githubFork/roundcubemail.git

parent: d7344819 | patch | commit | ignore whitespace

- Fix handling of "<" character in contact data, search fields and folder n...

alecpl

2011-05-27 516467080bd822cb94a4a9ef58a168dcdaf7535b

- Fix handling of "<" character in contact data, search fields and folder names, identity name and organization fields (#1487864)

6 files modified

	CHANGELOG	2 ●●●●● patch \| view \| raw \| blame \| history
	program/include/main.inc	3 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/addressbook/save.inc	9 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/addressbook/search.inc	2 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/mail/search.inc	7 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/settings/save_identity.inc	6 ●●●●● patch \| view \| raw \| blame \| history

 CHANGELOG

@@ -1,6 +1,8 @@
CHANGELOG Roundcube Webmail
===========================

- Fix handling of "<" character in contact data, search fields and folder names (#1487864)
- Fix saving "<" character in identity name and organization fields (#1487864)
- Added option to specify to which address book add new contacts
- Added plugin hook for keep-alive requests
- Store user preferences in session when write-master is not available and session is stored in memcache, write them later

 program/include/main.inc

@@ -867,8 +867,7 @@

  // use value from post
  if (isset($_POST[$fname])) {
    $postvalue = get_input_value($fname, RCUBE_INPUT_POST,
      $type == 'textarea' && strpos($attrib['class'], 'mce_editor')!==false ? true : false);
    $postvalue = get_input_value($fname, RCUBE_INPUT_POST, true);
    $value = $attrib['array'] ? $postvalue[intval($colcounts[$col]++)] : $postvalue;
  }


 program/steps/addressbook/save.inc

@@ -95,7 +95,6 @@
    $OUTPUT->send('iframe');
}


// read POST values into hash array
$a_record = array();
foreach ($GLOBALS['CONTACT_COLTYPES'] as $col => $colprop) {
@@ -106,7 +105,7 @@
  if ($colprop['childs']) {
    $values = array();
    foreach ($colprop['childs'] as $childcol => $cp) {
      $vals = get_input_value('_'.$childcol, RCUBE_INPUT_POST);
      $vals = get_input_value('_'.$childcol, RCUBE_INPUT_POST, true);
      foreach ((array)$vals as $i => $val)
        $values[$i][$childcol] = $val;
    }
@@ -117,7 +116,7 @@
  }
  // assign values and subtypes
  else if (is_array($_POST[$fname])) {
    $values = get_input_value($fname, RCUBE_INPUT_POST);
    $values = get_input_value($fname, RCUBE_INPUT_POST, true);
    $subtypes = get_input_value('_subtype_' . $col, RCUBE_INPUT_POST);
    foreach ($values as $i => $val) {
      $subtype = $subtypes[$i] ? ':'.$subtypes[$i] : '';
@@ -125,7 +124,7 @@
    }
  }
  else if (isset($_POST[$fname])) {
    $a_record[$col] = get_input_value($fname, RCUBE_INPUT_POST);
    $a_record[$col] = get_input_value($fname, RCUBE_INPUT_POST, true);
  }
}

@@ -190,7 +189,7 @@
      $record['name'] = $record['email'];

    foreach (array('name', 'email') as $col)
      $a_js_cols[] = (string)$record[$col];
      $a_js_cols[] = Q((string)$record[$col]);

    // update the changed col in list
    $OUTPUT->command('parent.update_contact_row', $cid, $a_js_cols, $newcid);

 program/steps/addressbook/search.inc

@@ -22,7 +22,7 @@
$CONTACTS->set_page(1);
$_SESSION['page'] = 1;

$search = trim(get_input_value('_q', RCUBE_INPUT_GET));
$search = trim(get_input_value('_q', RCUBE_INPUT_GET, true));
$search_request = md5('addr'.$search);

// get contacts for this user

 program/steps/mail/search.inc

@@ -27,10 +27,11 @@
$imap_charset = RCMAIL_CHARSET;

// get search string
$str = get_input_value('_q', RCUBE_INPUT_GET);
$filter = get_input_value('_filter', RCUBE_INPUT_GET);
$mbox = get_input_value('_mbox', RCUBE_INPUT_GET);
$str     = get_input_value('_q', RCUBE_INPUT_GET, true);
$mbox    = get_input_value('_mbox', RCUBE_INPUT_GET, true);
$filter  = get_input_value('_filter', RCUBE_INPUT_GET);
$headers = get_input_value('_headers', RCUBE_INPUT_GET);

$search_request = md5($mbox.$filter.$str);

// add list filter string

 program/steps/settings/save_identity.inc

@@ -22,17 +22,17 @@
define('IDENTITIES_LEVEL', intval($RCMAIL->config->get('identities_level', 0)));

$a_save_cols = array('name', 'email', 'organization', 'reply-to', 'bcc', 'standard', 'signature', 'html_signature');
$a_html_cols = array('signature');
$a_html_cols = array('signature', 'name', 'organization');
$a_boolean_cols = array('standard', 'html_signature');
$updated = $default_id = false;

// check input
if (empty($_POST['_name']) || (empty($_POST['_email']) && IDENTITIES_LEVEL != 1 && IDENTITIES_LEVEL != 3))
  {
{
  $OUTPUT->show_message('formincomplete', 'warning');
  rcmail_overwrite_action('edit-identity');
  return;
  }
}


$save_data = array();

			@@ -1,6 +1,8 @@
			CHANGELOG Roundcube Webmail
			===========================

			- Fix handling of "<" character in contact data, search fields and folder names (#1487864)
			- Fix saving "<" character in identity name and organization fields (#1487864)
			- Added option to specify to which address book add new contacts
			- Added plugin hook for keep-alive requests
			- Store user preferences in session when write-master is not available and session is stored in memcache, write them later

			@@ -867,8 +867,7 @@

			// use value from post
			if (isset($_POST[$fname])) {
			$postvalue = get_input_value($fname, RCUBE_INPUT_POST,
			$type == 'textarea' && strpos($attrib['class'], 'mce_editor')!==false ? true : false);
			$postvalue = get_input_value($fname, RCUBE_INPUT_POST, true);
			$value = $attrib['array'] ? $postvalue[intval($colcounts[$col]++)] : $postvalue;
			}

			@@ -95,7 +95,6 @@
			$OUTPUT->send('iframe');
			}


			// read POST values into hash array
			$a_record = array();
			foreach ($GLOBALS['CONTACT_COLTYPES'] as $col => $colprop) {
			@@ -106,7 +105,7 @@
			if ($colprop['childs']) {
			$values = array();
			foreach ($colprop['childs'] as $childcol => $cp) {
			$vals = get_input_value('_'.$childcol, RCUBE_INPUT_POST);
			$vals = get_input_value('_'.$childcol, RCUBE_INPUT_POST, true);
			foreach ((array)$vals as $i => $val)
			$values[$i][$childcol] = $val;
			}
			@@ -117,7 +116,7 @@
			}
			// assign values and subtypes
			else if (is_array($_POST[$fname])) {
			$values = get_input_value($fname, RCUBE_INPUT_POST);
			$values = get_input_value($fname, RCUBE_INPUT_POST, true);
			$subtypes = get_input_value('_subtype_' . $col, RCUBE_INPUT_POST);
			foreach ($values as $i => $val) {
			$subtype = $subtypes[$i] ? ':'.$subtypes[$i] : '';
			@@ -125,7 +124,7 @@
			}
			}
			else if (isset($_POST[$fname])) {
			$a_record[$col] = get_input_value($fname, RCUBE_INPUT_POST);
			$a_record[$col] = get_input_value($fname, RCUBE_INPUT_POST, true);
			}
			}

			@@ -190,7 +189,7 @@
			$record['name'] = $record['email'];

			foreach (array('name', 'email') as $col)
			$a_js_cols[] = (string)$record[$col];
			$a_js_cols[] = Q((string)$record[$col]);

			// update the changed col in list
			$OUTPUT->command('parent.update_contact_row', $cid, $a_js_cols, $newcid);

			@@ -22,7 +22,7 @@
			$CONTACTS->set_page(1);
			$_SESSION['page'] = 1;

			$search = trim(get_input_value('_q', RCUBE_INPUT_GET));
			$search = trim(get_input_value('_q', RCUBE_INPUT_GET, true));
			$search_request = md5('addr'.$search);

			// get contacts for this user

			@@ -27,10 +27,11 @@
			$imap_charset = RCMAIL_CHARSET;

			// get search string
			$str = get_input_value('_q', RCUBE_INPUT_GET);
			$filter = get_input_value('_filter', RCUBE_INPUT_GET);
			$mbox = get_input_value('_mbox', RCUBE_INPUT_GET);
			$str = get_input_value('_q', RCUBE_INPUT_GET, true);
			$mbox = get_input_value('_mbox', RCUBE_INPUT_GET, true);
			$filter = get_input_value('_filter', RCUBE_INPUT_GET);
			$headers = get_input_value('_headers', RCUBE_INPUT_GET);

			$search_request = md5($mbox.$filter.$str);

			// add list filter string

			@@ -22,17 +22,17 @@
			define('IDENTITIES_LEVEL', intval($RCMAIL->config->get('identities_level', 0)));

			$a_save_cols = array('name', 'email', 'organization', 'reply-to', 'bcc', 'standard', 'signature', 'html_signature');
			$a_html_cols = array('signature');
			$a_html_cols = array('signature', 'name', 'organization');
			$a_boolean_cols = array('standard', 'html_signature');
			$updated = $default_id = false;

			// check input
			if (empty($_POST['_name']) \|\| (empty($_POST['_email']) && IDENTITIES_LEVEL != 1 && IDENTITIES_LEVEL != 3))
			{
			{
			$OUTPUT->show_message('formincomplete', 'warning');
			rcmail_overwrite_action('edit-identity');
			return;
			}
			}


			$save_data = array();