For reference here the patch for this security issue:
Index: templates/common-footer.inc
===================================================================
RCS file: /repository/mnemo/templates/Attic/common-footer.inc,v
retrieving revision 1.1.2.1
retrieving revision 1.1.2.2
diff -u -r1.1.2.1 -r1.1.2.2
--- templates/common-footer.inc 23 Jun 2002 14:26:53 -0000 1.1.2.1
+++ templates/common-footer.inc 5 Apr 2005 16:56:24 -0000 1.1.2.2
@@ -1,7 +1,7 @@
<?php if (!empty($title)): ?>
<script language="JavaScript" type="text/javascript">
<!--
-if (parent.frames.horde_main) parent.document.title = '<?php echo
addslashes($registry->getParam('name') . ' :: ' . $title) ?>';
+if (parent.frames.horde_main) parent.document.title = '<?php echo
str_replace(array('<', '>'), array('\<', '\>'),
addslashes($registry->getParam('name') . ' :: ' . $title)) ?>';
//-->
</script>
<?php endif; ?>
Gruesse,
--
Frank Lichtenheld <[EMAIL PROTECTED]>
www: http://www.djpig.de/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
