From b48d9bf5d412a6f56f3f9ba4bad141ddfe175727 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Mon, 07 Sep 2009 08:51:21 -0400
Subject: [PATCH] - Use faster/secure mt_rand() (#1486094)
---
program/steps/mail/func.inc | 187 +++++++++++++++++++++++++++-------------------
1 files changed, 111 insertions(+), 76 deletions(-)
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index d8fc3ab..ed36e84 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -19,9 +19,7 @@
*/
-require_once('include/rcube_smtp.inc');
-
-$EMAIL_ADDRESS_PATTERN = '([a-z0-9][a-z0-9\-\.\+\_]*@[a-z0-9]([a-z0-9\-][.]?)*[a-z0-9]\\.[a-z]{2,5})';
+$EMAIL_ADDRESS_PATTERN = '([a-z0-9][a-z0-9\-\.\+\_]*@[a-z0-9][a-z0-9\-\.]*\\.[a-z]{2,5})';
// actions that do not require imap connection
$NOIMAP_ACTIONS = array('spell', 'addcontact', 'autocomplete', 'upload', 'display-attachment', 'remove-attachment');
@@ -79,6 +77,7 @@
$OUTPUT->set_env('search_request', $search_request);
}
+ $OUTPUT->set_env('search_mods', $_SESSION['search_mods'] ? $_SESSION['search_mods'] : array('subject'=>'subject'));
// make sure the message count is refreshed (for default view)
$IMAP->messagecount($mbox_name, 'ALL', true);
}
@@ -88,6 +87,15 @@
$OUTPUT->set_env('quota', $IMAP->get_capability('quota'));
$OUTPUT->set_env('delimiter', $IMAP->get_hierarchy_delimiter());
+ if ($CONFIG['flag_for_deletion'])
+ $OUTPUT->set_env('flag_for_deletion', true);
+ if ($CONFIG['read_when_deleted'])
+ $OUTPUT->set_env('read_when_deleted', true);
+ if ($CONFIG['skip_deleted'])
+ $OUTPUT->set_env('skip_deleted', true);
+ if ($CONFIG['display_next'])
+ $OUTPUT->set_env('display_next', true);
+
if ($CONFIG['trash_mbox'])
$OUTPUT->set_env('trash_mailbox', $CONFIG['trash_mbox']);
if ($CONFIG['drafts_mbox'])
@@ -236,7 +244,6 @@
if (!sizeof($a_headers))
$OUTPUT->show_message('nomessagesfound', 'notice');
-
$a_js_message_arr = array();
// create row for each message
@@ -293,7 +300,6 @@
$out .= sprintf("<td class=\"icon\">%s</td>\n", $message_icon ? sprintf($image_tag, $skin_path, $message_icon, '') : '');
-
$IMAP->set_charset(!empty($header->charset) ? $header->charset : $CONFIG['default_charset']);
// format each col
@@ -307,7 +313,7 @@
$uid_param = $mbox==$CONFIG['drafts_mbox'] ? '_draft_uid' : '_uid';
$cont = abbreviate_string(trim($IMAP->decode_header($header->$col)), 160);
if (empty($cont)) $cont = rcube_label('nosubject');
- $cont = sprintf('<a href="%s" onclick="return rcube_event.cancel(event)">%s</a>', Q(rcmail_url($action, array($uid_param=>$header->uid, '_mbox'=>$mbox))), Q($cont));
+ $cont = $OUTPUT->browser->ie ? Q($cont) : sprintf('<a href="%s" onclick="return rcube_event.cancel(event)">%s</a>', Q(rcmail_url($action, array($uid_param=>$header->uid, '_mbox'=>$mbox))), Q($cont));
}
else if ($col=='flag')
$cont = $flagged_icon ? sprintf($image_tag, $skin_path, $flagged_icon, '') : '';
@@ -374,8 +380,9 @@
/**
* return javascript commands to add rows to the message list
+ * or to replace the whole list (IE only)
*/
-function rcmail_js_message_list($a_headers, $insert_top=FALSE)
+function rcmail_js_message_list($a_headers, $insert_top=FALSE, $replace=TRUE)
{
global $CONFIG, $IMAP, $OUTPUT;
@@ -394,7 +401,7 @@
$browser = new rcube_browser;
$OUTPUT->command('set_message_coltypes', $a_show_cols);
- if ($browser->ie)
+ if ($browser->ie && $replace)
$OUTPUT->command('offline_message_list', true);
// loop through message headers
@@ -423,9 +430,9 @@
{
$action = $mbox==$CONFIG['drafts_mbox'] ? 'compose' : 'show';
$uid_param = $mbox==$CONFIG['drafts_mbox'] ? '_draft_uid' : '_uid';
- $cont = abbreviate_string(trim($IMAP->decode_header($header->$col)), 160);
+ $cont = abbreviate_string(trim($IMAP->decode_header($header->$col)), 160);
if (!$cont) $cont = rcube_label('nosubject');
- $cont = sprintf('<a href="%s" onclick="return rcube_event.cancel(event)">%s</a>', Q(rcmail_url($action, array($uid_param=>$header->uid, '_mbox'=>$mbox))), Q($cont));
+ $cont = $browser->ie ? Q($cont) : sprintf('<a href="%s" onclick="return rcube_event.cancel(event)">%s</a>', Q(rcmail_url($action, array($uid_param=>$header->uid, '_mbox'=>$mbox))), Q($cont));
}
else if ($col=='size')
$cont = show_bytes($header->$col);
@@ -447,7 +454,7 @@
$a_msg_flags['forwarded'] = 1;
if ($header->flagged)
$a_msg_flags['flagged'] = 1;
-
+
$OUTPUT->command('add_message_row',
$header->uid,
$a_msg_cols,
@@ -456,7 +463,7 @@
$insert_top);
}
- if ($browser->ie)
+ if ($browser->ie && $replace)
$OUTPUT->command('offline_message_list', false);
}
@@ -663,40 +670,38 @@
global $REMOTE_OBJECTS;
$p += array('safe' => false, 'inline_html' => true);
-
+
// special replacements (not properly handled by washtml class)
$html_search = array(
'/(<\/nobr>)(\s+)(<nobr>)/i', // space(s) between <NOBR>
- '/(<[\/]*st1:[^>]+>)/i', // Microsoft's Smart Tags <ST1>
- '/<\/?rte_text>/i', // Rich Text Editor tags (#1485647)
'/<title>.*<\/title>/i', // PHP bug #32547 workaround: remove title tag
- '/<html[^>]*>/im', // malformed html: remove html tags (#1485139)
- '/<\/html>/i', // malformed html: remove html tags (#1485139)
'/^(\0\0\xFE\xFF|\xFF\xFE\0\0|\xFE\xFF|\xFF\xFE|\xEF\xBB\xBF)/', // byte-order mark (only outlook?)
+ '/<html\s[^>]+>/i', // washtml/DOMDocument cannot handle xml namespaces
);
$html_replace = array(
'\\1'.' '.'\\3',
'',
'',
- '',
- '',
- '',
- '',
+ '<html>',
);
$html = preg_replace($html_search, $html_replace, $html);
- // charset was converted to UTF-8 in rcube_imap::get_message_part() -> change charset specification in HTML accordingly
- $charset_pattern = '/(\s+content=[\'"]?\w+\/\w+;\s*charset)=([a-z0-9-_]+)/i';
- if (preg_match($charset_pattern, $html)) {
- $html = preg_replace($charset_pattern, '\\1='.RCMAIL_CHARSET, $html);
+ // fix (unknown/malformed) HTML tags before "wash"
+ $html = preg_replace_callback('/(<[\/!]*)([^ >]+)/', 'rcmail_html_tag_callback', $html);
+
+ // charset was converted to UTF-8 in rcube_imap::get_message_part(),
+ // -> change charset specification in HTML accordingly
+ $charset_pattern = '(<meta\s+[^>]*)(content=[\'"]?\w+\/\w+;\s*charset)=([a-z0-9-_]+)';
+ if (preg_match("/$charset_pattern/Ui", $html)) {
+ $html = preg_replace("/$charset_pattern/i", '\\1\\2='.RCMAIL_CHARSET, $html);
}
else {
- // add head for malformed messages, washtml cannot work without that
+ // add meta content-type to malformed messages, washtml cannot work without that
if (!preg_match('/<head[^>]*>(.*)<\/head>/Uims', $html))
$html = '<head></head>'. $html;
- $html = substr_replace($html, '<meta http-equiv="content-type" content="text/html; charset='.RCMAIL_CHARSET.'" />', intval(stripos($html, '<head>')+6), 0);
+ $html = substr_replace($html, '<meta http-equiv="Content-Type" content="text/html; charset='.RCMAIL_CHARSET.'" />', intval(stripos($html, '<head>')+6), 0);
}
-
+
// turn relative into absolute urls
$html = rcmail_resolve_base($html);
@@ -721,9 +726,8 @@
$washer = new washtml($wash_opts);
$washer->add_callback('form', 'rcmail_washtml_callback');
- if ($p['safe']) { // allow CSS styles, will be sanitized by rcmail_washtml_callback()
- $washer->add_callback('style', 'rcmail_washtml_callback');
- }
+ // allow CSS styles, will be sanitized by rcmail_washtml_callback()
+ $washer->add_callback('style', 'rcmail_washtml_callback');
$html = $washer->wash($html);
$REMOTE_OBJECTS = $washer->extlinks;
@@ -774,50 +778,61 @@
// free some memory (hopefully)
unset($data['body']);
-
// plaintext postprocessing
if ($part->ctype_secondary == 'plain') {
// make links and email-addresses clickable
$replacements = new rcube_string_replacer;
- $url_chars = 'a-z0-9_\-\+\*\$\/&%=@#:;';
- $url_chars_within = '\?\.~,!';
-
// search for patterns like links and e-mail addresses
- $body = preg_replace_callback("/([\w]+):\/\/([a-z0-9\-\.]+[a-z]{2,4}([$url_chars$url_chars_within]*[$url_chars])?)/i", array($replacements, 'link_callback'), $body);
- $body = preg_replace_callback("/([^\/:]|\s)(www\.)([a-z0-9\-]{2,}[a-z]{2,4}([$url_chars$url_chars_within]*[$url_chars])?)/i", array($replacements, 'link_callback'), $body);
- $body = preg_replace_callback('/([a-z0-9][a-z0-9\-\.\+\_]*@[a-z0-9]([a-z0-9\-][.]?)*[a-z0-9]\\.[a-z]{2,5})/i', array($replacements, 'mailto_callback'), $body);
+ $body = preg_replace_callback($replacements->link_pattern, array($replacements, 'link_callback'), $body);
+ $body = preg_replace_callback($replacements->mailto_pattern, array($replacements, 'mailto_callback'), $body);
// split body into single lines
$a_lines = preg_split('/\r?\n/', $body);
+ $q_lines = array();
$quote_level = 0;
- // colorize quoted parts
- for ($n=0; $n < count($a_lines); $n++) {
- $line = $a_lines[$n];
- $quotation = '';
+ // find/mark quoted lines...
+ for ($n=0, $cnt=count($a_lines); $n < $cnt; $n++) {
$q = 0;
- if (preg_match('/^(>+\s*)+/', $line, $regs)) {
- $q = strlen(preg_replace('/\s/', '', $regs[0]));
- $line = substr($line, strlen($regs[0]));
+ if ($a_lines[$n][0] == '>' && preg_match('/^(>+\s*)+/', $a_lines[$n], $regs)) {
+ $q = strlen(preg_replace('/\s/', '', $regs[0]));
+ $a_lines[$n] = substr($a_lines[$n], strlen($regs[0]));
if ($q > $quote_level)
- $quotation = str_repeat('<blockquote>', $q - $quote_level);
+ $q_lines[$n]['quote'] = $q - $quote_level;
else if ($q < $quote_level)
- $quotation = str_repeat("</blockquote>", $quote_level - $q);
+ $q_lines[$n]['endquote'] = $quote_level - $q;
}
else if ($quote_level > 0)
- $quotation = str_repeat("</blockquote>", $quote_level);
+ $q_lines[$n]['endquote'] = $quote_level;
$quote_level = $q;
- $a_lines[$n] = $quotation . Q($line, 'replace', false); // htmlquote plaintext
}
+
+ // quote plain text
+ $body = Q(join("\n", $a_lines), 'replace', false);
+
+ // colorize signature
+ if (($sp = strrpos($body, '-- ')) !== false)
+ if (($sp == 0 || $body[$sp-1] == "\n") && $body[$sp+3] == "\n") {
+ $body = substr($body, 0, max(0, $sp))
+ .'<span class="sig">'.substr($body, $sp).'</span>';
+ }
+
+ // colorize quoted lines
+ $a_lines = preg_split('/\n/', $body);
+ foreach ($q_lines as $i => $q)
+ if ($q['quote'])
+ $a_lines[$i] = str_repeat('<blockquote>', $q['quote']) . $a_lines[$i];
+ else if ($q['endquote'])
+ $a_lines[$i] = str_repeat('</blockquote>', $q['endquote']) . $a_lines[$i];
// insert the links for urls and mailtos
$body = $replacements->resolve(join("\n", $a_lines));
}
-
+
// allow post-processing of the message body
$data = $RCMAIL->plugins->exec_hook('message_part_after', array('type' => $part->ctype_secondary, 'body' => $body) + $data);
@@ -848,7 +863,7 @@
case 'style':
// decode all escaped entities and reduce to ascii strings
- $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entitiy_decode($content));
+ $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entity_decode($content));
// now check for evil strings like expression, behavior or url()
if (!preg_match('/expression|behavior|url\(|import/', $stripped)) {
@@ -861,6 +876,22 @@
}
return $out;
+}
+
+
+/**
+ * Callback function for HTML tags fixing
+ */
+function rcmail_html_tag_callback($matches)
+{
+ $tagname = $matches[2];
+
+ $tagname = preg_replace(array(
+ '/:.*$/', // Microsoft's Smart Tags <st1:xxxx>
+ '/[^a-z0-9_-]/i', // forbidden characters
+ ), '', $tagname);
+
+ return $matches[1].$tagname;
}
@@ -884,7 +915,7 @@
// get associative array of headers object
if (!$headers)
$headers = is_object($MESSAGE->headers) ? get_object_vars($MESSAGE->headers) : $MESSAGE->headers;
-
+
// show these headers
$standard_headers = array('subject', 'from', 'to', 'cc', 'bcc', 'replyto', 'date');
$output_headers = array();
@@ -967,7 +998,7 @@
{
if ($part->type == 'headers')
$out .= rcmail_message_headers(sizeof($header_attrib) ? $header_attrib : NULL, $part->headers);
- else if ($part->type == 'content')
+ else if ($part->type == 'content' && $part->size)
{
if (empty($part->ctype_parameters) || empty($part->ctype_parameters['charset']))
$part->ctype_parameters['charset'] = $MESSAGE->headers->charset;
@@ -987,7 +1018,6 @@
}
else
$out .= html::div('message-part', html::tag('pre', array(), Q($MESSAGE->body)));
-
$ctype_primary = strtolower($MESSAGE->structure->ctype_primary);
$ctype_secondary = strtolower($MESSAGE->structure->ctype_secondary);
@@ -1276,14 +1306,14 @@
rcmail::get_instance()->plugins->exec_hook('cleanup_attachments',array());
- unset($_SESSION['compose']);
+ rcube_sess_unset('compose');
}
/**
* Send the given message compose object using the configured method
*/
-function rcmail_deliver_message(&$message, $from, $mailto)
+function rcmail_deliver_message(&$message, $from, $mailto, &$smtp_error)
{
global $CONFIG, $RCMAIL;
@@ -1291,8 +1321,7 @@
$headers = $message->headers();
// send thru SMTP server using custom SMTP library
- if ($CONFIG['smtp_server'])
- {
+ if ($CONFIG['smtp_server']) {
// generate list of recipients
$a_recipients = array($mailto);
@@ -1308,18 +1337,20 @@
unset($message->_headers['Bcc']);
// send message
- $smtp_response = array();
- $sent = smtp_mail($from, $a_recipients, ($foo = $message->txtHeaders($send_headers, true)), $msg_body, $smtp_response);
+ if (!is_object($RCMAIL->smtp))
+ $RCMAIL->smtp_init(true);
+
+ $sent = $RCMAIL->smtp->send_mail($from, $a_recipients, ($foo = $message->txtHeaders($send_headers, true)), $msg_body);
+ $smtp_response = $RCMAIL->smtp->get_response();
+ $smtp_error = $RCMAIL->smtp->get_error();
// log error
if (!$sent)
raise_error(array('code' => 800, 'type' => 'smtp', 'line' => __LINE__, 'file' => __FILE__,
'message' => "SMTP error: ".join("\n", $smtp_response)), TRUE, FALSE);
- }
-
+ }
// send mail using PHP's mail() function
- else
- {
+ else {
// unset some headers because they will be added by the mail() function
$headers_enc = $message->headers($headers);
$headers_php = $message->_headers;
@@ -1340,19 +1371,21 @@
$sent = mail($headers_enc['To'], $headers_enc['Subject'], $msg_body, $header_str);
else
$sent = mail($headers_enc['To'], $headers_enc['Subject'], $msg_body, $header_str, "-f$from");
- }
+ }
- if ($sent)
- {
+ if ($sent) {
+ $RCMAIL->plugins->exec_hook('message_sent', array('headers' => $headers, 'body' => $msg_body));
+
// remove MDN headers after sending
unset($headers['Return-Receipt-To'], $headers['Disposition-Notification-To']);
- if ($CONFIG['smtp_log'])
+ if ($CONFIG['smtp_log']) {
write_log('sendmail', sprintf("User %s [%s]; Message for %s; %s",
- $RCMAIL->user->get_username(),
- $_SERVER['REMOTE_ADDR'],
- $mailto,
- !empty($smtp_response) ? join('; ', $smtp_response) : ''));
+ $RCMAIL->user->get_username(),
+ $_SERVER['REMOTE_ADDR'],
+ $mailto,
+ !empty($smtp_response) ? join('; ', $smtp_response) : ''));
+ }
}
$message->_headers = array();
@@ -1362,7 +1395,7 @@
}
-function rcmail_send_mdn($uid)
+function rcmail_send_mdn($uid, &$smtp_error)
{
global $RCMAIL, $IMAP;
@@ -1392,7 +1425,7 @@
'From' => $sender,
'To' => $message->headers->mdn_to,
'Subject' => rcube_label('receiptread') . ': ' . $message->subject,
- 'Message-ID' => sprintf('<%s@%s>', md5(uniqid('rcmail'.rand(),true)), $RCMAIL->config->mail_domain($_SESSION['imap_host'])),
+ 'Message-ID' => sprintf('<%s@%s>', md5(uniqid('rcmail'.mt_rand(),true)), $RCMAIL->config->mail_domain($_SESSION['imap_host'])),
'X-Sender' => $identity['email'],
'Content-Type' => 'multipart/report; report-type=disposition-notification',
);
@@ -1420,7 +1453,7 @@
$compose->setTXTBody(rc_wordwrap($body, 75, "\r\n"));
$compose->addAttachment($report, 'message/disposition-notification', 'MDNPart2.txt', false, '7bit', 'inline');
- $sent = rcmail_deliver_message($compose, $identity['email'], $mailto);
+ $sent = rcmail_deliver_message($compose, $identity['email'], $mailto, $smtp_error);
if ($sent)
{
@@ -1435,7 +1468,7 @@
function rcmail_search_filter($attrib)
{
- global $OUTPUT;
+ global $OUTPUT, $CONFIG;
if (!strlen($attrib['id']))
$attrib['id'] = 'rcmlistfilter';
@@ -1455,6 +1488,8 @@
$select_filter->add(rcube_label('unread'), 'UNSEEN');
$select_filter->add(rcube_label('flagged'), 'FLAGGED');
$select_filter->add(rcube_label('unanswered'), 'UNANSWERED');
+ if (!$CONFIG['skip_deleted'])
+ $select_filter->add(rcube_label('deleted'), 'DELETED');
$out = $select_filter->show($_SESSION['search_filter']);
--
Gitblit v1.9.1