From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/lib/Roundcube/rcube_contacts.php |   36 ++++++++++++++++++++++++++++--------
 1 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/program/lib/Roundcube/rcube_contacts.php b/program/lib/Roundcube/rcube_contacts.php
index e4fd7dc..3919cdc 100644
--- a/program/lib/Roundcube/rcube_contacts.php
+++ b/program/lib/Roundcube/rcube_contacts.php
@@ -137,16 +137,34 @@
      * List all active contact groups of this source
      *
      * @param string  Search string to match group name
+     * @param int     Matching mode:
+     *                0 - partial (*abc*),
+     *                1 - strict (=),
+     *                2 - prefix (abc*)
+     *
      * @return array  Indexed list of contact groups, each a hash array
      */
-    function list_groups($search = null)
+    function list_groups($search = null, $mode = 0)
     {
         $results = array();
 
         if (!$this->groups)
             return $results;
 
-        $sql_filter = $search ? " AND " . $this->db->ilike('name', '%'.$search.'%') : '';
+        if ($search) {
+            switch (intval($mode)) {
+            case 1:
+                $sql_filter = $this->db->ilike('name', $search);
+                break;
+            case 2:
+                $sql_filter = $this->db->ilike('name', $search . '%');
+                break;
+            default:
+                $sql_filter = $this->db->ilike('name', '%' . $search . '%');
+            }
+
+            $sql_filter = " AND $sql_filter";
+        }
 
         $sql_result = $this->db->query(
             "SELECT * FROM ".$this->db->table_name($this->db_groups).
@@ -879,9 +897,10 @@
     /**
      * Add the given contact records the a certain group
      *
-     * @param string  Group identifier
-     * @param array   List of contact identifiers to be added
-     * @return int    Number of contacts added 
+     * @param string       Group identifier
+     * @param array|string List of contact identifiers to be added
+     *
+     * @return int Number of contacts added
      */
     function add_to_group($group_id, $ids)
     {
@@ -926,9 +945,10 @@
     /**
      * Remove the given contact records from a certain group
      *
-     * @param string  Group identifier
-     * @param array   List of contact identifiers to be removed
-     * @return int    Number of deleted group members
+     * @param string       Group identifier
+     * @param array|string List of contact identifiers to be removed
+     *
+     * @return int Number of deleted group members
      */
     function remove_from_group($group_id, $ids)
     {

--
Gitblit v1.9.1