-----BEGIN PGP SIGNED MESSAGE----- Hello,
After updating squirrelmail, according to [SECURITY] [DSA 191-1] New squirrelmail packages fix cross site scripting bugs . I encounter a problem viewing the options page ( /src/options.php ) This is the error message: Fatal error: Failed opening required '' (include_path='.:/usr/share/pear') in /usr/share/squirrelmail/src/options.php on line 174 From http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-1.1.diff.gz: - --- squirrelmail-1.2.6.orig/src/options.php +++ squirrelmail-1.2.6/src/options.php @@ -109,8 +109,10 @@ /* ---------------------------- main ---------------------------- */ /* Make sure we have an Option Page set. Default to main. */ - -if (!isset($optpage)) { - - $optpage = 'main'; +if (!isset($optpage) || $optpage == '') { + $optpage = 'SMOPT_PAGE_MAIN'; +} else { + $optpage = strip_tags($optpage); } When using the options.php file from the previous package it works correctly. Shall I report this as a bug? Michiel - -- Now faith is the substance of things hoped for, the evidence of things not seen (Hebrews, ch. 11, v. 1) -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: 7sDKo6Gcc2suHltWNDjsdf+5eqHRX7VT iQA/AwUBPct7m1zh1Zw6EoKhEQIoBACgw1132inbitsqcGU8Rj4SAQZ8E98AoJ/j A3jUQED1YMD7Qnvt1AM+pWyB =0uoT -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
