From 47f9c3688b8db52ba5757b79a2922617f327d651 Mon Sep 17 00:00:00 2001
From: lkehresman <lkehresman@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Mon, 15 Jan 2001 14:34:13 +0000
Subject: [PATCH] Fixed a security hole with regard to themes.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@937 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 ChangeLog          |  1 +
 UPGRADE            | 13 +++++++------
 src/load_prefs.php | 12 +++++++++---
 3 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 21ee6689..60f0b601 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
 Version 1.0pre2 -- DEVELOPMENT
 ------------------------------
+- A number of security fixes
 - Replaced error messages with better, formatted, and meaningful messages.
 - Fixed "reply all" so that it works intelligently now
 - Made deleted (but not expunged) messages easier to detect (only if $auto_expunge = false)
diff --git a/UPGRADE b/UPGRADE
index 1b2cd410..88463cd6 100644
--- a/UPGRADE
+++ b/UPGRADE
@@ -1,9 +1,10 @@
-Upgrading from 0.3 or 0.4
-=========================
-If you are upgrading from versions 0.3 or 0.4 of SquirrelMail, you can use
-this guide to make the transition a bit smoother.  If you have been using a
-previous version (0.1 or 0.2), it is suggested that you just start from
-scratch and configure your settings as if it was your first install.
+Upgrading from 0.3 or higher 
+============================
+
+If you are upgrading from versions 0.3 or higher of SquirrelMail, you can
+use this guide to make the transition a bit smoother.  If you have been
+using a previous version (0.1 or 0.2), it is suggested that you just start
+from scratch and configure your settings as if it was your first install.
 
 NOTE: The new plugin architecture required the use of some functions which
 are not in all versions of PHP4. You will need at least PHP4 beta2. If you
diff --git a/src/load_prefs.php b/src/load_prefs.php
index 7c9857f9..d37d1082 100644
--- a/src/load_prefs.php
+++ b/src/load_prefs.php
@@ -21,9 +21,15 @@
    checkForPrefs($data_dir, $username);
 
    $chosen_theme = getPref($data_dir, $username, "chosen_theme");
-   if ((substr($chosen_theme, 0, 10) == "../config/")) {
-      $chosen_theme = substr($chosen_theme, 10);
-      $chosen_theme = "../themes/$chosen_theme";
+   $in_ary = false;
+   for ($i=0; $i < count($theme); $i++){
+   	  if ($theme[$i]["PATH"] == $chosen_theme) {
+	  	 $in_ary = true;
+		 break;
+	  }
+   }
+   if (!$in_ary) {
+   		$chosen_theme = "";
    }
 
    if ((isset($chosen_theme)) && (file_exists($chosen_theme))) {
-- 
2.25.1