On 03/29/2013 07:48 AM, Vladislav Bogdanov wrote: >> 0.4 is vulnerable too, you're looking in a wrong place. The issue is in >> steps/utils/save_pref.inc. > > program/steps/settings/save_prefs.inc in my tree. > > This one - > https://github.com/roundcube/roundcubemail/blob/bdb13a51f735623146f1ac81d9323e5182f99511/program/steps/settings/save_prefs.inc
Ok, your version doesn't have utils/save_pref.inc and is not vulnerable, but 0.4.1 (I've checked for example) is. -- Aleksander 'A.L.E.C' Machniak LAN Management System Developer [http://lms.org.pl] Roundcube Webmail Developer [http://roundcube.net] --------------------------------------------------- PGP: 19359DC1 @@ GG: 2275252 @@ WWW: http://alec.pl _______________________________________________ Roundcube Development discussion mailing list dev@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/dev
