From 197203727417a03d87053a47e5aa5175a76e3e0b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 17 Oct 2013 04:24:53 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/include/rcube_imap_cache.php |   10 ++++++----
 1 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/program/include/rcube_imap_cache.php b/program/include/rcube_imap_cache.php
index b51bc6d..acff146 100644
--- a/program/include/rcube_imap_cache.php
+++ b/program/include/rcube_imap_cache.php
@@ -853,7 +853,7 @@
         // @TODO: find better validity check for threaded index
         if ($is_thread) {
             // check messages number...
-            if ($mbox_data['EXISTS'] != @max(array_keys($index['depth']))) {
+            if (!$this->skip_deleted && $mbox_data['EXISTS'] != @max(array_keys($index['depth']))) {
                 return false;
             }
             return true;
@@ -1108,10 +1108,12 @@
     private function build_thread_data($data, &$depth, &$children, $level = 0)
     {
         foreach ((array)$data as $key => $val) {
-            $children[$key] = !empty($val);
-            $depth[$key] = $level;
-            if (!empty($val))
+            $empty          = empty($val) || !is_array($val);
+            $children[$key] = !$empty;
+            $depth[$key]    = $level;
+            if (!$empty) {
                 $this->build_thread_data($val, $depth, $children, $level + 1);
+            }
         }
     }
 

--
Gitblit v1.9.1