From 197203727417a03d87053a47e5aa5175a76e3e0b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 17 Oct 2013 04:24:53 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/steps/mail/mark.inc | 30 +++++++++++++++---------------
1 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/program/steps/mail/mark.inc b/program/steps/mail/mark.inc
index 6d102af..710a77e 100644
--- a/program/steps/mail/mark.inc
+++ b/program/steps/mail/mark.inc
@@ -3,8 +3,8 @@
+-----------------------------------------------------------------------+
| program/steps/mail/mark.inc |
| |
- | This file is part of the RoundCube Webmail client |
- | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland |
+ | This file is part of the Roundcube Webmail client |
+ | Copyright (C) 2005-2009, The Roundcube Dev Team |
| Licensed under the GNU GPL |
| |
| PURPOSE: |
@@ -43,20 +43,23 @@
$marked = $IMAP->set_flag($uids, $flag);
- if ($marked == -1) {
+ if (!$marked) {
// send error message
if ($_POST['_from'] != 'show')
$OUTPUT->command('list_mailbox');
- $OUTPUT->show_message('errormarking', 'error');
+ rcmail_display_server_error('errormarking');
$OUTPUT->send();
exit;
+ }
+ else if (empty($_POST['_quiet'])) {
+ $OUTPUT->show_message('messagemarked', 'confirmation');
}
if ($flag == 'DELETED' && $CONFIG['read_when_deleted'] && !empty($_POST['_ruid'])) {
$ruids = get_input_value('_ruid', RCUBE_INPUT_POST);
$read = $IMAP->set_flag($ruids, 'SEEN');
- if ($read != -1 && !$CONFIG['skip_deleted'])
+ if ($read && !$CONFIG['skip_deleted'])
$OUTPUT->command('flag_deleted_as_read', $ruids);
}
@@ -72,7 +75,7 @@
} else {
// refresh saved search set after moving some messages
if (($search_request = get_input_value('_search', RCUBE_INPUT_GPC)) && $IMAP->search_set) {
- $_SESSION['search'][$search_request] = $IMAP->refresh_search();
+ $_SESSION['search'] = $IMAP->refresh_search();
}
$msg_count = $IMAP->messagecount(NULL, $IMAP->threading ? 'THREADS' : 'ALL');
@@ -95,24 +98,21 @@
// update mailboxlist
$mbox = $IMAP->get_mailbox_name();
$unseen_count = $msg_count ? $IMAP->messagecount($mbox, 'UNSEEN') : 0;
- $old_unseen = $_SESSION['unseen_count'][$mbox];
+ $old_unseen = rcmail_get_unseen_count($mbox);
if ($old_unseen != $unseen_count) {
$OUTPUT->command('set_unread_count', $mbox, $unseen_count, ($mbox == 'INBOX'));
- $_SESSION['unseen_count'][$mbox] = $unseen_count;
+ rcmail_set_unseen_count($mbox, $unseen_count);
}
- $OUTPUT->command('set_rowcount', rcmail_get_messagecount_text($msg_count));
+ $OUTPUT->command('set_rowcount', rcmail_get_messagecount_text($msg_count), $mbox);
if ($IMAP->threading)
- $count = get_input_value('_count', RCUBE_INPUT_POST);
+ $count = get_input_value('_count', RCUBE_INPUT_POST);
// add new rows from next page (if any)
if ($count && $uids != '*' && ($jump_back || $nextpage_count > 0)) {
- $sort_col = isset($_SESSION['sort_col']) ? $_SESSION['sort_col'] : $CONFIG['message_sort_col'];
- $sort_order = isset($_SESSION['sort_order']) ? $_SESSION['sort_order'] : $CONFIG['message_sort_order'];
-
- $a_headers = $IMAP->list_headers($mbox, NULL, $sort_col, $sort_order,
- $jump_back ? NULL : $count);
+ $a_headers = $IMAP->list_headers($mbox, NULL,
+ rcmail_sort_column(), rcmail_sort_order(), $jump_back ? NULL : $count);
rcmail_js_message_list($a_headers, false);
}
--
Gitblit v1.9.1