From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/steps/addressbook/edit.inc | 23 +++++++++++------------
1 files changed, 11 insertions(+), 12 deletions(-)
diff --git a/program/steps/addressbook/edit.inc b/program/steps/addressbook/edit.inc
index 90069a7..7ddd3e5 100644
--- a/program/steps/addressbook/edit.inc
+++ b/program/steps/addressbook/edit.inc
@@ -43,16 +43,14 @@
else {
$source = get_input_value('_source', RCUBE_INPUT_GPC);
- if (!strlen($source)) {
- // Give priority to configured default
- $source = $RCMAIL->config->get('default_addressbook');
+ if (strlen($source)) {
+ $CONTACTS = $RCMAIL->get_address_book($source, true);
}
- $CONTACTS = $RCMAIL->get_address_book($source, true);
-
- // find writable addressbook
- if (!$CONTACTS || $CONTACTS->readonly)
- $source = rcmail_default_source(true);
+ if (!$CONTACTS || $CONTACTS->readonly) {
+ $CONTACTS = $RCMAIL->get_address_book(-1, true);
+ $source = $RCMAIL->get_address_book_id($CONTACTS);
+ }
// Initialize addressbook
$CONTACTS = rcmail_contact_source($source, true);
@@ -239,16 +237,17 @@
{
global $RCMAIL, $SOURCE_ID;
- $sources_list = $RCMAIL->get_address_sources(true);
+ $sources_list = $RCMAIL->get_address_sources(true, true);
if (count($sources_list) < 2) {
$source = $sources_list[$SOURCE_ID];
$hiddenfield = new html_hiddenfield(array('name' => '_source', 'value' => $SOURCE_ID));
- return html::span($attrib, Q($source['name']) . $hiddenfield->show());
+ return html::span($attrib, $source['name'] . $hiddenfield->show());
}
- $attrib['name'] = '_source';
- $attrib['onchange'] = JS_OBJECT_NAME . ".command('save', 'reload', this.form)";
+ $attrib['name'] = '_source';
+ $attrib['is_escaped'] = true;
+ $attrib['onchange'] = JS_OBJECT_NAME . ".command('save', 'reload', this.form)";
$select = new html_select($attrib);
--
Gitblit v1.9.1