From 197203727417a03d87053a47e5aa5175a76e3e0b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 17 Oct 2013 04:24:53 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/include/rcube_browser.php |   24 ++++++++++++------------
 1 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/program/include/rcube_browser.php b/program/include/rcube_browser.php
index c89c389..859f367 100644
--- a/program/include/rcube_browser.php
+++ b/program/include/rcube_browser.php
@@ -33,19 +33,19 @@
         $HTTP_USER_AGENT = strtolower($_SERVER['HTTP_USER_AGENT']);
 
         $this->ver = 0;
-        $this->win = strstr($HTTP_USER_AGENT, 'win');
-        $this->mac = strstr($HTTP_USER_AGENT, 'mac');
-        $this->linux = strstr($HTTP_USER_AGENT, 'linux');
-        $this->unix  = strstr($HTTP_USER_AGENT, 'unix');
+        $this->win = strpos($HTTP_USER_AGENT, 'win') != false;
+        $this->mac = strpos($HTTP_USER_AGENT, 'mac') != false;
+        $this->linux = strpos($HTTP_USER_AGENT, 'linux') != false;
+        $this->unix  = strpos($HTTP_USER_AGENT, 'unix') != false;
 
-        $this->opera = strstr($HTTP_USER_AGENT, 'opera');
-        $this->ns4 = strstr($HTTP_USER_AGENT, 'mozilla/4') && !stristr($HTTP_USER_AGENT, 'msie');
-        $this->ns  = ($this->ns4 || strstr($HTTP_USER_AGENT, 'netscape'));
-        $this->ie  = !$this->opera && stristr($HTTP_USER_AGENT, 'compatible; msie');
-        $this->mz  = !$this->ie && strstr($HTTP_USER_AGENT, 'mozilla/5');
-        $this->chrome = strstr($HTTP_USER_AGENT, 'chrome');
-        $this->khtml = strstr($HTTP_USER_AGENT, 'khtml');
-        $this->safari = !$this->chrome && ($this->khtml || strstr($HTTP_USER_AGENT, 'safari'));
+        $this->opera = strpos($HTTP_USER_AGENT, 'opera') !== false;
+        $this->ns4 = strpos($HTTP_USER_AGENT, 'mozilla/4') !== false && strpos($HTTP_USER_AGENT, 'msie') === false;
+        $this->ns  = ($this->ns4 || strpos($HTTP_USER_AGENT, 'netscape') !== false);
+        $this->ie  = !$this->opera && strpos($HTTP_USER_AGENT, 'compatible; msie') !== false;
+        $this->mz  = !$this->ie && strpos($HTTP_USER_AGENT, 'mozilla/5') !== false;
+        $this->chrome = strpos($HTTP_USER_AGENT, 'chrome') !== false;
+        $this->khtml = strpos($HTTP_USER_AGENT, 'khtml') !== false;
+        $this->safari = !$this->chrome && ($this->khtml || strpos($HTTP_USER_AGENT, 'safari') !== false);
 
         if ($this->ns || $this->chrome) {
             $test = preg_match('/(mozilla|chrome)\/([0-9.]+)/', $HTTP_USER_AGENT, $regs);

--
Gitblit v1.9.1