Fix conflict with _gid cookie of Google Analytics (#5748)

TODO: Review the whole code base and don't use INPUT_GPC when it's not really needed,
      in most cases we should not read $_COOKIE.

CHANGELOG

@@ -1,7 +1,8 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
-- Fix bug where invalid recipients could be silently discareded (#5739)
+- Fix bug where invalid recipients could be silently discarded (#5739)
+- Fix conflict with _gid cookie of Google Analytics (#5748)
 
 RELEASE 1.3-rc
 --------------

program/lib/Roundcube/rcube_utils.php

@@ -27,9 +27,12 @@
 class rcube_utils
 {
     // define constants for input reading
-    const INPUT_GET  = 0x0101;
-    const INPUT_POST = 0x0102;
-    const INPUT_GPC  = 0x0103;
+    const INPUT_GET    = 1;
+    const INPUT_POST   = 2;
+    const INPUT_COOKIE = 4;
+    const INPUT_GP     = 3; // GET + POST
+    const INPUT_GPC    = 7; // GET + POST + COOKIE
+
 
     /**
      * Helper method to set a cookie with the current path and host settings
@@ -254,7 +257,7 @@ class rcube_utils
      * Performs stripslashes() and charset conversion if necessary
      *
      * @param string  Field name to read
-     * @param int     Source to get value from (GPC)
+     * @param int     Source to get value from (see self::INPUT_*)
      * @param boolean Allow HTML tags in field value
      * @param string  Charset to convert into
      *
@@ -264,26 +267,16 @@ class rcube_utils
     {
         $value = null;
 
-        if ($source == self::INPUT_GET) {
-            if (isset($_GET[$fname])) {
-                $value = $_GET[$fname];
-            }
+        if (($source & self::INPUT_GET) && isset($_GET[$fname])) {
+            $value = $_GET[$fname];
         }
-        else if ($source == self::INPUT_POST) {
-            if (isset($_POST[$fname])) {
-                $value = $_POST[$fname];
-            }
+
+        if (($source & self::INPUT_POST) && isset($_POST[$fname])) {
+            $value = $_POST[$fname];
         }
-        else if ($source == self::INPUT_GPC) {
-            if (isset($_POST[$fname])) {
-                $value = $_POST[$fname];
-            }
-            else if (isset($_GET[$fname])) {
-                $value = $_GET[$fname];
-            }
-            else if (isset($_COOKIE[$fname])) {
-                $value = $_COOKIE[$fname];
-            }
+
+        if (($source & self::INPUT_COOKIE) && isset($_COOKIE[$fname])) {
+            $value = $_COOKIE[$fname];
         }
 
         return self::parse_input_value($value, $allow_html, $charset);

program/steps/addressbook/delete.inc

@@ -61,8 +61,8 @@ foreach ($cids as $source => $cid) {
             $error = 'contactdelerror';
         }
 
-        $source = rcube_utils::get_input_value('_source', rcube_utils::INPUT_GPC);
-        $group  = rcube_utils::get_input_value('_gid', rcube_utils::INPUT_GPC);
+        $source = rcube_utils::get_input_value('_source', rcube_utils::INPUT_GP);
+        $group  = rcube_utils::get_input_value('_gid', rcube_utils::INPUT_GP);
 
         $OUTPUT->show_message($error, 'error');
         $OUTPUT->command('list_contacts', $source, $group);

program/steps/addressbook/func.inc

@@ -152,8 +152,7 @@ function rcmail_contact_source($source=null, $init_env=false, $writable=false)
     else
         $CONTACTS->set_page(isset($_SESSION['page']) ? $_SESSION['page'] : 1);
 
-    if (!empty($_REQUEST['_gid'])) {
-        $group = rcube_utils::get_input_value('_gid', rcube_utils::INPUT_GPC);
+    if ($group = rcube_utils::get_input_value('_gid', rcube_utils::INPUT_GP)) {
         $CONTACTS->set_group($group);
     }
 

program/steps/addressbook/mailto.inc

@@ -34,10 +34,10 @@ foreach ($cids as $source => $cid) {
 }
 
 if (!empty($_REQUEST['_gid']) && isset($_REQUEST['_source'])) {
-    $source   = rcube_utils::get_input_value('_source', rcube_utils::INPUT_GPC);
-    $CONTACTS = $RCMAIL->get_address_book($source);
+    $source   = rcube_utils::get_input_value('_source', rcube_utils::INPUT_GP);
+    $group_id = rcube_utils::get_input_value('_gid', rcube_utils::INPUT_GP);
 
-    $group_id   = rcube_utils::get_input_value('_gid', rcube_utils::INPUT_GPC);
+    $CONTACTS   = $RCMAIL->get_address_book($source);
     $group_data = $CONTACTS->get_group($group_id);
 
     // group has an email address assigned: use that

program/steps/mail/autocomplete.inc

@@ -22,7 +22,7 @@
 
 if ($RCMAIL->action == 'group-expand') {
     $abook = $RCMAIL->get_address_book(rcube_utils::get_input_value('_source', rcube_utils::INPUT_GPC));
-    if ($gid = rcube_utils::get_input_value('_gid', rcube_utils::INPUT_GPC)) {
+    if ($gid = rcube_utils::get_input_value('_gid', rcube_utils::INPUT_GET)) {
         $abook->set_group($gid);
         $abook->set_pagesize(9999);  // TODO: limit number of group members by config?
 

program/steps/mail/list_contacts.inc

@@ -80,7 +80,7 @@ else {
         $CONTACTS->set_pagesize($page_size);
         $CONTACTS->set_page($list_page);
 
-        if ($group_id = rcube_utils::get_input_value('_gid', rcube_utils::INPUT_GPC)) {
+        if ($group_id = rcube_utils::get_input_value('_gid', rcube_utils::INPUT_GET)) {
             $CONTACTS->set_group($group_id);
         }
         // list groups of this source (on page one)