From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/steps/addressbook/save.inc |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc
index 8cab6e8..e7e5efc 100644
--- a/program/steps/addressbook/save.inc
+++ b/program/steps/addressbook/save.inc
@@ -134,11 +134,11 @@
     $record['email'] = reset($CONTACTS->get_col_values('email', $record, true));
     $record['name']  = rcube_addressbook::compose_list_name($record);
 
-    foreach (array('name', 'email') as $col)
+    foreach (array('name') as $col)
       $a_js_cols[] = Q((string)$record[$col]);
 
     // update the changed col in list
-    $OUTPUT->command('parent.update_contact_row', $cid, $a_js_cols, $newcid, $source);
+    $OUTPUT->command('parent.update_contact_row', $cid, $a_js_cols, $newcid, $source, $record);
 
     // show confirmation
     $OUTPUT->show_message('successfullysaved', 'confirmation', null, false);
@@ -192,7 +192,7 @@
         if (($maxnum = $RCMAIL->config->get('max_group_members', 0)) && ($counts->count + 1 > $maxnum))
           $OUTPUT->show_message('maxgroupmembersreached', 'warning', array('max' => $maxnum));
 
-        $CONTACTS->add_to_group($gid, $plugin['ids']);
+        $CONTACTS->add_to_group($plugin['group_id'], $plugin['ids']);
       }
     }
     else

--
Gitblit v1.9.1