From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)

---
 program/include/rcmail.php |   38 --------------------------------------
 1 files changed, 0 insertions(+), 38 deletions(-)

diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index 343f479..01f7d1c 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -341,44 +341,6 @@
     return $list;
   }
 
-  /**
-   * Getter for compose responses.
-   * These are stored in local config and user preferences.
-   *
-   * @param boolean True to sort the list alphabetically
-   * @param boolean True if only this user's responses shall be listed
-   * @return array List of the current user's stored responses
-   */
-  public function get_compose_responses($sorted = false, $user_only = false)
-  {
-    $responses = array();
-
-    if (!$user_only) {
-      foreach ($this->config->get('compose_responses_static', array()) as $response) {
-        if (empty($response['key']))
-          $response['key'] = substr(md5($response['name']), 0, 16);
-        $response['static'] = true;
-        $response['class'] = 'readonly';
-        $k = $sorted ? '0000-' . strtolower($response['name']) : $response['key'];
-        $responses[$k] = $response;
-      }
-    }
-
-    foreach ($this->config->get('compose_responses', array()) as $response) {
-      if (empty($response['key']))
-        $response['key'] = substr(md5($response['name']), 0, 16);
-      $k = $sorted ? strtolower($response['name']) : $response['key'];
-      $responses[$k] = $response;
-    }
-
-    // sort list by name
-    if ($sorted) {
-      ksort($responses, SORT_LOCALE_STRING);
-    }
-
-    return array_values($responses);
-  }
-
 
   /**
    * Init output object for GUI and add common scripts.

--
Gitblit v1.9.1