From f06aa8058b7e32ba32d4551074b6e0b8a300f751 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Mon, 21 Oct 2013 15:02:40 -0400
Subject: [PATCH] Bump version after security fix

---
 program/steps/mail/autocomplete.inc |   64 ++++++++++++++++++++++----------
 1 files changed, 44 insertions(+), 20 deletions(-)

diff --git a/program/steps/mail/autocomplete.inc b/program/steps/mail/autocomplete.inc
index 8ccfaaa..95d6118 100644
--- a/program/steps/mail/autocomplete.inc
+++ b/program/steps/mail/autocomplete.inc
@@ -7,7 +7,10 @@
  | This file is part of the Roundcube Webmail client                     |
  | Copyright (C) 2008-2011, Roundcube Dev Team                           |
  | Copyright (C) 2011, Kolab Systems AG                                  |
- | Licensed under the GNU GPL                                            |
+ |                                                                       |
+ | Licensed under the GNU General Public License version 3 or            |
+ | any later version with exceptions for skins & plugins.                |
+ | See the README file for a full license statement.                     |
  |                                                                       |
  | PURPOSE:                                                              |
  |   Perform a search on configured address books for the address        |
@@ -26,10 +29,12 @@
     $members = array();
     $abook->set_group($gid);
     $abook->set_pagesize(1000);  // TODO: limit number of group members by config
-    $result = $abook->list_records(array('email','name'));
+    $result = $abook->list_records(array('name', 'firstname', 'surname', 'email'));
     while ($result && ($sql_arr = $result->iterate())) {
-      foreach ((array)$sql_arr['email'] as $email)
-        $members[] = format_email_recipient($email, $sql_arr['name']);
+      foreach ((array)$sql_arr['email'] as $email) {
+        $members[] = format_email_recipient($email, rcube_addressbook::compose_list_name($sql_arr));
+        break;  // only expand one email per contact
+      }
     }
 
     $separator = trim($RCMAIL->config->get('recipients_separator', ',')) . ' ';
@@ -40,8 +45,9 @@
 }
 
 
-$MAXNUM = (int)$RCMAIL->config->get('autocomplete_max', 15);
+$MAXNUM = (int) $RCMAIL->config->get('autocomplete_max', 15);
 $mode   = (int) $RCMAIL->config->get('addressbook_search_mode');
+$single = (bool) $RCMAIL->config->get('autocomplete_single');
 $search = get_input_value('_search', RCUBE_INPUT_GPC, true);
 $source = get_input_value('_source', RCUBE_INPUT_GPC);
 $sid    = get_input_value('_id', RCUBE_INPUT_GPC);
@@ -53,6 +59,7 @@
 
 if (!empty($book_types) && strlen($search)) {
   $contacts  = array();
+  $sort_keys = array();
   $books_num = count($book_types);
   $search_lc = mb_strtolower($search);
 
@@ -60,24 +67,37 @@
     $abook = $RCMAIL->get_address_book($id);
     $abook->set_pagesize($MAXNUM);
 
-    if ($result = $abook->search(array('email','name'), $search, $mode, true, true, 'email')) {
+    if ($result = $abook->search(array('name', 'firstname', 'surname', 'email'), $search, $mode, true, true, 'email')) {
       while ($sql_arr = $result->iterate()) {
         // Contact can have more than one e-mail address
         $email_arr = (array)$abook->get_col_values('email', $sql_arr, true);
         $email_cnt = count($email_arr);
+        $idx = 0;
         foreach ($email_arr as $email) {
-          if (empty($email))
+          if (empty($email)) {
             continue;
+          }
+
+          $sql_arr['name'] = rcube_addressbook::compose_list_name($sql_arr);
           $contact = format_email_recipient($email, $sql_arr['name']);
+
           // skip entries that don't match
           if ($email_cnt > 1 && strpos(mb_strtolower($contact), $search_lc) === false) {
             continue;
           }
+
           // skip duplicates
           if (!in_array($contact, $contacts)) {
-            $contacts[] = $contact;
+            $contacts[]  = $contact;
+            $sort_keys[] = sprintf('%s %03d', $sql_arr['name'] , $idx++);
+
             if (count($contacts) >= $MAXNUM)
               break 2;
+          }
+
+          // skip redundant entries (show only first email address)
+          if ($single) {
+            break;
           }
         }
       }
@@ -92,15 +112,20 @@
 
         // group (distribution list) with email address(es)
         if ($group_prop['email']) {
+            $idx = 0;
             foreach ((array)$group_prop['email'] as $email) {
-                $contacts[] = format_email_recipient($email, $group['name']);
+                $contacts[]  = format_email_recipient($email, $group['name']);
+                $sort_keys[] = sprintf('%s %03d', $group['name'] , $idx++);
+
                 if (count($contacts) >= $MAXNUM)
                   break 2;
             }
         }
         // show group with count
         else if (($result = $abook->count()) && $result->count) {
-          $contacts[] = array('name' => $group['name'] . ' (' . intval($result->count) . ')', 'id' => $group['ID'], 'source' => $id);
+          $contacts[]  = array('name' => $group['name'] . ' (' . intval($result->count) . ')', 'id' => $group['ID'], 'source' => $id);
+          $sort_keys[] = $group['name'];
+
           if (count($contacts) >= $MAXNUM)
             break;
         }
@@ -108,17 +133,16 @@
     }
   }
 
-  usort($contacts, 'contact_results_sort');
+  if (count($contacts)) {
+    // sort contacts index
+    asort($sort_keys, SORT_LOCALE_STRING);
+    // re-sort contacts according to index
+    foreach ($sort_keys as $idx => $val) {
+      $sort_keys[$idx] = $contacts[$idx];
+    }
+    $contacts = array_values($sort_keys);
+  }
 }
 
 $OUTPUT->command('ksearch_query_results', $contacts, $search, $sid);
 $OUTPUT->send();
-
-
-function contact_results_sort($a, $b)
-{
-  $name_a = is_array($a) ? $a['name'] : $a;
-  $name_b = is_array($b) ? $b['name'] : $b;
-  return strcoll(trim($name_a, '" '), trim($name_b, '" '));
-}
-

--
Gitblit v1.9.1