From a3b85d7b8560cdc1057fcaffa3acbd247b4b5b7a Mon Sep 17 00:00:00 2001
From: Thomas B. <thomas@roundcube.net>
Date: Mon, 07 Oct 2013 13:19:03 -0400
Subject: [PATCH] Merge pull request #133 from cwickert/release-0.9-canned-responses
---
program/lib/Roundcube/rcube_ldap.php | 18 +++++++++++-------
1 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/program/lib/Roundcube/rcube_ldap.php b/program/lib/Roundcube/rcube_ldap.php
index 47e96c3..7c40023 100644
--- a/program/lib/Roundcube/rcube_ldap.php
+++ b/program/lib/Roundcube/rcube_ldap.php
@@ -871,6 +871,8 @@
// add required (non empty) fields filter
$req_filter = '';
foreach ((array)$required as $field) {
+ if (in_array($field, (array)$fields)) // required field is already in search filter
+ continue;
if ($attrs = $this->_map_field($field)) {
if (count($attrs) > 1)
$req_filter .= '(|';
@@ -1403,13 +1405,15 @@
foreach ((array)$this->prop['autovalues'] as $lf => $templ) {
if (empty($attrs[$lf])) {
- // replace {attr} placeholders with concrete attribute values
- $templ = preg_replace('/\{\w+\}/', '', strtr($templ, $attrvals));
-
- if (strpos($templ, '(') !== false)
- $attrs[$lf] = eval("return ($templ);");
- else
- $attrs[$lf] = $templ;
+ if (strpos($templ, '(') !== false) {
+ // replace {attr} placeholders with (escaped!) attribute values to be safely eval'd
+ $code = preg_replace('/\{\w+\}/', '', strtr($templ, array_map('addslashes', $attrvals)));
+ $attrs[$lf] = eval("return ($code);");
+ }
+ else {
+ // replace {attr} placeholders with concrete attribute values
+ $attrs[$lf] = preg_replace('/\{\w+\}/', '', strtr($templ, $attrvals));
+ }
}
}
}
--
Gitblit v1.9.1