From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 program/steps/addressbook/undo.inc |   48 ++++++------------------------------------------
 1 files changed, 6 insertions(+), 42 deletions(-)

diff --git a/program/steps/addressbook/undo.inc b/program/steps/addressbook/undo.inc
index 88701a4..973bfec 100644
--- a/program/steps/addressbook/undo.inc
+++ b/program/steps/addressbook/undo.inc
@@ -1,11 +1,11 @@
 <?php
 
-/*
+/**
  +-----------------------------------------------------------------------+
  | program/steps/addressbook/undo.inc                                    |
  |                                                                       |
  | This file is part of the Roundcube Webmail client                     |
- | Copyright (C) 2011, Kolab Systems AG                                  |
+ | Copyright (C) 2011-2013, Kolab Systems AG                             |
  |                                                                       |
  | Licensed under the GNU General Public License version 3 or            |
  | any later version with exceptions for skins & plugins.                |
@@ -17,20 +17,17 @@
  +-----------------------------------------------------------------------+
  | Author: Aleksander Machniak <machniak@kolabsys.com>                   |
  +-----------------------------------------------------------------------+
-
- $Id$
-
 */
 
 // process ajax requests only
-if (!$OUTPUT->ajax_call)
+if (!$OUTPUT->ajax_call) {
     return;
+}
 
 $undo   = $_SESSION['contact_undo'];
 $delcnt = 0;
 
-foreach ((array)$undo['data'] as $source => $cid)
-{
+foreach ((array)$undo['data'] as $source => $cid) {
     $CONTACTS = rcmail_contact_source($source);
 
     $plugin = $RCMAIL->plugins->exec_hook('contact_undelete', array(
@@ -39,46 +36,13 @@
     $restored = !$plugin['abort'] ? $CONTACTS->undelete($cid) : $plugin['result'];
 
     if (!$restored) {
-        $OUTPUT->show_message($plugin['message'] ? $plugin['message'] : 'contactrestoreerror', 'error');
+        $OUTPUT->show_message($plugin['message'] ?: 'contactrestoreerror', 'error');
         $OUTPUT->command('list_contacts');
         $OUTPUT->send();
     }
     else {
         $delcnt += $restored;
     }
-}
-
-// update saved search after data changed
-if ($delcnt && ($search_request = $_REQUEST['_search']) && isset($_SESSION['search'][$search_request])) {
-    $search  = (array)$_SESSION['search'][$search_request];
-
-    foreach ($search as $s => $set) {
-        $source = $RCMAIL->get_address_book($s);
-
-        // reset page
-        $source->set_page(1);
-        $source->set_pagesize(9999);
-        $source->set_search_set($set);
-
-        // get records
-        $result = $source->list_records(array('name', 'email'));
-
-        if (!$result->count) {
-            unset($search[$s]);
-            continue;
-        }
-
-        while ($row = $result->next()) {
-            $row['sourceid'] = $s;
-            $key = $row['name'] . ':' . $row['sourceid'];
-            $records[$key] = $row;
-        }
-        unset($result);
-
-        $search[$s] = $source->get_search_set();
-    }
-
-    $_SESSION['search'][$search_request] = $search;
 }
 
 $RCMAIL->session->remove('contact_undo');

--
Gitblit v1.9.1