From f06aa8058b7e32ba32d4551074b6e0b8a300f751 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Mon, 21 Oct 2013 15:02:40 -0400
Subject: [PATCH] Bump version after security fix

---
 program/steps/mail/autocomplete.inc |   50 ++++++++++++++++++++++++++++++++------------------
 1 files changed, 32 insertions(+), 18 deletions(-)

diff --git a/program/steps/mail/autocomplete.inc b/program/steps/mail/autocomplete.inc
index e40bb76..95d6118 100644
--- a/program/steps/mail/autocomplete.inc
+++ b/program/steps/mail/autocomplete.inc
@@ -7,7 +7,10 @@
  | This file is part of the Roundcube Webmail client                     |
  | Copyright (C) 2008-2011, Roundcube Dev Team                           |
  | Copyright (C) 2011, Kolab Systems AG                                  |
- | Licensed under the GNU GPL                                            |
+ |                                                                       |
+ | Licensed under the GNU General Public License version 3 or            |
+ | any later version with exceptions for skins & plugins.                |
+ | See the README file for a full license statement.                     |
  |                                                                       |
  | PURPOSE:                                                              |
  |   Perform a search on configured address books for the address        |
@@ -26,10 +29,12 @@
     $members = array();
     $abook->set_group($gid);
     $abook->set_pagesize(1000);  // TODO: limit number of group members by config
-    $result = $abook->list_records(array('email','name'));
+    $result = $abook->list_records(array('name', 'firstname', 'surname', 'email'));
     while ($result && ($sql_arr = $result->iterate())) {
-      foreach ((array)$sql_arr['email'] as $email)
-        $members[] = format_email_recipient($email, $sql_arr['name']);
+      foreach ((array)$sql_arr['email'] as $email) {
+        $members[] = format_email_recipient($email, rcube_addressbook::compose_list_name($sql_arr));
+        break;  // only expand one email per contact
+      }
     }
 
     $separator = trim($RCMAIL->config->get('recipients_separator', ',')) . ' ';
@@ -54,6 +59,7 @@
 
 if (!empty($book_types) && strlen($search)) {
   $contacts  = array();
+  $sort_keys = array();
   $books_num = count($book_types);
   $search_lc = mb_strtolower($search);
 
@@ -61,16 +67,18 @@
     $abook = $RCMAIL->get_address_book($id);
     $abook->set_pagesize($MAXNUM);
 
-    if ($result = $abook->search(array('email','name'), $search, $mode, true, true, 'email')) {
+    if ($result = $abook->search(array('name', 'firstname', 'surname', 'email'), $search, $mode, true, true, 'email')) {
       while ($sql_arr = $result->iterate()) {
         // Contact can have more than one e-mail address
         $email_arr = (array)$abook->get_col_values('email', $sql_arr, true);
         $email_cnt = count($email_arr);
+        $idx = 0;
         foreach ($email_arr as $email) {
           if (empty($email)) {
             continue;
           }
 
+          $sql_arr['name'] = rcube_addressbook::compose_list_name($sql_arr);
           $contact = format_email_recipient($email, $sql_arr['name']);
 
           // skip entries that don't match
@@ -80,7 +88,9 @@
 
           // skip duplicates
           if (!in_array($contact, $contacts)) {
-            $contacts[] = $contact;
+            $contacts[]  = $contact;
+            $sort_keys[] = sprintf('%s %03d', $sql_arr['name'] , $idx++);
+
             if (count($contacts) >= $MAXNUM)
               break 2;
           }
@@ -102,15 +112,20 @@
 
         // group (distribution list) with email address(es)
         if ($group_prop['email']) {
+            $idx = 0;
             foreach ((array)$group_prop['email'] as $email) {
-                $contacts[] = format_email_recipient($email, $group['name']);
+                $contacts[]  = format_email_recipient($email, $group['name']);
+                $sort_keys[] = sprintf('%s %03d', $group['name'] , $idx++);
+
                 if (count($contacts) >= $MAXNUM)
                   break 2;
             }
         }
         // show group with count
         else if (($result = $abook->count()) && $result->count) {
-          $contacts[] = array('name' => $group['name'] . ' (' . intval($result->count) . ')', 'id' => $group['ID'], 'source' => $id);
+          $contacts[]  = array('name' => $group['name'] . ' (' . intval($result->count) . ')', 'id' => $group['ID'], 'source' => $id);
+          $sort_keys[] = $group['name'];
+
           if (count($contacts) >= $MAXNUM)
             break;
         }
@@ -118,17 +133,16 @@
     }
   }
 
-  usort($contacts, 'contact_results_sort');
+  if (count($contacts)) {
+    // sort contacts index
+    asort($sort_keys, SORT_LOCALE_STRING);
+    // re-sort contacts according to index
+    foreach ($sort_keys as $idx => $val) {
+      $sort_keys[$idx] = $contacts[$idx];
+    }
+    $contacts = array_values($sort_keys);
+  }
 }
 
 $OUTPUT->command('ksearch_query_results', $contacts, $search, $sid);
 $OUTPUT->send();
-
-
-function contact_results_sort($a, $b)
-{
-  $name_a = is_array($a) ? $a['name'] : $a;
-  $name_b = is_array($b) ? $b['name'] : $b;
-  return strcoll(trim($name_a, '" '), trim($name_b, '" '));
-}
-

--
Gitblit v1.9.1