From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 program/steps/addressbook/edit.inc |   13 +++++++------
 1 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/program/steps/addressbook/edit.inc b/program/steps/addressbook/edit.inc
index 27d2679..a826f17 100644
--- a/program/steps/addressbook/edit.inc
+++ b/program/steps/addressbook/edit.inc
@@ -1,6 +1,6 @@
 <?php
 
-/*
+/**
  +-----------------------------------------------------------------------+
  | program/steps/addressbook/edit.inc                                    |
  |                                                                       |
@@ -104,7 +104,7 @@
 
     // check if we have a valid result
     $record = rcmail_get_edit_record();
-    $i_size = !empty($attrib['size']) ? $attrib['size'] : 20;
+    $i_size = $attrib['size'] ?: 20;
 
     $form = array(
         'head' => array(
@@ -143,9 +143,9 @@
     if (preg_match_all('/\{([a-z0-9]+)\}([^{]*)/i', $RCMAIL->config->get('address_template', ''), $templ, PREG_SET_ORDER))
       $RCMAIL->output->set_env('address_template', $templ);
 
-    $i_size = !empty($attrib['size']) ? $attrib['size'] : 40;
-    $t_rows = !empty($attrib['textarearows']) ? $attrib['textarearows'] : 10;
-    $t_cols = !empty($attrib['textareacols']) ? $attrib['textareacols'] : 40;
+    $i_size = $attrib['size'] ?: 40;
+    $t_rows = $attrib['textarearows'] ?: 10;
+    $t_cols = $attrib['textareacols'] ?: 40;
 
     $form = array(
         'contact' => array(
@@ -258,6 +258,7 @@
         if ($RCMAIL->action == 'edit')
             $hiddenfields->add(array('name' => '_source', 'value' => $SOURCE_ID));
         $hiddenfields->add(array('name' => '_gid', 'value' => $CONTACTS->group_id));
+        $hiddenfields->add(array('name' => '_search', 'value' => rcube_utils::get_input_value('_search', rcube_utils::INPUT_GPC)));
 
         if (($result = $CONTACTS->get_result()) && ($record = $result->first()))
             $hiddenfields->add(array('name' => '_cid', 'value' => $record['ID']));
@@ -269,7 +270,7 @@
             'noclose' => true) + $attrib, $hiddenfields->show());
         $form_end = !strlen($attrib['form']) ? '</form>' : '';
 
-        $EDIT_FORM = !empty($attrib['form']) ? $attrib['form'] : 'form';
+        $EDIT_FORM = $attrib['form'] ?: 'form';
         $RCMAIL->output->add_gui_object('editform', $EDIT_FORM);
     }
 

--
Gitblit v1.9.1