From fe9ae12e46a151ee5989ed1f0009bb81611a46bd Mon Sep 17 00:00:00 2001
From: smizrahi <seb.mizrahi@gmail.com>
Date: Mon, 5 Dec 2022 11:45:45 +0100
Subject: [PATCH] fix(security): Security fix for WSTG-INPV-02. Fix NSException
 where tried to modify NSDictionary. Closes #5651.

---
 SoObjects/SOGo/SOGoUserDefaults.m | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/SoObjects/SOGo/SOGoUserDefaults.m b/SoObjects/SOGo/SOGoUserDefaults.m
index 357f8ebe6..5073e29b2 100644
--- a/SoObjects/SOGo/SOGoUserDefaults.m
+++ b/SoObjects/SOGo/SOGoUserDefaults.m
@@ -805,9 +805,9 @@ NSString *SOGoPasswordRecoverySecondaryEmail = @"SecondaryEmail";
   // Remove possible XSS injection
   mailIdentities = [NSMutableArray arrayWithArray: [self arrayForKey: @"SOGoMailIdentities"]];
   for (i = 0 ; i < [mailIdentities length] ; i++) {
-    mailIdentity = [mailIdentities objectAtIndex: i];
-    if (mailIdentity && [mailIdentity objectForKey: @"fullName"] && [[self arrayForKey: @"SOGoMailIdentities"] isKindOfClass: [NSString class]]) {
-      fullName = [NSString stringWithString: [self arrayForKey: @"SOGoMailIdentities"]];
+    mailIdentity = [NSMutableDictionary dictionaryWithDictionary: [mailIdentities objectAtIndex: i]];
+    if (mailIdentity && [mailIdentity objectForKey: @"fullName"]) {
+      fullName = [NSString stringWithString: [mailIdentity objectForKey: @"fullName"]];
       if (fullName) {
         [mailIdentity setObject: [fullName stringWithoutHTMLInjection: YES] forKey: @"fullName"];
         [mailIdentities setObject: mailIdentity atIndexedSubscript: i];