Fix for URL injection vulnerability (Bug #1307966)

19 years ago · 539cd47824
parent 30233b8dfb
commit 539cd47824
2 changed files with 14 additions and 2 deletions
--- a/index.php
+++ b/index.php
@ -267,7 +267,19 @@ if ($_task=='settings')
  }


+// only allow these templates to be included
+$valid_tasks = array('mail','settings','addressbook');
+
 // parse main template
-parse_template($_task);
+if (in_array($_task, $valid_tasks))
+  parse_template($_task);
+

+// if we arrive here, something went wrong
+raise_error(array('code' => 404,
+                  'type' => 'php',
+                  'line' => __LINE__,
+                  'file' => __FILE__,
+                  'message' => "Invalid request"), TRUE, TRUE);
+                      
 ?>
--- a/program/steps/error.inc
+++ b/program/steps/error.inc
@ -52,7 +52,7 @@ else if ($ERROR_CODE==401)
 else if ($ERROR_CODE==404)
  {
  $__error_title = "REQUEST FAILED/FILE NOT FOUND";
-  $request_url = $GLOBALS['HTTP_HOST'].$GLOBALS['REQUEST_URI'];
+  $request_url = $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
  $__error_text  = <<<EOF
 The requested page was not found!<br />
 Please contact your server-administrator.