We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
squirrelmail
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix XSS problem with unsanitized style tags in messages [CVE-2011-2023]

pdontthink 14 years ago
parent
e1fa59dc03
commit
9b7080ad98
2 changed files with 10 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      doc/ChangeLog
  2. 9 0
      functions/mime.php

+ 1 - 0
doc/ChangeLog
View File 

@@ -365,6 +365,7 @@ Version 1.5.2 - SVN
 
   - Fixed XSS holes in generic options inputs, XSS hole in the SquirrelSpell
 
     plugin, and added anti-CSRF protection to the empty trash feature (thanks
 
     to Nicholas Carlini for finding all these issues). [CVE-2010-4555]
 
+  - Fixed XSS problem with unsanitized style tags in messages. [CVE-2011-2023]
 
 
 Version 1.5.1 (branched on 2006-02-12)
 
 --------------------------------------

+ 9 - 0
functions/mime.php
View File 

@@ -2350,6 +2350,15 @@ function sq_sanitize($body,
 
             list($free_content, $curpos) =
 
                 sq_fixstyle($body, $gt+1, $message, $id, $mailbox);
 
             if ($free_content != FALSE){
 
+                $attary = sq_fixatts($tagname,
 
+                                     $attary,
 
+                                     $rm_attnames,
 
+                                     $bad_attvals,
 
+                                     $add_attr_to_tag,
 
+                                     $message,
 
+                                     $id,
 
+                                     $mailbox
 
+                                     );
 
                 $trusted .= sq_tagprint($tagname, $attary, $tagtype);
 
                 $trusted .= $free_content;
 
                 $trusted .= sq_tagprint($tagname, false, 2);

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5