Squirrelmail has a security patch on its <a href="http://www.squirrelmail.org/" target="_blank">web site</a>, explained here:<br /><br /><!--quoteo--><div class='quotetop'>QUOTE</div><div class='quotemain'><!--quotec-->A small vulnerability exists in the decoding of certain headers which could allow for a remote user to exploit a cross site scripting vulnerability.<!--QuoteEnd--></div><!--QuoteEEnd-->It comes in the form of a diff file. Since I have limited access to my web server files, can I manually patch the file, by copying and pasting the fixed code in the appropriate file?<br /><br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1-->Â Â Â Â Â Â }<br /> Â Â Â Â Â Â $iLastMatch = $i;<br /> Â Â Â Â Â Â $j = $i;<br />- Â Â Â Â Â Â $ret .= $res[1];<br />+ Â Â Â Â Â Â if ($htmlsave) {<br />+ Â Â Â Â Â Â Â Â $ret .= htmlspecialchars($res[1]);<br />+ Â Â Â Â Â Â } else {<br />+ Â Â Â Â Â Â Â Â $ret .= $res[1];<br />+ Â Â Â Â Â Â }<br /> Â Â Â Â Â Â $encoding = ucfirst($res[3]);<br /> Â Â Â Â Â Â switch ($encoding)<br /> Â Â Â Â Â Â {<br /> Â Â Â Â Â Â case 'B':<br /> Â Â Â Â Â Â Â Â $replace = base64_decode($res[4]);<br />- Â Â Â Â Â Â Â Â $ret .= charset_decode($res[2],$replace);<br />+ Â Â Â Â Â Â Â Â if ($utfencode) {<br />+ Â Â Â Â Â Â Â Â Â Â $replace = charset_decode($res[2],$replace);<br />+ Â Â Â Â Â Â Â Â } elseif ($htmlsave) {<br />+ Â Â Â Â Â Â Â Â Â Â $replace = htmlspecialchars($replace);<br />+ Â Â Â Â Â Â Â Â }<br />+ Â Â Â Â Â Â Â Â $ret .= $replace;<br /> Â Â Â Â Â Â Â Â break;<br /> Â Â Â Â Â Â case 'Q':<br /> Â Â Â Â Â Â Â Â $replace = str_replace('_', ' ', $res[4]);<!--c2--></div><!--ec2--><br /><br />I'm not a programmer; does the minus symbol <!--quoteo--><div class='quotetop'>QUOTE</div><div class='quotemain'><!--quotec-->-Â Â Â Â Â Â $ret .= $res[1];<!--QuoteEnd--></div><!--QuoteEEnd--> at the beginning of the line mean to delete that line, I believe the plus symbol <!--quoteo--><div class='quotetop'>QUOTE</div><div class='quotemain'><!--quotec-->+Â Â Â Â Â Â Â Â if ($utfencode) {<!--QuoteEnd--></div><!--QuoteEEnd--> means to add that line.<br /><br />thanks,<br />Stefan<!--content-->
Sounds correct to me. I'm assuming you have your own copy of Squirrelmail and not the one in cPanel.<br /><br />Moving for oraganization and exposure.<!--content-->
Thank you Bruce. I'll give it a try...<br /><br />...it seems to have worked. Squirrelmail didn't complain when I logged in. <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="
" border="0" alt="smile.gif" /> <br /><br />Stefan<!--content-->
Sounds correct to me. I'm assuming you have your own copy of Squirrelmail and not the one in cPanel.<br /><br />Moving for oraganization and exposure.<!--content-->
Thank you Bruce. I'll give it a try...<br /><br />...it seems to have worked. Squirrelmail didn't complain when I logged in. <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="
" border="0" alt="smile.gif" /> <br /><br />Stefan<!--content-->