From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
program/steps/mail/autocomplete.inc | 54 +++++++++++++++++++++++++++++++-----------------------
1 files changed, 31 insertions(+), 23 deletions(-)
diff --git a/program/steps/mail/autocomplete.inc b/program/steps/mail/autocomplete.inc
index 30b8f22..3023ecf 100644
--- a/program/steps/mail/autocomplete.inc
+++ b/program/steps/mail/autocomplete.inc
@@ -1,6 +1,6 @@
<?php
-/*
+/**
+-----------------------------------------------------------------------+
| program/steps/mail/autocomplete.inc |
| |
@@ -88,16 +88,18 @@
continue;
}
+ $index = $contact;
+
// skip duplicates
- if (!in_array($contact, $contacts)) {
+ if (empty($contacts[$index])) {
$contact = array('name' => $contact, 'type' => $sql_arr['_type']);
if (($display = rcube_addressbook::compose_search_name($sql_arr, $email, $name)) && $display != $contact['name']) {
$contact['display'] = $display;
}
- $contacts[] = $contact;
- $sort_keys[] = sprintf('%s %03d', $contact['display'] ?: $name, $idx++);
+ $contacts[$index] = $contact;
+ $sort_keys[$index] = sprintf('%s %03d', $contact['display'] ?: $name, $idx++);
if (count($contacts) >= $MAXNUM) {
break 2;
@@ -124,32 +126,38 @@
if ($group_prop['email']) {
$idx = 0;
foreach ((array)$group_prop['email'] as $email) {
- $contacts[] = array(
- 'name' => format_email_recipient($email, $group['name']),
- 'email' => $email,
- 'type' => 'group',
- 'id' => $group['ID'],
- 'source' => $id,
- );
- $sort_keys[] = sprintf('%s %03d', $group['name'] , $idx++);
+ $index = format_email_recipient($email, $group['name']);
- if (count($contacts) >= $MAXNUM) {
- break 2;
+ if (empty($contacts[$index])) {
+ $sort_keys[$index] = sprintf('%s %03d', $group['name'] , $idx++);
+ $contacts[$index] = array(
+ 'name' => $index,
+ 'email' => $email,
+ 'type' => 'group',
+ 'id' => $group['ID'],
+ 'source' => $id,
+ );
+
+ if (count($contacts) >= $MAXNUM) {
+ break 2;
+ }
}
}
}
// show group with count
else if (($result = $abook->count()) && $result->count) {
- $sort_keys[] = $group['name'];
- $contacts[] = array(
- 'name' => $group['name'] . ' (' . intval($result->count) . ')',
- 'type' => 'group',
- 'id' => $group['ID'],
- 'source' => $id
- );
+ if (empty($contacts[$group['name']])) {
+ $sort_keys[$group['name']] = $group['name'];
+ $contacts[$group['name']] = array(
+ 'name' => $group['name'] . ' (' . intval($result->count) . ')',
+ 'type' => 'group',
+ 'id' => $group['ID'],
+ 'source' => $id
+ );
- if (count($contacts) >= $MAXNUM) {
- break;
+ if (count($contacts) >= $MAXNUM) {
+ break;
+ }
}
}
}
--
Gitblit v1.9.1