[prev in list] [next in list] [prev in thread] [next in thread]
List: squirrelmail-cvs
Subject: [SM-CVS] SF.net SVN: squirrelmail:[13957]
From: pdontthink () users ! sourceforge ! net
Date: 2010-06-26 10:15:50
Message-ID: E1OSSQQ-0001p7-3Z () sfp-svn-5 ! v30 ! ch3 ! sourceforge ! com
[Download RAW message or body]
Revision: 13957
http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=13957&view=rev
Author: pdontthink
Date: 2010-06-26 10:15:49 +0000 (Sat, 26 Jun 2010)
Log Message:
-----------
Aggressive sanitizing of REQUEST_URI, PHP_SELF, and QUERY_STRING corrupted page URIs \
by encoding ampersands in the query string, so we have to un-sanitize ampersands. \
Will this cause any security/XSS issues?
Modified Paths:
--------------
trunk/squirrelmail/include/init.php
Modified: trunk/squirrelmail/include/init.php
===================================================================
--- trunk/squirrelmail/include/init.php 2010-06-25 21:31:10 UTC (rev 13956)
+++ trunk/squirrelmail/include/init.php 2010-06-26 10:15:49 UTC (rev 13957)
@@ -275,13 +275,17 @@
* htmlspecialchars() is the preferred method.
* QUERY_STRING also needs the same treatment since it is
* used in php_self().
+ * Update again: the encoding of ampersands that occurs
+ * using htmlspecialchars() corrupts the query strings
+ * in normal URIs, so we have to let those through.
+FIXME: will the de-sanitizing of ampersands create any security/XSS problems?
*/
if (isset($_SERVER['REQUEST_URI']))
- $_SERVER['REQUEST_URI'] = htmlspecialchars($_SERVER['REQUEST_URI']);
+ $_SERVER['REQUEST_URI'] = str_replace('&', '&', \
htmlspecialchars($_SERVER['REQUEST_URI'])); if (isset($_SERVER['PHP_SELF']))
- $_SERVER['PHP_SELF'] = htmlspecialchars($_SERVER['PHP_SELF']);
+ $_SERVER['PHP_SELF'] = str_replace('&', '&', \
htmlspecialchars($_SERVER['PHP_SELF'])); if (isset($_SERVER['QUERY_STRING']))
- $_SERVER['QUERY_STRING'] = htmlspecialchars($_SERVER['QUERY_STRING']);
+ $_SERVER['QUERY_STRING'] = str_replace('&', '&', \
htmlspecialchars($_SERVER['QUERY_STRING']));
$PHP_SELF = php_self();
This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
-----
squirrelmail-cvs mailing list
List address: squirrelmail-cvs@lists.sourceforge.net
List info (subscribe/unsubscribe/change options): \
https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
Repository: http://squirrelmail.org/svn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic