Hello,
I thought I'd better improve the XSS patch for ilohamail now,
before we have to celebrate birthdays for that bug..
// Ulf
--- source/read_message.php.old 2004-04-08 23:16:37.000000000 +0200
+++ source/read_message.php 2005-04-13 20:55:40.610910256 +0200
@@ -275,9 +275,9 @@
echo "<a href=\"".$href."\"
".(($type==1)||($type==2)||(($type==3)&&(strcasecmp($subtype,
"ms-tnef")==0))?"":"target=_blank").">";
echo "<img
src=\"themes/".$my_prefs["theme"]."/images/".$icons_a[$type]."\" border=0><br>";
echo "<span class=\"small\">";
- if (is_string($name)) echo LangDecodeSubject($name,
$my_charset);
+ if (is_string($name)) echo
htmlspecialchars(LangDecodeSubject($name, $my_charset));
if ($bytes>0) echo "<br>[".ShowBytes($bytes)."]";
- if (is_string($typestring)) echo "<br>".$typestring;
+ if (is_string($typestring)) echo
"<br>".htmlspecialchars($typestring);
echo "</span>";
echo "</a>";
echo "</td>\n";
--- include/read_message_print.inc.old 2004-11-30 07:28:23.000000000 +0100
+++ include/read_message_print.inc 2005-04-13 21:10:06.804228856 +0200
@@ -97,9 +97,9 @@
/* dump! */
echo "<p>";
if (strcasecmp($subtype, "html")==0){
- if
(!$my_prefs["html_in_frame"]){
- $body=strip_tags($body,
'<a><b><i><u><p><br><font><div>');
- }
+ # if
(!$my_prefs["html_in_frame"]){
+ $body=strip_tags($body,
'<a><b><i><u><p><br><font><div>');
+ # }
$body =
eregi_replace("src=\"cid:",
"src=\"view.php?user=$user&folder=$folder&id=$id&cid=", $body);
echo $body;
}else{
--- source/view.php.old 2003-12-30 10:12:56.000000000 +0100
+++ source/view.php 2006-03-19 12:50:33.000000000 +0100
@@ -234,6 +234,7 @@
$body =
ereg_replace("[^a-zA-Z0-9\/\+]", "", $body);
$body = base64_decode($body);
$body =
eregi_replace("src=\"cid:", "src=\"".$img_url, $body);
+ $body=strip_tags($body,
'<a><b><i><u><p><br><font><div>');
echo $body;
}else{
iil_C_PrintBase64Body($view_conn, $folder, $id, $part);
@@ -251,12 +252,14 @@
if ($is_html){
$body =
eregi_replace("src=\"cid:", "src=\"".$img_url, $body);
}
+ $body=strip_tags($body,
'<a><b><i><u><p><br><font><div>');
echo $body;
}else{
// otherwise, just dump it out
if ($is_html){
$body =
iil_C_FetchPartBody($view_conn, $folder, $id, $part);
$body =
eregi_replace("src=\"cid:", "src=\"".$img_url, $body);
+ $body=strip_tags($body,
'<a><b><i><u><p><br><font><div>');
echo $body;
}else{
iil_C_PrintPartBody($view_conn,
$folder, $id, $part);
