From 197203727417a03d87053a47e5aa5175a76e3e0b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 17 Oct 2013 04:24:53 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/steps/settings/folders.inc | 31 ++++++++++++++++++++++---------
1 files changed, 22 insertions(+), 9 deletions(-)
diff --git a/program/steps/settings/folders.inc b/program/steps/settings/folders.inc
index 982b21a..72c1976 100644
--- a/program/steps/settings/folders.inc
+++ b/program/steps/settings/folders.inc
@@ -203,7 +203,7 @@
$IMAP->clear_cache('mailboxes', true);
$a_unsubscribed = $IMAP->list_unsubscribed();
- $a_subscribed = $IMAP->list_mailboxes();
+ $a_subscribed = $IMAP->list_mailboxes('', '*', null, null, true); // unsorted
$delimiter = $IMAP->get_hierarchy_delimiter();
$namespace = $IMAP->get_namespace();
$a_js_folders = array();
@@ -256,7 +256,7 @@
$table->add('name', ' ');
$table->add(null, ' ');
- $a_js_folders['mailboxroot'] = array('.', '', true);
+ $a_js_folders['mailboxroot'] = array('', '', true);
$checkbox_subscribe = new html_checkbox(array(
'name' => '_subscribed[]',
@@ -267,7 +267,8 @@
// create list of available folders
foreach ($list_folders as $i => $folder) {
$idx = $i + 1;
- $subscribed = in_array($folder['id'], $a_subscribed);
+ $sub_key = array_search($folder['id'], $a_subscribed);
+ $subscribed = $sub_key !== false;
$protected = ($CONFIG['protect_default_folders'] == true && in_array($folder['id'], $CONFIG['default_imap_folders']));
$noselect = false;
$classes = array($i%2 ? 'even' : 'odd');
@@ -282,8 +283,8 @@
}
if (!$protected) {
- $opts = $IMAP->mailbox_options($folder['id']);
- $noselect = in_array('\\Noselect', $opts);
+ $attrs = $IMAP->mailbox_attributes($folder['id']);
+ $noselect = in_array('\\Noselect', $attrs);
}
$disabled = (($protected && $subscribed) || $noselect);
@@ -292,10 +293,12 @@
if (!$disabled && $folder['virtual'] && $folder['level'] == 0 && !empty($namespace)) {
$fname = $folder['id'] . $delimiter;
foreach ($namespace as $ns) {
- foreach ($ns as $item) {
- if ($item[0] === $fname) {
- $disabled = true;
- break 2;
+ if (is_array($ns)) {
+ foreach ($ns as $item) {
+ if ($item[0] === $fname) {
+ $disabled = true;
+ break 2;
+ }
}
}
}
@@ -313,6 +316,16 @@
}
}
}
+ // check if the folder is shared, then disable subscription option on it (if not subscribed already)
+ if (!$disabled && !$subscribed && $folder['virtual'] && !empty($namespace)) {
+ $tmp_ns = array_merge((array)$namespace['other'], (array)$namespace['shared']);
+ foreach ($tmp_ns as $item) {
+ if (strpos($folder['id'], $item[0]) === 0) {
+ $disabled = true;
+ break;
+ }
+ }
+ }
$table->add_row(array('id' => 'rcmrow'.$idx, 'class' => join(' ', $classes),
'foldername' => $folder['id']));
--
Gitblit v1.9.1