From 1391f17a521a19382c59ef9d4e93a8ced2f1a9e5 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 08 Aug 2013 09:49:11 -0400
Subject: [PATCH] Fix issue where uploaded photo was lost when contact form did not validate (#1489274)
---
CHANGELOG | 1 +
program/steps/addressbook/func.inc | 20 ++++++++++++++++++--
2 files changed, 19 insertions(+), 2 deletions(-)
diff --git a/CHANGELOG b/CHANGELOG
index 702fa49..cab07dc 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
+- Fix issue where uploaded photo was lost when contact form did not validate (#1489274)
- Fix base URL resolving on attribute values with no quotes (#1489275)
- Fix wrong handling of links with '|' character (#1489276)
- Fix XSS vulnerability when saving HTML signatures (#1489251)
diff --git a/program/steps/addressbook/func.inc b/program/steps/addressbook/func.inc
index 034f033..f94d153 100644
--- a/program/steps/addressbook/func.inc
+++ b/program/steps/addressbook/func.inc
@@ -751,12 +751,28 @@
$plugin = $RCMAIL->plugins->exec_hook('contact_photo', array('record' => $record, 'data' => $record['photo']));
+ // check if we have photo data from contact form
+ if ($GLOBALS['EDIT_RECORD']) {
+ $rec = $GLOBALS['EDIT_RECORD'];
+ if ($rec['photo'] == '-del-') {
+ $record['photo'] = '';
+ }
+ else if ($_SESSION['contacts']['files'][$rec['photo']]) {
+ $record['photo'] = $file_id = $rec['photo'];
+ }
+ }
+
if ($plugin['url'])
$photo_img = $plugin['url'];
else if (preg_match('!^https?://!i', $record['photo']))
$photo_img = $record['photo'];
- else if ($record['photo'])
- $photo_img = $RCMAIL->url(array('_action' => 'photo', '_cid' => $record['ID'], '_source' => $SOURCE_ID));
+ else if ($record['photo']) {
+ $url = array('_action' => 'photo', '_cid' => $record['ID'], '_source' => $SOURCE_ID);
+ if ($file_id) {
+ $url['_photo'] = $ff_value = $file_id;
+ }
+ $photo_img = $RCMAIL->url($url);
+ }
else
$ff_value = '-del-'; // will disable delete-photo action
--
Gitblit v1.9.1