Error in options.php file after a squirrelmail security update
-----BEGIN PGP SIGNED MESSAGE-----
Hello,
After updating squirrelmail, according to [SECURITY] [DSA 191-1] New
squirrelmail packages fix cross site scripting bugs . I encounter a problem
viewing the options page ( /src/options.php )
This is the error message:
Fatal error: Failed opening required '' (include_path='.:/usr/share/pear') in
/usr/share/squirrelmail/src/options.php on line 174
From
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-1.1.diff.gz:
- --- squirrelmail-1.2.6.orig/src/options.php
+++ squirrelmail-1.2.6/src/options.php
@@ -109,8 +109,10 @@
/* ---------------------------- main ---------------------------- */
/* Make sure we have an Option Page set. Default to main. */
- -if (!isset($optpage)) {
- - $optpage = 'main';
+if (!isset($optpage) || $optpage == '') {
+ $optpage = 'SMOPT_PAGE_MAIN';
+} else {
+ $optpage = strip_tags($optpage);
}
When using the options.php file from the previous package it works correctly.
Shall I report this as a bug?
Michiel
- --
Now faith is the substance of things hoped for, the evidence of things not
seen
(Hebrews, ch. 11, v. 1)
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: 7sDKo6Gcc2suHltWNDjsdf+5eqHRX7VT
iQA/AwUBPct7m1zh1Zw6EoKhEQIoBACgw1132inbitsqcGU8Rj4SAQZ8E98AoJ/j
A3jUQED1YMD7Qnvt1AM+pWyB
=0uoT
-----END PGP SIGNATURE-----
Reply to: