From a92582f3b84157a2f5cc04d82f7e6d2f19b80fa5 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 08 Nov 2012 03:06:47 -0500
Subject: [PATCH] Fix AREA links handling (#1488792)

---
 program/steps/mail/func.inc |   87 +++++++++++++++++++++++++++++++------------
 1 files changed, 62 insertions(+), 25 deletions(-)

diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index c0a41a3..2c6db01 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -319,7 +319,7 @@
       $col_name = $col == 'fromto' ? $smart_col : $col;
 
       if (in_array($col_name, array('from', 'to', 'cc', 'replyto')))
-        $cont = Q(rcmail_address_string($header->$col_name, 3, false, null, $header->charset), 'show');
+        $cont = rcmail_address_string($header->$col_name, 3, false, null, $header->charset);
       else if ($col == 'subject') {
         $cont = trim(rcube_mime::decode_header($header->$col, $header->charset));
         if (!$cont) $cont = rcube_label('nosubject');
@@ -952,6 +952,8 @@
   $output_headers = array();
 
   foreach ($standard_headers as $hkey) {
+    $ishtml = false;
+
     if ($headers[$hkey])
       $value = $headers[$hkey];
     else if ($headers['others'][$hkey])
@@ -961,6 +963,8 @@
 
     if (in_array($hkey, $exclude_headers))
       continue;
+
+    $header_title = rcube_label(preg_replace('/(^mail-|-)/', '', $hkey));
 
     if ($hkey == 'date') {
       if ($PRINT_MODE)
@@ -976,32 +980,41 @@
         continue;
     }
     else if ($hkey == 'replyto') {
-      if ($headers['replyto'] != $headers['from'])
-        $header_value = rcmail_address_string($value, null, true, $attrib['addicon'], $headers['charset']);
+      if ($headers['replyto'] != $headers['from']) {
+        $header_value = rcmail_address_string($value, $attrib['max'], true, $attrib['addicon'], $headers['charset'], $header_title);
+        $ishtml = true;
+      }
       else
         continue;
     }
     else if ($hkey == 'mail-reply-to') {
       if ($headers['mail-replyto'] != $headers['reply-to']
         && $headers['reply-to'] != $headers['from']
-      )
-        $header_value = rcmail_address_string($value, null, true, $attrib['addicon'], $headers['charset']);
+      ) {
+        $header_value = rcmail_address_string($value, $attrib['max'], true, $attrib['addicon'], $headers['charset'], $header_title);
+        $ishtml = true;
+      }
       else
         continue;
     }
     else if ($hkey == 'mail-followup-to') {
-      $header_value = rcmail_address_string($value, null, true, $attrib['addicon'], $headers['charset']);
+      $header_value = rcmail_address_string($value, $attrib['max'], true, $attrib['addicon'], $headers['charset'], $header_title);
+      $ishtml = true;
     }
-    else if (in_array($hkey, array('from', 'to', 'cc', 'bcc')))
-      $header_value = rcmail_address_string($value, null, true, $attrib['addicon'], $headers['charset']);
+    else if (in_array($hkey, array('from', 'to', 'cc', 'bcc'))) {
+      $header_value = rcmail_address_string($value, $attrib['max'], true, $attrib['addicon'], $headers['charset'], $header_title);
+      $ishtml = true;
+    }
     else if ($hkey == 'subject' && empty($value))
       $header_value = rcube_label('nosubject');
     else
       $header_value = trim(rcube_mime::decode_header($value, $headers['charset']));
 
     $output_headers[$hkey] = array(
-        'title' => rcube_label(preg_replace('/(^mail-|-)/', '', $hkey)),
-        'value' => $header_value, 'raw' => $value
+        'title' => $header_title,
+        'value' => $header_value,
+        'raw' => $value,
+        'html' => $ishtml,
     );
   }
 
@@ -1017,7 +1030,7 @@
 
   foreach ($plugin['output'] as $hkey => $row) {
     $table->add(array('class' => 'header-title'), Q($row['title']));
-    $table->add(array('class' => 'header '.$hkey), Q($row['value'], ($hkey == 'subject' ? 'strict' : 'show')));
+    $table->add(array('class' => 'header '.$hkey), $row['html'] ? $row['value'] : Q($row['value'], ($hkey == 'subject' ? 'strict' : 'show')));
   }
 
   return $table->show($attrib);
@@ -1221,7 +1234,7 @@
 
   // modify HTML links to open a new window if clicked
   $GLOBALS['rcmail_html_container_id'] = $container_id;
-  $body = preg_replace_callback('/<(a|link)\s+([^>]+)>/Ui', 'rcmail_alter_html_link', $body);
+  $body = preg_replace_callback('/<(a|link|area)\s+([^>]+)>/Ui', 'rcmail_alter_html_link', $body);
   unset($GLOBALS['rcmail_html_container_id']);
 
   $body = preg_replace(array(
@@ -1334,14 +1347,18 @@
     $attrib['target'] = '_blank';
   }
 
-  return "<$tag" . html::attrib_string($attrib, array('href','name','target','onclick','id','class','style','title','rel','type','media')) . $end;
+  // allowed attributes for a|link|area tags
+  $allow = array('href','name','target','onclick','id','class','style','title',
+    'rel','type','media','alt','coords','nohref','hreflang','shape');
+
+  return "<$tag" . html::attrib_string($attrib, $allow) . $end;
 }
 
 
 /**
  * decode address string and re-format it as HTML links
  */
-function rcmail_address_string($input, $max=null, $linked=false, $addicon=null, $default_charset=null)
+function rcmail_address_string($input, $max=null, $linked=false, $addicon=null, $default_charset=null, $title=null)
 {
   global $RCMAIL, $PRINT_MODE, $CONFIG;
 
@@ -1353,6 +1370,7 @@
   $c = count($a_parts);
   $j = 0;
   $out = '';
+  $allvalues = array();
 
   if ($addicon && !isset($_SESSION['writeable_abook'])) {
     $_SESSION['writeable_abook'] = $RCMAIL->get_address_sources(true) ? true : false;
@@ -1360,7 +1378,6 @@
 
   foreach ($a_parts as $part) {
     $j++;
-
     $name   = $part['name'];
     $mailto = $part['mailto'];
     $string = $part['string'];
@@ -1391,7 +1408,7 @@
       }
 
       if ($addicon && $_SESSION['writeable_abook']) {
-        $address = html::span(null, $address . html::a(array(
+        $address .= html::a(array(
             'href' => "#add",
             'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, $string),
             'title' => rcube_label('addtoaddressbook'),
@@ -1400,26 +1417,46 @@
           html::img(array(
             'src' => $CONFIG['skin_path'] . $addicon,
             'alt' => "Add contact",
-          ))));
+          )));
       }
-      $out .= $address;
     }
     else {
+      $address = '';
       if ($name)
-        $out .= Q($name);
+        $address .= Q($name);
       if ($mailto)
-        $out .= (strlen($out) ? ' ' : '') . sprintf('&lt;%s&gt;', Q($mailto));
+        $address .= (strlen($address) ? ' ' : '') . sprintf('&lt;%s&gt;', Q($mailto));
     }
 
-    if ($c>$j)
-      $out .= ','.($max ? '&nbsp;' : ' ');
+    $address = html::span('adr', $address);
+    $allvalues[] = $address;
 
-    if ($max && $j==$max && $c>$j) {
-      $out .= '...';
-      break;
+    if (!$moreadrs)
+      $out .= ($out ? ', ' : '') . $address;
+
+    if ($max && $j == $max && $c > $j) {
+      if ($linked) {
+        $moreadrs = $c - $j;
+      }
+      else {
+        $out .= '...';
+        break;
+      }
     }
   }
 
+  if ($moreadrs) {
+      $out .= ' ' . html::a(array(
+          'href' => '#more',
+          'class' => 'morelink',
+          'onclick' => sprintf("return %s.show_popup_dialog('%s','%s')",
+            JS_OBJECT_NAME,
+            JQ(join(', ', $allvalues)),
+            JQ($title))
+        ),
+        Q(rcube_label(array('name' => 'andnmore', 'vars' => array('nr' => $moreadrs)))));
+  }
+
   return $out;
 }
 

--
Gitblit v1.9.1