From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
plugins/acl/acl.js | 44 ++++++++++++++++++++++++--------------------
1 files changed, 24 insertions(+), 20 deletions(-)
diff --git a/plugins/acl/acl.js b/plugins/acl/acl.js
index d82725c..3647650 100644
--- a/plugins/acl/acl.js
+++ b/plugins/acl/acl.js
@@ -24,11 +24,7 @@
if (e.field.id != 'acluser')
return;
- var value = e.insert;
- // get UID from the entry value
- if (value.match(/\s*\(([^)]+)\)[, ]*$/))
- value = RegExp.$1;
- e.field.value = value;
+ e.field.value = e.insert.replace(/[ ,;]+$/, '');
});
}
}
@@ -62,8 +58,11 @@
var users = this.acl_get_usernames();
if (users && users.length && confirm(this.get_label('acl.deleteconfirm'))) {
- this.http_request('settings/plugin.acl', '_act=delete&_user='+urlencode(users.join(','))
- + '&_mbox='+urlencode(this.env.mailbox),
+ this.http_post('settings/plugin.acl', {
+ _act: 'delete',
+ _user: users.join(','),
+ _mbox: this.env.mailbox
+ },
this.set_busy(true, 'acl.deleting'));
}
}
@@ -71,7 +70,7 @@
// Save ACL data
rcube_webmail.prototype.acl_save = function()
{
- var user = $('#acluser', this.acl_form).val(), rights = '', type;
+ var data, type, rights = '', user = $('#acluser', this.acl_form).val();
$((this.env.acl_advanced ? '#advancedrights :checkbox' : '#simplerights :checkbox'), this.acl_form).map(function() {
if (this.checked)
@@ -92,12 +91,18 @@
return;
}
- this.http_request('settings/plugin.acl', '_act=save'
- + '&_user='+urlencode(user)
- + '&_acl=' +rights
- + '&_mbox='+urlencode(this.env.mailbox)
- + (this.acl_id ? '&_old='+this.acl_id : ''),
- this.set_busy(true, 'acl.saving'));
+ data = {
+ _act: 'save',
+ _user: user,
+ _acl: rights,
+ _mbox: this.env.mailbox
+ }
+
+ if (this.acl_id) {
+ data._old = this.acl_id;
+ }
+
+ this.http_post('settings/plugin.acl', data, this.set_busy(true, 'acl.saving'));
}
// Cancel/Hide form
@@ -339,15 +344,16 @@
var buttons = {}, me = this, body = document.body;
- buttons[this.gettext('save')] = function(e) { me.command('acl-save'); };
- buttons[this.gettext('cancel')] = function(e) { me.command('acl-cancel'); };
+ buttons[this.get_label('save')] = function(e) { me.command('acl-save'); };
+ buttons[this.get_label('cancel')] = function(e) { me.command('acl-cancel'); };
// display it as popup
this.acl_popup = this.show_popup_dialog(
- '<div style="width:480px;height:280px"> </div>',
- id ? this.gettext('acl.editperms') : this.gettext('acl.newuser'),
+ this.acl_form.show(),
+ id ? this.get_label('acl.editperms') : this.get_label('acl.newuser'),
buttons,
{
+ button_classes: ['mainaction'],
modal: true,
closeOnEscape: true,
close: function(e, ui) {
@@ -358,8 +364,6 @@
}
}
);
-
- this.acl_form.appendTo(this.acl_popup).show();
if (type == 'user')
name_input.focus();
--
Gitblit v1.9.1