Roundcubemail devel
parent: 88970315 | patch | commit | ignore whitespace
Aleksander Machniak
2016-02-05 bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 
Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
6 files modified
14 ■■■■ changed files
plugins/enigma/enigma.js 2 ●●● patch | view | raw | blame | history
plugins/enigma/lib/enigma_ui.php 2 ●●●●● patch | view | raw | blame | history
plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php 2 ●●●●● patch | view | raw | blame | history
plugins/managesieve/managesieve.js 2 ●●● patch | view | raw | blame | history
program/js/app.js 4 ●●●● patch | view | raw | blame | history
program/steps/addressbook/export.inc 2 ●●●●● patch | view | raw | blame | history 
 plugins/enigma/enigma.js


@@ -157,7 +157,7 @@


    if (!keys.length)


        return;




    this.goto_url('plugin.enigmakeys', {_a: 'export', _keys: keys});


    this.goto_url('plugin.enigmakeys', {_a: 'export', _keys: keys}, false, true);


};




// Submit key(s) import form




 plugins/enigma/lib/enigma_ui.php


@@ -459,6 +459,8 @@


     */


    private function key_export()


    {


        $this->rc->request_security_check(rcube_utils::INPUT_GET);




        $keys   = rcube_utils::get_input_value('_keys', rcube_utils::INPUT_GPC);


        $engine = $this->enigma->load_engine();


        $list   = $keys == '*' ? $engine->list_keys() : explode(',', $keys);




 plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php


@@ -397,6 +397,8 @@


                }


            }


            else if ($action == 'setget') {


                $this->rc->request_security_check(rcube_utils::INPUT_GET);




                $script_name = rcube_utils::get_input_value('_set', rcube_utils::INPUT_GPC, true);


                $script      = $this->sieve->get_script($script_name);






 plugins/managesieve/managesieve.js


@@ -181,7 +181,7 @@


  var id = this.filtersets_list.get_single_selection(),


    script = this.env.filtersets[id];




  location.href = this.env.comm_path+'&_action=plugin.managesieve-action&_act=setget&_set='+urlencode(script);


  this.goto_url('plugin.managesieve-action', {_act: 'setget', _set: script}, false, true);


};




// Set activate/deactivate request




 program/js/app.js


@@ -1316,13 +1316,13 @@




      case 'export':


        if (this.contact_list.rowcount > 0) {


          this.goto_url('export', { _source: this.env.source, _gid: this.env.group, _search: this.env.search_request });


          this.goto_url('export', { _source: this.env.source, _gid: this.env.group, _search: this.env.search_request }, false, true);


        }


        break;




      case 'export-selected':


        if (this.contact_list.rowcount > 0) {


          this.goto_url('export', { _source: this.env.source, _gid: this.env.group, _cid: this.contact_list.get_selection().join(',') });


          this.goto_url('export', { _source: this.env.source, _gid: this.env.group, _cid: this.contact_list.get_selection().join(',') }, false, true);


        }


        break;






 program/steps/addressbook/export.inc


@@ -21,6 +21,8 @@


 +-----------------------------------------------------------------------+


*/




$RCMAIL->request_security_check(rcube_utils::INPUT_GET);




// Use search result


if (!empty($_REQUEST['_search']) && isset($_SESSION['search'][$_REQUEST['_search']])) {


    $sort_col = $RCMAIL->config->get('addressbook_sort_col', 'name');