Re: Error in options.php file after a squirrelmail security update

To: debian-user@lists.debian.org
Subject: Re: Error in options.php file after a squirrelmail security update
From: "Keith G. Murphy" <keithmur@mindspring.com>
Date: Fri, 08 Nov 2002 09:16:10 -0600
Message-id: <[🔎] 3DCBD53A.5030802@mindspring.com>
References: <[🔎] 200211080953.48581.michiel@brendel.cx>

Michiel Brendel wrote:

-----BEGIN PGP SIGNED MESSAGE-----

Hello,

After updating squirrelmail, according to [SECURITY] [DSA 191-1] New
squirrelmail packages fix cross site scripting bugs . I encounter a problem
viewing the options page ( /src/options.php )

This is the error message:

Fatal error: Failed opening required '' (include_path='.:/usr/share/pear') in
/usr/share/squirrelmail/src/options.php on line 174

From
http://security.debian.org/pool/updates/main/s/squirrelmail/squirrelmail_1.2.6-1.1.diff.gz:

- --- squirrelmail-1.2.6.orig/src/options.php
+++ squirrelmail-1.2.6/src/options.php
@@ -109,8 +109,10 @@
 /* ---------------------------- main ---------------------------- */

 /* Make sure we have an Option Page set. Default to main. */
- -if (!isset($optpage)) {
- -    $optpage = 'main';
+if (!isset($optpage) || $optpage == '') {
+    $optpage = 'SMOPT_PAGE_MAIN';
+} else {
+    $optpage = strip_tags($optpage);
 }

When using the options.php file from the previous package it works correctly.


Shall I report this as a bug?

I see the same problem, so, yes, please do!  :-)

Reply to:

References:
- Error in options.php file after a squirrelmail security update
  - From: Michiel Brendel <michiel@brendel.cx>

Prev by Date: sound locks up kernel, where do I start?...
Next by Date: Promise RAID install problems
Previous by thread: Error in options.php file after a squirrelmail security update
Next by thread: Desaparecen los iconos en una reciente instalacion de genome2
Index(es):
- Date
- Thread