From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 plugins/subscriptions_option/subscriptions_option.php |   13 ++++++++-----
 1 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/plugins/subscriptions_option/subscriptions_option.php b/plugins/subscriptions_option/subscriptions_option.php
index 7678d8e..fa40631 100644
--- a/plugins/subscriptions_option/subscriptions_option.php
+++ b/plugins/subscriptions_option/subscriptions_option.php
@@ -7,12 +7,12 @@
  * It includes a toggle on the settings page under "Server Settings".
  * The preference can also be locked
  *
- * Add it to the plugins list in config/main.inc.php to enable the user option
+ * Add it to the plugins list in config.inc.php to enable the user option
  * The user option can be hidden and set globally by adding 'use_subscriptions'
  * to the 'dont_override' configure line:
- * $rcmail_config['dont_override'] = array('use_subscriptions');
+ * $config['dont_override'] = array('use_subscriptions');
  * and then set the global preference
- * $rcmail_config['use_subscriptions'] = true; // or false
+ * $config['use_subscriptions'] = true; // or false
  *
  * Roundcube caches folder lists.  When a user changes this option or visits
  * their folder list, this cache is refreshed.  If the option is on the
@@ -21,6 +21,7 @@
  *
  * @version @package_version@
  * @author Ziba Scott
+ * @license GNU GPLv3+
  */
 class subscriptions_option extends rcube_plugin
 {
@@ -60,7 +61,7 @@
             $rcmail = rcmail::get_instance();
             $use_subscriptions = $rcmail->config->get('use_subscriptions');
 
-            $args['prefs']['use_subscriptions'] = isset($_POST['_use_subscriptions']) ? true : false;
+            $args['prefs']['use_subscriptions'] = isset($_POST['_use_subscriptions']);
 
             // if the use_subscriptions preference changes, flush the folder cache
             if (($use_subscriptions && !isset($_POST['_use_subscriptions'])) ||
@@ -85,7 +86,9 @@
     {
         $rcmail = rcmail::get_instance();
         if (!$rcmail->config->get('use_subscriptions', true)) {
-            $args['table']->remove_column('subscribed');
+            foreach ($args['list'] as $idx => $data) {
+                $args['list'][$idx]['content'] = preg_replace('/<input [^>]+>/', '', $data['content']);
+            }
         }
         return $args;
     }

--
Gitblit v1.9.1