From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/steps/addressbook/undo.inc | 15 ++++-----------
1 files changed, 4 insertions(+), 11 deletions(-)
diff --git a/program/steps/addressbook/undo.inc b/program/steps/addressbook/undo.inc
index 936f110..9c17114 100644
--- a/program/steps/addressbook/undo.inc
+++ b/program/steps/addressbook/undo.inc
@@ -6,7 +6,10 @@
| |
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2011, Kolab Systems AG |
- | Licensed under the GNU GPL |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
| |
| PURPOSE: |
| Undelete contacts (CIDs) from last delete action |
@@ -14,9 +17,6 @@
+-----------------------------------------------------------------------+
| Author: Aleksander Machniak <machniak@kolabsys.com> |
+-----------------------------------------------------------------------+
-
- $Id$
-
*/
// process ajax requests only
@@ -64,13 +64,6 @@
unset($search[$s]);
continue;
}
-
- while ($row = $result->next()) {
- $row['sourceid'] = $s;
- $key = $row['name'] . ':' . $row['sourceid'];
- $records[$key] = $row;
- }
- unset($result);
$search[$s] = $source->get_search_set();
}
--
Gitblit v1.9.1