From aa055c931a68547763f7bb89425a08e8ceecb749 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Thu, 22 Jan 2009 09:47:23 -0500
Subject: [PATCH] Get rid of vulnerable preg_replace eval and create_function (#1485686) + correctly handle base and link tags in html messages
---
program/include/rcube_user.php | 64 +++++++++++++++----------------
1 files changed, 31 insertions(+), 33 deletions(-)
diff --git a/program/include/rcube_user.php b/program/include/rcube_user.php
index 0c044ca..b8833b3 100644
--- a/program/include/rcube_user.php
+++ b/program/include/rcube_user.php
@@ -5,7 +5,7 @@
| program/include/rcube_user.inc |
| |
| This file is part of the RoundCube Webmail client |
- | Copyright (C) 2005-2008, RoundCube Dev. - Switzerland |
+ | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland |
| Licensed under the GNU GPL |
| |
| PURPOSE: |
@@ -31,7 +31,7 @@
{
public $ID = null;
public $data = null;
- public $language = 'en_US';
+ public $language = null;
private $db = null;
@@ -59,17 +59,7 @@
}
}
- /**
- * PHP 4 object constructor
- *
- * @see rcube_user::__construct
- */
- function rcube_user($id = null, $sql_arr = null)
- {
- $this->__construct($id, $sql_arr);
- }
-
-
+
/**
* Build a user name string (as e-mail address)
*
@@ -88,10 +78,13 @@
*/
function get_prefs()
{
+ if (!empty($this->language))
+ $prefs = array('language' => $this->language);
+
if ($this->ID && $this->data['preferences'])
- return array('language' => $this->language) + unserialize($this->data['preferences']);
- else
- return array();
+ $prefs += (array)unserialize($this->data['preferences']);
+
+ return $prefs;
}
@@ -164,7 +157,7 @@
WHERE del<>1
AND user_id=?
$sql_add
- ORDER BY ".$this->db->quoteIdentifier('standard')." DESC, name ASC",
+ ORDER BY ".$this->db->quoteIdentifier('standard')." DESC, name ASC, identity_id ASC",
$this->ID);
return $sql_result;
@@ -326,16 +319,18 @@
{
$dbh = rcmail::get_instance()->get_dbh();
- // query if user already registered
- $sql_result = $dbh->query(
- "SELECT * FROM ".get_table_name('users')."
- WHERE mail_host=? AND (username=? OR alias=?)",
- $host,
- $user,
- $user);
-
+ // query for matching user name
+ $query = "SELECT * FROM ".get_table_name('users')." WHERE mail_host=? AND %s=?";
+ $sql_result = $dbh->query(sprintf($query, 'username'), $host, $user);
+
+ // query for matching alias
+ if (!($sql_arr = $dbh->fetch_assoc($sql_result))) {
+ $sql_result = $dbh->query(sprintf($query, 'alias'), $host, $user);
+ $sql_arr = $dbh->fetch_assoc($sql_result);
+ }
+
// user already registered -> overwrite username
- if ($sql_arr = $dbh->fetch_assoc($sql_result))
+ if ($sql_arr)
return new rcube_user($sql_arr['user_id'], $sql_arr);
else
return false;
@@ -378,19 +373,22 @@
$user_name = $user != $user_email ? $user : '';
// try to resolve the e-mail address from the virtuser table
- if ($virtuser_query = $rcmail->config->get('virtuser_query') &&
- ($sql_result = $dbh->query(preg_replace('/%u/', $dbh->escapeSimple($user), $virtuser_query))) &&
- ($dbh->num_rows() > 0))
+ if (($virtuser_query = $rcmail->config->get('virtuser_query'))
+ && ($sql_result = $dbh->query(preg_replace('/%u/', $dbh->escapeSimple($user), $virtuser_query)))
+ && ($dbh->num_rows() > 0))
{
+ $standard = 1;
while ($sql_arr = $dbh->fetch_array($sql_result))
{
$dbh->query(
"INSERT INTO ".get_table_name('identities')."
(user_id, del, standard, name, email)
- VALUES (?, 0, 1, ?, ?)",
+ VALUES (?, 0, ?, ?, ?)",
$user_id,
+ $standard,
strip_newlines($user_name),
preg_replace('/^@/', $user . '@', $sql_arr[0]));
+ $standard = 0;
}
}
else
@@ -428,7 +426,7 @@
static function email2user($email)
{
$user = $email;
- $r = self::findinvirtual("^$email\s");
+ $r = self::findinvirtual('^' . quotemeta($email) . '[[:space:]]');
for ($i=0; $i<count($r); $i++)
{
@@ -453,8 +451,8 @@
*/
static function user2email($user)
{
- $email = "";
- $r = self::findinvirtual("\s$user\s*$");
+ $email = '';
+ $r = self::findinvirtual('[[:space:]]' . quotemeta($user) . '[[:space:]]*$');
for ($i=0; $i<count($r); $i++)
{
--
Gitblit v1.9.1