From aa055c931a68547763f7bb89425a08e8ceecb749 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Thu, 22 Jan 2009 09:47:23 -0500
Subject: [PATCH] Get rid of vulnerable preg_replace eval and create_function (#1485686) + correctly handle base and link tags in html messages

---
 program/include/rcube_imap.php |   61 +++++++++++++-----------------
 1 files changed, 27 insertions(+), 34 deletions(-)

diff --git a/program/include/rcube_imap.php b/program/include/rcube_imap.php
index 7da209f..8511628 100644
--- a/program/include/rcube_imap.php
+++ b/program/include/rcube_imap.php
@@ -1504,34 +1504,36 @@
    *
    * @param mixed  Message UIDs as array or as comma-separated string
    * @param string Flag to set: SEEN, UNDELETED, DELETED, RECENT, ANSWERED, DRAFT, MDNSENT
+   * @param boolean Simulate flagging (don't set flag on IMAP server)
    * @return boolean True on success, False on failure
    */
-  function set_flag($uids, $flag)
+  function set_flag($uids, $flag, $fake=false)
     {
     $flag = strtoupper($flag);
     $msg_ids = array();
     if (!is_array($uids))
       $uids = explode(',',$uids);
       
-    foreach ($uids as $uid) {
-      $msg_ids[$uid] = $this->_uid2id($uid);
-    }
-      
-    if ($flag=='UNDELETED')
-      $result = iil_C_Undelete($this->conn, $this->mailbox, join(',', array_values($msg_ids)));
-    else if ($flag=='UNSEEN')
-      $result = iil_C_Unseen($this->conn, $this->mailbox, join(',', array_values($msg_ids)));
-    else if ($flag=='UNFLAGGED')
-      $result = iil_C_UnFlag($this->conn, $this->mailbox, join(',', array_values($msg_ids)), 'FLAGGED');
-    else
-      $result = iil_C_Flag($this->conn, $this->mailbox, join(',', array_values($msg_ids)), $flag);
-
+    if (!$fake || $this->caching_enabled)
+      foreach ($uids as $uid) {
+        $msg_ids[$uid] = $this->_uid2id($uid);
+      }
+    
+    if (!$fake) {
+      if ($flag=='UNDELETED')
+        $result = iil_C_Undelete($this->conn, $this->mailbox, join(',', array_values($msg_ids)));
+      else if ($flag=='UNSEEN')
+        $result = iil_C_Unseen($this->conn, $this->mailbox, join(',', array_values($msg_ids)));
+      else if ($flag=='UNFLAGGED')
+        $result = iil_C_UnFlag($this->conn, $this->mailbox, join(',', array_values($msg_ids)), 'FLAGGED');
+      else
+        $result = iil_C_Flag($this->conn, $this->mailbox, join(',', array_values($msg_ids)), $flag);
+      }
+    
     // reload message headers if cached
-    $cache_key = $this->mailbox.'.msg';
-    if ($this->caching_enabled)
-      {
-      foreach ($msg_ids as $uid => $id)
-        {
+    if ($this->caching_enabled) {
+      $cache_key = $this->mailbox.'.msg';
+      foreach ($msg_ids as $uid => $id) {
         if ($cached_headers = $this->get_cached_message($cache_key, $uid))
           {
           $this->remove_message_cache($cache_key, $id);
@@ -1545,7 +1547,7 @@
       }
 
     // set nr of messages that were flaged
-    $count = count($msg_ids);
+    $count = count($uids);
 
     // clear message count cache
     if ($result && $flag=='SEEN')
@@ -1568,7 +1570,6 @@
    */
   function save_message($mbox_name, &$message)
     {
-    $mbox_name = stripslashes($mbox_name);
     $mailbox = $this->_mod_mailbox($mbox_name);
 
     // make sure mailbox exists
@@ -1595,9 +1596,7 @@
    */
   function move_message($uids, $to_mbox, $from_mbox='')
     {
-    $to_mbox_in = stripslashes($to_mbox);
-    $from_mbox = stripslashes($from_mbox);
-    $to_mbox = $this->_mod_mailbox($to_mbox_in);
+    $to_mbox = $this->_mod_mailbox($to_mbox);
     $from_mbox = $from_mbox ? $this->_mod_mailbox($from_mbox) : $this->mailbox;
 
     // make sure mailbox exists
@@ -1672,7 +1671,6 @@
    */
   function delete_message($uids, $mbox_name='')
     {
-    $mbox_name = stripslashes($mbox_name);
     $mailbox = $mbox_name ? $this->_mod_mailbox($mbox_name) : $this->mailbox;
 
     // convert the list of uids to array
@@ -1729,7 +1727,6 @@
    */
   function clear_mailbox($mbox_name=NULL)
     {
-    $mbox_name = stripslashes($mbox_name);
     $mailbox = !empty($mbox_name) ? $this->_mod_mailbox($mbox_name) : $this->mailbox;
     $msg_count = $this->_messagecount($mailbox, 'ALL');
     
@@ -1762,7 +1759,6 @@
    */
   function expunge($mbox_name='', $clear_cache=TRUE)
     {
-    $mbox_name = stripslashes($mbox_name);
     $mailbox = $mbox_name ? $this->_mod_mailbox($mbox_name) : $this->mailbox;
     return $this->_expunge($mailbox, $clear_cache);
     }
@@ -1881,9 +1877,6 @@
     {
     $result = FALSE;
     
-    // replace backslashes
-    $name = preg_replace('/[\\\]+/', '-', $name);
-
     // reduce mailbox name to 100 chars
     $name = substr($name, 0, 100);
 
@@ -1912,9 +1905,6 @@
     {
     $result = FALSE;
 
-    // replace backslashes
-    $name = preg_replace('/[\\\]+/', '-', $new_name);
-        
     // encode mailbox name and reduce it to 100 chars
     $name = substr($new_name, 0, 100);
 
@@ -2942,6 +2932,7 @@
 
       foreach ($sub_a as $k => $v)
         {
+	// use angle brackets in regexp to not handle names with @ sign
         if (preg_match('/^<\S+@\S+>$/', $v))
           $result[$key]['address'] = trim($v, '<>');
         else
@@ -2949,7 +2940,9 @@
         }
         
       if (empty($result[$key]['name']))
-        $result[$key]['name'] = $result[$key]['address'];        
+        $result[$key]['name'] = $result[$key]['address'];
+      elseif (empty($result[$key]['address'])) 
+	$result[$key]['address'] = $result[$key]['name'];     
       }
     
     return $result;

--
Gitblit v1.9.1