Another XSS problem, carefully constructed X-Mailer header would result in

[squirrelmail.git] / src / redirect.php

diff --git a/src/redirect.php b/src/redirect.php
index 8ca31543df2d35a8fc0412d82138b6589a4f00eb..ad0d31de6149f79afddb51c34c64e105dbfff6f1 100644 (file)
--- a/src/redirect.php
+++ b/src/redirect.php
@@ -4,7 +4,7 @@
 * redirect.php
 * Derived from webmail.php by Ralf Kraudelt <kraude@wiwi.uni-rostock.de>
 *
-* Copyright (c) 1999-2002 The SquirrelMail Project Team
+* Copyright (c) 1999-2003 The SquirrelMail Project Team
 * Licensed under the GNU GPL. For full terms see the file COPYING.
 *
 * Prevents users from reposting their form data after a successful logout.
@@ -154,23 +154,18 @@ if ($javascript_setting != SMPREF_JS_ON){
 setPref($data_dir, $username, 'javascript_on', $js_pref);
 
 /* Compute the URL to forward the user to. */
-    if (isset($_SESSION['session_expired_location'])) {
-       $session_expired_location= $_SESSION['session_expired_location'];
-    } else {
-       $session_expired_location=false;
-    }
-    if (isset($session_expired_location) && $session_expired_location) {
-       $compose_new_win = getPref($data_dir, $username, 'compose_new_win', 0);
-       if ($compose_new_win) {
-          $redirect_url = $session_expired_location;
-       } else {
-          $redirect_url = 'webmail.php?right_frame='.urldecode($session_expired_location);
-       }
-       sqsession_unregister('session_expired_location');
-       unset($session_expired_location);
-    } else {
-       $redirect_url = 'webmail.php';
+$redirect_url = 'webmail.php';
+
+if ( sqgetGlobalVar('session_expired_location', $session_expired_location, SQ_SESSION) ) {
+    sqsession_unregister('session_expired_location');
+    $compose_new_win = getPref($data_dir, $username, 'compose_new_win', 0);
+    if ($compose_new_win) {
+        $redirect_url = $session_expired_location;
+    } elseif ( strpos($session_expired_location, 'webmail.php') === FALSE ) {
+        $redirect_url = 'webmail.php?right_frame='.urldecode($session_expired_location);
     }
+    unset($session_expired_location);
+}
 
 /* Write session data and send them off to the appropriate page. */
 session_write_close();
@@ -182,7 +177,15 @@ function attachment_common_parse($str, $debug) {
     global $attachment_common_types, $attachment_common_types_parsed;
 
     $attachment_common_types_parsed[$str] = true;
-    $types = explode(', ', $str);
+    
+    /* 
+     * Replace ", " with "," and explode on that as Mozilla 1.x seems to  
+     * use "," to seperate whilst IE, and earlier versions of Mozilla use
+     * ", " to seperate
+     */
+    
+    $str = str_replace( ', ' , ',' , $str );
+    $types = explode(',', $str);
 
     foreach ($types as $val) {
         // Ignore the ";q=1.0" stuff