From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 program/steps/addressbook/upload_photo.inc |   18 ++++++++++--------
 1 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/program/steps/addressbook/upload_photo.inc b/program/steps/addressbook/upload_photo.inc
index 035d67e..4661ed2 100644
--- a/program/steps/addressbook/upload_photo.inc
+++ b/program/steps/addressbook/upload_photo.inc
@@ -1,6 +1,6 @@
 <?php
 
-/*
+/**
  +-----------------------------------------------------------------------+
  | program/steps/addressbook/upload_photo.inc                            |
  |                                                                       |
@@ -54,7 +54,7 @@
         ));
     }
     else {
-        $attachment['error'] = rcube_label('invalidimageformat');
+        $attachment['error'] = $RCMAIL->gettext('invalidimageformat');
     }
 
     if ($attachment['status'] && !$attachment['abort']) {
@@ -63,14 +63,16 @@
         $OUTPUT->command('replace_contact_photo', $file_id);
     }
     else {  // upload failed
-        $err = $_FILES['_photo']['error'];
+        $err  = $_FILES['_photo']['error'];
+        $size = $RCMAIL->show_bytes(parse_bytes(ini_get('upload_max_filesize')));
+
         if ($err == UPLOAD_ERR_INI_SIZE || $err == UPLOAD_ERR_FORM_SIZE)
-            $msg = rcube_label(array('name' => 'filesizeerror', 'vars' => array('size' => show_bytes(parse_bytes(ini_get('upload_max_filesize'))))));
+            $msg = $RCMAIL->gettext(array('name' => 'filesizeerror', 'vars' => array('size' => $size)));
         else if ($attachment['error'])
             $msg = $attachment['error'];
         else
-            $msg = rcube_label('fileuploaderror');
-            
+            $msg = $RCMAIL->gettext('fileuploaderror');
+
         $OUTPUT->command('display_message', $msg, 'error');
     }
 }
@@ -78,9 +80,9 @@
     // if filesize exceeds post_max_size then $_FILES array is empty,
     // show filesizeerror instead of fileuploaderror
     if ($maxsize = ini_get('post_max_size'))
-        $msg = rcube_label(array('name' => 'filesizeerror', 'vars' => array('size' => show_bytes(parse_bytes($maxsize)))));
+        $msg = $RCMAIL->gettext(array('name' => 'filesizeerror', 'vars' => array('size' => $RCMAIL->show_bytes(parse_bytes($maxsize)))));
     else
-        $msg = rcube_label('fileuploaderror');
+        $msg = $RCMAIL->gettext('fileuploaderror');
 
     $OUTPUT->command('display_message', $msg, 'error');
 }

--
Gitblit v1.9.1