From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php | 12 +++++++-----
1 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php b/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php
index 2e267eb..3fb1684 100644
--- a/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php
+++ b/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php
@@ -63,7 +63,7 @@
1 => 'notifyimportancehigh'
);
- const VERSION = '8.4';
+ const VERSION = '8.5';
const PROGNAME = 'Roundcube (Managesieve)';
const PORT = 4190;
@@ -397,6 +397,8 @@
}
}
else if ($action == 'setget') {
+ $this->rc->request_security_check(rcube_utils::INPUT_GET);
+
$script_name = rcube_utils::get_input_value('_set', rcube_utils::INPUT_GPC, true);
$script = $this->sieve->get_script($script_name);
@@ -633,8 +635,8 @@
foreach ($sizeitems as $item)
$items[] = $item;
- $this->form['disabled'] = $_POST['_disabled'] ? true : false;
- $this->form['join'] = $join=='allof' ? true : false;
+ $this->form['disabled'] = !empty($_POST['_disabled']);
+ $this->form['join'] = $join == 'allof';
$this->form['name'] = $name;
$this->form['tests'] = array();
$this->form['actions'] = array();
@@ -1685,7 +1687,7 @@
$test = $rule['type'];
}
else if (in_array($rule['test'], $set)) {
- $test = ($rule['not'] ? 'not' : '') . ($rule['type'] ? $rule['type'] : 'is');
+ $test = ($rule['not'] ? 'not' : '') . ($rule['type'] ?: 'is');
}
else {
$test = ($rule['not'] ? 'not' : '') . $rule['test'];
@@ -2358,7 +2360,7 @@
if (empty($filter['actions'])) {
continue;
}
- $fname = $filter['name'] ? $filter['name'] : "#$i";
+ $fname = $filter['name'] ?: "#$i";
$result[] = array(
'id' => $idx,
'name' => $fname,
--
Gitblit v1.9.1