[RCD] zero day vulnerability (tested on v8.0 to 9.0)

Rosali myroundcube at mail4us.net
Thu Mar 28 08:16:53 CET 2013


Am 27.03.2013 20:35, schrieb A.L.E.C:
> On 03/27/2013 08:24 PM, Cor Bosman wrote:
> 
> If we pull the new code, do we need to modify plugins that change 
> prefs?
> 
> Yes, if plugin uses save-pref command, it should define $allowed_prefs
> variable in plugin class. The variable should contain a list of option
> names.

Alec,

could you please clarify.

Do we need $allowed_prefs, if we are using the preferences_save hook, 
or do we need the definition if we are using 
rcmail::get_instance()->user->save_prefs(...), or is it needed for both?

Will the patches be included in git branches? Will it be included in 
official downloads from sourceforge for 0.8.5 and 0.9-rc?

Regards,
Rosali



More information about the dev mailing list