diff options
| author |   Tobias Scherbaum <dertobi123@gentoo.org> | 2008-11-29 16:40:19 +0000 |
|---|---|---|
| committer | Tobias Scherbaum <dertobi123@gentoo.org> | 2008-11-29 16:40:19 +0000 |
| commit | c4897e41eb55f8ce07e753c2f4e899fa4151d402 (patch) | |
| tree | 0f0bf657177dd8932145e5eee250689d074bf08a /mail-client/squirrelmail/files | |
| parent | Cleanup and remove big files from (#248981) (diff) | |
| download | gentoo-2-c4897e41eb55f8ce07e753c2f4e899fa4151d402.tar.gz gentoo-2-c4897e41eb55f8ce07e753c2f4e899fa4151d402.tar.bz2 gentoo-2-c4897e41eb55f8ce07e753c2f4e899fa4151d402.zip | |
Cleanup and remove big files from (#248980)
(Portage version: 2.2_rc16/cvs/Linux 2.6.25-gentoo-r7 x86_64)
Diffstat (limited to 'mail-client/squirrelmail/files')
8 files changed, 0 insertions, 976 deletions
diff --git a/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-4019.patch b/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-4019.patch deleted file mode 100644 index c944bf30a1a0..000000000000 --- a/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-4019.patch +++ /dev/null @@ -1,133 +0,0 @@ -diff -Naurp squirrelmail-1.5.1.orig/functions/auth.php squirrelmail-1.5.1/functions/auth.php ---- squirrelmail-1.5.1.orig/functions/auth.php 2006-01-23 10:39:32.000000000 -0800 -+++ squirrelmail-1.5.1/functions/auth.php 2007-05-21 09:09:30.000000000 -0700 -@@ -59,6 +59,8 @@ function is_logged_in() { - sqsession_register($session_expired_location,'session_expired_location'); - } - -+ session_write_close(); -+ - // signout page will deal with users who aren't logged - // in on its own; don't show error here - // -@@ -330,4 +332,4 @@ function get_smtp_user(&$user, &$pass) { - } - } - --?> -\ No newline at end of file -+?> -diff -Naurp squirrelmail-1.5.1.orig/src/compose.php squirrelmail-1.5.1/src/compose.php ---- squirrelmail-1.5.1.orig/src/compose.php 2006-02-11 07:14:31.000000000 -0800 -+++ squirrelmail-1.5.1/src/compose.php 2007-05-21 09:02:11.000000000 -0700 -@@ -299,13 +299,19 @@ if (sqsession_is_registered('session_exp - sqsession_unregister('session_expired_post'); - session_write_close(); - } else { -- foreach ($session_expired_post as $postvar => $val) { -- if (isset($val)) { -- $$postvar = $val; -- } else { -- $$postvar = ''; -+ // these are the vars that we can set from the expired composed session -+ $compo_var_list = array ( 'send_to', 'send_to_cc','body','startMessage', -+ 'passed_body','use_signature','signature','attachments','subject','newmail', -+ 'send_to_bcc', 'passed_id', 'mailbox', 'from_htmladdr_search', 'identity', -+ 'draft_id', 'delete_draft', 'mailprio', 'edit_as_new', 'compose_messsages', -+ 'composesession', 'request_mdn', 'request_dr'); -+ -+ foreach ($compo_var_list as $var) { -+ if ( isset($session_expired_post[$var]) && !isset($$var) ) { -+ $$var = $session_expired_post[$var]; - } - } -+ - $compose_messages = unserialize(urldecode($restoremessages)); - sqsession_register($compose_messages,'compose_messages'); - sqsession_register($composesession,'composesession'); -diff -Naurp squirrelmail-1.5.1.orig/src/login.php squirrelmail-1.5.1/src/login.php ---- squirrelmail-1.5.1.orig/src/login.php 2006-02-12 01:03:11.000000000 -0800 -+++ squirrelmail-1.5.1/src/login.php 2007-05-21 09:11:11.000000000 -0700 -@@ -44,12 +44,24 @@ if (!function_exists('sqm_baseuri')){ - } - $base_uri = sqm_baseuri(); - --/* -+/** - * In case the last session was not terminated properly, make sure -- * we get a new one. -+ * we get a new one, but make sure we preserve session_expired_* - */ - --sqsession_destroy(); -+if ( !empty($_SESSION['session_expired_post']) && !empty($_SESSION['session_expired_location']) ) { -+ $sep = $_SESSION['session_expired_post']; -+ $sel = $_SESSION['session_expired_location']; -+ -+ sqsession_destroy(); -+ -+ sqsession_is_active(); -+ sqsession_register($sep, 'session_expired_post'); -+ sqsession_register($sel, 'session_expired_location'); -+} else { -+ sqsession_destroy(); -+} -+ - /** - * PHP bug. http://bugs.php.net/11643 (warning, spammed bug tracker) and - * http://bugs.php.net/13834 -@@ -195,4 +207,4 @@ $oTemplate->assign('password_field', $pa - $oTemplate->assign('submit_field', addSubmit(_("Login"))); - - $oTemplate->display('login.tpl'); --?> -\ No newline at end of file -+?> -diff -Naurp squirrelmail-1.5.1.orig/src/redirect.php squirrelmail-1.5.1/src/redirect.php ---- squirrelmail-1.5.1.orig/src/redirect.php 2006-02-07 23:58:18.000000000 -0800 -+++ squirrelmail-1.5.1/src/redirect.php 2007-05-21 09:12:45.000000000 -0700 -@@ -140,13 +140,17 @@ $redirect_url = $location . '/webmail.ph - - if ( sqgetGlobalVar('session_expired_location', $session_expired_location, SQ_SESSION) ) { - sqsession_unregister('session_expired_location'); -- $compose_new_win = getPref($data_dir, $username, 'compose_new_win', 0); -- if ($compose_new_win) { -- // do not prefix $location here because $session_expired_location is set to PHP_SELF -- // of the last page -- $redirect_url = $session_expired_location; -- } elseif ( strpos($session_expired_location, 'webmail.php') === FALSE ) { -- $redirect_url = $location.'/webmail.php?right_frame='.urldecode($session_expired_location); -+ if ( strpos($session_expired_location, 'compose.php') !== FALSE ) { -+ $compose_new_win = getPref($data_dir, $username, 'compose_new_win', 0); -+ if ($compose_new_win) { -+ // do not prefix $location here because $session_expired_location is set to PHP_SELF -+ // of the last page -+ $redirect_url = $session_expired_location; -+ } elseif ( strpos($session_expired_location, 'webmail.php') === FALSE ) { -+ $redirect_url = 'webmail.php?right_frame=compose.php'; -+ } -+ } else { -+ $redirect_url = 'webmail.php?right_frame=' . urldecode($session_expired_location); - } - unset($session_expired_location); - } -@@ -187,4 +191,4 @@ function attachment_common_parse($str, $ - sqsession_register($attachment_common_types, 'attachment_common_types'); - } - --?> -\ No newline at end of file -+?> -diff -Naurp squirrelmail-1.5.1.orig/src/webmail.php squirrelmail-1.5.1/src/webmail.php ---- squirrelmail-1.5.1.orig/src/webmail.php 2006-02-13 10:20:06.000000000 -0800 -+++ squirrelmail-1.5.1/src/webmail.php 2007-05-21 09:13:29.000000000 -0700 -@@ -54,9 +54,6 @@ if (!sqgetGlobalVar('mailbox', $mailbox) - - sqgetGlobalVar('right_frame', $right_frame, SQ_GET); - --if ( isset($_SESSION['session_expired_post']) ) { -- sqsession_unregister('session_expired_post'); --} - if(!sqgetGlobalVar('mailto', $mailto)) { - $mailto = ''; - } diff --git a/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-6142-draft_composesess.patch b/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-6142-draft_composesess.patch deleted file mode 100644 index 096aa202f251..000000000000 --- a/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-6142-draft_composesess.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff -Naurp squirrelmail-1.5.1.orig/src/compose.php squirrelmail-1.5.1/src/compose.php ---- squirrelmail-1.5.1.orig/src/compose.php 2007-05-21 09:54:44.000000000 -0700 -+++ squirrelmail-1.5.1/src/compose.php 2007-05-21 09:55:35.000000000 -0700 -@@ -80,7 +80,11 @@ sqgetGlobalVar('draft',$draft); - sqgetGlobalVar('draft_id',$draft_id); - sqgetGlobalVar('ent_num',$ent_num); - sqgetGlobalVar('saved_draft',$saved_draft); --sqgetGlobalVar('delete_draft',$delete_draft); -+ -+if ( sqgetGlobalVar('delete_draft',$delete_draft) ) { -+ $delete_draft = (int)$delete_draft; -+} -+ - if ( sqgetGlobalVar('startMessage',$startMessage) ) { - $startMessage = (int)$startMessage; - } else { -@@ -343,6 +347,8 @@ if (sqsession_is_registered('session_exp - if (!isset($composesession)) { - $composesession = 0; - sqsession_register(0,'composesession'); -+} else { -+ $composesession = (int)$composesession; - } - - if (!isset($session) || (isset($newmessage) && $newmessage)) { diff --git a/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-6142-mailto.patch b/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-6142-mailto.patch deleted file mode 100644 index a9ff6dced42c..000000000000 --- a/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-6142-mailto.patch +++ /dev/null @@ -1,157 +0,0 @@ -diff -Naurp squirrelmail-1.5.1.orig/src/compose.php squirrelmail-1.5.1/src/compose.php ---- squirrelmail-1.5.1.orig/src/compose.php 2007-05-21 09:14:13.000000000 -0700 -+++ squirrelmail-1.5.1/src/compose.php 2007-05-21 09:20:16.000000000 -0700 -@@ -120,6 +120,25 @@ if ( !sqgetGlobalVar('smaction',$action) - if ( sqgetGlobalVar('smaction_edit_new',$tmp) ) $action = 'edit_as_new'; - } - -+/** -+ * Here we decode the data passed in from mailto.php. -+ */ -+if ( sqgetGlobalVar('mailtodata', $mailtodata, SQ_GET) ) { -+ $trtable = array('to' => 'send_to', -+ 'cc' => 'send_to_cc', -+ 'bcc' => 'send_to_bcc', -+ 'body' => 'body', -+ 'subject' => 'subject'); -+ $mtdata = unserialize($mailtodata); -+ -+ foreach ($trtable as $f => $t) { -+ if ( !empty($mtdata[$f]) ) { -+ $$t = $mtdata[$f]; -+ } -+ } -+ unset($mailtodata,$mtdata, $trtable); -+} -+ - /* Location (For HTTP 1.1 Header("Location: ...") redirects) */ - $location = get_location(); - /* Identities (fetch only once) */ -diff -Naurp squirrelmail-1.5.1.orig/src/login.php squirrelmail-1.5.1/src/login.php ---- squirrelmail-1.5.1.orig/src/login.php 2007-05-21 09:14:13.000000000 -0700 -+++ squirrelmail-1.5.1/src/login.php 2007-05-21 09:21:42.000000000 -0700 -@@ -187,15 +187,15 @@ if (isset($hide_sm_attributions) && !$hi - $username_form_name = 'login_username'; - $password_form_name = 'secretkey'; - --if(sqgetGlobalVar('mailto', $mailto)) { -- $rcptaddress = addHidden('mailto', $mailto); -+if(sqgetGlobalVar('mailtodata', $mailtodata)) { -+ $mailtofield = addHidden('mailtodata', $mailtodata); - } else { -- $rcptaddress = ''; -+ $mailtofield = ''; - } - - $password_field = addPwField($password_form_name). - addHidden('js_autodetect_results', SMPREF_JS_OFF). -- $rcptaddress . -+ $mailtofield . - addHidden('just_logged_in', '1'); - - $oTemplate->assign('color', $color); -diff -Naurp squirrelmail-1.5.1.orig/src/mailto.php squirrelmail-1.5.1/src/mailto.php ---- squirrelmail-1.5.1.orig/src/mailto.php 2006-01-23 10:43:28.000000000 -0800 -+++ squirrelmail-1.5.1/src/mailto.php 2007-05-21 09:24:07.000000000 -0700 -@@ -41,6 +41,8 @@ $trtable = array('cc' => 'send - 'subject' => 'subject'); - $url = ''; - -+$data = array(); -+ - if(sqgetGlobalVar('emailaddress', $emailaddress)) { - $emailaddress = trim($emailaddress); - if(stristr($emailaddress, 'mailto:')) { -@@ -50,34 +52,33 @@ if(sqgetGlobalVar('emailaddress', $email - list($emailaddress, $a) = explode('?', $emailaddress, 2); - if(strlen(trim($a)) > 0) { - $a = explode('=', $a, 2); -- $url .= $trtable[strtolower($a[0])] . '=' . urlencode($a[1]) . '&'; -+ $data[strtolower($a[0])] = $a[1]; - } - } -- $url = 'send_to=' . urlencode($emailaddress) . '&' . $url; -+ $data['to'] = $emailaddress; - - /* CC, BCC, etc could be any case, so we'll fix them here */ - foreach($_GET as $k=>$g) { - $k = strtolower($k); - if(isset($trtable[$k])) { - $k = $trtable[$k]; -- $url .= $k . '=' . urlencode($g) . '&'; -+ $data[$k] = $g; - } - } -- $url = substr($url, 0, -1); - } - sqsession_is_active(); - - if($force_login == false && sqsession_is_registered('user_is_logged_in')) { - if($compose_only == true) { -- $redirect = 'compose.php?' . $url; -+ $redirect = 'compose.php?mailtodata=' . urlencode(serialize($data)); - } else { -- $redirect = 'webmail.php?right_frame=compose.php?' . urlencode($url); -+ $redirect = 'webmail.php?mailtodata=' . urlencode(serialize($data)); - } - } else { -- $redirect = 'login.php?mailto=' . urlencode($url); -+ $redirect = 'login.php?mailtodata=' . urlencode(serialize($data)); - } - - session_write_close(); - header('Location: ' . get_location() . '/' . $redirect); - --?> -\ No newline at end of file -+?> -diff -Naurp squirrelmail-1.5.1.orig/src/redirect.php squirrelmail-1.5.1/src/redirect.php ---- squirrelmail-1.5.1.orig/src/redirect.php 2007-05-21 09:14:13.000000000 -0700 -+++ squirrelmail-1.5.1/src/redirect.php 2007-05-21 09:25:34.000000000 -0700 -@@ -50,7 +50,7 @@ sqGetGlobalVar('secretkey', $secretkey); - if(!sqGetGlobalVar('squirrelmail_language', $squirrelmail_language) || $squirrelmail_language == '') { - $squirrelmail_language = $squirrelmail_default_language; - } --if (!sqgetGlobalVar('mailto', $mailto)) { -+if (!sqgetGlobalVar('mailtodata', $mailtodata)) { - $mailto = ''; - } - -@@ -154,9 +154,9 @@ if ( sqgetGlobalVar('session_expired_loc - } - unset($session_expired_location); - } --if($mailto != '') { -- $redirect_url = $location . '/webmail.php?right_frame=compose.php&mailto='; -- $redirect_url .= urlencode($mailto); -+if($mailtodata != '') { -+ $redirect_url = $location . '/webmail.php?right_frame=compose.php&mailtodata='; -+ $redirect_url .= urlencode($mailtodata); - } - - /* Write session data and send them off to the appropriate page. */ -diff -Naurp squirrelmail-1.5.1.orig/src/webmail.php squirrelmail-1.5.1/src/webmail.php ---- squirrelmail-1.5.1.orig/src/webmail.php 2007-05-21 09:14:13.000000000 -0700 -+++ squirrelmail-1.5.1/src/webmail.php 2007-05-21 09:26:37.000000000 -0700 -@@ -54,8 +54,10 @@ if (!sqgetGlobalVar('mailbox', $mailbox) - - sqgetGlobalVar('right_frame', $right_frame, SQ_GET); - --if(!sqgetGlobalVar('mailto', $mailto)) { -- $mailto = ''; -+if(sqgetGlobalVar('mailtodata', $mailtodata)) { -+ $mailtourl = 'mailtodata='.urlencode($mailtodata); -+} else { -+ $mailtourl = ''; - } - - is_logged_in(); -@@ -166,7 +168,7 @@ switch($right_frame) { - $right_frame_url = 'folders.php'; - break; - case 'compose.php': -- $right_frame_url = 'compose.php?' . $mailto; -+ $right_frame_url = 'compose.php?' . $mailtourl; - break; - case '': - $right_frame_url = 'right_main.php'; diff --git a/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-6142-mime.patch b/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-6142-mime.patch deleted file mode 100644 index ff1aa74a1020..000000000000 --- a/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2006-6142-mime.patch +++ /dev/null @@ -1,145 +0,0 @@ -diff -Naurp squirrelmail-1.5.1.orig/functions/mime.php squirrelmail-1.5.1/functions/mime.php ---- squirrelmail-1.5.1.orig/functions/mime.php 2006-02-11 03:13:05.000000000 -0800 -+++ squirrelmail-1.5.1/functions/mime.php 2007-05-21 09:32:19.000000000 -0700 -@@ -1132,6 +1132,75 @@ function sq_unspace(&$attvalue){ - } - - /** -+ * Translate all dangerous Unicode or Shift_JIS characters which are acepted by -+ * IE as regular characters. -+ * -+ * @param attvalue The attribute value before dangerous characters are translated. -+ * @return attvalue Nothing, modifies a reference value. -+ * @author Marc Groot Koerkamp. -+ */ -+function sq_fixIE_idiocy(&$attvalue) { -+ // remove NUL -+ $attvalue = str_replace("\0", "", $attvalue); -+ // remove comments -+ $attvalue = preg_replace("/(\/\*.*?\*\/)/","",$attvalue); -+ -+ // IE has the evil habit of excepting every possible value for the attribute expression -+ // The table below contain characters which are valid in IE if they are used in the "expression" -+ // attribute value. -+ $aDangerousCharsReplacementTable = array( -+ array('ʟ', 'ʟ' ,/* L UNICODE IPA Extension */ -+ 'ʀ', 'ʀ' ,/* R UNICODE IPA Extension */ -+ 'ɴ', 'ɴ' ,/* N UNICODE IPA Extension */ -+ 'E', 'E' ,/* Unicode FULLWIDTH LATIN CAPITAL LETTER E */ -+ 'e', 'e' ,/* Unicode FULLWIDTH LATIN SMALL LETTER E */ -+ 'X', 'X',/* Unicode FULLWIDTH LATIN CAPITAL LETTER X */ -+ 'x', 'x',/* Unicode FULLWIDTH LATIN SMALL LETTER X */ -+ 'P', 'P',/* Unicode FULLWIDTH LATIN CAPITAL LETTER P */ -+ 'p', 'p',/* Unicode FULLWIDTH LATIN SMALL LETTER P */ -+ 'R', 'R',/* Unicode FULLWIDTH LATIN CAPITAL LETTER R */ -+ 'r', 'r',/* Unicode FULLWIDTH LATIN SMALL LETTER R */ -+ 'S', 'S',/* Unicode FULLWIDTH LATIN CAPITAL LETTER S */ -+ 's', 's',/* Unicode FULLWIDTH LATIN SMALL LETTER S */ -+ 'I', 'I',/* Unicode FULLWIDTH LATIN CAPITAL LETTER I */ -+ 'i', 'i',/* Unicode FULLWIDTH LATIN SMALL LETTER I */ -+ 'O', 'O',/* Unicode FULLWIDTH LATIN CAPITAL LETTER O */ -+ 'o', 'o',/* Unicode FULLWIDTH LATIN SMALL LETTER O */ -+ 'N', 'N',/* Unicode FULLWIDTH LATIN CAPITAL LETTER N */ -+ 'n', 'n',/* Unicode FULLWIDTH LATIN SMALL LETTER N */ -+ 'L', 'L',/* Unicode FULLWIDTH LATIN CAPITAL LETTER L */ -+ 'l', 'l',/* Unicode FULLWIDTH LATIN SMALL LETTER L */ -+ 'U', 'U',/* Unicode FULLWIDTH LATIN CAPITAL LETTER U */ -+ 'u', 'u',/* Unicode FULLWIDTH LATIN SMALL LETTER U */ -+ 'ⁿ', 'ⁿ' ,/* Unicode SUPERSCRIPT LATIN SMALL LETTER N */ -+ '艤', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER E */ // in unicode this is some chinese char range -+ '芅', /* Shift JIS FULLWIDTH LATIN SMALL LETTER E */ -+ '艷', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER X */ -+ '芘', /* Shift JIS FULLWIDTH LATIN SMALL LETTER X */ -+ '良', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER P */ -+ '芐', /* Shift JIS FULLWIDTH LATIN SMALL LETTER P */ -+ '艱', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER R */ -+ '芒', /* Shift JIS FULLWIDTH LATIN SMALL LETTER R */ -+ '色', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER S */ -+ '芓', /* Shift JIS FULLWIDTH LATIN SMALL LETTER S */ -+ '艨', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER I */ -+ '芉', /* Shift JIS FULLWIDTH LATIN SMALL LETTER I */ -+ '艮', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER O */ -+ '芏', /* Shift JIS FULLWIDTH LATIN SMALL LETTER O */ -+ '艭', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER N */ -+ '芎'), /* Shift JIS FULLWIDTH LATIN SMALL LETTER N */ -+ array('l', 'l', 'r','r','n','n', -+ 'E','E','e','e','X','X','x','x','P','P','p','p','S','S','s','s','I','I', -+ 'i','i','O','O','o','o','N','N','n','n','L','L','l','l','U','U','u','u','n', -+ 'E','e','X','x','P','p','S','s','I','i','O','o','N','n')); -+ $attvalue = str_replace($aDangerousCharsReplacementTable[0],$aDangerousCharsReplacementTable[1],$attvalue); -+ -+ // Escapes are usefull for special characters like "{}[]()'&. In other cases they are -+ // used for XSS -+ $attvalue = preg_replace("/(\\\\)([a-zA-Z]{1})/",'$2',$attvalue); -+} -+ -+/** - * This function returns the final tag out of the tag name, an array - * of attributes, and the type of the tag. This function is called by - * sq_sanitize internally. -@@ -1597,10 +1666,23 @@ function sq_fixatts($tagname, - } - } - } -+ -+ /** -+ * Workaround for IE quirks -+ */ -+ sq_fixIE_idiocy($attvalue); -+ - /** - * Remove any backslashes, entities, and extraneous whitespace. - */ -+ $oldattvalue = $attvalue; - sq_defang($attvalue); -+ if ($attname == 'style' && $attvalue !== $oldattvalue) { -+ // entities are used in the attribute value. In 99% of the cases it's there as XSS -+ // i.e.<div style="{ left:expʀessioɴ( alert('XSS') ) }"> -+ $attvalue = "idiocy"; -+ $attary{$attname} = $attvalue; -+ } - sq_unspace($attvalue); - - /** -@@ -1694,14 +1776,18 @@ function sq_fixstyle($body, $pos, $messa - */ - $content = preg_replace("|body(\s*\{.*?\})|si", ".bodyclass\\1", $content); - $secremoveimg = '../images/' . _("sec_remove_eng.png"); -+ -+ // IE Sucks hard. We have a special function for it. -+ sq_fixIE_idiocy($content); -+ -+ // remove @import line -+ $content = preg_replace("/^\s*(@import.*)$/mi","\n<!-- @import rules forbidden -->\n",$content); -+ - /** - * Fix url('blah') declarations. - */ - // $content = preg_replace("|url\s*\(\s*([\'\"])\s*\S+script\s*:.*?([\'\"])\s*\)|si", - // "url(\\1$secremoveimg\\2)", $content); -- // remove NUL -- $content = str_replace("\0", "", $content); -- - // NB I insert NUL characters to keep to avoid an infinite loop. They are removed after the loop. - while (preg_match("/url\s*\(\s*[\'\"]?([^:]+):(.*)?[\'\"]?\s*\)/si", $content, $matches)) { - $sProto = strtolower($matches[1]); -@@ -1759,8 +1845,10 @@ function sq_fixstyle($body, $pos, $messa - '/expression/i', - '/behaviou*r/i', - '/binding/i', -- '/include-source/i'); -- $replace = Array('','idiocy', 'idiocy', 'idiocy', 'idiocy'); -+ '/include-source/i', -+ '/javascript/i', -+ '/script/i'); -+ $replace = Array('','idiocy', 'idiocy', 'idiocy', 'idiocy', 'idiocy', 'idiocy'); - $contentNew = preg_replace($match, $replace, $contentTemp); - if ($contentNew !== $contentTemp) { - // insecure css declarations are used. From now on we don't care -@@ -2387,4 +2475,4 @@ function SendDownloadHeaders($type0, $ty - - } // end fn SendDownloadHeaders - --?> -\ No newline at end of file -+?> diff --git a/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2007-1262.patch b/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2007-1262.patch deleted file mode 100644 index d5accd6c8eb2..000000000000 --- a/mail-client/squirrelmail/files/squirrelmail-1.5.1-CVE-2007-1262.patch +++ /dev/null @@ -1,433 +0,0 @@ -diff -Naurp squirrelmail-1.5.1.orig/functions/mime.php squirrelmail-1.5.1/functions/mime.php ---- squirrelmail-1.5.1.orig/functions/mime.php 2007-05-21 09:57:36.000000000 -0700 -+++ squirrelmail-1.5.1/functions/mime.php 2007-05-21 09:58:36.000000000 -0700 -@@ -428,13 +428,16 @@ function formatBody($imap_stream, $messa - $body.="</iframe></div>\n"; - } else { - // old way of html rendering -- $body = magicHTML($body, $id, $message, $mailbox); - /** - * convert character set. charset_decode does not remove html special chars - * applied by magicHTML functions and does not sanitize them second time if - * fourth argument is true. - */ -- $body = charset_decode($body_message->header->getParameter('charset'),$body,false,true); -+ $charset = $body_message->header->getParameter('charset'); -+ if (!empty($charset)) { -+ $body = charset_decode($charset,$body,false,true); -+ } -+ $body = magicHTML($body, $id, $message, $mailbox); - } - } else { - translateText($body, $wrap_at, -@@ -1156,8 +1159,8 @@ function sq_fixIE_idiocy(&$attvalue) { - array('ʟ', 'ʟ' ,/* L UNICODE IPA Extension */ - 'ʀ', 'ʀ' ,/* R UNICODE IPA Extension */ - 'ɴ', 'ɴ' ,/* N UNICODE IPA Extension */ -- 'E', 'E' ,/* Unicode FULLWIDTH LATIN CAPITAL LETTER E */ -- 'e', 'e' ,/* Unicode FULLWIDTH LATIN SMALL LETTER E */ -+ 'E', 'E' ,/* Unicode FULLWIDTH LATIN CAPITAL LETTER E */ -+ 'e', 'e' ,/* Unicode FULLWIDTH LATIN SMALL LETTER E */ - 'X', 'X',/* Unicode FULLWIDTH LATIN CAPITAL LETTER X */ - 'x', 'x',/* Unicode FULLWIDTH LATIN SMALL LETTER X */ - 'P', 'P',/* Unicode FULLWIDTH LATIN CAPITAL LETTER P */ -@@ -1177,26 +1180,34 @@ function sq_fixIE_idiocy(&$attvalue) { - 'U', 'U',/* Unicode FULLWIDTH LATIN CAPITAL LETTER U */ - 'u', 'u',/* Unicode FULLWIDTH LATIN SMALL LETTER U */ - 'ⁿ', 'ⁿ' ,/* Unicode SUPERSCRIPT LATIN SMALL LETTER N */ -- '艤', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER E */ // in unicode this is some chinese char range -- '芅', /* Shift JIS FULLWIDTH LATIN SMALL LETTER E */ -- '艷', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER X */ -- '芘', /* Shift JIS FULLWIDTH LATIN SMALL LETTER X */ -- '良', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER P */ -- '芐', /* Shift JIS FULLWIDTH LATIN SMALL LETTER P */ -- '艱', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER R */ -- '芒', /* Shift JIS FULLWIDTH LATIN SMALL LETTER R */ -- '色', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER S */ -- '芓', /* Shift JIS FULLWIDTH LATIN SMALL LETTER S */ -- '艨', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER I */ -- '芉', /* Shift JIS FULLWIDTH LATIN SMALL LETTER I */ -- '艮', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER O */ -- '芏', /* Shift JIS FULLWIDTH LATIN SMALL LETTER O */ -- '艭', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER N */ -- '芎'), /* Shift JIS FULLWIDTH LATIN SMALL LETTER N */ -+ "\xEF\xBC\xA5", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER E */ // in unicode this is some Chinese char range -+ "\xEF\xBD\x85", /* Shift JIS FULLWIDTH LATIN SMALL LETTER E */ -+ "\xEF\xBC\xB8", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER X */ -+ "\xEF\xBD\x98", /* Shift JIS FULLWIDTH LATIN SMALL LETTER X */ -+ "\xEF\xBC\xB0", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER P */ -+ "\xEF\xBD\x90", /* Shift JIS FULLWIDTH LATIN SMALL LETTER P */ -+ "\xEF\xBC\xB2", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER R */ -+ "\xEF\xBD\x92", /* Shift JIS FULLWIDTH LATIN SMALL LETTER R */ -+ "\xEF\xBC\xB3", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER S */ -+ "\xEF\xBD\x93", /* Shift JIS FULLWIDTH LATIN SMALL LETTER S */ -+ "\xEF\xBC\xA9", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER I */ -+ "\xEF\xBD\x89", /* Shift JIS FULLWIDTH LATIN SMALL LETTER I */ -+ "\xEF\xBC\xAF", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER O */ -+ "\xEF\xBD\x8F", /* Shift JIS FULLWIDTH LATIN SMALL LETTER O */ -+ "\xEF\xBC\xAE", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER N */ -+ "\xEF\xBD\x8E", /* Shift JIS FULLWIDTH LATIN SMALL LETTER N */ -+ "\xEF\xBC\xAC", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER L */ -+ "\xEF\xBD\x8C", /* Shift JIS FULLWIDTH LATIN SMALL LETTER L */ -+ "\xEF\xBC\xB5", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER U */ -+ "\xEF\xBD\x95", /* Shift JIS FULLWIDTH LATIN SMALL LETTER U */ -+ "\xE2\x81\xBF", /* Shift JIS FULLWIDTH SUPERSCRIPT N */ -+ "\xCA\x9F", /* L UNICODE IPA Extension */ -+ "\xCA\x80", /* R UNICODE IPA Extension */ -+ "\xC9\xB4"), /* N UNICODE IPA Extension */ - array('l', 'l', 'r','r','n','n', -- 'E','E','e','e','X','X','x','x','P','P','p','p','S','S','s','s','I','I', -- 'i','i','O','O','o','o','N','N','n','n','L','L','l','l','U','U','u','u','n', -- 'E','e','X','x','P','p','S','s','I','i','O','o','N','n')); -+ 'E','E','e','e','X','X','x','x','P','P','p','p','R','R','r','r','S','S','s','s','I','I', -+ 'i','i','O','O','o','o','N','N','n','n','L','L','l','l','U','U','u','u','n','n', -+ 'E','e','X','x','P','p','R','r','S','s','I','i','O','o','N','n','L','l','U','u','n','l','r','n')); - $attvalue = str_replace($aDangerousCharsReplacementTable[0],$aDangerousCharsReplacementTable[1],$attvalue); - - // Escapes are usefull for special characters like "{}[]()'&. In other cases they are -@@ -1709,38 +1720,34 @@ function sq_fixatts($tagname, - preg_replace($valmatch, $valrepl, $attvalue); - if ($newvalue != $attvalue){ - $attary{$attname} = $newvalue; -+ $attvalue = $newvalue; - } - } - } - } - } -- -- /** -- * Replace empty src tags with the blank image. src is only used -- * for frames, images, and image inputs. Doing a replace should -- * not affect them working as should be, however it will stop -- * IE from being kicked off when src for img tags are not set -- */ -- if (($attname == 'src') && ($attvalue == '""')) { -- $attary{$attname} = '"' . SM_PATH . 'images/blank.png"'; -- } -- -- /** -- * Turn cid: urls into http-friendly ones. -- */ -- if (preg_match("/^[\'\"]\s*cid:/si", $attvalue)){ -- $attary{$attname} = sq_cid2http($message, $id, $attvalue, $mailbox); -+ if ($attname == 'style') { -+ if (preg_match('/[\0-\37\200-\377]+/',$attvalue)) { -+ // 8bit and control characters in style attribute values can be used for XSS, remove them -+ $attary{$attname} = '"disallowed character"'; -+ } -+ preg_match_all("/url\s*\((.+)\)/si",$attvalue,$aMatch); -+ if (count($aMatch)) { -+ foreach($aMatch[1] as $sMatch) { -+ // url value -+ $urlvalue = $sMatch; -+ sq_fix_url($attname, $urlvalue, $message, $id, $mailbox,"'"); -+ $attary{$attname} = str_replace($sMatch,$urlvalue,$attvalue); -+ } -+ } - } -- - /** -- * "Hack" fix for Outlook using propriatary outbind:// protocol in img tags. -- * One day MS might actually make it match something useful, for now, falling -- * back to using cid2http, so we can grab the blank.png. -+ * Use white list based filtering on attributes which can contain url's - */ -- if (preg_match("/^[\'\"]\s*outbind:\/\//si", $attvalue)) { -- $attary{$attname} = sq_cid2http($message, $id, $attvalue, $mailbox); -+ else if ($attname == 'href' || $attname == 'src' || $attname == 'background') { -+ sq_fix_url($attname, $attvalue, $message, $id, $mailbox); -+ $attary{$attname} = $attvalue; - } -- - } - /** - * See if we need to append any attributes to this tag. -@@ -1754,6 +1761,98 @@ function sq_fixatts($tagname, - } - - /** -+ * This function filters url's -+ * -+ * @param $attvalue String with attribute value to filter -+ * @param $message message object -+ * @param $id message id -+ * @param $mailbox mailbox -+ * @param $sQuote quoting characters around url's -+ */ -+function sq_fix_url($attname, &$attvalue, $message, $id, $mailbox,$sQuote = '"') { -+ $attvalue = trim($attvalue); -+ if ($attvalue && ($attvalue[0] =='"'|| $attvalue[0] == "'")) { -+ // remove the double quotes -+ $sQuote = $attvalue[0]; -+ $attvalue = trim(substr($attvalue,1,-1)); -+ } -+ -+ if( !sqgetGlobalVar('view_unsafe_images', $view_unsafe_images, SQ_GET) ) { -+ $view_unsafe_images = false; -+ } -+ $secremoveimg = '../images/' . _("sec_remove_eng.png"); -+ -+ /** -+ * Replace empty src tags with the blank image. src is only used -+ * for frames, images, and image inputs. Doing a replace should -+ * not affect them working as should be, however it will stop -+ * IE from being kicked off when src for img tags are not set -+ */ -+ if ($attvalue == '') { -+ $attvalue = '"' . SM_PATH . 'images/blank.png"'; -+ } else { -+ // first, disallow 8 bit characters and control characters -+ if (preg_match('/[\0-\37\200-\377]+/',$attvalue)) { -+ switch ($attname) { -+ case 'href': -+ $attvalue = $sQuote . 'http://invalid-stuff-detected.example.com' . $sQuote; -+ break; -+ default: -+ $attvalue = $sQuote . SM_PATH . 'images/blank.png'. $sQuote; -+ break; -+ } -+ } else { -+ $aUrl = parse_url($attvalue); -+ if (isset($aUrl['scheme'])) { -+ switch(strtolower($aUrl['scheme'])) { -+ case 'http': -+ case 'https': -+ case 'ftp': -+ if ($attname != 'href') { -+ if ($view_unsafe_images == false) { -+ $attvalue = $sQuote . $secremoveimg . $sQuote; -+ } else { -+ if (isset($aUrl['path'])) { -+ // validate image extension. -+ $ext = strtolower(substr($aUrl['path'],strrpos($aUrl['path'],'.'))); -+ if (!in_array($ext,array('.jpeg','.jpg','xjpeg','.gif','.bmp','.jpe','.png','.xbm'))) { -+ $attvalue = $sQuote . SM_PATH . 'images/blank.png'. $sQuote; -+ } -+ } else { -+ $attvalue = $sQuote . SM_PATH . 'images/blank.png'. $sQuote; -+ } -+ } -+ } -+ break; -+ case 'outbind': -+ /** -+ * "Hack" fix for Outlook using propriatary outbind:// protocol in img tags. -+ * One day MS might actually make it match something useful, for now, falling -+ * back to using cid2http, so we can grab the blank.png. -+ */ -+ $attvalue = sq_cid2http($message, $id, $attvalue, $mailbox); -+ break; -+ case 'cid': -+ /** -+ * Turn cid: urls into http-friendly ones. -+ */ -+ $attvalue = sq_cid2http($message, $id, $attvalue, $mailbox); -+ break; -+ default: -+ $attvalue = $sQuote . SM_PATH . 'images/blank.png' . $sQuote; -+ break; -+ } -+ } else { -+ if (!(isset($aUrl['path']) && $aUrl['path'] == $secremoveimg)) { -+ // parse_url did not lead to satisfying result -+ $attvalue = $sQuote . SM_PATH . 'images/blank.png' . $sQuote; -+ } -+ } -+ } -+ } -+} -+ -+/** - * This function edits the style definition to make them friendly and - * usable in SquirrelMail. - * -@@ -1781,59 +1880,40 @@ function sq_fixstyle($body, $pos, $messa - $content = preg_replace("|body(\s*\{.*?\})|si", ".bodyclass\\1", $content); - $secremoveimg = '../images/' . _("sec_remove_eng.png"); - -- // IE Sucks hard. We have a special function for it. -- sq_fixIE_idiocy($content); -- -- // remove @import line -- $content = preg_replace("/^\s*(@import.*)$/mi","\n<!-- @import rules forbidden -->\n",$content); -- - /** - * Fix url('blah') declarations. - */ - // $content = preg_replace("|url\s*\(\s*([\'\"])\s*\S+script\s*:.*?([\'\"])\s*\)|si", - // "url(\\1$secremoveimg\\2)", $content); -- // NB I insert NUL characters to keep to avoid an infinite loop. They are removed after the loop. -- while (preg_match("/url\s*\(\s*[\'\"]?([^:]+):(.*)?[\'\"]?\s*\)/si", $content, $matches)) { -- $sProto = strtolower($matches[1]); -- switch ($sProto) { -- /** -- * Fix url('https*://.*) declarations but only if $view_unsafe_images -- * is false. -- */ -- case 'https': -- case 'http': -- if (!$view_unsafe_images){ -+ // first check for 8bit sequences and disallowed control characters -+ if (preg_match('/[\16-\37\200-\377]+/',$content)) { -+ $content = '<!-- style block removed by html filter due to presence of 8bit characters -->'; - -- $sExpr = "/url\s*\(\s*[\'\"]?\s*$sProto*:.*[\'\"]?\s*\)/si"; -- $content = preg_replace($sExpr, "u\0r\0l(\\1$secremoveimg\\2)", $content); -+ return array($content, $newpos); -+ } - -- } else { -- $content = preg_replace('/url/i',"u\0r\0l",$content); -- } -- break; -- /** -- * Fix urls that refer to cid: -- */ -- case 'cid': -- $cidurl = 'cid:'. $matches[2]; -- $httpurl = sq_cid2http($message, $id, $cidurl, $mailbox); -- // escape parentheses that can modify the regular expression -- $cidurl = str_replace(array('(',')'),array('\\(','\\)'),$cidurl); -- $content = preg_replace("|url\s*\(\s*$cidurl\s*\)|si", -- "u\0r\0l($httpurl)", $content); -- break; -- default: -- /** -- * replace url with protocol other then the white list -- * http,https and cid by an empty string. -- */ -- $content = preg_replace("/url\s*\(\s*[\'\"]?([^:]+):(.*)?[\'\"]?\s*\)/si", -- "", $content); -- break; -+ // IE Sucks hard. We have a special function for it. -+ sq_fixIE_idiocy($content); -+ -+ // remove @import line -+ $content = preg_replace("/^\s*(@import.*)$/mi","\n<!-- @import rules forbidden -->\n",$content); -+ -+ // translate ur\l and variations (IE parses that) -+ // TODO check if the sq_fixIE_idiocy function already handles this. -+ $content = preg_replace("/(\\\\)?u(\\\\)?r(\\\\)?l(\\\\)?/i", 'url', $content); -+ preg_match_all("/url\s*\((.+)\)/si",$content,$aMatch); -+ if (count($aMatch)) { -+ $aValue = $aReplace = array(); -+ foreach($aMatch[1] as $sMatch) { -+ // url value -+ $urlvalue = $sMatch; -+ sq_fix_url('style',$urlvalue, $message, $id, $mailbox,"'"); -+ $aValue[] = $sMatch; -+ $aReplace[] = $urlvalue; - } -+ $content = str_replace($aValue,$aReplace,$content); - } -- // remove NUL -- $content = str_replace("\0", "", $content); -+ - /** - * Remove any backslashes, entities, and extraneous whitespace. - */ -@@ -2267,7 +2347,7 @@ function magicHTML($body, $id, $message, - "idiocy", - "idiocy", - "idiocy", -- "", -+ "idiocy", - "url(\\1#\\1)", - "url(\\1#\\1)", - "url(\\1#\\1)", -@@ -2312,7 +2392,7 @@ function magicHTML($body, $id, $message, - $id, - $mailbox - ); -- if (preg_match("|$secremoveimg|i", $trusted)){ -+ if (strpos($trusted,$secremoveimg)){ - $has_unsafe_images = true; - } - -diff -Naurp squirrelmail-1.5.1.orig/src/compose.php squirrelmail-1.5.1/src/compose.php ---- squirrelmail-1.5.1.orig/src/compose.php 2007-05-21 09:57:36.000000000 -0700 -+++ squirrelmail-1.5.1/src/compose.php 2007-05-21 10:00:07.000000000 -0700 -@@ -55,31 +55,37 @@ if (is_array($delayed_errors)) { - } - - /** SESSION/POST/GET VARS */ --sqgetGlobalVar('session',$session); --sqgetGlobalVar('mailbox',$mailbox); --if(!sqgetGlobalVar('identity',$identity)) { -+sqgetGlobalVar('send', $send, SQ_POST); -+// Send can only be achieved by setting $_POST var. If Send = true then -+// retrieve other form fields from $_POST -+if (isset($send) && $send) { -+ $SQ_GLOBAL = SQ_POST; -+} else { -+ $SQ_GLOBAL = SQ_FORM; -+} -+sqgetGlobalVar('session',$session, $SQ_GLOBAL); -+sqgetGlobalVar('mailbox',$mailbox, $SQ_GLOBAL); -+if(!sqgetGlobalVar('identity',$identity, $SQ_GLOBAL)) { - $identity=0; - } --sqgetGlobalVar('send_to',$send_to); --sqgetGlobalVar('send_to_cc',$send_to_cc); --sqgetGlobalVar('send_to_bcc',$send_to_bcc); --sqgetGlobalVar('subject',$subject); --sqgetGlobalVar('body',$body); --sqgetGlobalVar('mailprio',$mailprio); --sqgetGlobalVar('request_mdn',$request_mdn); --sqgetGlobalVar('request_dr',$request_dr); --sqgetGlobalVar('html_addr_search',$html_addr_search); --sqgetGlobalVar('mail_sent',$mail_sent); --sqgetGlobalVar('passed_id',$passed_id); --sqgetGlobalVar('passed_ent_id',$passed_ent_id); --sqgetGlobalVar('send',$send); -- --sqgetGlobalVar('attach',$attach); -- --sqgetGlobalVar('draft',$draft); --sqgetGlobalVar('draft_id',$draft_id); --sqgetGlobalVar('ent_num',$ent_num); --sqgetGlobalVar('saved_draft',$saved_draft); -+sqgetGlobalVar('send_to',$send_to, $SQ_GLOBAL); -+sqgetGlobalVar('send_to_cc',$send_to_cc, $SQ_GLOBAL); -+sqgetGlobalVar('send_to_bcc',$send_to_bcc, $SQ_GLOBAL); -+sqgetGlobalVar('subject',$subject, $SQ_GLOBAL); -+sqgetGlobalVar('body',$body, $SQ_GLOBAL); -+sqgetGlobalVar('mailprio',$mailprio, $SQ_GLOBAL); -+sqgetGlobalVar('request_mdn',$request_mdn, $SQ_GLOBAL); -+sqgetGlobalVar('request_dr',$request_dr, $SQ_GLOBAL); -+sqgetGlobalVar('html_addr_search',$html_addr_search, $SQ_GLOBAL); -+sqgetGlobalVar('mail_sent',$mail_sent, $SQ_GLOBAL); -+sqgetGlobalVar('passed_id',$passed_id, $SQ_GLOBAL); -+sqgetGlobalVar('passed_ent_id',$passed_ent_id, $SQ_GLOBAL); -+ -+sqgetGlobalVar('attach',$attach, SQ_POST); -+sqgetGlobalVar('draft',$draft, SQ_POST); -+sqgetGlobalVar('draft_id',$draft_id, $SQ_GLOBAL); -+sqgetGlobalVar('ent_num',$ent_num, $SQ_GLOBAL); -+sqgetGlobalVar('saved_draft',$saved_draft, SQ_FORM); - - if ( sqgetGlobalVar('delete_draft',$delete_draft) ) { - $delete_draft = (int)$delete_draft; -@@ -1765,4 +1771,4 @@ function deliverMessage($composeMessage, - return $success; - } - --?> -\ No newline at end of file -+?> -diff -Naurp squirrelmail-1.5.1.orig/src/view_text.php squirrelmail-1.5.1/src/view_text.php ---- squirrelmail-1.5.1.orig/src/view_text.php 2006-02-05 03:18:50.000000000 -0800 -+++ squirrelmail-1.5.1/src/view_text.php 2007-05-21 09:58:36.000000000 -0700 -@@ -70,10 +70,10 @@ if (isset($languages[$squirrelmail_langu - } - - if ($type1 == 'html' || (isset($override_type1) && $override_type1 == 'html')) { -- $body = MagicHTML( $body, $passed_id, $message, $mailbox); - // html attachment with character set information - if (! empty($charset)) - $body = charset_decode($charset,$body,false,true); -+ $body = MagicHTML( $body, $passed_id, $message, $mailbox); - } else { - translateText($body, $wrap_at, $charset); - } diff --git a/mail-client/squirrelmail/files/squirrelmail-1.5.1-ie-mime.patch b/mail-client/squirrelmail/files/squirrelmail-1.5.1-ie-mime.patch deleted file mode 100644 index 1b7eac318f06..000000000000 --- a/mail-client/squirrelmail/files/squirrelmail-1.5.1-ie-mime.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff -u -r1.265.2.69 mime.php ---- functions/mime.php 2 Dec 2006 09:57:21 -0000 1.265.2.69 -+++ functions/mime.php 2 Dec 2006 14:30:29 -0000 -@@ -477,7 +477,11 @@ - if ($where && $what) { - $defaultlink .= '&where='. urlencode($where).'&what='.urlencode($what); - } -- -+ // IE does make use of mime content sniffing. Forcing a download -+ // prohibit execution of XSS inside an application/octet-stream attachment -+ if ($type0 == 'application' && $type1 == 'octet-stream') { -+ $defaultlink .= '&absolute_dl=true'; -+ } - /* This executes the attachment hook with a specific MIME-type. - * If that doesn't have results, it tries if there's a rule - * for a more generic type. Finally, a hook for ALL attachment -@@ -2195,11 +2253,15 @@ - - // This works for most types, but doesn't work with Word files - header ("Content-Type: application/download; name=\"$filename\""); -- -+ // This is to prevent IE for MIME sniffing and auto open a file in IE -+ header ("Content-Type: application/force-download; name=\"$filename\""); - // These are spares, just in case. :-) - //header("Content-Type: $type0/$type1; name=\"$filename\""); - //header("Content-Type: application/x-msdownload; name=\"$filename\""); - //header("Content-Type: application/octet-stream; name=\"$filename\""); -+ } else if ($isIE) { -+ // This is to prevent IE for MIME sniffing and auto open a file in IE -+ header ("Content-Type: application/force-download; name=\"$filename\""); - } else { - // another application/octet-stream forces download for Netscape - header ("Content-Type: application/octet-stream; name=\"$filename\""); diff --git a/mail-client/squirrelmail/files/squirrelmail-1.5.1-sqimap_get_message.patch b/mail-client/squirrelmail/files/squirrelmail-1.5.1-sqimap_get_message.patch deleted file mode 100644 index a96bc137b3a1..000000000000 --- a/mail-client/squirrelmail/files/squirrelmail-1.5.1-sqimap_get_message.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naurp squirrelmail-1.5.1.orig/functions/imap_messages.php squirrelmail-1.5.1/functions/imap_messages.php ---- squirrelmail-1.5.1.orig/functions/imap_messages.php 2006-02-12 10:21:50.000000000 -0800 -+++ squirrelmail-1.5.1/functions/imap_messages.php 2007-06-10 09:08:46.000000000 -0700 -@@ -923,7 +923,7 @@ function sqimap_get_message($imap_stream - if ($read) { - if (preg_match('/.+FLAGS\s\((.*)\)\s/AUi',$read[0],$regs)) { - if (trim($regs[1])) { -- $flags = preg_split('/ /', $regs[1],-1,'PREG_SPLIT_NI_EMPTY'); -+ $flags = preg_split('/ /', $regs[1],-1,PREG_SPLIT_NO_EMPTY); - } - } - } else { diff --git a/mail-client/squirrelmail/files/squirrelmail-gpg-2.1-CVE-2005-1924.patch b/mail-client/squirrelmail/files/squirrelmail-gpg-2.1-CVE-2005-1924.patch deleted file mode 100644 index bae081657ae2..000000000000 --- a/mail-client/squirrelmail/files/squirrelmail-gpg-2.1-CVE-2005-1924.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -Naurp squirrelmail-1.4.10a.orig/plugins/gpg/gpg_key_functions.php squirrelmail-1.4.10a/plugins/gpg/gpg_key_functions.php ---- squirrelmail-1.4.10a.orig/plugins/gpg/gpg_key_functions.php 2007-07-07 13:03:42.000000000 -0700 -+++ squirrelmail-1.4.10a/plugins/gpg/gpg_key_functions.php 2007-07-15 18:22:35.000000000 -0700 -@@ -695,6 +695,9 @@ function gpg_recv_key($searchkeyid,$debu - if (!$keyserver) { - $keyserver = getPref($data_dir,$username,'keyserver'); - } -+ -+ $keyserver = escapeshellarg($keyserver); -+ - // import - // the following line redirects the output to stderr: 2>&1 - // use --import -@@ -1172,4 +1175,4 @@ function gpg_generate_keypair($debug, $r - * added $Log directive to broken out functions file. - * - */ --?> -\ No newline at end of file -+?> -diff -Naurp squirrelmail-1.4.10a.orig/plugins/gpg/gpg_keyring.php squirrelmail-1.4.10a/plugins/gpg/gpg_keyring.php ---- squirrelmail-1.4.10a.orig/plugins/gpg/gpg_keyring.php 2007-07-07 13:03:42.000000000 -0700 -+++ squirrelmail-1.4.10a/plugins/gpg/gpg_keyring.php 2007-07-15 18:18:28.000000000 -0700 -@@ -454,6 +454,7 @@ class gpg_keyring { - } - - //Make and execute the delete command -+ $fpr = escapeshellarg($fpr); - $params = "--yes --homedir $gpg_key_dir $flag $fpr"; - $return=gpg_execute($debug,$params); - $returnval=$return['returnval']; -@@ -872,4 +873,4 @@ class gpg_keyring { - * Initial Revision - * new file for up-and-coming keyring class - */ --?> -\ No newline at end of file -+?> |