kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update squirrelmail pacakge to 1.4.20.

Browse source 
Version 1.4.20 - 06 Mar 2010
---------------------------
  - Fixed issue with search not using literals correctly (#2846511).
  - Fixed issue with returning to search results due to new security token
    code.
  - Fixed issue with multi-part related messages not showing all attachments
    (#2830140).
  - Fixed for security token missing in newmail plugin (#2919418).
  - Fixed sort in Sent folder to sort by "To" field instead of "From" field
    (#2907412).
  - Fixed mailto: urls containing + characters.  Thanks to Michael Puls II
    for the patch.
  - Made base URL autodetection more robust; fixes some lighttpd issues
    (probably #1741469).
  - Encoded From headers are now properly quoted (#2830141).
  - Multibyte strings (notably subjects) are now handled correctly (#2824813,
    #2925731).
  - X-DNS-Prefetch-Control: off header is now sent to browsers to prevent
    information leakage when Firefox does DNS prefetching for URLs contained
    in emails.
  - Added unread links in message view.
  - Added the ability to configure Google Mail (Gmail) as the mail server
    behind SquirrelMail.
  - Added option in display preferences that allows the signature to be
    stripped from the original message when replying (#2952876).  Thanks to
    Sven Strickroth.
This commit is contained in:
taca 2010-03-07 03:41:49 +00:00
parent 0c7110cdc5
commit 290f38be47
26 changed files with 17 additions and 507 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
mail/squirrelmail/Makefile
View file

@ -1,8 +1,6 @@
# $NetBSD: Makefile,v 1.113 2010/03/05 03:05:40 taca Exp $
# $NetBSD: Makefile,v 1.114 2010/03/07 03:41:49 taca Exp $
DISTNAME= squirrelmail-1.4.20-RC2
PKGNAME= ${DISTNAME:S/-RC2/rc2/}
PKGREVISION= 5
DISTNAME= squirrelmail-1.4.20
CATEGORIES= mail www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=squirrelmail/}
EXTRACT_SUFX= .tar.bz2

5
mail/squirrelmail/PLIST
View file

@ -1,8 +1,8 @@
@comment $NetBSD: PLIST,v 1.35 2010/03/05 03:05:40 taca Exp $
@comment $NetBSD: PLIST,v 1.36 2010/03/07 03:41:49 taca Exp $
man/man8/squirrelmail-conf.pl.8
share/examples/squirrelmail/squirrelmail.conf
share/examples/squirrelmail/data/.htaccess
share/examples/squirrelmail/data/index.php
share/examples/squirrelmail/squirrelmail.conf
share/squirrelmail/README
share/squirrelmail/class/.htaccess
share/squirrelmail/class/deliver/Deliver.class.php
@ -77,6 +77,7 @@ share/squirrelmail/doc/release_notes_archive/1.4/Notes-1.4.17.txt
share/squirrelmail/doc/release_notes_archive/1.4/Notes-1.4.18.txt
share/squirrelmail/doc/release_notes_archive/1.4/Notes-1.4.19.txt
share/squirrelmail/doc/release_notes_archive/1.4/Notes-1.4.2.txt
share/squirrelmail/doc/release_notes_archive/1.4/Notes-1.4.20-RC2.txt
share/squirrelmail/doc/release_notes_archive/1.4/Notes-1.4.20RC1.txt
share/squirrelmail/doc/release_notes_archive/1.4/Notes-1.4.3.txt
share/squirrelmail/doc/release_notes_archive/1.4/Notes-1.4.3a.txt

33
mail/squirrelmail/distinfo
View file

@ -1,30 +1,9 @@
$NetBSD: distinfo,v 1.58 2010/03/04 16:00:37 taca Exp $
$NetBSD: distinfo,v 1.59 2010/03/07 03:41:49 taca Exp $
SHA1 (squirrelmail-1.4.20-RC2.tar.bz2) = f1cdccfdd17d8974adc0b79aba44b62f98f78f64
RMD160 (squirrelmail-1.4.20-RC2.tar.bz2) = f736e33af6f7b5a4c49f96968ed3fdeb2d42f06f
Size (squirrelmail-1.4.20-RC2.tar.bz2) = 516825 bytes
SHA1 (squirrelmail-1.4.20.tar.bz2) = ea1f8911961685393da2872739a060e0cf1f03f3
RMD160 (squirrelmail-1.4.20.tar.bz2) = aa4e7f97a0f9eddc207d0f390c6f25dd1e69c16a
Size (squirrelmail-1.4.20.tar.bz2) = 521070 bytes
SHA1 (patch-aa) = 4c5556c804c1b728eec87322272abb06edcfcc2a
SHA1 (patch-ab) = 9b522ab15b3be1ee6d4f93e13117402bc0c34ea5
SHA1 (patch-ac) = 9a67070fd00baeae71260ea828461ad297f9ed88
SHA1 (patch-af) = bcaaf9f0e4e185aedca1cd43ae28ac3fb7f376d2
SHA1 (patch-ai) = 701fdbc84afde5f8e255af13ba0e44469343e17c
SHA1 (patch-aj) = 0347dfe01a977a5b112bbcfc2aa68fbf5fcda3e4
SHA1 (patch-ak) = deef584a60802d1530091872b9af9d088ce80924
SHA1 (patch-al) = f961e26e47215aaa2b91d409142d81d77549d468
SHA1 (patch-am) = 3bbd987153bf20ad2c4a148bfa455bfeaf1936f2
SHA1 (patch-an) = 263e5943b5c9ed64f97d6e23403be98c63f6e661
SHA1 (patch-ao) = b62b142252f596ced511deffc9fa0aa7362d93c9
SHA1 (patch-ap) = 7f950d47f26521f1671529143860dc8d0309ebb2
SHA1 (patch-aq) = cb15f6ac784991016752316d0f4e85857dd12f16
SHA1 (patch-ar) = f3c824cdee855ad6870ccc479617221469c6ec3e
SHA1 (patch-as) = 737ea47e5a94ebb5754f5b2eab05069adf4e2037
SHA1 (patch-at) = 7a6f120bce676f747dff9c0c3e9202c6fa8b49ca
SHA1 (patch-au) = 448d9895a9be60f8ae5c605bb58d35efbd62047c
SHA1 (patch-av) = 12b82f72507ff313a05aeed08161d6f553247621
SHA1 (patch-aw) = 0b64a0ef5395b3ceb293d0c8d874ddc95f002151
SHA1 (patch-ab) = 30bf68c730f20e817fbe81d18bc2a95899ee3fd0
SHA1 (patch-ai) = 1c08904ecf074ff3ba7e6042becc0f0771388b9f
SHA1 (patch-ca) = deaf791fd6eaf25001b369d505531ae065fe0801
SHA1 (patch-cb) = 76d8d0ade2d01ce7fc8d0151c817562bdf10c027
SHA1 (patch-cc) = 5bdd4f6346bc119ed2bec43d69cb855892f2d051
SHA1 (patch-cd) = ec265daffc4b2c98fb5e77584971e28c6813f956
SHA1 (patch-ce) = d73c3d38b77ac589bac5c01f3775df6995b476f8
SHA1 (patch-cf) = 237c0f584d4d393ca74241b52380abd2217a2ac0

12
mail/squirrelmail/patches/patch-ab
View file

@ -1,17 +1,11 @@
$NetBSD: patch-ab,v 1.15 2010/03/04 16:00:37 taca Exp $
$NetBSD: patch-ab,v 1.16 2010/03/07 03:41:49 taca Exp $
* Use case ignore match for detecting encoded word.
* Fix encoding problem of attached filenames; don't convert encoding here.
--- functions/i18n.php.orig 2009-07-29 11:21:06.000000000 +0900
--- functions/i18n.php.orig 2010-01-25 02:47:41.000000000 +0000
+++ functions/i18n.php
@@ -675,18 +675,11 @@ function japanese_charset_xtra() {
break;
case 'decodeheader':
$ret = str_replace("\t", "", $ret);
- if (preg_match('/=\?([^?]+)\?(q|b)\?([^?]+)\?=/', $ret))
+ if (preg_match('/=\?([^?]*)\?(Q|B)\?([^?]*)\?=/i', $ret))
$ret = @mb_decode_mimeheader($ret);
@@ -680,13 +680,6 @@ function japanese_charset_xtra() {
$ret = @mb_convert_encoding($ret, 'EUC-JP', 'AUTO');
break;
case 'downloadfilename':

62
mail/squirrelmail/patches/patch-ac
View file

@ -1,62 +0,0 @@
$NetBSD: patch-ac,v 1.6 2010/03/04 16:00:37 taca Exp $
Patch for fixing IMAP search problems:
http://thread.gmane.org/gmane.mail.squirrelmail.user/36642
--- functions/imap_search.php.orig 2009-07-29 11:21:06.000000000 +0900
+++ functions/imap_search.php
@@ -38,30 +38,17 @@ function sqimap_search($imapConnection,
$multi_search = explode(' ', $search_what);
$search_string = '';
- /* it seems macosx and hmailserver do not support the prefered search
- syntax so we fall back to the older style. This IMAP
- server has a problem with multiple search terms. Instead
- of returning the messages that match all the terms it
- returns the messages that match each term. Could be fixed
- on the client side, but should be fixed on the server
- as per the RFC */
-
- if ($imap_server_type == 'macosx' || $imap_server_type == 'hmailserver') {
- foreach ($multi_search as $multi_search_part) {
- if (strtoupper($languages[$squirrelmail_language]['CHARSET']) == 'ISO-2022-JP') {
- $multi_search_part = mb_convert_encoding($multi_search_part, 'JIS', 'auto');
- }
- $search_string .= $search_where . ' ' .$multi_search_part . ' ';
+ if (strtoupper($languages[$squirrelmail_language]['CHARSET'] == 'ISO-2022-JP')) {
+ foreach($multi_search as $idx=>$search_part) {
+ $multi_search[$idx] = mb_convert_encoding($search_parth, 'JIS', 'auto');
}
}
- else {
- foreach ($multi_search as $multi_search_part) {
- if (strtoupper($languages[$squirrelmail_language]['CHARSET']) == 'ISO-2022-JP') {
- $multi_search_part = mb_convert_encoding($multi_search_part, 'JIS', 'auto');
- }
- $search_string .= $search_where . ' {' . strlen($multi_search_part)
- . "}\r\n" . $multi_search_part . ' ';
- }
+
+ foreach ($multi_search as $string) {
+ $search_string .= $search_where
+ . ' "'
+ . str_replace(array('\\', '"'), array('\\\\', '\\"'), $string)
+ . '" ';
}
$search_string = trim($search_string);
@@ -83,8 +70,12 @@ function sqimap_search($imapConnection,
if (isset($languages[$squirrelmail_language]['CHARSET'])
&& strtolower($result) == 'no') {
$ss = "SEARCH CHARSET \"US-ASCII\" ALL $search_string";
- $readin = sqimap_run_command ($imapConnection, $ss, true,
- $result, $message, $uid_support);
+ if (empty($search_lit)) {
+ $readin = sqimap_run_command($imapConnection, $ss, false, $result, $message, $uid_support);
+ } else {
+ $search_lit['command'] = $ss;
+ $readin = sqimap_run_literal_command($imapConnection, $search_lit, false, $result, $message, $uid_support);
+ }
}
unset($messagelist);

63
mail/squirrelmail/patches/patch-af
View file

@ -1,63 +0,0 @@
$NetBSD: patch-af,v 1.3 2010/03/04 16:00:37 taca Exp $
--- src/search.php.orig 2009-08-12 17:29:53.000000000 +0900
+++ src/search.php
@@ -226,7 +226,7 @@ function printSearchMessages($msgs,$mail
if ((!empty($allow_server_sort) && $allow_server_sort) || (!empty($allow_server_thread) && $allow_server_thread)) {
$msort = $msgs;
} else {
- $msort = calc_msort($msgs, $sort);
+ $msort = calc_msort($msgs, $sort, $mailbox);
}
if ( $mailbox == 'INBOX' ) {
@@ -368,6 +368,7 @@ if ($saved_count > 0) {
. '?mailbox=' . urlencode($saved_attributes['saved_folder'][$i + 1])
. '&what=' . urlencode($saved_attributes['saved_what'][$i + 1])
. '&where=' . urlencode($saved_attributes['saved_where'][$i + 1])
+ . '&smtoken=' . sm_generate_security_token()
. '">' . _("edit") . '</a>'
. '&nbsp;|&nbsp;'
. '<a href="search.php'
@@ -375,9 +376,10 @@ if ($saved_count > 0) {
. '&amp;what=' . urlencode($saved_attributes['saved_what'][$i + 1])
. '&amp;where=' . urlencode($saved_attributes['saved_where'][$i + 1])
. '&amp;submit=Search_no_update'
+ . '&amp;smtoken=' . sm_generate_security_token()
. '">' . _("search") . '</a>'
. '&nbsp;|&nbsp;'
- . "<a href=\"search.php?count=$i&amp;submit=delete\">"
+ . "<a href=\"search.php?count=$i&amp;submit=delete&amp;smtoken=" . sm_generate_security_token() .'">'
. _("delete")
. '</a>'
. '</td></tr>';
@@ -395,7 +397,7 @@ if ($recent_count > 0) {
. html_tag( 'td' )
. html_tag( 'table', '', 'center', '', 'width="100%" cellpadding="0" cellspacing="0" border="0"' );
for ($i=1; $i <= $recent_count; ++$i) {
- if (isset($attributes['search_folder'][$i])) {
+ if (isset($attributes['search_folder'][$i])) {
if ($attributes['search_folder'][$i] == "") {
$attributes['search_folder'][$i] = "INBOX";
}
@@ -411,7 +413,7 @@ if ($recent_count > 0) {
. html_tag( 'td', htmlspecialchars($attributes['search_what'][$i]), 'left' )
. html_tag( 'td', htmlspecialchars($attributes['search_where'][$i]), 'center' )
. html_tag( 'td', '', 'right' )
- . "<a href=\"search.php?count=$i&amp;submit=save\">"
+ . "<a href=\"search.php?count=$i&amp;submit=save&amp;smtoken=" . sm_generate_security_token() . '">'
. _("save")
. '</a>'
. '&nbsp;|&nbsp;'
@@ -420,9 +422,10 @@ if ($recent_count > 0) {
. '&amp;what=' . urlencode($attributes['search_what'][$i])
. '&amp;where=' . urlencode($attributes['search_where'][$i])
. '&amp;submit=Search_no_update'
+ . '&amp;smtoken=' . sm_generate_security_token()
. '">' . _("search") . '</a>'
. '&nbsp;|&nbsp;'
- . "<a href=\"search.php?count=$i&amp;submit=forget\">"
+ . "<a href=\"search.php?count=$i&amp;submit=forget&amp;smtoken=" . sm_generate_security_token() . '">'
. _("forget")
. '</a>'
. '</td></tr>';

6
mail/squirrelmail/patches/patch-ai
View file

@ -1,11 +1,11 @@
$NetBSD: patch-ai,v 1.1 2009/10/04 01:27:15 taca Exp $
$NetBSD: patch-ai,v 1.2 2010/03/07 03:41:49 taca Exp $
* Fix encoding problem of attached filenames; convert to Shift_JIS when
using Internet Explore in Japanese environment, sigh.
--- functions/mime.php.orig 2009-07-31 19:12:46.000000000 +0900
--- functions/mime.php.orig 2010-01-30 16:14:53.000000000 +0000
+++ functions/mime.php
@@ -2563,6 +2563,10 @@ function SendDownloadHeaders($type0, $ty
@@ -2564,6 +2564,10 @@ function SendDownloadHeaders($type0, $ty
//set all the Cache Control Headers for IE
if ($isIE) {
$filename=rawurlencode($filename);

14
mail/squirrelmail/patches/patch-aj
View file

@ -1,14 +0,0 @@
$NetBSD: patch-aj,v 1.1 2010/03/04 16:00:37 taca Exp $
--- class/mime/Message.class.php.orig 2009-04-16 07:00:49.000000000 +0900
+++ class/mime/Message.class.php
@@ -1059,8 +1059,7 @@ class Message {
}
if (!$exclude) {
- if (($entity->type0 == 'multipart') &&
- ($entity->type1 != 'related')) {
+ if ($entity->type0 == 'multipart') {
$result = $entity->getAttachments($exclude_id, $result);
} else if ($entity->type0 != 'multipart') {
$result[] = $entity;

17
mail/squirrelmail/patches/patch-ak
View file

@ -1,17 +0,0 @@
$NetBSD: patch-ak,v 1.1 2010/03/04 16:00:37 taca Exp $
--- functions/attachment_common.php.orig 2009-07-29 10:35:45.000000000 +0900
+++ functions/attachment_common.php
@@ -205,10 +205,9 @@ function attachment_common_octet_stream(
$Ext = '';
if (is_array($Regs) && isset($Regs[1])) {
- $Ext = $Regs[1];
+ $Ext = $Regs[1];
+ $Ext = strtolower($Regs[1]);
}
-
- $Ext = strtolower($Regs[1]);
if ($Ext == '' || ! isset($FileExtensionToMimeType[$Ext]))
return;

20
mail/squirrelmail/patches/patch-al
View file

@ -1,20 +0,0 @@
$NetBSD: patch-al,v 1.1 2010/03/04 16:00:37 taca Exp $
--- functions/auth.php.orig 2009-08-12 17:19:16.000000000 +0900
+++ functions/auth.php
@@ -63,13 +63,13 @@ function is_logged_in() {
if ($check_referrer == '###DOMAIN###') $check_referrer = $domain;
if (!empty($check_referrer)) {
$ssl_check_referrer = 'https://' . $check_referrer;
- $check_referrer = 'http://' . $check_referrer;
+ $plain_check_referrer = 'http://' . $check_referrer;
}
if (!sqgetGlobalVar('HTTP_REFERER', $referrer, SQ_SERVER)) $referrer = '';
if (sqsession_is_registered('user_is_logged_in')
&& (!$check_referrer || empty($referrer)
|| ($check_referrer && !empty($referrer)
- && (strpos(strtolower($referrer), strtolower($check_referrer)) === 0
+ && (strpos(strtolower($referrer), strtolower($plain_check_referrer)) === 0
|| strpos(strtolower($referrer), strtolower($ssl_check_referrer)) === 0)))) {
return;
} else {

14
mail/squirrelmail/patches/patch-am
View file

@ -1,14 +0,0 @@
$NetBSD: patch-am,v 1.1 2010/03/04 16:00:37 taca Exp $
--- functions/page_header.php.orig 2009-04-13 16:52:57.000000000 +0000
+++ functions/page_header.php
@@ -28,7 +28,8 @@ function displayHtmlHeader( $title = 'Sq
echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">' .
"\n\n" . html_tag( 'html' ,'' , '', '', '' ) . "\n<head>\n" .
- "<meta name=\"robots\" content=\"noindex,nofollow\">\n";
+ "<meta name=\"robots\" content=\"noindex,nofollow\">\n" .
+ "<meta http-equiv=\"x-dns-prefetch-control\" content=\"off\">\n";
if ( !isset( $custom_css ) || $custom_css == 'none' ) {
if ($theme_css != '') {

15
mail/squirrelmail/patches/patch-an
View file

@ -1,15 +0,0 @@
$NetBSD: patch-an,v 1.1 2010/03/04 16:00:37 taca Exp $
--- functions/imap_mailbox.php.orig 2009-07-29 11:52:32.000000000 +0900
+++ functions/imap_mailbox.php
@@ -755,8 +755,8 @@ function sqimap_mailbox_list_all($imap_s
$boxesallbyname[$mailbox] = $g;
$parentfolder = readMailboxParent($mailbox, $delimiter);
/* @FIXME shouldn't use preg_match for simple string matching */
- if((preg_match('/^inbox'.quotemeta($delimiter).'/i', $mailbox)) ||
- (preg_match('/^'.$folder_prefix.'/', $mailbox)) ||
+ if((preg_match('|^inbox'.quotemeta($delimiter).'|i', $mailbox)) ||
+ (preg_match('|^'.$folder_prefix.'|', $mailbox)) ||
( isset($boxesallbyname[$parentfolder]) && (strlen($parentfolder) > 0) ) ) {
if ($dm_count) {
$boxes[$g]['formatted'] = str_repeat('&nbsp;&nbsp;', $dm_count);

44
mail/squirrelmail/patches/patch-ao
View file

@ -1,44 +0,0 @@
$NetBSD: patch-ao,v 1.1 2010/03/04 16:00:37 taca Exp $
--- functions/imap_messages.php.orig 2009-07-29 11:21:06.000000000 +0900
+++ functions/imap_messages.php
@@ -930,19 +930,27 @@ function sqimap_get_small_header_list($i
/* non server sort stuff */
if (!$allow_server_sort) {
- $from = parseAddress($from);
- if ($from[0][1]) {
- $from = decodeHeader($from[0][1], true, false);
- } else {
- $from = $from[0][0];
- }
- $messages[$msgi]['FROM-SORT'] = $from;
- $subject_sort = strtolower(decodeHeader($subject, true, false));
- if (preg_match("/^(?:(?:vedr|sv|re|aw|fw|fwd|\[\w\]):\s*)*\s*(.*)$/si", $subject_sort, $matches)){
+ $from = parseAddress($from);
+ if ($from[0][1]) {
+ $from = decodeHeader($from[0][1], true, false);
+ } else {
+ $from = $from[0][0];
+ }
+ $messages[$msgi]['FROM-SORT'] = $from;
+ $subject_sort = strtolower(decodeHeader($subject, true, false));
+ if (preg_match("/^(?:(?:vedr|sv|re|aw|fw|fwd|\[\w\]):\s*)*\s*(.*)$/si", $subject_sort, $matches)){
$messages[$msgi]['SUBJECT-SORT'] = $matches[1];
- } else {
- $messages[$msgi]['SUBJECT-SORT'] = $subject_sort;
- }
+ } else {
+ $messages[$msgi]['SUBJECT-SORT'] = $subject_sort;
+ }
+
+ $to = parseAddress($to);
+ if ($to[0][1]) {
+ $to = decodeHeader($to[0][1], true, false);
+ } else {
+ $to = $to[0][0];
+ }
+ $messages[$msgi]['TO-SORT'] = $to;
}
++$msgi;
}

33
mail/squirrelmail/patches/patch-ap
View file

@ -1,33 +0,0 @@
$NetBSD: patch-ap,v 1.1 2010/03/04 16:00:37 taca Exp $
--- functions/mailbox_display.php.orig 2009-08-12 17:29:53.000000000 +0900
+++ functions/mailbox_display.php
@@ -487,7 +487,7 @@ function showMessagesForMailbox($imapCon
if (!$use_cache) {
$msgs = getSelfSortMessages($imapConnection, $start_msg, $show_num,
$num_msgs, $sort, $mbxresponse);
- $msort = calc_msort($msgs, $sort);
+ $msort = calc_msort($msgs, $sort, $mailbox);
} /* !use cache */
break;
} // switch
@@ -545,7 +545,7 @@ function showMessagesForMailbox($imapCon
//echo("elapsed time = $t seconds\n");
}
-function calc_msort($msgs, $sort) {
+function calc_msort($msgs, $sort, $mailbox = 'INBOX') {
/*
* 0 = Date (up)
@@ -565,8 +565,9 @@ function calc_msort($msgs, $sort) {
$msort[] = $item['TIME_STAMP'];
}
} elseif (($sort == 2) || ($sort == 3)) {
+ $fld_sort = (handleAsSent($mailbox)?'TO-SORT':'FROM-SORT');
foreach ($msgs as $item) {
- $msort[] = $item['FROM-SORT'];
+ $msort[] = $item[$fld_sort];
}
} elseif (($sort == 4) || ($sort == 5)) {
foreach ($msgs as $item) {

13
mail/squirrelmail/patches/patch-aq
View file

@ -1,13 +0,0 @@
$NetBSD: patch-aq,v 1.1 2010/03/04 16:00:37 taca Exp $
--- src/addressbook.php.orig 2009-08-12 17:29:53.000000000 +0900
+++ src/addressbook.php
@@ -48,7 +48,7 @@ sqgetGlobalVar('deladdr', $deladdr,
sqgetGlobalVar('compose_to', $compose_to, SQ_POST);
sqgetGlobalVar('sel', $sel, SQ_POST);
// renumber $sel array
-if (!empty($sel)) $sel = array_merge($sel);
+if (!empty($sel)) $sel = array_merge($sel, array());
sqgetGlobalVar('oldnick', $oldnick, SQ_POST);
sqgetGlobalVar('backend', $backend, SQ_POST);
sqgetGlobalVar('doedit', $doedit, SQ_POST);

12
mail/squirrelmail/patches/patch-ar
View file

@ -1,12 +0,0 @@
$NetBSD: patch-ar,v 1.1 2010/03/04 16:00:37 taca Exp $
--- src/delete_message.php.orig 2009-08-18 08:17:41.000000000 +0900
+++ src/delete_message.php
@@ -78,6 +78,7 @@ $location = get_location();
if (isset($where) && isset($what)) {
header("Location: $location/search.php?where=" . $where .
+ '&smtoken=' . sm_generate_security_token() .
'&what=' . $what . '&mailbox=' . urlencode($mailbox));
} else {
if (!empty($saved_draft) || !empty($mail_sent)) {

13
mail/squirrelmail/patches/patch-as
View file

@ -1,13 +0,0 @@
$NetBSD: patch-as,v 1.1 2010/03/04 16:00:37 taca Exp $
--- src/folders_delete.php.orig 2009-08-12 17:29:53.000000000 +0900
+++ src/folders_delete.php
@@ -106,7 +106,7 @@ else
/** lets see if we CAN move folders to the trash.. otherwise,
** just delete them **/
if ((isset($delete_folder) && $delete_folder) ||
- preg_match('/^' . $trash_folder . '.+/', $mailbox) ) {
+ preg_match('/^' . preg_quote($trash_folder, '/') . '.+/i', $mailbox) ) {
$can_move_to_trash = FALSE;
}

13
mail/squirrelmail/patches/patch-at
View file

@ -1,13 +0,0 @@
$NetBSD: patch-at,v 1.1 2010/03/04 16:00:37 taca Exp $
--- src/options.php.orig 2009-08-12 17:29:53.000000000 +0900
+++ src/options.php
@@ -143,7 +143,7 @@ sqgetGlobalVar('delimiter', $delimiter,
sqgetGlobalVar('optpage', $optpage);
sqgetGlobalVar('optmode', $optmode, SQ_FORM);
sqgetGlobalVar('optpage_data',$optpage_data, SQ_POST);
-if (!sqgetGlobalVar('smtoken',$submitted_token, SQ_POST)) {
+if (!sqgetGlobalVar('smtoken',$submitted_token, SQ_FORM)) {
$submitted_token = '';
}
/* end of getting globals */

30
mail/squirrelmail/patches/patch-au
View file

@ -1,30 +0,0 @@
$NetBSD: patch-au,v 1.1 2010/03/04 16:00:37 taca Exp $
--- src/options_highlight.php.orig 2009-08-12 17:29:53.000000000 +0900
+++ src/options_highlight.php
@@ -40,7 +40,7 @@ sqGetGlobalVar('color_type', $color_type
sqGetGlobalVar('match_type', $match_type);
sqGetGlobalVar('value', $value);
-if (!sqgetGlobalVar('smtoken',$submitted_token, SQ_POST)) {
+if (!sqgetGlobalVar('smtoken',$submitted_token, SQ_FORM)) {
$submitted_token = '';
}
/* end of get globals */
@@ -163,13 +163,13 @@ if ($mhl_count > 0) {
$links = '<small>[<a href="options_highlight.php?action=edit&amp;theid=' . $i . '">' .
_("Edit") .
- '</a>]&nbsp;[<a href="options_highlight.php?action=delete&amp;theid='. $i . '">' .
+ '</a>]&nbsp;[<a href="options_highlight.php?action=delete&amp;smtoken=' . sm_generate_security_token() . '&amp;theid='. $i . '">' .
_("Delete");
if($i > 0) {
- $links .= '</a>]&nbsp;[<a href="options_highlight.php?action=up&amp;theid='. $i . '">' . _("Up");
+ $links .= '</a>]&nbsp;[<a href="options_highlight.php?action=up&amp;smtoken=' . sm_generate_security_token() . '&amp;theid='. $i . '">' . _("Up");
}
if($i+1 < $mhl_count) {
- $links .= '</a>]&nbsp;[<a href="options_highlight.php?action=down&amp;theid='. $i . '">' . _("Down");
+ $links .= '</a>]&nbsp;[<a href="options_highlight.php?action=down&amp;smtoken=' . sm_generate_security_token() . '&amp;theid='. $i . '">' . _("Down");
}
$links .= '</a>]</small>';

13
mail/squirrelmail/patches/patch-av
View file

@ -1,13 +0,0 @@
$NetBSD: patch-av,v 1.1 2010/03/04 16:00:37 taca Exp $
--- src/read_body.php.orig 2009-08-18 08:17:41.000000000 +0900
+++ src/read_body.php
@@ -533,7 +533,7 @@ function formatMenubar($mailbox, $passed
$msgs_url = $base_uri . 'src/';
if (isset($where) && isset($what)) {
- $msgs_url .= 'search.php?where=' . urlencode($where) .
+ $msgs_url .= 'search.php?smtoken=' . sm_generate_security_token() . '&amp;where=' . urlencode($where) .
'&amp;what=' . urlencode($what) . '&amp;mailbox=' . $urlMailbox;
$msgs_str = _("Search Results");
} else {

13
mail/squirrelmail/patches/patch-aw
View file

@ -1,13 +0,0 @@
$NetBSD: patch-aw,v 1.1 2010/03/04 16:00:37 taca Exp $
--- src/webmail.php.orig 2009-05-12 07:48:03.000000000 +0900
+++ src/webmail.php
@@ -48,8 +48,6 @@ if(sqgetGlobalVar('mailtodata', $mailtod
$mailtourl = '';
}
-is_logged_in();
-
// this value may be changed by a plugin, but initialize
// it first to avoid register_globals headaches
//

20
mail/squirrelmail/patches/patch-cb
View file

@ -1,20 +0,0 @@
$NetBSD: patch-cb,v 1.1 2010/03/04 16:00:37 taca Exp $
--- plugins/newmail/newmail_opt.php.orig 2009-04-16 07:00:49.000000000 +0900
+++ plugins/newmail/newmail_opt.php
@@ -71,6 +71,7 @@ echo '</td></tr>' .
html_tag( 'td', '', 'center', $color[4] ) . "\n" . '<hr style="width: 25%; height: 1px;" />' . "\n";
echo '<form action="'.sqm_baseuri().'src/options.php" method="post">' . "\n" .
+ '<input type="hidden" name="smtoken" value="' . sm_generate_security_token() . '">' . "\n" .
html_tag( 'table', '', '', '', 'width="100%" cellpadding="5" cellspacing="0" border="0"' ) . "\n";
// Option: media_allbox
@@ -182,6 +183,7 @@ echo html_tag( 'tr', "\n" .
html_tag( 'td',
'<input type="hidden" name="optmode" value="submit" />' .
'<input type="hidden" name="optpage" value="newmail" />' .
+ '<input type="hidden" name="smtoken" value="' . sm_generate_security_token() . '" />' .
'<input type="submit" value="' . _("Submit") . '" name="submit_newmail" />',
'left' )
) . "\n";

12
mail/squirrelmail/patches/patch-cc
View file

@ -1,12 +0,0 @@
$NetBSD: patch-cc,v 1.1 2010/03/04 16:00:37 taca Exp $
--- plugins/spamcop/spamcop.php.orig 2009-04-16 07:00:49.000000000 +0900
+++ plugins/spamcop/spamcop.php
@@ -153,6 +153,7 @@ echo "</p>";
$report_email = 'quick.' . $spamcop_id . '@spam.spamcop.net';
$form_action = sqm_baseuri() . 'src/compose.php';
?> <form method="post" action="<?php echo $form_action?>">
+ <input type="hidden" name="smtoken" value="<?php echo sm_generate_security_token(); ?>" />
<input type="hidden" name="mailbox" value="<?php echo htmlspecialchars($mailbox) ?>" />
<input type="hidden" name="spamcop_is_composing" value="<?php echo htmlspecialchars($passed_id) ?>" />
<input type="hidden" name="send_to" value="<?php echo htmlspecialchars($report_email)?>" />

13
mail/squirrelmail/patches/patch-cd
View file

@ -1,13 +0,0 @@
$NetBSD: patch-cd,v 1.1 2010/03/04 16:00:37 taca Exp $
--- plugins/squirrelspell/modules/edit_dic.mod.orig 2009-04-16 07:00:49.000000000 +0900
+++ plugins/squirrelspell/modules/edit_dic.mod
@@ -96,7 +96,7 @@ if (!$words){
/**
* Check if all dictionaries were empty.
*/
- if (!$msg) {
+ if (empty($msg)) {
$msg = '<p>' . _("No words in your personal dictionary.") . '</p>';
} else {
$msg .= '</table>';

16
mail/squirrelmail/patches/patch-ce
View file

@ -1,16 +0,0 @@
$NetBSD: patch-ce,v 1.1 2010/03/04 16:00:37 taca Exp $
--- plugins/squirrelspell/modules/lang_change.mod.orig 2009-04-16 07:00:49.000000000 +0900
+++ plugins/squirrelspell/modules/lang_change.mod
@@ -16,6 +16,11 @@
* @subpackage squirrelspell
*/
+if (!sqgetGlobalVar('smtoken',$submitted_token, SQ_POST)) {
+ $submitted_token = '';
+}
+sm_validate_security_token($submitted_token, 3600, TRUE);
+
global $SQSPELL_APP_DEFAULT;
$use_langs = $_POST['use_langs'];

12
mail/squirrelmail/patches/patch-cf
View file

@ -1,12 +0,0 @@
$NetBSD: patch-cf,v 1.1 2010/03/04 16:00:37 taca Exp $
--- plugins/squirrelspell/modules/lang_setup.mod.orig 2009-04-16 07:00:49.000000000 +0900
+++ plugins/squirrelspell/modules/lang_setup.mod
@@ -23,6 +23,7 @@ $msg = '<p>'
. '</p>'
. '<form method="post">'
. '<input type="hidden" name="MOD" value="lang_change" />'
+ . '<input type="hidden" name="smtoken" value="' . sm_generate_security_token() . '" />'
. '<blockquote><p>';
/**
* Present a nice listing.