From 34e6526c958f3a0143a2cf5c8f1b9be29ebd65ef Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Wed, 30 Apr 2014 09:07:29 +0200 Subject: Fix invalid host validation on login (#1489841) --- CHANGELOG | 1 + program/include/rcmail.php | 32 ++++++++++---------------------- 2 files changed, 11 insertions(+), 22 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index b2c97c87a..dcd5bdf35 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -20,6 +20,7 @@ CHANGELOG Roundcube Webmail - Fix various db_prefix issues (#1489839) - Fix too small length of users.preferences column data type on MySQL - Fix redundant warning when switching from html to text in empty editor (#1489819) +- Fix invalid host validation on login (#1489841) RELEASE 1.0.0 ------------- diff --git a/program/include/rcmail.php b/program/include/rcmail.php index bf2291310..f0afc6b63 100644 --- a/program/include/rcmail.php +++ b/program/include/rcmail.php @@ -497,30 +497,18 @@ class rcmail extends rcube $username_domain = $this->config->get('username_domain'); $login_lc = $this->config->get('login_lc', 2); - if (!$host) { - $host = $default_host; - } - - // Validate that selected host is in the list of configured hosts - if (is_array($default_host)) { - $allowed = false; - - foreach ($default_host as $key => $host_allowed) { - if (!is_numeric($key)) { - $host_allowed = $key; - } - if ($host == $host_allowed) { - $allowed = true; - break; - } + // host is validated in rcmail::autoselect_host(), so here + // we'll only handle unset host (if possible) + if (!$host && !empty($default_host)) { + if (is_array($default_host)) { + list($key, $val) = each($default_host); + $host = is_numeric($key) ? $val : $key; } - - if (!$allowed) { - $host = null; + else { + $host = $default_host; } - } - else if (!empty($default_host) && $host != rcube_utils::parse_host($default_host)) { - $host = null; + + $host = rcube_utils::parse_host($host); } if (!$host) { -- cgit v1.2.3