From f54ddaca8e6e828a0b20e5e96f36b5f9e1ec7292 Mon Sep 17 00:00:00 2001 From: Hadi Nategh Date: Wed, 17 Oct 2018 18:06:13 +0200 Subject: [PATCH] * Mail: do not let hierarchy delimiter inside folder names as it may break the folder structure --- mail/inc/class.mail_ui.inc.php | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/mail/inc/class.mail_ui.inc.php b/mail/inc/class.mail_ui.inc.php index 9e6f365439..5b2cea6b6a 100644 --- a/mail/inc/class.mail_ui.inc.php +++ b/mail/inc/class.mail_ui.inc.php @@ -3953,7 +3953,12 @@ $filter['before']= date("d-M-Y", $cutoffdate2); { $error=''; $created = false; - + $response = Api\Json\Response::get(); + $del = $this->mail_bo->getHierarchyDelimiter(flase); + if (strpos($_new, $del) !== FALSE) + { + return $response->call('egw.message', lang('failed to rename %1 ! Reason: %2 is not allowed!',$_parent, $del)); + } if ($_parent) { $parent = $this->mail_bo->decodeEntityFolderName($_parent); @@ -4018,7 +4023,7 @@ $filter['before']= date("d-M-Y", $cutoffdate2); if (!empty($new)) $this->mail_bo->reopen($new); } - $response = Api\Json\Response::get(); + if ($created===true && $error =='') { $this->mail_bo->resetFolderObjectCache($profileID); @@ -4054,12 +4059,20 @@ $filter['before']= date("d-M-Y", $cutoffdate2); function ajax_renameFolder($_folderName, $_newName) { if (Mail::$debug) error_log(__METHOD__.__LINE__.' OldFolderName:'.array2string($_folderName).' NewName:'.array2string($_newName)); + //error_log(__METHOD__.__LINE__.array2string($oA)); + $response = Api\Json\Response::get(); + $del = $this->mail_bo->getHierarchyDelimiter(false); + if (strpos($_newName, $del) !== FALSE) + { + return $response->call('egw.message', lang('failed to rename %1 ! Reason: %2 is not allowed!',$_folderName, $del)); + } + if ($_folderName) { Api\Translation::add_app('mail'); $decodedFolderName = $this->mail_bo->decodeEntityFolderName($_folderName); $_newName = $this->mail_bo->decodeEntityFolderName($_newName); - $del = $this->mail_bo->getHierarchyDelimiter(false); + $oA = array(); list($profileID,$folderName) = explode(self::$delimiter,$decodedFolderName,2); $hasChildren = false;