From 197203727417a03d87053a47e5aa5175a76e3e0b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 17 Oct 2013 04:24:53 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/include/rcube_result_set.php | 17 +++++++++--------
1 files changed, 9 insertions(+), 8 deletions(-)
diff --git a/program/include/rcube_result_set.php b/program/include/rcube_result_set.php
index 499fb6a..db52fc5 100644
--- a/program/include/rcube_result_set.php
+++ b/program/include/rcube_result_set.php
@@ -4,8 +4,8 @@
+-----------------------------------------------------------------------+
| program/include/rcube_result_set.php |
| |
- | This file is part of the RoundCube Webmail client |
- | Copyright (C) 2006-2010, RoundCube Dev. - Switzerland |
+ | This file is part of the Roundcube Webmail client |
+ | Copyright (C) 2006-2011, The Roundcube Dev Team |
| Licensed under the GNU GPL |
| |
| PURPOSE: |
@@ -21,7 +21,7 @@
/**
- * RoundCube result set class.
+ * Roundcube result set class.
* Representing an address directory result set.
*
* @package Addressbook
@@ -31,6 +31,7 @@
var $count = 0;
var $first = 0;
var $current = 0;
+ var $searchonly = false;
var $records = array();
@@ -44,27 +45,27 @@
{
$this->records[] = $rec;
}
-
+
function iterate()
{
return $this->records[$this->current++];
}
-
+
function first()
{
$this->current = 0;
return $this->records[$this->current++];
}
-
+
// alias for iterate()
function next()
{
return $this->iterate();
}
-
+
function seek($i)
{
$this->current = $i;
}
-
+
}
--
Gitblit v1.9.1