4) XSS in help.php:

[squirrelmail.git] / src / draft_actions.php

diff --git a/src/draft_actions.php b/src/draft_actions.php
index be49d2a6c780b1b27621074a8bc32051f7c12d9f..3709b7327c0efbe2f140ea99533dbd21c0751360 100644 (file)
--- a/src/draft_actions.php
+++ b/src/draft_actions.php
@@ -9,7 +9,11 @@
  * $Id$
  */
 
-require_once ('../src/validate.php');
+/* Path for SquirrelMail required files. */
+define('SM_PATH','../');
+
+/* SquirrelMail required files. */
+require_once(SM_PATH . 'include/validate.php');
 
 /* Print all the needed RFC822 headers */
 function write822HeaderForDraft ($fp, $t, $c, $b, $subject, $more_headers, $session) {
@@ -162,7 +166,7 @@ function saveMessageAsDraft($t, $c, $b, $subject, $body, $reply_id, $prio = 3, $
          $tmpDraftFile = "draft-" . GenerateRandomString(32, '', 7);
          $full_tmpDraftFile = "$hashed_attachment_dir/$tmpDraftFile";
     }
-    $fp = fopen($full_tmpDraftFile, 'w');
+    $fp = fopen($full_tmpDraftFile, 'wb');
 
     $headerlength = write822HeaderForDraft
         ($fp, $t, $c, $b, $subject, $more_headers, $session);
@@ -187,6 +191,5 @@ function saveMessageAsDraft($t, $c, $b, $subject, $body, $reply_id, $prio = 3, $
     }
     return $length;
 }
-?>
-
 
+?>