Tomas Kuliavas | 1 Mar 22:15 2006
Picon
Picon

CVS: squirrelmail/functions imap_mailbox.php,1.270,1.271

Update of /cvsroot/squirrelmail/squirrelmail/functions
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv30199

Modified Files:
	imap_mailbox.php 
Log Message:
don't include delimiter in subscription command, when noselect mailbox is created

Index: imap_mailbox.php
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/functions/imap_mailbox.php,v
retrieving revision 1.270
retrieving revision 1.271
diff -u -w -r1.270 -r1.271
--- imap_mailbox.php	10 Feb 2006 22:16:05 -0000	1.270
+++ imap_mailbox.php	1 Mar 2006 21:15:00 -0000	1.271
 <at>  <at>  -401,11 +401,13  <at>  <at> 
 function sqimap_mailbox_create ($imap_stream, $mailbox, $type) {
     global $delimiter;
     if (strtolower($type) == 'noselect') {
-        $mailbox .= $delimiter;
+        $create_mailbox = $mailbox . $delimiter;
+    } else {
+        $create_mailbox = $mailbox;
     }

     $read_ary = sqimap_run_command($imap_stream, 'CREATE ' .
-                                   sqimap_encode_mailbox_name($mailbox),
+                                   sqimap_encode_mailbox_name($create_mailbox),
                                    true, $response, $message);
(Continue reading)

Tomas Kuliavas | 1 Mar 22:27 2006
Picon
Picon

CVS: squirrelmail ChangeLog,1.704,1.705

Update of /cvsroot/squirrelmail/squirrelmail
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv8636

Modified Files:
	ChangeLog 
Log Message:
changes in sqimap_mailbox_create()

Index: ChangeLog
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/ChangeLog,v
retrieving revision 1.704
retrieving revision 1.705
diff -u -w -r1.704 -r1.705
--- ChangeLog	28 Feb 2006 20:10:33 -0000	1.704
+++ ChangeLog	1 Mar 2006 21:27:24 -0000	1.705
 <at>  <at>  -13,6 +13,8  <at>  <at> 
     pure TLS not to be used to assume STARTTLS.
   - Fixed quotes in configuration strings in administrator plugin.
   - Fixed View as HTML link so it doesn't forget it was part of a seach result.
+  - Don't use delimiter in IMAP subscription command, when noselect folder is
+    created.

 	
 Version 1.5.1 (branched on 2006-02-12)

-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
(Continue reading)

Fredrik Jervfors | 2 Mar 13:04 2006
Picon
Picon

CVS: documentation/devel devel.sgml,1.9,1.10

Update of /cvsroot/squirrelmail/documentation/devel
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv10660

Modified Files:
	devel.sgml 
Log Message:
Formatting

Index: devel.sgml
===================================================================
RCS file: /cvsroot/squirrelmail/documentation/devel/devel.sgml,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -w -r1.9 -r1.10
--- devel.sgml	27 Feb 2006 19:06:58 -0000	1.9
+++ devel.sgml	2 Mar 2006 12:04:34 -0000	1.10
 <at>  <at>  -57,9 +57,9  <at>  <at> 
 <p>
 Information about SM_PATH constant

-<sect1>includes/validate.php
+<sect1><tt>includes/validate.php</tt>
 <p>
-Information about files included by validate.php
+Information about files included by <tt>validate.php</tt>

 <sect1>Compatibility
 <p>
 <at>  <at>  -67,7 +67,17  <at>  <at> 

(Continue reading)

Tomas Kuliavas | 2 Mar 21:31 2006
Picon
Picon

CVS: squirrelmail/functions i18n.php,1.222,1.223

Update of /cvsroot/squirrelmail/squirrelmail/functions
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv10092

Modified Files:
	i18n.php 
Log Message:
if PHP recode functions are used for decoding, they might use html character
entities. Encoding functions can't handle them. It is easier to convert all 
entities in one place instead of finding supported entities in every encoding
function.

Index: i18n.php
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/functions/i18n.php,v
retrieving revision 1.222
retrieving revision 1.223
diff -u -w -r1.222 -r1.223
--- i18n.php	13 Feb 2006 17:23:49 -0000	1.222
+++ i18n.php	2 Mar 2006 20:31:31 -0000	1.223
 <at>  <at>  -244,6 +244,7  <at>  <at> 
  */
 function charset_convert($in_charset,$string,$out_charset,$htmlencode=true) {
     $string=charset_decode($in_charset,$string,true);
+    $string=sqi18n_convert_entities($string);
     $string=charset_encode($string,$out_charset,$htmlencode);
     return $string;
 }
 <at>  <at>  -602,7 +603,7  <at>  <at> 
  }

(Continue reading)

Fredrik Jervfors | 2 Mar 22:21 2006
Picon
Picon

CVS: documentation/devel devel.sgml,1.10,1.11

Update of /cvsroot/squirrelmail/documentation/devel
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv10600

Modified Files:
	devel.sgml 
Log Message:
Formatting

Index: devel.sgml
===================================================================
RCS file: /cvsroot/squirrelmail/documentation/devel/devel.sgml,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -w -r1.10 -r1.11
--- devel.sgml	2 Mar 2006 12:04:34 -0000	1.10
+++ devel.sgml	2 Mar 2006 21:21:08 -0000	1.11
 <at>  <at>  -187,7 +187,7  <at>  <at> 
 SquirrelMail uses four hook functions. do_hook(), do_hook_function(),
 concat_hook_function() and boolean_hook_function().

-do_hook() function is simple function that allows to inject custom html or
+do_hook() function is simple function that allows to inject custom HTML or
 override default interface data. Function does not pass any data and doesn't ask
 for anything back. A limited number of do_hook calls do pass some extra
 parameters, in which case your plugin may modify the given data if you do so by
 <at>  <at>  -401,7 +401,7  <at>  <at> 
    holds each identity. The arguments to this hook are:

    <tscreen><verb>
-      [0] = additional html attributes applied to table row.
(Continue reading)

Fredrik Jervfors | 2 Mar 22:30 2006
Picon
Picon

CVS: documentation/devel devel.sgml,1.11,1.12

Update of /cvsroot/squirrelmail/documentation/devel
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv16820

Modified Files:
	devel.sgml 
Log Message:
Formatting

Index: devel.sgml
===================================================================
RCS file: /cvsroot/squirrelmail/documentation/devel/devel.sgml,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -w -r1.11 -r1.12
--- devel.sgml	2 Mar 2006 21:21:08 -0000	1.11
+++ devel.sgml	2 Mar 2006 21:30:30 -0000	1.12
 <at>  <at>  -608,7 +608,7  <at>  <at> 
   <item>euc-kr       = 1
 </itemize>

-<sect1>The <tt>$languages array</tt>
+<sect1>The <tt>$languages</tt> array
 <p>
 The <tt>$languages</tt> array is stored in <tt>functions/i18n.php</tt> and defines translations
 that are enabled in SquirrelMail. Since SquirrelMail 1.5.1 <tt>functions/i18n.php</tt>
 <at>  <at>  -869,7 +869,7  <at>  <at> 
 <p>
 PHP provides <url
 url="http://www.php.net/htmlspecialchars" name="htmlspecialchars()"> and <url
-url="http://www.php.net/htmlentities" name="htmlentities()"> functions for html string
(Continue reading)

Jonathan Angliss | 3 Mar 04:37 2006
Picon
Picon

CVS: squirrelmail ChangeLog,1.332.2.325,1.332.2.326

Update of /cvsroot/squirrelmail/squirrelmail
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2334

Modified Files:
      Tag: SM-1_4-STABLE
	ChangeLog 
Log Message:
  - Security: Possible cookie theft in src/redirect.php if 
    register_globals is enabled, and malicous site is running
    in same domain.

Index: ChangeLog
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/ChangeLog,v
retrieving revision 1.332.2.325
retrieving revision 1.332.2.326
diff -u -w -r1.332.2.325 -r1.332.2.326
--- ChangeLog	23 Feb 2006 21:36:11 -0000	1.332.2.325
+++ ChangeLog	3 Mar 2006 03:37:12 -0000	1.332.2.326
 <at>  <at>  -5,7 +5,9  <at>  <at> 

 Version 1.4.7 - CVS
 -------------------
-
+  - Security: Possible cookie theft in src/redirect.php if
+    register_globals is enabled, and malicous site is running
+	in same domain.

 Version 1.4.6 - 23 February 2006
 --------------------------------
(Continue reading)

Jonathan Angliss | 3 Mar 04:37 2006
Picon
Picon

CVS: squirrelmail/functions strings.php,1.184.2.47,1.184.2.48

Update of /cvsroot/squirrelmail/squirrelmail/functions
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv2334/functions

Modified Files:
      Tag: SM-1_4-STABLE
	strings.php 
Log Message:
  - Security: Possible cookie theft in src/redirect.php if 
    register_globals is enabled, and malicous site is running
    in same domain.

Index: strings.php
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/functions/strings.php,v
retrieving revision 1.184.2.47
retrieving revision 1.184.2.48
diff -u -w -r1.184.2.47 -r1.184.2.48
--- strings.php	23 Feb 2006 21:36:12 -0000	1.184.2.47
+++ strings.php	3 Mar 2006 03:37:12 -0000	1.184.2.48
 <at>  <at>  -245,7 +245,7  <at>  <at> 
     /**
      * If it is in the session, just return it.
      */
-    if (isset($base_uri)){
+    if (sqgetGlobalVar('base_uri',$base_uri,SQ_SESSION)){
         return $base_uri;
     }
     $dirs = array('|src/.*|', '|plugins/.*|', '|functions/.*|');

-------------------------------------------------------
(Continue reading)

Jonathan Angliss | 3 Mar 04:39 2006
Picon
Picon

CVS: squirrelmail ChangeLog,1.705,1.706

Update of /cvsroot/squirrelmail/squirrelmail
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv3658

Modified Files:
	ChangeLog 
Log Message:
  - Security: Possible cookie theft in src/redirect.php if 
    register_globals is enabled, and malicous site is running
    in same domain.

Index: ChangeLog
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/ChangeLog,v
retrieving revision 1.705
retrieving revision 1.706
diff -u -w -r1.705 -r1.706
--- ChangeLog	1 Mar 2006 21:27:24 -0000	1.705
+++ ChangeLog	3 Mar 2006 03:39:18 -0000	1.706
 <at>  <at>  -15,6 +15,9  <at>  <at> 
   - Fixed View as HTML link so it doesn't forget it was part of a seach result.
   - Don't use delimiter in IMAP subscription command, when noselect folder is
     created.
+  - Security: Possible cookie theft in src/redirect.php if 
+    register_globals is enabled, and malicous site is running
+    in same domain.

 	
 Version 1.5.1 (branched on 2006-02-12)

-------------------------------------------------------
(Continue reading)

Jonathan Angliss | 3 Mar 04:39 2006
Picon
Picon

CVS: squirrelmail/functions strings.php,1.242,1.243

Update of /cvsroot/squirrelmail/squirrelmail/functions
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv3658/functions

Modified Files:
	strings.php 
Log Message:
  - Security: Possible cookie theft in src/redirect.php if 
    register_globals is enabled, and malicous site is running
    in same domain.

Index: strings.php
===================================================================
RCS file: /cvsroot/squirrelmail/squirrelmail/functions/strings.php,v
retrieving revision 1.242
retrieving revision 1.243
diff -u -w -r1.242 -r1.243
--- strings.php	12 Feb 2006 16:11:50 -0000	1.242
+++ strings.php	3 Mar 2006 03:39:18 -0000	1.243
 <at>  <at>  -497,7 +497,7  <at>  <at> 
     /**
      * If it is in the session, just return it.
      */
-    if (isset($base_uri)){
+    if (sqgetGlobalVar('base_uri',$base_uri,SQ_SESSION)){
         return $base_uri;
     }
     $dirs = array('|src/.*|', '|plugins/.*|', '|functions/.*|');

-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
(Continue reading)


Gmane