From f5a2d7b40d304b6d68f7cf33b3a525b59c7d2869 Mon Sep 17 00:00:00 2001
From: jangliss <jangliss@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Fri, 3 Mar 2006 03:39:18 +0000
Subject: [PATCH]   - Security: Possible cookie theft in src/redirect.php if   
  register_globals is enabled, and malicous site is running     in same
 domain.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@10851 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 ChangeLog             | 3 +++
 functions/strings.php | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index f8825386..3b18f233 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,9 @@ Version 1.5.2 - CVS
   - Fixed View as HTML link so it doesn't forget it was part of a seach result.
   - Don't use delimiter in IMAP subscription command, when noselect folder is
     created.
+  - Security: Possible cookie theft in src/redirect.php if 
+    register_globals is enabled, and malicous site is running
+    in same domain.
   
 	
 Version 1.5.1 (branched on 2006-02-12)
diff --git a/functions/strings.php b/functions/strings.php
index a830024f..613f342c 100644
--- a/functions/strings.php
+++ b/functions/strings.php
@@ -497,7 +497,7 @@ function sqm_baseuri(){
     /**
      * If it is in the session, just return it.
      */
-    if (isset($base_uri)){
+    if (sqgetGlobalVar('base_uri',$base_uri,SQ_SESSION)){
         return $base_uri;
     }
     $dirs = array('|src/.*|', '|plugins/.*|', '|functions/.*|');
-- 
2.25.1