From 197203727417a03d87053a47e5aa5175a76e3e0b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 17 Oct 2013 04:24:53 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/steps/mail/headers.inc |   44 +++++++++++++++++++++++++-------------------
 1 files changed, 25 insertions(+), 19 deletions(-)

diff --git a/program/steps/mail/headers.inc b/program/steps/mail/headers.inc
index 4e3f969..7d166f9 100644
--- a/program/steps/mail/headers.inc
+++ b/program/steps/mail/headers.inc
@@ -3,8 +3,8 @@
  +-----------------------------------------------------------------------+
  | program/steps/mail/headers.inc                                        |
  |                                                                       |
- | This file is part of the RoundCube Webmail client                     |
- | Copyright (C) 2005-2007, RoundCube Dev. - Switzerland                 |
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2005-2007, The Roundcube Dev Team                       |
  | Licensed under the GNU GPL                                            |
  |                                                                       |
  | PURPOSE:                                                              |
@@ -14,31 +14,37 @@
  | Author: Aleksander Machniak <alec@alec.pl>                            |
  +-----------------------------------------------------------------------+
 
- $Id: mark.inc 1580 2008-06-30 09:36:18Z alec $
+ $Id$
 
 */
 
 if ($uid = get_input_value('_uid', RCUBE_INPUT_POST))
 {
-  $source = $IMAP->get_raw_headers($uid);
+    $source = $IMAP->get_raw_headers($uid);
 
-  if ($source)
-    {
-    $browser = new rcube_browser;
-    
-    if ($browser->ie)
-      $source = rc_utf8_clean($source);	  
+    if ($source !== false) {
+        $source = htmlspecialchars(trim($source));
+        $source = preg_replace(
+            array(
+                '/\n[\t\s]+/',
+                '/^([a-z0-9_:-]+)/im',
+                '/\r?\n/'
+            ),
+            array(
+                "\n&nbsp;&nbsp;&nbsp;&nbsp;",
+                '<font class="bold">\1</font>',
+                '<br />'
+            ), $source);
 
-    $source = htmlspecialchars(trim($source));
-    $source = preg_replace('/\t/', '&nbsp;&nbsp;&nbsp;&nbsp;', $source);
-    $source = preg_replace('/^([a-z0-9_:-]+)/im', '<font class="bold">'.'\1'.'</font>', $source);
-    $source = preg_replace('/\r?\n/', '<br />', $source);
-    
-    $OUTPUT->command('set_headers', $source);
-    $OUTPUT->send();
+        $OUTPUT->command('set_headers', $source);
     }
+    else {
+        $RCMAIL->output->show_message('messageopenerror', 'error');
+    }
+
+    $OUTPUT->send();
 }
-  
+
 exit;
 
-?>
+

--
Gitblit v1.9.1