From e59471fcb9f4e5e11a6d054e930a21b469f76f97 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Tue, 07 Jan 2014 03:48:55 -0500
Subject: [PATCH] Make sure prefs always is a valid array (otherwise causes fatal errors if language if not set)
---
program/lib/Roundcube/rcube_user.php | 78 +++++++++++++++++++++++++-------------
1 files changed, 51 insertions(+), 27 deletions(-)
diff --git a/program/lib/Roundcube/rcube_user.php b/program/lib/Roundcube/rcube_user.php
index 864f2e0..e232736 100644
--- a/program/lib/Roundcube/rcube_user.php
+++ b/program/lib/Roundcube/rcube_user.php
@@ -2,8 +2,6 @@
/*
+-----------------------------------------------------------------------+
- | program/include/rcube_user.inc |
- | |
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2005-2012, The Roundcube Dev Team |
| |
@@ -14,13 +12,11 @@
| PURPOSE: |
| This class represents a system user linked and provides access |
| to the related database records. |
- | |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
| Author: Aleksander Machniak <alec@alec.pl> |
+-----------------------------------------------------------------------+
*/
-
/**
* Class representing a system user
@@ -129,8 +125,10 @@
*/
function get_prefs()
{
+ $prefs = array();
+
if (!empty($this->language))
- $prefs = array('language' => $this->language);
+ $prefs['language'] = $this->language;
if ($this->ID) {
// Preferences from session (write-master is unavailable)
@@ -167,8 +165,16 @@
if (!$this->ID)
return false;
- $config = $this->rc->config;
- $old_prefs = (array)$this->get_prefs();
+ $plugin = $this->rc->plugins->exec_hook('preferences_update', array(
+ 'userid' => $this->ID, 'prefs' => $a_user_prefs, 'old' => (array)$this->get_prefs()));
+
+ if (!empty($plugin['abort'])) {
+ return;
+ }
+
+ $a_user_prefs = $plugin['prefs'];
+ $old_prefs = $plugin['old'];
+ $config = $this->rc->config;
// merge (partial) prefs array with existing settings
$save_prefs = $a_user_prefs + $old_prefs;
@@ -217,6 +223,14 @@
return false;
}
+ /**
+ * Generate a unique hash to identify this user which
+ */
+ function get_hash()
+ {
+ $key = substr($this->rc->config->get('des_key'), 1, 4);
+ return md5($this->data['user_id'] . $key . $this->data['username'] . '@' . $this->data['mail_host']);
+ }
/**
* Get default identity of this user
@@ -240,10 +254,12 @@
/**
* Return a list of all identities linked with this user
*
- * @param string $sql_add Optional WHERE clauses
+ * @param string $sql_add Optional WHERE clauses
+ * @param bool $formatted Format identity email and name
+ *
* @return array List of identities
*/
- function list_identities($sql_add = '')
+ function list_identities($sql_add = '', $formatted = false)
{
$result = array();
@@ -251,10 +267,19 @@
"SELECT * FROM ".$this->db->table_name('identities').
" WHERE del <> 1 AND user_id = ?".
($sql_add ? " ".$sql_add : "").
- " ORDER BY ".$this->db->quoteIdentifier('standard')." DESC, name ASC, identity_id ASC",
+ " ORDER BY ".$this->db->quote_identifier('standard')." DESC, name ASC, identity_id ASC",
$this->ID);
while ($sql_arr = $this->db->fetch_assoc($sql_result)) {
+ if ($formatted) {
+ $ascii_email = format_email($sql_arr['email']);
+ $utf8_email = format_email(rcube_utils::idn_to_utf8($ascii_email));
+
+ $sql_arr['email_ascii'] = $ascii_email;
+ $sql_arr['email'] = $utf8_email;
+ $sql_arr['ident'] = format_email_recipient($ascii_email, $sql_arr['name']);
+ }
+
$result[] = $sql_arr;
}
@@ -277,7 +302,7 @@
$query_cols = $query_params = array();
foreach ((array)$data as $col => $value) {
- $query_cols[] = $this->db->quoteIdentifier($col) . ' = ?';
+ $query_cols[] = $this->db->quote_identifier($col) . ' = ?';
$query_params[] = $value;
}
$query_params[] = $iid;
@@ -313,7 +338,7 @@
$insert_cols = $insert_values = array();
foreach ((array)$data as $col => $value) {
- $insert_cols[] = $this->db->quoteIdentifier($col);
+ $insert_cols[] = $this->db->quote_identifier($col);
$insert_values[] = $value;
}
$insert_cols[] = 'user_id';
@@ -378,7 +403,7 @@
if ($this->ID && $iid) {
$this->db->query(
"UPDATE ".$this->db->table_name('identities').
- " SET ".$this->db->quoteIdentifier('standard')." = '0'".
+ " SET ".$this->db->quote_identifier('standard')." = '0'".
" WHERE user_id = ?".
" AND identity_id <> ?".
" AND del <> 1",
@@ -488,9 +513,9 @@
"INSERT INTO ".$dbh->table_name('users').
" (created, last_login, username, mail_host, language)".
" VALUES (".$dbh->now().", ".$dbh->now().", ?, ?, ?)",
- strip_newlines($data['user']),
- strip_newlines($data['host']),
- strip_newlines($data['language']));
+ $data['user'],
+ $data['host'],
+ $data['language']);
if ($user_id = $dbh->insert_id('users')) {
// create rcube_user instance to make plugin hooks work
@@ -510,7 +535,7 @@
if (empty($user_email)) {
$user_email = strpos($data['user'], '@') ? $user : sprintf('%s@%s', $data['user'], $mail_domain);
}
- $email_list[] = strip_newlines($user_email);
+ $email_list[] = $user_email;
}
// identities_level check
else if (count($email_list) > 1 && $rcube->config->get('identities_level', 0) > 1) {
@@ -540,7 +565,6 @@
$record['name'] = $user_name != $record['email'] ? $user_name : '';
}
- $record['name'] = strip_newlines($record['name']);
$record['user_id'] = $user_id;
$record['standard'] = $standard;
@@ -619,11 +643,11 @@
$result = array();
$sql_result = $this->db->query(
- "SELECT search_id AS id, ".$this->db->quoteIdentifier('name')
+ "SELECT search_id AS id, ".$this->db->quote_identifier('name')
." FROM ".$this->db->table_name('searches')
." WHERE user_id = ?"
- ." AND ".$this->db->quoteIdentifier('type')." = ?"
- ." ORDER BY ".$this->db->quoteIdentifier('name'),
+ ." AND ".$this->db->quote_identifier('type')." = ?"
+ ." ORDER BY ".$this->db->quote_identifier('name'),
(int) $this->ID, (int) $type);
while ($sql_arr = $this->db->fetch_assoc($sql_result)) {
@@ -651,9 +675,9 @@
}
$sql_result = $this->db->query(
- "SELECT ".$this->db->quoteIdentifier('name')
- .", ".$this->db->quoteIdentifier('data')
- .", ".$this->db->quoteIdentifier('type')
+ "SELECT ".$this->db->quote_identifier('name')
+ .", ".$this->db->quote_identifier('data')
+ .", ".$this->db->quote_identifier('type')
." FROM ".$this->db->table_name('searches')
." WHERE user_id = ?"
." AND search_id = ?",
@@ -708,11 +732,11 @@
$insert_cols[] = 'user_id';
$insert_values[] = (int) $this->ID;
- $insert_cols[] = $this->db->quoteIdentifier('type');
+ $insert_cols[] = $this->db->quote_identifier('type');
$insert_values[] = (int) $data['type'];
- $insert_cols[] = $this->db->quoteIdentifier('name');
+ $insert_cols[] = $this->db->quote_identifier('name');
$insert_values[] = $data['name'];
- $insert_cols[] = $this->db->quoteIdentifier('data');
+ $insert_cols[] = $this->db->quote_identifier('data');
$insert_values[] = serialize($data['data']);
$sql = "INSERT INTO ".$this->db->table_name('searches')
--
Gitblit v1.9.1