From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/steps/settings/edit_folder.inc | 16 +++++++++++-----
1 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/program/steps/settings/edit_folder.inc b/program/steps/settings/edit_folder.inc
index 2c69c74..fdb38e6 100644
--- a/program/steps/settings/edit_folder.inc
+++ b/program/steps/settings/edit_folder.inc
@@ -17,9 +17,6 @@
+-----------------------------------------------------------------------+
| Author: Aleksander Machniak <alec@alec.pl> |
+-----------------------------------------------------------------------+
-
- $Id$
-
*/
// WARNING: folder names in UI are encoded with RCMAIL_CHARSET
@@ -81,7 +78,7 @@
// Location (name)
if ($options['protected']) {
- $foldername = Q(str_replace($delimiter, ' » ', rcmail_localize_folderpath($mbox_imap)));
+ $foldername = str_replace($delimiter, ' » ', Q(rcmail_localize_folderpath($mbox_imap)));
}
else if ($options['norename']) {
$foldername = Q($folder);
@@ -115,6 +112,15 @@
}
else {
$selected = isset($_POST['_parent']) ? $_POST['_parent'] : $path_id;
+ $exceptions = array($mbox_imap);
+
+ // Exclude 'prefix' namespace from parent folders list (#1488349)
+ // If INBOX. namespace exists, folders created as INBOX subfolders
+ // will be listed at the same level - selecting INBOX as a parent does nothing
+ if ($prefix = $storage->get_namespace('prefix')) {
+ $exceptions[] = substr($prefix, 0, -1);
+ }
+
$select = rcmail_mailbox_select(array(
'name' => '_parent',
'noselection' => '---',
@@ -122,7 +128,7 @@
'maxlength' => 150,
'unsubscribed' => true,
'skip_noinferiors' => true,
- 'exceptions' => array($mbox_imap),
+ 'exceptions' => $exceptions,
));
$form['props']['fieldsets']['location']['content']['path'] = array(
--
Gitblit v1.9.1