[prev in list] [next in list] [prev in thread] [next in thread]
List: squirrelmail-cvs
Subject: [SM-CVS] SF.net SVN: squirrelmail:[14757] branches/SM-1_4-STABLE/squirrelmail
From: pdontthink--- via squirrelmail-cvs <squirrelmail-cvs () lists ! sourceforge ! net>
Date: 2018-04-19 4:14:32
Message-ID: 1524111272.466957.16283 () sfp-scm-1 ! v30 ! lw ! sourceforge ! com
[Download RAW message or body]
Revision: 14757
http://sourceforge.net/p/squirrelmail/code/14757
Author: pdontthink
Date: 2018-04-19 04:14:31 +0000 (Thu, 19 Apr 2018)
Log Message:
-----------
Allow users who cannot edit their email address but who have multiple identities to \
edit all their identities
Modified Paths:
--------------
branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog
branches/SM-1_4-STABLE/squirrelmail/functions/identity.php
branches/SM-1_4-STABLE/squirrelmail/include/options/personal.php
branches/SM-1_4-STABLE/squirrelmail/src/options_identities.php
Modified: branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog 2018-04-06 17:31:06 UTC (rev \
14756)
+++ branches/SM-1_4-STABLE/squirrelmail/doc/ChangeLog 2018-04-19 04:14:31 UTC (rev \
14757) @@ -119,6 +119,8 @@
replying to after sending
- Sanitize user-supplied attachment filenames (thanks to Florian
Grunow for reporting this issue) [CVE-2018-8741]
+ - Allow users who cannot edit their email address but who have
+ multiple identities to edit all their identities
Version 1.4.22 - 12 July 2011
-----------------------------
Modified: branches/SM-1_4-STABLE/squirrelmail/functions/identity.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/functions/identity.php 2018-04-06 17:31:06 \
UTC (rev 14756)
+++ branches/SM-1_4-STABLE/squirrelmail/functions/identity.php 2018-04-19 04:14:31 \
UTC (rev 14757) @@ -66,7 +66,7 @@
*/
function save_identities($identities) {
- global $username, $data_dir, $domain;
+ global $username, $data_dir, $domain, $edit_identity, $edit_name, \
$edit_reply_to;
if (empty($identities) || !is_array($identities)) {
return;
@@ -89,8 +89,16 @@
$key = ($id?$id:'');
+ if (!$edit_identity && !$edit_name)
+ $ident['full_name'] = getPref($data_dir, $username, 'full_name' . $key);
setPref($data_dir, $username, 'full_name' . $key, $ident['full_name']);
+
+ if (!$edit_identity)
+ $ident['email_address'] = getPref($data_dir, $username, 'email_address' \
. $key);
setPref($data_dir, $username, 'email_address' . $key, \
$ident['email_address']); +
+ if (!$edit_identity && !$edit_reply_to)
+ $ident['reply_to'] = getPref($data_dir, $username, 'reply_to' . $key);
setPref($data_dir, $username, 'reply_to' . $key, $ident['reply_to']);
if ($id === 0) {
@@ -115,6 +123,8 @@
*/
function sqfixidentities( $identities, $id, $action ) {
+ global $edit_identity;
+ $num_cur = getPref($data_dir, $username, 'identities');
$fixed = array();
$tmp_hold = array();
$i = 0;
@@ -125,14 +135,19 @@
foreach( $identities as $key=>$ident ) {
- if (empty_identity($ident)) {
- continue;
- }
+ // we already have a delete action; legit empty array
+ // can happen if email address is not ediable
+ // if (empty_identity($ident)) {
+ // continue;
+ // }
switch($action) {
case 'makedefault':
+ // can only get here if someone is trying to be sneaky
+ if ($num_cur < 2) exit;
+
if ($key == $id) {
$fixed[0] = $ident;
@@ -147,6 +162,9 @@
case 'move':
+ // can only get here if someone is trying to be sneaky
+ if ($num_cur < 2) exit;
+
if ($key == ($id - 1)) {
$tmp_hold = $ident;
@@ -166,6 +184,9 @@
case 'delete':
+ // can only get here if someone is trying to be sneaky
+ if (!$edit_identity) exit;
+
if ($key == $id) {
// inform plugins about deleted id
do_hook('options_identities_process', $action, $id);
@@ -178,6 +199,10 @@
// Process actions from plugins and save/update action //
default:
+ // make sure no one is being sneaky trying to add identities when \
they shouldn't + if (!$edit_identity && $num_cur !== \
count($identities)) { + exit;
+ }
/**
* send action and id information. number of hook arguments
* differs from 1.4.4 or older and 1.5.0. count($args) can
Modified: branches/SM-1_4-STABLE/squirrelmail/include/options/personal.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/include/options/personal.php 2018-04-06 \
17:31:06 UTC (rev 14756)
+++ branches/SM-1_4-STABLE/squirrelmail/include/options/personal.php 2018-04-19 \
04:14:31 UTC (rev 14757) @@ -13,6 +13,7 @@
/** SquirrelMail required files. */
require_once(SM_PATH . 'functions/imap.php');
+include_once(SM_PATH . 'functions/identity.php');
/* Define the group constants for the personal options page. */
define('SMOPT_GRP_CONTACT', 0);
@@ -129,7 +130,9 @@
'save' => 'save_option_signature'
);
- if ($edit_identity) {
+//TODO: use getPref(...'identities'...)?
+ $identities_count = count(get_identities());
+ if ($identities_count > 1 || $edit_identity) {
$identities_link_value = '<a href="options_identities.php">'
. _("Edit Advanced Identities")
. '</a> '
Modified: branches/SM-1_4-STABLE/squirrelmail/src/options_identities.php
===================================================================
--- branches/SM-1_4-STABLE/squirrelmail/src/options_identities.php 2018-04-06 \
17:31:06 UTC (rev 14756)
+++ branches/SM-1_4-STABLE/squirrelmail/src/options_identities.php 2018-04-19 \
04:14:31 UTC (rev 14757) @@ -30,15 +30,17 @@
include_once(SM_PATH . 'functions/forms.php');
include_once(SM_PATH . 'functions/identity.php');
+if (!sqgetGlobalVar('identities', $identities, SQ_SESSION)) {
+ $identities = get_identities();
+}
+
/* make sure that page is not available when $edit_identity is false */
-if (!$edit_identity) {
+$cnt = count($identities);
+if ($cnt < 2 && !$edit_identity) {
error_box(_("Editing identities is disabled."),$color);
die('</body></html>');
}
-if (!sqgetGlobalVar('identities', $identities, SQ_SESSION)) {
- $identities = get_identities();
-}
sqgetGlobalVar('newidentities', $newidentities, SQ_POST);
sqgetGlobalVar('smaction', $smaction, SQ_POST);
sqgetGlobalVar('return', $return, SQ_POST);
@@ -69,6 +71,8 @@
$identities = sqfixidentities( $newidentities , $identid , $action );
save_identities($identities);
+ // save_identities() can also alter the identities, so:
+ $identities = get_identities();
}
if (!empty($return)) {
@@ -82,8 +86,8 @@
$td_str = '<form name="f" action="options_identities.php" method="post"><br />' . \
"\n"
. addHidden('smtoken', sm_generate_security_token()) . "\n"
- . '<table border="0" cellspacing="0" cellpadding="0" width="100%">' . "\n";
-$cnt = count($identities);
+ . '<table border="0" cellspacing="0" cellpadding="2" width="100%">' . "\n";
+$cnt = count($identities); // $identities may have changed, so we need to count \
again foreach( $identities as $iKey=>$ident ) {
if ($iKey == 0) {
@@ -96,7 +100,8 @@
}
-$td_str .= ShowIdentityInfo( _("Add a New Identity"), \
array('full_name'=>'','email_address'=>'','reply_to'=>'','signature'=>''), $cnt); +if \
($edit_identity) + $td_str .= ShowIdentityInfo( _("Add a New Identity"), \
array('full_name'=>'','email_address'=>'','reply_to'=>'','signature'=>''), $cnt); \
$td_str .= '</table>' . "\n"; $td_str .= '</form>';
@@ -121,7 +126,7 @@
function ShowIdentityInfo($title, $identity, $id ) {
- global $color;
+ global $color, $edit_identity, $edit_name, $edit_reply_to, $cnt;
if (empty($identity['full_name']) && empty($identity['email_address']) && \
empty($identity['reply_to']) && empty($identity['signature'])) { $bg = '';
@@ -139,9 +144,11 @@
$return_str .= '<tr>' . "\n";
$return_str .= ' <th style="text-align:center;background-color:' . $color[9] . \
';" colspan="2">' . $title . '</th> '. "\n"; $return_str .= '</tr>' . "\n";
- $return_str .= sti_input( _("Full Name") , sprintf($name, $id, 'full_name'), \
$identity['full_name'], $bg);
- $return_str .= sti_input( _("E-Mail Address") , sprintf($name, $id, \
'email_address'), $identity['email_address'], $bg);
- $return_str .= sti_input( _("Reply To"), sprintf($name, $id, 'reply_to'), \
$identity['reply_to'], $bg); + $return_str .= sti_input( _("Full Name") , \
sprintf($name, $id, 'full_name'), $identity['full_name'], $bg, ($edit_identity || \
($cnt > 1 && $edit_name))); + $return_str .= sti_input( _("E-Mail Address") , \
sprintf($name, $id, 'email_address'), $identity['email_address'], $bg, \
$edit_identity); + // don't show reply-to AT ALL if it's not editable
+ if ($edit_identity || ($cnt > 1 && $edit_reply_to))
+ $return_str .= sti_input( _("Reply To"), sprintf($name, $id, 'reply_to'), \
$identity['reply_to'], $bg, ($edit_identity || ($cnt > 1 && \
$edit_reply_to)));
$return_str .= sti_textarea( _("Signature"), sprintf($name, $id, 'signature'), \
$identity['signature'], $bg);
$return_str .= concat_hook_function('options_identities_table', array($bg, \
$empty, $id)); $return_str .= '<tr' . $bg . '> ' . "\n";
@@ -151,7 +158,8 @@
if (!$empty && $id > 0) {
$return_str .= ' <input type="submit" name="smaction[makedefault][' . $id \
. ']" value="' . _("Make Default") . '" />' . "\n";
- $return_str .= ' <input type="submit" name="smaction[delete]['.$id.']" \
value="' . _("Delete") . '" />' . "\n"; + if ($edit_identity)
+ $return_str .= ' <input type="submit" \
name="smaction[delete]['.$id.']" value="' . _("Delete") . '" />' . "\n";
if ($id > 1) {
$return_str .= ' <input type="submit" name="smaction[move]['.$id.']" \
value="' . _("Move Up") . '" />' . "\n"; @@ -170,11 +178,14 @@
}
-function sti_input( $title, $name, $data, $bgcolor ) {
+function sti_input( $title, $name, $data, $bgcolor, $can_edit ) {
$str = '';
$str .= '<tr' . $bgcolor . ">\n";
- $str .= ' <td style="white-space: nowrap;text-align:right;">' . $title . ' \
</td>' . "\n";
- $str .= ' <td> <input type="text" name="' . $name . '" size="50" value="'. \
sm_encode_html_special_chars($data) . '"> </td>' . "\n"; + $str .= ' <td \
style="white-space: nowrap;text-align:right;">' . $title . ': </td>' . "\n"; + if \
($can_edit) + $str .= ' <td> <input type="text" name="' . $name . '" \
size="50" value="'. sm_encode_html_special_chars($data) . '"> </td>' . "\n"; + \
else + $str .= ' <td> ' . sm_encode_html_special_chars($data) . ' </td>' \
. "\n"; $str .= '</tr>';
return $str;
@@ -184,7 +195,7 @@
function sti_textarea( $title, $name, $data, $bgcolor ) {
$str = '';
$str .= '<tr' . $bgcolor . ">\n";
- $str .= ' <td style="white-space: nowrap;text-align:right;">' . $title . ' \
</td>' . "\n"; + $str .= ' <td style="white-space: nowrap;text-align:right;">' . \
$title . ': </td>' . "\n";
$str .= ' <td> <textarea name="' . $name . '" cols="50" rows="5">'. "\n" . \
sm_encode_html_special_chars($data) . '</textarea> </td>' . "\n"; $str .= '</tr>';
This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
-----
squirrelmail-cvs mailing list
List address: squirrelmail-cvs@lists.sourceforge.net
List info (subscribe/unsubscribe/change options): \
https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
Repository: http://squirrelmail.org/svn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic