From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/lib/Roundcube/rcube_addressbook.php | 101 ++++++++++++++++++++++++++++++++++++++++----------
1 files changed, 81 insertions(+), 20 deletions(-)
diff --git a/program/lib/Roundcube/rcube_addressbook.php b/program/lib/Roundcube/rcube_addressbook.php
index b5fb8cf..a1b29c3 100644
--- a/program/lib/Roundcube/rcube_addressbook.php
+++ b/program/lib/Roundcube/rcube_addressbook.php
@@ -2,8 +2,6 @@
/*
+-----------------------------------------------------------------------+
- | program/include/rcube_addressbook.php |
- | |
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2006-2012, The Roundcube Dev Team |
| |
@@ -13,7 +11,6 @@
| |
| PURPOSE: |
| Interface to the local address book database |
- | |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
@@ -48,6 +45,7 @@
public $sort_col = 'name';
public $sort_order = 'ASC';
public $coltypes = array('name' => array('limit'=>1), 'firstname' => array('limit'=>1), 'surname' => array('limit'=>1), 'email' => array('limit'=>1));
+ public $date_cols = array();
protected $error;
@@ -141,7 +139,7 @@
*/
function get_error()
{
- return $this->error;
+ return $this->error;
}
/**
@@ -152,7 +150,7 @@
*/
protected function set_error($type, $message)
{
- $this->error = array('type' => $type, 'message' => $message);
+ $this->error = array('type' => $type, 'message' => $message);
}
/**
@@ -209,13 +207,13 @@
*/
public function validate(&$save_data, $autofix = false)
{
- $rcmail = rcmail::get_instance();
+ $rcube = rcube::get_instance();
// check validity of email addresses
foreach ($this->get_col_values('email', $save_data, true) as $email) {
if (strlen($email)) {
if (!rcube_utils::check_email(rcube_utils::idn_to_ascii($email))) {
- $error = $rcmail->gettext(array('name' => 'emailformaterror', 'vars' => array('email' => $email)));
+ $error = $rcube->gettext(array('name' => 'emailformaterror', 'vars' => array('email' => $email)));
$this->set_error(self::ERROR_VALIDATE, $error);
return false;
}
@@ -224,7 +222,6 @@
return true;
}
-
/**
* Create a new contact record
@@ -312,9 +309,14 @@
* List all active contact groups of this source
*
* @param string Optional search string to match group name
+ * @param int Matching mode:
+ * 0 - partial (*abc*),
+ * 1 - strict (=),
+ * 2 - prefix (abc*)
+ *
* @return array Indexed list of contact groups, each a hash array
*/
- function list_groups($search = null)
+ function list_groups($search = null, $mode = 0)
{
/* empty for address books don't supporting groups */
return array();
@@ -373,9 +375,10 @@
/**
* Add the given contact records the a certain group
*
- * @param string Group identifier
- * @param array List of contact identifiers to be added
- * @return int Number of contacts added
+ * @param string Group identifier
+ * @param array|string List of contact identifiers to be added
+ *
+ * @return int Number of contacts added
*/
function add_to_group($group_id, $ids)
{
@@ -386,9 +389,10 @@
/**
* Remove the given contact records from a certain group
*
- * @param string Group identifier
- * @param array List of contact identifiers to be removed
- * @return int Number of deleted group members
+ * @param string Group identifier
+ * @param array|string List of contact identifiers to be removed
+ *
+ * @return int Number of deleted group members
*/
function remove_from_group($group_id, $ids)
{
@@ -409,7 +413,6 @@
/* empty for address books don't supporting groups */
return array();
}
-
/**
* Utility function to return all values of a certain data column
@@ -443,7 +446,6 @@
return $out;
}
-
/**
* Normalize the given string for fulltext search.
* Currently only optimized for Latin-1 characters; to be extended
@@ -467,7 +469,7 @@
*/
public static function compose_display_name($contact, $full_email = false)
{
- $contact = rcmail::get_instance()->plugins->exec_hook('contact_displayname', $contact);
+ $contact = rcube::get_instance()->plugins->exec_hook('contact_displayname', $contact);
$fn = $contact['name'];
if (!$fn) // default display name composition according to vcard standard
@@ -491,7 +493,6 @@
return $fn;
}
-
/**
* Compose the name to display in the contacts list for the given contact record.
* This respects the settings parameter how to list conacts.
@@ -504,7 +505,7 @@
static $compose_mode;
if (!isset($compose_mode)) // cache this
- $compose_mode = rcmail::get_instance()->config->get('addressbook_name_listing', 0);
+ $compose_mode = rcube::get_instance()->config->get('addressbook_name_listing', 0);
if ($compose_mode == 3)
$fn = join(' ', array($contact['surname'] . ',', $contact['firstname'], $contact['middlename']));
@@ -529,5 +530,65 @@
return $fn;
}
+ /**
+ * Create a unique key for sorting contacts
+ */
+ public static function compose_contact_key($contact, $sort_col)
+ {
+ $key = $contact[$sort_col] . ':' . $contact['sourceid'];
+
+ // add email to a key to not skip contacts with the same name (#1488375)
+ if (!empty($contact['email'])) {
+ $key .= ':' . implode(':', (array)$contact['email']);
+ }
+
+ return $key;
+ }
+
+ /**
+ * Compare search value with contact data
+ *
+ * @param string $colname Data name
+ * @param string|array $value Data value
+ * @param string $search Search value
+ * @param int $mode Search mode
+ *
+ * @return bool Comparision result
+ */
+ protected function compare_search_value($colname, $value, $search, $mode)
+ {
+ // The value is a date string, for date we'll
+ // use only strict comparison (mode = 1)
+ // @TODO: partial search, e.g. match only day and month
+ if (in_array($colname, $this->date_cols)) {
+ return (($value = rcube_utils::strtotime($value))
+ && ($search = rcube_utils::strtotime($search))
+ && date('Ymd', $value) == date('Ymd', $search));
+ }
+
+ // composite field, e.g. address
+ foreach ((array)$value as $val) {
+ $val = mb_strtolower($val);
+ switch ($mode) {
+ case 1:
+ $got = ($val == $search);
+ break;
+
+ case 2:
+ $got = ($search == substr($val, 0, strlen($search)));
+ break;
+
+ default:
+ $got = (strpos($val, $search) !== false);
+ }
+
+ if ($got) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
}
--
Gitblit v1.9.1