diff options
| author | Aleksander Machniak <alec@alec.pl> | 2012-06-13 12:12:53 +0200 |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2012-06-13 12:14:03 +0200 |
| commit | 7456c27b47937d05fee84881e50dec66853975fa (patch) | |
| tree | 69f1ef6d2c53b263bedd3381b33ce089b3217cf6 | |
| parent | 16114e620d0e6781b1d423200b4947eb05bf6afa (diff) | |
Fix removing contact photo using LDAP addressbook (#1488420)
Conflicts:
CHANGELOG
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | program/include/rcube_ldap.php | 7 |
2 files changed, 6 insertions, 2 deletions
@@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Fix removing contact photo using LDAP addressbook (#1488420) - Fix XSS vulnerability in message subject handling using Larry skin (#1488519) - Fix handling of links with various URI schemes e.g. "skype:" (#1488106) - Fix handling of links inside PRE elements on html to text conversion diff --git a/program/include/rcube_ldap.php b/program/include/rcube_ldap.php index 2c4497733..9904d7d7d 100644 --- a/program/include/rcube_ldap.php +++ b/program/include/rcube_ldap.php @@ -1194,8 +1194,11 @@ class rcube_ldap extends rcube_addressbook else if ($val == '') { // Field supplied is empty, verify that it is not required. if (!in_array($fld, $this->prop['required_fields'])) { - // It is not, safe to clear. - $deletedata[$fld] = $old_data[$fld]; + // ...It is not, safe to clear. + // #1488420: Workaround "ldap_mod_del(): Modify: Inappropriate matching in..." + // jpegPhoto attribute require an array() here. It looks to me that it works for other attribs too + $deletedata[$fld] = array(); + //$deletedata[$fld] = $old_data[$fld]; } } else { |