Hi,
I wanted to upgrade from 1.4.8 to 1.4.9a by using the patches from
http://www.squirrelmail.org/patches/1.4.9-security/stable/,
but mime.patch does not like me :-(
mime.php.rej:
------8<------
@@ -1833,10 +1902,23 @@
}
}
}
+
+ /**
+ * Workaround for IE quirks
+ */
+ sq_fixIE_idiocy($attvalue);
+
/**
* Remove any backslashes, entities, and extraneous whitespace.
*/
+ $oldattvalue = $attvalue;
sq_defang($attvalue);
+ if ($attname == 'style' && $attvalue !== $oldattvalue) {
+ // entities are used in the attribute value. In 99% of the cases
it's there as XSS
+ // i.e.<div style="{ left:expʀessioɴ( alert('XSS') )
}">
+ $attvalue = "idiocy";
+ $attary{$attname} = $attvalue;
+ }
sq_unspace($attvalue);
/**
@@ -1957,6 +2039,9 @@
// possible comment
if (isset($body{$i+2}) && substr($body,$i,3) == '!--') {
$i = strpos($body,'-->',$i+3);
+ if ($i === false) { // no end comment
+ $i = strlen($body);
+ }
$sToken = '';
}
} else {
@@ -1984,12 +2069,18 @@
*/
$content = preg_replace("|body(\s*\{.*?\})|si", ".bodyclass\\1", $content);
$secremoveimg = '../images/' . _("sec_remove_eng.png");
+
+ // IE Sucks hard. We have a special function for it.
+ sq_fixIE_idiocy($content);
+
+ // remove @import line
+ $content = preg_replace("/^\s*(@import.*)$/mi","\n<!-- @import rules
forbidden -->\n",$content);
+
/**
* Fix url('blah') declarations.
*/
- // remove NUL
- $content = str_replace("\0", "", $content);
// translate ur\l and variations into url (IE parses that)
+ // TODO check if the sq_fixIE_idiocy function already handles this.
$content = preg_replace("/(\\\\)?u(\\\\)?r(\\\\)?l(\\\\)?/i",'url',
$content);
// NB I insert NUL characters to keep to avoid an infinite loop. They are
removed after the loop.
while (preg_match("/url\s*\(\s*[\'\"]?([^:]+):(.*)?[\'\"]?\s*\)/si",
$content, $matches)) {
@@ -2048,11 +2139,13 @@
* in IE.
*/
$match = Array('/\/\*.*\*\//',
- '/expression/i',
- '/behaviou*r/i',
- '/binding/i',
- '/include-source/i');
- $replace = Array('', 'idiocy', 'idiocy', 'idiocy', 'idiocy');
+ '/expression/i',
+ '/behaviou*r/i',
+ '/binding/i',
+ '/include-source/i',
+ '/javascript/i',
+ '/script/i');
+ $replace = Array('','idiocy', 'idiocy', 'idiocy', 'idiocy', 'idiocy',
'idiocy');
$contentNew = preg_replace($match, $replace, $contentTemp);
if ($contentNew !== $contentTemp) {
// insecure css declarations are used. From now on we don't care
------8<------
Any hints?
Rainer
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
--
squirrelmail-users mailing list
Posting Guidelines:
http://www.squirrelmail.org/wiki/MailingListPostingGuidelines
List Address: [email protected]
List Archives:
http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
