logo       
<prev   next>

Re: CVS: squirrelmail/include init.php,1.19,1.20: msg#00042

Subject: Re: CVS: squirrelmail/include init.php,1.19,1.20 
On 9/18/06, Tomas Kuliavas 
<tokul-Rn4VEauK+AKRv+LV9MX5uipxlwaOVQ5f@xxxxxxxxxxxxxxxx> wrote:
> > Update of /cvsroot/squirrelmail/squirrelmail/include
> > In directory sc8-pr-cvs8.sourceforge.net:/tmp/cvs-serv27358/include
> >
> > Modified Files:
> >       init.php
> > Log Message:
> > Stylesheets provided with templates won't load unless we load up prefs for
> > stylesheets too
>
> style.php should not use preferences. All options must be submitted in GET
> request.

What goes wrong?  Is this vulnerable to attack?  Problem is that the
template directory falls back to templates/default which is incorrect
unless you are in fact actually using the default template set.  I
would think it's not too hard to pass the template directory value as
a GET.... ugh.

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: CVS: squirrelmail/include init.php,1.19,1.20, Tomas Kuliavas
Next by Date:  Re: CVS: squirrelmail/include init.php,1.19,1.20, Tomas Kuliavas
Previous by Thread:  Re: CVS: squirrelmail/include init.php,1.19,1.20, Tomas Kuliavas
Next by Thread:  Re: CVS: squirrelmail/include init.php,1.19,1.20, Tomas Kuliavas
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
boot-loaders.gr...    php.pear.genera...    debugging.valgr...    kde.redhat.user...    text.xml.xsl.ge...    culture.languag...    hardware.microc...    java.servicemix...    redhat.release....    web.zope.plone....    user-groups.lin...    opendarwin.webk...    video.mjpeg.use...    sysutils.bcfg2....    encryption.gpg....    lx-office.devel...    xfree86.forum/2...    mail.mutt.devel...    acpi.devel/2003...    qnx.openqnx.dev...    network.irc.irs...    freebsd.devel.m...   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe