From 197203727417a03d87053a47e5aa5175a76e3e0b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 17 Oct 2013 04:24:53 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/steps/settings/save_identity.inc | 29 ++++++++++++++++-------------
1 files changed, 16 insertions(+), 13 deletions(-)
diff --git a/program/steps/settings/save_identity.inc b/program/steps/settings/save_identity.inc
index 30cc124..f493f73 100644
--- a/program/steps/settings/save_identity.inc
+++ b/program/steps/settings/save_identity.inc
@@ -5,7 +5,7 @@
| program/steps/settings/save_identity.inc |
| |
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2005-2009, Roundcube Dev. - Switzerland |
+ | Copyright (C) 2005-2009, The Roundcube Dev Team |
| Licensed under the GNU GPL |
| |
| PURPOSE: |
@@ -22,17 +22,17 @@
define('IDENTITIES_LEVEL', intval($RCMAIL->config->get('identities_level', 0)));
$a_save_cols = array('name', 'email', 'organization', 'reply-to', 'bcc', 'standard', 'signature', 'html_signature');
-$a_html_cols = array('signature');
+$a_html_cols = array('signature', 'name', 'organization');
$a_boolean_cols = array('standard', 'html_signature');
$updated = $default_id = false;
// check input
if (empty($_POST['_name']) || (empty($_POST['_email']) && IDENTITIES_LEVEL != 1 && IDENTITIES_LEVEL != 3))
- {
+{
$OUTPUT->show_message('formincomplete', 'warning');
rcmail_overwrite_action('edit-identity');
return;
- }
+}
$save_data = array();
@@ -59,8 +59,8 @@
// Validate e-mail addresses
foreach (array('email', 'reply-to', 'bcc') as $item) {
if ($email = $save_data[$item]) {
- $ascii_email = idn_to_ascii($email);
- if (!check_email($ascii_email, false)) {
+ $ascii_email = rcube_idn_to_ascii($email);
+ if (!check_email($ascii_email)) {
// show error message
$OUTPUT->show_message('emailformaterror', 'error', array('email' => $email), false);
rcmail_overwrite_action('edit-identity');
@@ -77,11 +77,11 @@
$save_data = $plugin['record'];
if ($save_data['email'])
- $save_data['email'] = idn_to_ascii($save_data['email']);
+ $save_data['email'] = rcube_idn_to_ascii($save_data['email']);
if ($save_data['bcc'])
- $save_data['bcc'] = idn_to_ascii($save_data['bcc']);
+ $save_data['bcc'] = rcube_idn_to_ascii($save_data['bcc']);
if ($save_data['reply-to'])
- $save_data['reply-to'] = idn_to_ascii($save_data['reply-to']);
+ $save_data['reply-to'] = rcube_idn_to_ascii($save_data['reply-to']);
if (!$plugin['abort'])
$updated = $USER->update_identity($iid, $save_data);
@@ -116,9 +116,12 @@
$plugin = $RCMAIL->plugins->exec_hook('identity_create', array('record' => $save_data));
$save_data = $plugin['record'];
- $save_data['email'] = idn_to_ascii($save_data['email']);
- $save_data['bcc'] = idn_to_ascii($save_data['bcc']);
- $save_data['reply-to'] = idn_to_ascii($save_data['reply-to']);
+ if ($save_data['email'])
+ $save_data['email'] = rcube_idn_to_ascii($save_data['email']);
+ if ($save_data['bcc'])
+ $save_data['bcc'] = rcube_idn_to_ascii($save_data['bcc']);
+ if ($save_data['reply-to'])
+ $save_data['reply-to'] = rcube_idn_to_ascii($save_data['reply-to']);
if (!$plugin['abort'])
$insert_id = $save_data['email'] ? $USER->insert_identity($save_data) : null;
@@ -127,7 +130,7 @@
if ($insert_id) {
$OUTPUT->show_message('successfullysaved', 'confirmation', null, false);
-
+
$_GET['_iid'] = $insert_id;
if (!empty($_POST['_standard']))
--
Gitblit v1.9.1