From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/lib/Roundcube/rcube_addressbook.php |   40 +++++++++++++++++++++++++++++++---------
 1 files changed, 31 insertions(+), 9 deletions(-)

diff --git a/program/lib/Roundcube/rcube_addressbook.php b/program/lib/Roundcube/rcube_addressbook.php
index ffe3509..a1b29c3 100644
--- a/program/lib/Roundcube/rcube_addressbook.php
+++ b/program/lib/Roundcube/rcube_addressbook.php
@@ -45,8 +45,8 @@
     public $sort_col = 'name';
     public $sort_order = 'ASC';
     public $coltypes = array('name' => array('limit'=>1), 'firstname' => array('limit'=>1), 'surname' => array('limit'=>1), 'email' => array('limit'=>1));
+    public $date_cols = array();
 
-    protected $date_types = array();
     protected $error;
 
     /**
@@ -309,9 +309,14 @@
      * List all active contact groups of this source
      *
      * @param string  Optional search string to match group name
+     * @param int     Matching mode:
+     *                0 - partial (*abc*),
+     *                1 - strict (=),
+     *                2 - prefix (abc*)
+     *
      * @return array  Indexed list of contact groups, each a hash array
      */
-    function list_groups($search = null)
+    function list_groups($search = null, $mode = 0)
     {
         /* empty for address books don't supporting groups */
         return array();
@@ -370,9 +375,10 @@
     /**
      * Add the given contact records the a certain group
      *
-     * @param string  Group identifier
-     * @param array   List of contact identifiers to be added
-     * @return int    Number of contacts added
+     * @param string       Group identifier
+     * @param array|string List of contact identifiers to be added
+     *
+     * @return int Number of contacts added
      */
     function add_to_group($group_id, $ids)
     {
@@ -383,9 +389,10 @@
     /**
      * Remove the given contact records from a certain group
      *
-     * @param string  Group identifier
-     * @param array   List of contact identifiers to be removed
-     * @return int    Number of deleted group members
+     * @param string       Group identifier
+     * @param array|string List of contact identifiers to be removed
+     *
+     * @return int Number of deleted group members
      */
     function remove_from_group($group_id, $ids)
     {
@@ -524,6 +531,21 @@
     }
 
     /**
+     * Create a unique key for sorting contacts
+     */
+    public static function compose_contact_key($contact, $sort_col)
+    {
+        $key = $contact[$sort_col] . ':' . $contact['sourceid'];
+
+        // add email to a key to not skip contacts with the same name (#1488375)
+        if (!empty($contact['email'])) {
+             $key .= ':' . implode(':', (array)$contact['email']);
+         }
+
+         return $key;
+    }
+
+    /**
      * Compare search value with contact data
      *
      * @param string       $colname Data name
@@ -538,7 +560,7 @@
         // The value is a date string, for date we'll
         // use only strict comparison (mode = 1)
         // @TODO: partial search, e.g. match only day and month
-        if (in_array($colname, $this->date_types)) {
+        if (in_array($colname, $this->date_cols)) {
             return (($value = rcube_utils::strtotime($value))
                 && ($search = rcube_utils::strtotime($search))
                 && date('Ymd', $value) == date('Ymd', $search));

--
Gitblit v1.9.1