From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
plugins/example_addressbook/example_addressbook.php | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 50 insertions(+), 0 deletions(-)
diff --git a/plugins/example_addressbook/example_addressbook.php b/plugins/example_addressbook/example_addressbook.php
new file mode 100644
index 0000000..a15461f
--- /dev/null
+++ b/plugins/example_addressbook/example_addressbook.php
@@ -0,0 +1,50 @@
+<?php
+
+require_once(dirname(__FILE__) . '/example_addressbook_backend.php');
+
+/**
+ * Sample plugin to add a new address book
+ * with just a static list of contacts
+ */
+class example_addressbook extends rcube_plugin
+{
+ private $abook_id = 'static';
+ private $abook_name = 'Static List';
+
+ public function init()
+ {
+ $this->add_hook('addressbooks_list', array($this, 'address_sources'));
+ $this->add_hook('addressbook_get', array($this, 'get_address_book'));
+
+ // use this address book for autocompletion queries
+ // (maybe this should be configurable by the user?)
+ $config = rcmail::get_instance()->config;
+ $sources = (array) $config->get('autocomplete_addressbooks', array('sql'));
+ if (!in_array($this->abook_id, $sources)) {
+ $sources[] = $this->abook_id;
+ $config->set('autocomplete_addressbooks', $sources);
+ }
+ }
+
+ public function address_sources($p)
+ {
+ $abook = new example_addressbook_backend($this->abook_name);
+ $p['sources'][$this->abook_id] = array(
+ 'id' => $this->abook_id,
+ 'name' => $this->abook_name,
+ 'readonly' => $abook->readonly,
+ 'groups' => $abook->groups,
+ );
+ return $p;
+ }
+
+ public function get_address_book($p)
+ {
+ if ($p['id'] === $this->abook_id) {
+ $p['instance'] = new example_addressbook_backend($this->abook_name);
+ }
+
+ return $p;
+ }
+
+}
--
Gitblit v1.9.1