Hi, I wanted to upgrade from 1.4.8 to 1.4.9a by using the patches from http://www.squirrelmail.org/patches/1.4.9-security/stable/, but mime.patch does not like me :-( mime.php.rej: ------8<------ @@ -1833,10 +1902,23 @@ } } } + + /** + * Workaround for IE quirks + */ + sq_fixIE_idiocy($attvalue); + /** * Remove any backslashes, entities, and extraneous whitespace. */ + $oldattvalue = $attvalue; sq_defang($attvalue); + if ($attname == 'style' && $attvalue !== $oldattvalue) { + // entities are used in the attribute value. In 99% of the cases it's there as XSS + // i.e.<div style="{ left:expʀessioɴ( alert('XSS') ) }"> + $attvalue = "idiocy"; + $attary{$attname} = $attvalue; + } sq_unspace($attvalue); /** @@ -1957,6 +2039,9 @@ // possible comment if (isset($body{$i+2}) && substr($body,$i,3) == '!--') { $i = strpos($body,'-->',$i+3); + if ($i === false) { // no end comment + $i = strlen($body); + } $sToken = ''; } } else { @@ -1984,12 +2069,18 @@ */ $content = preg_replace("|body(\s*\{.*?\})|si", ".bodyclass\\1", $content); $secremoveimg = '../images/' . _("sec_remove_eng.png"); + + // IE Sucks hard. We have a special function for it. + sq_fixIE_idiocy($content); + + // remove @import line + $content = preg_replace("/^\s*(@import.*)$/mi","\n<!-- @import rules forbidden -->\n",$content); + /** * Fix url('blah') declarations. */ - // remove NUL - $content = str_replace("\0", "", $content); // translate ur\l and variations into url (IE parses that) + // TODO check if the sq_fixIE_idiocy function already handles this. $content = preg_replace("/(\\\\)?u(\\\\)?r(\\\\)?l(\\\\)?/i",'url', $content); // NB I insert NUL characters to keep to avoid an infinite loop. They are removed after the loop. while (preg_match("/url\s*\(\s*[\'\"]?([^:]+):(.*)?[\'\"]?\s*\)/si", $content, $matches)) { @@ -2048,11 +2139,13 @@ * in IE. */ $match = Array('/\/\*.*\*\//', - '/expression/i', - '/behaviou*r/i', - '/binding/i', - '/include-source/i'); - $replace = Array('', 'idiocy', 'idiocy', 'idiocy', 'idiocy'); + '/expression/i', + '/behaviou*r/i', + '/binding/i', + '/include-source/i', + '/javascript/i', + '/script/i'); + $replace = Array('','idiocy', 'idiocy', 'idiocy', 'idiocy', 'idiocy', 'idiocy'); $contentNew = preg_replace($match, $replace, $contentTemp); if ($contentNew !== $contentTemp) { // insecure css declarations are used. From now on we don't care ------8<------ Any hints? Rainer ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
