projects / squirrelmail.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f34bb4e)
Protect message deletion with security token system. (Secunia Advisory SA34627)
authorpdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Mon, 17 Aug 2009 23:18:47 +0000 (23:18 +0000)
committerpdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Mon, 17 Aug 2009 23:18:47 +0000 (23:18 +0000)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13826 7612ce4b-ef26-0410-bec9-ea0150e637f0

functions/mailbox_display.php patch | blob | blame | history
src/read_body.php patch | blob | blame | history

diff --git a/functions/mailbox_display.php b/functions/mailbox_display.php
index 3b917b741ab322a450b8f5cfe7a08ce205b6afb4..66cd62fe183f00880b38cf67c4e1625c37839793 100644 (file)
--- a/functions/mailbox_display.php
+++ b/functions/mailbox_display.php
@@ -1343,8 +1343,7 @@ function handleMessageListForm($imapConnection, &$aMailbox, $sButton='',
 
         // don't do anything to any messages until we have done security check
         // FIXME: not sure this code really belongs here, but there's nowhere else to put it with this architecture
-        // FIXME: we might need to open this up to SQ_FORM instead, especially for plugins (?)
-        sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
+        sqgetGlobalVar('smtoken', $submitted_token, SQ_GET, '');
         sm_validate_security_token($submitted_token, 3600, TRUE);
 
         // make sure message UIDs are sanitized (BIGINT)
diff --git a/src/read_body.php b/src/read_body.php
index 11129f8862d16f8fa17fd130650072dc88164b5e..ab3f7040bb759c247f93b9339b6f9f9340184e45 100644 (file)
--- a/src/read_body.php
+++ b/src/read_body.php
@@ -554,7 +554,8 @@ function formatMenubar($aMailbox, $passed_id, $passed_ent_id, $message,
                        '&amp;mailbox='.$urlMailbox.'&amp;sort='.$sort.
                        '&amp;startMessage='.$startMessage.'&amp;show_more=0'.
                        "&amp;where=$where&amp;what=$what" .
-                       '&amp;delete_id='.$passed_id;
+                       '&amp;delete_id='.$passed_id .
+                       '&amp;smtoken='.sm_generate_security_token();
             }
 
             if ($next >= 0) {
@@ -562,7 +563,8 @@ function formatMenubar($aMailbox, $passed_id, $passed_ent_id, $message,
                        '&amp;mailbox='.$urlMailbox.'&amp;sort='.$sort.
                        '&amp;startMessage='.$startMessage.'&amp;show_more=0'.
                        "&amp;where=$where&amp;what=$what" .
-                       '&amp;delete_id='.$passed_id;
+                       '&amp;delete_id='.$passed_id .
+                       '&amp;smtoken='.sm_generate_security_token();
             }
         }
     }
Unnamed repository; edit this file 'description' to name the repository.