lib/kolab_sync.php
Aleksander Machniak
machniak at kolabsys.com
Wed Oct 17 09:26:59 CEST 2012
lib/kolab_sync.php | 26 ++++++++++++--------------
1 file changed, 12 insertions(+), 14 deletions(-)
New commits:
commit d7f5e0592088107d832520790580379073dc1d7d
Author: Aleksander Machniak <alec at alec.pl>
Date: Wed Oct 17 09:25:29 2012 +0200
Always authenticate user in IMAP (fixes security issue where it was theorethically
possible to get some existing user data without passing a correct password)
diff --git a/lib/kolab_sync.php b/lib/kolab_sync.php
index da54283..f34df68 100644
--- a/lib/kolab_sync.php
+++ b/lib/kolab_sync.php
@@ -279,7 +279,6 @@ class kolab_sync extends rcube
// user already registered?
$user = rcube_user::query($username, $host);
-
if (!is_object($user)) {
// @TODO: log error
return null;
@@ -287,23 +286,22 @@ class kolab_sync extends rcube
// Configure environment
$this->user = $user;
+ $username = $user->data['username'];
- // rcube::get_storage() uses session, kolab-sync doesn't
- // @TODO: modify framework to support private class variables
- // or other method to provide storage credentials
- global $_SESSION;
- $_SESSION['storage_host'] = $host;
- $_SESSION['username'] = $username;
- $_SESSION['storage_port'] = $port;
- $_SESSION['storage_ssl'] = $ssl;
- $_SESSION['password'] = $this->encrypt($password);
-
-// $this->set_storage_prop();
- // force reloading complete list of subscribed mailboxes
-// $storage->clear_cache('mailboxes', true);
+ // authenticate user in IMAP
+ $storage = $this->get_storage();
+ if (!$storage->connect($host, $username, $password, $port, $ssl)) {
+ return null;
+ }
// overwrite config with user preferences
$this->config->set_user_prefs((array)$this->user->get_prefs());
+ $this->set_storage_prop();
+
+ setlocale(LC_ALL, 'en_US.utf8', 'en_US.UTF-8');
+
+ // force reloading of mailboxes list/data
+ //$storage->clear_cache('mailboxes', true);
return $user->ID;
}
More information about the commits
mailing list