From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
plugins/acl/acl.js | 124 ++++++++++++++++++++++++++--------------
1 files changed, 80 insertions(+), 44 deletions(-)
diff --git a/plugins/acl/acl.js b/plugins/acl/acl.js
index b6e2c81..3647650 100644
--- a/plugins/acl/acl.js
+++ b/plugins/acl/acl.js
@@ -11,17 +11,20 @@
rcmail.acl_list_init();
// enable autocomplete on user input
if (rcmail.env.acl_users_source) {
- rcmail.init_address_input_events($('#acluser'), {action:'settings/plugin.acl-autocomplete'});
+ var inst = rcmail.is_framed() ? parent.rcmail : rcmail;
+ inst.init_address_input_events($('#acluser'), {action:'settings/plugin.acl-autocomplete'});
+
+ // pass config settings and localized texts to autocomplete context
+ inst.set_env({ autocomplete_max:rcmail.env.autocomplete_max, autocomplete_min_length:rcmail.env.autocomplete_min_length });
+ inst.add_label('autocompletechars', rcmail.labels.autocompletechars);
+ inst.add_label('autocompletemore', rcmail.labels.autocompletemore);
+
// fix inserted value
- rcmail.addEventListener('autocomplete_insert', function(e) {
+ inst.addEventListener('autocomplete_insert', function(e) {
if (e.field.id != 'acluser')
return;
- var value = e.insert;
- // get UID from the entry value
- if (value.match(/\s*\(([^)]+)\)[, ]*$/))
- value = RegExp.$1;
- e.field.value = value;
+ e.field.value = e.insert.replace(/[ ,;]+$/, '');
});
}
}
@@ -55,8 +58,11 @@
var users = this.acl_get_usernames();
if (users && users.length && confirm(this.get_label('acl.deleteconfirm'))) {
- this.http_request('settings/plugin.acl', '_act=delete&_user='+urlencode(users.join(','))
- + '&_mbox='+urlencode(this.env.mailbox),
+ this.http_post('settings/plugin.acl', {
+ _act: 'delete',
+ _user: users.join(','),
+ _mbox: this.env.mailbox
+ },
this.set_busy(true, 'acl.deleting'));
}
}
@@ -64,14 +70,14 @@
// Save ACL data
rcube_webmail.prototype.acl_save = function()
{
- var user = $('#acluser').val(), rights = '', type;
+ var data, type, rights = '', user = $('#acluser', this.acl_form).val();
- $(':checkbox', this.env.acl_advanced ? $('#advancedrights') : sim_ul = $('#simplerights')).map(function() {
+ $((this.env.acl_advanced ? '#advancedrights :checkbox' : '#simplerights :checkbox'), this.acl_form).map(function() {
if (this.checked)
rights += this.value;
});
- if (type = $('input:checked[name=usertype]').val()) {
+ if (type = $('input:checked[name=usertype]', this.acl_form).val()) {
if (type != 'user')
user = type;
}
@@ -85,19 +91,25 @@
return;
}
- this.http_request('settings/plugin.acl', '_act=save'
- + '&_user='+urlencode(user)
- + '&_acl=' +rights
- + '&_mbox='+urlencode(this.env.mailbox)
- + (this.acl_id ? '&_old='+this.acl_id : ''),
- this.set_busy(true, 'acl.saving'));
+ data = {
+ _act: 'save',
+ _user: user,
+ _acl: rights,
+ _mbox: this.env.mailbox
+ }
+
+ if (this.acl_id) {
+ data._old = this.acl_id;
+ }
+
+ this.http_post('settings/plugin.acl', data, this.set_busy(true, 'acl.saving'));
}
// Cancel/Hide form
rcube_webmail.prototype.acl_cancel = function()
{
this.ksearch_blur();
- this.acl_form.hide();
+ this.acl_popup.dialog('close');
}
// Update data after save (and hide form)
@@ -115,7 +127,7 @@
// hide autocomplete popup
this.ksearch_blur();
// hide form
- this.acl_form.hide();
+ this.acl_popup.dialog('close');
}
// Switch table display mode
@@ -132,14 +144,17 @@
// ACL table initialization
rcube_webmail.prototype.acl_list_init = function()
{
- $('#acl-switch')[this.env.acl_advanced ? 'addClass' : 'removeClass']('selected');
+ var method = this.env.acl_advanced ? 'addClass' : 'removeClass';
+
+ $('#acl-switch')[method]('selected');
+ $(this.gui_objects.acltable)[method]('advanced');
this.acl_list = new rcube_list_widget(this.gui_objects.acltable,
- {multiselect:true, draggable:false, keyboard:true, toggleselect:true});
- this.acl_list.addEventListener('select', function(o) { rcmail.acl_list_select(o); });
- this.acl_list.addEventListener('dblclick', function(o) { rcmail.acl_list_dblclick(o); });
- this.acl_list.addEventListener('keypress', function(o) { rcmail.acl_list_keypress(o); });
- this.acl_list.init();
+ {multiselect: true, draggable: false, keyboard: true});
+ this.acl_list.addEventListener('select', function(o) { rcmail.acl_list_select(o); })
+ .addEventListener('dblclick', function(o) { rcmail.acl_list_dblclick(o); })
+ .addEventListener('keypress', function(o) { rcmail.acl_list_keypress(o); })
+ .init();
}
// ACL table row selection handler
@@ -219,16 +234,23 @@
row = $('thead > tr', table).clone();
// Update new row
- $('td', row).map(function() {
- var r, cl = this.className.replace(/^acl/, '');
+ $('th', row).map(function() {
+ var td = $('<td>'),
+ title = $(this).attr('title'),
+ cl = this.className.replace(/^acl/, '');
+
+ if (title)
+ td.attr('title', title);
if (items && items[cl])
cl = items[cl];
if (cl == 'user')
- $(this).text(o.username);
+ td.addClass(cl).append($('<a>').text(o.username));
else
- $(this).addClass(rcmail.acl_class(o.acl, cl)).text('');
+ td.addClass(this.className + ' ' + rcmail.acl_class(o.acl, cl)).text('');
+
+ $(this).replaceWith(td);
});
row.attr('id', 'rcmrow'+id);
@@ -272,10 +294,10 @@
{
var ul, row, td, val = '', type = 'user', li_elements, body = $('body'),
adv_ul = $('#advancedrights'), sim_ul = $('#simplerights'),
- name_input = $('#acluser');
+ name_input = $('#acluser'), type_list = $('#usertype');
if (!this.acl_form) {
- var fn = function () { $('input[value=user]').prop('checked', true); };
+ var fn = function () { $('input[value="user"]').prop('checked', true); };
name_input.click(fn).keypress(fn);
}
@@ -300,9 +322,8 @@
if (id && (row = this.acl_list.rows[id])) {
row = row.obj;
li_elements.map(function() {
- val = this.value;
td = $('td.'+this.id, row);
- if (td && td.hasClass('enabled'))
+ if (td.length && td.hasClass('enabled'))
this.checked = true;
});
@@ -312,27 +333,42 @@
type = id;
}
// mark read (lrs) rights by default
- else
+ else {
li_elements.filter(function() { return this.id.match(/^acl([lrs]|read)$/); }).prop('checked', true);
+ }
name_input.val(val);
$('input[value='+type+']').prop('checked', true);
this.acl_id = id;
- // position the form horizontally
- var bw = body.width(), mw = this.acl_form.width();
+ var buttons = {}, me = this, body = document.body;
- if (bw >= mw)
- this.acl_form.css({left: parseInt((bw - mw)/2)+'px'});
+ buttons[this.get_label('save')] = function(e) { me.command('acl-save'); };
+ buttons[this.get_label('cancel')] = function(e) { me.command('acl-cancel'); };
- // display it
- this.acl_form.show();
+ // display it as popup
+ this.acl_popup = this.show_popup_dialog(
+ this.acl_form.show(),
+ id ? this.get_label('acl.editperms') : this.get_label('acl.newuser'),
+ buttons,
+ {
+ button_classes: ['mainaction'],
+ modal: true,
+ closeOnEscape: true,
+ close: function(e, ui) {
+ (me.is_framed() ? parent.rcmail : me).ksearch_hide();
+ me.acl_form.appendTo(body).hide();
+ $(this).remove();
+ window.focus(); // focus iframe
+ }
+ }
+ );
+
if (type == 'user')
name_input.focus();
-
- // unfocus the list, make backspace key in name input field working
- this.acl_list.blur();
+ else
+ $('input:checked', type_list).focus();
}
// Returns class name according to ACL comparision result
--
Gitblit v1.9.1