From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 program/steps/mail/mark.inc |   15 ++++++++++-----
 1 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/program/steps/mail/mark.inc b/program/steps/mail/mark.inc
index 149bc8e..8a49114 100644
--- a/program/steps/mail/mark.inc
+++ b/program/steps/mail/mark.inc
@@ -1,10 +1,11 @@
 <?php
-/*
+
+/**
  +-----------------------------------------------------------------------+
  | program/steps/mail/mark.inc                                           |
  |                                                                       |
  | This file is part of the Roundcube Webmail client                     |
- | Copyright (C) 2005-2013, The Roundcube Dev Team                       |
+ | Copyright (C) 2005-2014, The Roundcube Dev Team                       |
  |                                                                       |
  | Licensed under the GNU General Public License version 3 or            |
  | any later version with exceptions for skins & plugins.                |
@@ -39,7 +40,7 @@
 if (($_uids = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_POST))
     && ($flag = rcube_utils::get_input_value('_flag', rcube_utils::INPUT_POST))
 ) {
-    $flag = $a_flags_map[$flag] ? $a_flags_map[$flag] : strtoupper($flag);
+    $flag = $a_flags_map[$flag] ?: strtoupper($flag);
 
     if ($flag == 'DELETED' && $skip_deleted && $_POST['_from'] != 'show') {
         // count messages before changing anything
@@ -68,7 +69,9 @@
 
     if ($flag == 'DELETED' && $read_deleted && !empty($_POST['_ruid'])) {
         $ruids = rcube_utils::get_input_value('_ruid', rcube_utils::INPUT_POST);
-        $read  = $RCMAIL->storage->set_flag($ruids, 'SEEN');
+        foreach (rcmail::get_uids($ruids) as $mbox => $uids) {
+            $read += (int)$RCMAIL->storage->set_flag($uids, 'SEEN', $mbox);
+        }
 
         if ($read && !$skip_deleted) {
             $OUTPUT->command('flag_deleted_as_read', $ruids);
@@ -76,7 +79,9 @@
     }
 
     if ($flag == 'SEEN' || $flag == 'UNSEEN' || ($flag == 'DELETED' && !$skip_deleted)) {
-        rcmail_send_unread_count($RCMAIL->storage->get_folder());
+        foreach (rcmail::get_uids() as $mbox => $uids) {
+            rcmail_send_unread_count($mbox);
+        }
     }
     else if ($flag == 'DELETED' && $skip_deleted) {
         if ($_POST['_from'] == 'show') {

--
Gitblit v1.9.1