Added security patch

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@1229 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/src/options_order.php b/src/options_order.php
index ffa70ac17f5672f95dcdf7cbe5be7586cb47c09a..670a54897cd27a8c7e2bfceb7b8871462585fb13 100644 (file)
--- a/src/options_order.php
+++ b/src/options_order.php
@@ -81,6 +81,10 @@
          include ('../src/load_prefs.php');
       }
    } else if ($method == 'add' && $add) {
+      // User should not be able to insert PHP-code here
+      $add = str_replace ('<?', '..', $add);
+      $add = ereg_replace ('<.*script.*language.*php.*>', '..', $add);
+      $add = str_replace ('<%', '..', $add);
       $index_order[count($index_order)+1] = $add;
    }