From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
program/steps/addressbook/move.inc | 46 +++++++++++++++++++++++++++-------------------
1 files changed, 27 insertions(+), 19 deletions(-)
diff --git a/program/steps/addressbook/move.inc b/program/steps/addressbook/move.inc
index 42180d7..bdbf4b1 100644
--- a/program/steps/addressbook/move.inc
+++ b/program/steps/addressbook/move.inc
@@ -1,6 +1,6 @@
<?php
-/*
+/**
+-----------------------------------------------------------------------+
| program/steps/addressbook/move.inc |
| |
@@ -25,15 +25,15 @@
}
$cids = rcmail_get_cids();
-$target = get_input_value('_to', RCUBE_INPUT_POST);
-$target_group = get_input_value('_togid', RCUBE_INPUT_POST);
+$target = rcube_utils::get_input_value('_to', rcube_utils::INPUT_POST);
+$target_group = rcube_utils::get_input_value('_togid', rcube_utils::INPUT_POST);
$all = 0;
$deleted = 0;
$success = 0;
$errormsg = 'moveerror';
$maxnum = $RCMAIL->config->get('max_group_members', 0);
-$page = !empty($_SESSION['page']) ? $_SESSION['page'] : 1;
+$page = $_SESSION['page'] ?: 1;
foreach ($cids as $source => $source_cids) {
// Something wrong, target not specified
@@ -71,8 +71,10 @@
// Check if contact exists, if so, we'll need it's ID
// Note: Some addressbooks allows empty email address field
- if (!empty($a_record['email']))
- $result = $TARGET->search('email', $a_record['email'], 1, true, true);
+ // @TODO: should we check all email addresses?
+ $email = $CONTACTS->get_col_values('email', $a_record, true);
+ if (!empty($email))
+ $result = $TARGET->search('email', $email[0], 1, true, true);
else if (!empty($a_record['name']))
$result = $TARGET->search('name', $a_record['name'], 1, true, true);
else
@@ -95,9 +97,9 @@
}
}
else {
- $record = $result->first();
- $ids[] = $record['ID'];
- $errormsg = empty($a_record['email']) ? 'contactnameexists' : 'contactexists';
+ $record = $result->first();
+ $ids[] = $record['ID'];
+ $errormsg = empty($email) ? 'contactnameexists' : 'contactexists';
}
}
@@ -135,15 +137,11 @@
$success = $plugin['result'];
}
- $errormsg = $plugin['message'] ? $plugin['message'] : 'moveerror';
+ $errormsg = $plugin['message'] ?: 'moveerror';
}
}
if (!$deleted || $deleted != $all) {
- // update saved search after data changed
- if ($deleted) {
- rcmail_search_update();
- }
$OUTPUT->command('list_contacts');
}
else {
@@ -155,8 +153,13 @@
$result = new rcube_result_set($count, $first);
$pages = ceil((count($records) + $delcnt) / $PAGE_SIZE);
+ // last page and it's empty, display previous one
+ if ($result->count && $result->count <= ($PAGE_SIZE * ($page - 1))) {
+ $OUTPUT->command('list_page', 'prev');
+ $rowcount = $RCMAIL->gettext('loading');
+ }
// get records from the next page to add to the list
- if ($_GET['_from'] != 'show' && $pages > 1 && $page < $pages) {
+ else if ($pages > 1 && $page < $pages) {
// sort the records
ksort($records, SORT_LOCALE_STRING);
@@ -178,10 +181,15 @@
else {
// count contacts for this user
$result = $CONTACTS->count();
- // get records from the next page to add to the list
- $pages = ceil(($result->count + $deleted) / $PAGE_SIZE);
+ $pages = ceil(($result->count + $deleted) / $PAGE_SIZE);
- if ($_GET['_from'] != 'show' && $pages > 1 && $page < $pages) {
+ // last page and it's empty, display previous one
+ if ($result->count && $result->count <= ($PAGE_SIZE * ($page - 1))) {
+ $OUTPUT->command('list_page', 'prev');
+ $rowcount = $RCMAIL->gettext('loading');
+ }
+ // get records from the next page to add to the list
+ else if ($pages > 1 && $page < $pages) {
$CONTACTS->set_page($page);
$records = $CONTACTS->list_records(null, -$deleted);
}
@@ -189,7 +197,7 @@
// update message count display
$OUTPUT->set_env('pagecount', ceil($result->count / $PAGE_SIZE));
- $OUTPUT->command('set_rowcount', rcmail_get_rowcount_text($result));
+ $OUTPUT->command('set_rowcount', $rowcount ?: rcmail_get_rowcount_text($result));
// add new rows from next page (if any)
if (!empty($records)) {
--
Gitblit v1.9.1