← Back to branch summary

~ubuntu-branches/ubuntu/quantal/squirrelmail/quantal

« back to all changes in this revision

Viewing changes to src/redirect.php

  • Committer: Bazaar Package Importer
  • Author(s): Thijs Kinkhorst
  • Date: 2008-09-28 16:33:48 UTC
  • mfrom: (11.1.7 intrepid)
  • Revision ID: james.westby@ubuntu.com-20080928163348-hgxf8au2d4zspabg
Tags: 2:1.4.15-3
http://bugs.debian.org/499942
Cookies sent over HTTPS will now be confined to HTTPS only
(cookie secure flag) and more support for the HTTPOnly cookie
attribute. Patch taken from upstream release.
(CVE-2008-3663, closes: #499942)

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/redirect.php
5
5
 *
6
6
 * Derived from webmail.php by Ralf Kraudelt <kraude@wiwi.uni-rostock.de>
7
7
 *
8
 
 * @copyright &copy; 1999-2006 The SquirrelMail Project Team
 
8
 * @copyright &copy; 1999-2007 The SquirrelMail Project Team
9
9
 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
10
 
 * @version $Id: redirect.php,v 1.72.2.14 2006/12/02 15:10:13 kink Exp $
 
10
 * @version $Id: redirect.php 12848 2008-01-04 07:18:01Z pdontthink $
11
11
 * @package squirrelmail
12
12
 */
13
13
 
 
14
/** This is the redirect page */
 
15
define('PAGE_NAME', 'redirect');
 
16
 
14
17
/**
15
18
 * Path for SquirrelMail required files.
16
19
 * @ignore
28
31
require_once(SM_PATH . 'functions/constants.php');
29
32
require_once(SM_PATH . 'functions/page_header.php');
30
33
 
31
 
/* Before starting the session, the base URI must be known. Assuming */
32
 
/* that this file is in the src/ subdirectory (or something).        */
33
 
if (!function_exists('sqm_baseuri')){
34
 
    require_once(SM_PATH . 'functions/display_messages.php');
35
 
}
36
34
$base_uri = sqm_baseuri();
37
35
 
38
36
header('Pragma: no-cache');
39
37
$location = get_location();
40
38
 
41
 
session_set_cookie_params (0, $base_uri);
42
39
sqsession_is_active();
43
40
 
44
41
sqsession_unregister ('user_is_logged_in');
61
58
 
62
59
set_up_language($squirrelmail_language, true);
63
60
/* Refresh the language cookie. */
64
 
setcookie('squirrelmail_language', $squirrelmail_language, time()+2592000,
65
 
          $base_uri);
 
61
sqsetcookie('squirrelmail_language', $squirrelmail_language, time()+2592000, $base_uri);
66
62
 
67
63
if (!isset($login_username)) {
68
64
    include_once(SM_PATH .  'functions/display_messages.php' );
96
92
 
97
93
    $username = $login_username;
98
94
    sqsession_register ($username, 'username');
99
 
    setcookie('key', $key, 0, $base_uri);
 
95
    sqsetcookie('key', $key, 0, $base_uri);
100
96
    do_hook ('login_verified');
101
97
 
102
98
}
115
111
sqsession_register($attachment_common_types, 'attachment_common_types');
116
112
sqsession_register($attachment_common_types_parsed, 'attachment_common_types_parsed');
117
113
 
118
 
$debug = false;
119
114
 
120
115
if ( sqgetGlobalVar('HTTP_ACCEPT', $http_accept, SQ_SERVER) &&
121
116
    !isset($attachment_common_types_parsed[$http_accept]) ) {
122
 
    attachment_common_parse($http_accept, $debug);
 
117
    attachment_common_parse($http_accept);
123
118
}
124
119
 
125
120
/* Complete autodetection of Javascript. */
146
141
 
147
142
if ( sqgetGlobalVar('session_expired_location', $session_expired_location, SQ_SESSION) ) {
148
143
    sqsession_unregister('session_expired_location');
149
 
    if ( strpos($session_expired_location, 'compose.php') !== FALSE ) {
 
144
    if ( $session_expired_location == 'compose' ) {
150
145
        $compose_new_win = getPref($data_dir, $username, 'compose_new_win', 0);
151
146
        if ($compose_new_win) {
152
 
            $redirect_url = $session_expired_location;
153
 
        } elseif ( strpos($session_expired_location, 'webmail.php') === FALSE ) {
154
 
            $redirect_url = 'webmail.php?right_frame=compose.php';
 
147
            // do not prefix $location here because $session_expired_location is set to the PAGE_NAME
 
148
            // of the last page
 
149
            $redirect_url = $session_expired_location . '.php';
 
150
        } else {
 
151
            $redirect_url = 'webmail.php?right_frame=' . urlencode($session_expired_location . '.php');
155
152
        }
156
 
    } else {
157
 
        $redirect_url = 'webmail.php?right_frame=' . urldecode($session_expired_location);
 
153
    } else if ($session_expired_location != 'webmail'
 
154
            && $session_expired_location != 'left_main') {
 
155
        $redirect_url = 'webmail.php?right_frame=' . urlencode($session_expired_location . '.php');
158
156
    }
159
157
    unset($session_expired_location);
160
158
}
172
170
 
173
171
/* --------------------- end main ----------------------- */
174
172
 
175
 
function attachment_common_parse($str, $debug) {
 
173
function attachment_common_parse($str) {
176
174
    global $attachment_common_types, $attachment_common_types_parsed;
177
175
 
178
176
    $attachment_common_types_parsed[$str] = true;
198
196
    sqsession_register($attachment_common_types, 'attachment_common_types');
199
197
}
200
198
 
201
 
?>