- Security: Possible cookie theft in src/redirect.php if

    register_globals is enabled, and malicous site is running
    in same domain.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@10851 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/ChangeLog b/ChangeLog
index f8825386f462f77d749ffe6b615acd6a34090eb5..3b18f2336c0c4e9d78add4b71892a210a606a7b7 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,9 @@ Version 1.5.2 - CVS
   - Fixed View as HTML link so it doesn't forget it was part of a seach result.
   - Don't use delimiter in IMAP subscription command, when noselect folder is
     created.
+  - Security: Possible cookie theft in src/redirect.php if 
+    register_globals is enabled, and malicous site is running
+    in same domain.
   
        
 Version 1.5.1 (branched on 2006-02-12)

diff --git a/functions/strings.php b/functions/strings.php
index a830024fc0a06f66bbfcf0be2ac5e663d57da32a..613f342c57c28d0ed30b1ece292ba229fc9b0ea3 100644 (file)
--- a/functions/strings.php
+++ b/functions/strings.php
@@ -497,7 +497,7 @@ function sqm_baseuri(){
     /**
      * If it is in the session, just return it.
      */
-    if (isset($base_uri)){
+    if (sqgetGlobalVar('base_uri',$base_uri,SQ_SESSION)){
         return $base_uri;
     }
     $dirs = array('|src/.*|', '|plugins/.*|', '|functions/.*|');