From 6c1feae608b167bdc3a6d000df9fd2c87873b339 Mon Sep 17 00:00:00 2001
From: gustavf <gustavf@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Mon, 16 Apr 2001 08:48:25 +0000
Subject: [PATCH] Added security patch

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@1229 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 src/options_order.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/options_order.php b/src/options_order.php
index ffa70ac1..670a5489 100644
--- a/src/options_order.php
+++ b/src/options_order.php
@@ -81,6 +81,10 @@
          include ('../src/load_prefs.php');
       }
    } else if ($method == 'add' && $add) {
+      // User should not be able to insert PHP-code here
+      $add = str_replace ('<?', '..', $add);
+      $add = ereg_replace ('<.*script.*language.*php.*>', '..', $add);
+      $add = str_replace ('<%', '..', $add);
       $index_order[count($index_order)+1] = $add;
    }
 
-- 
2.25.1