Fix empty email on identities list after identity update (#1488834)

pull/50/head
Aleksander Machniak 12 years ago
parent 5875548d98
commit 876d31d594

@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
- Fix empty email on identities list after identity update (#1488834)
- Add new identities_level: (4) one identity with possibility to edit only signature
- Use Delivered-To header as a last resort for identity selection (#1488840)
- Fix XSS vulnerability using Flash files (#1488828)

@ -26,17 +26,14 @@ $a_boolean_cols = array('standard', 'html_signature');
$updated = $default_id = false;
// check input
if (IDENTITIES_LEVEL != 4 && (empty($_POST['_name']) || (empty($_POST['_email']) && IDENTITIES_LEVEL != 1 && IDENTITIES_LEVEL != 3)))
{
if (IDENTITIES_LEVEL != 4 && (empty($_POST['_name']) || (empty($_POST['_email']) && IDENTITIES_LEVEL != 1 && IDENTITIES_LEVEL != 3))) {
$OUTPUT->show_message('formincomplete', 'warning');
rcmail_overwrite_action('edit-identity');
return;
}
$save_data = array();
foreach ($a_save_cols as $col)
{
foreach ($a_save_cols as $col) {
$fname = '_'.$col;
if (isset($_POST[$fname]))
$save_data[$col] = get_input_value($fname, RCUBE_INPUT_POST, true);
@ -44,24 +41,23 @@ foreach ($a_save_cols as $col)
// set "off" values for checkboxes that were not checked, and therefore
// not included in the POST body.
foreach ($a_boolean_cols as $col)
{
foreach ($a_boolean_cols as $col) {
$fname = '_' . $col;
if (!isset($_POST[$fname]))
$save_data[$col] = 0;
}
// unset email address if user has no rights to change it
if (IDENTITIES_LEVEL == 1 || IDENTITIES_LEVEL == 3 )
unset($save_data['email']);
if (IDENTITIES_LEVEL == 4 ){
unset($save_data['name']);
if (IDENTITIES_LEVEL == 1 || IDENTITIES_LEVEL == 3) {
unset($save_data['email']);
unset($save_data['organization']);
unset($save_data['reply-to']);
unset($save_data['bcc']);
unset($save_data['standard']);
}
// unset all fields except signature
else if (IDENTITIES_LEVEL == 4) {
foreach ($save_data as $idx => $value) {
if ($idx != 'signature' && $idx != 'html_signature') {
unset($save_data[$idx]);
}
}
}
// Validate e-mail addresses
@ -81,9 +77,16 @@ foreach ($email_checks as $email) {
}
// update an existing contact
if ($_POST['_iid'])
{
if ($_POST['_iid']) {
$iid = get_input_value('_iid', RCUBE_INPUT_POST);
if (in_array(IDENTITIES_LEVEL, array(1,3,4))) {
// merge with old identity data, fixes #1488834
$identity = $RCMAIL->user->get_identity($iid);
$save_data = array_merge($identity, $save_data);
unset($save_data['changed'], $save_data['del'], $save_data['user_id'], $save_data['identity_id']);
}
$plugin = $RCMAIL->plugins->exec_hook('identity_update', array('id' => $iid, 'record' => $save_data));
$save_data = $plugin['record'];
@ -97,8 +100,8 @@ if ($_POST['_iid'])
if ($updated) {
$OUTPUT->show_message('successfullysaved', 'confirmation');
if (!empty($_POST['_standard']))
$default_id = get_input_value('_iid', RCUBE_INPUT_POST);
if (!empty($save_data['standard']))
$default_id = $iid;
if ($_POST['_framed']) {
// update the changed col in list
@ -114,8 +117,7 @@ if ($_POST['_iid'])
}
// insert a new identity record
else if (IDENTITIES_LEVEL < 2)
{
else if (IDENTITIES_LEVEL < 2) {
if (IDENTITIES_LEVEL == 1) {
$save_data['email'] = $RCMAIL->get_user_email();
}
@ -136,7 +138,7 @@ else if (IDENTITIES_LEVEL < 2)
$_GET['_iid'] = $insert_id;
if (!empty($_POST['_standard']))
if (!empty($save_data['standard']))
$default_id = $insert_id;
if ($_POST['_framed']) {

Loading…
Cancel
Save