- Prevent right_frame to be set to '//www.example.com'.

ChangeLog

@@ -478,6 +478,7 @@ Version 1.5.1 -- CVS
   - Make test for IE6 in SendDownloadHeaders also match versions higher
     than 6 (#1339211).
   - Allow double quote to be used in MOTD (#1276959).
+  - Prevent right_frame to be set to '//www.example.com'.
 
 Version 1.5.0 - 2 February 2004
 -------------------------------

src/webmail.php

@@ -140,9 +140,12 @@ else {
  *
  * This was done to create a pure HTML way of refreshing the folder list since
  * we would like to use as little Javascript as possible.
+ *
+ * The test for // should catch any attempt to include off-site webpages into
+ * our frameset.
  */
 
-if (empty($right_frame) || (strpos(urldecode($right_frame), '://'))) {
+if (empty($right_frame) || (strpos(urldecode($right_frame), '//') !== false)) {
     $right_frame = '';
 }
 
@@ -182,4 +185,4 @@ echo $output;
 
 ?>
 </frameset>
-</html>
+</html>