From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 program/lib/Roundcube/rcube_db_mysql.php |   34 ++++++++++++++++++++++++++++++++--
 1 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/program/lib/Roundcube/rcube_db_mysql.php b/program/lib/Roundcube/rcube_db_mysql.php
index 067e94b..ee2194f 100644
--- a/program/lib/Roundcube/rcube_db_mysql.php
+++ b/program/lib/Roundcube/rcube_db_mysql.php
@@ -1,6 +1,6 @@
 <?php
 
-/*
+/**
  +-----------------------------------------------------------------------+
  | This file is part of the Roundcube Webmail client                     |
  | Copyright (C) 2005-2012, The Roundcube Dev Team                       |
@@ -118,7 +118,7 @@
      */
     protected function dsn_options($dsn)
     {
-        $result = array();
+        $result = parent::dsn_options($dsn);
 
         if (!empty($dsn['key'])) {
             $result[PDO::MYSQL_ATTR_SSL_KEY] = $dsn['key'];
@@ -150,6 +150,30 @@
     }
 
     /**
+     * Returns list of tables in a database
+     *
+     * @return array List of all tables of the current database
+     */
+    public function list_tables()
+    {
+        // get tables if not cached
+        if ($this->tables === null) {
+            // first fetch current database name
+            $d = $this->query("SELECT database()");
+            $d = $this->fetch_array($d);
+
+            // get list of tables in current database
+            $q = $this->query("SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES"
+                . " WHERE TABLE_SCHEMA = ? AND TABLE_TYPE = 'BASE TABLE'"
+                . " ORDER BY TABLE_NAME", $d ? $d[0] : '');
+
+            $this->tables = $q ? $q->fetchAll(PDO::FETCH_COLUMN, 0) : array();
+        }
+
+        return $this->tables;
+    }
+
+    /**
      * Get database runtime variables
      *
      * @param string $varname Variable name
@@ -167,6 +191,12 @@
             return $this->variables[$varname];
         }
 
+        // configured value has higher prio
+        $conf_value = rcube::get_instance()->config->get('db_' . $varname);
+        if ($conf_value !== null) {
+            return $this->variables[$varname] = $conf_value;
+        }
+
         $result = $this->query('SHOW VARIABLES LIKE ?', $varname);
 
         while ($row = $this->fetch_array($result)) {

--
Gitblit v1.9.1