From 95d28926865d8a0d6fd009ebd73c0fc78c19d183 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Thu, 04 Oct 2012 10:59:37 -0400
Subject: [PATCH] Fix HTTP User-Agent XSS vulnerability (#1488737)

---
 program/include/rcube_contacts.php |   22 +++++++++++-----------
 1 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/program/include/rcube_contacts.php b/program/include/rcube_contacts.php
index 8834a7d..534a65c 100644
--- a/program/include/rcube_contacts.php
+++ b/program/include/rcube_contacts.php
@@ -17,9 +17,6 @@
  +-----------------------------------------------------------------------+
  | Author: Thomas Bruederli <roundcube@gmail.com>                        |
  +-----------------------------------------------------------------------+
-
- $Id$
-
 */
 
 
@@ -39,7 +36,7 @@
     /**
      * Store database connection.
      *
-     * @var rcube_mdb2
+     * @var rcube_db
      */
     private $db = null;
     private $user_id = 0;
@@ -313,7 +310,7 @@
             // fulltext search in all fields
             else if ($col == '*') {
                 $words = array();
-                foreach (explode($WS, self::normalize_string($value)) as $word) {
+                foreach (explode($WS, rcube_utils::normalize_string($value)) as $word) {
                     switch ($mode) {
                     case 1: // strict
                         $words[] = '(' . $this->db->ilike('words', $word . '%')
@@ -352,7 +349,7 @@
                 // vCard field
                 else {
                     if (in_array($col, $this->fulltext_cols)) {
-                        foreach (explode(" ", self::normalize_string($val)) as $word) {
+                        foreach (rcube_utils::normalize_string($val, true) as $word) {
                             switch ($mode) {
                             case 1: // strict
                                 $words[] = '(' . $this->db->ilike('words', $word . $WS . '%')
@@ -728,9 +725,9 @@
                 if (isset($value))
                     $vcard->set($field, $value, $section);
                 if ($fulltext && is_array($value))
-                    $words .= ' ' . self::normalize_string(join(" ", $value));
+                    $words .= ' ' . rcube_utils::normalize_string(join(" ", $value));
                 else if ($fulltext && strlen($value) >= 3)
-                    $words .= ' ' . self::normalize_string($value);
+                    $words .= ' ' . rcube_utils::normalize_string($value);
             }
         }
         $out['vcard'] = $vcard->export(false);
@@ -937,7 +934,9 @@
                 $contact_id
             );
 
-            if (!$this->db->db_error)
+            if ($error = $this->db->is_error())
+                $this->set_error(self::ERROR_SAVING, $error);
+            else
                 $added++;
         }
 
@@ -991,9 +990,10 @@
                 $checkname);
 
             // append number to make name unique
-            if ($hit = $this->db->num_rows($sql_result))
+            if ($hit = $this->db->fetch_array($sql_result)) {
                 $checkname = $name . ' ' . $num++;
-        } while ($hit > 0);
+            }
+        } while ($hit);
 
         return $checkname;
     }

--
Gitblit v1.9.1