From 3375a681eb4bc4aa6e64d9a423ba0d1b6b0f4e12 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 14 May 2013 03:41:30 -0400
Subject: [PATCH] Fix problem where security warning was displayed for valid images with image/jpg type (#1489097)
---
program/steps/mail/func.inc | 472 +++++++++++++++++++++++++++++++++++-----------------------
1 files changed, 282 insertions(+), 190 deletions(-)
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 3668cd7..fc22366 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -5,7 +5,7 @@
| program/steps/mail/func.inc |
| |
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2005-2010, The Roundcube Dev Team |
+ | Copyright (C) 2005-2012, The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
@@ -89,11 +89,12 @@
}
$threading = (bool) $RCMAIL->storage->get_threading();
+ $delimiter = $RCMAIL->storage->get_hierarchy_delimiter();
// set current mailbox and some other vars in client environment
$OUTPUT->set_env('mailbox', $mbox_name);
$OUTPUT->set_env('pagesize', $RCMAIL->storage->get_pagesize());
- $OUTPUT->set_env('delimiter', $RCMAIL->storage->get_hierarchy_delimiter());
+ $OUTPUT->set_env('delimiter', $delimiter);
$OUTPUT->set_env('threading', $threading);
$OUTPUT->set_env('threads', $threading || $RCMAIL->storage->get_capability('THREAD'));
$OUTPUT->set_env('preview_pane_mark_read', $RCMAIL->config->get('preview_pane_mark_read', 0));
@@ -121,7 +122,10 @@
'movingmessage', 'copyingmessage', 'deletingmessage', 'markingmessage',
'copy', 'move', 'quota');
- $OUTPUT->set_pagetitle(rcmail_localize_foldername($RCMAIL->storage->mod_folder($mbox_name)));
+ $pagetitle = $RCMAIL->localize_foldername($RCMAIL->storage->mod_folder($mbox_name), true);
+ $pagetitle = str_replace($delimiter, " \xC2\xBB ", $pagetitle);
+
+ $OUTPUT->set_pagetitle($pagetitle);
}
/**
@@ -220,7 +224,7 @@
if (!in_array('threads', $a_show_cols))
array_unshift($a_show_cols, 'threads');
- $skin_path = $_SESSION['skin_path'] = $CONFIG['skin_path'];
+ $_SESSION['skin_path'] = $CONFIG['skin_path'];
// set client env
$OUTPUT->add_gui_object('messagelist', $attrib['id']);
@@ -232,15 +236,13 @@
$OUTPUT->include_script('list.js');
- $thead = '';
- foreach (rcmail_message_list_head($attrib, $a_show_cols) as $cell)
- $thead .= html::tag('td', array('class' => $cell['className'], 'id' => $cell['id']), $cell['html']);
+ $table = new html_table($attrib);
+ if (!$attrib['noheader']) {
+ foreach (rcmail_message_list_head($attrib, $a_show_cols) as $cell)
+ $table->add_header(array('class' => $cell['className'], 'id' => $cell['id']), $cell['html']);
+ }
- return html::tag('table',
- $attrib,
- html::tag('thead', null, html::tag('tr', null, $thead)) .
- html::tag('tbody', null, ''),
- array('style', 'class', 'id', 'cellpadding', 'cellspacing', 'border', 'summary'));
+ return $table->show();
}
@@ -287,7 +289,7 @@
$thead = $head_replace ? rcmail_message_list_head($_SESSION['list_attrib'], $a_show_cols) : NULL;
// get name of smart From/To column in folder context
- if (($f = array_search('fromto', $a_show_cols)) !== false) {
+ if (array_search('fromto', $a_show_cols) !== false) {
$smart_col = rcmail_message_list_smart_column_name();
}
@@ -303,7 +305,7 @@
}
// loop through message headers
- foreach ($a_headers as $n => $header) {
+ foreach ($a_headers as $header) {
if (empty($header))
continue;
@@ -377,7 +379,6 @@
global $RCMAIL;
$skin_path = $_SESSION['skin_path'];
- $image_tag = html::img(array('src' => "%s%s", 'alt' => "%s"));
// check to see if we have some settings for sorting
$sort_col = $_SESSION['sort_col'];
@@ -413,7 +414,7 @@
$cells = array();
// get name of smart From/To column in folder context
- if (($f = array_search('fromto', $a_show_cols)) !== false) {
+ if (array_search('fromto', $a_show_cols) !== false) {
$smart_col = rcmail_message_list_smart_column_name();
}
@@ -628,39 +629,6 @@
$p += array('safe' => false, 'inline_html' => true);
- // special replacements (not properly handled by washtml class)
- $html_search = array(
- '/(<\/nobr>)(\s+)(<nobr>)/i', // space(s) between <NOBR>
- '/<title[^>]*>[^<]*<\/title>/i', // PHP bug #32547 workaround: remove title tag
- '/^(\0\0\xFE\xFF|\xFF\xFE\0\0|\xFE\xFF|\xFF\xFE|\xEF\xBB\xBF)/', // byte-order mark (only outlook?)
- '/<html\s[^>]+>/i', // washtml/DOMDocument cannot handle xml namespaces
- );
- $html_replace = array(
- '\\1'.' '.'\\3',
- '',
- '',
- '<html>',
- );
- $html = preg_replace($html_search, $html_replace, trim($html));
-
- // PCRE errors handling (#1486856), should we use something like for every preg_* use?
- if ($html === null && ($preg_error = preg_last_error()) != PREG_NO_ERROR) {
- $errstr = "Could not clean up HTML message! PCRE Error: $preg_error.";
-
- if ($preg_error == PREG_BACKTRACK_LIMIT_ERROR)
- $errstr .= " Consider raising pcre.backtrack_limit!";
- if ($preg_error == PREG_RECURSION_LIMIT_ERROR)
- $errstr .= " Consider raising pcre.recursion_limit!";
-
- raise_error(array('code' => 620, 'type' => 'php',
- 'line' => __LINE__, 'file' => __FILE__,
- 'message' => $errstr), true, false);
- return '';
- }
-
- // fix (unknown/malformed) HTML tags before "wash"
- $html = preg_replace_callback('/(<[\/]*)([^\s>]+)/', 'rcmail_html_tag_callback', $html);
-
// charset was converted to UTF-8 in rcube_storage::get_message_part(),
// change/add charset specification in HTML accordingly,
// washtml cannot work without that
@@ -673,9 +641,6 @@
if (!$rcount) {
$html = '<head>' . $meta . '</head>' . $html;
}
-
- // turn relative into absolute urls
- $html = rcmail_resolve_base($html);
// clean HTML with washhtml by Frederic Motte
$wash_opts = array(
@@ -702,7 +667,7 @@
$wash_opts['html_attribs'] = $p['html_attribs'];
// initialize HTML washer
- $washer = new washtml($wash_opts);
+ $washer = new rcube_washtml($wash_opts);
if (!$p['skip_washer_form_callback'])
$washer->add_callback('form', 'rcmail_washtml_callback');
@@ -739,8 +704,11 @@
+ $p + array('safe' => false, 'plain' => false, 'inline_html' => true));
// convert html to text/plain
- if ($data['type'] == 'html' && $data['plain']) {
- $txt = new html2text($data['body'], false, true);
+ if ($data['plain'] && ($data['type'] == 'html' || $data['type'] == 'enriched')) {
+ if ($data['type'] == 'enriched') {
+ $data['body'] = rcube_enriched::to_html($data['body']);
+ }
+ $txt = new rcube_html2text($data['body'], false, true);
$body = $txt->get_text();
$part->ctype_secondary = 'plain';
}
@@ -751,9 +719,7 @@
}
// text/enriched
else if ($data['type'] == 'enriched') {
- $part->ctype_secondary = 'html';
- require_once(INSTALL_PATH . 'program/lib/enriched.inc');
- $body = enriched_to_html($data['body']);
+ $body = rcube_enriched::to_html($data['body']);
$body = rcmail_wash_html($body, $data, $part->replaces);
$part->ctype_secondary = 'html';
}
@@ -767,8 +733,13 @@
unset($data['body']);
// plaintext postprocessing
- if ($part->ctype_secondary == 'plain')
- $body = rcmail_plain_body($body, $part->ctype_parameters['format'] == 'flowed');
+ if ($part->ctype_secondary == 'plain') {
+ if ($part->ctype_secondary == 'plain' && $part->ctype_parameters['format'] == 'flowed') {
+ $body = rcube_mime::unfold_flowed($body);
+ }
+
+ $body = rcmail_plain_body($body);
+ }
// allow post-processing of the message body
$data = $RCMAIL->plugins->exec_hook('message_part_after',
@@ -782,16 +753,16 @@
* Handle links and citation marks in plain text message
*
* @param string Plain text string
- * @param boolean Text uses format=flowed
*
* @return string Formatted HTML string
*/
-function rcmail_plain_body($body, $flowed=false)
+function rcmail_plain_body($body)
{
global $RCMAIL;
// make links and email-addresses clickable
- $replacer = new rcube_string_replacer;
+ $attribs = array('link_attribs' => array('rel' => 'noreferrer', 'target' => '_blank'));
+ $replacer = new rcmail_string_replacer($attribs);
// search for patterns like links and e-mail addresses and replace with tokens
$body = $replacer->replace($body);
@@ -810,53 +781,17 @@
if ($q > $quote_level) {
$body[$n] = $replacer->get_replacement($replacer->add(
str_repeat('<blockquote>', $q - $quote_level))) . $body[$n];
+ $last = $n;
}
else if ($q < $quote_level) {
$body[$n] = $replacer->get_replacement($replacer->add(
str_repeat('</blockquote>', $quote_level - $q))) . $body[$n];
- }
- else if ($flowed) {
- // previous line is flowed
- if (isset($body[$last]) && $body[$n]
- && $body[$last][strlen($body[$last])-1] == ' ') {
- // merge lines
- $body[$last] .= $body[$n];
- unset($body[$n]);
- }
- else {
- $last = $n;
- }
+ $last = $n;
}
}
else {
$q = 0;
- if ($flowed) {
- // sig separator - line is fixed
- if ($body[$n] == '-- ') {
- $last = $last_sig = $n;
- }
- else {
- // remove space-stuffing
- if ($body[$n][0] == ' ')
- $body[$n] = substr($body[$n], 1);
-
- // previous line is flowed?
- if (isset($body[$last]) && $body[$n]
- && $last !== $last_sig
- && $body[$last][strlen($body[$last])-1] == ' '
- ) {
- $body[$last] .= $body[$n];
- unset($body[$n]);
- }
- else {
- $last = $n;
- }
- }
- if ($quote_level > 0)
- $body[$last] = $replacer->get_replacement($replacer->add(
- str_repeat('</blockquote>', $quote_level))) . $body[$last];
- }
- else if ($quote_level > 0)
+ if ($quote_level > 0)
$body[$n] = $replacer->get_replacement($replacer->add(
str_repeat('</blockquote>', $quote_level))) . $body[$n];
}
@@ -923,31 +858,15 @@
/**
- * Callback function for HTML tags fixing
- */
-function rcmail_html_tag_callback($matches)
-{
- $tagname = $matches[2];
-
- $tagname = preg_replace(array(
- '/:.*$/', // Microsoft's Smart Tags <st1:xxxx>
- '/[^a-z0-9_\[\]\!-]/i', // forbidden characters
- ), '', $tagname);
-
- return $matches[1].$tagname;
-}
-
-
-/**
* return table with message headers
*/
-function rcmail_message_headers($attrib, $headers=NULL)
- {
- global $OUTPUT, $MESSAGE, $PRINT_MODE, $RCMAIL;
+function rcmail_message_headers($attrib, $headers=null)
+{
+ global $MESSAGE, $PRINT_MODE, $RCMAIL;
static $sa_attrib;
// keep header table attrib
- if (is_array($attrib) && !$sa_attrib)
+ if (is_array($attrib) && !$sa_attrib && !$attrib['valueof'])
$sa_attrib = $attrib;
else if (!is_array($attrib) && is_array($sa_attrib))
$attrib = $sa_attrib;
@@ -956,11 +875,20 @@
return FALSE;
// get associative array of headers object
- if (!$headers)
- $headers = is_object($MESSAGE->headers) ? get_object_vars($MESSAGE->headers) : $MESSAGE->headers;
+ if (!$headers) {
+ $headers_obj = $MESSAGE->headers;
+ $headers = get_object_vars($MESSAGE->headers);
+ }
+ else if (is_object($headers)) {
+ $headers_obj = $headers;
+ $headers = get_object_vars($headers_obj);
+ }
+ else {
+ $headers_obj = rcube_message_header::from_array($headers);
+ }
// show these headers
- $standard_headers = array('subject', 'from', 'to', 'cc', 'bcc', 'replyto',
+ $standard_headers = array('subject', 'from', 'sender', 'to', 'cc', 'bcc', 'replyto',
'mail-reply-to', 'mail-followup-to', 'date', 'priority');
$exclude_headers = $attrib['exclude'] ? explode(',', $attrib['exclude']) : array();
$output_headers = array();
@@ -1011,6 +939,14 @@
else
continue;
}
+ else if ($hkey == 'sender') {
+ if ($headers['sender'] != $headers['from']) {
+ $header_value = rcmail_address_string($value, $attrib['max'], true, $attrib['addicon'], $headers['charset'], $header_title);
+ $ishtml = true;
+ }
+ else
+ continue;
+ }
else if ($hkey == 'mail-followup-to') {
$header_value = rcmail_address_string($value, $attrib['max'], true, $attrib['addicon'], $headers['charset'], $header_title);
$ishtml = true;
@@ -1033,7 +969,7 @@
}
$plugin = $RCMAIL->plugins->exec_hook('message_headers_output',
- array('output' => $output_headers, 'headers' => $MESSAGE->headers, 'exclude' => $exclude_headers));
+ array('output' => $output_headers, 'headers' => $headers_obj, 'exclude' => $exclude_headers));
// single header value is requested
if (!empty($attrib['valueof']))
@@ -1062,10 +998,10 @@
'4' => 'low',
'5' => 'lowest',
);
-
+
if ($value && $labels_map[$value])
return rcube_label($labels_map[$value]);
-
+
return '';
}
@@ -1111,13 +1047,14 @@
$header_attrib[$regs[1]] = $value;
if (!empty($MESSAGE->parts)) {
- foreach ($MESSAGE->parts as $i => $part) {
- if ($part->type == 'headers')
- $out .= rcmail_message_headers(sizeof($header_attrib) ? $header_attrib : NULL, $part->headers);
+ foreach ($MESSAGE->parts as $part) {
+ if ($part->type == 'headers') {
+ $out .= html::div('message-partheaders', rcmail_message_headers(sizeof($header_attrib) ? $header_attrib : null, $part->headers));
+ }
else if ($part->type == 'content') {
- // unsapported
+ // unsupported (e.g. encrypted)
if ($part->realtype) {
- if ($part->realtype == 'multipart/encrypted') {
+ if ($part->realtype == 'multipart/encrypted' || $part->realtype == 'application/pkcs7-mime') {
$out .= html::span('part-notice', rcube_label('encryptedmessage'));
}
continue;
@@ -1140,6 +1077,15 @@
// fetch part if not available
if (!isset($part->body))
$part->body = $MESSAGE->get_part_content($part->mime_id);
+
+ // extract headers from message/rfc822 parts
+ if ($part->mimetype == 'message/rfc822') {
+ $msgpart = rcube_mime::parse_message($part->body);
+ if (!empty($msgpart->headers)) {
+ $part = $msgpart;
+ $out .= html::div('message-partheaders', rcmail_message_headers(sizeof($header_attrib) ? $header_attrib : null, $part->headers));
+ }
+ }
// message is cached but not exists (#1485443), or other error
if ($part->body === false) {
@@ -1190,6 +1136,7 @@
// list images after mail body
if ($RCMAIL->config->get('inline_images', true) && !empty($MESSAGE->attachments)) {
$thumbnail_size = $RCMAIL->config->get('image_thumbnail_size', 240);
+ $client_mimetypes = (array)$RCMAIL->config->get('client_mimetypes');
foreach ($MESSAGE->attachments as $attach_prop) {
// skip inline images
@@ -1198,30 +1145,30 @@
}
// Content-Type: image/*...
- if (rcmail_part_image_type($attach_prop)) {
+ if ($mimetype = rcmail_part_image_type($attach_prop)) {
// display thumbnails
if ($thumbnail_size) {
$show_link = array(
'href' => $MESSAGE->get_part_url($attach_prop->mime_id, false),
'onclick' => sprintf(
- 'return %s.command(\'load-attachment\',{part:\'%s\', mimetype:\'%s\'},this)',
+ 'return %s.command(\'load-attachment\',\'%s\',this)',
JS_OBJECT_NAME,
- $attach_prop->mime_id,
- rcmail_fix_mimetype($attach_prop->mimetype))
+ $attach_prop->mime_id)
);
$out .= html::p('image-attachment',
- html::a($show_link + array('class' => 'image-link'),
+ html::a($show_link + array('class' => 'image-link', 'style' => sprintf('width:%dpx', $thumbnail_size)),
html::img(array(
'class' => 'image-thumbnail',
- 'src' => $MESSAGE->get_part_url($attach_prop->mime_id, true) . '&_thumb=1',
+ 'src' => $MESSAGE->get_part_url($attach_prop->mime_id, 'image') . '&_thumb=1',
'title' => $attach_prop->filename,
'alt' => $attach_prop->filename,
'style' => sprintf('max-width:%dpx; max-height:%dpx', $thumbnail_size, $thumbnail_size),
))
) .
html::span('image-filename', Q($attach_prop->filename)) .
- html::span('image-filesize', Q($RCMAIL->show_bytes($attach_prop->size))) .
+ html::span('image-filesize', Q($RCMAIL->message_part_size($attach_prop))) .
html::span('attachment-links',
+ (in_array($mimetype, $client_mimetypes) ? html::a($show_link, rcube_label('showattachment')) . ' ' : '') .
html::a($show_link['href'] . '&_download=1', rcube_label('download'))
) .
html::br(array('style' => 'clear:both'))
@@ -1232,7 +1179,7 @@
html::tag('legend', 'image-filename', Q($attach_prop->filename)) .
html::p(array('align' => "center"),
html::img(array(
- 'src' => $MESSAGE->get_part_url($attach_prop->mime_id, true),
+ 'src' => $MESSAGE->get_part_url($attach_prop->mime_id, 'image'),
'title' => $attach_prop->filename,
'alt' => $attach_prop->filename,
)))
@@ -1263,7 +1210,7 @@
// Content-Type: image/*...
if (preg_match($mime_regex, $part->mimetype)) {
- return $part->mimetype;
+ return rcmail_fix_mimetype($part->mimetype);
}
// Many clients use application/octet-stream, we'll detect mimetype
@@ -1290,20 +1237,6 @@
) {
return $types[$extension];
}
-}
-
-/**
- * Convert all relative URLs according to a <base> in HTML
- */
-function rcmail_resolve_base($body)
-{
- // check for <base href=...>
- if (preg_match('!(<base.*href=["\']?)([hftps]{3,5}://[a-z0-9/.%-]+)!i', $body, $regs)) {
- $replacer = new rcube_base_replacer($regs[2]);
- $body = $replacer->replace($body);
- }
-
- return $body;
}
@@ -1406,7 +1339,7 @@
/**
- * parse link attributes and set correct target
+ * parse link (a, link, area) attributes and set correct target
*/
function rcmail_alter_html_link($matches)
{
@@ -1415,9 +1348,9 @@
// Support unicode/punycode in top-level domain part
$EMAIL_PATTERN = '([a-z0-9][a-z0-9\-\.\+\_]*@[^&@"\'.][^@&"\']*\\.([^\\x00-\\x40\\x5b-\\x60\\x7b-\\x7f]{2,}|xn--[a-z0-9]{2,}))';
- $tag = $matches[1];
+ $tag = strtolower($matches[1]);
$attrib = parse_attrib_string($matches[2]);
- $end = '>';
+ $end = '>';
// Remove non-printable characters in URL (#1487805)
if ($attrib['href'])
@@ -1444,6 +1377,11 @@
$attrib['target'] = '_blank';
}
+ // Better security by adding rel="noreferrer" (#1484686)
+ if (($tag == 'a' || $tag == 'area') && $attrib['href'] && $attrib['href'][0] != '#') {
+ $attrib['rel'] = 'noreferrer';
+ }
+
// allowed attributes for a|link|area tags
$allow = array('href','name','target','onclick','id','class','style','title',
'rel','type','media','alt','coords','nohref','hreflang','shape');
@@ -1467,7 +1405,8 @@
$c = count($a_parts);
$j = 0;
$out = '';
- $allvalues = array();
+ $allvalues = array();
+ $show_email = $RCMAIL->config->get('message_show_email');
if ($addicon && !isset($_SESSION['writeable_abook'])) {
$_SESSION['writeable_abook'] = $RCMAIL->get_address_sources(true) ? true : false;
@@ -1478,6 +1417,12 @@
$name = $part['name'];
$mailto = $part['mailto'];
$string = $part['string'];
+ $valid = check_email($mailto, false);
+
+ // phishing email prevention (#1488981), e.g. "valid@email.addr <phishing@email.addr>"
+ if (!$show_email && $valid && $name && $name != $mailto && strpos($name, '@')) {
+ $name = '';
+ }
// IDNA ASCII to Unicode
if ($name == $mailto)
@@ -1487,17 +1432,27 @@
$mailto = rcube_idn_to_utf8($mailto);
if ($PRINT_MODE) {
- $out .= sprintf('%s <%s>', Q($name), $mailto);
+ $out .= ($out ? ', ' : '') . sprintf('%s <%s>', Q($name), $mailto);
+ // for printing we display all addresses
+ continue;
}
- else if (check_email($part['mailto'], false)) {
+ else if ($valid) {
if ($linked) {
- $address = html::a(array(
- 'href' => 'mailto:'.$mailto,
- 'onclick' => sprintf("return %s.command('compose','%s',this)", JS_OBJECT_NAME, JQ($mailto)),
- 'title' => $mailto,
- 'class' => "rcmContactAddress",
- ),
- Q($name ? $name : $mailto));
+ $attrs = array(
+ 'href' => 'mailto:' . $mailto,
+ 'onclick' => sprintf("return %s.command('compose','%s',this)", JS_OBJECT_NAME, JQ($mailto)),
+ 'class' => "rcmContactAddress",
+ );
+
+ if ($show_email && $name && $mailto) {
+ $content = Q($name ? sprintf('%s <%s>', $name, $mailto) : $mailto);
+ }
+ else {
+ $content = Q($name ? $name : $mailto);
+ $attrs['title'] = $mailto;
+ }
+
+ $address = html::a($attrs, $content);
}
else {
$address = html::span(array('title' => $mailto, 'class' => "rcmContactAddress"),
@@ -1507,7 +1462,7 @@
if ($addicon && $_SESSION['writeable_abook']) {
$address .= html::a(array(
'href' => "#add",
- 'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, $string),
+ 'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, JQ($string)),
'title' => rcube_label('addtoaddressbook'),
'class' => 'rcmaddcontact',
),
@@ -1522,7 +1477,7 @@
if ($name)
$address .= Q($name);
if ($mailto)
- $address .= (strlen($address) ? ' ' : '') . sprintf('<%s>', Q($mailto));
+ $address = trim($address . ' ' . Q($name ? sprintf('<%s>', $mailto) : $mailto));
}
$address = html::span('adr', $address);
@@ -1635,10 +1590,7 @@
$part = $MESSAGE->mime_parts[$part];
$table = new html_table(array('cols' => 3));
- $filename = $part->filename;
- if (empty($filename) && $attach_prop->mimetype == 'text/html') {
- $filename = rcube_label('htmlmessage');
- }
+ $filename = rcmail_attachment_name($part);
if (!empty($filename)) {
$table->add('title', Q(rcube_label('filename')));
@@ -1653,7 +1605,6 @@
}
-
function rcmail_message_part_frame($attrib)
{
global $MESSAGE;
@@ -1661,7 +1612,7 @@
$part = $MESSAGE->mime_parts[asciiwords(get_input_value('_part', RCUBE_INPUT_GPC))];
$ctype_primary = strtolower($part->ctype_primary);
- $attrib['src'] = './?' . str_replace('_frame=', ($ctype_primary=='text' ? '_show=' : '_preload='), $_SERVER['QUERY_STRING']);
+ $attrib['src'] = './?' . str_replace('_frame=', ($ctype_primary=='text' ? '_embed=' : '_preload='), $_SERVER['QUERY_STRING']);
return html::iframe($attrib);
}
@@ -1699,11 +1650,11 @@
if ($message->headers->mdn_to && empty($message->headers->flags['MDNSENT']) &&
($RCMAIL->storage->check_permflag('MDNSENT') || $RCMAIL->storage->check_permflag('*')))
{
- $identity = $RCMAIL->user->get_identity();
- $sender = format_email_recipient($identity['email'], $identity['name']);
+ $identity = rcmail_identity_select($message);
+ $sender = format_email_recipient($identity['email'], $identity['name']);
$recipient = array_shift(rcube_mime::decode_address_list(
$message->headers->mdn_to, 1, true, $message->headers->charset));
- $mailto = $recipient['mailto'];
+ $mailto = $recipient['mailto'];
$compose = new Mail_mime("\r\n");
@@ -1728,6 +1679,9 @@
if ($agent = $RCMAIL->config->get('useragent'))
$headers['User-Agent'] = $agent;
+ if ($RCMAIL->config->get('mdn_use_from'))
+ $options['mdn_use_from'] = true;
+
$body = rcube_label("yourmessage") . "\r\n\r\n" .
"\t" . rcube_label("to") . ': ' . rcube_mime::decode_mime_string($message->headers->to, $message->headers->charset) . "\r\n" .
"\t" . rcube_label("subject") . ': ' . $message->subject . "\r\n" .
@@ -1749,10 +1703,9 @@
$compose->setTXTBody(rc_wordwrap($body, 75, "\r\n"));
$compose->addAttachment($report, 'message/disposition-notification', 'MDNPart2.txt', false, '7bit', 'inline');
- $sent = rcmail_deliver_message($compose, $identity['email'], $mailto, $smtp_error, $body_file);
+ $sent = rcmail_deliver_message($compose, $identity['email'], $mailto, $smtp_error, $body_file, $options);
- if ($sent)
- {
+ if ($sent) {
$RCMAIL->storage->set_flag($message->uid, 'MDNSENT');
return true;
}
@@ -1761,6 +1714,107 @@
return false;
}
+/**
+ * Detect recipient identity from specified message
+ */
+function rcmail_identity_select($MESSAGE, $identities = null, $compose_mode = 'reply')
+{
+ $a_recipients = array();
+ $a_names = array();
+
+ if ($identities === null) {
+ $identities = rcmail::get_instance()->user->list_identities(null, true);
+ }
+
+ // extract all recipients of the reply-message
+ if (is_object($MESSAGE->headers) && in_array($compose_mode, array('reply', 'forward'))) {
+ $a_to = rcube_mime::decode_address_list($MESSAGE->headers->to, null, true, $MESSAGE->headers->charset);
+ foreach ($a_to as $addr) {
+ if (!empty($addr['mailto'])) {
+ $a_recipients[] = format_email($addr['mailto']);
+ $a_names[] = $addr['name'];
+ }
+ }
+
+ if (!empty($MESSAGE->headers->cc)) {
+ $a_cc = rcube_mime::decode_address_list($MESSAGE->headers->cc, null, true, $MESSAGE->headers->charset);
+ foreach ($a_cc as $addr) {
+ if (!empty($addr['mailto'])) {
+ $a_recipients[] = format_email($addr['mailto']);
+ $a_names[] = $addr['name'];
+ }
+ }
+ }
+ }
+
+ $from_idx = null;
+ $found_idx = null;
+ $default_identity = 0; // default identity is always first on the list
+
+ // Select identity
+ foreach ($identities as $idx => $ident) {
+ // use From header
+ if (in_array($compose_mode, array('draft', 'edit'))) {
+ if ($MESSAGE->headers->from == $ident['ident']) {
+ $from_idx = $idx;
+ break;
+ }
+ }
+ // reply to yourself
+ else if ($compose_mode == 'reply' && $MESSAGE->headers->from == $ident['ident']) {
+ $from_idx = $idx;
+ break;
+ }
+ // use replied message recipients
+ else if (($found = array_search($ident['email_ascii'], $a_recipients)) !== false) {
+ if ($found_idx === null) {
+ $found_idx = $idx;
+ }
+ // match identity name
+ if ($a_names[$found] && $ident['name'] && $a_names[$found] == $ident['name']) {
+ $from_idx = $idx;
+ break;
+ }
+ }
+ }
+
+ // If matching by name+address doesn't found any matches, get first found address (identity)
+ if ($from_idx === null) {
+ $from_idx = $found_idx;
+ }
+
+ // Try Return-Path
+ if ($from_idx === null && ($return_path = $MESSAGE->headers->others['return-path'])) {
+ foreach ($identities as $idx => $ident) {
+ if (strpos($return_path, str_replace('@', '=', $ident['email_ascii']).'@') !== false) {
+ $from_idx = $idx;
+ break;
+ }
+ }
+ }
+
+ // Fallback using Delivered-To
+ if ($from_idx === null && ($delivered_to = $MESSAGE->headers->others['delivered-to'])) {
+ foreach ($identities as $idx => $ident) {
+ if (in_array($ident['email_ascii'], (array)$delivered_to)) {
+ $from_idx = $idx;
+ break;
+ }
+ }
+ }
+
+ // Fallback using Envelope-To
+ if ($from_idx === null && ($envelope_to = $MESSAGE->headers->others['envelope-to'])) {
+ foreach ($identities as $idx => $ident) {
+ if (in_array($ident['email_ascii'], (array)$envelope_to)) {
+ $from_idx = $idx;
+ break;
+ }
+ }
+ }
+
+ return $identities[$from_idx !== null ? $from_idx : $default_identity];
+}
// Fixes some content-type names
function rcmail_fix_mimetype($name)
@@ -1769,8 +1823,42 @@
// application/pdf.A520491B_3BF7_494D_8855_7FAC2C6C0608
if (preg_match('/^application\/pdf.+/', $name))
$name = 'application/pdf';
+ // treat image/pjpeg (image/pjpg, image/jpg) as image/jpeg (#1489097)
+ else if (preg_match('/^image\/p?jpe?g$/', $name))
+ $name = 'image/jpeg';
return $name;
+}
+
+// return attachment filename, handle empty filename case
+function rcmail_attachment_name($attachment, $display = false)
+{
+ $filename = $attachment->filename;
+
+ if ($filename === null || $filename === '') {
+ if ($attachment->mimetype == 'text/html') {
+ $filename = rcube_label('htmlmessage');
+ }
+ else {
+ $ext = (array) rcube_mime::get_mime_extensions($attachment->mimetype);
+ $ext = array_shift($ext);
+ $filename = rcube_label('messagepart') . ' ' . $attachment->mime_id;
+ if ($ext) {
+ $filename .= '.' . $ext;
+ }
+ }
+ }
+
+ $filename = preg_replace('[\r\n]', '', $filename);
+
+ // Display smart names for some known mimetypes
+ if ($display) {
+ if (preg_match('/application\/(pgp|pkcs7)-signature/i', $attachment->mimetype)) {
+ $filename = rcube_label('digitalsig');
+ }
+ }
+
+ return $filename;
}
function rcmail_search_filter($attrib)
@@ -1782,13 +1870,15 @@
$attrib['onchange'] = JS_OBJECT_NAME.'.filter_mailbox(this.value)';
- /*
- RFC3501 (6.4.4): 'ALL', 'RECENT',
- 'ANSWERED', 'DELETED', 'FLAGGED', 'SEEN',
- 'UNANSWERED', 'UNDELETED', 'UNFLAGGED', 'UNSEEN',
- 'NEW', // = (RECENT UNSEEN)
- 'OLD' // = NOT RECENT
- */
+ // Content-Type values of messages with attachments
+ // the same as in app.js:add_message_row()
+ $ctypes = array('application/', 'multipart/m', 'multipart/signed', 'multipart/report');
+
+ // Build search string of "with attachment" filter
+ $attachment = str_repeat(' OR', count($ctypes)-1);
+ foreach ($ctypes as $type) {
+ $attachment .= ' HEADER Content-Type ' . rcube_imap_generic::escape($type);
+ }
$select_filter = new html_select($attrib);
$select_filter->add(rcube_label('all'), 'ALL');
@@ -1799,6 +1889,7 @@
$select_filter->add(rcube_label('deleted'), 'DELETED');
$select_filter->add(rcube_label('undeleted'), 'UNDELETED');
}
+ $select_filter->add(rcube_label('withattachment'), $attachment);
$select_filter->add(rcube_label('priority').': '.rcube_label('highest'), 'HEADER X-PRIORITY 1');
$select_filter->add(rcube_label('priority').': '.rcube_label('high'), 'HEADER X-PRIORITY 2');
$select_filter->add(rcube_label('priority').': '.rcube_label('normal'), 'NOT HEADER X-PRIORITY 1 NOT HEADER X-PRIORITY 2 NOT HEADER X-PRIORITY 4 NOT HEADER X-PRIORITY 5');
@@ -1847,6 +1938,7 @@
// register action aliases
$RCMAIL->register_action_map(array(
+ 'refresh' => 'check_recent.inc',
'preview' => 'show.inc',
'print' => 'show.inc',
'moveto' => 'move_del.inc',
--
Gitblit v1.9.1