From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
program/steps/mail/check_recent.inc | 26 +++++++++++++++-----------
1 files changed, 15 insertions(+), 11 deletions(-)
diff --git a/program/steps/mail/check_recent.inc b/program/steps/mail/check_recent.inc
index 8b2ebf0..984c53c 100644
--- a/program/steps/mail/check_recent.inc
+++ b/program/steps/mail/check_recent.inc
@@ -1,6 +1,6 @@
<?php
-/*
+/**
+-----------------------------------------------------------------------+
| program/steps/mail/check_recent.inc |
| |
@@ -21,17 +21,20 @@
// If there's no folder or messages list, there's nothing to update
// This can happen on 'refresh' request
-if (empty($_REQUEST['_folderlist']) && empty($_REQUEST['_list'])) {
+if (empty($_POST['_folderlist']) && empty($_POST['_list'])) {
return;
}
$trash = $RCMAIL->config->get('trash_mbox');
$current = $RCMAIL->storage->get_folder();
$check_all = $RCMAIL->action != 'refresh' || (bool)$RCMAIL->config->get('check_all_folders');
+$page = $RCMAIL->storage->get_page();
+$page_size = $RCMAIL->storage->get_pagesize();
$search_request = rcube_utils::get_input_value('_search', rcube_utils::INPUT_GPC);
-if ($search_request && $_SESSION['search_request'] != $search_request)
+if ($search_request && $_SESSION['search_request'] != $search_request) {
$search_request = null;
+}
// list of folders to check
if ($check_all) {
@@ -76,25 +79,26 @@
if ($search_request && isset($_SESSION['search'])) {
unset($search_request); // only do this once
$_SESSION['search'] = $RCMAIL->storage->refresh_search();
- if ($_SESSION['search'][1]->multi)
+ if ($_SESSION['search'][1]->multi) {
$mbox_name = '';
+ }
}
- if (!empty($_GET['_quota']))
- $OUTPUT->command('set_quota', $RCMAIL->quota_content());
+ if (!empty($_POST['_quota'])) {
+ $OUTPUT->command('set_quota', $RCMAIL->quota_content(null, $mbox_name));
+ }
- $OUTPUT->set_env('exists', $RCMAIL->storage->count($mbox_name, 'EXISTS'));
+ $OUTPUT->set_env('exists', $RCMAIL->storage->count($mbox_name, 'EXISTS', true));
// "No-list" mode, don't get messages
- if (empty($_GET['_list']))
+ if (empty($_POST['_list'])) {
continue;
+ }
// get overall message count; allow caching because rcube_storage::folder_status()
// did a refresh but only in list mode
$list_mode = $RCMAIL->storage->get_threading() ? 'THREADS' : 'ALL';
$all_count = $RCMAIL->storage->count($mbox_name, $list_mode, $list_mode == 'THREADS', false);
- $page = $RCMAIL->storage->get_page();
- $page_size = $RCMAIL->storage->get_pagesize();
// check current page if we're not on the first page
if ($all_count && $page > 1) {
@@ -143,7 +147,7 @@
// set trash folder state
if ($mbox_name === $trash) {
- $OUTPUT->command('set_trash_count', $RCMAIL->storage->count($mbox_name, 'EXISTS'));
+ $OUTPUT->command('set_trash_count', $RCMAIL->storage->count($mbox_name, 'EXISTS', true));
}
}
--
Gitblit v1.9.1