summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG1
-rw-r--r--program/js/app.js15
-rw-r--r--program/steps/addressbook/mailto.inc4
3 files changed, 9 insertions, 11 deletions
diff --git a/CHANGELOG b/CHANGELOG
index c3495cda7..fca1ce74b 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
+- Fix a bug where selecting too many contacts would produce too large URI request (#1487892)
- Fix relative URLs handling according to a <base> in HTML (#1487889)
- Fix handling of top-level domains with more than 5 chars or unicode chars (#1487883)
- Fix usage of non-standard HTTP error codes (#1487797)
diff --git a/program/js/app.js b/program/js/app.js
index 263355643..e83f33715 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -808,10 +808,10 @@ function rcube_webmail()
case 'compose':
var url = this.env.comm_path+'&_action=compose';
- if (this.task=='mail') {
+ if (this.task == 'mail') {
url += '&_mbox='+urlencode(this.env.mailbox);
- if (this.env.mailbox==this.env.drafts_mailbox) {
+ if (this.env.mailbox == this.env.drafts_mailbox) {
var uid;
if (uid = this.get_single_uid())
url += '&_draft_uid='+uid;
@@ -820,7 +820,7 @@ function rcube_webmail()
url += '&_to='+urlencode(props);
}
// modify url if we're in addressbook
- else if (this.task=='addressbook') {
+ else if (this.task == 'addressbook') {
// switch to mail compose step directly
if (props && props.indexOf('@') > 0) {
url = this.get_task_url('mail', url);
@@ -829,25 +829,22 @@ function rcube_webmail()
}
// use contact_id passed as command parameter
- var a_cids = [];
+ var n, len, a_cids = [];
if (props)
a_cids.push(props);
// get selected contacts
else if (this.contact_list) {
var selection = this.contact_list.get_selection();
- for (var n=0; n<selection.length; n++)
+ for (n=0, len=selection.length; n<len; n++)
a_cids.push(selection[n]);
}
if (a_cids.length)
- this.http_request('mailto', '_cid='+urlencode(a_cids.join(','))+'&_source='+urlencode(this.env.source), true);
+ this.http_post('mailto', {_cid: a_cids.join(','), _source: this.env.source}, true);
break;
}
- // don't know if this is necessary...
- url = url.replace(/&_framed=1/, '');
-
this.redirect(url);
break;
diff --git a/program/steps/addressbook/mailto.inc b/program/steps/addressbook/mailto.inc
index 702e1a61b..e4f2801f7 100644
--- a/program/steps/addressbook/mailto.inc
+++ b/program/steps/addressbook/mailto.inc
@@ -19,14 +19,14 @@
*/
-$cid = get_input_value('_cid', RCUBE_INPUT_GET);
+$cid = get_input_value('_cid', RCUBE_INPUT_POST);
$recipients = null;
$mailto = array();
if ($cid && preg_match('/^[a-z0-9\+\/=_-]+(,[a-z0-9\+\/=_-]+)*$/i', $cid) && $CONTACTS->ready)
{
$CONTACTS->set_page(1);
- $CONTACTS->set_pagesize(100);
+ $CONTACTS->set_pagesize(substr_count($cid, ',')+2); // +2 to skip counting query
$recipients = $CONTACTS->search($CONTACTS->primary_key, $cid);
while (is_object($recipients) && ($rec = $recipients->iterate())) {