From 23519707a666b83d7a8444a294680cb96d20ab8a Mon Sep 17 00:00:00 2001 From: Eugene Kazakov Date: Thu, 18 Nov 2021 20:40:21 +0100 Subject: [PATCH 1/4] Allow only trusted classes in unserialize --- lib/Compose.php | 2 +- lib/Factory/MailboxList.php | 6 +++++- lib/Flags.php | 11 ++++++++++- lib/Ftree/Prefs/Expanded.php | 2 +- lib/Ftree/Prefs/Poll.php | 2 +- lib/LoginTasks/SystemTask/Upgrade.php | 7 +++++-- lib/Prefs/Sort.php | 2 +- lib/Remote.php | 4 +++- lib/Search.php | 15 +++++++++++++-- 9 files changed, 40 insertions(+), 11 deletions(-) diff --git a/lib/Compose.php b/lib/Compose.php index ff8e90c90..a81cdc4a0 100644 --- a/lib/Compose.php +++ b/lib/Compose.php @@ -839,7 +839,7 @@ public function buildAndSendMessage( $headers->addUserAgentHeader(); /* Add preferred reply language(s). */ - if ($lang = @unserialize($prefs->getValue('reply_lang'))) { + if ($lang = @unserialize($prefs->getValue('reply_lang'), array('allowed_classes' => false))) { $headers->addHeader('Accept-Language', implode(',', $lang)); } diff --git a/lib/Factory/MailboxList.php b/lib/Factory/MailboxList.php index 7b71e970e..2cb5dc2a0 100644 --- a/lib/Factory/MailboxList.php +++ b/lib/Factory/MailboxList.php @@ -57,7 +57,11 @@ public function create($mailbox) $mailbox = IMP_Mailbox::get($mailbox); if ($ob = $this->_getCache($mailbox)->get($key)) { - $ob = @unserialize($ob); + $ob = @unserialize($ob, array('allowed_classes' => array( + 'IMP_Mailbox_List_Virtual', + 'IMP_Mailbox_List_Pop3', + 'IMP_Mailbox_List', + ))); } if (!$ob) { diff --git a/lib/Flags.php b/lib/Flags.php index eacf3e1e7..906a811d3 100644 --- a/lib/Flags.php +++ b/lib/Flags.php @@ -71,7 +71,16 @@ public function __construct() } if ($f_list = $GLOBALS['prefs']->getValue('msgflags')) { - $f_list = @unserialize($f_list); + $f_list = @unserialize($f_list, array('allowed_classes' => array( + 'IMP_Flag_Imap_Answered', + 'IMP_Flag_Imap_Deleted', + 'IMP_Flag_Imap_Draft', + 'IMP_Flag_Imap_Flagged', + 'IMP_Flag_Imap_Forwarded', + 'IMP_Flag_Imap_Junk', + 'IMP_Flag_Imap_NotJunk', + 'IMP_Flag_Imap_Seen', + ))); if (is_array($f_list)) { foreach ($f_list as $val) { $this->_userflags[$val->id] = $val; diff --git a/lib/Ftree/Prefs/Expanded.php b/lib/Ftree/Prefs/Expanded.php index d870f06b9..cca9cd2fc 100644 --- a/lib/Ftree/Prefs/Expanded.php +++ b/lib/Ftree/Prefs/Expanded.php @@ -41,7 +41,7 @@ public function __construct() { global $prefs; - if (($folders = @unserialize($prefs->getValue('expanded_folders'))) && + if (($folders = @unserialize($prefs->getValue('expanded_folders'), array('allowed_classes' => false))) && is_array($folders)) { $this->_data = $folders; } diff --git a/lib/Ftree/Prefs/Poll.php b/lib/Ftree/Prefs/Poll.php index d4a6977ea..b303d2e02 100644 --- a/lib/Ftree/Prefs/Poll.php +++ b/lib/Ftree/Prefs/Poll.php @@ -47,7 +47,7 @@ public function __construct(IMP_Ftree $ftree) $this->_data = array('INBOX' => 1); /* Add the list of polled mailboxes from the prefs. */ - if ($nav_poll = @unserialize($prefs->getValue('nav_poll'))) { + if ($nav_poll = @unserialize($prefs->getValue('nav_poll'), array('allowed_classes' => false))) { $this->_data += $nav_poll; } diff --git a/lib/LoginTasks/SystemTask/Upgrade.php b/lib/LoginTasks/SystemTask/Upgrade.php index cdb0c68e3..8de4fb376 100644 --- a/lib/LoginTasks/SystemTask/Upgrade.php +++ b/lib/LoginTasks/SystemTask/Upgrade.php @@ -344,7 +344,10 @@ protected function _upgradeVirtualFolders() $vfolders = $prefs->getValue('vfolder'); if (!empty($vfolders)) { - $vfolders = @unserialize($vfolders); + $vfolders = @unserialize($vfolders, array('allowed_classes' => array( + 'IMP_Search_Vfolder_Vinbox', + 'IMP_Search_Vfolder_Vtrash', + ))); } if (empty($vfolders) || !is_array($vfolders)) { @@ -573,7 +576,7 @@ protected function _upgradeStationeryToTemplates() { global $injector, $prefs; - $slist = @unserialize($prefs->getValue('stationery')); + $slist = @unserialize($prefs->getValue('stationery'), array('allowed_classes' => false)); if (is_array($slist)) { /* Old entry format: * 'c' => (string) Content diff --git a/lib/Prefs/Sort.php b/lib/Prefs/Sort.php index e2346df1e..34ad0169d 100644 --- a/lib/Prefs/Sort.php +++ b/lib/Prefs/Sort.php @@ -39,7 +39,7 @@ public function __construct() { global $prefs; - $sortpref = @unserialize($prefs->getValue(self::SORTPREF)); + $sortpref = @unserialize($prefs->getValue(self::SORTPREF), array('allowed_classes' => false)); if (is_array($sortpref)) { $this->_sortpref = $sortpref; } diff --git a/lib/Remote.php b/lib/Remote.php index 8bb2d8377..4be74d241 100644 --- a/lib/Remote.php +++ b/lib/Remote.php @@ -37,7 +37,9 @@ class IMP_Remote implements ArrayAccess, IteratorAggregate */ public function __construct() { - $this->_accounts = @unserialize($GLOBALS['prefs']->getValue('remote')) ?: array(); + $this->_accounts = @unserialize($GLOBALS['prefs']->getValue('remote'), array('allowed_classes' => array( + 'IMP_Remote_Account', + ))) ?: array(); } /** diff --git a/lib/Search.php b/lib/Search.php index 4bab48268..8f9f815ab 100644 --- a/lib/Search.php +++ b/lib/Search.php @@ -207,7 +207,15 @@ class_exists($cname)) { } if ($f_list = $GLOBALS['prefs']->getValue('filter')) { - $f_list = @unserialize($f_list); + $f_list = @unserialize($f_list, array('allowed_classes' => array( + 'IMP_Search_Filter', + 'IMP_Search_Filter_Personal', + 'IMP_Search_Filter_Attachment', + 'IMP_Search_Filter_Autogenerated', + 'IMP_Search_Filter_Contacts', + 'IMP_Search_Filter_Bulk', + 'IMP_Search_Filter_Mailinglist', + ))); if (is_array($f_list)) { foreach ($f_list as $val) { if ($val instanceof IMP_Search_Filter) { @@ -297,7 +305,10 @@ class_exists($cname)) { } if ($pref_vf = $GLOBALS['prefs']->getValue('vfolder')) { - $pref_vf = @unserialize($pref_vf); + $pref_vf = @unserialize($pref_vf, array('allowed_classes' => array( + 'IMP_Search_Vfolder_Vinbox', + 'IMP_Search_Vfolder_Vtrash', + ))); if (is_array($pref_vf)) { foreach ($pref_vf as $val) { if ($val instanceof IMP_Search_Vfolder) { From 15ae1325e9087f3350f74738d239ccebf6c02f05 Mon Sep 17 00:00:00 2001 From: Felix Eckhofer Date: Thu, 3 Mar 2022 14:02:26 +0100 Subject: [PATCH 2/4] Add missing IMP_Mailbox to allowlist --- lib/Factory/MailboxList.php | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/Factory/MailboxList.php b/lib/Factory/MailboxList.php index 2cb5dc2a0..eeccf1bf3 100644 --- a/lib/Factory/MailboxList.php +++ b/lib/Factory/MailboxList.php @@ -61,6 +61,7 @@ public function create($mailbox) 'IMP_Mailbox_List_Virtual', 'IMP_Mailbox_List_Pop3', 'IMP_Mailbox_List', + 'IMP_Mailbox', ))); } From ae6f0d70d18431e3a1051768e88f5fe6a7a2010a Mon Sep 17 00:00:00 2001 From: Felix Eckhofer Date: Thu, 3 Mar 2022 17:31:55 +0100 Subject: [PATCH 3/4] Add missing IMP_Flag_User to allowlist --- lib/Flags.php | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/Flags.php b/lib/Flags.php index 906a811d3..00e7521e4 100644 --- a/lib/Flags.php +++ b/lib/Flags.php @@ -80,6 +80,7 @@ public function __construct() 'IMP_Flag_Imap_Junk', 'IMP_Flag_Imap_NotJunk', 'IMP_Flag_Imap_Seen', + 'IMP_Flag_User', ))); if (is_array($f_list)) { foreach ($f_list as $val) { From 6431312032ddca90d750a5781d0131559db256d5 Mon Sep 17 00:00:00 2001 From: Felix Eckhofer Date: Fri, 4 Mar 2022 11:26:33 +0100 Subject: [PATCH 4/4] Add missing IMP_Flag_System_ flags to allowlist --- lib/Flags.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/lib/Flags.php b/lib/Flags.php index 00e7521e4..7b63ec3ad 100644 --- a/lib/Flags.php +++ b/lib/Flags.php @@ -80,6 +80,17 @@ public function __construct() 'IMP_Flag_Imap_Junk', 'IMP_Flag_Imap_NotJunk', 'IMP_Flag_Imap_Seen', + 'IMP_Flag_System_Attachment', + 'IMP_Flag_System_Encrypted', + 'IMP_Flag_System_HighPriority', + 'IMP_Flag_System_List', + 'IMP_Flag_System_LowPriority', + 'IMP_Flag_System_Personal', + 'IMP_Flag_System_Signed', + 'IMP_Flag_System_Unseen', + 'IMP_Flag_System_Match_Address', + 'IMP_Flag_System_Match_Flag', + 'IMP_Flag_System_Match_Header', 'IMP_Flag_User', ))); if (is_array($f_list)) {