From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
program/lib/Roundcube/rcube_addressbook.php | 29 ++++++++++++++---------------
1 files changed, 14 insertions(+), 15 deletions(-)
diff --git a/program/lib/Roundcube/rcube_addressbook.php b/program/lib/Roundcube/rcube_addressbook.php
index a08baf7..5f13da0 100644
--- a/program/lib/Roundcube/rcube_addressbook.php
+++ b/program/lib/Roundcube/rcube_addressbook.php
@@ -150,7 +150,7 @@
/**
* Setter for errors for internal use
*
- * @param int Error type (one of this class' error constants)
+ * @param int Error type (one of this class' error constants)
* @param string Error message (name of a text label)
*/
protected function set_error($type, $message)
@@ -167,8 +167,7 @@
/**
* Set internal list page
*
- * @param number Page number to list
- * @access public
+ * @param number Page number to list
*/
function set_page($page)
{
@@ -178,8 +177,7 @@
/**
* Set internal page size
*
- * @param number Number of messages to display on one page
- * @access public
+ * @param number Number of messages to display on one page
*/
function set_pagesize($size)
{
@@ -206,8 +204,9 @@
* Check the given data before saving.
* If input isn't valid, the message to display can be fetched using get_error()
*
- * @param array Assoziative array with data to save
+ * @param array Assoziative array with data to save
* @param boolean Attempt to fix/complete record automatically
+ *
* @return boolean True if input is valid, False if not.
*/
public function validate(&$save_data, $autofix = false)
@@ -296,10 +295,10 @@
/**
* Mark one or more contact records as deleted
*
- * @param array Record identifiers
- * @param bool Remove records irreversible (see self::undelete)
+ * @param array Record identifiers
+ * @param bool Remove records irreversible (see self::undelete)
*/
- function delete($ids, $force=true)
+ function delete($ids, $force = true)
{
/* empty for read-only address books */
}
@@ -307,7 +306,7 @@
/**
* Unmark delete flag on contact record(s)
*
- * @param array Record identifiers
+ * @param array Record identifiers
*/
function undelete($ids)
{
@@ -540,7 +539,7 @@
else if ($compose_mode == 1)
$fn = join(' ', array($contact['firstname'], $contact['middlename'], $contact['surname']));
else if ($compose_mode == 0)
- $fn = !empty($contact['name']) ? $contact['name'] : join(' ', array($contact['prefix'], $contact['firstname'], $contact['middlename'], $contact['surname'], $contact['suffix']));
+ $fn = $contact['name'] ?: join(' ', array($contact['prefix'], $contact['firstname'], $contact['middlename'], $contact['surname'], $contact['suffix']));
else {
$plugin = rcube::get_instance()->plugins->exec_hook('contact_listname', array('contact' => $contact));
$fn = $plugin['fn'];
@@ -551,12 +550,12 @@
// fallbacks...
if ($fn === '') {
// ... display name
- if (!empty($contact['name'])) {
- $fn = $contact['name'];
+ if ($name = trim($contact['name'])) {
+ $fn = $name;
}
// ... organization
- else if (!empty($contact['organization'])) {
- $fn = $contact['organization'];
+ else if ($org = trim($contact['organization'])) {
+ $fn = $org;
}
// ... email address
else if (($email = self::get_col_values('email', $contact, true)) && !empty($email)) {
--
Gitblit v1.9.1