From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 bin/update.sh |   16 +++++++++++-----
 1 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/bin/update.sh b/bin/update.sh
index bfb2148..5bc01be 100755
--- a/bin/update.sh
+++ b/bin/update.sh
@@ -5,7 +5,7 @@
  | bin/update.sh                                                         |
  |                                                                       |
  | This file is part of the Roundcube Webmail client                     |
- | Copyright (C) 2010-2014, The Roundcube Dev Team                       |
+ | Copyright (C) 2010-2015, The Roundcube Dev Team                       |
  |                                                                       |
  | Licensed under the GNU General Public License version 3 or            |
  | any later version with exceptions for skins & plugins.                |
@@ -186,18 +186,24 @@
       }
 
       foreach ($composer_template['repositories'] as $repo) {
-        $rkey = $repo['type'] . $repo['url'] . $repo['package']['name'];
+        $rkey = $repo['type'] . preg_replace('/^https?:/', '', $repo['url']) . $repo['package']['name'];
         $existing = false;
-        foreach ($composer_data['repositories'] as $_repo) {
-          if ($rkey == $_repo['type'] . $_repo['url'] . $_repo['package']['name']) {
+        foreach ($composer_data['repositories'] as $k =>  $_repo) {
+          if ($rkey == $_repo['type'] . preg_replace('/^https?:/', '', $_repo['url']) . $_repo['package']['name']) {
             $existing = true;
             break;
+          }
+          // remove old repos
+          else if (strpos($_repo['url'], 'git://git.kolab.org') === 0) {
+              unset($composer_data['repositories'][$k]);
           }
         }
         if (!$existing) {
           $composer_data['repositories'][] = $repo;
         }
       }
+
+      $composer_data['repositories'] = array_values($composer_data['repositories']);
     }
 
     // use the JSON encoder from the Composer package
@@ -207,7 +213,7 @@
     }
     // PHP 5.4's json_encode() does the job, too
     else if (defined('JSON_PRETTY_PRINT')) {
-      $comsposer_json = json_encode($composer_data, JSON_PRETTY_PRINT & JSON_UNESCAPED_SLASHES);
+      $comsposer_json = json_encode($composer_data, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
     }
     else {
       $success = false;

--
Gitblit v1.9.1