From 197203727417a03d87053a47e5aa5175a76e3e0b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 17 Oct 2013 04:24:53 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/steps/mail/check_recent.inc | 134 ++++++++++++++++++++++++++------------------
1 files changed, 80 insertions(+), 54 deletions(-)
diff --git a/program/steps/mail/check_recent.inc b/program/steps/mail/check_recent.inc
index 8d757d4..4ec27c0 100644
--- a/program/steps/mail/check_recent.inc
+++ b/program/steps/mail/check_recent.inc
@@ -4,8 +4,8 @@
+-----------------------------------------------------------------------+
| program/steps/mail/check_recent.inc |
| |
- | This file is part of the RoundCube Webmail client |
- | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland |
+ | This file is part of the Roundcube Webmail client |
+ | Copyright (C) 2005-2010, The Roundcube Dev Team |
| Licensed under the GNU GPL |
| |
| PURPOSE: |
@@ -15,62 +15,88 @@
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
- $Id: check_recent.inc 233 2006-06-26 17:31:20Z richs $
+ $Id$
*/
-$a_mailboxes = $IMAP->list_mailboxes();
-$check_all = (bool)$RCMAIL->config->get('check_all_folders');
+$current = $IMAP->get_mailbox_name();
+$check_all = !empty($_GET['_refresh']) || (bool)$RCMAIL->config->get('check_all_folders');
-foreach ($a_mailboxes as $mbox_name) {
- if ($mbox_name == $IMAP->get_mailbox_name()) {
- if ($recent_count = $IMAP->messagecount(NULL, 'RECENT', TRUE)) {
- // refresh saved search set
- if (($search_request = get_input_value('_search', RCUBE_INPUT_GPC)) && isset($_SESSION['search'][$search_request])) {
- $_SESSION['search'][$search_request] = $IMAP->refresh_search();
- $all_count = $IMAP->messagecount();
- } else {
- $all_count = $IMAP->messagecount(NULL, 'ALL', TRUE);
- }
-
- $unread_count = $IMAP->messagecount(NULL, 'UNSEEN', TRUE);
-
- $OUTPUT->set_env('messagecount', $all_count);
- $OUTPUT->set_env('pagesize', $IMAP->page_size);
- $OUTPUT->set_env('pagecount', ceil($all_count/$IMAP->page_size));
- $OUTPUT->command('set_unread_count', $mbox_name, $unread_count, ($mbox_name == 'INBOX'));
- $OUTPUT->command('set_rowcount', rcmail_get_messagecount_text($all_count));
-
- if (rcmail::get_instance()->config->get('focus_on_new_message',true))
- $OUTPUT->command('new_message_focus');
-
- if (!empty($_GET['_quota']))
- $OUTPUT->command('set_quota', rcmail_quota_content($IMAP->get_quota()));
-
- // "No-list" mode, don't get messages
- if (empty($_GET['_list']))
- continue;
-
- // use SEARCH/SORT to find recent messages
- $search_str = 'RECENT';
- if ($search_request)
- $search_str .= ' '.$IMAP->search_string;
-
- $result = $IMAP->search($mbox_name, $search_str, NULL, 'date');
-
- if ($result) {
- // get the headers
- $result_h = $IMAP->list_headers($mbox_name, 1, 'date', 'DESC');
- // add to the list
- rcmail_js_message_list($result_h, true, false);
- }
- }
- }
- else if ($unseen = $IMAP->messagecount($mbox_name, 'UNSEEN', $check_all)) {
- $OUTPUT->command('set_unread_count', $mbox_name, $unseen);
- }
+// list of folders to check
+if ($check_all) {
+ $a_mailboxes = $IMAP->list_mailboxes('', '*', 'mail');
+}
+else {
+ $a_mailboxes = (array) $current;
+ if ($a_mailboxes[0] != 'INBOX')
+ $a_mailboxes[] = 'INBOX';
}
-$OUTPUT->send();
+// check recent/unseen counts
+foreach ($a_mailboxes as $mbox_name) {
+ $is_current = $mbox_name == $current;
+ if ($is_current) {
+ // Synchronize mailbox cache, handle flag changes
+ $IMAP->mailbox_sync($mbox_name);
+ }
-?>
+ // Get mailbox status
+ $status = $IMAP->mailbox_status($mbox_name);
+
+ if ($status & 1) {
+ // trigger plugin hook
+ $RCMAIL->plugins->exec_hook('new_messages',
+ array('mailbox' => $mbox_name, 'is_current' => $is_current));
+ }
+
+ rcmail_send_unread_count($mbox_name, true);
+
+ if ($status && $is_current) {
+ // refresh saved search set
+ $search_request = get_input_value('_search', RCUBE_INPUT_GPC);
+ if ($search_request && isset($_SESSION['search'])
+ && $_SESSION['search_request'] == $search_request
+ ) {
+ $_SESSION['search'] = $IMAP->refresh_search();
+ }
+
+ if (!empty($_GET['_quota']))
+ $OUTPUT->command('set_quota', rcmail_quota_content());
+
+ // "No-list" mode, don't get messages
+ if (empty($_GET['_list']))
+ continue;
+
+ // get overall message count; allow caching because rcube_imap::mailbox_status() did a refresh
+ $all_count = $IMAP->messagecount(null, $IMAP->threading ? 'THREADS' : 'ALL');
+
+ // check current page if we're not on the first page
+ if ($all_count && $IMAP->list_page > 1) {
+ $remaining = $all_count - $IMAP->page_size * ($IMAP->list_page - 1);
+ if ($remaining <= 0) {
+ $IMAP->set_page($IMAP->list_page-1);
+ $_SESSION['page'] = $IMAP->list_page;
+ }
+ }
+
+ $OUTPUT->set_env('messagecount', $all_count);
+ $OUTPUT->set_env('pagecount', ceil($all_count/$IMAP->page_size));
+ $OUTPUT->command('set_rowcount', rcmail_get_messagecount_text($all_count), $mbox_name);
+ $OUTPUT->set_env('current_page', $all_count ? $IMAP->list_page : 1);
+
+ // remove old rows (and clear selection if new list is empty)
+ $OUTPUT->command('message_list.clear', $all_count ? false : true);
+
+ if ($all_count) {
+ $a_headers = $IMAP->list_headers($mbox_name, null, rcmail_sort_column(), rcmail_sort_order());
+ // add message rows
+ rcmail_js_message_list($a_headers, false);
+ // remove messages that don't exists from list selection array
+ $OUTPUT->command('update_selection');
+ }
+ }
+}
+
+$RCMAIL->plugins->exec_hook('keep_alive', array());
+
+$OUTPUT->send();
--
Gitblit v1.9.1