From 3375a681eb4bc4aa6e64d9a423ba0d1b6b0f4e12 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 14 May 2013 03:41:30 -0400
Subject: [PATCH] Fix problem where security warning was displayed for valid images with image/jpg type (#1489097)
---
program/steps/mail/func.inc | 64 ++++++++------------------------
1 files changed, 16 insertions(+), 48 deletions(-)
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 17ab6f9..fc22366 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -733,8 +733,13 @@
unset($data['body']);
// plaintext postprocessing
- if ($part->ctype_secondary == 'plain')
- $body = rcmail_plain_body($body, $part->ctype_parameters['format'] == 'flowed');
+ if ($part->ctype_secondary == 'plain') {
+ if ($part->ctype_secondary == 'plain' && $part->ctype_parameters['format'] == 'flowed') {
+ $body = rcube_mime::unfold_flowed($body);
+ }
+
+ $body = rcmail_plain_body($body);
+ }
// allow post-processing of the message body
$data = $RCMAIL->plugins->exec_hook('message_part_after',
@@ -748,11 +753,10 @@
* Handle links and citation marks in plain text message
*
* @param string Plain text string
- * @param boolean Text uses format=flowed
*
* @return string Formatted HTML string
*/
-function rcmail_plain_body($body, $flowed=false)
+function rcmail_plain_body($body)
{
global $RCMAIL;
@@ -777,53 +781,17 @@
if ($q > $quote_level) {
$body[$n] = $replacer->get_replacement($replacer->add(
str_repeat('<blockquote>', $q - $quote_level))) . $body[$n];
+ $last = $n;
}
else if ($q < $quote_level) {
$body[$n] = $replacer->get_replacement($replacer->add(
str_repeat('</blockquote>', $quote_level - $q))) . $body[$n];
- }
- else if ($flowed) {
- // previous line is flowed
- if (isset($body[$last]) && $body[$n]
- && $body[$last][strlen($body[$last])-1] == ' ') {
- // merge lines
- $body[$last] .= $body[$n];
- unset($body[$n]);
- }
- else {
- $last = $n;
- }
+ $last = $n;
}
}
else {
$q = 0;
- if ($flowed) {
- // sig separator - line is fixed
- if ($body[$n] == '-- ') {
- $last = $last_sig = $n;
- }
- else {
- // remove space-stuffing
- if ($body[$n][0] == ' ')
- $body[$n] = substr($body[$n], 1);
-
- // previous line is flowed?
- if (isset($body[$last]) && $body[$n]
- && $last !== $last_sig
- && $body[$last][strlen($body[$last])-1] == ' '
- ) {
- $body[$last] .= $body[$n];
- unset($body[$n]);
- }
- else {
- $last = $n;
- }
- }
- if ($quote_level > 0)
- $body[$last] = $replacer->get_replacement($replacer->add(
- str_repeat('</blockquote>', $quote_level))) . $body[$last];
- }
- else if ($quote_level > 0)
+ if ($quote_level > 0)
$body[$n] = $replacer->get_replacement($replacer->add(
str_repeat('</blockquote>', $quote_level))) . $body[$n];
}
@@ -1449,9 +1417,10 @@
$name = $part['name'];
$mailto = $part['mailto'];
$string = $part['string'];
+ $valid = check_email($mailto, false);
// phishing email prevention (#1488981), e.g. "valid@email.addr <phishing@email.addr>"
- if (!$show_email && $name && $name != $mailto && strpos($name, '@')) {
+ if (!$show_email && $valid && $name && $name != $mailto && strpos($name, '@')) {
$name = '';
}
@@ -1467,7 +1436,7 @@
// for printing we display all addresses
continue;
}
- else if (check_email($part['mailto'], false)) {
+ else if ($valid) {
if ($linked) {
$attrs = array(
'href' => 'mailto:' . $mailto,
@@ -1508,7 +1477,7 @@
if ($name)
$address .= Q($name);
if ($mailto)
- $address .= (strlen($address) ? ' ' : '') . sprintf('<%s>', Q($mailto));
+ $address = trim($address . ' ' . Q($name ? sprintf('<%s>', $mailto) : $mailto));
}
$address = html::span('adr', $address);
@@ -1854,8 +1823,7 @@
// application/pdf.A520491B_3BF7_494D_8855_7FAC2C6C0608
if (preg_match('/^application\/pdf.+/', $name))
$name = 'application/pdf';
-
- // treat image/pjpeg as image/jpeg
+ // treat image/pjpeg (image/pjpg, image/jpg) as image/jpeg (#1489097)
else if (preg_match('/^image\/p?jpe?g$/', $name))
$name = 'image/jpeg';
--
Gitblit v1.9.1