4) XSS in help.php:

[squirrelmail.git] / src / help.php

diff --git a/src/help.php b/src/help.php
index f83bc0881be7755223cfd8f283d279ddc5ea5d07..88b92f197c116fcca25400aa117bf16e730957e4 100644 (file)
--- a/src/help.php
+++ b/src/help.php
@@ -11,10 +11,14 @@
  * $Id$
  */
 
-require_once('../src/validate.php');
-require_once('../functions/display_messages.php');
-require_once('../functions/imap.php');
-require_once('../functions/array.php');
+/* Path for SquirrelMail required files. */
+define('SM_PATH','../');
+
+/* SquirrelMail required files. */
+require_once(SM_PATH . 'include/validate.php');
+require_once(SM_PATH . 'functions/display_messages.php');
+require_once(SM_PATH . 'functions/imap.php');
+require_once(SM_PATH . 'functions/array.php');
 
 displayPageHeader($color, 'None' );
 
@@ -37,6 +41,7 @@ $helpdir[8] = 'FAQ.hlp';
  */
 
 function get_info($doc, $pos) {
+
     for ($n=$pos; $n < count($doc); $n++) {
         if (trim(strtolower($doc[$n])) == '<chapter>'
             || trim(strtolower($doc[$n])) == '<section>') {
@@ -66,30 +71,30 @@ function get_info($doc, $pos) {
             }
             if (isset($ary)) {
                 $ary[3] = $n;
-                return $ary;
             } else {
-                $ary[0] = 'ERROR: Help files are not in the right format!';
-                $ary[1] = 'ERROR: Help files are not in the right format!';
-                $ary[2] = 'ERROR: Help files are not in the right format!';
-                return $ary;
+                $ary[0] = _("ERROR: Help files are not in the right format!");
+                $ary[1] = $ary[0];
+                $ary[2] = $ary[0];
             }
+           return( $ary );
         }
     }
-    $ary[0] = 'ERROR: Help files are not in the right format!';
-    $ary[1] = 'ERROR: Help files are not in the right format!';
-    return $ary;
+    
+    $ary[0] = _("ERROR: Help files are not in the right format!");
+    $ary[1] = $ary[0];
+
+    return( $ary );
 }
 
 /**************[ END HELP FUNCTIONS ]******************/
 
 
 
-echo '<br>' .
-    html_tag( 'table',
+echo html_tag( 'table',
         html_tag( 'tr',
             html_tag( 'td','<center><b>' . _("Help") .'</b></center>', 'center', $color[0] )
         ) ,
-    'center', '', 'width="95%" cellpadding="2" cellspacing="2" border="0"' );
+    'center', '', 'width="95%" cellpadding="1" cellspacing="2" border="0"' );
 
 do_hook("help_top");
 
@@ -160,9 +165,13 @@ if ($help_exists == true) {
         $chapter = 3;
     } else if ($context == 'search'){
         $chapter = 8;
+    } else if ( isset( $_GET['chapter'] ) ) {
+       $chapter = intval( $_GET['chapter']);
+    } else {
+       $chapter = 0;
     }
 
-    if (!isset($chapter)) {
+    if ( $chapter == 0 || !isset( $helpdir[$chapter] ) ) {
         echo html_tag( 'table', '', 'center', '', 'cellpadding="0" cellspacing="0" border="0"' );
                    html_tag( 'tr' ) .
                         html_tag( 'td' ) .