projects / squirrelmail.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix XSS holes in generic options inputs, XSS hole in the SquirrelSpell plugin, and...
[squirrelmail.git] / functions / options.php
diff --git a/functions/options.php b/functions/options.php
index 0935ebf80debac47483467c66ce8f6b88c04c954..a09f3a2e41840e2ec3917780c912b3ab21303f37 100644 (file)
--- a/functions/options.php
+++ b/functions/options.php
@@ -831,6 +831,21 @@ function save_option($option) {
         return;
     }
 
+    // if the widget is a selection list, make sure the new
+    // value is actually in the selection list and is not an
+    // injection attack
+    //
+    if ($option->type == SMOPT_TYPE_STRLIST
+     && !array_key_exists($option->new_value, $option->possible_values))
+        return;
+
+
+    // all other widgets except TEXTAREAs should never be allowed to have newlines
+    //
+    else if ($option->type != SMOPT_TYPE_TEXTAREA)
+        $option->new_value = str_replace(array("\r", "\n"), '', $option->new_value);
+
+
     global $data_dir;
 
     // edit lists: first add new elements to list, then
Unnamed repository; edit this file 'description' to name the repository.