From 719a257f0c8fd750a4984ed56273dc653565729e Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 10 Aug 2007 08:27:40 +0000
Subject: Some bugfixes, security issues + minor improvements

---
 program/include/main.inc            |  3 +++
 program/include/rcmail_template.inc |  4 ++--
 program/include/rcube_imap.inc      | 23 ++++++++---------------
 3 files changed, 13 insertions(+), 17 deletions(-)

(limited to 'program/include')

diff --git a/program/include/main.inc b/program/include/main.inc
index aa1de9754..4b8aa68d5 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -234,6 +234,9 @@ function rcmail_authenticate_session()
   // check session filetime
   if (!empty($CONFIG['session_lifetime']) && isset($SESS_CHANGED) && $SESS_CHANGED + $CONFIG['session_lifetime']*60 < time())
     $valid = false;
+    
+  if (!$valid)
+    write_log('timeouts', $_SESSION + array('SESS_CLIENT_IP' => $SESS_CLIENT_IP, 'SESS_CHANGED' => $SESS_CHANGED, 'COOKIE' => $_COOKIE));
 
   return $valid;
   }
diff --git a/program/include/rcmail_template.inc b/program/include/rcmail_template.inc
index d158a019c..6057f2af3 100644
--- a/program/include/rcmail_template.inc
+++ b/program/include/rcmail_template.inc
@@ -745,8 +745,8 @@ function rcmail_login_form($attrib)
   $labels['pass'] = rcube_label('password');
   $labels['host'] = rcube_label('server');
   
-  $input_user = new textfield(array('name' => '_user', 'id' => 'rcmloginuser', 'size' => 30, 'autocomplete' => 'off'));
-  $input_pass = new passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd', 'size' => 30));
+  $input_user = new textfield(array('name' => '_user', 'id' => 'rcmloginuser', 'size' => 30) + $attrib);
+  $input_pass = new passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd', 'size' => 30) + $attrib);
   $input_action = new hiddenfield(array('name' => '_action', 'value' => 'login'));
     
   $fields = array();
diff --git a/program/include/rcube_imap.inc b/program/include/rcube_imap.inc
index 0cfda1573..eddbad91b 100644
--- a/program/include/rcube_imap.inc
+++ b/program/include/rcube_imap.inc
@@ -1374,7 +1374,7 @@ class rcube_imap
     // make sure mailbox exists
     if (!in_array($to_mbox, $this->_list_mailboxes()))
       {
-      if (in_array(strtolower($to_mbox), $this->default_folders))
+      if (in_array($to_mbox, $this->default_folders))
         $this->create_mailbox($to_mbox, TRUE);
       else
         return FALSE;
@@ -1658,11 +1658,11 @@ class rcube_imap
     $abs_name = $this->_mod_mailbox($name);
     $a_mailbox_cache = $this->get_cache('mailboxes');
 
-    if (strlen($abs_name) && (!is_array($a_mailbox_cache) || !in_array_nocase($abs_name, $a_mailbox_cache)))
+    if (strlen($abs_name) && (!is_array($a_mailbox_cache) || !in_array($abs_name, $a_mailbox_cache)))
       $result = iil_C_CreateFolder($this->conn, $abs_name);
 
     // try to subscribe it
-    if ($subscribe)
+    if ($result && $subscribe)
       $this->subscribe($name);
 
     return $result ? $name : FALSE;
@@ -1768,17 +1768,10 @@ class rcube_imap
     foreach ($this->default_folders as $folder)
       {
       $abs_name = $this->_mod_mailbox($folder);
-      if (!in_array_nocase($abs_name, $a_subscribed))
-        {
-        if (!in_array_nocase($abs_name, $a_folders))
-          $this->create_mailbox($folder, TRUE);
-        else
-          $this->subscribe($folder);
-        }
-      else if (!in_array_nocase($abs_name, $a_folders))
-        {
-        $this->create_mailbox($folder, FALSE);
-        }
+      if (!in_array_nocase($abs_name, $a_folders))
+        $this->create_mailbox($folder, TRUE);
+      else if (!in_array_nocase($abs_name, $a_subscribed))
+        $this->subscribe($folder);
       }
     }
 
@@ -2433,7 +2426,7 @@ class rcube_imap
         $a_out[] = $folder;
       }
 
-    sort($a_out);
+    natcasesort($a_out);
     ksort($a_defaults);
     
     return array_merge($a_defaults, $a_out);
-- 
cgit v1.2.3