banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix security issue in delete-response action - allow only ajax request.

Browse Source 
Unify code for identities and responses deletion.
pull/201/head
Aleksander Machniak 10 years ago
parent 36d004e3d0
commit ca01e25772
6 changed files with 42 additions and 67 deletions
Show Stats Download Patch File Download Diff File

1
CHANGELOG
Unescape Escape View File

@ -53,6 +53,7 @@ CHANGELOG Roundcube Webmail
- Fix list reload after sending message in another window (#1489931)
- Fix so address format errors are ignored when saving a draft (#1489954)
- Fix incorrect label translation in return receipt (#1489963)
- Fix security issue in delete-response action - allow only ajax request
RELEASE 1.0.1
-------------

22
program/js/app.js
Unescape Escape View File

@ -3722,10 +3722,7 @@ function rcube_webmail()
// submit delete request
if (key && confirm(this.get_label('deleteresponseconfirm'))) {
this.http_post('settings/delete-response', { _key: key }, false);
return true;
}
return false;
};
// updates spellchecker buttons on state change
@ -5700,10 +5697,8 @@ function rcube_webmail()
id = this.env.iid ? this.env.iid : selection[0];
// submit request with appended token
if (confirm(this.get_label('deleteidentityconfirm')))
this.goto_url('delete-identity', { _iid: id, _token: this.env.request_token }, true);
return true;
if (id && confirm(this.get_label('deleteidentityconfirm')))
this.http_post('settings/delete-identity', { _iid: id }, true);
};
this.update_identity_row = function(id, name, add)
@ -5749,6 +5744,19 @@ function rcube_webmail()
}
};
this.remove_identity = function(id)
{
var frame, list = this.identity_list,
rid = this.html_identifier(id);
if (list && id) {
list.remove_row(rid);
if (this.env.contentframe && (frame = this.get_frame_window(this.env.contentframe))) {
frame.location.href = this.env.blankpage;
}
}
};
/*********************************************************/
/********* folder manager methods *********/

55
program/steps/settings/delete_identity.inc
Unescape Escape View File

@ -1,55 +0,0 @@
<?php
/*
+-----------------------------------------------------------------------+
| program/steps/settings/delete_identity.inc |
| |
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2005-2013, The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
| See the README file for a full license statement. |
| |
| PURPOSE: |
| Delete the submitted identities (IIDs) from the database |
| |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
*/
$iid = rcube_utils::get_input_value('_iid', rcube_utils::INPUT_GPC);
// check request token
if (!$OUTPUT->ajax_call && !$RCMAIL->check_request(rcube_utils::INPUT_GPC)) {
$OUTPUT->show_message('invalidrequest', 'error');
$RCMAIL->overwrite_action('identities');
return;
}
if ($iid && preg_match('/^[0-9]+(,[0-9]+)*$/', $iid)) {
$plugin = $RCMAIL->plugins->exec_hook('identity_delete', array('id' => $iid));
$deleted = !$plugin['abort'] ? $RCMAIL->user->delete_identity($iid) : $plugin['result'];
if ($deleted > 0 && $deleted !== false) {
$OUTPUT->show_message('deletedsuccessfully', 'confirmation', null, false);
}
else {
$msg = $plugin['message'] ? $plugin['message'] : ($deleted < 0 ? 'nodeletelastidentity' : 'errorsaving');
$OUTPUT->show_message($msg, 'error', null, false);
}
// send response
if ($OUTPUT->ajax_call) {
$OUTPUT->send();
}
}
if ($OUTPUT->ajax_call) {
exit;
}
// go to identities page
$RCMAIL->overwrite_action('identities');

1
program/steps/settings/func.inc
Unescape Escape View File

@ -44,6 +44,7 @@ $RCMAIL->register_action_map(array(
'add-response' => 'edit_response.inc',
'save-response' => 'edit_response.inc',
'delete-response' => 'responses.inc',
'delete-identity' => 'identities.inc',
'upload-display' => 'upload.inc',
));

22
program/steps/settings/identities.inc
Unescape Escape View File

@ -19,6 +19,28 @@
+-----------------------------------------------------------------------+
*/
if ($RCMAIL->action == 'delete-identity' && $OUTPUT->ajax_call) {
$iid = rcube_utils::get_input_value('_iid', rcube_utils::INPUT_POST);
if ($iid && preg_match('/^[0-9]+(,[0-9]+)*$/', $iid)) {
$plugin = $RCMAIL->plugins->exec_hook('identity_delete', array('id' => $iid));
$deleted = !$plugin['abort'] ? $RCMAIL->user->delete_identity($iid) : $plugin['result'];
if ($deleted > 0 && $deleted !== false) {
$OUTPUT->show_message('deletedsuccessfully', 'confirmation', null, false);
$OUTPUT->command('remove_identity', $iid);
}
else {
$msg = $plugin['message'] ? $plugin['message'] : ($deleted < 0 ? 'nodeletelastidentity' : 'errorsaving');
$OUTPUT->show_message($msg, 'error', null, false);
}
}
$OUTPUT->send();
}
define('IDENTITIES_LEVEL', intval($RCMAIL->config->get('identities_level', 0)));
$OUTPUT->set_pagetitle($RCMAIL->gettext('identities'));

8
program/steps/settings/responses.inc
Unescape Escape View File

@ -51,8 +51,8 @@ if (!empty($_POST['_insert'])) {
$RCMAIL->output->send();
}
if ($RCMAIL->action == 'delete-response') {
if ($key = rcube_utils::get_input_value('_key', rcube_utils::INPUT_GPC)) {
if ($RCMAIL->action == 'delete-response' && $RCMAIL->output->ajax_call) {
if ($key = rcube_utils::get_input_value('_key', rcube_utils::INPUT_POST)) {
$responses = $RCMAIL->get_compose_responses(false, true);
foreach ($responses as $i => $response) {
if (empty($response['key']))
@ -70,9 +70,7 @@ if ($RCMAIL->action == 'delete-response') {
$RCMAIL->output->command('remove_response', $key);
}
if ($RCMAIL->output->ajax_call) {
$RCMAIL->output->send();
}
$RCMAIL->output->send();
}

Write Preview
Loading…
Cancel
Save