Projects
Kolab:16:TestingLinked
roundcubemail
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 113
View file
roundcubemail.spec
Changed
@@ -48,7 +48,7 @@ %global logdir /var/log/roundcubemail %global tmpdir /var/lib/roundcubemail -%global rc_version 1.4.11.18 +%global rc_version 1.4.11.20 #%%global rc_rel_suffix rc2.12 %global dot_rel_suffix %{?rc_rel_suffix:.%{rc_rel_suffix}} %global dash_rel_suffix %{?rc_rel_suffix:-%{rc_rel_suffix}} @@ -3448,8 +3448,8 @@ %defattr(-,root,root,-) %changelog -* Wed Sep 1 2021 Jeroen van Meeuwen <vanmeeuwen@apheleia-it.ch> - 1.4.11.18-1 -- Check in release 1.4.11.18 +* Wed Sep 1 2021 Jeroen van Meeuwen <vanmeeuwen@apheleia-it.ch> - 1.4.11.20-1 +- Check in release 1.4.11.20 * Tue Apr 6 2021 Jeroen van Meeuwen <vanmeeuwen@apheleia-it.ch> - 1.4.11.4-1 - Check in release 1.4.11.4
View file
debian.changelog
Changed
@@ -1,6 +1,6 @@ -roundcubemail (1.4.11.18-0~kolab1) unstable; urgency=low +roundcubemail (1.4.11.20-0~kolab1) unstable; urgency=low - * Check in 1.4.11.18 + * Check in 1.4.11.20 -- Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> Wed, 1 Sep 2021 11:11:11 +0200
View file
roundcubemail-1.4.11.18.tar.gz/CHANGELOG -> roundcubemail-1.4.11.20.tar.gz/CHANGELOG
Changed
@@ -12,6 +12,7 @@ - Fix shift + drag'n'drop menu not working in Elastic skin with Chrome browser (#8107) - Fix Firefox infinate loading display on mail screen (#8128) - Fix XSS issue in handling attachment filename extension in mimetype mismatch warning (#8193) +- Fix SQL injection via some session variables RELEASE 1.4.11 --------------
View file
roundcubemail-1.4.11.18.tar.gz/program/steps/addressbook/export.inc -> roundcubemail-1.4.11.20.tar.gz/program/steps/addressbook/export.inc
Changed
@@ -22,9 +22,11 @@ $RCMAIL->request_security_check(rcube_utils::INPUT_GET); // Use search result -if (!empty($_REQUEST'_search') && isset($_SESSION'search'$_REQUEST'_search')) { +if (!empty($_REQUEST'_search') && isset($_SESSION'contact_search'$_REQUEST'_search') + && is_array($_SESSION'contact_search'$_REQUEST'_search') +) { $sort_col = $RCMAIL->config->get('addressbook_sort_col', 'name'); - $search = (array)$_SESSION'search'$_REQUEST'_search'; + $search = $_SESSION'contact_search'$_REQUEST'_search'; $records = array(); // Get records from all sources
View file
roundcubemail-1.4.11.18.tar.gz/program/steps/addressbook/func.inc -> roundcubemail-1.4.11.20.tar.gz/program/steps/addressbook/func.inc
Changed
@@ -985,8 +985,10 @@ { global $RCMAIL; - if (($search_request = $_REQUEST'_search') && isset($_SESSION'search'$search_request)) { - $search = (array)$_SESSION'search'$search_request; + if (($search_request = $_REQUEST'_search') && isset($_SESSION'contact_search'$search_request) + && is_array($_SESSION'contact_search'$search_request) + ) { + $search = $_SESSION'contact_search'$search_request; $sort_col = $RCMAIL->config->get('addressbook_sort_col', 'name'); $afields = $return ? $RCMAIL->config->get('contactlist_fields') : array('name', 'email'); $records = array(); @@ -1019,7 +1021,7 @@ $search$s = $source->get_search_set(); } - $_SESSION'search'$search_request = $search; + $_SESSION'contact_search'$search_request = $search; return $records; }
View file
roundcubemail-1.4.11.18.tar.gz/program/steps/addressbook/search.inc -> roundcubemail-1.4.11.20.tar.gz/program/steps/addressbook/search.inc
Changed
@@ -23,8 +23,7 @@ $id = rcube_utils::get_input_value('_search', rcube_utils::INPUT_POST); $name = rcube_utils::get_input_value('_name', rcube_utils::INPUT_POST, true); - if (($params = $_SESSION'search_params') && $params'id' == $id) { - + if (($params = $_SESSION'contact_search_params') && $params'id' == $id) { $data = array( 'type' => rcube_user::SEARCH_ADDRESSBOOK, 'name' => $name, @@ -211,8 +210,8 @@ .(is_array($search) ? implode(',', $search) : $search)); // save search settings in session - $_SESSION'search'$search_request = $search_set; - $_SESSION'search_params' = array('id' => $search_request, 'data' => array($fields, $search)); + $_SESSION'contact_search'$search_request = $search_set; + $_SESSION'contact_search_params' = array('id' => $search_request, 'data' => array($fields, $search)); $_SESSION'page' = 1; if ($adv)
View file
roundcubemail-1.4.11.18.tar.gz/program/steps/mail/list.inc -> roundcubemail-1.4.11.20.tar.gz/program/steps/mail/list.inc
Changed
@@ -25,7 +25,8 @@ $dont_override = (array) $RCMAIL->config->get('dont_override'); // is there a sort type for this request? -if ($sort = rcube_utils::get_input_value('_sort', rcube_utils::INPUT_GET)) { +$sort = rcube_utils::get_input_value('_sort', rcube_utils::INPUT_GET); +if ($sort && preg_match('/^a-zA-Z_-+$/', $sort)) { // yes, so set the sort vars list($sort_col, $sort_order) = explode('_', $sort);
View file
roundcubemail-1.4.11.18.tar.gz/program/steps/mail/list_contacts.inc -> roundcubemail-1.4.11.20.tar.gz/program/steps/mail/list_contacts.inc
Changed
@@ -24,9 +24,11 @@ $jsresult = array(); // Use search result -if (!empty($_REQUEST'_search') && isset($_SESSION'search'$_REQUEST'_search')) { - $search = (array)$_SESSION'search'$_REQUEST'_search'; - $sparam = $_SESSION'search_params''id' == $_REQUEST'_search' ? $_SESSION'search_params''data' : array(); +if (!empty($_REQUEST'_search') && isset($_SESSION'contact_search'$_REQUEST'_search') + && is_array($_SESSION'contact_search'$_REQUEST'_search') +) { + $search = $_SESSION'contact_search'$_REQUEST'_search'; + $sparam = $_SESSION'contact_search_params''id' == $_REQUEST'_search' ? $_SESSION'contact_search_params''data' : array(); // get records from all sources foreach ($search as $s => $set) {
View file
roundcubemail-1.4.11.18.tar.gz/program/steps/mail/search_contacts.inc -> roundcubemail-1.4.11.20.tar.gz/program/steps/mail/search_contacts.inc
Changed
@@ -97,8 +97,8 @@ $search_request = md5('composeaddr' . $search); // save search settings in session - $_SESSION'search'$search_request = $search_set; - $_SESSION'search_params' = array('id' => $search_request, 'data' => array($afields, $search)); + $_SESSION'contact_search'$search_request = $search_set; + $_SESSION'contact_search_params' = array('id' => $search_request, 'data' => array($afields, $search)); $OUTPUT->show_message('contactsearchsuccessful', 'confirmation', array('nr' => $result->count));
View file
roundcubemail.dsc
Changed
@@ -2,7 +2,7 @@ Source: roundcubemail Binary: roundcubemail Architecture: all -Version: 1:1.4.11.18-0~kolab1 +Version: 1:1.4.11.20-0~kolab1 Maintainer: Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> Uploaders: Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> Homepage: http://www.roundcube.net/ @@ -14,5 +14,5 @@ roundcubemail deb web extra roundcubemail-core deb web extra Files: - 00000000000000000000000000000000 0 roundcubemail-1.4.11.18.tar.gz + 00000000000000000000000000000000 0 roundcubemail-1.4.11.20.tar.gz 00000000000000000000000000000000 0 debian.tar.gz
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.