diff options
Diffstat (limited to 'mail/ja-squirrelmail/patches/patch-ac')
-rw-r--r-- | mail/ja-squirrelmail/patches/patch-ac | 70 |
1 files changed, 53 insertions, 17 deletions
diff --git a/mail/ja-squirrelmail/patches/patch-ac b/mail/ja-squirrelmail/patches/patch-ac index c96473dca76..11bdd39ec62 100644 --- a/mail/ja-squirrelmail/patches/patch-ac +++ b/mail/ja-squirrelmail/patches/patch-ac @@ -1,23 +1,59 @@ -$NetBSD: patch-ac,v 1.1 2005/12/05 09:28:44 martti Exp $ +$NetBSD: patch-ac,v 1.1.6.1 2006/06/04 13:55:57 salo Exp $ ---- functions/imap_messages.php.orig 2005-04-16 13:45:38.000000000 -0400 -+++ functions/imap_messages.php -@@ -476,8 +476,9 @@ function parseArray($read,&$i) { - * NOTE: this is actually a duplicate from the function in - * class/mime/Rfc822Header.php. - */ --function parsePriority($value) { -- $value = strtolower(array_shift(split('/\w/',trim($value)))); -+function parsePriority($sValue) { -+ $aValue=split('/\w/',trim($sValue)); -+ $value = strtolower(array_shift($aValue)); - if ( is_numeric($value) ) { - return $value; - } -@@ -915,4 +916,4 @@ function sqimap_get_small_header($imap_s - return $res[0]; +--- functions/global.php.orig 2006-02-03 22:27:47.000000000 +0000 ++++ functions/global.php 2006-06-04 13:22:14.000000000 +0100 +@@ -62,6 +62,47 @@ + sqstripslashes($_POST); } ++/** ++ * If register_globals are on, unregister globals. ++ * Code requires PHP 4.1.0 or newer. ++ * Second test covers boolean set as string (php_value register_globals off). ++ */ ++if ((bool) @ini_get('register_globals') && ++ strtolower(ini_get('register_globals'))!='off') { ++ /** ++ * Remove all globals from $_GET, $_POST, and $_COOKIE. ++ */ ++ foreach ($_REQUEST as $key => $value) { ++ unset($GLOBALS[$key]); ++ } ++ /** ++ * Remove globalized $_FILES variables ++ * Before 4.3.0 $_FILES are included in $_REQUEST. ++ * Unglobalize them in separate call in order to remove dependency ++ * on PHP version. ++ */ ++ foreach ($_FILES as $key => $value) { ++ unset($GLOBALS[$key]); ++ // there are three undocumented $_FILES globals. ++ unset($GLOBALS[$key.'_type']); ++ unset($GLOBALS[$key.'_name']); ++ unset($GLOBALS[$key.'_size']); ++ } ++ /** ++ * Remove globalized environment variables. ++ */ ++ foreach ($_ENV as $key => $value) { ++ unset($GLOBALS[$key]); ++ } ++ /** ++ * Remove globalized server variables. ++ */ ++ foreach ($_SERVER as $key => $value) { ++ unset($GLOBALS[$key]); ++ } ++} ++ ++ + /* strip any tags added to the url from PHP_SELF. + This fixes hand crafted url XXS expoits for any + page that uses PHP_SELF as the FORM action */ +@@ -336,4 +377,4 @@ + } + + // vim: et ts=4 -?> \ No newline at end of file +?> |