From 197203727417a03d87053a47e5aa5175a76e3e0b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 17 Oct 2013 04:24:53 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/include/rcube_imap_cache.php |    8 +++++---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/program/include/rcube_imap_cache.php b/program/include/rcube_imap_cache.php
index ee4e925..acff146 100644
--- a/program/include/rcube_imap_cache.php
+++ b/program/include/rcube_imap_cache.php
@@ -1108,10 +1108,12 @@
     private function build_thread_data($data, &$depth, &$children, $level = 0)
     {
         foreach ((array)$data as $key => $val) {
-            $children[$key] = !empty($val);
-            $depth[$key] = $level;
-            if (!empty($val))
+            $empty          = empty($val) || !is_array($val);
+            $children[$key] = !$empty;
+            $depth[$key]    = $level;
+            if (!$empty) {
                 $this->build_thread_data($val, $depth, $children, $level + 1);
+            }
         }
     }
 

--
Gitblit v1.9.1