From acf633c73bc8df9a5036bc52d7568f4213ab73c7 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 06 May 2016 02:32:01 -0400
Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241)

---
 index.php |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/index.php b/index.php
index 4763501..ea60e81 100644
--- a/index.php
+++ b/index.php
@@ -2,7 +2,7 @@
 /*
  +-------------------------------------------------------------------------+
  | Roundcube Webmail IMAP Client                                           |
- | Version 1.0.1                                                           |
+ | Version 1.0.9                                                           |
  |                                                                         |
  | Copyright (C) 2005-2014, The Roundcube Dev Team                         |
  |                                                                         |
@@ -172,6 +172,7 @@
 
 // end session (after optional referer check)
 else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id'])
+    && $RCMAIL->check_request(rcube_utils::INPUT_GET)
     && (!$RCMAIL->config->get('referer_check') || rcube_utils::check_referer())
 ) {
     $userdata = array(
@@ -211,7 +212,7 @@
         $OUTPUT->show_message('sessionerror', 'error', null, true, -1);
     }
 
-    if ($OUTPUT->ajax_call || !empty($_REQUEST['_framed'])) {
+    if ($OUTPUT->ajax_call || $OUTPUT->get_env('framed')) {
         $OUTPUT->command('session_error', $RCMAIL->url(array('_err' => 'session')));
         $OUTPUT->send('iframe');
     }

--
Gitblit v1.9.1