Merge branch 'master' of github.com:roundcube/roundcubemail

author: Thomas Bruederli <thomas@roundcube.net> 2012-09-24 11:35:56 +0200
committer: Thomas Bruederli <thomas@roundcube.net> 2012-09-24 11:35:56 +0200
commit: 4bf16f47403144c6804446d03d9d99a38e78eacb (patch)
tree: 9ec5b78d5441ee076399d8c37b78ca6b119b72ec /plugins/managesieve/managesieve.php
parent: 371a09b0db94cf558441f4182887f87b970bdc86 (diff)
parent: 30f10bfe1685c18fa43f64603e1989355dc9b665 (diff)
1 files changed, 30 insertions, 2 deletions
diff --git a/plugins/managesieve/managesieve.php b/plugins/managesieve/managesieve.php
index 0ddeba542..7282ff2e0 100644
--- a/plugins/managesieve/managesieve.php
+++ b/plugins/managesieve/managesieve.php
@@ -530,9 +530,37 @@ class managesieve extends rcube_plugin
         // Init plugin and handle managesieve connection
         $error = $this->managesieve_start();
 
-        // filters set add action
-        if (!empty($_POST['_newset'])) {
+        // get request size limits (#1488648)
+        $max_post = max(array(
+            ini_get('max_input_vars'),
+            ini_get('suhosin.request.max_vars'),
+            ini_get('suhosin.post.max_vars'),
+        ));
+        $max_depth = max(array(
+            ini_get('suhosin.request.max_array_depth'),
+            ini_get('suhosin.post.max_array_depth'),
+        ));
 
+        // check request size limit
+        if ($max_post && count($_POST, COUNT_RECURSIVE) >= $max_post) {
+            rcube::raise_error(array(
+                'code' => 500, 'type' => 'php',
+                'file' => __FILE__, 'line' => __LINE__,
+                'message' => "Request size limit exceeded (one of max_input_vars/suhosin.request.max_vars/suhosin.post.max_vars)"
+                ), true, false);
+            $this->rc->output->show_message('managesieve.filtersaveerror', 'error');
+        }
+        // check request depth limits
+        else if ($max_depth && count($_POST['_header']) > $max_depth) {
+            rcube::raise_error(array(
+                'code' => 500, 'type' => 'php',
+                'file' => __FILE__, 'line' => __LINE__,
+                'message' => "Request size limit exceeded (one of suhosin.request.max_array_depth/suhosin.post.max_array_depth)"
+                ), true, false);
+            $this->rc->output->show_message('managesieve.filtersaveerror', 'error');
+        }
+        // filters set add action
+        else if (!empty($_POST['_newset'])) {
             $name       = get_input_value('_name', RCUBE_INPUT_POST, true);
             $copy       = get_input_value('_copy', RCUBE_INPUT_POST, true);
             $from       = get_input_value('_from', RCUBE_INPUT_POST);
author	Thomas Bruederli <thomas@roundcube.net>	2012-09-24 11:35:56 +0200
committer	Thomas Bruederli <thomas@roundcube.net>	2012-09-24 11:35:56 +0200
commit	4bf16f47403144c6804446d03d9d99a38e78eacb (patch)
tree	9ec5b78d5441ee076399d8c37b78ca6b119b72ec /plugins/managesieve/managesieve.php
parent	371a09b0db94cf558441f4182887f87b970bdc86 (diff)
parent	30f10bfe1685c18fa43f64603e1989355dc9b665 (diff)