From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 plugins/enigma/lib/enigma_engine.php |   40 ++++++++++++++++++++--------------------
 1 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/plugins/enigma/lib/enigma_engine.php b/plugins/enigma/lib/enigma_engine.php
index b79e995..b95ed1a 100644
--- a/plugins/enigma/lib/enigma_engine.php
+++ b/plugins/enigma/lib/enigma_engine.php
@@ -146,7 +146,7 @@
         $key = $this->find_key($from, true);
 
         if (empty($key)) {
-            return new enigma_error(enigma_error::E_KEYNOTFOUND);
+            return new enigma_error(enigma_error::KEYNOTFOUND);
         }
 
         // check if we have password for this key
@@ -156,7 +156,7 @@
         if ($pass === null) {
             // ask for password
             $error = array('missing' => array($key->id => $key->name));
-            return new enigma_error(enigma_error::E_BADPASS, '', $error);
+            return new enigma_error(enigma_error::BADPASS, '', $error);
         }
 
         // select mode
@@ -197,10 +197,10 @@
         $result = $this->pgp_sign($body, $key->id, $pass, $pgp_mode);
 
         if ($result !== true) {
-            if ($result->getCode() == enigma_error::E_BADPASS) {
+            if ($result->getCode() == enigma_error::BADPASS) {
                 // ask for password
                 $error = array('missing' => array($key->id => $key->name));
-                return new enigma_error(enigma_error::E_BADPASS, '', $error);
+                return new enigma_error(enigma_error::BADPASS, '', $error);
             }
 
             return $result;
@@ -238,7 +238,7 @@
         }
 
         if (empty($recipients)) {
-            return new enigma_error(enigma_error::E_KEYNOTFOUND);
+            return new enigma_error(enigma_error::KEYNOTFOUND);
         }
 
         $recipients = array_unique($recipients);
@@ -248,7 +248,7 @@
             $key = $this->find_key($email);
 
             if (empty($key)) {
-                return new enigma_error(enigma_error::E_KEYNOTFOUND, '', array(
+                return new enigma_error(enigma_error::KEYNOTFOUND, '', array(
                     'missing' => $email
                 ));
             }
@@ -444,14 +444,16 @@
      */
     private function parse_plain_signed(&$p, $body)
     {
+        if (!$this->rc->config->get('enigma_signatures', true)) {
+            return;
+        }
+
         $this->load_pgp_driver();
         $part = $p['structure'];
 
         // Verify signature
-        if ($this->rc->action == 'show' || $this->rc->action == 'preview') {
-            if ($this->rc->config->get('enigma_signatures', true)) {
-                $sig = $this->pgp_verify($body);
-            }
+        if ($this->rc->action == 'show' || $this->rc->action == 'preview' || $this->rc->action == 'print') {
+            $sig = $this->pgp_verify($body);
         }
 
         // @TODO: Handle big bodies using (temp) files
@@ -505,7 +507,7 @@
             return;
         }
 
-        if ($this->rc->action != 'show' && $this->rc->action != 'preview') {
+        if ($this->rc->action != 'show' && $this->rc->action != 'preview' && $this->rc->action != 'print') {
             return;
         }
 
@@ -552,7 +554,7 @@
         }
 
         // Verify signature
-        if ($this->rc->action == 'show' || $this->rc->action == 'preview') {
+        if ($this->rc->action == 'show' || $this->rc->action == 'preview' || $this->rc->action == 'print') {
             $this->load_smime_driver();
 
             $struct   = $p['structure'];
@@ -729,7 +731,7 @@
         // @TODO: Handle big bodies using (temp) files
         $sig = $this->pgp_driver->verify($msg_body, $sig_body);
 
-        if (($sig instanceof enigma_error) && $sig->getCode() != enigma_error::E_KEYNOTFOUND)
+        if (($sig instanceof enigma_error) && $sig->getCode() != enigma_error::KEYNOTFOUND)
             rcube::raise_error(array(
                 'code' => 600, 'type' => 'php',
                 'file' => __FILE__, 'line' => __LINE__,
@@ -754,7 +756,7 @@
 
         if ($result instanceof enigma_error) {
             $err_code = $result->getCode();
-            if (!in_array($err_code, array(enigma_error::E_KEYNOTFOUND, enigma_error::E_BADPASS)))
+            if (!in_array($err_code, array(enigma_error::KEYNOTFOUND, enigma_error::BADPASS)))
                 rcube::raise_error(array(
                     'code' => 600, 'type' => 'php',
                     'file' => __FILE__, 'line' => __LINE__,
@@ -785,7 +787,7 @@
 
         if ($result instanceof enigma_error) {
             $err_code = $result->getCode();
-            if (!in_array($err_code, array(enigma_error::E_KEYNOTFOUND, enigma_error::E_BADPASS)))
+            if (!in_array($err_code, array(enigma_error::KEYNOTFOUND, enigma_error::BADPASS)))
                 rcube::raise_error(array(
                     'code' => 600, 'type' => 'php',
                     'file' => __FILE__, 'line' => __LINE__,
@@ -814,7 +816,7 @@
 
         if ($result instanceof enigma_error) {
             $err_code = $result->getCode();
-            if (!in_array($err_code, array(enigma_error::E_KEYNOTFOUND, enigma_error::E_BADPASS)))
+            if (!in_array($err_code, array(enigma_error::KEYNOTFOUND, enigma_error::BADPASS)))
                 rcube::raise_error(array(
                     'code' => 600, 'type' => 'php',
                     'file' => __FILE__, 'line' => __LINE__,
@@ -1075,10 +1077,8 @@
             $config = $this->rc->decrypt($config);
             $config = @unserialize($config);
         }
-        
-        if($this->password_time) {
-            $threshold = time() - $this->password_time;
-        }
+
+        $threshold = $this->password_time ? time() - $this->password_time : 0;
         $keys      = array();
 
         // delete expired passwords

--
Gitblit v1.9.1