- Security: Possible cookie theft in src/redirect.php if

[squirrelmail.git] / src / redirect.php

diff --git a/src/redirect.php b/src/redirect.php
index a071a71cba0d569775e62f4714bc57bb8e5e9258..1ac1bc02bb38e3f3b85ff34d1608e124b2911c38 100644 (file)
--- a/src/redirect.php
+++ b/src/redirect.php
@@ -1,17 +1,15 @@
 <?php
 
 /**
-* redirect.php
-* Derived from webmail.php by Ralf Kraudelt <kraude@wiwi.uni-rostock.de>
-*
-* Copyright (c) 1999-2004 The SquirrelMail Project Team
-* Licensed under the GNU GPL. For full terms see the file COPYING.
-*
-* Prevents users from reposting their form data after a successful logout.
-*
-* @version $Id$
-* @package squirrelmail
-*/
+ * Prevents users from reposting their form data after a successful logout.
+ *
+ * Derived from webmail.php by Ralf Kraudelt <kraude@wiwi.uni-rostock.de>
+ *
+ * @copyright &copy; 1999-2006 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
+ * @version $Id$
+ * @package squirrelmail
+ */
 
 /**
  * Path for SquirrelMail required files.
@@ -60,12 +58,12 @@ if (!sqgetGlobalVar('mailto', $mailto)) {
 
 set_up_language($squirrelmail_language, true);
 /* Refresh the language cookie. */
-setcookie('squirrelmail_language', $squirrelmail_language, time()+2592000, 
+sqsetcookie('squirrelmail_language', $squirrelmail_language, time()+2592000,
           $base_uri);
 
 if (!isset($login_username)) {
     include_once(SM_PATH .  'functions/display_messages.php' );
-    logout_error( _("You must be logged in to access this page.") );    
+    logout_error( _("You must be logged in to access this page.") );
     exit;
 }
 
@@ -87,6 +85,19 @@ if (!sqsession_is_registered('user_is_logged_in')) {
     $imapConnection = sqimap_login($login_username, $key, $imapServerAddress, $imapPort, 0);
 
     $sqimap_capabilities = sqimap_capability($imapConnection);
+
+    /* Server side sorting control */
+    if (isset($sqimap_capabilities['SORT']) && $sqimap_capabilities['SORT'] == true &&
+        isset($disable_server_sort) && $disable_server_sort) {
+        unset($sqimap_capabilities['SORT']);
+    }
+
+    /* Thread sort control */
+    if (isset($sqimap_capabilities['THREAD']) && $sqimap_capabilities['THREAD'] == true &&
+        isset($disable_thread_sort) && $disable_thread_sort) {
+        unset($sqimap_capabilities['THREAD']);
+    }
+
     sqsession_register($sqimap_capabilities, 'sqimap_capabilities');
     $delimiter = sqimap_get_delimiter ($imapConnection);
 
@@ -95,7 +106,7 @@ if (!sqsession_is_registered('user_is_logged_in')) {
 
     $username = $login_username;
     sqsession_register ($username, 'username');
-    setcookie('key', $key, 0, $base_uri);
+    sqsetcookie('key', $key, false, $base_uri);
     do_hook ('login_verified');
 
 }
@@ -141,7 +152,7 @@ if ( sqgetGlobalVar('session_expired_location', $session_expired_location, SQ_SE
 }
 if($mailto != '') {
     $redirect_url  = $location . '/webmail.php?right_frame=compose.php&mailto=';
-    $redirect_url .= $mailto;
+    $redirect_url .= urlencode($mailto);
 }
 
 /* Write session data and send them off to the appropriate page. */
@@ -154,13 +165,13 @@ function attachment_common_parse($str, $debug) {
     global $attachment_common_types, $attachment_common_types_parsed;
 
     $attachment_common_types_parsed[$str] = true;
-    
-    /* 
-     * Replace ", " with "," and explode on that as Mozilla 1.x seems to  
+
+    /*
+     * Replace ", " with "," and explode on that as Mozilla 1.x seems to
      * use "," to seperate whilst IE, and earlier versions of Mozilla use
      * ", " to seperate
      */
-    
+
     $str = str_replace( ', ' , ',' , $str );
     $types = explode(',', $str);