diff options
Diffstat (limited to 'mail/roundcube/patches/patch-program_steps_utils_error.inc')
| -rw-r--r-- | mail/roundcube/patches/patch-program_steps_utils_error.inc | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/mail/roundcube/patches/patch-program_steps_utils_error.inc b/mail/roundcube/patches/patch-program_steps_utils_error.inc new file mode 100644 index 00000000000..2cb7cdf631d --- /dev/null +++ b/mail/roundcube/patches/patch-program_steps_utils_error.inc @@ -0,0 +1,15 @@ +$NetBSD: patch-program_steps_utils_error.inc,v 1.1 2012/10/15 03:33:23 taca Exp $ + +Minimum fix for XSS with HTTP_USER_AGENT from the repository. + +--- program/steps/utils/error.inc.orig 2012-08-17 19:34:07.000000000 +0000 ++++ program/steps/utils/error.inc +@@ -25,7 +25,7 @@ + + // browser is not compatible with this application + if ($ERROR_CODE==409) { +- $user_agent = $_SERVER['HTTP_USER_AGENT']; ++ $user_agent = htmlentities($_SERVER['HTTP_USER_AGENT']); + $__error_title = 'Your browser does not suit the requirements for this application'; + $__error_text = <<<EOF + <i>Supported browsers:</i><br /> |