From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
program/steps/mail/autocomplete.inc | 57 +++++++++++++++++++++++++++++++++++++++------------------
1 files changed, 39 insertions(+), 18 deletions(-)
diff --git a/program/steps/mail/autocomplete.inc b/program/steps/mail/autocomplete.inc
index c15de92..3023ecf 100644
--- a/program/steps/mail/autocomplete.inc
+++ b/program/steps/mail/autocomplete.inc
@@ -1,6 +1,6 @@
<?php
-/*
+/**
+-----------------------------------------------------------------------+
| program/steps/mail/autocomplete.inc |
| |
@@ -49,7 +49,7 @@
$single = (bool) $RCMAIL->config->get('autocomplete_single');
$search = rcube_utils::get_input_value('_search', rcube_utils::INPUT_GPC, true);
$source = rcube_utils::get_input_value('_source', rcube_utils::INPUT_GPC);
-$sid = rcube_utils::get_input_value('_id', rcube_utils::INPUT_GPC);
+$reqid = rcube_utils::get_input_value('_reqid', rcube_utils::INPUT_GPC);
if (strlen($source)) {
$book_types = array($source);
@@ -88,10 +88,18 @@
continue;
}
+ $index = $contact;
+
// skip duplicates
- if (!in_array($contact, $contacts)) {
- $contacts[] = $contact;
- $sort_keys[] = sprintf('%s %03d', $sql_arr['name'] , $idx++);
+ if (empty($contacts[$index])) {
+ $contact = array('name' => $contact, 'type' => $sql_arr['_type']);
+
+ if (($display = rcube_addressbook::compose_search_name($sql_arr, $email, $name)) && $display != $contact['name']) {
+ $contact['display'] = $display;
+ }
+
+ $contacts[$index] = $contact;
+ $sort_keys[$index] = sprintf('%s %03d', $contact['display'] ?: $name, $idx++);
if (count($contacts) >= $MAXNUM) {
break 2;
@@ -118,25 +126,38 @@
if ($group_prop['email']) {
$idx = 0;
foreach ((array)$group_prop['email'] as $email) {
- $contacts[] = format_email_recipient($email, $group['name']);
- $sort_keys[] = sprintf('%s %03d', $group['name'] , $idx++);
+ $index = format_email_recipient($email, $group['name']);
- if (count($contacts) >= $MAXNUM) {
- break 2;
+ if (empty($contacts[$index])) {
+ $sort_keys[$index] = sprintf('%s %03d', $group['name'] , $idx++);
+ $contacts[$index] = array(
+ 'name' => $index,
+ 'email' => $email,
+ 'type' => 'group',
+ 'id' => $group['ID'],
+ 'source' => $id,
+ );
+
+ if (count($contacts) >= $MAXNUM) {
+ break 2;
+ }
}
}
}
// show group with count
else if (($result = $abook->count()) && $result->count) {
- $sort_keys[] = $group['name'];
- $contacts[] = array(
- 'name' => $group['name'] . ' (' . intval($result->count) . ')',
- 'id' => $group['ID'],
- 'source' => $id
- );
+ if (empty($contacts[$group['name']])) {
+ $sort_keys[$group['name']] = $group['name'];
+ $contacts[$group['name']] = array(
+ 'name' => $group['name'] . ' (' . intval($result->count) . ')',
+ 'type' => 'group',
+ 'id' => $group['ID'],
+ 'source' => $id
+ );
- if (count($contacts) >= $MAXNUM) {
- break;
+ if (count($contacts) >= $MAXNUM) {
+ break;
+ }
}
}
}
@@ -154,5 +175,5 @@
}
}
-$OUTPUT->command('ksearch_query_results', $contacts, $search, $sid);
+$OUTPUT->command('ksearch_query_results', $contacts, $search, $reqid);
$OUTPUT->send();
--
Gitblit v1.9.1