From acf633c73bc8df9a5036bc52d7568f4213ab73c7 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 06 May 2016 02:32:01 -0400
Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241)

---
 program/lib/Roundcube/rcube_db_pgsql.php |  106 +++++++++++++++++++++++++++++++++++++++++++++-------
 1 files changed, 91 insertions(+), 15 deletions(-)

diff --git a/program/lib/Roundcube/rcube_db_pgsql.php b/program/lib/Roundcube/rcube_db_pgsql.php
index 797860a..a92d3cf 100644
--- a/program/lib/Roundcube/rcube_db_pgsql.php
+++ b/program/lib/Roundcube/rcube_db_pgsql.php
@@ -2,8 +2,6 @@
 
 /**
  +-----------------------------------------------------------------------+
- | program/include/rcube_db_pgsql.php                                    |
- |                                                                       |
  | This file is part of the Roundcube Webmail client                     |
  | Copyright (C) 2005-2012, The Roundcube Dev Team                       |
  |                                                                       |
@@ -14,12 +12,10 @@
  | PURPOSE:                                                              |
  |   Database wrapper class that implements PHP PDO functions            |
  |   for PostgreSQL database                                             |
- |                                                                       |
  +-----------------------------------------------------------------------+
  | Author: Aleksander Machniak <alec@alec.pl>                            |
  +-----------------------------------------------------------------------+
 */
-
 
 /**
  * Database independent query interface
@@ -31,6 +27,17 @@
 class rcube_db_pgsql extends rcube_db
 {
     public $db_provider = 'postgres';
+
+    /**
+     * Driver-specific configuration of database connection
+     *
+     * @param array $dsn DSN for DB connections
+     * @param PDO   $dbh Connection handler
+     */
+    protected function conn_configure($dsn, $dbh)
+    {
+        $dbh->query("SET NAMES 'utf8'");
+    }
 
     /**
      * Get last inserted record ID
@@ -57,19 +64,19 @@
     /**
      * Return correct name for a specific database sequence
      *
-     * @param string $sequence Secuence name
+     * @param string $table Table name
      *
      * @return string Translated sequence name
      */
-    protected function sequence_name($sequence)
+    protected function sequence_name($table)
     {
-        $rcube = rcube::get_instance();
+        // Note: we support only one sequence per table
+        // Note: The sequence name must be <table_name>_seq
+        $sequence = $table . '_seq';
 
-        // return sequence name if configured
-        $config_key = 'db_sequence_'.$sequence;
-
-        if ($name = $rcube->config->get($config_key)) {
-            return $name;
+        // modify sequence name if prefix is configured
+        if ($prefix = $this->options['table_prefix']) {
+            return $prefix . $sequence;
         }
 
         return $sequence;
@@ -77,9 +84,6 @@
 
     /**
      * Return SQL statement to convert a field value into a unix timestamp
-     *
-     * This method is deprecated and should not be used anymore due to limitations
-     * of timestamp functions in Mysql (year 2038 problem)
      *
      * @param string $field Field name
      *
@@ -89,6 +93,24 @@
     public function unixtimestamp($field)
     {
         return "EXTRACT (EPOCH FROM $field)";
+    }
+
+    /**
+     * Return SQL function for current time and date
+     *
+     * @param int $interval Optional interval (in seconds) to add/subtract
+     *
+     * @return string SQL function to use in query
+     */
+    public function now($interval = 0)
+    {
+        if ($interval) {
+            $add = ' ' . ($interval > 0 ? '+' : '-') . " interval '";
+            $add .= $interval > 0 ? intval($interval) : intval($interval) * -1;
+            $add .= " seconds'";
+        }
+
+        return "now()" . $add;
     }
 
     /**
@@ -133,4 +155,58 @@
         return isset($this->variables[$varname]) ? $this->variables[$varname] : $default;
     }
 
+    /**
+     * Returns PDO DSN string from DSN array
+     *
+     * @param array $dsn DSN parameters
+     *
+     * @return string DSN string
+     */
+    protected function dsn_string($dsn)
+    {
+        $params = array();
+        $result = 'pgsql:';
+
+        if ($dsn['hostspec']) {
+            $params[] = 'host=' . $dsn['hostspec'];
+        }
+        else if ($dsn['socket']) {
+            $params[] = 'host=' . $dsn['socket'];
+        }
+
+        if ($dsn['port']) {
+            $params[] = 'port=' . $dsn['port'];
+        }
+
+        if ($dsn['database']) {
+            $params[] = 'dbname=' . $dsn['database'];
+        }
+
+        if (!empty($params)) {
+            $result .= implode(';', $params);
+        }
+
+        return $result;
+    }
+
+    /**
+     * Parse SQL file and fix table names according to table prefix
+     */
+    protected function fix_table_names($sql)
+    {
+        if (!$this->options['table_prefix']) {
+            return $sql;
+        }
+
+        $sql = parent::fix_table_names($sql);
+
+        // replace sequence names, and other postgres-specific commands
+        $sql = preg_replace_callback(
+            '/((SEQUENCE |RENAME TO |nextval\()["\']*)([^"\' \r\n]+)/',
+            array($this, 'fix_table_names_callback'),
+            $sql
+        );
+
+        return $sql;
+    }
 }

--
Gitblit v1.9.1