Michiel Brendel wrote:
I see the same problem, so, yes, please do! :-)-----BEGIN PGP SIGNED MESSAGE-----Hello, After updating squirrelmail, according to [SECURITY] [DSA 191-1] New squirrelmail packages fix cross site scripting bugs . I encounter a problem viewing the options page ( /src/options.php ) This is the error message: Fatal error: Failed opening required '' (include_path='.:/usr/share/pear') in /usr/share/squirrelmail/src/options.php on line 174 From http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-1.1.diff.gz: - --- squirrelmail-1.2.6.orig/src/options.php +++ squirrelmail-1.2.6/src/options.php @@ -109,8 +109,10 @@ /* ---------------------------- main ---------------------------- */ /* Make sure we have an Option Page set. Default to main. */ - -if (!isset($optpage)) { - - $optpage = 'main'; +if (!isset($optpage) || $optpage == '') { + $optpage = 'SMOPT_PAGE_MAIN'; +} else { + $optpage = strip_tags($optpage); } When using the options.php file from the previous package it works correctly. Shall I report this as a bug?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
