From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 program/steps/mail/pagenav.inc |   36 ++++++++++++++++++++----------------
 1 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/program/steps/mail/pagenav.inc b/program/steps/mail/pagenav.inc
index f15ac38..121f7de 100644
--- a/program/steps/mail/pagenav.inc
+++ b/program/steps/mail/pagenav.inc
@@ -1,12 +1,15 @@
 <?php
 
-/*
+/**
  +-----------------------------------------------------------------------+
  | program/steps/mail/pagenav.inc                                        |
  |                                                                       |
  | This file is part of the Roundcube Webmail client                     |
  | Copyright (C) 2005-2009, The Roundcube Dev Team                       |
- | Licensed under the GNU GPL                                            |
+ |                                                                       |
+ | Licensed under the GNU General Public License version 3 or            |
+ | any later version with exceptions for skins & plugins.                |
+ | See the README file for a full license statement.                     |
  |                                                                       |
  | PURPOSE:                                                              |
  |   Updates message page navigation controls                            |
@@ -14,20 +17,17 @@
  +-----------------------------------------------------------------------+
  | Author: Aleksander Machniak <alec@alec.pl>                            |
  +-----------------------------------------------------------------------+
-
- $Id: show.inc 4176 2010-11-04 09:59:55Z alec $
-
 */
 
-$uid   = get_input_value('_uid', RCUBE_INPUT_GET);
-$index = $RCMAIL->imap->message_index(null, $_SESSION['sort_col'], $_SESSION['sort_order']);
-$cnt   = $index->countMessages();
+$uid   = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_GET);
+$index = $RCMAIL->storage->index(null, rcmail_sort_column(), rcmail_sort_order());
+$cnt   = $index->count_messages();
 
 if ($cnt && ($pos = $index->exists($uid, true)) !== false) {
-    $prev  = $pos ? $index->getElement($pos-1) : 0;
-    $first = $pos ? $index->getElement('FIRST') : 0;
-    $next  = $pos < $cnt-1 ? $index->getElement($pos+1) : 0;
-    $last  = $pos < $cnt-1 ? $index->getElement('LAST') : 0;
+    $prev  = $pos ? $index->get_element($pos-1) : 0;
+    $first = $pos ? $index->get_element('FIRST') : 0;
+    $next  = $pos < $cnt-1 ? $index->get_element($pos+1) : 0;
+    $last  = $pos < $cnt-1 ? $index->get_element('LAST') : 0;
 }
 
 // Set UIDs and activate navigation buttons
@@ -35,23 +35,27 @@
     $OUTPUT->set_env('prev_uid', $prev);
     $OUTPUT->command('enable_command', 'previousmessage', 'firstmessage', true);
 }
+
 if ($next) {
     $OUTPUT->set_env('next_uid', $next);
     $OUTPUT->command('enable_command', 'nextmessage', 'lastmessage', true);
 }
-if ($first)
+
+if ($first) {
     $OUTPUT->set_env('first_uid', $first);
-if ($last)
+}
+
+if ($last) {
     $OUTPUT->set_env('last_uid', $last);
+}
 
 // Don't need a real messages count value
 $OUTPUT->set_env('messagecount', 1);
 
 // Set rowcount text
-$OUTPUT->command('set_rowcount', rcube_label(array(
+$OUTPUT->command('set_rowcount', $RCMAIL->gettext(array(
     'name' => 'messagenrof',
     'vars' => array('nr'  => $pos+1, 'count' => $cnt)
 )));
 
 $OUTPUT->send();
-

--
Gitblit v1.9.1