From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/steps/settings/func.inc |   46 +++++++++++++++++-----------------------------
 1 files changed, 17 insertions(+), 29 deletions(-)

diff --git a/program/steps/settings/func.inc b/program/steps/settings/func.inc
index 27e1e13..981d4e4 100644
--- a/program/steps/settings/func.inc
+++ b/program/steps/settings/func.inc
@@ -237,21 +237,21 @@
       );
     }
 
-    if (!isset($no_override['keep_alive'])) {
-      $field_id = 'rcmfd_keep_alive';
-      $select_keep_alive = new html_select(array('name' => '_keep_alive', 'id' => $field_id));
+    if (!isset($no_override['refresh_interval'])) {
+      $field_id = 'rcmfd_refresh_interval';
+      $select_refresh_interval = new html_select(array('name' => '_refresh_interval', 'id' => $field_id));
 
-      $select_keep_alive->add(rcube_label('never'), 0);
+      $select_refresh_interval->add(rcube_label('never'), 0);
       foreach (array(1, 3, 5, 10, 15, 30, 60) as $min) {
-        if (!$config['min_keep_alive'] || $config['min_keep_alive'] <= $min * 60) {
+        if (!$config['min_refresh_interval'] || $config['min_refresh_interval'] <= $min * 60) {
           $label = rcube_label(array('name' => 'everynminutes', 'vars' => array('n' => $min)));
-          $select_keep_alive->add($label, $min);
+          $select_refresh_interval->add($label, $min);
         }
       }
 
-      $blocks['main']['options']['keep_alive'] = array(
+      $blocks['main']['options']['refresh_interval'] = array(
         'title' => html::label($field_id, Q(rcube_label('refreshinterval'))),
-        'content' => $select_keep_alive->show($config['keep_alive']/60),
+        'content' => $select_refresh_interval->show($config['refresh_interval']/60),
       );
     }
 
@@ -483,8 +483,8 @@
 
     $blocks = array(
       'main'       => array('name' => Q(rcube_label('mainoptions'))),
-      'spellcheck' => array('name' => Q(rcube_label('spellcheckoptions'))),
       'sig'        => array('name' => Q(rcube_label('signatureoptions'))),
+      'spellcheck' => array('name' => Q(rcube_label('spellcheckoptions'))),
     );
 
     // show checkbox to compose messages in a new window
@@ -581,8 +581,7 @@
 
     if (!isset($no_override['reply_mode'])) {
       $field_id = 'rcmfd_reply_mode';
-      $select_replymode = new html_select(array('name' => '_reply_mode', 'id' => $field_id,
-        'onchange' => "\$('#rcmfd_sig_above').attr('disabled',this.selectedIndex<2)"));
+      $select_replymode = new html_select(array('name' => '_reply_mode', 'id' => $field_id));
       $select_replymode->add(rcube_label('replyempty'), -1);
       $select_replymode->add(rcube_label('replybottomposting'), 0);
       $select_replymode->add(rcube_label('replytopposting'), 1);
@@ -631,18 +630,6 @@
       );
     }
 
-    if (!isset($no_override['sig_above'])) {
-      $field_id = 'rcmfd_sig_above';
-      $select_sigabove = new html_select(array('name' => '_sig_above', 'id' => $field_id, 'disabled' => $config['reply_mode'] < 1));
-      $select_sigabove->add(rcube_label('belowquote'), 0);
-      $select_sigabove->add(rcube_label('abovequote'), 1);
-
-      $blocks['sig']['options']['sig_above'] = array(
-        'title' => html::label($field_id, Q(rcube_label('replysignaturepos'))),
-        'content' => $select_sigabove->show($config['sig_above']?1:0),
-      );
-    }
-
     if (!isset($no_override['strip_existing_sig'])) {
       $field_id = 'rcmfd_strip_existing_sig';
       $input_stripexistingsig = new html_checkbox(array('name' => '_strip_existing_sig', 'id' => $field_id, 'value' => 1));
@@ -666,14 +653,15 @@
     }
 
     if (!isset($no_override['default_font'])) {
-      $field_id     = 'rcmfd_default_font';
-      $fonts        = rcube_fontdefs();
-      $default_font = $config['default_font'] ? $config['default_font'] : 'Verdana';
+      $field_id = 'rcmfd_default_font';
+      $fonts    = rcube_fontdefs();
+      $selected = $config['default_font'];
 
       $select = '<select name="_default_font" id="'.$field_id.'">';
+      $select .= '<option value=""' . (!$selected ? ' selected="selected"' : '') . '>---</option>';
       foreach ($fonts as $fname => $font)
         $select .= '<option value="'.$fname.'"'
-          . ($fname == $default_font ? ' selected="selected"' : '')
+          . ($fname == $selected ? ' selected="selected"' : '')
           . ' style=\'font-family: ' . $font . '\'>'
           . Q($fname) . '</option>';
       $select .= '</select>';
@@ -695,7 +683,7 @@
     );
 
     if (!isset($no_override['default_addressbook'])
-      && ($books = $RCMAIL->get_address_sources(true))
+      && ($books = $RCMAIL->get_address_sources(true, true))
     ) {
       $field_id = 'rcmfd_default_addressbook';
       $select_abook = new html_select(array('name' => '_default_addressbook', 'id' => $field_id));
@@ -705,7 +693,7 @@
       }
 
       $blocks['main']['options']['default_addressbook'] = array(
-        'title' => html::label($field_id, Q(rcube_label('defaultaddressbook'))),
+        'title' => html::label($field_id, Q(rcube_label('defaultabook'))),
         'content' => $select_abook->show($config['default_addressbook']),
       );
     }

--
Gitblit v1.9.1