From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 plugins/markasjunk/markasjunk.php |   57 +++++++++++++++++++++++++++++++++++++++------------------
 1 files changed, 39 insertions(+), 18 deletions(-)

diff --git a/plugins/markasjunk/markasjunk.php b/plugins/markasjunk/markasjunk.php
index f3e652d..4448b50 100644
--- a/plugins/markasjunk/markasjunk.php
+++ b/plugins/markasjunk/markasjunk.php
@@ -6,7 +6,8 @@
  * Sample plugin that adds a new button to the mailbox toolbar
  * to mark the selected messages as Junk and move them to the Junk folder
  *
- * @version 1.0
+ * @version @package_version@
+ * @license GNU GPLv3+
  * @author Thomas Bruederli
  */
 class markasjunk extends rcube_plugin
@@ -15,39 +16,59 @@
 
   function init()
   {
-    $this->register_action('plugin.markasjunk', array($this, 'request_action'));
-    
     $rcmail = rcmail::get_instance();
+
+    $this->register_action('plugin.markasjunk', array($this, 'request_action'));
+    $this->add_hook('storage_init', array($this, 'storage_init'));
+
     if ($rcmail->action == '' || $rcmail->action == 'show') {
-      $skin_path = 'skins/'.$rcmail->output->config['skin'];
+      $skin_path = $this->local_skin_path();
       $this->include_script('markasjunk.js');
+      if (is_file($this->home . "/$skin_path/markasjunk.css"))
+        $this->include_stylesheet("$skin_path/markasjunk.css");
       $this->add_texts('localization', true);
+
       $this->add_button(array(
+        'type' => 'link',
+        'label' => 'buttontext',
         'command' => 'plugin.markasjunk',
-        'imagepas' => $skin_path.'/junk_pas.png',
-        'imageact' => $skin_path.'/junk_act.png',
-	'title' => 'markasjunk.buttontitle'), 'toolbar');
+        'class' => 'button buttonPas junk disabled',
+        'classact' => 'button junk',
+        'title' => 'buttontitle',
+        'domain' => 'markasjunk'), 'toolbar');
     }
+  }
+
+  function storage_init($args)
+  {
+    $flags = array(
+      'JUNK'    => 'Junk',
+      'NONJUNK' => 'NonJunk',
+    );
+
+    // register message flags
+    $args['message_flags'] = array_merge((array)$args['message_flags'], $flags);
+
+    return $args;
   }
 
   function request_action()
   {
     $this->add_texts('localization');
 
-    $GLOBALS['IMAP_FLAGS']['JUNK'] = 'Junk';
-    $GLOBALS['IMAP_FLAGS']['NONJUNK'] = 'NonJunk';
-    
-    $uids = get_input_value('_uid', RCUBE_INPUT_POST);
-    $mbox = get_input_value('_mbox', RCUBE_INPUT_POST);
-    
-    $rcmail = rcmail::get_instance();
-    $rcmail->imap->unset_flag($uids, 'NONJUNK');
-    $rcmail->imap->set_flag($uids, 'JUNK');
-    
+    $uids = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_POST);
+    $mbox = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST);
+
+    $rcmail  = rcmail::get_instance();
+    $storage = $rcmail->get_storage();
+
+    $storage->unset_flag($uids, 'NONJUNK');
+    $storage->set_flag($uids, 'JUNK');
+
     if (($junk_mbox = $rcmail->config->get('junk_mbox')) && $mbox != $junk_mbox) {
       $rcmail->output->command('move_messages', $junk_mbox);
     }
-    
+
     $rcmail->output->command('display_message', $this->gettext('reportedasjunk'), 'confirmation');
     $rcmail->output->send();
   }

--
Gitblit v1.9.1