Security: XSS issue in search.php originally reported in stable before 1.4.5

final release, but appears to have been overlooked here.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@10216 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/ChangeLog b/ChangeLog
index 07f2c5a31a0e3f9d02614b2556218c6368dd7efb..5526ba125ec2030400690c9cd093b432855fa4d7 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -461,6 +461,8 @@ Version 1.5.1 -- CVS
   - If you don't have any filters defined, and spam filters are disabled, no
     point issuing a STATUS call on INBOX for the filters plugin.
   - Added folder filtering controls to SMOPT_TYPE_FLDRLIST option widget. 
+  - Security: Fixed possible XSS issue in search feature.  Issue was
+    originally resolved in stable, but changes not migrated forward.
 
 Version 1.5.0 - 2 February 2004
 -------------------------------

diff --git a/src/search.php b/src/search.php
index 526c0035aeaabf8f991ed687c67058b3effb01ba..4e108cfae4d44d21868e8bb59a805e000239e8bd 100644 (file)
--- a/src/search.php
+++ b/src/search.php
@@ -505,7 +505,7 @@ function asearch_get_query_display(&$color, &$mailbox_array, &$biop_array, &$uno
                 $cur_mailbox = 'INBOX';
             $biop = asearch_nz($biop_array[$crit_num]);
             if (($query_display == '') || ($cur_mailbox != $last_mailbox)) {
-                $mailbox_display = ' <b>' . asearch_get_mailbox_display($cur_mailbox) . '</b>';
+                $mailbox_display = ' <b>' . htmlspecialchars(asearch_get_mailbox_display($cur_mailbox)) . '</b>';
                 if ($query_display == '')
                     $biop_display = _("In");
                 else
@@ -714,7 +714,7 @@ function asearch_mailbox_exists($mailbox, &$boxes)
 function asearch_get_form_mailbox($imapConnection, &$boxes, $mailbox, $row_num = 0)
 {
     if (($mailbox != 'All Folders') && (!asearch_mailbox_exists($mailbox, $boxes))) {
-        $missing = asearch_opt($mailbox, $mailbox, '[' . _("Missing") . '] ' . asearch_get_mailbox_display($mailbox));
+        $missing = asearch_opt($mailbox, $mailbox, '[' . _("Missing") . '] ' . htmlspecialchars(asearch_get_mailbox_display($mailbox)));
     } else {
         $missing = '';
     }
@@ -1625,7 +1625,7 @@ if ($submit == $search_button_text) {
                             $mailbox_display = imap_utf7_decode_local($mbx);
                         }
 
-                        echo '<br /><b><big>' . _("Folder:") . ' '. $mailbox_display . '&nbsp;</big></b>';
+                        echo '<br /><b><big>' . _("Folder:") . ' '. htmlspecialchars($mailbox_display) . '&nbsp;</big></b>';
 
                         $oTemplate->display('message_list.tpl');
                     }
@@ -1647,4 +1647,4 @@ sqimap_logout($imapConnection);
 echo '</body></html>';
 sqsession_register($mailbox_cache,'mailbox_cache');
 
-?>
\ No newline at end of file
+?>