git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@13671
7612ce4b-ef26-0410-bec9-
ea0150e637f0
."</head><body>";
if (sqgetGlobalVar('submit',$submit,SQ_POST)) {
."</head><body>";
if (sqgetGlobalVar('submit',$submit,SQ_POST)) {
if (! sqgetGlobalVar('secret',$secret,SQ_POST) ||
if (! sqgetGlobalVar('secret',$secret,SQ_POST) ||
- empty($secret))
- echo "<p>You must enter encryption key.</p>\n";
+ empty($secret)) {
+ $continue = FALSE;
+ echo "<p>You must enter an encryption key.</p>\n";
+ }
if (! sqgetGlobalVar('enc_string',$enc_string,SQ_POST) ||
if (! sqgetGlobalVar('enc_string',$enc_string,SQ_POST) ||
- empty($enc_string))
- echo "<p>You must enter encrypted string.</p>\n";
+ empty($enc_string)) {
+ $continue = FALSE;
+ echo "<p>You must enter an encrypted string.</p>\n";
+ }
- if (isset($enc_string) && ! base64_decode($enc_string)) {
- echo "<p>Encrypted string should be BASE64 encoded.<br />\n"
- ."Please enter all characters that are listed after header name.</p>\n";
- } elseif (isset($secret)) {
- $string=OneTimePadDecrypt($enc_string,base64_encode($secret));
+ if ($continue) {
+ if (isset($enc_string) && ! base64_decode($enc_string)) {
+ echo "<p>Encrypted string should be BASE64 encoded.<br />\n"
+ ."Please enter all characters that are listed after header name.</p>\n";
+ } elseif (isset($secret)) {
+ $string=OneTimePadDecrypt($enc_string,base64_encode($secret));
- if (sqgetGlobalVar('ip_addr',$is_addr,SQ_POST)) {
- $string=hex2ip($string);
+ if (sqgetGlobalVar('ip_addr',$is_addr,SQ_POST)) {
+ $string=hex2ip($string);
+ }
+ echo "<p>Decoded string: ".htmlspecialchars($string)."</p>\n";
- echo "<p>Decoded string: ".$string."</p>\n";
<p>
Secret key: <input type="password" name="secret"><br />
Encrypted string: <input type="text" name="enc_string"><br />
<p>
Secret key: <input type="password" name="secret"><br />
Encrypted string: <input type="text" name="enc_string"><br />
-Check, if it is an address string: <input type="checkbox" name="ip_addr" /><br />
+<label for="ip_addr">Check here if you are decoding an address string (FromHash/ProxyHash): </label><input type="checkbox" name="ip_addr" id="ip_addr" /><br />
<button type="submit" name="submit" value="submit">Submit</button>
</p>
</form>
<button type="submit" name="submit" value="submit">Submit</button>
</p>
</form>
- Remove ability for HTML emails to use CSS positioning to overlay
SquirrelMail content (Thanks to Luc Beurton). (#2723196) [CVE-2009-1581]
- Fixed improper sanitizing of PHP_SELF and the lack of sanitizing of
- Remove ability for HTML emails to use CSS positioning to overlay
SquirrelMail content (Thanks to Luc Beurton). (#2723196) [CVE-2009-1581]
- Fixed improper sanitizing of PHP_SELF and the lack of sanitizing of
- QUERY_STRING server environment variables. (Thanks to Niels Teusink
+ QUERY_STRING server environment variables (Thanks to Niels Teusink
and Christian Balzer). [CVE-2009-1578]
and Christian Balzer). [CVE-2009-1578]
+ - Fixed the lack of sanitizing of contrib/decrypt_headers.php input;
+ also includes general cleanup of that page (Thanks to Niels Teusink).
+ [also CVE-2009-1578]
Version 1.5.1 (branched on 2006-02-12)
--------------------------------------
Version 1.5.1 (branched on 2006-02-12)
--------------------------------------
projects / squirrelmail.git / commitdiff