banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix bug where IMAP password could be exposed via error message (#5472)

Browse Source
pull/5468/merge
Aleksander Machniak 8 years ago
parent b8f9ba7d47
commit cf9f0d8829
2 changed files with 58 additions and 52 deletions
Show Stats Download Patch File Download Diff File

1
CHANGELOG
Unescape Escape View File

@ -57,6 +57,7 @@ CHANGELOG Roundcube Webmail
- Enigma: Fix bug where last records on keys list were hidden (#5461)
- Enigma: Fix key search with keyword containing non-ascii characters (#5459)
- Fix bug where deleting folders with subfolders could fail in some cases (#5466)
- Fix bug where IMAP password could be exposed via error message (#5472)
RELEASE 1.2.2
-------------

39
program/lib/Roundcube/rcube_imap_generic.php
Unescape Escape View File

@ -2028,7 +2028,7 @@ class rcube_imap_generic
$request = "$key $cmd $message_set (" . implode(' ', $fields) . ")";
if (!$this->putLine($request)) {
$this->setError(self::ERROR_COMMAND, "Unable to send command: $request");
$this->setError(self::ERROR_COMMAND, "Failed to send $cmd command");
return false;
}
@ -2355,15 +2355,15 @@ class rcube_imap_generic
$result = array();
$key = $this->nextTag();
$request = $key . ($is_uid ? ' UID' : '') . " FETCH $message_set ";
$request .= "(" . implode(' ', $query_items) . ")";
$cmd = ($is_uid ? 'UID ' : '') . 'FETCH';
$request = "$key $cmd $message_set (" . implode(' ', $query_items) . ")";
if ($mod_seq !== null && $this->hasCapability('CONDSTORE')) {
$request .= " (CHANGEDSINCE $mod_seq" . ($vanished ? " VANISHED" : '') .")";
}
if (!$this->putLine($request)) {
$this->setError(self::ERROR_COMMAND, "Unable to send command: $request");
$this->setError(self::ERROR_COMMAND, "Failed to send $cmd command");
return false;
}
@ -2714,7 +2714,7 @@ class rcube_imap_generic
// send request
if (!$this->putLine($request)) {
$this->setError(self::ERROR_COMMAND, "Unable to send command: $request");
$this->setError(self::ERROR_COMMAND, "Failed to send UID FETCH command");
return false;
}
@ -2782,14 +2782,15 @@ class rcube_imap_generic
// format request
$key = $this->nextTag();
$request = $key . ($is_uid ? ' UID' : '') . " FETCH $id ($fetch_mode.PEEK[$part]$partial)";
$cmd = ($is_uid ? 'UID ' : '') . 'FETCH';
$request = "$key $cmd $id ($fetch_mode.PEEK[$part]$partial)";
$result = false;
$found = false;
$initiated = true;
// send request
if (!$this->putLine($request)) {
$this->setError(self::ERROR_COMMAND, "Unable to send command: $request");
$this->setError(self::ERROR_COMMAND, "Failed to send $cmd command");
return false;
}
@ -2990,7 +2991,11 @@ class rcube_imap_generic
$request .= ' ' . ($binary ? '~' : '') . '{' . $len . ($literal_plus ? '+' : '') . '}';
// send APPEND command
if ($this->putLine($request)) {
if (!$this->putLine($request)) {
$this->setError(self::ERROR_COMMAND, "Failed to send APPEND command");
return false;
}
// Do not wait when LITERAL+ is supported
if (!$literal_plus) {
$line = $this->readReply();
@ -3037,18 +3042,15 @@ class rcube_imap_generic
// Clear internal status cache
unset($this->data['STATUS:'.$mailbox]);
if ($this->parseResult($line, 'APPEND: ') != self::ERROR_OK)
if ($this->parseResult($line, 'APPEND: ') != self::ERROR_OK) {
return false;
else if (!empty($this->data['APPENDUID']))
return $this->data['APPENDUID'];
else
return true;
}
else {
$this->setError(self::ERROR_COMMAND, "Unable to send command: $request");
if (!empty($this->data['APPENDUID'])) {
return $this->data['APPENDUID'];
}
return false;
return true;
}
/**
@ -3707,7 +3709,10 @@ class rcube_imap_generic
// Send command
if (!$this->putLineC($query, true, ($options & self::COMMAND_ANONYMIZED))) {
$this->setError(self::ERROR_COMMAND, "Unable to send command: $query");
preg_match('/^[A-Z0-9]+ ((UID )?[A-Z]+)/', $query, $matches);
$cmd = $matches[1] ?: 'UNKNOWN';
$this->setError(self::ERROR_COMMAND, "Failed to send $cmd command");
return $noresp ? self::ERROR_COMMAND : array(self::ERROR_COMMAND, '');
}

Write Preview
Loading…
Cancel
Save