links, and return to message page that originally called from.
- Max upload file size now correctly handles a '-1' value, meaning
unlimited (#1094569).
+ - Security: Added hook for Preferences Backend to resolve potential
+ file inclusions
Version 1.5.0
--------------------
decode_body functions/mime.php hook_func
generic_header functions/page_header.php do_hook
menuline functions/page_header.php do_hook
+ prefs_backend functions/prefs.php hook_func
loading_prefs include/load_prefs.php do_hook
addrbook_html_search_below src/addrbook_search_html.php do_hook
addressbook_bottom src/addressbook.php do_hook
/** Include global.php */
require_once(SM_PATH . 'functions/global.php');
+require_once(SM_PATH . 'functions/plugin.php');
sqgetGlobalVar('prefs_cache', $prefs_cache, SQ_SESSION );
sqgetGlobalVar('prefs_are_cached', $prefs_are_cached, SQ_SESSION );
$prefs_cache = array();
}
-if (isset($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) {
+$prefs_backend = do_hook_function('prefs_backend');
+if (isset($prefs_backend) && !empty($prefs_backend) && file_exists(SM_PATH . $prefs_backend)) {
require_once(SM_PATH . $prefs_backend);
} elseif (isset($prefs_dsn) && !empty($prefs_dsn)) {
require_once(SM_PATH . 'functions/db_prefs.php');
projects / squirrelmail.git / commitdiff