From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/steps/addressbook/delete.inc |    9 ++++-----
 1 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/program/steps/addressbook/delete.inc b/program/steps/addressbook/delete.inc
index beba1ae..5611858 100644
--- a/program/steps/addressbook/delete.inc
+++ b/program/steps/addressbook/delete.inc
@@ -17,9 +17,6 @@
  +-----------------------------------------------------------------------+
  | Author: Thomas Bruederli <roundcube@gmail.com>                        |
  +-----------------------------------------------------------------------+
-
- $Id$
-
 */
 
 // process ajax requests only
@@ -72,6 +69,8 @@
 
 // update saved search after data changed
 if (($search_request = $_REQUEST['_search']) && isset($_SESSION['search'][$search_request])) {
+    $sort_col = $RCMAIL->config->get('addressbook_sort_col', 'name');
+    $afields = $RCMAIL->config->get('contactlist_fields');
     $search  = (array)$_SESSION['search'][$search_request];
     $records = array();
 
@@ -85,7 +84,7 @@
         $source->set_search_set($set);
 
         // get records
-        $result = $source->list_records(array('name', 'email'));
+        $result = $source->list_records($afields);
 
         if (!$result->count) {
             unset($search[$s]);
@@ -94,7 +93,7 @@
 
         while ($row = $result->next()) {
             $row['sourceid'] = $s;
-            $key = $row['name'] . ':' . $row['sourceid'];
+            $key = rcube_addressbook::compose_contact_key($row, $sort_col);
             $records[$key] = $row;
         }
         unset($result);

--
Gitblit v1.9.1