Sanitize user-supplied attachment filename [CVE-2018-8741]

[squirrelmail.git] / src / login.php

diff --git a/src/login.php b/src/login.php
index 536ca9acf0a6f2bdebac87bf4a54dc76cc30fc94..fc5a4bf910f3e204298d58ad86a64e39d3771772 100644 (file)
--- a/src/login.php
+++ b/src/login.php
@@ -6,7 +6,7 @@
  * This a simple login screen. Some housekeeping is done to clean
  * cookies and find language.
  *
- * @copyright 1999-2015 The SquirrelMail Project Team
+ * @copyright 1999-2018 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -101,7 +101,8 @@ if (! isset($color) || ! is_array($color)) {
 }
 
 // if any plugin returns TRUE here, the standard page header will be skipped
-if (!boolean_hook_function('login_before_page_header', array($header), 1))
+$temp = array($header);
+if (!boolean_hook_function('login_before_page_header', $temp, 1))
     displayHtmlHeader( "$org_name - " . _("Login"), $header, FALSE );