From 197203727417a03d87053a47e5aa5175a76e3e0b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 17 Oct 2013 04:24:53 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/steps/settings/folders.inc | 34 +++++++++++++++++++---------------
1 files changed, 19 insertions(+), 15 deletions(-)
diff --git a/program/steps/settings/folders.inc b/program/steps/settings/folders.inc
index eea5806..72c1976 100644
--- a/program/steps/settings/folders.inc
+++ b/program/steps/settings/folders.inc
@@ -203,7 +203,7 @@
$IMAP->clear_cache('mailboxes', true);
$a_unsubscribed = $IMAP->list_unsubscribed();
- $a_subscribed = $IMAP->list_mailboxes();
+ $a_subscribed = $IMAP->list_mailboxes('', '*', null, null, true); // unsorted
$delimiter = $IMAP->get_hierarchy_delimiter();
$namespace = $IMAP->get_namespace();
$a_js_folders = array();
@@ -278,16 +278,13 @@
$display_folder = str_repeat(' ', $folder['level'])
. Q($protected ? rcmail_localize_foldername($folder['id']) : $folder['name']);
- if ($sub_key !== false)
- unset($a_subscribed[$sub_key]);
-
if ($folder['virtual']) {
$classes[] = 'virtual';
}
if (!$protected) {
- $opts = $IMAP->mailbox_options($folder['id']);
- $noselect = in_array('\\Noselect', $opts);
+ $attrs = $IMAP->mailbox_attributes($folder['id']);
+ $noselect = in_array('\\Noselect', $attrs);
}
$disabled = (($protected && $subscribed) || $noselect);
@@ -296,10 +293,12 @@
if (!$disabled && $folder['virtual'] && $folder['level'] == 0 && !empty($namespace)) {
$fname = $folder['id'] . $delimiter;
foreach ($namespace as $ns) {
- foreach ($ns as $item) {
- if ($item[0] === $fname) {
- $disabled = true;
- break 2;
+ if (is_array($ns)) {
+ foreach ($ns as $item) {
+ if ($item[0] === $fname) {
+ $disabled = true;
+ break 2;
+ }
}
}
}
@@ -317,6 +316,16 @@
}
}
}
+ // check if the folder is shared, then disable subscription option on it (if not subscribed already)
+ if (!$disabled && !$subscribed && $folder['virtual'] && !empty($namespace)) {
+ $tmp_ns = array_merge((array)$namespace['other'], (array)$namespace['shared']);
+ foreach ($tmp_ns as $item) {
+ if (strpos($folder['id'], $item[0]) === 0) {
+ $disabled = true;
+ break;
+ }
+ }
+ }
$table->add_row(array('id' => 'rcmrow'.$idx, 'class' => join(' ', $classes),
'foldername' => $folder['id']));
@@ -327,11 +336,6 @@
$a_js_folders['rcmrow'.$idx] = array($folder_utf8,
Q($display_folder), $protected || $folder['virtual']);
- }
-
- // Unsubscribe from non-existing folders
- foreach ($a_subscribed as $folder) {
- $IMAP->unsubscribe($folder);
}
$RCMAIL->plugins->exec_hook('folders_list', array('table' => $table));
--
Gitblit v1.9.1