Fix part 1 for XSS issue... call page like this:
authorjangliss <jangliss@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Sun, 28 Mar 2004 11:50:13 +0000 (11:50 +0000)
committerjangliss <jangliss@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Sun, 28 Mar 2004 11:50:13 +0000 (11:50 +0000)
  src/compose.php?mailbox="><script>alert('Nuts!');</script>

Because this file is included in other pages, it could affect others too.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@6911 7612ce4b-ef26-0410-bec9-ea0150e637f0

functions/page_header.php

index 180968d..0228eeb 100644 (file)
@@ -277,8 +277,8 @@ function displayPageHeader($color, $mailbox, $xtra='', $session=false) {
 
     echo "<body text=\"$color[8]\" bgcolor=\"$color[4]\" link=\"$color[7]\" vlink=\"$color[7]\" alink=\"$color[7]\" $onload>\n\n";
     /** Here is the header and wrapping table **/
-    $shortBoxName = imap_utf7_decode_local(
-                     readShortMailboxName($mailbox, $delimiter));
+    $shortBoxName = htmlspecialchars(imap_utf7_decode_local(
+                     readShortMailboxName($mailbox, $delimiter)));
     if ( $shortBoxName == 'INBOX' ) {
         $shortBoxName = _("INBOX");
     }