From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 program/lib/Roundcube/rcube_imap_generic.php |   23 +++++++++++++++++------
 1 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/program/lib/Roundcube/rcube_imap_generic.php b/program/lib/Roundcube/rcube_imap_generic.php
index 1acb12b..1442eca 100644
--- a/program/lib/Roundcube/rcube_imap_generic.php
+++ b/program/lib/Roundcube/rcube_imap_generic.php
@@ -194,7 +194,7 @@
 
         do {
             if ($this->eof()) {
-                return $line ? $line : null;
+                return $line ?: null;
             }
 
             $buffer = fgets($this->fp, $size);
@@ -462,7 +462,7 @@
             }
         }
 
-        return !empty($result) ? $result : false;
+        return $result ?: false;
     }
 
     /**
@@ -997,7 +997,18 @@
                 return false;
             }
 
-            if (!stream_socket_enable_crypto($this->fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) {
+            if (isset($this->prefs['socket_options']['ssl']['crypto_method'])) {
+                $crypto_method = $this->prefs['socket_options']['ssl']['crypto_method'];
+            }
+            else {
+                // There is no flag to enable all TLS methods. Net_SMTP
+                // handles enabling TLS similarly.
+                $crypto_method = STREAM_CRYPTO_METHOD_TLS_CLIENT
+                    | @STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT
+                    | @STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
+            }
+
+            if (!stream_socket_enable_crypto($this->fp, true, $crypto_method)) {
                 $this->setError(self::ERROR_BAD, "Unable to negotiate TLS");
                 $this->closeConnection();
                 return false;
@@ -1187,7 +1198,7 @@
         list($code, $response) = $this->execute('STATUS', array($this->escape($mailbox),
             '(' . implode(' ', (array) $items) . ')'));
 
-        if ($code == self::ERROR_OK && preg_match('/\* STATUS /i', $response)) {
+        if ($code == self::ERROR_OK && preg_match('/^\* STATUS /i', $response)) {
             $result   = array();
             $response = substr($response, 9); // remove prefix "* STATUS "
 
@@ -1654,7 +1665,7 @@
             !empty($args) ? '(' . implode(' ', (array) $args) . ')' : $this->escape(null)
         ));
 
-        if ($code == self::ERROR_OK && preg_match('/\* ID /i', $response)) {
+        if ($code == self::ERROR_OK && preg_match('/^\* ID /i', $response)) {
             $response = substr($response, 5); // remove prefix "* ID "
             $items    = $this->tokenizeResponse($response, 1);
             $result   = null;
@@ -1707,7 +1718,7 @@
 
         list($code, $response) = $this->execute('ENABLE', $extension);
 
-        if ($code == self::ERROR_OK && preg_match('/\* ENABLED /i', $response)) {
+        if ($code == self::ERROR_OK && preg_match('/^\* ENABLED /i', $response)) {
             $response = substr($response, 10); // remove prefix "* ENABLED "
             $result   = (array) $this->tokenizeResponse($response);
 

--
Gitblit v1.9.1