From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/steps/addressbook/delete.inc | 28 +++++++++++++++-------------
1 files changed, 15 insertions(+), 13 deletions(-)
diff --git a/program/steps/addressbook/delete.inc b/program/steps/addressbook/delete.inc
index b0b255e..5611858 100644
--- a/program/steps/addressbook/delete.inc
+++ b/program/steps/addressbook/delete.inc
@@ -6,7 +6,10 @@
| |
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2005-2009, The Roundcube Dev Team |
- | Licensed under the GNU GPL |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
| |
| PURPOSE: |
| Delete the submitted contacts (CIDs) from the users address book |
@@ -14,9 +17,6 @@
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
-
- $Id$
-
*/
// process ajax requests only
@@ -69,6 +69,8 @@
// update saved search after data changed
if (($search_request = $_REQUEST['_search']) && isset($_SESSION['search'][$search_request])) {
+ $sort_col = $RCMAIL->config->get('addressbook_sort_col', 'name');
+ $afields = $RCMAIL->config->get('contactlist_fields');
$search = (array)$_SESSION['search'][$search_request];
$records = array();
@@ -82,7 +84,7 @@
$source->set_search_set($set);
// get records
- $result = $source->list_records(array('name', 'email'));
+ $result = $source->list_records($afields);
if (!$result->count) {
unset($search[$s]);
@@ -91,7 +93,7 @@
while ($row = $result->next()) {
$row['sourceid'] = $s;
- $key = $row['name'] . ':' . $row['sourceid'];
+ $key = rcube_addressbook::compose_contact_key($row, $sort_col);
$records[$key] = $row;
}
unset($result);
@@ -103,20 +105,20 @@
// create resultset object
$count = count($records);
- $first = ($page-1) * $CONFIG['pagesize'];
+ $first = ($page-1) * $PAGE_SIZE;
$result = new rcube_result_set($count, $first);
// get records from the next page to add to the list
- $pages = ceil((count($records) + $delcnt) / $CONFIG['pagesize']);
+ $pages = ceil((count($records) + $delcnt) / $PAGE_SIZE);
if ($_GET['_from'] != 'show' && $pages > 1 && $page < $pages) {
// sort the records
ksort($records, SORT_LOCALE_STRING);
- $first += $CONFIG['pagesize'];
+ $first += $PAGE_SIZE;
// create resultset object
$res = new rcube_result_set($count, $first - $delcnt);
- if ($CONFIG['pagesize'] < $count) {
+ if ($PAGE_SIZE < $count) {
$records = array_slice($records, $first - $delcnt, $delcnt);
}
@@ -132,7 +134,7 @@
$result = $CONTACTS->count();
// get records from the next page to add to the list
- $pages = ceil(($result->count + $delcnt) / $CONFIG['pagesize']);
+ $pages = ceil(($result->count + $delcnt) / $PAGE_SIZE);
if ($_GET['_from'] != 'show' && $pages > 1 && $page < $pages) {
$CONTACTS->set_page($page);
$records = $CONTACTS->list_records(null, -$delcnt);
@@ -140,12 +142,12 @@
}
// update message count display
-$OUTPUT->set_env('pagecount', ceil($result->count / $CONFIG['pagesize']));
+$OUTPUT->set_env('pagecount', ceil($result->count / $PAGE_SIZE));
$OUTPUT->command('set_rowcount', rcmail_get_rowcount_text($result));
if (!empty($_SESSION['contact_undo'])) {
$_SESSION['contact_undo']['ts'] = time();
- $msg = html::span(null, rcube_label(array('name' => 'itemsdeleted', 'vars' => array('num' => $deleted))))
+ $msg = html::span(null, rcube_label('contactdeleted'))
. ' ' . html::a(array('onclick' => JS_OBJECT_NAME.".command('undo', '', this)"), rcube_label('undo'));
$OUTPUT->show_message($msg, 'confirmation', null, true, $undo_time);
--
Gitblit v1.9.1