From 1da45b933e35f90a6c84ca652a4eb2e78f946916 Mon Sep 17 00:00:00 2001
From: roundcube <roundcube@208e9e7b-5314-0410-a742-e7e81cd9613c>
Date: Thu, 29 Sep 2005 20:30:10 +0000
Subject: Fix for URL injection vulnerability (Bug #1307966)

git-svn-id: https://svn.roundcube.net/trunk@9 208e9e7b-5314-0410-a742-e7e81cd9613c
---
 roundcubemail/index.php | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

(limited to 'roundcubemail/index.php')

diff --git a/roundcubemail/index.php b/roundcubemail/index.php
index 19623aa30..bdccd379f 100644
--- a/roundcubemail/index.php
+++ b/roundcubemail/index.php
@@ -267,7 +267,19 @@ if ($_task=='settings')
   }
 
 
+// only allow these templates to be included
+$valid_tasks = array('mail','settings','addressbook');
+
 // parse main template
-parse_template($_task);
+if (in_array($_task, $valid_tasks))
+  parse_template($_task);
+
 
+// if we arrive here, something went wrong
+raise_error(array('code' => 404,
+                  'type' => 'php',
+                  'line' => __LINE__,
+                  'file' => __FILE__,
+                  'message' => "Invalid request"), TRUE, TRUE);
+                      
 ?>
\ No newline at end of file
-- 
cgit v1.2.3