From: jangliss <jangliss@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Wed, 19 Jan 2005 21:07:47 +0000 (+0000)
Subject: Fix for possible remote file inclusion
X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=commitdiff_plain;h=f3fa1c1031e01b37e0450eb815329d3aa7b7422b

Fix for possible remote file inclusion


git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@8680 7612ce4b-ef26-0410-bec9-ea0150e637f0
---

diff --git a/ChangeLog b/ChangeLog
index 04cb4ecc..94669557 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -180,12 +180,14 @@ Version 1.5.1 -- CVS
   - Max upload file size now correctly handles a '-1' value, meaning
     unlimited. (#1094569).
   - Security: Added hook for Preferences Backend to resolve potential
-    file inclusions. [CAN-2005-0075] 
+    file inclusions. [CAN-2005-0075]
   - Remove Printer Friendly Clean Display config option, the cleaning
     is now always done.
   - Create new Options section "Compose Preferences" and move some
     options from Display Preferences there; also move some around within
     Display Preferences.
+  - Security: Fix possible file/offsite inclusion in src/webmail.php.
+    [CAN-2005-0075]
 
 Version 1.5.0
 --------------------
diff --git a/src/webmail.php b/src/webmail.php
index 243314e0..1f3dd9ce 100644
--- a/src/webmail.php
+++ b/src/webmail.php
@@ -129,9 +129,11 @@ else {
  * This was done to create a pure HTML way of refreshing the folder list since
  * we would like to use as little Javascript as possible.
  */
-if (!isset($right_frame)) {
+
+if (empty($right_frame) || (strpos(urldecode($right_frame), '://'))) {
     $right_frame = '';
 }
+
 if ($right_frame == 'right_main.php') {
     $urlMailbox = urlencode($mailbox);
     $right_frame_url =
@@ -166,4 +168,4 @@ if($ret != '') {
 echo $output;
 ?>
 </frameset>
-</html>
\ No newline at end of file
+</html>