From 9b761dbdd92259ef09affe9b8f8b62362d0d7bb2 Mon Sep 17 00:00:00 2001 From: kink Date: Fri, 6 Dec 2002 16:42:12 +0000 Subject: [PATCH] XXS fixes, as in stable git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@4215 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- functions/imap_general.php | 13 +++++++------ functions/imap_messages.php | 24 ++++++++++++------------ functions/imap_search.php | 2 +- src/delete_message.php | 16 ++++++++-------- src/download.php | 9 ++------- src/image.php | 6 +++--- src/printer_friendly_bottom.php | 3 +-- src/printer_friendly_main.php | 4 ++-- src/read_body.php | 20 ++++++++++---------- src/right_main.php | 16 ++++++++-------- src/vcard.php | 6 +++--- 11 files changed, 57 insertions(+), 62 deletions(-) diff --git a/functions/imap_general.php b/functions/imap_general.php index 7efb9736..ab732315 100755 --- a/functions/imap_general.php +++ b/functions/imap_general.php @@ -151,10 +151,10 @@ function sqimap_read_data_list ($imap_stream, $pre, $handle_errors, &$response, $string = "\n" . _("ERROR : Could not complete request.") . "
\n" . - _("Query:") . - $query . '
' . + _("Query:") . ' ' . + htmlspecialchars($query) . '
' . _("Reason Given: ") . - $message . "

\n"; + htmlspecialchars($message) . "
\n"; error_box($string,$color); exit; } @@ -165,10 +165,10 @@ function sqimap_read_data_list ($imap_stream, $pre, $handle_errors, &$response, $string = "\n" . _("ERROR : Bad or malformed request.") . "
\n" . - _("Query:") . - $query . '
' . + _("Query:") . ' '. + htmlspecialchars($query) . '
' . _("Server responded: ") . - $message . "

\n"; + htmlspecialchars($message) . "
\n"; error_box($string,$color); exit; } @@ -286,6 +286,7 @@ function sqimap_login ($username, $password, $imap_server_address, $imap_port, $ if (!$hide) { if ($response != 'NO') { /* "BAD" and anything else gets reported here. */ + $message = htmlspecialchars($message); set_up_language($squirrelmail_language, true); require_once(SM_PATH . 'functions/display_messages.php'); if ($response == 'BAD') { diff --git a/functions/imap_messages.php b/functions/imap_messages.php index d4d754d9..cd1ee593 100755 --- a/functions/imap_messages.php +++ b/functions/imap_messages.php @@ -460,14 +460,14 @@ function sqimap_get_small_header_list ($imap_stream, $msg_list) { _("ERROR : Could not complete request.") . '
' . _("Unknown response from IMAP server: ") . ' 1.' . - $r[0] . "
\n"; + htmlspecialchars($r[0]) . "
\n"; } else if (! isset($id2index[$regs[1]]) || !count($id2index[$regs[1]])) { set_up_language($squirrelmail_language); echo '
' . _("ERROR : Could not complete request.") . '
' . _("Unknown message number in reply from server: ") . - $regs[1] . "

\n"; + htmlspecialchars($regs[1]) . "
\n"; } else { $read_list[$id2index[$regs[1]]] = $r; } @@ -478,14 +478,14 @@ function sqimap_get_small_header_list ($imap_stream, $msg_list) { _("ERROR : Could not complete request.") . '
' . _("Unknown response from IMAP server: ") . ' 1.' . - $r[0] . "
\n"; + htmlspecialchars($r[0]) . "
\n"; } else if (! isset($id2index[$regs[2]]) || !count($id2index[$regs[2]])) { set_up_language($squirrelmail_language); echo '
' . _("ERROR : Could not complete request.") . '
' . _("Unknown message number in reply from server: ") . - $regs[2] . "

\n"; + htmlspecialchars($regs[2]) . "
\n"; } else { $read_list[$id2index[$regs[2]]] = $r; $unique_id = $regs[2]; @@ -509,13 +509,13 @@ function sqimap_get_small_header_list ($imap_stream, $msg_list) { $subject = _("(no subject)"); $from = _("Unknown Sender"); $priority = 0; - $messageid = "<>"; - $cc = ""; - $to = ""; - $date = ""; - $type[0] = ""; - $type[1] = ""; - $inrepto = ""; + $messageid = '<>'; + $cc = ''; + $to = ''; + $date = ''; + $type[0] = ''; + $type[1] = ''; + $inrepto = ''; $flag_seen = false; $flag_answered = false; $flag_deleted = false; @@ -536,7 +536,7 @@ function sqimap_get_small_header_list ($imap_stream, $msg_list) { $tmpdate = str_replace(' ',' ',$tmpdate); $tmpdate = explode(' ',$tmpdate); $date = str_replace('-',' ',$tmpdate[0]) . " " . - $tmpdate[1] . " " . + $tmpdate[1] . ' ' . $tmpdate[2]; } } diff --git a/functions/imap_search.php b/functions/imap_search.php index 934bce16..52731ab6 100644 --- a/functions/imap_search.php +++ b/functions/imap_search.php @@ -102,7 +102,7 @@ function sqimap_search($imapConnection, $search_where, $search_what, $mailbox, if (strstr($errors,'* SEARCH')) { return array(); } - echo ""; + echo ''; } diff --git a/src/delete_message.php b/src/delete_message.php index 8a5657c8..fc281fdd 100644 --- a/src/delete_message.php +++ b/src/delete_message.php @@ -27,19 +27,19 @@ $message = $_GET['message']; $mailbox = $_GET['mailbox']; if (isset($_GET['saved_draft'])) { - $saved_draft = $_GET['saved_draft']; + $saved_draft = urlencode($_GET['saved_draft']); } if (isset($_GET['mail_sent'])) { - $mail_sent = $_GET['mail_sent']; + $mail_sent = urlencode($_GET['mail_sent']); } -$sort = $_GET['sort']; -$startMessage = $_GET['startMessage']; +$sort = (int) $_GET['sort']; +$startMessage = (int) $_GET['startMessage']; if(isset($_GET['where'])) { - $where = $_GET['where']; + $where = urlencode($_GET['where']); } if(isset($_GET['what'])) { - $what = $_GET['what']; + $what = urlencode($_GET['what']); } $imapConnection = sqimap_login($username, $key, $imapServerAddress, $imapPort, 0); @@ -61,8 +61,8 @@ if (!isset($mail_sent)) { $location = get_location(); if (isset($where) && isset($what)) { - header("Location: $location/search.php?where=" . urlencode($where) . - '&what=' . urlencode($what) . '&mailbox=' . urlencode($mailbox)); + header("Location: $location/search.php?where=" . $where . + '&what=' . $what . '&mailbox=' . urlencode($mailbox)); } else { if (!empty($saved_draft) || !empty($mail_sent)) { header("Location: $location/compose.php?mail_sent=$mail_sent&saved_draft=$saved_draft"); diff --git a/src/download.php b/src/download.php index 0ca78cf0..fcc6e912 100644 --- a/src/download.php +++ b/src/download.php @@ -29,14 +29,9 @@ $key = $_COOKIE['key']; $username = $_SESSION['username']; $onetimepad = $_SESSION['onetimepad']; $mailbox = $_GET['mailbox']; -$passed_id = $_GET['passed_id']; +$passed_id = (int) $_GET['passed_id']; $ent_id = $_GET['ent_id']; $messages = $_SESSION['messages']; -if (isset($_GET['passed_ent_id'])) { - $passed_ent_id = $_GET['passed_ent_id']; -} else { - $passed_ent_id = ''; -} if (isset($_GET['absolute_dl'])) { $absolute_dl = $_GET['absolute_dl']; @@ -105,7 +100,7 @@ if (strlen($filename) < 1) { } if (strlen($filename) < 1) { - $filename = "untitled$ent_id.$suffix"; + $filename = 'untitled'.strip_tags($ent_id).$suffix; } else { $filename = "$filename.$suffix"; } diff --git a/src/image.php b/src/image.php index b695b5d3..73ceb6f7 100644 --- a/src/image.php +++ b/src/image.php @@ -25,7 +25,7 @@ displayPageHeader($color, 'None'); /* globals */ $mailbox = $_GET['mailbox']; -$passed_id = $_GET['passed_id']; +$passed_id = (int) $_GET['passed_id']; $ent_id = $_GET['ent_id']; $QUERY_STRING = $_SERVER['QUERY_STRING']; /* end globals */ @@ -37,14 +37,14 @@ echo '
' . '
' . _("Viewing an image attachment") . " - "; -$msg_url = 'read_body.php?' . $QUERY_STRING; +$msg_url = 'read_body.php?' . urlencode(strip_tags(urldecode($QUERY_STRING))); $msg_url = set_url_var($msg_url, 'ent_id', 0); echo ''. _("View message") . ''; $DownloadLink = '../src/download.php?passed_id=' . $passed_id . '&mailbox=' . urlencode($mailbox) . - '&ent_id=' . $ent_id . '&absolute_dl=true'; + '&ent_id=' . urlencode($ent_id) . '&absolute_dl=true'; echo '' . "\n" . '' . diff --git a/src/printer_friendly_bottom.php b/src/printer_friendly_bottom.php index 2f0839d8..b0f91071 100644 --- a/src/printer_friendly_bottom.php +++ b/src/printer_friendly_bottom.php @@ -31,8 +31,7 @@ $key = $_COOKIE['key']; $username = $_SESSION['username']; $onetimepad = $_SESSION['onetimepad']; -$passed_ent_id = $_GET['passed_ent_id']; -$passed_id = $_GET['passed_id']; +$passed_id = (int) $_GET['passed_id']; $mailbox = $_GET['mailbox']; /* end globals */ diff --git a/src/printer_friendly_main.php b/src/printer_friendly_main.php index f5029b6e..fd62ebc5 100644 --- a/src/printer_friendly_main.php +++ b/src/printer_friendly_main.php @@ -20,14 +20,14 @@ displayHtmlHeader( _("Printer Friendly"), '', FALSE ); /* get those globals into gear */ $passed_ent_id = $_GET['passed_ent_id']; -$passed_id = $_GET['passed_id']; +$passed_id = (int) $_GET['passed_id']; $mailbox = $_GET['mailbox']; /* end globals */ echo "\n". "". '". "\n". diff --git a/src/read_body.php b/src/read_body.php index ce813fb6..1948ed5f 100644 --- a/src/read_body.php +++ b/src/read_body.php @@ -644,10 +644,10 @@ $base_uri = $_SESSION['base_uri']; $delimiter = $_SESSION['delimiter']; if (isset($_GET['passed_id'])) { - $passed_id = $_GET['passed_id']; + $passed_id = (int) $_GET['passed_id']; } elseif (isset($_POST['passed_id'])) { - $passed_id = $_POST['passed_id']; + $passed_id = (int) $_POST['passed_id']; } if (isset($_GET['passed_ent_id'])) { @@ -662,25 +662,25 @@ if (isset($_GET['sendreceipt'])) { } if (isset($_GET['sort'])) { - $sort = $_GET['sort']; + $sort = (int) $_GET['sort']; } elseif (isset($_POST['sort'])) { - $sort = $_POST['sort']; + $sort = (int) $_POST['sort']; } if (isset($_GET['startMessage'])) { - $startMessage = $_GET['startMessage']; + $startMessage = (int) $_GET['startMessage']; } elseif (isset($_POST['startMessage'])) { - $startMessage = $_POST['startMessage']; + $startMessage = (int) $_POST['startMessage']; } if (isset($_GET['show_more'])) { - $show_more = $_GET['show_more']; + $show_more = (int) $_GET['show_more']; } if (isset($_GET['show_more_cc'])) { - $show_more_cc = $_GET['show_more_cc']; + $show_more_cc = (int) $_GET['show_more_cc']; } if (isset($_GET['show_more_bcc'])) { - $show_more_bcc = $_GET['show_more_bcc']; + $show_more_bcc = (int) $_GET['show_more_bcc']; } if (isset($_GET['mailbox'])) { $mailbox = $_GET['mailbox']; @@ -695,7 +695,7 @@ if (isset($_GET['what'])) { $what = $_GET['what']; } if (isset($_GET['view_hdr'])) { - $view_hdr = $_GET['view_hdr']; + $view_hdr = (int) $_GET['view_hdr']; } if (isset($_SESSION['server_sort_array'])) { $server_sort_array = $_SESSION['server_sort_array']; diff --git a/src/right_main.php b/src/right_main.php index ef9be5e3..ca0a4fbe 100644 --- a/src/right_main.php +++ b/src/right_main.php @@ -48,9 +48,9 @@ $base_uri = $_SESSION['base_uri']; $delimiter = $_SESSION['delimiter']; if (isset($_GET['startMessage'])) { - $startMessage = $_GET['startMessage']; + $startMessage = (int) $_GET['startMessage']; } elseif (isset($_POST['startMessage'])) { - $startMessage = $_POST['startMessage']; + $startMessage = (int) $_POST['startMessage']; } if (isset($_GET['mailbox'])) { $mailbox = $_GET['mailbox']; @@ -58,16 +58,16 @@ if (isset($_GET['mailbox'])) { $mailbox = $_POST['mailbox']; } if (isset($_GET['PG_SHOWNUM'])) { - $PG_SHOWNUM = $_GET['PG_SHOWNUM']; + $PG_SHOWNUM = (int) $_GET['PG_SHOWNUM']; } elseif (isset($_SESSION['PG_SHOWNUM'])) { - $PG_SHOWNUM = $_SESSION['PG_SHOWNUM']; + $PG_SHOWNUM = (int) $_SESSION['PG_SHOWNUM']; } if (isset($_GET['PG_SHOWALL'])) { - $PG_SHOWALL = $_GET['PG_SHOWALL']; + $PG_SHOWALL = (int) $_GET['PG_SHOWALL']; } if (isset($_GET['newsort'])) { - $newsort = $_GET['newsort']; + $newsort = (int) $_GET['newsort']; } if (isset($_GET['composenew'])) { $composenew = $_GET['composenew']; @@ -76,10 +76,10 @@ if (isset($_GET['composenew'])) { } if (isset($_GET['checkall'])) { - $checkall = $_GET['checkall']; + $checkall = (int) $_GET['checkall']; } if (isset($_GET['set_thread'])) { - $set_thread = $_GET['set_thread']; + $set_thread = (int) $_GET['set_thread']; } if (isset($_SESSION['lastTargetMailbox'])) { $lastTargetMailbox =$_SESSION['lastTargetMailbox']; diff --git a/src/vcard.php b/src/vcard.php index b242a68f..639097ee 100644 --- a/src/vcard.php +++ b/src/vcard.php @@ -26,7 +26,7 @@ $key = $_COOKIE['key']; $username = $_SESSION['username']; $onetimepad = $_SESSION['onetimepad']; $mailbox = decodeHeader($_GET['mailbox']); -$passed_id = $_GET['passed_id']; +$passed_id = (int) $_GET['passed_id']; $ent_id = $_GET['ent_id']; $passed_ent_id = $_GET['passed_ent_id']; $QUERY_STRING = $_SERVER['QUERY_STRING']; @@ -43,7 +43,7 @@ echo '
' . '
' . _("Viewing a Business Card") . " - "; -$msg_url = 'read_body.php?' . $QUERY_STRING; +$msg_url = 'read_body.php?' . urlencode(strip_tags(urldecode($QUERY_STRING))); $msg_url = set_url_var($msg_url, 'ent_id', 0); echo ''. _("View message") . ''; @@ -201,7 +201,7 @@ echo '' . '
' . '' . + '&passed_ent_id=' . urlencode($passed_ent_id) . '">' . _("Download this as a file") . '' . '
' . -- 2.25.1