gunnar: server/patches/horde-webmail/1.2.0 horde-webmail-1.2.0_kolab_openpkg.patch, 1.23, 1.24

cvs at kolab.org cvs at kolab.org
Sat Feb 7 17:40:56 CET 2009 

Author: gunnar

Update of /kolabrepository/server/patches/horde-webmail/1.2.0
In directory doto:/tmp/cvs-serv8107

Modified Files:
	horde-webmail-1.2.0_kolab_openpkg.patch 
Log Message:
Add security fixes for horde and update a patch to close  kolab/issue2546.

Index: horde-webmail-1.2.0_kolab_openpkg.patch
===================================================================
RCS file: /kolabrepository/server/patches/horde-webmail/1.2.0/horde-webmail-1.2.0_kolab_openpkg.patch,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24
--- horde-webmail-1.2.0_kolab_openpkg.patch	5 Feb 2009 23:27:20 -0000	1.23
+++ horde-webmail-1.2.0_kolab_openpkg.patch	7 Feb 2009 16:40:53 -0000	1.24
@@ -262,7 +262,7 @@
 +    }
 +}
 -- 
-tg: (c56a73f..) t/framework/HK/GW/Kolab_Server/Session (depends on: master)
+tg: (5bcbb67..) t/framework/HK/GW/Kolab_Server/Session (depends on: master)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Auth/UseSession
 
@@ -455,7 +455,7 @@
  
          return parent::setAuth($userId, $credentials, $realm, $changeRequested);
 -- 
-tg: (9823c9c..) t/framework/HK/GW/Auth/UseSession (depends on: t/framework/HK/GW/Kolab_Server/Session)
+tg: (a25ecee..) t/framework/HK/GW/Auth/UseSession (depends on: t/framework/HK/GW/Kolab_Server/Session)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab_Server/getFreebusyServer
 
@@ -544,7 +544,7 @@
              $home = $this->get(KOLAB_ATTR_HOMESERVER);
              return $home;
 -- 
-tg: (c56a73f..) t/framework/HK/GW/Kolab_Server/getFreebusyServer (depends on: master)
+tg: (5bcbb67..) t/framework/HK/GW/Kolab_Server/getFreebusyServer (depends on: master)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/kronolith/HK/GW/getFreebusyServer
 
@@ -594,7 +594,7 @@
          $options['method'] = 'GET';
          $options['timeout'] = 5;
 -- 
-tg: (ad3e393..) t/kronolith/HK/GW/getFreebusyServer (depends on: t/framework/HK/GW/Kolab_Server/getFreebusyServer)
+tg: (eb8858b..) t/kronolith/HK/GW/getFreebusyServer (depends on: t/framework/HK/GW/Kolab_Server/getFreebusyServer)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab_Storage/Foreign_owner.patch
 
@@ -620,7 +620,7 @@
              }
  
 -- 
-tg: (c56a73f..) t/framework/HK/GW/Kolab_Storage/Foreign_owner.patch (depends on: master)
+tg: (5bcbb67..) t/framework/HK/GW/Kolab_Storage/Foreign_owner.patch (depends on: master)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab_Storage/Trigger
 
@@ -947,7 +947,7 @@
              $this->_getAnnotationData();
          }
 -- 
-tg: (db327a6..) t/framework/HK/GW/Kolab_Storage/Trigger (depends on: t/framework/HK/GW/Kolab_Storage/Foreign_owner.patch)
+tg: (269811f..) t/framework/HK/GW/Kolab_Storage/Trigger (depends on: t/framework/HK/GW/Kolab_Storage/Foreign_owner.patch)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/framework/Kolab/MoveSessionHandler
 
@@ -1347,7 +1347,7 @@
 -    }
 -}
 -- 
-tg: (aa5ae9d..) t/framework/HK/GW/framework/Kolab/MoveSessionHandler (depends on: t/framework/HK/GW/Auth/UseSession t/kronolith/HK/GW/getFreebusyServer t/framework/HK/GW/Kolab_Storage/Trigger)
+tg: (b89bccc..) t/framework/HK/GW/framework/Kolab/MoveSessionHandler (depends on: t/framework/HK/GW/Auth/UseSession t/kronolith/HK/GW/getFreebusyServer t/framework/HK/GW/Kolab_Storage/Trigger)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/framework/Kolab/DeprecatedGetServer
 
@@ -1395,7 +1395,7 @@
      }
  }
 -- 
-tg: (a85415d..) t/framework/HK/GW/framework/Kolab/DeprecatedGetServer (depends on: t/framework/HK/GW/framework/Kolab/MoveSessionHandler)
+tg: (f335a7b..) t/framework/HK/GW/framework/Kolab/DeprecatedGetServer (depends on: t/framework/HK/GW/framework/Kolab/MoveSessionHandler)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab_Storage/Restructuring_Fixes
 
@@ -1477,7 +1477,7 @@
          }
  
 -- 
-tg: (8322653..) t/framework/HK/GW/Kolab_Storage/Restructuring_Fixes (depends on: t/framework/HK/GW/framework/Kolab/DeprecatedGetServer)
+tg: (0387a07..) t/framework/HK/GW/Kolab_Storage/Restructuring_Fixes (depends on: t/framework/HK/GW/framework/Kolab/DeprecatedGetServer)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab_Server/ListObjects
 
@@ -2060,7 +2060,7 @@
       *
       * @return int  The current LDAP error number.
 -- 
-tg: (0d4a9cc..) t/framework/HK/GW/Kolab_Server/ListObjects (depends on: t/framework/HK/GW/Kolab_Storage/Restructuring_Fixes)
+tg: (f150a3d..) t/framework/HK/GW/Kolab_Server/ListObjects (depends on: t/framework/HK/GW/Kolab_Storage/Restructuring_Fixes)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Auth/ListUsers
 
@@ -2122,7 +2122,7 @@
 +    }
  }
 -- 
-tg: (69e74c3..) t/framework/HK/GW/Auth/ListUsers (depends on: t/framework/HK/GW/Kolab_Server/ListObjects)
+tg: (d3b3a10..) t/framework/HK/GW/Auth/ListUsers (depends on: t/framework/HK/GW/Kolab_Server/ListObjects)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab_Server/RewriteExtend
 
@@ -5949,7 +5949,7 @@
 +
  }
 -- 
-tg: (0d7caa9..) t/framework/HK/GW/Kolab_Server/RewriteExtend (depends on: t/framework/HK/GW/Auth/ListUsers)
+tg: (e8b6ec7..) t/framework/HK/GW/Kolab_Server/RewriteExtend (depends on: t/framework/HK/GW/Auth/ListUsers)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab_Storage/CatchPossibleError
 
@@ -5983,7 +5983,7 @@
  
          if ($this->tainted) {
 -- 
-tg: (3b5ef86..) t/framework/HK/GW/Kolab_Storage/CatchPossibleError (depends on: t/framework/HK/GW/Kolab_Server/RewriteExtend)
+tg: (a264c44..) t/framework/HK/GW/Kolab_Storage/CatchPossibleError (depends on: t/framework/HK/GW/Kolab_Server/RewriteExtend)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Auth/UseKolabServer
 
@@ -6212,7 +6212,7 @@
                  && $user != $session->user_id)) {
              $session = new Horde_Kolab_Session($user, $credentials);
 -- 
-tg: (44ae6f8..) t/framework/HK/GW/Auth/UseKolabServer (depends on: t/framework/HK/GW/Kolab_Storage/CatchPossibleError)
+tg: (4de8436..) t/framework/HK/GW/Auth/UseKolabServer (depends on: t/framework/HK/GW/Kolab_Storage/CatchPossibleError)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab_Server/SafetyCheck
 
@@ -6238,7 +6238,7 @@
          if (empty($instances[$signature])) {
              $instances[$signature] = &Horde_Kolab_Server::factory($driver,
 -- 
-tg: (1db5f87..) t/framework/HK/GW/Kolab_Server/SafetyCheck (depends on: t/framework/HK/GW/Auth/UseKolabServer)
+tg: (4808648..) t/framework/HK/GW/Kolab_Server/SafetyCheck (depends on: t/framework/HK/GW/Auth/UseKolabServer)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab/MoveIMAP
 
@@ -10493,7 +10493,7 @@
                  return $result;
              }
 -- 
-tg: (5e92aed..) t/framework/HK/GW/Kolab/MoveIMAP (depends on: t/framework/HK/GW/Kolab_Server/SafetyCheck)
+tg: (8c62e15..) t/framework/HK/GW/Kolab/MoveIMAP (depends on: t/framework/HK/GW/Kolab_Server/SafetyCheck)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Auth/SafetyCheck
 
@@ -10519,7 +10519,7 @@
              return $session->auth;
          }
 -- 
-tg: (6435616..) t/framework/HK/GW/Auth/SafetyCheck (depends on: t/framework/HK/GW/Kolab/MoveIMAP)
+tg: (2ca0818..) t/framework/HK/GW/Auth/SafetyCheck (depends on: t/framework/HK/GW/Kolab/MoveIMAP)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab_Server/RequireIMAP
 
@@ -10591,7 +10591,7 @@
                                                   $params['port'], true, false);
              if (is_a($imap, 'PEAR_Error')) {
 -- 
-tg: (97aa080..) t/framework/HK/GW/Kolab_Server/RequireIMAP (depends on: t/framework/HK/GW/Auth/SafetyCheck)
+tg: (9fc3ac7..) t/framework/HK/GW/Kolab_Server/RequireIMAP (depends on: t/framework/HK/GW/Auth/SafetyCheck)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Auth/InvalidCheck
 
@@ -10617,7 +10617,7 @@
                  $entry = array();
                  $entry[ 'timestamp' ] = time();
 -- 
-tg: (fd49bbe..) t/framework/HK/GW/Auth/InvalidCheck (depends on: t/framework/HK/GW/Kolab_Server/RequireIMAP)
+tg: (f09c951..) t/framework/HK/GW/Auth/InvalidCheck (depends on: t/framework/HK/GW/Kolab_Server/RequireIMAP)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab/AttachmentSupport
 
@@ -11240,7 +11240,7 @@
                                __FILE__, __LINE__, PEAR_LOG_ERR);
              $data = array();
 -- 
-tg: (b29d766..) t/framework/HK/GW/Kolab/AttachmentSupport (depends on: t/framework/HK/GW/Auth/InvalidCheck)
+tg: (b266ebd..) t/framework/HK/GW/Kolab/AttachmentSupport (depends on: t/framework/HK/GW/Auth/InvalidCheck)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Vfs/KolabDriver
 
@@ -11890,7 +11890,7 @@
 +    }
 +}
 -- 
-tg: (7383a08..) t/framework/HK/GW/Vfs/KolabDriver (depends on: t/framework/HK/GW/Kolab/AttachmentSupport)
+tg: (3d7f002..) t/framework/HK/GW/Vfs/KolabDriver (depends on: t/framework/HK/GW/Kolab/AttachmentSupport)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/turba/HK/GW/PhotoSupport
 
@@ -12032,7 +12032,7 @@
          $dir = TURBA_VFS_PATH . '/' . $this->getValue('__uid');
          $file = $info['name'];
 -- 
-tg: (8a9adcf..) t/turba/HK/GW/PhotoSupport (depends on: t/framework/HK/GW/Vfs/KolabDriver)
+tg: (237e3a0..) t/turba/HK/GW/PhotoSupport (depends on: t/framework/HK/GW/Vfs/KolabDriver)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab_Server/ImprovedFreebusyServerFallback
 
@@ -12058,7 +12058,7 @@
          }
      }
 -- 
-tg: (464c516..) t/framework/HK/GW/Kolab_Server/ImprovedFreebusyServerFallback (depends on: t/turba/HK/GW/PhotoSupport)
+tg: (1a436dd..) t/framework/HK/GW/Kolab_Server/ImprovedFreebusyServerFallback (depends on: t/turba/HK/GW/PhotoSupport)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab_Server/ImprovedServerFallbacks
 
@@ -12115,7 +12115,7 @@
      }
  
 -- 
-tg: (b67227b..) t/framework/HK/GW/Kolab_Server/ImprovedServerFallbacks (depends on: t/framework/HK/GW/Kolab_Server/ImprovedFreebusyServerFallback)
+tg: (2e85f5c..) t/framework/HK/GW/Kolab_Server/ImprovedServerFallbacks (depends on: t/framework/HK/GW/Kolab_Server/ImprovedFreebusyServerFallback)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab_Storgae/FixedUpdateTriggering
 
@@ -12402,7 +12402,7 @@
          $this->_annotation_data = $this->getData('annotation');
      }
 -- 
-tg: (9575d2f..) t/framework/HK/GW/Kolab_Storgae/FixedUpdateTriggering (depends on: t/framework/HK/GW/Kolab_Server/ImprovedServerFallbacks)
+tg: (bfee56e..) t/framework/HK/GW/Kolab_Storgae/FixedUpdateTriggering (depends on: t/framework/HK/GW/Kolab_Server/ImprovedServerFallbacks)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/turba/HK/GW/AutomaticFreeBusyUrl
 
@@ -12466,7 +12466,7 @@
              'search' => array(
                  'name',
 -- 
-tg: (90e5634..) t/turba/HK/GW/AutomaticFreeBusyUrl (depends on: t/framework/HK/GW/Kolab_Storgae/FixedUpdateTriggering)
+tg: (98f183d..) t/turba/HK/GW/AutomaticFreeBusyUrl (depends on: t/framework/HK/GW/Kolab_Storgae/FixedUpdateTriggering)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab_Server/FixGetGroups
 
@@ -12492,7 +12492,7 @@
  
      /**
 -- 
-tg: (32043bc..) t/framework/HK/GW/Kolab_Server/FixGetGroups (depends on: t/turba/HK/GW/AutomaticFreeBusyUrl)
+tg: (c2f404e..) t/framework/HK/GW/Kolab_Server/FixGetGroups (depends on: t/turba/HK/GW/AutomaticFreeBusyUrl)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/kronolith/HK/GW/CalendarRenaming
 
@@ -12565,7 +12565,7 @@
                  $this->name     = $this->new_name;
                  $this->new_name = null;
 -- 
-tg: (0251b34..) t/kronolith/HK/GW/CalendarRenaming (depends on: t/framework/HK/GW/Kolab_Server/FixGetGroups)
+tg: (3c4d2c4..) t/kronolith/HK/GW/CalendarRenaming (depends on: t/framework/HK/GW/Kolab_Server/FixGetGroups)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab_Storage/FixTriggerOnFolderRename
 
@@ -12617,7 +12617,7 @@
                  $this->name     = $this->new_name;
                  $this->new_name = null;
 -- 
-tg: (b393e2b..) t/framework/HK/GW/Kolab_Storage/FixTriggerOnFolderRename (depends on: t/kronolith/HK/GW/CalendarRenaming)
+tg: (4e45499..) t/framework/HK/GW/Kolab_Storage/FixTriggerOnFolderRename (depends on: t/kronolith/HK/GW/CalendarRenaming)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab_Storage/FixTriggerOnFolderCreation
 
@@ -12766,7 +12766,7 @@
  
          if (!isset($this->_annotation_data)) {
 -- 
-tg: (2134872..) t/framework/HK/GW/Kolab_Storage/FixTriggerOnFolderCreation (depends on: t/framework/HK/GW/Kolab_Storage/FixTriggerOnFolderRename)
+tg: (156cfca..) t/framework/HK/GW/Kolab_Storage/FixTriggerOnFolderCreation (depends on: t/framework/HK/GW/Kolab_Storage/FixTriggerOnFolderRename)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab_Server/AdditionalGetFeeBusyServerFixes
 
@@ -12813,7 +12813,7 @@
  
      /**
 -- 
-tg: (2a42a9e..) t/framework/HK/GW/Kolab_Server/AdditionalGetFeeBusyServerFixes (depends on: t/framework/HK/GW/Kolab_Storage/FixTriggerOnFolderCreation)
+tg: (028c582..) t/framework/HK/GW/Kolab_Server/AdditionalGetFeeBusyServerFixes (depends on: t/framework/HK/GW/Kolab_Storage/FixTriggerOnFolderCreation)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab_Server/FixAddressObjectIdentification
 
@@ -12848,7 +12848,7 @@
          case KOLAB_OBJECT_ADMINISTRATOR:
          case KOLAB_OBJECT_MAINTAINER:
 -- 
-tg: (bf81ddd..) t/framework/HK/GW/Kolab_Server/FixAddressObjectIdentification (depends on: t/framework/HK/GW/Kolab_Server/AdditionalGetFeeBusyServerFixes)
+tg: (17622c9..) t/framework/HK/GW/Kolab_Server/FixAddressObjectIdentification (depends on: t/framework/HK/GW/Kolab_Server/AdditionalGetFeeBusyServerFixes)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab_Fbview/XfbConcept
 
@@ -12984,7 +12984,7 @@
                  $params = $default;
              }
 -- 
-tg: (ee3a00d..) t/framework/HK/GW/Kolab_Fbview/XfbConcept (depends on: t/framework/HK/GW/Kolab_Server/FixAddressObjectIdentification)
+tg: (914f60a..) t/framework/HK/GW/Kolab_Fbview/XfbConcept (depends on: t/framework/HK/GW/Kolab_Server/FixAddressObjectIdentification)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab/XfbFixes
 
@@ -13064,7 +13064,7 @@
          default:
              $this->_data[$attribute] = $value;
 -- 
-tg: (dd67889..) t/framework/HK/GW/Kolab/XfbFixes (depends on: t/framework/HK/GW/Kolab_Fbview/XfbConcept)
+tg: (c79c667..) t/framework/HK/GW/Kolab/XfbFixes (depends on: t/framework/HK/GW/Kolab_Fbview/XfbConcept)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/DB/SqliteErrorChecking
 
@@ -13090,7 +13090,7 @@
          if (!isset($error_regexps)) {
              $error_regexps = array(
 -- 
-tg: (046d71f..) t/framework/HK/GW/DB/SqliteErrorChecking (depends on: t/framework/HK/GW/Kolab/XfbFixes)
+tg: (a3c75a8..) t/framework/HK/GW/DB/SqliteErrorChecking (depends on: t/framework/HK/GW/Kolab/XfbFixes)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab_Storage/ShareIdFix
 
@@ -13119,7 +13119,7 @@
          return rawurlencode($this->name);
      }
 -- 
-tg: (3a7655a..) t/framework/HK/GW/Kolab_Storage/ShareIdFix (depends on: t/framework/HK/GW/DB/SqliteErrorChecking)
+tg: (302cf96..) t/framework/HK/GW/Kolab_Storage/ShareIdFix (depends on: t/framework/HK/GW/DB/SqliteErrorChecking)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/iCalendar/QuotedParameters
 
@@ -13182,7 +13182,7 @@
                  }
              }
 -- 
-tg: (463d36b..) t/framework/HK/GW/iCalendar/QuotedParameters (depends on: t/framework/HK/GW/Kolab_Storage/ShareIdFix)
+tg: (556bc82..) t/framework/HK/GW/iCalendar/QuotedParameters (depends on: t/framework/HK/GW/Kolab_Storage/ShareIdFix)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/Kolab_Server/HK/GW/DenyLogin
 
@@ -13349,7 +13349,7 @@
                      if (!empty($result) && !is_a($result, 'PEAR_Error')) {
                          $this->user_mail = $result;
 -- 
-tg: (a8fff25..) t/Kolab_Server/HK/GW/DenyLogin (depends on: t/framework/HK/GW/iCalendar/QuotedParameters)
+tg: (379ee4a..) t/Kolab_Server/HK/GW/DenyLogin (depends on: t/framework/HK/GW/iCalendar/QuotedParameters)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/Kolab_Server/HK/GW/UserMailAndFullname
 
@@ -13360,11 +13360,11 @@
 Signed-off-by: Gunnar Wrobel <p at rdus.de>
 
 ---
- horde-webmail/lib/Horde/Kolab/Server/Object.php    |    5 +++++
- .../lib/Horde/Kolab/Server/Object/address.php      |   10 ++++++++++
- .../lib/Horde/Kolab/Server/Object/user.php         |    2 ++
- horde-webmail/lib/Horde/Kolab/Session.php          |   19 +++++++++++++++++--
- 4 files changed, 34 insertions(+), 2 deletions(-)
+ horde-webmail/lib/Horde/Kolab/Server/Object.php    |    5 ++++
+ .../lib/Horde/Kolab/Server/Object/address.php      |   10 +++++++++
+ .../lib/Horde/Kolab/Server/Object/user.php         |    2 +
+ horde-webmail/lib/Horde/Kolab/Session.php          |   21 ++++++++++++++++++-
+ 4 files changed, 36 insertions(+), 2 deletions(-)
 
 diff --git a/horde-webmail/lib/Horde/Kolab/Server/Object.php b/horde-webmail/lib/Horde/Kolab/Server/Object.php
 index 663281e..e3b38e0 100644
@@ -13424,7 +13424,7 @@
  
      /**
 diff --git a/horde-webmail/lib/Horde/Kolab/Session.php b/horde-webmail/lib/Horde/Kolab/Session.php
-index d47f8b0..486b67e 100644
+index d47f8b0..bcbda7e 100644
 --- a/horde-webmail/lib/Horde/Kolab/Session.php
 +++ b/horde-webmail/lib/Horde/Kolab/Session.php
 @@ -55,6 +55,13 @@ class Horde_Kolab_Session {
@@ -13453,7 +13453,16 @@
                      $result = $user_object->getServer('imap');
                      if (!empty($result) && !is_a($result, 'PEAR_Error')) {
                          $server = explode(':', $result, 2);
-@@ -332,9 +344,12 @@ class Horde_Kolab_Session {
+@@ -249,6 +261,8 @@ class Horde_Kolab_Session {
+             $params['user'] = $user;
+             if (isset($credentials['password'])) {
+                 $params['pass'] = $credentials['password'];
++            } else {
++                $params['pass'] = Auth::getCredential('password');
+             }
+         }
+         return Horde_Kolab_Server::singleton($params);
+@@ -332,9 +346,12 @@ class Horde_Kolab_Session {
              $session = $hs->query('kolab_session');
          }
  
@@ -13469,7 +13478,7 @@
          }
  
 -- 
-tg: (5dcea93..) t/Kolab_Server/HK/GW/UserMailAndFullname (depends on: t/Kolab_Server/HK/GW/DenyLogin)
+tg: (7281ae6..) t/Kolab_Server/HK/GW/UserMailAndFullname (depends on: t/Kolab_Server/HK/GW/DenyLogin)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/imp/HK/GW/AuthForInvitations
 
@@ -13538,7 +13547,7 @@
                          $this->_msgs[$key][] = array('error', sprintf(_("Error sending reply: %s."), $status->getMessage()));
                      } else {
 -- 
-tg: (cfbcbec..) t/imp/HK/GW/AuthForInvitations (depends on: t/Kolab_Server/HK/GW/UserMailAndFullname)
+tg: (926ddad..) t/imp/HK/GW/AuthForInvitations (depends on: t/Kolab_Server/HK/GW/UserMailAndFullname)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/SyncML/HK/GW/CombinedFixes
 
@@ -13906,7 +13915,7 @@
                  $backend->logMessage($suid->message, __FILE__, __LINE__, PEAR_LOG_DEBUG);
  
 -- 
-tg: (c56a73f..) t/SyncML/HK/GW/CombinedFixes (depends on: master)
+tg: (5bcbb67..) t/SyncML/HK/GW/CombinedFixes (depends on: master)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/Prefs/HK/GW/FixLDAPAuthForIngo
 
@@ -13944,7 +13953,7 @@
  
  }
 -- 
-tg: (20a6a9e..) t/Prefs/HK/GW/FixLDAPAuthForIngo (depends on: t/SyncML/HK/GW/CombinedFixes)
+tg: (6acdc34..) t/Prefs/HK/GW/FixLDAPAuthForIngo (depends on: t/SyncML/HK/GW/CombinedFixes)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/Text/Filter/SC/CH/Xss
 
@@ -13970,7 +13979,7 @@
              $patterns['|<style[^>]*>(?:\s*<\!--)*|i'] = '<!--';
              $patterns['|(?:-->\s*)*</style>|i'] = '-->';
 -- 
-tg: (c56a73f..) t/Text/Filter/SC/CH/Xss (depends on: master)
+tg: (5bcbb67..) t/Text/Filter/SC/CH/Xss (depends on: master)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/framework/Kolab_Format/WS
 
@@ -13996,7 +14005,7 @@
  
          $primary_category = '';
 -- 
-tg: (c56a73f..) t/framework/HK/GW/framework/Kolab_Format/WS (depends on: master)
+tg: (5bcbb67..) t/framework/HK/GW/framework/Kolab_Format/WS (depends on: master)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Kolab_Format/ImprovedPreferencesHandling
 
@@ -14032,7 +14041,7 @@
              $horde_categories = $cManager->get();
          } else {
 -- 
-tg: (8d833cb..) t/framework/HK/GW/Kolab_Format/ImprovedPreferencesHandling (depends on: t/framework/HK/GW/framework/Kolab_Format/WS)
+tg: (fff6d82..) t/framework/HK/GW/Kolab_Format/ImprovedPreferencesHandling (depends on: t/framework/HK/GW/framework/Kolab_Format/WS)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/Prefs_KolabImapApplicationTag
 
@@ -14133,7 +14142,7 @@
  
              $result = $this->_connection->_storage->save($object, $old_uid);
 -- 
-tg: (c56a73f..) t/framework/HK/GW/Prefs_KolabImapApplicationTag (depends on: master)
+tg: (5bcbb67..) t/framework/HK/GW/Prefs_KolabImapApplicationTag (depends on: master)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/framework/HK/GW/horde/conf_xmlUpdates
 
@@ -14185,7 +14194,7 @@
      </case>
     </configswitch>
 -- 
-tg: (c56a73f..) t/framework/HK/GW/horde/conf_xmlUpdates (depends on: master)
+tg: (5bcbb67..) t/framework/HK/GW/horde/conf_xmlUpdates (depends on: master)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/kronolith/HK/GW/AuthenticatedFreeBusy
 
@@ -14232,7 +14241,7 @@
                  return PEAR::raiseError(sprintf(_("The free/busy url for %s cannot be retrieved."), $email));
              }
 -- 
-tg: (c56a73f..) t/kronolith/HK/GW/AuthenticatedFreeBusy (depends on: master)
+tg: (5bcbb67..) t/kronolith/HK/GW/AuthenticatedFreeBusy (depends on: master)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/kronolith/HK/SB/SaveEventAttendees
 
@@ -14516,7 +14525,7 @@
 +</div>
 +</form>
 -- 
-tg: (c56a73f..) t/kronolith/HK/SB/SaveEventAttendees (depends on: master)
+tg: (5bcbb67..) t/kronolith/HK/SB/SaveEventAttendees (depends on: master)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/kronolith/HK/SB/ExtraParameters
 
@@ -14610,7 +14619,7 @@
 -<td><div class="busy" style="left:<tag:left />;width:<tag:width />;"> </div></td>
 +<td><div class="busy" onclick="<tag:evclick />" style="cursor:pointer;left:<tag:left />;width:<tag:width />;" title="<tag:label />"> </div></td>
 -- 
-tg: (50d5619..) t/kronolith/HK/SB/ExtraParameters (depends on: t/kronolith/HK/SB/SaveEventAttendees)
+tg: (083b765..) t/kronolith/HK/SB/ExtraParameters (depends on: t/kronolith/HK/SB/SaveEventAttendees)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/kronolith/HK/GW/FbviewRelevance
 
@@ -14684,7 +14693,7 @@
          if ($original_name != $this->_vars->get('name')) {
              $result = $GLOBALS['kronolith_driver']->rename($original_name, $this->_vars->get('name'));
 -- 
-tg: (fffea19..) t/kronolith/HK/GW/FbviewRelevance (depends on: t/kronolith/HK/SB/ExtraParameters)
+tg: (2685978..) t/kronolith/HK/GW/FbviewRelevance (depends on: t/kronolith/HK/SB/ExtraParameters)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/kronolith/HK/GW/XfbAccess
 
@@ -14837,7 +14846,7 @@
   <td colspan="7"> </td>
  </tr>
 -- 
-tg: (0cc44ec..) t/kronolith/HK/GW/XfbAccess (depends on: t/kronolith/HK/GW/FbviewRelevance)
+tg: (54021ca..) t/kronolith/HK/GW/XfbAccess (depends on: t/kronolith/HK/GW/FbviewRelevance)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/nag/H/MR/Bug_7400
 
@@ -14919,7 +14928,7 @@
          }
  
 -- 
-tg: (c56a73f..) t/nag/H/MR/Bug_7400 (depends on: master)
+tg: (5bcbb67..) t/nag/H/MR/Bug_7400 (depends on: master)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/GLOBAL/HK/GW/Config
 
@@ -16015,7 +16024,7 @@
   * An address book based on message recipients. This will always be private and
   * read-only. The address book content is provided by the
 -- 
-tg: (c56a73f..) t/GLOBAL/HK/GW/Config (depends on: master)
+tg: (5bcbb67..) t/GLOBAL/HK/GW/Config (depends on: master)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/GLOBAL/HK/GW/ConfigOpenPKG
 
@@ -16042,7 +16051,7 @@
  $conf['alarms']['params']['ttl'] = 300;
  $conf['alarms']['driver'] = 'sql';
 -- 
-tg: (05da78c..) t/GLOBAL/HK/GW/ConfigOpenPKG (depends on: t/GLOBAL/HK/GW/Config)
+tg: (7baa33d..) t/GLOBAL/HK/GW/ConfigOpenPKG (depends on: t/GLOBAL/HK/GW/Config)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/kronolith/HK/GW/SyncMLrefresh
 
@@ -16112,7 +16121,7 @@
      $histories = $history->getByTimestamp('>', $timestamp, array(array('op' => '=', 'field' => 'action', 'value' => $action)), 'kronolith:' . $calendar);
      if (is_a($histories, 'PEAR_Error')) {
 -- 
-tg: (c56a73f..) t/kronolith/HK/GW/SyncMLrefresh (depends on: master)
+tg: (5bcbb67..) t/kronolith/HK/GW/SyncMLrefresh (depends on: master)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/turba/HK/GW/FixAddressbookDeletion
 
@@ -16138,7 +16147,7 @@
          return $this->_driver->_deleteAll($sourceName);
      }
 -- 
-tg: (c56a73f..) t/turba/HK/GW/FixAddressbookDeletion (depends on: master)
+tg: (5bcbb67..) t/turba/HK/GW/FixAddressbookDeletion (depends on: master)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/turba/HK/GW/FixSyncMLAttributeDeletion
 
@@ -16165,7 +16174,7 @@
              switch ($item['name']) {
              case 'FN':
 -- 
-tg: (c56a73f..) t/turba/HK/GW/FixSyncMLAttributeDeletion (depends on: master)
+tg: (5bcbb67..) t/turba/HK/GW/FixSyncMLAttributeDeletion (depends on: master)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/turba/HK/GW/SyncMLrefresh
 
@@ -16190,7 +16199,7 @@
  
      /**
 -- 
-tg: (f86048d..) t/turba/HK/GW/SyncMLrefresh (depends on: t/turba/HK/GW/FixSyncMLAttributeDeletion)
+tg: (a490d6b..) t/turba/HK/GW/SyncMLrefresh (depends on: t/turba/HK/GW/FixSyncMLAttributeDeletion)
 From: Gunnar Wrobel <p at rdus.de>
 Subject: [PATCH] t/imp/HideGroupwareFolders
 
@@ -16328,4 +16337,141 @@
  
      /**
 -- 
-tg: (c56a73f..) t/imp/HideGroupwareFolders (depends on: master)
+tg: (5bcbb67..) t/imp/HideGroupwareFolders (depends on: master)
+From: Gunnar Wrobel <p at rdus.de>
+Subject: [PATCH] t/imp/SC/CH/SecIssues20090128
+
+Security issues patched on 20090128
+
+Signed-off-by: Gunnar Wrobel <p at rdus.de>
+
+---
+ horde-webmail/imp/message.php |   10 +++++-----
+ horde-webmail/imp/pgp.php     |    4 ++--
+ horde-webmail/imp/smime.php   |    4 ++--
+ 3 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/horde-webmail/imp/message.php b/horde-webmail/imp/message.php
+index c822e0b..0488af7 100644
+--- a/horde-webmail/imp/message.php
++++ b/horde-webmail/imp/message.php
+@@ -444,7 +444,7 @@ if (!$printer_friendly && !empty($conf['maillog']['use_maillog'])) {
+ 
+     /* Do MDN processing now. */
+     if ($imp_ui->MDNCheck($ob->header, Util::getFormData('mdn_confirm'))) {
+-        $confirm_link = Horde::link(Util::addParameter($selfURL, 'mdn_confirm', 1)) . _("HERE") . '</a>';
++        $confirm_link = Horde::link(htmlspecialchars(Util::addParameter($selfURL, 'mdn_confirm', 1))) . _("HERE") . '</a>';
+         $notification->push(sprintf(_("The sender of this message is requesting a Message Disposition Notification from you when you have read this message. Please click %s to send the notification message."), $confirm_link), 'horde.message', array('content.raw'));
+     }
+ }
+@@ -617,13 +617,13 @@ if (!$printer_friendly) {
+ 
+     $a_template->set('headers', Horde::widget('#', _("Headers"), 'widget hasmenu', '', '', _("Headers"), true));
+     if ($all_headers || $list_headers) {
+-        $a_template->set('common_headers', Horde::widget($headersURL, _("Show Common Headers"), 'widget', '', '', _("Show Common Headers"), true));
++        $a_template->set('common_headers', Horde::widget(htmlspecialchars($headersURL), _("Show Common Headers"), 'widget', '', '', _("Show Common Headers"), true));
+     }
+     if (!$all_headers) {
+-        $a_template->set('all_headers', Horde::widget(Util::addParameter($headersURL, 'show_all_headers', 1), _("Show All Headers"), 'widget', '', '', _("Show All Headers"), true));
++        $a_template->set('all_headers', Horde::widget(htmlspecialchars(Util::addParameter($headersURL, 'show_all_headers', 1)), _("Show All Headers"), 'widget', '', '', _("Show All Headers"), true));
+     }
+     if ($list_info['exists'] && !$list_headers) {
+-        $a_template->set('list_headers', Horde::widget(Util::addParameter($headersURL, 'show_list_headers', 1), _("Show Mailing List Information"), 'widget', '', '', _("Show Mailing List Information"), true));
++        $a_template->set('list_headers', Horde::widget(htmlspecialchars(Util::addParameter($headersURL, 'show_list_headers', 1)), _("Show Mailing List Information"), 'widget', '', '', _("Show Mailing List Information"), true));
+     }
+ 
+     echo $a_template->fetch(IMP_TEMPLATES . '/message/navbar_actions.html');
+@@ -681,7 +681,7 @@ if ($show_parts || ($downloadall_link && !$printer_friendly)) {
+             $url = Horde::selfUrl(true);
+             $url = Util::removeParameter($url, array('actionID'));
+             $url = Util::addParameter($url, array('actionID' => 'strip_all', 'message_token' => $message_token));
+-            $val .= '<br />' . Horde::link($url, _("Strip All Attachments"), null, null, "return window.confirm('" . addslashes(_("Are you sure you wish to PERMANENTLY delete all attachments?")) . "');") . _("Strip All Attachments") . ' ' . Horde::img('delete.png', _("Strip Attachments"), null, $registry->getImageDir('horde')) . '</a>';
++            $val .= '<br />' . Horde::link(htmlspecialchars($url), _("Strip All Attachments"), null, null, "return window.confirm('" . addslashes(_("Are you sure you wish to PERMANENTLY delete all attachments?")) . "');") . _("Strip All Attachments") . ' ' . Horde::img('delete.png', _("Strip Attachments"), null, $registry->getImageDir('horde')) . '</a>';
+         }
+     }
+     $hdrs[] = array('name' => _("Part(s)"), 'val' => $val, 'i' => (++$i % 2));
+diff --git a/horde-webmail/imp/pgp.php b/horde-webmail/imp/pgp.php
+index 35c733c..e88e910 100644
+--- a/horde-webmail/imp/pgp.php
++++ b/horde-webmail/imp/pgp.php
+@@ -40,7 +40,7 @@ function _outputPassphraseDialog($secure_check, $symmetric = false)
+     $t->set('symmetric', $symmetric);
+     $t->set('submit_url', Util::addParameter(Horde::applicationUrl('pgp.php'), 'actionID', $symmetric ? 'process_symmetric_passphrase_dialog' : 'process_passphrase_dialog'));
+     $t->set('reload', htmlspecialchars(Util::getFormData('reload')));
+-    $t->set('action', Util::getFormData('passphrase_action'));
++    $t->set('action', htmlspecialchars(Util::getFormData('passphrase_action')));
+     $t->set('locked_img', Horde::img('locked.png', _("PGP"), null, $GLOBALS['registry']->getImageDir('horde')));
+     echo $t->fetch(IMP_TEMPLATES . '/pgp/passphrase.html');
+ }
+@@ -66,7 +66,7 @@ function _importKeyDialog($target)
+ 
+ function _reloadWindow()
+ {
+-    Util::closeWindowJS('opener.focus();opener.location.href="' . Util::getFormData('reload') . '";');
++    Util::closeWindowJS('opener.focus();opener.location.href="' . htmlspecialchars(Util::getFormData('reload')) . '";');
+ }
+ 
+ function _getImportKey()
+diff --git a/horde-webmail/imp/smime.php b/horde-webmail/imp/smime.php
+index 6ba24c6..d05c454 100644
+--- a/horde-webmail/imp/smime.php
++++ b/horde-webmail/imp/smime.php
+@@ -63,7 +63,7 @@ function _outputPassphraseDialog($secure_check)
+     $t->setOption('gettext', true);
+     $t->set('submit_url', Util::addParameter(Horde::applicationUrl('smime.php'), 'actionID', 'process_passphrase_dialog'));
+     $t->set('reload', htmlspecialchars(html_entity_decode(Util::getFormData('reload'))));
+-    $t->set('action', Util::getFormData('passphrase_action'));
++    $t->set('action', htmlspecialchars(Util::getFormData('passphrase_action')));
+     $t->set('locked_img', Horde::img('locked.png', _("S/MIME"), null, $GLOBALS['registry']->getImageDir('horde')));
+     echo $t->fetch(IMP_TEMPLATES . '/smime/passphrase.html');
+ }
+@@ -79,7 +79,7 @@ function _actionWindow()
+ 
+ function _reloadWindow()
+ {
+-    Util::closeWindowJS('opener.focus();opener.location.href="' . Util::getFormData('reload') . '";');
++    Util::closeWindowJS('opener.focus();opener.location.href="' . htmlspecialchars(Util::getFormData('reload')) . '";');
+ }
+ 
+ function _textWindowOutput($filename, $msg, $html = false)
+-- 
+tg: (5bcbb67..) t/imp/SC/CH/SecIssues20090128 (depends on: master)
+From: Gunnar Wrobel <p at rdus.de>
+Subject: [PATCH] t/horde/SC/CH/SecIssues20090128
+
+Security issues that were patched on 20090128.
+
+Signed-off-by: Gunnar Wrobel <p at rdus.de>
+
+---
+ horde-webmail/lib/Horde/Image.php              |    1 +
+ horde-webmail/services/portal/cloud_search.php |    2 +-
+ 2 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/horde-webmail/lib/Horde/Image.php b/horde-webmail/lib/Horde/Image.php
+index 2d48777..1288ef5 100644
+--- a/horde-webmail/lib/Horde/Image.php
++++ b/horde-webmail/lib/Horde/Image.php
+@@ -551,6 +551,7 @@ class Horde_Image {
+             list($app, $driver) = $driver;
+         }
+ 
++        $driver = basename($driver);
+         $class = 'Horde_Image_' . $driver;
+         if (!class_exists($class)) {
+             if (!empty($app)) {
+diff --git a/horde-webmail/services/portal/cloud_search.php b/horde-webmail/services/portal/cloud_search.php
+index 0d0bc53..7e22aa6 100644
+--- a/horde-webmail/services/portal/cloud_search.php
++++ b/horde-webmail/services/portal/cloud_search.php
+@@ -28,7 +28,7 @@ $results = $registry->call('images/searchTags', array(array($tag)));
+ $results = array_merge($results, $registry->call('news/searchTags',
+                                                  array(array($tag))));
+ echo '<div class="control"><strong>'
+-    . sprintf(_("Results for %s"), '<span style="font-style:italic">' . $tag . '</span>')
++    . sprintf(_("Results for %s"), '<span style="font-style:italic">' . htmlspecialchars($tag) . '</span>')
+     . '</strong>'
+     . Horde::link('#', '', '', '', '$(\'cloudsearch\').hide();', '', '', array('style' => 'font-size:75%;'))
+     . '(' . _("Hide Results") . ')</a></span></div><ul class="linedRow">';
+-- 
+tg: (5bcbb67..) t/horde/SC/CH/SecIssues20090128 (depends on: master)

More information about the commits mailing list