21 Nov
2006
21 Nov
'06
4:33 p.m.
I think the problem is in index.php Here is a quick fix:
After line 93, add
//Line 93 $_task = get_input_value('_task', RCUBE_INPUT_GPC);
//sanitize $_task if (!preg_match('/[a-z]+/i',$_task,$task_sanitized)) { $_task = ''; } else { $_task = $task_sanitized[0]; }
It only allows tasks that are made of letters. Correct the problem on my installation.
Another solution (don't know which is better):
Use in_array($_task, $MAIN_TASKS) and defaults if not inside the array. I think we should default to '' there because the default task is set after this step.
Problem is on line 128 $COMM_PATH = sprintf('./?_task=%s', $_task); $COMM_PATH is then output to the user, hence the alert box.
Aurélien
--
Aurelien Pocheville
PhD Student IBISC-CNRS
Engineer IIE 2003
aurelien.pocheville@haptique.com
http://www.haptique.com/
Tel : 33 1 69 47 06 05
Fax : 33 1 69 47 06 03
University of Evry Val d'Essonne
40 rue du Pelvoux - CE 1455
91020 EVRY CEDEX