From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/lib/Roundcube/rcube_user.php |   12 ++----------
 1 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/program/lib/Roundcube/rcube_user.php b/program/lib/Roundcube/rcube_user.php
index 586002a..505b190 100644
--- a/program/lib/Roundcube/rcube_user.php
+++ b/program/lib/Roundcube/rcube_user.php
@@ -163,16 +163,8 @@
         if (!$this->ID)
             return false;
 
-        $plugin = $this->rc->plugins->exec_hook('preferences_update', array(
-            'userid' => $this->ID, 'prefs' => $a_user_prefs, 'old' => (array)$this->get_prefs()));
-
-        if (!empty($plugin['abort'])) {
-            return;
-        }
-
-        $a_user_prefs = $plugin['prefs'];
-        $old_prefs    = $plugin['old'];
-        $config       = $this->rc->config;
+        $config    = $this->rc->config;
+        $old_prefs = (array)$this->get_prefs();
 
         // merge (partial) prefs array with existing settings
         $save_prefs = $a_user_prefs + $old_prefs;

--
Gitblit v1.9.1