From 7d52e00a51450bc4a080d4e21b7dda02c0a65191 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 14 Nov 2013 05:42:06 -0500
Subject: [PATCH] Fixed list sorting

---
 server/plugins-available/getmail_plugin.inc.php |   24 +++++++++++++++++-------
 1 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/server/plugins-available/getmail_plugin.inc.php b/server/plugins-available/getmail_plugin.inc.php
index a168aff..eb2da0e 100644
--- a/server/plugins-available/getmail_plugin.inc.php
+++ b/server/plugins-available/getmail_plugin.inc.php
@@ -91,7 +91,7 @@
 			$this->delete($event_name,$data);
 			
 			// Get the new config file path
-			$config_file_path = escapeshellcmd($this->getmail_config_dir.'/'.$data["new"]["source_server"].'_'.$data["new"]["source_username"].'.conf');
+			$config_file_path = escapeshellcmd($this->getmail_config_dir.'/'.$this->_clean_path($data["new"]["source_server"]).'_'.$this->_clean_path($data["new"]["source_username"]).'.conf');
 			if(stristr($config_file_path, "..") or stristr($config_file_path, "|") or stristr($config_file_path,";") or stristr($config_file_path,'$')) {
 				$app->log("Possibly faked path for getmail config file: '$config_file_path'. File is not written.",LOGLEVEL_ERROR);
 				return false;
@@ -104,9 +104,15 @@
 			
 				// Shall emails be deleted after retrieval
 				if($data["new"]["source_delete"] == 'y') {
-					$tpl = str_replace('{DELETE}','1',$tpl);
+					$tpl = str_replace('{DELETE}','true',$tpl);
 				} else {
-					$tpl = str_replace('{DELETE}','0',$tpl);
+					$tpl = str_replace('{DELETE}','false',$tpl);
+				}
+
+				if($data["new"]["read_all"] == 'y') {
+					$tpl = str_replace('{READ_ALL}', 'true', $tpl);
+				} else {
+					$tpl = str_replace('{READ_ALL}', 'false', $tpl);
 				}
 				
 				// Set the data retriever
@@ -129,8 +135,8 @@
 				// Write the config file.
 				file_put_contents($config_file_path,$tpl);
 				$app->log("Writing Getmail config file: $config_file_path",LOGLEVEL_DEBUG);
-				exec("chmod 400 $config_file_path");
-				exec("chown getmail $config_file_path");
+				chmod($config_file_path, 0400);
+				chown($config_file_path, 'getmail');
 				unset($tpl);
 				unset($config_file_path);
 				
@@ -149,7 +155,7 @@
 		$getmail_config = $app->getconf->get_server_config($conf["server_id"], 'getmail');
 		$this->getmail_config_dir = $getmail_config["getmail_config_dir"];
 		
-		$config_file_path = escapeshellcmd($this->getmail_config_dir.'/'.$data["old"]["source_server"].'_'.$data["old"]["source_username"].'.conf');
+		$config_file_path = escapeshellcmd($this->getmail_config_dir.'/'.$this->_clean_path($data["old"]["source_server"]).'_'.$this->_clean_path($data["old"]["source_username"]).'.conf');
 		if(stristr($config_file_path,"..") || stristr($config_file_path,"|") || stristr($config_file_path,";") || stristr($config_file_path,'$')) {
 			$app->log("Possibly faked path for getmail config file: '$config_file_path'. File is not written.",LOGLEVEL_ERROR);
 			return false;
@@ -157,7 +163,11 @@
 		if(is_file($config_file_path)) unlink($config_file_path);
 	}
 	
+	function _clean_path($input) {
+		return preg_replace('/[^A-Za-z0-9\-_]/', '_', $input);
+	}
+	
 
 } // end class
 
-?>
\ No newline at end of file
+?>

--
Gitblit v1.9.1