This affects #search, #uid_search, #sort, #uid_sort, #thread, and #uid_thread#.
Prior to this, sending a parenthesized list in the search criteria for any of these commands required the use of strings, which are converted to RawData, which has security implications with untrusted inputs.
With this change, arrays will only be converted into SequenceSet when every element in the array is a valid SequenceSet input. Otherwise, the array will be left alone, which allows us to send parenthesized lists without using strings and RawData.
For example, some searches this change enables:
combining criteria to pass into OR, NOT, FUZZY, etc.
search(["not", %w(flagged unread)]) converts to:
SEARCH not (flagged unread)
Adding return options (we should also add a return kwarg).
This affects
#search,#uid_search,#sort,#uid_sort,#thread, and#uid_thread#.Prior to this, sending a parenthesized list in the search criteria for any of these commands required the use of strings, which are converted to
RawData, which has security implications with untrusted inputs.With this change, arrays will only be converted into
SequenceSetwhen every element in the array is a validSequenceSetinput. Otherwise, the array will be left alone, which allows us to send parenthesized lists without using strings andRawData.For example, some searches this change enables:
OR,NOT,FUZZY, etc.search(["not", %w(flagged unread)])converts to:SEARCH not (flagged unread)returnkwarg).uid_search(["RETURN", ["PARTIAL", 1..50], "UID", 12345..67890]converts to:UID SEARCH RETURN (PARTIAL 1:50) UID 12345:67890PARTIALsupports negative ranges, which can't be coerced to SequenceSet. They'll need to be sent as strings, for now.ESEARCHresults, which are currently unsupported. See #333.This should be backward compatible: previously these inputs would simply raise an exception.