[Tickets #9058] Re: IMP ACL - ACL capability may not be available until after login.

bugs at horde.org bugs at horde.org
Wed Oct 13 13:29:19 UTC 2010 

BITTE NICHT AUF DIESE NACHRICHT ANTWORTEN. NACHRICHTEN AN DIESE  
E-MAIL-ADRESSE WERDEN NICHT GELESEN.

Ticket-URL: http://bugs.horde.org/ticket/9058
------------------------------------------------------------------------------
  Ticket           | 9058
  Aktualisiert Von | robert at schetterer.org
  Zusammenfassung  | IMP ACL - ACL capability may not be available until
                   | after login.
  Warteschlange    | IMP
  Version          | 4.3.8
  Typ              | Bug
  Status           | Resolved
  Priorität       | 3. High
  Milestone        |
  Patch            |
  Zuständige      | Michael Slusarz
------------------------------------------------------------------------------


robert at schetterer.org (2010-10-13 09:29) hat geschrieben:

> Hi,
> tested the your diff from git(cvs)
> it works now, but my tests show that acls of folders named i.e with -
> like test-1 etc cant be displayed, not sure if it ever worked, any idea?
> Regards

Ok i found the bug,
a folder named test-1 must be quoted
( whatever ist the problem to quote all folders ? )

the workaround (problem ) is
in rfc2086.php

the preg_match \W is not save ( save here means working or not ) to  
use in any setup cause it depends to the servers config
therefor it should be avoided ( google for that )


[^A-Za-z0-9] should match any symbol not a letter or number
so it might be a workaround

i am no php hacker and i dont know if these brakes other functions or  
security anyway
but it should not be a big thing for horde coders to review and fix this bug
so the ticket is definite not resolved yet ( unless it has no or minor  
connect to the starting bug thread )



/**
      * Attempts to retrieve the existing ACL for a folder from the current
      * IMAP server.
      *
      * NB: if Auth_SASL is not installed this function will send the users
      * password to the IMAP server as plain text!!
      *
      * @param string folder  The folder to get the ACL for.
      *
      * @return array  A hash containing information on the ACL.
      * <pre>
      * Array (
      *   user => Array (
      *     right => 1
      *   )
      * )
      * </pre>
      */
     function getACL($folder)
     {
         /* Quote the folder string if it contains non alpha-numeric
            characters. */

   //  if (preg_match('/\W/',$folder)) {
         if (preg_match('[^A-Za-z0-9]',$folder)) {

          $folder = '"' . $folder . '"';
        }

More information about the bugs mailing list