From 197203727417a03d87053a47e5aa5175a76e3e0b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 17 Oct 2013 04:24:53 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/steps/mail/mark.inc |   22 +++++++++++-----------
 1 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/program/steps/mail/mark.inc b/program/steps/mail/mark.inc
index 57eae64..710a77e 100644
--- a/program/steps/mail/mark.inc
+++ b/program/steps/mail/mark.inc
@@ -4,7 +4,7 @@
  | program/steps/mail/mark.inc                                           |
  |                                                                       |
  | This file is part of the Roundcube Webmail client                     |
- | Copyright (C) 2005-2009, Roundcube Dev. - Switzerland                 |
+ | Copyright (C) 2005-2009, The Roundcube Dev Team                       |
  | Licensed under the GNU GPL                                            |
  |                                                                       |
  | PURPOSE:                                                              |
@@ -47,9 +47,12 @@
     // send error message
     if ($_POST['_from'] != 'show')
       $OUTPUT->command('list_mailbox');
-    $OUTPUT->show_message('errormarking', 'error');
+    rcmail_display_server_error('errormarking');
     $OUTPUT->send();
     exit;
+  }
+  else if (empty($_POST['_quiet'])) {
+    $OUTPUT->show_message('messagemarked', 'confirmation');
   }
 
   if ($flag == 'DELETED' && $CONFIG['read_when_deleted'] && !empty($_POST['_ruid'])) {
@@ -95,24 +98,21 @@
       // update mailboxlist
       $mbox = $IMAP->get_mailbox_name();
       $unseen_count = $msg_count ? $IMAP->messagecount($mbox, 'UNSEEN') : 0;
-      $old_unseen = $_SESSION['unseen_count'][$mbox];
+      $old_unseen = rcmail_get_unseen_count($mbox);
 
       if ($old_unseen != $unseen_count) {
         $OUTPUT->command('set_unread_count', $mbox, $unseen_count, ($mbox == 'INBOX'));
-	    $_SESSION['unseen_count'][$mbox] = $unseen_count;
+        rcmail_set_unseen_count($mbox, $unseen_count);
       }
-      $OUTPUT->command('set_rowcount', rcmail_get_messagecount_text($msg_count));
+      $OUTPUT->command('set_rowcount', rcmail_get_messagecount_text($msg_count), $mbox);
 
       if ($IMAP->threading)
-	    $count = get_input_value('_count', RCUBE_INPUT_POST);
+        $count = get_input_value('_count', RCUBE_INPUT_POST);
 
       // add new rows from next page (if any)
       if ($count && $uids != '*' && ($jump_back || $nextpage_count > 0)) {
-        $sort_col   = isset($_SESSION['sort_col'])   ? $_SESSION['sort_col']   : $CONFIG['message_sort_col'];
-        $sort_order = isset($_SESSION['sort_order']) ? $_SESSION['sort_order'] : $CONFIG['message_sort_order'];
-
-        $a_headers = $IMAP->list_headers($mbox, NULL, $sort_col, $sort_order,
-	    $jump_back ? NULL : $count);
+        $a_headers = $IMAP->list_headers($mbox, NULL,
+          rcmail_sort_column(), rcmail_sort_order(), $jump_back ? NULL : $count);
 
         rcmail_js_message_list($a_headers, false);
       }

--
Gitblit v1.9.1