From fa62b05482596e12cfcb4d7b624c2d01b29edd2f Mon Sep 17 00:00:00 2001
From: jangliss <jangliss@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Tue, 1 Nov 2005 06:23:36 +0000
Subject: [PATCH] Security: XSS issue in search.php originally reported in
 stable before 1.4.5 final release, but appears to have been overlooked here.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@10216 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 ChangeLog      | 2 ++
 src/search.php | 8 ++++----
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 07f2c5a3..5526ba12 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -461,6 +461,8 @@ Version 1.5.1 -- CVS
   - If you don't have any filters defined, and spam filters are disabled, no
     point issuing a STATUS call on INBOX for the filters plugin.
   - Added folder filtering controls to SMOPT_TYPE_FLDRLIST option widget. 
+  - Security: Fixed possible XSS issue in search feature.  Issue was
+    originally resolved in stable, but changes not migrated forward.
 
 Version 1.5.0 - 2 February 2004
 -------------------------------
diff --git a/src/search.php b/src/search.php
index 526c0035..4e108cfa 100644
--- a/src/search.php
+++ b/src/search.php
@@ -505,7 +505,7 @@ function asearch_get_query_display(&$color, &$mailbox_array, &$biop_array, &$uno
                 $cur_mailbox = 'INBOX';
             $biop = asearch_nz($biop_array[$crit_num]);
             if (($query_display == '') || ($cur_mailbox != $last_mailbox)) {
-                $mailbox_display = ' <b>' . asearch_get_mailbox_display($cur_mailbox) . '</b>';
+                $mailbox_display = ' <b>' . htmlspecialchars(asearch_get_mailbox_display($cur_mailbox)) . '</b>';
                 if ($query_display == '')
                     $biop_display = _("In");
                 else
@@ -714,7 +714,7 @@ function asearch_mailbox_exists($mailbox, &$boxes)
 function asearch_get_form_mailbox($imapConnection, &$boxes, $mailbox, $row_num = 0)
 {
     if (($mailbox != 'All Folders') && (!asearch_mailbox_exists($mailbox, $boxes))) {
-        $missing = asearch_opt($mailbox, $mailbox, '[' . _("Missing") . '] ' . asearch_get_mailbox_display($mailbox));
+        $missing = asearch_opt($mailbox, $mailbox, '[' . _("Missing") . '] ' . htmlspecialchars(asearch_get_mailbox_display($mailbox)));
     } else {
         $missing = '';
     }
@@ -1625,7 +1625,7 @@ if ($submit == $search_button_text) {
                             $mailbox_display = imap_utf7_decode_local($mbx);
                         }
 
-                        echo '<br /><b><big>' . _("Folder:") . ' '. $mailbox_display . '&nbsp;</big></b>';
+                        echo '<br /><b><big>' . _("Folder:") . ' '. htmlspecialchars($mailbox_display) . '&nbsp;</big></b>';
 
                         $oTemplate->display('message_list.tpl');
                     }
@@ -1647,4 +1647,4 @@ sqimap_logout($imapConnection);
 echo '</body></html>';
 sqsession_register($mailbox_cache,'mailbox_cache');
 
-?>
\ No newline at end of file
+?>
-- 
2.25.1