http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=revision&revision=13951

diff -Naur squirrelmail-1.4.20/plugins/mail_fetch/config_example.php squirrelmail-1.4.20.oden/plugins/mail_fetch/config_example.php
--- squirrelmail-1.4.20/plugins/mail_fetch/config_example.php	1970-01-01 01:00:00.000000000 +0100
+++ squirrelmail-1.4.20.oden/plugins/mail_fetch/config_example.php	2010-06-21 12:52:45.711770310 +0200
@@ -0,0 +1,62 @@
+<?php
+
+/**
+ * mail_fetch/config_example.php
+ *
+ * Configuration file for the mailfetch plugin.
+ *
+ * @copyright 1999-2010 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
+ * @version $Id: functions.php 13893 2010-01-25 02:47:41Z pdontthink $
+ * @package plugins
+ * @subpackage mail_fetch
+ */
+
+global $mail_fetch_allowable_ports, $mail_fetch_block_server_pattern;
+
+
+// This is the list of POP3 ports the user may specify.
+//
+// Usually, this does not need to be used at all, and
+// ports 110 and 995 will be the only available ports.
+//
+// If users are allowed to access POP3 that is served
+// on a non-standard port, you'll need to add that port
+// to this list and make sure this file is saved as
+// "config.php" in the mail_fetch plugin directory
+//
+// If you do not wish to restrict the allowable port
+// numbers at all, include "ALL" in this list.
+//
+$mail_fetch_allowable_ports = array(110, 995);
+
+
+
+// This is a pattern match that allows you to block
+// access to certain server addresses.  This prevents
+// a user from attempting to try to specify certain
+// servers when adding a POP3 address.
+//
+// By default, this plugin will block POP3 server
+// addresses starting with "10.", "192.", "127." and
+// "localhost" (the pattern shown below).
+// 
+// If you want to block other addresses, you'll need
+// to add them to this pattern and make sure that this
+// file is saved as "config.php" in the mail_fetch
+// plugin diretory
+//
+// If you do not wish to restrict the allowable server
+// addresses at all, set this value to be "UNRESTRICTED"
+//
+// This is a full regular expression pattern
+//
+// Allow anything:
+//
+// $mail_fetch_block_server_pattern = 'UNRESTRICTED';
+//
+// Default pattern:
+//
+$mail_fetch_block_server_pattern = '/(^10\.)|(^192\.)|(^127\.)|(^localhost)/';
+
+
diff -Naur squirrelmail-1.4.20/plugins/mail_fetch/functions.php squirrelmail-1.4.20.oden/plugins/mail_fetch/functions.php
--- squirrelmail-1.4.20/plugins/mail_fetch/functions.php	2010-06-21 12:54:14.067982236 +0200
+++ squirrelmail-1.4.20.oden/plugins/mail_fetch/functions.php	2010-06-21 12:56:10.777982715 +0200
@@ -26,6 +26,72 @@
  */
 $mail_fetch_allow_unsubscribed = false;
 
+/**
+  * Validate a requested POP3 port number
+  *
+  * Allowable port numbers are configured in config.php
+  * (see config_example.php for an example and more
+  * rules about how the list of allowable port numbers
+  * can be specified)
+  *
+  * @param int $requested_port The port number given by the user
+  *
+  * @return string An error string is returned if the port
+  *                number is not allowable, otherwise an
+  *                empty string is returned.
+  *
+  */
+function validate_mail_fetch_port_number($requested_port) {
+    global $mail_fetch_allowable_ports;
+    @include_once(SM_PATH . 'plugins/mail_fetch/config.php');
+    if (empty($mail_fetch_allowable_ports))
+        $mail_fetch_allowable_ports = array(110, 995);
+
+    if (in_array('ALL', $mail_fetch_allowable_ports))
+        return '';
+
+    if (!in_array($requested_port, $mail_fetch_allowable_ports)) {
+        sq_change_text_domain('mail_fetch');
+        $error = _("Sorry, that port number is not allowed");
+        sq_change_text_domain('squirrelmail');
+        return $error;
+    }
+
+    return '';
+}
+
+/**
+  * Validate a requested POP3 server address
+  *
+  * Blocked server addresses are configured in config.php
+  * (see config_example.php for more details)
+  *
+  * @param int $requested_address The server address given by the user
+  *
+  * @return string An error string is returned if the server
+  *                address is not allowable, otherwise an
+  *                empty string is returned.
+  *
+  */
+function validate_mail_fetch_server_address($requested_address) {
+    global $mail_fetch_block_server_pattern;
+    @include_once(SM_PATH . 'plugins/mail_fetch/config.php');
+    if (empty($mail_fetch_block_server_pattern))
+        $mail_fetch_block_server_pattern = '/(^10\.)|(^192\.)|(^127\.)|(^localhost)/';
+
+    if ($mail_fetch_block_server_pattern == 'UNRESTRICTED')
+        return '';
+
+    if (preg_match($mail_fetch_block_server_pattern, $requested_address)) {
+        sq_change_text_domain('mail_fetch');
+        $error = _("Sorry, that server address is not allowed");
+        sq_change_text_domain('squirrelmail');
+        return $error;
+    }
+
+    return '';
+}
+
 function hex2bin( $data ) {
     /* Original code by josh@superfork.com */
 
diff -Naur squirrelmail-1.4.20/plugins/mail_fetch/options.php squirrelmail-1.4.20.oden/plugins/mail_fetch/options.php
--- squirrelmail-1.4.20/plugins/mail_fetch/options.php	2010-06-21 12:54:14.067982236 +0200
+++ squirrelmail-1.4.20.oden/plugins/mail_fetch/options.php	2010-06-21 12:56:10.778982203 +0200
@@ -55,6 +55,8 @@
 sqgetGlobalVar('mf_fref',          $mf_fref,          SQ_POST);
 sqgetGlobalVar('mf_lmos',          $mf_lmos,          SQ_POST);
 sqgetGlobalVar('submit_mailfetch', $submit_mailfetch, SQ_POST);
+$mf_port = trim($mf_port);
+$mf_server = trim($mf_server);
 
 
 /* end globals */
@@ -63,6 +65,19 @@
 
     switch( $mf_action ) {
     case 'add':
+
+        $mf_action = 'config';
+
+        // restrict port number if necessary
+        //
+        $message = validate_mail_fetch_port_number($mf_port);
+        if (!empty($message)) break;
+
+        // restrict server address if necessary
+        //
+        $message = validate_mail_fetch_server_address($mf_server);
+        if (!empty($message)) break;
+
         if ($mf_sn<1) $mf_sn=0;
         if (!isset($mf_server)) return;
         setPref($data_dir,$username,"mailfetch_server_$mf_sn", (isset($mf_server)?$mf_server:""));
@@ -85,10 +100,28 @@
         setPref($data_dir,$username,"mailfetch_subfolder_$mf_sn",(isset($mf_subfolder)?$mf_subfolder:""));
         $mf_sn++;
         setPref($data_dir,$username,'mailfetch_server_number', $mf_sn);
-        $mf_action = 'config';
         break;
+
+    // modify a server
+    //
     case 'confirm_modify':
-        //modify    a server
+
+        // restrict port number if necessary
+        //
+        $message = validate_mail_fetch_port_number($mf_port);
+        if (!empty($message)) {
+            $mf_action = 'Modify';
+            break;
+        }
+
+        // restrict server address if necessary
+        //
+        $message = validate_mail_fetch_server_address($mf_server);
+        if (!empty($message)) {
+            $mf_action = 'Modify';
+            break;
+        }
+
         if (!isset($mf_server)) return;
         setPref($data_dir,$username,"mailfetch_server_$mf_sn", (isset($mf_server)?$mf_server:""));
         setPref($data_dir,$username,"mailfetch_port_$mf_sn", (isset($mf_port)?$mf_port:110));
@@ -199,6 +232,14 @@
                 ) ,
             'center', '', 'width="95%"' );
 
+    // display error or other messages if necessary
+    //
+    if (!empty($message)) {
+        echo html_tag( 'table', '', 'center', '', 'width="70%" cellpadding="5" cellspacing="1"' ) .
+             html_tag( 'tr',
+             html_tag( 'td', '<b>' . $message . '</b>', 'center', $color[2] ));
+    }
+
     switch( $mf_action ) {
     case 'config':
         echo html_tag( 'table', '', 'center', '', 'width="70%" cellpadding="5" cellspacing="1"' ) .