From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 program/steps/addressbook/import.inc |   19 ++++++++++---------
 1 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/program/steps/addressbook/import.inc b/program/steps/addressbook/import.inc
index 33e4732..4425498 100644
--- a/program/steps/addressbook/import.inc
+++ b/program/steps/addressbook/import.inc
@@ -1,6 +1,6 @@
 <?php
 
-/*
+/**
  +-----------------------------------------------------------------------+
  | program/steps/addressbook/import.inc                                  |
  |                                                                       |
@@ -136,7 +136,7 @@
                 }
                 if ($existing && $existing->count) {
                     $IMPORT_STATS->skipped++;
-                    $IMPORT_STATS->skipped_names[] = $vcard->displayname ? $vcard->displayname : $email;
+                    $IMPORT_STATS->skipped_names[] = $vcard->displayname ?: $email;
                     continue;
                 }
             }
@@ -164,7 +164,7 @@
                 }
 
                 $IMPORT_STATS->inserted++;
-                $IMPORT_STATS->names[] = $a_record['name'] ? $a_record['name'] : $email;
+                $IMPORT_STATS->names[] = $a_record['name'] ?: $email;
             }
             else {
                 $IMPORT_STATS->errors++;
@@ -276,7 +276,7 @@
         )) . ($IMPORT_STATS->names ? ':' : '.'));
 
     if ($IMPORT_STATS->names) {
-        $content .= html::p('em', join(', ', array_map('Q', $IMPORT_STATS->names)));
+        $content .= html::p('em', join(', ', array_map(array('rcube', 'Q'), $IMPORT_STATS->names)));
     }
 
     if ($IMPORT_STATS->skipped) {
@@ -285,7 +285,7 @@
                 'nr'   => $IMPORT_STATS->skipped,
                 'vars' => $vars,
             )) . ':')
-            . html::p('em', join(', ', array_map('Q', $IMPORT_STATS->skipped_names)));
+            . html::p('em', join(', ', array_map(array('rcube', 'Q'), $IMPORT_STATS->skipped_names)));
     }
 
     return html::div($attrib, $content);
@@ -308,10 +308,11 @@
         $out = $OUTPUT->button(array('command' => 'list', 'prop' => $target, 'label' => 'done') + $attrib);
     }
     else {
-        $out = $OUTPUT->button(array('command' => 'list', 'label' => 'cancel') + $attrib);
-        $out .= '&nbsp;';
+        $cancel = $OUTPUT->button(array('command' => 'list', 'label' => 'cancel') + $attrib);
         $attrib['class'] = trim($attrib['class'] . ' mainaction');
-        $out .= $OUTPUT->button(array('command' => 'import', 'label' => 'import') + $attrib);
+        $out  = $OUTPUT->button(array('command' => 'import', 'label' => 'import') + $attrib);
+        $out .= '&nbsp;';
+        $out .= $cancel;
     }
 
     return $out;
@@ -323,7 +324,7 @@
 function rcmail_import_group_id($group_name, $CONTACTS, $create, &$import_groups)
 {
     $group_id = 0;
-    foreach ($import_groups as $key => $group) {
+    foreach ($import_groups as $group) {
         if (strtolower($group['name']) == strtolower($group_name)) {
             $group_id = $group['ID'];
             break;

--
Gitblit v1.9.1