severity 444351 important thanks Hi, downgrading this bug since it requires a regular user account to work. The attached patch extracted from the subversion fixes this issue. Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
--- egroupware-1.2.107-2.dfsg.orig/preferences/inc/class.uicategories.inc.php
+++ egroupware-1.2.107-2.dfsg/preferences/inc/class.uicategories.inc.php
@@ -316,6 +316,8 @@
function edit()
{
+ if (!preg_match('/^(#[0-9a-f]+|[a-z]+)?$/i',$_POST['cat_data']['color'])) unset($_POST['cat_data']['color']);
+ if (!preg_match('/^[-_\.a-z0-9]+\.(png|gif|jpe?g)$/i',$_POST['cat_data']['icon'])) unset($_POST['cat_data']['icon']);
$cats_app = get_var('cats_app',array('GET','POST'));
$extra = get_var('extra',array('GET','POST'));
$global_cats = get_var('global_cats',array('GET','POST'));
@@ -331,6 +333,8 @@
'cats_level' => $cats_level,
'cat_id' => $cat_id
);
+ if (!preg_match('/^(#[0-9a-f]+|[a-z]+)?$/i',$_POST['cat_data']['color'])) unset($_POST['cat_data']['color']);
+ if (!preg_match('/^[-_\.a-z0-9]+\.(png|gif|jpe?g)$/i',$_POST['cat_data']['icon'])) unset($_POST['cat_data']['icon']);
$new_parent = $_POST['new_parent'];
$cat_parent = $_POST['cat_parent'];
$cat_name = $_POST['cat_name'];
pgpzigepvWgZ8.pgp
Description: PGP signature
