diff options
-rw-r--r-- | CHANGELOG | 7 | ||||
-rw-r--r-- | program/js/app.js | 9 | ||||
-rw-r--r-- | program/steps/addressbook/save.inc | 6 |
3 files changed, 17 insertions, 5 deletions
@@ -1,12 +1,13 @@ CHANGELOG Roundcube Webmail =========================== +RELEASE 0.6-beta +---------------- - Fixed selecting identity on reply/forward (#1487981) - Add option to hide selected LDAP addressbook on the list - Add client-side checking of uploaded files size - Add newlines between organization, department, jobtitle (#1488028) - Recalculate date when replying to a message and localize the cite header (#1487675) -- Fix XSS vulnerability in UI messages (#1488030) - Fix handling of email addresses with quoted local part (#1487939) - Fix EOL character in vCard exports (#1487873) - Added optional "multithreading" autocomplete feature @@ -70,6 +71,10 @@ CHANGELOG Roundcube Webmail - Fulltext search over (almost) all data for contacts - Extend address book with rich contact information +RELEASE 0.5.4 +------------- +- Fix XSS vulnerability in UI messages (#1488030) + RELEASE 0.5.3 ------------- - Fix identities "reply-to" and "bcc" fields have a bogus value when left empty (#1487943) diff --git a/program/js/app.js b/program/js/app.js index 6da5a578c..808adc575 100644 --- a/program/js/app.js +++ b/program/js/app.js @@ -3997,12 +3997,19 @@ function rcube_webmail() }; // update a contact record in the list - this.update_contact_row = function(cid, cols_arr, newcid) + this.update_contact_row = function(cid, cols_arr, newcid, source) { var c, row, list = this.contact_list; cid = String(cid).replace(this.identifier_expr, '_'); + // when in searching mode, concat cid with the source name + if (!list.rows[cid]) { + cid = cid+'-'+source; + if (newcid) + newcid = newcid+'-'+source; + } + if (list.rows[cid] && (row = list.rows[cid].obj)) { for (c=0; c<cols_arr.length; c++) if (row.cells[c]) diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc index c463bf7fe..ddbd630ef 100644 --- a/program/steps/addressbook/save.inc +++ b/program/steps/addressbook/save.inc @@ -104,12 +104,13 @@ if (isset($a_record['photo'])) { $RCMAIL->session->remove('contacts'); } +$source = get_input_value('_source', RCUBE_INPUT_GPC); // update an existing contact if (!empty($cid)) { $plugin = $RCMAIL->plugins->exec_hook('contact_update', - array('id' => $cid, 'record' => $a_record, 'source' => get_input_value('_source', RCUBE_INPUT_GPC))); + array('id' => $cid, 'record' => $a_record, 'source' => $source)); $a_record = $plugin['record']; if (!$plugin['abort']) @@ -136,7 +137,7 @@ if (!empty($cid)) $a_js_cols[] = Q((string)$record[$col]); // update the changed col in list - $OUTPUT->command('parent.update_contact_row', $cid, $a_js_cols, $newcid); + $OUTPUT->command('parent.update_contact_row', $cid, $a_js_cols, $newcid, $source); // show confirmation $OUTPUT->show_message('successfullysaved', 'confirmation', null, false); @@ -152,7 +153,6 @@ if (!empty($cid)) // insert a new contact else { - $source = get_input_value('_source', RCUBE_INPUT_GPC); // Name of the addressbook already selected on the list $orig_source = get_input_value('_orig_source', RCUBE_INPUT_GPC); |