From 8b771646fadcde0abb27c2218a45942b95734838 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sun, 10 Mar 2013 11:49:20 +0100
Subject: Fix so task name can really contain all from a-z0-9_- characters
 (#1488941)

---
 program/include/rcmail.php                 | 2 +-
 program/js/app.js                          | 6 +++---
 program/lib/Roundcube/rcube_plugin.php     | 2 +-
 program/lib/Roundcube/rcube_plugin_api.php | 4 ++--
 4 files changed, 7 insertions(+), 7 deletions(-)

(limited to 'program')

diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index b2d6966d0..1bde4034f 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -123,7 +123,7 @@ class rcmail extends rcube
    */
   public function set_task($task)
   {
-    $task = asciiwords($task);
+    $task = asciiwords($task, true);
 
     if ($this->user && $this->user->ID)
       $task = !$task ? 'mail' : $task;
diff --git a/program/js/app.js b/program/js/app.js
index c2a7c1b79..9f76757a6 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -1235,7 +1235,7 @@ function rcube_webmail()
     if (!url)
       url = this.env.comm_path;
 
-    return url.replace(/_task=[a-z]+/, '_task='+task);
+    return url.replace(/_task=[a-z0-9_-]+/i, '_task='+task);
   };
 
   this.reload = function(delay)
@@ -5970,9 +5970,9 @@ function rcube_webmail()
     var base = this.env.comm_path, k, param = {};
 
     // overwrite task name
-    if (query._action.match(/([a-z]+)\/([a-z0-9-_.]+)/)) {
+    if (query._action.match(/([a-z0-9_-]+)\/([a-z0-9-_.]+)/)) {
       query._action = RegExp.$2;
-      base = base.replace(/\_task=[a-z]+/, '_task='+RegExp.$1);
+      base = base.replace(/\_task=[a-z0-9_-]+/, '_task='+RegExp.$1);
     }
 
     // remove undefined values
diff --git a/program/lib/Roundcube/rcube_plugin.php b/program/lib/Roundcube/rcube_plugin.php
index 66e77cce2..9ea0f73d3 100644
--- a/program/lib/Roundcube/rcube_plugin.php
+++ b/program/lib/Roundcube/rcube_plugin.php
@@ -237,7 +237,7 @@ abstract class rcube_plugin
     /**
      * Register this plugin to be responsible for a specific task
      *
-     * @param string $task Task name (only characters [a-z0-9_.-] are allowed)
+     * @param string $task Task name (only characters [a-z0-9_-] are allowed)
      */
     public function register_task($task)
     {
diff --git a/program/lib/Roundcube/rcube_plugin_api.php b/program/lib/Roundcube/rcube_plugin_api.php
index 8a4cce215..111c177d9 100644
--- a/program/lib/Roundcube/rcube_plugin_api.php
+++ b/program/lib/Roundcube/rcube_plugin_api.php
@@ -372,7 +372,7 @@ class rcube_plugin_api
     /**
      * Register this plugin to be responsible for a specific task
      *
-     * @param string $task Task name (only characters [a-z0-9_.-] are allowed)
+     * @param string $task Task name (only characters [a-z0-9_-] are allowed)
      * @param string $owner Plugin name that registers this action
      */
     public function register_task($task, $owner)
@@ -382,7 +382,7 @@ class rcube_plugin_api
             return true;
         }
 
-        if ($task != asciiwords($task)) {
+        if ($task != asciiwords($task, true)) {
             rcube::raise_error(array('code' => 526, 'type' => 'php',
                 'file' => __FILE__, 'line' => __LINE__,
                 'message' => "Invalid task name: $task."
-- 
cgit v1.2.3