From f06aa8058b7e32ba32d4551074b6e0b8a300f751 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Mon, 21 Oct 2013 15:02:40 -0400
Subject: [PATCH] Bump version after security fix
---
program/steps/mail/list.inc | 112 ++++++++++++++++++++++++++++++++++++++++---------------
1 files changed, 81 insertions(+), 31 deletions(-)
diff --git a/program/steps/mail/list.inc b/program/steps/mail/list.inc
index 6e06374..73131e4 100644
--- a/program/steps/mail/list.inc
+++ b/program/steps/mail/list.inc
@@ -4,9 +4,12 @@
+-----------------------------------------------------------------------+
| program/steps/mail/list.inc |
| |
- | This file is part of the RoundCube Webmail client |
- | Copyright (C) 2005, RoundCube Dev. - Switzerland |
- | Licensed under the GNU GPL |
+ | This file is part of the Roundcube Webmail client |
+ | Copyright (C) 2005-2007, The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
| |
| PURPOSE: |
| Send message list to client (as remote response) |
@@ -19,51 +22,98 @@
*/
-$REMOTE_REQUEST = TRUE;
-$OUTPUT_TYPE = 'js';
+if (!$OUTPUT->ajax_call) {
+ return;
+}
// is there a sort type for this request?
if ($sort = get_input_value('_sort', RCUBE_INPUT_GET))
- {
+{
// yes, so set the sort vars
list($sort_col, $sort_order) = explode('_', $sort);
// set session vars for sort (so next page and task switch know how to sort)
- $_SESSION['sort_col'] = $sort_col;
- $_SESSION['sort_order'] = $sort_order;
- }
-else
- {
- // use session settings if set, defaults if not
- $sort_col = isset($_SESSION['sort_col']) ? $_SESSION['sort_col'] : $CONFIG['message_sort_col'];
- $sort_order = isset($_SESSION['sort_order']) ? $_SESSION['sort_order'] : $CONFIG['message_sort_order'];
- }
+ $save_arr = array();
+ $_SESSION['sort_col'] = $save_arr['message_sort_col'] = $sort_col;
+ $_SESSION['sort_order'] = $save_arr['message_sort_order'] = $sort_order;
+}
+// is there a set of columns for this request?
+if ($cols = get_input_value('_cols', RCUBE_INPUT_GET))
+{
+ $save_arr = array();
+ $save_arr['list_cols'] = explode(',', $cols);
+}
+
+if ($save_arr)
+ $RCMAIL->user->save_prefs($save_arr);
+
+$mbox_name = $RCMAIL->storage->get_folder();
+$threading = (bool) $RCMAIL->storage->get_threading();
+
+// Synchronize mailbox cache, handle flag changes
+$RCMAIL->storage->folder_sync($mbox_name);
+
+// initialize searching result if search_filter is used
+if ($_SESSION['search_filter'] && $_SESSION['search_filter'] != 'ALL')
+{
+ $search_request = md5($mbox_name.$_SESSION['search_filter']);
+ $RCMAIL->storage->search($mbox_name, $_SESSION['search_filter'], RCMAIL_CHARSET, rcmail_sort_column());
+ $_SESSION['search'] = $RCMAIL->storage->get_search_set();
+ $_SESSION['search_request'] = $search_request;
+ $OUTPUT->set_env('search_request', $search_request);
+}
// fetch message headers
-if ($count = $IMAP->messagecount())
- $a_headers = $IMAP->list_headers($mbox_name, NULL, $sort_col, $sort_order);
+if ($count = $RCMAIL->storage->count($mbox_name, $threading ? 'THREADS' : 'ALL', !empty($_REQUEST['_refresh'])))
+ $a_headers = $RCMAIL->storage->list_messages($mbox_name, NULL, rcmail_sort_column(), rcmail_sort_order());
-$unseen = $IMAP->messagecount($mbox_name, 'UNSEEN', !empty($_GET['_refresh']) ? TRUE : FALSE);
+// update search set (possible change of threading mode)
+if (!empty($_REQUEST['_search']) && isset($_SESSION['search'])
+ && $_SESSION['search_request'] == $_REQUEST['_search']
+) {
+ $_SESSION['search'] = $RCMAIL->storage->get_search_set();
+}
+// remove old search data
+else if (empty($_REQUEST['_search']) && isset($_SESSION['search'])) {
+ $RCMAIL->session->remove('search');
+}
-// update message count display
-$pages = ceil($count/$IMAP->page_size);
-$commands = sprintf("this.set_env('messagecount', %d);\n", $count);
-$commands .= sprintf("this.set_env('pagecount', %d);\n", $pages);
-$commands .= sprintf("this.set_rowcount('%s');\n", rcmail_get_messagecount_text($count));
+
+// empty result? we'll skip UNSEEN counting in rcmail_send_unread_count()
+if (empty($search_request) && empty($a_headers)) {
+ $unseen = 0;
+}
// update mailboxlist
-$mbox_name = $IMAP->get_mailbox_name();
-$commands .= sprintf("this.set_unread_count('%s', %d);\n", addslashes($mbox_name), $unseen);
+rcmail_send_unread_count($mbox_name, !empty($_REQUEST['_refresh']), $unseen);
+// update message count display
+$pages = ceil($count/$RCMAIL->storage->get_pagesize());
+$OUTPUT->set_env('messagecount', $count);
+$OUTPUT->set_env('pagecount', $pages);
+$OUTPUT->set_env('threading', $threading);
+$OUTPUT->set_env('current_page', $count ? $RCMAIL->storage->get_page() : 1);
+$OUTPUT->command('set_rowcount', rcmail_get_messagecount_text($count), $mbox_name);
+$OUTPUT->command('set_mailboxname', rcmail_get_mailbox_name_text());
// add message rows
+rcmail_js_message_list($a_headers, FALSE, $cols);
if (isset($a_headers) && count($a_headers))
- $commands .= rcmail_js_message_list($a_headers);
+{
+ if ($search_request)
+ $OUTPUT->show_message('searchsuccessful', 'confirmation', array('nr' => $count));
+}
+else {
+ // handle IMAP errors (e.g. #1486905)
+ if ($err_code = $RCMAIL->storage->get_error_code()) {
+ rcmail_display_server_error();
+ }
+ else if ($search_request)
+ $OUTPUT->show_message('searchnomatch', 'notice');
+ else
+ $OUTPUT->show_message('nomessagesfound', 'notice');
+}
-
// send response
-rcube_remote_response($commands);
-
-exit;
-?>
\ No newline at end of file
+$OUTPUT->send();
--
Gitblit v1.9.1