From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/steps/settings/edit_folder.inc | 38 +++++++++++++++++++++++---------------
1 files changed, 23 insertions(+), 15 deletions(-)
diff --git a/program/steps/settings/edit_folder.inc b/program/steps/settings/edit_folder.inc
index 9860c2f..fdb38e6 100644
--- a/program/steps/settings/edit_folder.inc
+++ b/program/steps/settings/edit_folder.inc
@@ -6,7 +6,10 @@
| |
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2005-2009, The Roundcube Dev Team |
- | Licensed under the GNU GPL |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
| |
| PURPOSE: |
| Provide functionality to create/edit a folder |
@@ -14,19 +17,15 @@
+-----------------------------------------------------------------------+
| Author: Aleksander Machniak <alec@alec.pl> |
+-----------------------------------------------------------------------+
-
- $Id$
-
*/
// WARNING: folder names in UI are encoded with RCMAIL_CHARSET
-// init IMAP connection
-$RCMAIL->imap_connect();
-
function rcmail_folder_form($attrib)
{
global $RCMAIL;
+
+ $storage = $RCMAIL->get_storage();
// edited folder name (empty in create-folder mode)
$mbox = trim(get_input_value('_mbox', RCUBE_INPUT_GPC, true));
@@ -36,13 +35,13 @@
$parent = trim(get_input_value('_path', RCUBE_INPUT_GPC, true));
$parent_imap = rcube_charset_convert($parent, RCMAIL_CHARSET, 'UTF7-IMAP');
- $threading_supported = $RCMAIL->imap->get_capability('THREAD');
- $delimiter = $RCMAIL->imap->get_hierarchy_delimiter();
+ $threading_supported = $storage->get_capability('THREAD');
+ $delimiter = $storage->get_hierarchy_delimiter();
// Get mailbox parameters
if (strlen($mbox)) {
$options = rcmail_folder_options($mbox_imap);
- $namespace = $RCMAIL->imap->get_namespace();
+ $namespace = $storage->get_namespace();
$path = explode($delimiter, $mbox_imap);
$folder = array_pop($path);
@@ -57,14 +56,14 @@
// allow creating subfolders of INBOX folder
if ($path == 'INBOX') {
- $path = $RCMAIL->imap->mod_mailbox($path, 'in');
+ $path = $storage->mod_folder($path, 'in');
}
}
// remove personal namespace prefix
if (strlen($path)) {
$path_id = $path;
- $path = $RCMAIL->imap->mod_mailbox($path.$delimiter);
+ $path = $storage->mod_folder($path.$delimiter);
if ($path[strlen($path)-1] == $delimiter) {
$path = substr($path, 0, -1);
}
@@ -79,7 +78,7 @@
// Location (name)
if ($options['protected']) {
- $foldername = Q(str_replace($delimiter, ' » ', rcmail_localize_folderpath($mbox_imap)));
+ $foldername = str_replace($delimiter, ' » ', Q(rcmail_localize_folderpath($mbox_imap)));
}
else if ($options['norename']) {
$foldername = Q($folder);
@@ -113,6 +112,15 @@
}
else {
$selected = isset($_POST['_parent']) ? $_POST['_parent'] : $path_id;
+ $exceptions = array($mbox_imap);
+
+ // Exclude 'prefix' namespace from parent folders list (#1488349)
+ // If INBOX. namespace exists, folders created as INBOX subfolders
+ // will be listed at the same level - selecting INBOX as a parent does nothing
+ if ($prefix = $storage->get_namespace('prefix')) {
+ $exceptions[] = substr($prefix, 0, -1);
+ }
+
$select = rcmail_mailbox_select(array(
'name' => '_parent',
'noselection' => '---',
@@ -120,7 +128,7 @@
'maxlength' => 150,
'unsubscribed' => true,
'skip_noinferiors' => true,
- 'exceptions' => array($mbox_imap),
+ 'exceptions' => $exceptions,
));
$form['props']['fieldsets']['location']['content']['path'] = array(
@@ -193,7 +201,7 @@
);
if ((!$options['noselect'] && !$options['is_root']) || $mbox_imap == 'INBOX') {
- $msgcount = $RCMAIL->imap->messagecount($mbox_imap, 'ALL', true, false);
+ $msgcount = $storage->count($mbox_imap, 'ALL', true, false);
// Size
if ($msgcount) {
--
Gitblit v1.9.1