diff options
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | program/include/rcube_ldap.php | 7 |
2 files changed, 6 insertions, 2 deletions
@@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Fix removing contact photo using LDAP addressbook (#1488420) - Fix XSS vulnerability in message subject handling using Larry skin (#1488519) - Fix handling of links with various URI schemes e.g. "skype:" (#1488106) - Fix handling of links inside PRE elements on html to text conversion diff --git a/program/include/rcube_ldap.php b/program/include/rcube_ldap.php index 2c4497733..9904d7d7d 100644 --- a/program/include/rcube_ldap.php +++ b/program/include/rcube_ldap.php @@ -1194,8 +1194,11 @@ class rcube_ldap extends rcube_addressbook else if ($val == '') { // Field supplied is empty, verify that it is not required. if (!in_array($fld, $this->prop['required_fields'])) { - // It is not, safe to clear. - $deletedata[$fld] = $old_data[$fld]; + // ...It is not, safe to clear. + // #1488420: Workaround "ldap_mod_del(): Modify: Inappropriate matching in..." + // jpegPhoto attribute require an array() here. It looks to me that it works for other attribs too + $deletedata[$fld] = array(); + //$deletedata[$fld] = $old_data[$fld]; } } else { |