From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
plugins/archive/archive.php | 151 +++++++++++++++++++++++++------------------------
1 files changed, 77 insertions(+), 74 deletions(-)
diff --git a/plugins/archive/archive.php b/plugins/archive/archive.php
index 8c0a89d..ffa309a 100644
--- a/plugins/archive/archive.php
+++ b/plugins/archive/archive.php
@@ -6,7 +6,7 @@
* Plugin that adds a new button to the mailbox toolbar
* to move messages to a (user selectable) archive folder.
*
- * @version 2.2
+ * @version 2.3
* @license GNU GPLv3+
* @author Andre Rodier, Thomas Bruederli, Aleksander Machniak
*/
@@ -111,94 +111,97 @@
$delimiter = $storage->get_hierarchy_delimiter();
$archive_folder = $rcmail->config->get('archive_mbox');
$archive_type = $rcmail->config->get('archive_type', '');
-
- $storage->set_folder(($current_mbox = rcube_utils::get_input_value('_mbox', RCUBE_INPUT_POST)));
+ $current_mbox = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST);
$result = array('reload' => false, 'update' => false, 'errors' => array());
$folders = array();
- $uids = rcube_utils::get_input_value('_uid', RCUBE_INPUT_POST);
- $search_request = get_input_value('_search', RCUBE_INPUT_GPC);
+ $uids = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_POST);
+ $search_request = rcube_utils::get_input_value('_search', rcube_utils::INPUT_GPC);
if ($uids == '*') {
$index = $storage->index(null, rcmail_sort_column(), rcmail_sort_order());
- $uids = $index->get();
+ $messageset = array($current_mbox => $index->get());
}
else {
- $uids = explode(',', $uids);
+ $messageset = rcmail::get_uids();
}
- foreach ($uids as $uid) {
- if (!$archive_folder || !($message = $rcmail->storage->get_message($uid))) {
- continue;
- }
+ foreach ($messageset as $mbox => $uids) {
+ $storage->set_folder(($current_mbox = $mbox));
- $subfolder = null;
- switch ($archive_type) {
- case 'year':
- $subfolder = $rcmail->format_date($message->timestamp, 'Y');
- break;
-
- case 'month':
- $subfolder = $rcmail->format_date($message->timestamp, 'Y') . $delimiter . $rcmail->format_date($message->timestamp, 'm');
- break;
-
- case 'folder':
- $subfolder = $current_mbox;
- break;
-
- case 'sender':
- $from = $message->get('from');
- if (preg_match('/[\b<](.+@.+)[\b>]/i', $from, $m)) {
- $subfolder = $m[1];
- }
- else {
- $subfolder = $this->gettext('unkownsender');
- }
-
- // replace reserved characters in folder name
- $repl = $delimiter == '-' ? '_' : '-';
- $replacements[$delimiter] = $repl;
- $replacements['.'] = $repl; // some IMAP server do not allow . characters
- $subfolder = strtr($subfolder, $replacements);
- break;
-
- default:
- $subfolder = '';
- break;
- }
-
- // compose full folder path
- $folder = $archive_folder . ($subfolder ? $delimiter . $subfolder : '');
-
- // create archive subfolder if it doesn't yet exist
- // we'll create all folders in the path
- if (!in_array($folder, $folders)) {
- if (empty($list)) {
- $list = $storage->list_folders('', $archive_folder . '*', 'mail', null, true);
+ foreach ($uids as $uid) {
+ if (!$archive_folder || !($message = $rcmail->storage->get_message($uid))) {
+ continue;
}
- $path = explode($delimiter, $folder);
- for ($i=0; $i<count($path); $i++) {
- $_folder = implode($delimiter, array_slice($path, 0, $i+1));
- if (!in_array($_folder, $list)) {
- if ($storage->create_folder($_folder, true)) {
- $result['reload'] = true;
- $list[] = $_folder;
+ $subfolder = null;
+ switch ($archive_type) {
+ case 'year':
+ $subfolder = $rcmail->format_date($message->timestamp, 'Y');
+ break;
+
+ case 'month':
+ $subfolder = $rcmail->format_date($message->timestamp, 'Y') . $delimiter . $rcmail->format_date($message->timestamp, 'm');
+ break;
+
+ case 'folder':
+ $subfolder = $current_mbox;
+ break;
+
+ case 'sender':
+ $from = $message->get('from');
+ if (preg_match('/[\b<](.+@.+)[\b>]/i', $from, $m)) {
+ $subfolder = $m[1];
+ }
+ else {
+ $subfolder = $this->gettext('unkownsender');
+ }
+
+ // replace reserved characters in folder name
+ $repl = $delimiter == '-' ? '_' : '-';
+ $replacements[$delimiter] = $repl;
+ $replacements['.'] = $repl; // some IMAP server do not allow . characters
+ $subfolder = strtr($subfolder, $replacements);
+ break;
+
+ default:
+ $subfolder = '';
+ break;
+ }
+
+ // compose full folder path
+ $folder = $archive_folder . ($subfolder ? $delimiter . $subfolder : '');
+
+ // create archive subfolder if it doesn't yet exist
+ // we'll create all folders in the path
+ if (!in_array($folder, $folders)) {
+ if (empty($list)) {
+ $list = $storage->list_folders('', $archive_folder . '*', 'mail', null, true);
+ }
+ $path = explode($delimiter, $folder);
+
+ for ($i=0; $i<count($path); $i++) {
+ $_folder = implode($delimiter, array_slice($path, 0, $i+1));
+ if (!in_array($_folder, $list)) {
+ if ($storage->create_folder($_folder, true)) {
+ $result['reload'] = true;
+ $list[] = $_folder;
+ }
}
}
+
+ $folders[] = $folder;
}
- $folders[] = $folder;
- }
-
- // move message to target folder
- if ($storage->move_message(array($uid), $folder)) {
- $result['update'] = true;
- }
- else {
- $result['errors'][] = $uid;
- }
- } // end for
+ // move message to target folder
+ if ($storage->move_message(array($uid), $folder)) {
+ $result['update'] = true;
+ }
+ else {
+ $result['errors'][] = $uid;
+ }
+ } // end for
+ }
// send response
if ($result['errors']) {
@@ -217,7 +220,7 @@
}
if ($_POST['_from'] == 'show' && !empty($result['update'])) {
- if ($next = get_input_value('_next_uid', RCUBE_INPUT_GPC)) {
+ if ($next = rcube_utils::get_input_value('_next_uid', rcube_utils::INPUT_GPC)) {
$rcmail->output->command('show_message', $next);
}
else {
@@ -262,7 +265,7 @@
$archive_type->add($this->gettext('archivetypefolder'), 'folder');
$args['blocks']['archive'] = array(
- 'name' => Q($this->gettext('settingstitle')),
+ 'name' => rcube::Q($this->gettext('settingstitle')),
'options' => array('archive_type' => array(
'title' => $this->gettext('archivetype'),
'content' => $archive_type->show($rcmail->config->get('archive_type'))
--
Gitblit v1.9.1