squirrelmail.git
22 years agorg=0 fixes
stekkel [Sun, 6 Oct 2002 16:25:10 +0000 (16:25 +0000)]
rg=0 fixes

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3767 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agorg=0 fixes; ReplyCitation fix, Draft save fix
stekkel [Sun, 6 Oct 2002 13:42:16 +0000 (13:42 +0000)]
rg=0 fixes; ReplyCitation fix, Draft save fix

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3766 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoremove debug code
stekkel [Sun, 6 Oct 2002 13:10:12 +0000 (13:10 +0000)]
remove debug code

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3765 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agorg=0 fix & put exit commands after the redirects
stekkel [Sun, 6 Oct 2002 13:08:24 +0000 (13:08 +0000)]
rg=0 fix & put exit commands after the redirects

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3764 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agofix for incorrect PHP_SELF
stekkel [Sun, 6 Oct 2002 13:05:23 +0000 (13:05 +0000)]
fix for incorrect PHP_SELF

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3763 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoUpdated no_NO translation.
gustavf [Fri, 4 Oct 2002 08:04:29 +0000 (08:04 +0000)]
Updated no_NO translation.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3762 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoFirst param is a constant not a string
kink [Thu, 3 Oct 2002 07:30:28 +0000 (07:30 +0000)]
First param is a constant not a string

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3761 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoSome small optimizations
kink [Mon, 30 Sep 2002 19:08:36 +0000 (19:08 +0000)]
Some small optimizations

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3754 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoWriteout session data to disk before redirecting. Suggestion from Thomas.
kink [Mon, 30 Sep 2002 17:34:31 +0000 (17:34 +0000)]
Writeout session data to disk before redirecting. Suggestion from Thomas.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3753 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoUpdated help files for nl_NL
kink [Sun, 29 Sep 2002 14:22:44 +0000 (14:22 +0000)]
Updated help files for nl_NL

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3751 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoMake show_more_(b)cc work again with rg=0
kink [Sun, 29 Sep 2002 09:48:27 +0000 (09:48 +0000)]
Make show_more_(b)cc work again with rg=0

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3748 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agorg=0 fix
stekkel [Fri, 27 Sep 2002 17:33:32 +0000 (17:33 +0000)]
rg=0 fix

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3747 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agofix parsing group related address headers.
stekkel [Fri, 27 Sep 2002 17:24:56 +0000 (17:24 +0000)]
fix parsing group related address headers.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3746 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoRollback previous commit... seems move complicated
kink [Thu, 26 Sep 2002 08:53:01 +0000 (08:53 +0000)]
Rollback previous commit... seems move complicated

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3745 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoMissing var
kink [Thu, 26 Sep 2002 08:40:36 +0000 (08:40 +0000)]
Missing var

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3744 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoDo not use mixed get/post variables because this breaks some browers.
kink [Thu, 26 Sep 2002 08:38:50 +0000 (08:38 +0000)]
Do not use mixed get/post variables because this breaks some browers.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3743 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agorg=0 fix
stekkel [Wed, 25 Sep 2002 19:31:09 +0000 (19:31 +0000)]
rg=0 fix

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3742 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years ago2d try
stekkel [Wed, 25 Sep 2002 19:27:22 +0000 (19:27 +0000)]
2d try

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3741 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agorg=0 fix for attachment_common_types
stekkel [Wed, 25 Sep 2002 19:24:28 +0000 (19:24 +0000)]
rg=0 fix for attachment_common_types

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3740 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agofix for not available attachment_common_types array when rg=0
stekkel [Wed, 25 Sep 2002 19:23:30 +0000 (19:23 +0000)]
fix for not available attachment_common_types array when rg=0

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3739 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agorg=0 updates
stekkel [Wed, 25 Sep 2002 18:41:54 +0000 (18:41 +0000)]
rg=0 updates

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3738 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoinitialize f, replace if elseif .. by switch statement, corrected wrong
stekkel [Wed, 25 Sep 2002 18:21:56 +0000 (18:21 +0000)]
initialize f, replace if elseif ..  by switch statement, corrected wrong
$base_uri

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3737 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agorg=0 d_m_n
kink [Wed, 25 Sep 2002 18:07:15 +0000 (18:07 +0000)]
rg=0 d_m_n

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3735 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agorg=0 fixes
stekkel [Wed, 25 Sep 2002 18:03:52 +0000 (18:03 +0000)]
rg=0 fixes

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3734 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoinclude globals.php
stekkel [Wed, 25 Sep 2002 17:41:14 +0000 (17:41 +0000)]
include globals.php

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3733 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agorg=0 fixes
stekkel [Wed, 25 Sep 2002 17:36:59 +0000 (17:36 +0000)]
rg=0 fixes

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3732 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agorg=0 updates
stekkel [Wed, 25 Sep 2002 17:18:55 +0000 (17:18 +0000)]
rg=0 updates

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3731 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agorg=0
kink [Wed, 25 Sep 2002 17:00:43 +0000 (17:00 +0000)]
rg=0

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3730 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agorg=0
kink [Wed, 25 Sep 2002 16:53:30 +0000 (16:53 +0000)]
rg=0

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3729 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoKeep on going... filters plugin rg=0 compat.
kink [Wed, 25 Sep 2002 16:19:53 +0000 (16:19 +0000)]
Keep on going... filters plugin rg=0 compat.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3728 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoCalendar rg=0
kink [Wed, 25 Sep 2002 16:05:04 +0000 (16:05 +0000)]
Calendar rg=0

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3727 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agomail_fetch => rg=0
kink [Wed, 25 Sep 2002 15:47:16 +0000 (15:47 +0000)]
mail_fetch => rg=0

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3726 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agofix warning: remove define SM_PATH because it's already defined
stekkel [Wed, 25 Sep 2002 14:00:42 +0000 (14:00 +0000)]
fix warning: remove define SM_PATH because it's already defined

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3725 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoinitialize result array (unseen/total count)
stekkel [Wed, 25 Sep 2002 13:58:18 +0000 (13:58 +0000)]
initialize result array (unseen/total count)

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3724 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoFix missing $username when rg=0
kink [Wed, 25 Sep 2002 13:52:57 +0000 (13:52 +0000)]
Fix missing $username when rg=0

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3723 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoMarcos Tadeu von Lutzow Vidal
philippe_mingo [Tue, 24 Sep 2002 09:02:10 +0000 (09:02 +0000)]
Marcos Tadeu von Lutzow Vidal

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3721 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoUpdate for session.auto_start:
sizzlingmercury [Mon, 23 Sep 2002 15:15:22 +0000 (15:15 +0000)]
Update for session.auto_start:
If session is automatically started before the class
definitions are loaded, many functions (compose, certain
parts of read_body, download, etc.) will fail with the
following error:
The script tried to execute a method or access a
property of an incomplete object.

Still to do: ensure that we close the session using
session_write_close() as soon as the page is finished
loading session-specific variables to reduce
contention between frames.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3717 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoFix moving of src directory
kink [Mon, 23 Sep 2002 12:50:08 +0000 (12:50 +0000)]
Fix moving of src directory

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3716 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoFix SRC directory being moved on Windows systems: check whether a file was really...
kink [Mon, 23 Sep 2002 12:31:10 +0000 (12:31 +0000)]
Fix SRC directory being moved on Windows systems: check whether a file was really uploaded;
if not bail out.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3715 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoSome plugins to rg=0: bug_report message_details newmail sent_subfolders spamcop...
kink [Mon, 23 Sep 2002 10:07:55 +0000 (10:07 +0000)]
Some plugins to rg=0: bug_report message_details newmail sent_subfolders spamcop translate

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3713 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoFix for IMAP servers that don't always return a UIDNEXT value
kink [Mon, 23 Sep 2002 08:32:29 +0000 (08:32 +0000)]
Fix for IMAP servers that don't always return a UIDNEXT value

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3712 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoRemoved code we don't use anymore.
stekkel [Mon, 23 Sep 2002 08:08:41 +0000 (08:08 +0000)]
Removed code we don't use anymore.
Cleanup rg=0 initialized vars

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3711 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agorg=0
kink [Sun, 22 Sep 2002 11:20:50 +0000 (11:20 +0000)]
rg=0

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3710 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoKeep on going... rg=0
kink [Sun, 22 Sep 2002 11:09:19 +0000 (11:09 +0000)]
Keep on going... rg=0

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3709 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoEven more rg=0
kink [Sun, 22 Sep 2002 11:02:41 +0000 (11:02 +0000)]
Even more rg=0

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3706 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoMore rg=0
kink [Sat, 21 Sep 2002 20:26:52 +0000 (20:26 +0000)]
More rg=0

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3703 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoWrong include path
kink [Sat, 21 Sep 2002 16:18:45 +0000 (16:18 +0000)]
Wrong include path

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3700 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoUpdate function directory to rg=0.
kink [Sat, 21 Sep 2002 15:59:32 +0000 (15:59 +0000)]
Update function directory to rg=0.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3699 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoStart some register_globals = off fixes:
kink [Sat, 21 Sep 2002 14:57:32 +0000 (14:57 +0000)]
Start some register_globals = off fixes:
Login, logout, and folder manipulation are now possible with rg=0. More to come.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3698 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoSpanish Update
philippe_mingo [Fri, 20 Sep 2002 12:54:11 +0000 (12:54 +0000)]
Spanish Update

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3697 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoMain po update
philippe_mingo [Fri, 20 Sep 2002 12:25:00 +0000 (12:25 +0000)]
Main po update

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3696 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoArray index off by 1
kink [Wed, 18 Sep 2002 13:21:14 +0000 (13:21 +0000)]
Array index off by 1

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3695 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agofix undefined var
stekkel [Wed, 18 Sep 2002 12:55:09 +0000 (12:55 +0000)]
fix undefined var

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3694 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoHernan's email change
philippe_mingo [Wed, 18 Sep 2002 07:27:07 +0000 (07:27 +0000)]
Hernan's email change

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3693 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agomore noselect fixes
robsiemb [Tue, 17 Sep 2002 20:57:13 +0000 (20:57 +0000)]
more noselect fixes

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3692 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agodon't STATUS a mailbox that isn't selectable
robsiemb [Tue, 17 Sep 2002 20:48:06 +0000 (20:48 +0000)]
don't STATUS a mailbox that isn't selectable

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3691 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoFix for data_dir relative path location (also corrects relative paths for themes...
sizzlingmercury [Tue, 17 Sep 2002 15:12:14 +0000 (15:12 +0000)]
Fix for data_dir relative path location (also corrects relative paths for themes, attach_dir, signature_page, and org_logo). Similar fix is still required in administration plugin in order for relative paths to be completely resolved.

This change to conf.pl does not create any incompatibility with previous versions, so I did not change the level - let me know if we should.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3690 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoRemoved someone's debug message.
thomppj [Mon, 16 Sep 2002 21:27:58 +0000 (21:27 +0000)]
Removed someone's debug message.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3689 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agofix for forward as attachment from the messagelist
stekkel [Mon, 16 Sep 2002 20:04:00 +0000 (20:04 +0000)]
fix for forward as attachment from the messagelist

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3688 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoFix for forward as attachment. (Make use of composeMessage)
stekkel [Mon, 16 Sep 2002 19:58:53 +0000 (19:58 +0000)]
Fix for forward as attachment. (Make use of composeMessage)

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3687 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agosomehow url vars with &amp are not picked up by PHP
stekkel [Mon, 16 Sep 2002 17:05:35 +0000 (17:05 +0000)]
somehow url vars with &amp are not picked up by PHP

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3686 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoredirect fixes
stekkel [Mon, 16 Sep 2002 17:02:22 +0000 (17:02 +0000)]
redirect fixes

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3685 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agofixed warnings
stekkel [Mon, 16 Sep 2002 12:11:19 +0000 (12:11 +0000)]
fixed warnings

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3684 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoXSS fix based on Jason's fix
philippe_mingo [Sat, 14 Sep 2002 00:15:49 +0000 (00:15 +0000)]
XSS fix based on Jason's fix

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3666 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years ago4) XSS in help.php:
philippe_mingo [Fri, 13 Sep 2002 23:57:51 +0000 (23:57 +0000)]
4) XSS in help.php:

http://<VULNERABLE
SITE>.net/webmail/src/help.php?chapter=<script>alert('boop!')</script>

Based on Jason's fix.

Also include a nasty i18n bugfix

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3665 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoTime to stop coding for tonight. Making this kind of terrible bugs is bad.
stekkel [Fri, 13 Sep 2002 21:47:39 +0000 (21:47 +0000)]
Time to stop coding for tonight. Making this kind of terrible bugs is bad.
Thnx Seth Randall for noticing it.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3664 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agouid fix
stekkel [Fri, 13 Sep 2002 21:15:41 +0000 (21:15 +0000)]
uid fix

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3663 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoRemove redundant spaces around the login.. this prevents prefs files like "thijs...
kink [Fri, 13 Sep 2002 17:23:30 +0000 (17:23 +0000)]
Remove redundant spaces around the login.. this prevents prefs files like "thijs .pref" to be created.
Can't think what would be broken by this but please report/fix if so.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3657 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoadded unsave tags (commited to stable by Konstantin)
stekkel [Fri, 13 Sep 2002 17:22:46 +0000 (17:22 +0000)]
added unsave tags (commited to stable by Konstantin)

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3656 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years ago5) XSS in addressbook (different):
philippe_mingo [Fri, 13 Sep 2002 08:55:52 +0000 (08:55 +0000)]
5) XSS in addressbook (different):

Manually entered nicks, email addresses, first names, last names, and
info sections in the addressbook are not filtered so script can be
placed and executed through them the next time the page is viewed.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3653 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years ago_MAIN_ Exploit:
philippe_mingo [Fri, 13 Sep 2002 08:26:30 +0000 (08:26 +0000)]
_MAIN_ Exploit:

The XSS hole I developed the most is in addressbook.php. I was able to
inject and execute javascript code and after opening the addressbook
page there was no indication that I had changed anything (after
entering the HTML comment tags to get rid of some hanging code that my
javascript had made text).

The URL I crafted for the exploit is as follows:

http://<VULNERABLE
SITE>.net/webmail/src/addressbook.php?"><script>alert(document.cookie)</script><!--

If you execute the code without the HTML comment tag on the end it
leaves a nasty hanging bit of HTML code which is a clear indication
that something has gone awry to many users (however some may ignore it
as they don't understand it).

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3652 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years ago_OTHER_ Holes:
philippe_mingo [Fri, 13 Sep 2002 08:11:11 +0000 (08:11 +0000)]
_OTHER_ Holes:

1) This will reveal the path to PHP directory and other...maybe
interesting to someone, I didn't really care but decided to include
it. The problem is in options.php.

http://<VULNERABLE
SITE>.net/webmail/src/options.php?optpage=<script>alert('boop!')</script>

it returns the following on the page for the server I tested:

Fatal error: Failed opening required ''
(include_path='.:/php/includes:/usr/share/php') in
/var/www/squirrelmail/src/options.php on line 172

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3651 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoPutting back SM_PATH the way it should be and eliminating chdir in the
thomppj [Thu, 12 Sep 2002 22:24:01 +0000 (22:24 +0000)]
Putting back SM_PATH the way it should be and eliminating chdir in the
plugins.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3649 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoNeed chdir in plugins when data_dir is relative
indiri69 [Thu, 12 Sep 2002 18:47:06 +0000 (18:47 +0000)]
Need chdir in plugins when data_dir is relative

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3648 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoRemove SM_PATH from prefs file path
indiri69 [Thu, 12 Sep 2002 18:15:40 +0000 (18:15 +0000)]
Remove SM_PATH from prefs file path

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3647 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoClaus Jensen & Kent B. Hansen
philippe_mingo [Thu, 12 Sep 2002 09:42:51 +0000 (09:42 +0000)]
Claus Jensen & Kent B. Hansen

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3645 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoRemove unused graphics file.
kink [Wed, 11 Sep 2002 15:57:20 +0000 (15:57 +0000)]
Remove unused graphics file.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3643 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoSM_PATH fix
stekkel [Wed, 11 Sep 2002 07:56:37 +0000 (07:56 +0000)]
SM_PATH fix

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3642 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoMessage details seems to work without chdir now.
indiri69 [Tue, 10 Sep 2002 22:48:33 +0000 (22:48 +0000)]
Message details seems to work without chdir now.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3641 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoMore SM_PATH changes
indiri69 [Tue, 10 Sep 2002 22:35:30 +0000 (22:35 +0000)]
More SM_PATH changes

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3640 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoJavascript detection no longer requires SquirrelSpell.
indiri69 [Tue, 10 Sep 2002 21:10:17 +0000 (21:10 +0000)]
Javascript detection no longer requires SquirrelSpell.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3639 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoSM_PATH fix
indiri69 [Tue, 10 Sep 2002 17:55:14 +0000 (17:55 +0000)]
SM_PATH fix

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3638 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoif I don't do a chdir('..') required files in required files failed to
stekkel [Tue, 10 Sep 2002 12:29:50 +0000 (12:29 +0000)]
if I don't do a chdir('..') required files in required files failed to
include because SMPATH is defined relative.
Paul, I don't know what you have in mind with de SMPATH definition but it
doesn't work for plugins.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3637 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoEliminated all eveil chdir statements.
thomppj [Mon, 9 Sep 2002 22:41:46 +0000 (22:41 +0000)]
Eliminated all eveil chdir statements.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3635 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoSome code cleanups to read_body.php
indiri69 [Mon, 9 Sep 2002 22:01:06 +0000 (22:01 +0000)]
Some code cleanups to read_body.php

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3634 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoMake directories unbrowsable.
kink [Mon, 9 Sep 2002 17:25:05 +0000 (17:25 +0000)]
Make directories unbrowsable.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3633 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoFix HTML-compliance here and there.
kink [Sun, 8 Sep 2002 15:04:47 +0000 (15:04 +0000)]
Fix HTML-compliance here and there.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3618 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoDo not parse Message-ID as emailaddress.
kink [Sun, 8 Sep 2002 14:54:06 +0000 (14:54 +0000)]
Do not parse Message-ID as emailaddress.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3617 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoFix a bunch of plugins to cope with moved load_prefs/validate files.
kink [Sun, 8 Sep 2002 14:15:25 +0000 (14:15 +0000)]
Fix a bunch of plugins to cope with moved load_prefs/validate files.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3616 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoBetter error messages: for some reason, the strings weren't used to report the error?
kink [Sun, 8 Sep 2002 13:37:02 +0000 (13:37 +0000)]
Better error messages: for some reason, the strings weren't used to report the error?
Now they are. This eliminates a subset of the "You must be logged in.." error messages by
giving the admin a clue as to what's going wrong.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3614 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoarray_key_exists() only exists in PHP 4 >= 4.1.0
indiri69 [Sat, 7 Sep 2002 21:44:10 +0000 (21:44 +0000)]
array_key_exists() only exists in PHP 4 >= 4.1.0

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3612 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoFixed some string issues.
indiri69 [Sat, 7 Sep 2002 18:40:49 +0000 (18:40 +0000)]
Fixed some string issues.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3607 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoAdded require_once for filters.php
indiri69 [Sat, 7 Sep 2002 01:38:31 +0000 (01:38 +0000)]
Added require_once for filters.php

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3605 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoFixed validate.php require
indiri69 [Fri, 6 Sep 2002 22:04:17 +0000 (22:04 +0000)]
Fixed validate.php require

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3604 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoArgg
stekkel [Fri, 6 Sep 2002 17:47:32 +0000 (17:47 +0000)]
Argg

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3603 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agofix for never ending while loop
stekkel [Fri, 6 Sep 2002 17:44:29 +0000 (17:44 +0000)]
fix for never ending while loop

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3602 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoSMPATH BORKED everything
stekkel [Fri, 6 Sep 2002 17:24:31 +0000 (17:24 +0000)]
SMPATH BORKED everything

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3601 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoalmost forgot: SMPATH fixes from Paul BORKED spamcop
stekkel [Fri, 6 Sep 2002 17:23:11 +0000 (17:23 +0000)]
almost forgot: SMPATH fixes from Paul BORKED spamcop

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3600 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoSMPATH fix
stekkel [Fri, 6 Sep 2002 17:21:53 +0000 (17:21 +0000)]
SMPATH fix

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3599 7612ce4b-ef26-0410-bec9-ea0150e637f0

22 years agoSMPATH fix
stekkel [Fri, 6 Sep 2002 17:12:17 +0000 (17:12 +0000)]
SMPATH fix

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@3598 7612ce4b-ef26-0410-bec9-ea0150e637f0