From 8b771646fadcde0abb27c2218a45942b95734838 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sun, 10 Mar 2013 06:49:20 -0400
Subject: [PATCH] Fix so task name can really contain all from a-z0-9_- characters (#1488941)

---
 CHANGELOG                                  |    1 +
 program/include/rcmail.php                 |    2 +-
 program/lib/Roundcube/rcube_plugin_api.php |    4 ++--
 program/lib/Roundcube/rcube_plugin.php     |    2 +-
 program/js/app.js                          |    6 +++---
 5 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index baca867..ef3830a 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Fix so task name can really contain all from a-z0-9_- characters (#1488941)
 - Support IMAP MOVE extension [RFC 6851]
 - Fix javascript errors when working in a page opened with taget="_blank"
 - Mention SQLite database format change in UPGRADING file (#1488983)
diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index b2d6966..1bde403 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -123,7 +123,7 @@
    */
   public function set_task($task)
   {
-    $task = asciiwords($task);
+    $task = asciiwords($task, true);
 
     if ($this->user && $this->user->ID)
       $task = !$task ? 'mail' : $task;
diff --git a/program/js/app.js b/program/js/app.js
index c2a7c1b..9f76757 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -1235,7 +1235,7 @@
     if (!url)
       url = this.env.comm_path;
 
-    return url.replace(/_task=[a-z]+/, '_task='+task);
+    return url.replace(/_task=[a-z0-9_-]+/i, '_task='+task);
   };
 
   this.reload = function(delay)
@@ -5970,9 +5970,9 @@
     var base = this.env.comm_path, k, param = {};
 
     // overwrite task name
-    if (query._action.match(/([a-z]+)\/([a-z0-9-_.]+)/)) {
+    if (query._action.match(/([a-z0-9_-]+)\/([a-z0-9-_.]+)/)) {
       query._action = RegExp.$2;
-      base = base.replace(/\_task=[a-z]+/, '_task='+RegExp.$1);
+      base = base.replace(/\_task=[a-z0-9_-]+/, '_task='+RegExp.$1);
     }
 
     // remove undefined values
diff --git a/program/lib/Roundcube/rcube_plugin.php b/program/lib/Roundcube/rcube_plugin.php
index 66e77cc..9ea0f73 100644
--- a/program/lib/Roundcube/rcube_plugin.php
+++ b/program/lib/Roundcube/rcube_plugin.php
@@ -237,7 +237,7 @@
     /**
      * Register this plugin to be responsible for a specific task
      *
-     * @param string $task Task name (only characters [a-z0-9_.-] are allowed)
+     * @param string $task Task name (only characters [a-z0-9_-] are allowed)
      */
     public function register_task($task)
     {
diff --git a/program/lib/Roundcube/rcube_plugin_api.php b/program/lib/Roundcube/rcube_plugin_api.php
index 8a4cce2..111c177 100644
--- a/program/lib/Roundcube/rcube_plugin_api.php
+++ b/program/lib/Roundcube/rcube_plugin_api.php
@@ -372,7 +372,7 @@
     /**
      * Register this plugin to be responsible for a specific task
      *
-     * @param string $task Task name (only characters [a-z0-9_.-] are allowed)
+     * @param string $task Task name (only characters [a-z0-9_-] are allowed)
      * @param string $owner Plugin name that registers this action
      */
     public function register_task($task, $owner)
@@ -382,7 +382,7 @@
             return true;
         }
 
-        if ($task != asciiwords($task)) {
+        if ($task != asciiwords($task, true)) {
             rcube::raise_error(array('code' => 526, 'type' => 'php',
                 'file' => __FILE__, 'line' => __LINE__,
                 'message' => "Invalid task name: $task."

--
Gitblit v1.9.1