From ce89ecd54277fdd8113320ba463dfab6d504b00c Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Mon, 06 May 2013 06:23:27 -0400
Subject: [PATCH] Fix various PHP code bugs found using static analysis (#1489086)

---
 program/lib/Roundcube/rcube_smtp.php |    2 +-
 CHANGELOG                            |    1 +
 plugins/enigma/enigma.php            |    3 ++-
 plugins/password/drivers/pam.php     |    3 ++-
 program/lib/Roundcube/rcube_db.php   |    2 +-
 plugins/enigma/lib/enigma_engine.php |   18 +++++++-----------
 6 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index c97df8c..5cba239 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Fix various PHP code bugs found using static analysis (#1489086)
 - Fix backslash character handling on vCard import (#1489085)
 - Fix csv import from Thunderbird with French localization (#1489059)
 - Fix messages list focus issue in Opera and Webkit (#1489058)
diff --git a/plugins/enigma/enigma.php b/plugins/enigma/enigma.php
index c96b946..1194d26 100644
--- a/plugins/enigma/enigma.php
+++ b/plugins/enigma/enigma.php
@@ -47,6 +47,8 @@
         $rcmail = rcmail::get_instance();
         $this->rc = $rcmail;
 
+        $section = rcube_utils::get_input_value('_section', rcube_utils::INPUT_GET);
+
         if ($this->rc->task == 'mail') {
             // message parse/display hooks
             $this->add_hook('message_part_structure', array($this, 'parse_structure'));
@@ -79,7 +81,6 @@
             $this->register_action('plugin.enigma', array($this, 'preferences_ui'));
 
             // grab keys/certs management iframe requests
-            $section = rcube_utils::get_input_value('_section', rcube_utils::INPUT_GET);
             if ($this->rc->action == 'edit-prefs' && preg_match('/^enigma(certs|keys)/', $section)) {
                 $this->load_ui();
                 $this->ui->init($section);
diff --git a/plugins/enigma/lib/enigma_engine.php b/plugins/enigma/lib/enigma_engine.php
index 220d6c0..a30a517 100644
--- a/plugins/enigma/lib/enigma_engine.php
+++ b/plugins/enigma/lib/enigma_engine.php
@@ -374,17 +374,15 @@
     {
         // @TODO: Handle big bodies using (temp) files
         // @TODO: caching of verification result
-        
-         $sig = $this->pgp_driver->verify($msg_body, $sig_body);
+        $sig = $this->pgp_driver->verify($msg_body, $sig_body);
 
-         if (($sig instanceof enigma_error) && $sig->getCode() != enigma_error::E_KEYNOTFOUND)
-             rcube::raise_error(array(
+        if (($sig instanceof enigma_error) && $sig->getCode() != enigma_error::E_KEYNOTFOUND)
+            rcube::raise_error(array(
                 'code' => 600, 'type' => 'php',
                 'file' => __FILE__, 'line' => __LINE__,
-                'message' => "Enigma plugin: " . $error->getMessage()
+                'message' => "Enigma plugin: " . $sig->getMessage()
                 ), true, false);
 
-//print_r($sig);
         return $sig;
     }
 
@@ -399,10 +397,8 @@
     {
         // @TODO: Handle big bodies using (temp) files
         // @TODO: caching of verification result
-        
+        $key = ''; $pass = ''; // @TODO
         $result = $this->pgp_driver->decrypt($msg_body, $key, $pass);
-
-//print_r($result);
 
         if ($result instanceof enigma_error) {
             $err_code = $result->getCode();
@@ -430,7 +426,7 @@
     {
         $this->load_pgp_driver();
         $result = $this->pgp_driver->list_keys($pattern);
-    
+
         if ($result instanceof enigma_error) {
             rcube::raise_error(array(
                 'code' => 600, 'type' => 'php',
@@ -438,7 +434,7 @@
                 'message' => "Enigma plugin: " . $result->getMessage()
                 ), true, false);
         }
-        
+
         return $result;
     }
 
diff --git a/plugins/password/drivers/pam.php b/plugins/password/drivers/pam.php
index 8cd94c7..4d0ba16 100644
--- a/plugins/password/drivers/pam.php
+++ b/plugins/password/drivers/pam.php
@@ -11,7 +11,8 @@
 {
     function save($currpass, $newpass)
     {
-        $user = $_SESSION['username'];
+        $user  = $_SESSION['username'];
+        $error = '';
 
         if (extension_loaded('pam') || extension_loaded('pam_auth')) {
             if (pam_auth($user, $currpass, $error, false)) {
diff --git a/program/lib/Roundcube/rcube_db.php b/program/lib/Roundcube/rcube_db.php
index c96bccc..4b9ab13 100644
--- a/program/lib/Roundcube/rcube_db.php
+++ b/program/lib/Roundcube/rcube_db.php
@@ -128,7 +128,7 @@
         $dsn_string  = $this->dsn_string($dsn);
         $dsn_options = $this->dsn_options($dsn);
 
-        if ($db_pconn) {
+        if ($this->db_pconn) {
             $dsn_options[PDO::ATTR_PERSISTENT] = true;
         }
 
diff --git a/program/lib/Roundcube/rcube_smtp.php b/program/lib/Roundcube/rcube_smtp.php
index 5c7d220..201e826 100644
--- a/program/lib/Roundcube/rcube_smtp.php
+++ b/program/lib/Roundcube/rcube_smtp.php
@@ -119,7 +119,7 @@
         }
 
         // try to connect to server and exit on failure
-        $result = $this->conn->connect($smtp_timeout);
+        $result = $this->conn->connect($CONFIG['smtp_timeout']);
 
         if (PEAR::isError($result)) {
             $this->response[] = "Connection failed: ".$result->getMessage();

--
Gitblit v1.9.1