From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 program/steps/addressbook/copy.inc |   19 +++++++++----------
 1 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/program/steps/addressbook/copy.inc b/program/steps/addressbook/copy.inc
index d438719..6c1c0e8 100644
--- a/program/steps/addressbook/copy.inc
+++ b/program/steps/addressbook/copy.inc
@@ -1,11 +1,11 @@
 <?php
 
-/*
+/**
  +-----------------------------------------------------------------------+
  | program/steps/addressbook/copy.inc                                    |
  |                                                                       |
  | This file is part of the Roundcube Webmail client                     |
- | Copyright (C) 2007, The Roundcube Dev Team                            |
+ | Copyright (C) 2007-2013, The Roundcube Dev Team                       |
  |                                                                       |
  | Licensed under the GNU General Public License version 3 or            |
  | any later version with exceptions for skins & plugins.                |
@@ -25,15 +25,14 @@
 
 
 $cids         = rcmail_get_cids();
-$target       = get_input_value('_to', RCUBE_INPUT_POST);
-$target_group = get_input_value('_togid', RCUBE_INPUT_POST);
+$target       = rcube_utils::get_input_value('_to', rcube_utils::INPUT_POST);
+$target_group = rcube_utils::get_input_value('_togid', rcube_utils::INPUT_POST);
 
 $success  = 0;
 $errormsg = 'copyerror';
 $maxnum   = $RCMAIL->config->get('max_group_members', 0);
 
-foreach ($cids as $source => $cid)
-{
+foreach ($cids as $source => $cid) {
     // Something wrong, target not specified
     if (!strlen($target)) {
         break;
@@ -89,9 +88,9 @@
             }
         }
         else {
-            $record = $result->first();
-            $ids[] = $record['ID'];
-            $errormsg = empty($a_record['email']) ? 'contactnameexists' : 'contactexists';
+            $record   = $result->first();
+            $ids[]    = $record['ID'];
+            $errormsg = empty($email) ? 'contactnameexists' : 'contactexists';
         }
     }
 
@@ -116,7 +115,7 @@
             $success = $plugin['result'];
         }
 
-        $errormsg = $plugin['message'] ? $plugin['message'] : 'copyerror';
+        $errormsg = $plugin['message'] ?: 'copyerror';
     }
 }
 

--
Gitblit v1.9.1