From 197203727417a03d87053a47e5aa5175a76e3e0b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 17 Oct 2013 04:24:53 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/steps/mail/check_recent.inc |   32 ++++++++++++++++++++------------
 1 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/program/steps/mail/check_recent.inc b/program/steps/mail/check_recent.inc
index 469fa48..4ec27c0 100644
--- a/program/steps/mail/check_recent.inc
+++ b/program/steps/mail/check_recent.inc
@@ -34,10 +34,24 @@
 
 // check recent/unseen counts
 foreach ($a_mailboxes as $mbox_name) {
-    if ($mbox_name == $current && ($status = $IMAP->mailbox_status($mbox_name))) {
+    $is_current = $mbox_name == $current;
+    if ($is_current) {
+        // Synchronize mailbox cache, handle flag changes
+        $IMAP->mailbox_sync($mbox_name);
+    }
 
-        rcmail_send_unread_count($mbox_name, true);
+    // Get mailbox status
+    $status = $IMAP->mailbox_status($mbox_name);
 
+    if ($status & 1) {
+        // trigger plugin hook
+        $RCMAIL->plugins->exec_hook('new_messages',
+            array('mailbox' => $mbox_name, 'is_current' => $is_current));
+    }
+
+    rcmail_send_unread_count($mbox_name, true);
+
+    if ($status && $is_current) {
         // refresh saved search set
         $search_request = get_input_value('_search', RCUBE_INPUT_GPC);
         if ($search_request && isset($_SESSION['search'])
@@ -67,28 +81,22 @@
 
         $OUTPUT->set_env('messagecount', $all_count);
         $OUTPUT->set_env('pagecount', ceil($all_count/$IMAP->page_size));
-        $OUTPUT->command('set_rowcount', rcmail_get_messagecount_text($all_count));
+        $OUTPUT->command('set_rowcount', rcmail_get_messagecount_text($all_count), $mbox_name);
         $OUTPUT->set_env('current_page', $all_count ? $IMAP->list_page : 1);
-
-        if ($status & 1) {
-            // trigger plugin hook
-            $RCMAIL->plugins->exec_hook('new_messages', array('mailbox' => $mbox_name));
-        }
 
         // remove old rows (and clear selection if new list is empty)
         $OUTPUT->command('message_list.clear', $all_count ? false : true);
 
         if ($all_count) {
-            $a_headers = $IMAP->list_headers($mbox_name, null, $_SESSION['sort_col'], $_SESSION['sort_order']);
+            $a_headers = $IMAP->list_headers($mbox_name, null, rcmail_sort_column(), rcmail_sort_order());
             // add message rows
             rcmail_js_message_list($a_headers, false);
             // remove messages that don't exists from list selection array
             $OUTPUT->command('update_selection');
         }
     }
-    else {
-        rcmail_send_unread_count($mbox_name, true);
-    }
 }
 
+$RCMAIL->plugins->exec_hook('keep_alive', array());
+
 $OUTPUT->send();

--
Gitblit v1.9.1