From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 program/steps/addressbook/list.inc |   56 +++++++++++++++++---------------------------------------
 1 files changed, 17 insertions(+), 39 deletions(-)

diff --git a/program/steps/addressbook/list.inc b/program/steps/addressbook/list.inc
index cc3fc3e..1918f91 100644
--- a/program/steps/addressbook/list.inc
+++ b/program/steps/addressbook/list.inc
@@ -1,6 +1,6 @@
 <?php
 
-/*
+/**
  +-----------------------------------------------------------------------+
  | program/steps/addressbook/list.inc                                    |
  |                                                                       |
@@ -17,50 +17,22 @@
  +-----------------------------------------------------------------------+
  | Author: Thomas Bruederli <roundcube@gmail.com>                        |
  +-----------------------------------------------------------------------+
-
- $Id$
-
 */
 
+if (!empty($_GET['_page']))
+    $page = intval($_GET['_page']);
+else
+    $page = $_SESSION['page'] ?: 1;
+
+$_SESSION['page'] = $page;
+
 // Use search result
-if (!empty($_REQUEST['_search']) && isset($_SESSION['search'][$_REQUEST['_search']]))
-{
-    $search  = (array)$_SESSION['search'][$_REQUEST['_search']];
-    $records = array();
-
-    if (!empty($_GET['_page']))
-        $page = intval($_GET['_page']);
-    else
-        $page = isset($_SESSION['page']) ? $_SESSION['page'] : 1;
-
-    $_SESSION['page'] = $page;
-    $sort_col = $RCMAIL->config->get('addressbook_sort_col', 'name');
-
-    // Get records from all sources
-    foreach ($search as $s => $set) {
-        $source = $RCMAIL->get_address_book($s);
-
-        // reset page
-        $source->set_page(1);
-        $source->set_pagesize(9999);
-        $source->set_search_set($set);
-
-        // get records
-        $result = $source->list_records(array('name', 'firstname', 'surname', 'email'));
-
-        while ($row = $result->next()) {
-            $row['sourceid'] = $s;
-            $key = rcmail_contact_key($row, $sort_col);
-            $records[$key] = $row;
-        }
-        unset($result);
-    }
-
+if (($records = rcmail_search_update(true)) !== false) {
     // sort the records
     ksort($records, SORT_LOCALE_STRING);
 
     // create resultset object
-    $count    = count($records);
+    $count  = count($records);
     $first  = ($page-1) * $PAGE_SIZE;
     $result = new rcube_result_set($count, $first);
 
@@ -73,15 +45,21 @@
 }
 // List selected directory
 else {
+    $afields  = $RCMAIL->config->get('contactlist_fields');
     $CONTACTS = rcmail_contact_source(null, true);
 
     // get contacts for this user
-    $result = $CONTACTS->list_records(array('name', 'firstname', 'surname', 'email'));
+    $result = $CONTACTS->list_records($afields);
 
     if (!$result->count && $result->searchonly) {
         $OUTPUT->show_message('contactsearchonly', 'notice');
         $OUTPUT->command('command', 'advanced-search');
     }
+
+    if ($CONTACTS->group_id) {
+        $OUTPUT->command('set_group_prop', array('ID' => $CONTACTS->group_id)
+            + array_intersect_key((array)$CONTACTS->get_group($CONTACTS->group_id), array('name'=>1,'email'=>1)));
+    }
 }
 
 // update message count display

--
Gitblit v1.9.1