banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Better input checking on GET and POST vars

Browse Source
release-0.6
thomascube 18 years ago
parent 1012ea3946
commit b3ce791561
9 changed files with 34 additions and 37 deletions
Show Stats Download Patch File Download Diff File

4
program/include/main.inc
Unescape Escape View File

@ -1689,12 +1689,12 @@ function create_attrib_string($attrib, $allowed_attribs=array('id', 'class', 'st
function parse_attrib_string($str) function parse_attrib_string($str)
{ {
$attrib = array(); $attrib = array();
preg_match_all('/\s*([-_a-z]+)=["]([^"]+)["]?/i', stripslashes($str), $regs, PREG_SET_ORDER); preg_match_all('/\s*([-_a-z]+)=(["\'])([^"]+)\2/Ui', stripslashes($str), $regs, PREG_SET_ORDER);
// convert attributes to an associative array (name => value) // convert attributes to an associative array (name => value)
if ($regs) if ($regs)
foreach ($regs as $attr) foreach ($regs as $attr)
$attrib[strtolower($attr[1])] = $attr[2]; $attrib[strtolower($attr[1])] = $attr[3];
return $attrib; return $attrib;
} }

8
program/steps/mail/folders.inc
Unescape Escape View File

@ -25,10 +25,10 @@ $mbox_name = $IMAP->get_mailbox_name();
// send EXPUNGE command // send EXPUNGE command
if ($_action=='expunge') if ($_action=='expunge')
{ {
$success = $IMAP->expunge($_GET['_mbox']); $success = $IMAP->expunge(get_input_value('_mbox', RCUBE_INPUT_GET));
// reload message list if current mailbox // reload message list if current mailbox
if ($success && $_GET['_reload']) if ($success && !empty($_GET['_reload']))
{ {
rcube_remote_response('this.message_list.clear();', TRUE); rcube_remote_response('this.message_list.clear();', TRUE);
$_action = 'list'; $_action = 'list';
@ -41,9 +41,9 @@ if ($_action=='expunge')
// clear mailbox // clear mailbox
else if ($_action=='purge') else if ($_action=='purge')
{ {
$success = $IMAP->clear_mailbox($_GET['_mbox']); $success = $IMAP->clear_mailbox(get_input_value('_mbox', RCUBE_INPUT_GET));
if ($success && $_GET['_reload']) if ($success && !empty($_GET['_reload']))
{ {
$commands = "this.message_list.clear();\n"; $commands = "this.message_list.clear();\n";
$commands .= "this.set_env('messagecount', 0);\n"; $commands .= "this.set_env('messagecount', 0);\n";

10
program/steps/mail/func.inc
Unescape Escape View File

@ -30,16 +30,16 @@ if (empty($_SESSION['mbox'])){
} }
// set imap properties and session vars // set imap properties and session vars
if (strlen($mbox = get_input_value('_mbox', RCUBE_INPUT_GET))) if ($mbox = get_input_value('_mbox', RCUBE_INPUT_GPC))
{ {
$IMAP->set_mailbox($mbox); $IMAP->set_mailbox($mbox);
$_SESSION['mbox'] = $mbox; $_SESSION['mbox'] = $mbox;
} }
if (strlen($_GET['_page'])) if (!empty($_GET['_page']))
{ {
$IMAP->set_page($_GET['_page']); $IMAP->set_page((int)$_GET['_page']);
$_SESSION['page'] = $_GET['_page']; $_SESSION['page'] = (int)$_GET['_page'];
} }
// set mailbox to INBOX if not set // set mailbox to INBOX if not set
@ -59,7 +59,7 @@ if (!empty($_GET['_search']) && isset($_SESSION['search'][$_GET['_search']]))
// define url for getting message parts // define url for getting message parts
if (strlen($_GET['_uid'])) if (strlen($_GET['_uid']))
$GET_URL = sprintf('%s&_action=get&_mbox=%s&_uid=%d', $COMM_PATH, $IMAP->get_mailbox_name(), $_GET['_uid']); $GET_URL = sprintf('%s&_action=get&_mbox=%s&_uid=%d', $COMM_PATH, $IMAP->get_mailbox_name(), get_input_value('_uid', RCUBE_INPUT_GET));
// set current mailbox in client environment // set current mailbox in client environment

4
program/steps/mail/list.inc
Unescape Escape View File

@ -22,10 +22,8 @@
$REMOTE_REQUEST = TRUE; $REMOTE_REQUEST = TRUE;
$OUTPUT_TYPE = 'js'; $OUTPUT_TYPE = 'js';
$sort = isset($_GET['_sort']) ? $_GET['_sort'] : false;
// is there a sort type for this request? // is there a sort type for this request?
if ($sort) if ($sort = get_input_value('_sort', RCUBE_INPUT_GET))
{ {
// yes, so set the sort vars // yes, so set the sort vars
list($sort_col, $sort_order) = explode('_', $sort); list($sort_col, $sort_order) = explode('_', $sort);

6
program/steps/mail/mark.inc
Unescape Escape View File

@ -25,10 +25,10 @@ $a_flags_map = array('undelete' => 'UNDELETED',
'read' => 'SEEN', 'read' => 'SEEN',
'unread' => 'UNSEEN'); 'unread' => 'UNSEEN');
if ($_GET['_uid'] && $_GET['_flag']) if (($uids = get_input_value('_uid', RCUBE_INPUT_GET)) && ($flag = get_input_value('_flag', RCUBE_INPUT_GET)))
{ {
$flag = $a_flags_map[$_GET['_flag']] ? $a_flags_map[$_GET['_flag']] : strtoupper($_GET['_flag']); $flag = $a_flags_map[$flag] ? $a_flags_map[$flag] : strtoupper($flag);
$marked = $IMAP->set_flag($_GET['_uid'], $flag); $marked = $IMAP->set_flag($uids, $flag);
if ($marked != -1) if ($marked != -1)
{ {
$mbox_name = $IMAP->get_mailbox_name(); $mbox_name = $IMAP->get_mailbox_name();

19
program/steps/mail/move_del.inc
Unescape Escape View File

@ -22,10 +22,11 @@
$REMOTE_REQUEST = TRUE; $REMOTE_REQUEST = TRUE;
// move messages // move messages
if ($_action=='moveto' && $_GET['_uid'] && $_GET['_target_mbox']) if ($_action=='moveto' && !empty($_GET['_uid']) && !empty($_GET['_target_mbox']))
{ {
$count = sizeof(explode(',', $_GET['_uid'])); $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_GET))));
$moved = $IMAP->move_message($_GET['_uid'], $_GET['_target_mbox'], $_GET['_mbox']); $target = get_input_value('_target_mbox', RCUBE_INPUT_GET);
$moved = $IMAP->move_message($uids, $target, get_input_value('_mbox', RCUBE_INPUT_GET));
if (!$moved) if (!$moved)
{ {
@ -38,10 +39,10 @@ if ($_action=='moveto' && $_GET['_uid'] && $_GET['_target_mbox'])
} }
// delete messages // delete messages
else if ($_action=='delete' && $_GET['_uid']) else if ($_action=='delete' && !empty($_GET['_uid']))
{ {
$count = sizeof(explode(',', $_GET['_uid'])); $count = sizeof(explode(',', ($uids = get_input_value('_uid', RCUBE_INPUT_GET))));
$del = $IMAP->delete_message($_GET['_uid'], $_GET['_mbox']); $del = $IMAP->delete_message($uids, get_input_value('_mbox', RCUBE_INPUT_GET));
if (!$del) if (!$del)
{ {
@ -60,7 +61,7 @@ else
} }
// refresh saved seach set after moving some messages // refresh saved seach set after moving some messages
if (($search_request = $_GET['_search']) && $IMAP->search_set) if (($search_request = get_input_value('_search', RCUBE_INPUT_GPC)) && $IMAP->search_set)
$_SESSION['search'][$search_request] = $IMAP->refresh_search(); $_SESSION['search'][$search_request] = $IMAP->refresh_search();
@ -75,8 +76,8 @@ $commands .= sprintf("this.set_env('pagecount', %d);\n", $pages);
$mbox = $IMAP->get_mailbox_name(); $mbox = $IMAP->get_mailbox_name();
$commands .= sprintf("this.set_unread_count('%s', %d);\n", $mbox, $IMAP->messagecount($mbox, 'UNSEEN')); $commands .= sprintf("this.set_unread_count('%s', %d);\n", $mbox, $IMAP->messagecount($mbox, 'UNSEEN'));
if ($_action=='moveto') if ($_action=='moveto' && $target)
$commands .= sprintf("this.set_unread_count('%s', %d);\n", $_GET['_target_mbox'], $IMAP->messagecount($_GET['_target_mbox'], 'UNSEEN')); $commands .= sprintf("this.set_unread_count('%s', %d);\n", $target, $IMAP->messagecount($target, 'UNSEEN'));
$commands .= sprintf("this.set_quota('%s');\n", $IMAP->get_quota()); $commands .= sprintf("this.set_quota('%s');\n", $IMAP->get_quota());

2
program/steps/mail/show.inc
Unescape Escape View File

@ -64,7 +64,7 @@ if ($_GET['_uid'])
// mark message as read // mark message as read
if (!$MESSAGE['headers']->seen && $_action != 'preview') if (!$MESSAGE['headers']->seen && $_action != 'preview')
$IMAP->set_flag($_GET['_uid'], 'SEEN'); $IMAP->set_flag($MESSAGE['UID'], 'SEEN');
// give message uid to the client // give message uid to the client
$javascript = sprintf("%s.set_env('uid', '%s');\n", $JS_OBJECT_NAME, $MESSAGE['UID']); $javascript = sprintf("%s.set_env('uid', '%s');\n", $JS_OBJECT_NAME, $MESSAGE['UID']);

6
program/steps/settings/delete_identity.inc
Unescape Escape View File

@ -19,14 +19,12 @@
*/ */
$REMOTE_REQUEST = $_GET['_remote'] ? TRUE : FALSE; if (($ids = get_input_value('_iid', RCUBE_INPUT_GET)) && preg_match('/^[0-9]+(,[0-9]+)*$/', $ids))
if ($_GET['_iid'] && preg_match('/^[0-9]+(,[0-9]+)*$/',$_GET['_iid']))
{ {
$DB->query("UPDATE ".get_table_name('identities')." $DB->query("UPDATE ".get_table_name('identities')."
SET del=1 SET del=1
WHERE user_id=? WHERE user_id=?
AND identity_id IN (".$_GET['_iid'].")", AND identity_id IN (".$ids.")",
$_SESSION['user_id']); $_SESSION['user_id']);
$count = $DB->affected_rows(); $count = $DB->affected_rows();

12
program/steps/settings/manage_folders.inc
Unescape Escape View File

@ -26,8 +26,8 @@ rcmail_imap_init(TRUE);
// subscribe to one or more mailboxes // subscribe to one or more mailboxes
if ($_action=='subscribe') if ($_action=='subscribe')
{ {
if (strlen($_GET['_mboxes'])) if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_GET))
$IMAP->subscribe(array($_GET['_mboxes'])); $IMAP->subscribe(array($mboxes));
if ($REMOTE_REQUEST) if ($REMOTE_REQUEST)
rcube_remote_response('// subscribed'); rcube_remote_response('// subscribed');
@ -36,8 +36,8 @@ if ($_action=='subscribe')
// unsubscribe one or more mailboxes // unsubscribe one or more mailboxes
else if ($_action=='unsubscribe') else if ($_action=='unsubscribe')
{ {
if (strlen($_GET['_mboxes'])) if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_GET))
$IMAP->unsubscribe(array($_GET['_mboxes'])); $IMAP->unsubscribe(array($mboxes));
if ($REMOTE_REQUEST) if ($REMOTE_REQUEST)
rcube_remote_response('// unsubscribed'); rcube_remote_response('// unsubscribed');
@ -95,8 +95,8 @@ else if ($_action=='rename-folder')
// delete an existing IMAP mailbox // delete an existing IMAP mailbox
else if ($_action=='delete-folder') else if ($_action=='delete-folder')
{ {
if (!empty($_GET['_mboxes'])) if (get_input_value('_mboxes', RCUBE_INPUT_GET))
$deleted = $IMAP->delete_mailbox(array(get_input_value('_mboxes', RCUBE_INPUT_GET))); $deleted = $IMAP->delete_mailbox(array($mboxes));
if ($REMOTE_REQUEST && $deleted) if ($REMOTE_REQUEST && $deleted)
{ {

Write Preview
Loading…
Cancel
Save