From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
program/steps/addressbook/show.inc | 75 +++++++++++++++++++++----------------
1 files changed, 43 insertions(+), 32 deletions(-)
diff --git a/program/steps/addressbook/show.inc b/program/steps/addressbook/show.inc
index efab5e9..35f381d 100644
--- a/program/steps/addressbook/show.inc
+++ b/program/steps/addressbook/show.inc
@@ -1,11 +1,11 @@
<?php
-/*
+/**
+-----------------------------------------------------------------------+
| program/steps/addressbook/show.inc |
| |
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2005-2012, The Roundcube Dev Team |
+ | Copyright (C) 2005-2013, The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
@@ -32,11 +32,24 @@
if ($cid && ($record = $CONTACTS->get_record($cid, true))) {
$OUTPUT->set_env('readonly', $CONTACTS->readonly || $record['readonly']);
$OUTPUT->set_env('cid', $record['ID']);
- $OUTPUT->set_env('compose_extwin', $RCMAIL->config->get('compose_extwin',false));
+
+ // remember current search request ID (if in search mode)
+ if ($search = rcube_utils::get_input_value('_search', rcube_utils::INPUT_GET)) {
+ $OUTPUT->set_env('search_request', $search);
+ }
}
// get address book name (for display)
rcmail_set_sourcename($CONTACTS);
+
+$OUTPUT->add_handlers(array(
+ 'contacthead' => 'rcmail_contact_head',
+ 'contactdetails' => 'rcmail_contact_details',
+ 'contactphoto' => 'rcmail_contact_photo',
+));
+
+$OUTPUT->send('contact');
+
function rcmail_contact_head($attrib)
@@ -45,18 +58,24 @@
// check if we have a valid result
if (!(($result = $CONTACTS->get_result()) && ($record = $result->first()))) {
- $RCMAIL->output->show_message('contactnotfound');
+ $RCMAIL->output->show_message('contactnotfound', 'error');
return false;
}
$form = array(
'head' => array( // section 'head' is magic!
+ 'name' => $RCMAIL->gettext('contactnameandorg'),
'content' => array(
- 'prefix' => array('type' => 'text'),
- 'firstname' => array('type' => 'text'),
- 'middlename' => array('type' => 'text'),
- 'surname' => array('type' => 'text'),
- 'suffix' => array('type' => 'text'),
+ 'prefix' => array('type' => 'text'),
+ 'firstname' => array('type' => 'text'),
+ 'middlename' => array('type' => 'text'),
+ 'surname' => array('type' => 'text'),
+ 'suffix' => array('type' => 'text'),
+ 'name' => array('type' => 'text'),
+ 'nickname' => array('type' => 'text'),
+ 'organization' => array('type' => 'text'),
+ 'department' => array('type' => 'text'),
+ 'jobtitle' => array('type' => 'text'),
),
),
);
@@ -72,15 +91,14 @@
// check if we have a valid result
if (!(($result = $CONTACTS->get_result()) && ($record = $result->first()))) {
- //$RCMAIL->output->show_message('contactnotfound');
return false;
}
- $i_size = !empty($attrib['size']) ? $attrib['size'] : 40;
+ $i_size = $attrib['size'] ?: 40;
$form = array(
'contact' => array(
- 'name' => rcube_label('properties'),
+ 'name' => $RCMAIL->gettext('properties'),
'content' => array(
'email' => array('size' => $i_size, 'render_func' => 'rcmail_render_email_value'),
'phone' => array('size' => $i_size),
@@ -90,7 +108,7 @@
),
),
'personal' => array(
- 'name' => rcube_label('personalinfo'),
+ 'name' => $RCMAIL->gettext('personalinfo'),
'content' => array(
'gender' => array('size' => $i_size),
'maidenname' => array('size' => $i_size),
@@ -102,19 +120,19 @@
),
),
);
-
+
if (isset($CONTACT_COLTYPES['notes'])) {
$form['notes'] = array(
- 'name' => rcube_label('notes'),
+ 'name' => $RCMAIL->gettext('notes'),
'content' => array(
'notes' => array('type' => 'textarea', 'label' => false),
),
);
}
-
+
if ($CONTACTS->groups) {
$form['groups'] = array(
- 'name' => rcube_label('groups'),
+ 'name' => $RCMAIL->gettext('groups'),
'content' => rcmail_contact_record_groups($record['ID']),
);
}
@@ -125,12 +143,14 @@
function rcmail_render_email_value($email)
{
+ global $RCMAIL;
+
return html::a(array(
'href' => 'mailto:' . $email,
- 'onclick' => sprintf("return %s.command('compose','%s',this)", JS_OBJECT_NAME, JQ($email)),
- 'title' => rcube_label('composeto'),
+ 'onclick' => sprintf("return %s.command('compose','%s',this)", rcmail_output::JS_OBJECT_NAME, rcube::JQ($email)),
+ 'title' => $RCMAIL->gettext('composeto'),
'class' => 'email',
- ), Q($email));
+ ), rcube::Q($email));
}
@@ -141,7 +161,7 @@
'href' => $prefix . $url,
'target' => '_blank',
'class' => 'url',
- ), Q($url));
+ ), rcube::Q($url));
}
@@ -164,10 +184,10 @@
$gid = $group['ID'];
$table->add(null, $checkbox->show($members[$gid] ? $gid : null,
array('value' => $gid, 'id' => 'ff_gid' . $gid)));
- $table->add(null, html::label('ff_gid' . $gid, Q($group['name'])));
+ $table->add(null, html::label('ff_gid' . $gid, rcube::Q($group['name'])));
}
- $hiddenfields = new html_hiddenfield(array('name' => '_source', 'value' => get_input_value('_source', RCUBE_INPUT_GPC)));
+ $hiddenfields = new html_hiddenfield(array('name' => '_source', 'value' => rcube_utils::get_input_value('_source', rcube_utils::INPUT_GPC)));
$hiddenfields->add(array('name' => '_cid', 'value' => $contact_id));
$form_start = $RCMAIL->output->request_form(array(
@@ -182,12 +202,3 @@
return $form_start . html::tag('fieldset', 'contactfieldgroup contactgroups', $table->show()) . $form_end;
}
-
-
-$OUTPUT->add_handlers(array(
- 'contacthead' => 'rcmail_contact_head',
- 'contactdetails' => 'rcmail_contact_details',
- 'contactphoto' => 'rcmail_contact_photo',
-));
-
-$OUTPUT->send('contact');
--
Gitblit v1.9.1