Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names

Conflicts: plugins/archive/archive.php
6 years ago · 16b5a345e0
parent d9eed3625b
commit 16b5a345e0
4 changed files with 52 additions and 8 deletions
--- a/1
+++ b/1
@ -4,6 +4,7 @@ CHANGELOG Roundcube Webmail
 - Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244)
 - Fix bug where some parts of quota information could have been ignored (#6280)
 - Fix bug where some escape sequences in html styles could bypass security checks
+- Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names

 RELEASE 1.3.6
 -------------
--- a/program/lib/Roundcube/rcube_imap.php
+++ b/program/lib/Roundcube/rcube_imap.php
@ -3722,6 +3722,35 @@ class rcube_imap extends rcube_storage
        }
    }

+    /**
+     * Check if the folder name is valid
+     *
+     * @param string $folder Folder name (UTF-8)
+     * @param string &$char  First forbidden character found
+     *
+     * @return bool True if the name is valid, False otherwise
+     */
+    public function folder_validate($folder, &$char = null)
+    {
+        if (parent::folder_validate($folder, $char)) {
+            $vendor = $this->get_vendor();
+            $regexp = '\\x00-\\x1F\\x7F%*';
+
+            if ($vendor == 'cyrus') {
+                // List based on testing Kolab's Cyrus-IMAP 2.5
+                $regexp .= '!`@(){}|\\?<;"';
+            }
+
+            if (!preg_match("/[$regexp]/", $folder, $m)) {
+                return true;
+            }
+
+            $char = $m[0];
+        }
+
+        return false;
+    }
+
    /**
     * Get message header names for rcube_imap_generic::fetchHeader(s)
     *
--- a/program/lib/Roundcube/rcube_storage.php
+++ b/program/lib/Roundcube/rcube_storage.php
@ -796,6 +796,26 @@ abstract class rcube_storage
     */
    abstract function mod_folder($folder, $mode = 'out');

+    /**
+     * Check if the folder name is valid
+     *
+     * @param string $folder Folder name (UTF-8)
+     * @param string &$char  First forbidden character found
+     *
+     * @return bool True if the name is valid, False otherwise
+     */
+    public function folder_validate($folder, &$char = null)
+    {
+        $delim = $this->get_hierarchy_delimiter();
+
+        if (strpos($folder, $delim) !== false) {
+            $char = $delim;
+            return false;
+        }
+
+        return true;
+    }
+
    /**
     * Create all folders specified as default
     */
--- a/program/steps/settings/save_folder.inc
+++ b/program/steps/settings/save_folder.inc
@ -45,14 +45,8 @@ else if (mb_strlen($name) > 128) {
 else if ($name[0] == '.' && $RCMAIL->config->get('imap_skip_hidden_folders')) {
    $error = $RCMAIL->gettext('namedotforbidden');
 }
-else {
-    // these characters are problematic e.g. when used in LIST/LSUB
-    foreach (array($delimiter, '%', '*') as $char) {
-        if (strpos($name, $char) !== false) {
-            $error = $RCMAIL->gettext('forbiddencharacter') . " ($char)";
-            break;
-        }
-    }
+else if (!$STORAGE->folder_validate($name, $char)) {
+    $error = $RCMAIL->gettext('forbiddencharacter') . " ($char)";
 }

 if ($error) {