From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
program/steps/mail/pagenav.inc | 63 ++++++++++++-------------------
1 files changed, 25 insertions(+), 38 deletions(-)
diff --git a/program/steps/mail/pagenav.inc b/program/steps/mail/pagenav.inc
index b62520f..121f7de 100644
--- a/program/steps/mail/pagenav.inc
+++ b/program/steps/mail/pagenav.inc
@@ -1,12 +1,15 @@
<?php
-/*
+/**
+-----------------------------------------------------------------------+
| program/steps/mail/pagenav.inc |
| |
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2005-2009, Roundcube Dev. - Switzerland |
- | Licensed under the GNU GPL |
+ | Copyright (C) 2005-2009, The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
| |
| PURPOSE: |
| Updates message page navigation controls |
@@ -14,61 +17,45 @@
+-----------------------------------------------------------------------+
| Author: Aleksander Machniak <alec@alec.pl> |
+-----------------------------------------------------------------------+
-
- $Id: show.inc 4176 2010-11-04 09:59:55Z alec $
-
*/
-$uid = get_input_value('_uid', RCUBE_INPUT_GET);
-$cnt = $IMAP->messagecount(NULL, 'ALL'); // Only messages, no threads here
+$uid = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_GET);
+$index = $RCMAIL->storage->index(null, rcmail_sort_column(), rcmail_sort_order());
+$cnt = $index->count_messages();
-if ($_SESSION['sort_col'] == 'date' && $_SESSION['sort_order'] != 'DESC'
- && empty($_REQUEST['_search']) && !$CONFIG['skip_deleted'] && !$IMAP->threading
-) {
- // this assumes that we are sorted by date_DESC
- $seq = $IMAP->get_id($uid);
- $index = $cnt - $seq;
-
- $prev = $IMAP->get_uid($seq + 1);
- $first = $IMAP->get_uid($cnt);
- $next = $IMAP->get_uid($seq - 1);
- $last = $IMAP->get_uid(1);
-}
-else {
- // Only if we use custom sorting
- $a_msg_index = $IMAP->message_index(NULL, $_SESSION['sort_col'], $_SESSION['sort_order']);
-
- $index = array_search($IMAP->get_id($uid), $a_msg_index);
-
- $count = count($a_msg_index);
- $prev = isset($a_msg_index[$index-1]) ? $IMAP->get_uid($a_msg_index[$index-1]) : -1;
- $first = $count > 1 ? $IMAP->get_uid($a_msg_index[0]) : -1;
- $next = isset($a_msg_index[$index+1]) ? $IMAP->get_uid($a_msg_index[$index+1]) : -1;
- $last = $count > 1 ? $IMAP->get_uid($a_msg_index[$count-1]) : -1;
+if ($cnt && ($pos = $index->exists($uid, true)) !== false) {
+ $prev = $pos ? $index->get_element($pos-1) : 0;
+ $first = $pos ? $index->get_element('FIRST') : 0;
+ $next = $pos < $cnt-1 ? $index->get_element($pos+1) : 0;
+ $last = $pos < $cnt-1 ? $index->get_element('LAST') : 0;
}
// Set UIDs and activate navigation buttons
-if ($prev > 0) {
+if ($prev) {
$OUTPUT->set_env('prev_uid', $prev);
$OUTPUT->command('enable_command', 'previousmessage', 'firstmessage', true);
}
-if ($next > 0) {
+
+if ($next) {
$OUTPUT->set_env('next_uid', $next);
$OUTPUT->command('enable_command', 'nextmessage', 'lastmessage', true);
}
-if ($first > 0)
+
+if ($first) {
$OUTPUT->set_env('first_uid', $first);
-if ($last > 0)
+}
+
+if ($last) {
$OUTPUT->set_env('last_uid', $last);
+}
// Don't need a real messages count value
$OUTPUT->set_env('messagecount', 1);
// Set rowcount text
-$OUTPUT->command('set_rowcount', rcube_label(array(
+$OUTPUT->command('set_rowcount', $RCMAIL->gettext(array(
'name' => 'messagenrof',
- 'vars' => array('nr' => $index+1, 'count' => $cnt)
+ 'vars' => array('nr' => $pos+1, 'count' => $cnt)
)));
$OUTPUT->send();
-
--
Gitblit v1.9.1