* Stefan Hornburg:
> The upstream author commented that advisory as follows:
>
> I certainly never heard of it, and the description (or the lack of it)
> leaves me somewhat skeptical. The redirect URL is generated by:
> output_attrencoded(cgi("redirect")), which encodes all metacharacters.
>
> Move along, nothing here to see.
I'm not sure if this correct. From the Debian package, in
webmail/sqwebmail.c:
static void redirect(const char *url)
{
if (valid_redirect())
{
printf("Refresh: 0; URL=%s\n", url);
output_form("redirect.html");
return;
}
printf("Content-Type: text/plain\n\n"
"The URL you clicked on is no longer valid.\n");
return;
}
This is invoked with:
if ( *(u=cgi("redirect")))
/* Redirection request to hide the referral tag */
{
redirect(u);
}
No quoting is performed in this case.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
