[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Error in options.php file after a squirrelmail security update



-----BEGIN PGP SIGNED MESSAGE-----

Hello,

After updating squirrelmail, according to [SECURITY] [DSA 191-1] New
squirrelmail packages fix cross site scripting bugs . I encounter a problem
viewing the options page ( /src/options.php )

This is the error message:

Fatal error: Failed opening required '' (include_path='.:/usr/share/pear') in
/usr/share/squirrelmail/src/options.php on line 174

From
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-1.1.diff.gz:

- --- squirrelmail-1.2.6.orig/src/options.php
+++ squirrelmail-1.2.6/src/options.php
@@ -109,8 +109,10 @@
 /* ---------------------------- main ---------------------------- */

 /* Make sure we have an Option Page set. Default to main. */
- -if (!isset($optpage)) {
- -    $optpage = 'main';
+if (!isset($optpage) || $optpage == '') {
+    $optpage = 'SMOPT_PAGE_MAIN';
+} else {
+    $optpage = strip_tags($optpage);
 }

When using the options.php file from the previous package it works correctly.


Shall I report this as a bug?

Michiel
- --
Now faith is the substance of things hoped for, the evidence of things not
seen
	(Hebrews, ch. 11, v. 1)

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: 7sDKo6Gcc2suHltWNDjsdf+5eqHRX7VT

iQA/AwUBPct7m1zh1Zw6EoKhEQIoBACgw1132inbitsqcGU8Rj4SAQZ8E98AoJ/j
A3jUQED1YMD7Qnvt1AM+pWyB
=0uoT
-----END PGP SIGNATURE-----



Reply to: