From 95d28926865d8a0d6fd009ebd73c0fc78c19d183 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Thu, 04 Oct 2012 10:59:37 -0400
Subject: [PATCH] Fix HTTP User-Agent XSS vulnerability (#1488737)

---
 program/include/rcube_contacts.php |   11 +++++++----
 1 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/program/include/rcube_contacts.php b/program/include/rcube_contacts.php
index 7edd099..534a65c 100644
--- a/program/include/rcube_contacts.php
+++ b/program/include/rcube_contacts.php
@@ -36,7 +36,7 @@
     /**
      * Store database connection.
      *
-     * @var rcube_mdb2
+     * @var rcube_db
      */
     private $db = null;
     private $user_id = 0;
@@ -934,7 +934,9 @@
                 $contact_id
             );
 
-            if (!$this->db->db_error)
+            if ($error = $this->db->is_error())
+                $this->set_error(self::ERROR_SAVING, $error);
+            else
                 $added++;
         }
 
@@ -988,9 +990,10 @@
                 $checkname);
 
             // append number to make name unique
-            if ($hit = $this->db->num_rows($sql_result))
+            if ($hit = $this->db->fetch_array($sql_result)) {
                 $checkname = $name . ' ' . $num++;
-        } while ($hit > 0);
+            }
+        } while ($hit);
 
         return $checkname;
     }

--
Gitblit v1.9.1