From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/lib/Roundcube/rcube_user.php |   26 +++++++++++++++++++-------
 1 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/program/lib/Roundcube/rcube_user.php b/program/lib/Roundcube/rcube_user.php
index 7bd73e0..505b190 100644
--- a/program/lib/Roundcube/rcube_user.php
+++ b/program/lib/Roundcube/rcube_user.php
@@ -2,8 +2,6 @@
 
 /*
  +-----------------------------------------------------------------------+
- | program/include/rcube_user.inc                                        |
- |                                                                       |
  | This file is part of the Roundcube Webmail client                     |
  | Copyright (C) 2005-2012, The Roundcube Dev Team                       |
  |                                                                       |
@@ -14,13 +12,11 @@
  | PURPOSE:                                                              |
  |   This class represents a system user linked and provides access      |
  |   to the related database records.                                    |
- |                                                                       |
  +-----------------------------------------------------------------------+
  | Author: Thomas Bruederli <roundcube@gmail.com>                        |
  | Author: Aleksander Machniak <alec@alec.pl>                            |
  +-----------------------------------------------------------------------+
 */
-
 
 /**
  * Class representing a system user
@@ -86,12 +82,17 @@
     /**
      * Build a user name string (as e-mail address)
      *
-     * @param  string $part Username part (empty or 'local' or 'domain')
+     * @param  string $part Username part (empty or 'local' or 'domain', 'mail')
      * @return string Full user name or its part
      */
     function get_username($part = null)
     {
         if ($this->data['username']) {
+            // return real name
+            if (!$part) {
+                return $this->data['username'];
+            }
+
             list($local, $domain) = explode('@', $this->data['username']);
 
             // at least we should always have the local part
@@ -235,10 +236,12 @@
     /**
      * Return a list of all identities linked with this user
      *
-     * @param string $sql_add Optional WHERE clauses
+     * @param string $sql_add   Optional WHERE clauses
+     * @param bool   $formatted Format identity email and name
+     *
      * @return array List of identities
      */
-    function list_identities($sql_add = '')
+    function list_identities($sql_add = '', $formatted = false)
     {
         $result = array();
 
@@ -250,6 +253,15 @@
             $this->ID);
 
         while ($sql_arr = $this->db->fetch_assoc($sql_result)) {
+            if ($formatted) {
+                $ascii_email = format_email($sql_arr['email']);
+                $utf8_email  = format_email(rcube_utils::idn_to_utf8($ascii_email));
+
+                $sql_arr['email_ascii'] = $ascii_email;
+                $sql_arr['email']       = $utf8_email;
+                $sql_arr['ident']       = format_email_recipient($ascii_email, $sql_arr['name']);
+            }
+
             $result[] = $sql_arr;
         }
 

--
Gitblit v1.9.1