From 818b78a89381be2f4de55c4f6a189da9379a1a3a Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 17 Nov 2015 12:41:07 -0500
Subject: [PATCH] Fix invalid LDAP query in ACL user autocompletion (#1490591)
---
plugins/acl/acl.php | 71 ++++++++++++++++++++++++++++-------
1 files changed, 57 insertions(+), 14 deletions(-)
diff --git a/plugins/acl/acl.php b/plugins/acl/acl.php
index 5c4deb7..2526683 100644
--- a/plugins/acl/acl.php
+++ b/plugins/acl/acl.php
@@ -112,6 +112,22 @@
$keys[] = $display ?: $user['name'];
}
}
+
+ if ($this->rc->config->get('acl_groups')) {
+ $prefix = $this->rc->config->get('acl_group_prefix');
+ $group_field = $this->rc->config->get('acl_group_field', 'name');
+ $result = $this->ldap->list_groups($search, $mode);
+
+ foreach ($result as $record) {
+ $group = $record['name'];
+ $group_id = is_array($record[$group_field]) ? $record[$group_field][0] : $record[$group_field];
+
+ if ($group) {
+ $users[] = array('name' => ($prefix ? $prefix : '') . $group_id, 'display' => $group, 'type' => 'group');
+ $keys[] = $group;
+ }
+ }
+ }
}
if (count($users)) {
@@ -235,6 +251,11 @@
// Get supported rights
$supported = $this->rights_supported();
+ // give plugins the opportunity to adjust this list
+ $data = $this->rc->plugins->exec_hook('acl_rights_supported',
+ array('rights' => $supported, 'folder' => $this->mbox, 'labels' => array()));
+ $supported = $data['rights'];
+
// depending on server capability either use 'te' or 'd' for deleting msgs
$deleteright = implode(array_intersect(str_split('ted'), $supported));
@@ -265,18 +286,22 @@
'other' => preg_replace('/[lrswi'.$deleteright.']/', '', implode($supported)),
);
- foreach ($items as $key => $val) {
+ // give plugins the opportunity to adjust this list
+ $data = $this->rc->plugins->exec_hook('acl_rights_simple',
+ array('rights' => $items, 'folder' => $this->mbox, 'labels' => array(), 'titles' => array()));
+
+ foreach ($data['rights'] as $key => $val) {
$id = "acl$key";
$ul .= html::tag('li', null,
$input->show('', array(
'name' => "acl[$val]", 'value' => $val, 'id' => $id))
- . html::label(array('for' => $id, 'title' => $this->gettext('longacl'.$key)),
- $this->gettext('acl'.$key)));
+ . html::label(array('for' => $id, 'title' => $data['titles'][$key] ?: $this->gettext('longacl'.$key)),
+ $data['labels'][$key] ?: $this->gettext('acl'.$key)));
}
$out .= "\n" . html::tag('ul', $attrib, $ul, html::$common_attrib);
- $this->rc->output->set_env('acl_items', $items);
+ $this->rc->output->set_env('acl_items', $data['rights']);
return $out;
}
@@ -363,6 +388,11 @@
// Get supported rights and build column names
$supported = $this->rights_supported();
+ // give plugins the opportunity to adjust this list
+ $data = $this->rc->plugins->exec_hook('acl_rights_supported',
+ array('rights' => $supported, 'folder' => $this->mbox, 'labels' => array()));
+ $supported = $data['rights'];
+
// depending on server capability either use 'te' or 'd' for deleting msgs
$deleteright = implode(array_intersect(str_split('ted'), $supported));
@@ -382,6 +412,11 @@
'delete' => $deleteright,
'other' => preg_replace('/[lrswi'.$deleteright.']/', '', implode($supported)),
);
+
+ // give plugins the opportunity to adjust this list
+ $data = $this->rc->plugins->exec_hook('acl_rights_simple',
+ array('rights' => $items, 'folder' => $this->mbox, 'labels' => array()));
+ $items = $data['rights'];
}
// Create the table
@@ -391,7 +426,7 @@
// Create table header
$table->add_header('user', $this->gettext('identifier'));
foreach (array_keys($items) as $key) {
- $label = $this->gettext('shortacl'.$key);
+ $label = $data['labels'][$key] ?: $this->gettext('shortacl'.$key);
$table->add_header(array('class' => 'acl'.$key, 'title' => $label), $label);
}
@@ -438,19 +473,23 @@
*/
private function action_save()
{
- $mbox = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_GPC, true)); // UTF7-IMAP
- $user = trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_GPC));
- $acl = trim(rcube_utils::get_input_value('_acl', rcube_utils::INPUT_GPC));
- $oldid = trim(rcube_utils::get_input_value('_old', rcube_utils::INPUT_GPC));
+ $mbox = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST, true)); // UTF7-IMAP
+ $user = trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST));
+ $acl = trim(rcube_utils::get_input_value('_acl', rcube_utils::INPUT_POST));
+ $oldid = trim(rcube_utils::get_input_value('_old', rcube_utils::INPUT_POST));
$acl = array_intersect(str_split($acl), $this->rights_supported());
$users = $oldid ? array($user) : explode(',', $user);
$result = 0;
foreach ($users as $user) {
- $user = trim($user);
+ $user = trim($user);
+ $prefix = $this->rc->config->get('acl_groups') ? $this->rc->config->get('acl_group_prefix') : '';
- if (!empty($this->specials) && in_array($user, $this->specials)) {
+ if ($prefix && strpos($user, $prefix) === 0) {
+ $username = $user;
+ }
+ else if (!empty($this->specials) && in_array($user, $this->specials)) {
$username = $this->gettext($user);
}
else if (!empty($user)) {
@@ -490,8 +529,8 @@
*/
private function action_delete()
{
- $mbox = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_GPC, true)); //UTF7-IMAP
- $user = trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_GPC));
+ $mbox = trim(rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST, true)); //UTF7-IMAP
+ $user = trim(rcube_utils::get_input_value('_user', rcube_utils::INPUT_POST));
$user = explode(',', $user);
@@ -700,7 +739,11 @@
$config['fieldmap']['uid'] = $uid_field;
// search in UID and name fields
- $config['search_fields'] = array_values($config['fieldmap']);
+ // $name_field can be in a form of <field>:<modifier> (#1490591)
+ $name_field = preg_replace('/:.*$/', '', $name_field);
+ $search = array_unique(array($name_field, $uid_field));
+
+ $config['search_fields'] = $search;
$config['required_fields'] = array($uid_field);
// set search filter
--
Gitblit v1.9.1