security measure
     //$oTemplate->header('X-Powered-By: SquirrelMail/' . SM_VERSION, FALSE);


This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.

------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
-----
squirrelmail-cvs mailing list
List address: squirrelmail-cvs@lists.sourceforge.net
List info (subscribe/unsubscribe/change options): \
                https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
Repository: http://squirrelmail.org/svn


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic