From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/steps/addressbook/delete.inc |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/program/steps/addressbook/delete.inc b/program/steps/addressbook/delete.inc
index a2f1249..5611858 100644
--- a/program/steps/addressbook/delete.inc
+++ b/program/steps/addressbook/delete.inc
@@ -70,6 +70,7 @@
 // update saved search after data changed
 if (($search_request = $_REQUEST['_search']) && isset($_SESSION['search'][$search_request])) {
     $sort_col = $RCMAIL->config->get('addressbook_sort_col', 'name');
+    $afields = $RCMAIL->config->get('contactlist_fields');
     $search  = (array)$_SESSION['search'][$search_request];
     $records = array();
 
@@ -83,7 +84,7 @@
         $source->set_search_set($set);
 
         // get records
-        $result = $source->list_records(array('name', 'firstname', 'surname', 'email'));
+        $result = $source->list_records($afields);
 
         if (!$result->count) {
             unset($search[$s]);
@@ -92,7 +93,7 @@
 
         while ($row = $result->next()) {
             $row['sourceid'] = $s;
-            $key = rcmail_contact_key($row, $sort_col);
+            $key = rcube_addressbook::compose_contact_key($row, $sort_col);
             $records[$key] = $row;
         }
         unset($result);

--
Gitblit v1.9.1