From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
program/steps/mail/func.inc | 443 ++++++++++++++++++++++++++++++++++++------------------
1 files changed, 295 insertions(+), 148 deletions(-)
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index c6c0b95..963e696 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -1,6 +1,6 @@
<?php
-/*
+/**
+-----------------------------------------------------------------------+
| program/steps/mail/func.inc |
| |
@@ -37,7 +37,7 @@
}
// remove mbox part from _uid
-if (($_uid = rcube_utils::get_input_value('_uid', RCUBE_INPUT_GPC)) && !is_array($_uid) && preg_match('/^\d+-.+/', $_uid)) {
+if (($_uid = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_GPC)) && !is_array($_uid) && preg_match('/^\d+-.+/', $_uid)) {
list($_uid, $mbox) = explode('-', $_uid, 2);
if (isset($_GET['_uid'])) $_GET['_uid'] = $_uid;
if (isset($_POST['_uid'])) $_POST['_uid'] = $_uid;
@@ -64,21 +64,12 @@
$mbox_name = $RCMAIL->storage->get_folder();
if (empty($RCMAIL->action)) {
- // initialize searching result if search_filter is used
- if ($_SESSION['search_filter'] && $_SESSION['search_filter'] != 'ALL') {
- $RCMAIL->storage->search($mbox_name, $_SESSION['search_filter'], RCUBE_CHARSET, rcmail_sort_column());
-
- $search_request = md5($mbox_name.$_SESSION['search_filter']);
- $_SESSION['search'] = $RCMAIL->storage->get_search_set();
- $_SESSION['search_request'] = $search_request;
-
- $OUTPUT->set_env('search_request', $search_request);
- }
-
$OUTPUT->set_env('search_mods', rcmail_search_mods());
if (!empty($_SESSION['search_scope']))
$OUTPUT->set_env('search_scope', $_SESSION['search_scope']);
+
+ rcmail_list_pagetitle();
}
$threading = (bool) $RCMAIL->storage->get_threading();
@@ -87,11 +78,12 @@
// set current mailbox and some other vars in client environment
$OUTPUT->set_env('mailbox', $mbox_name);
$OUTPUT->set_env('pagesize', $RCMAIL->storage->get_pagesize());
+ $OUTPUT->set_env('current_page', max(1, $_SESSION['page']));
$OUTPUT->set_env('delimiter', $delimiter);
$OUTPUT->set_env('threading', $threading);
$OUTPUT->set_env('threads', $threading || $RCMAIL->storage->get_capability('THREAD'));
$OUTPUT->set_env('reply_all_mode', (int) $RCMAIL->config->get('reply_all_mode'));
- $OUTPUT->set_env('preview_pane_mark_read', $RCMAIL->config->get('preview_pane_mark_read', 0));
+ $OUTPUT->set_env('preview_pane_mark_read', (int) $RCMAIL->config->get('preview_pane_mark_read'));
if ($RCMAIL->storage->get_capability('QUOTA')) {
$OUTPUT->set_env('quota', true);
@@ -119,11 +111,6 @@
'flagged', 'unflagged', 'unread', 'deleted', 'replied', 'forwarded',
'priority', 'withattachment', 'fileuploaderror');
}
-
- $pagetitle = $RCMAIL->localize_foldername($mbox_name, true);
- $pagetitle = str_replace($delimiter, " \xC2\xBB ", $pagetitle);
-
- $OUTPUT->set_pagetitle($pagetitle);
}
// register UI objects
@@ -139,6 +126,7 @@
'messagecontentframe' => 'rcmail_messagecontent_frame',
'messageimportform' => 'rcmail_message_import_form',
'searchfilter' => 'rcmail_search_filter',
+ 'searchinterval' => 'rcmail_search_interval',
'searchform' => array($OUTPUT, 'search_form'),
));
@@ -175,16 +163,23 @@
if (!strlen($mbox = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_GPC, true))) {
$mbox = strlen($_SESSION['mbox']) ? $_SESSION['mbox'] : 'INBOX';
}
- if (!($page = intval($_GET['_page']))) {
- $page = $_SESSION['page'] ? $_SESSION['page'] : 1;
+
+ // we handle 'page' argument on 'list' and 'getunread' to prevent from
+ // race condition and unintentional page overwrite in session
+ if ($RCMAIL->action == 'list' || $RCMAIL->action == 'getunread') {
+ if (!($page = intval($_GET['_page']))) {
+ $page = $_SESSION['page'] ?: 1;
+ }
+
+ $_SESSION['page'] = $page;
}
$RCMAIL->storage->set_folder($_SESSION['mbox'] = $mbox);
- $RCMAIL->storage->set_page($_SESSION['page'] = $page);
+ $RCMAIL->storage->set_page($_SESSION['page']);
// set default sort col/order to session
if (!isset($_SESSION['sort_col'])) {
- $_SESSION['sort_col'] = $message_sort_col ? $message_sort_col : '';
+ $_SESSION['sort_col'] = $message_sort_col ?: '';
}
if (!isset($_SESSION['sort_order'])) {
$_SESSION['sort_order'] = strtoupper($message_sort_order) == 'ASC' ? 'ASC' : 'DESC';
@@ -215,6 +210,26 @@
$threading = isset($a_threading[$_SESSION['mbox']]) ? $a_threading[$_SESSION['mbox']] : $default_threading;
$RCMAIL->storage->set_threading($threading);
+}
+
+/**
+ * Sets page title
+ */
+function rcmail_list_pagetitle()
+{
+ global $RCMAIL;
+
+ if ($RCMAIL->output->get_env('search_request')) {
+ $pagetitle = $RCMAIL->gettext('searchresult');
+ }
+ else {
+ $mbox_name = $RCMAIL->output->get_env('mailbox') ?: $RCMAIL->storage->get_folder();
+ $delimiter = $RCMAIL->storage->get_hierarchy_delimiter();
+ $pagetitle = $RCMAIL->localize_foldername($mbox_name, true);
+ $pagetitle = str_replace($delimiter, " \xC2\xBB ", $pagetitle);
+ }
+
+ $RCMAIL->output->set_pagetitle($pagetitle);
}
/**
@@ -250,7 +265,7 @@
global $RCMAIL;
$delim = $RCMAIL->storage->get_hierarchy_delimiter();
- $mbox = $RCMAIL->storage->get_folder();
+ $mbox = $RCMAIL->output->get_env('mailbox') ?: $RCMAIL->storage->get_folder();
$sent_mbox = $RCMAIL->config->get('sent_mbox');
$drafts_mbox = $RCMAIL->config->get('drafts_mbox');
@@ -340,8 +355,6 @@
if (!in_array('threads', $a_show_cols))
array_unshift($a_show_cols, 'threads');
- $_SESSION['skin_path'] = $RCMAIL->config->get('skin_path');
-
// set client env
$OUTPUT->add_gui_object('messagelist', $attrib['id']);
$OUTPUT->set_env('autoexpand_threads', intval($RCMAIL->config->get('autoexpand_threads')));
@@ -384,15 +397,21 @@
$head_replace = true;
}
- // add 'folder' column to list on multi-folder searches
- $search_set = $RCMAIL->storage->get_search_set();
+ $delimiter = $RCMAIL->storage->get_hierarchy_delimiter();
+ $search_set = $RCMAIL->storage->get_search_set();
$multifolder = $search_set && $search_set[1]->multi;
+
+ // add/remove 'folder' column to the list on multi-folder searches
if ($multifolder && !in_array('folder', $a_show_cols)) {
$a_show_cols[] = 'folder';
$head_replace = true;
}
+ else if (!$multifolder && ($found = array_search('folder', $a_show_cols)) !== false) {
+ unset($a_show_cols[$found]);
+ $head_replace = true;
+ }
- $mbox = $RCMAIL->storage->get_folder();
+ $mbox = $RCMAIL->output->get_env('mailbox') ?: $RCMAIL->storage->get_folder();
// make sure 'threads' and 'subject' columns are present
if (!in_array('subject', $a_show_cols))
@@ -402,6 +421,7 @@
// Make sure there are no duplicated columns (#1486999)
$a_show_cols = array_unique($a_show_cols);
+ $_SESSION['list_attrib']['columns'] = $a_show_cols;
// Plugins may set header's list_cols/list_flags and other rcube_message_header variables
// and list columns
@@ -437,6 +457,8 @@
}
}
+ $sort_col = $_SESSION['sort_col'];
+
// loop through message headers
foreach ($a_headers as $header) {
if (empty($header))
@@ -465,11 +487,19 @@
$cont = rcube::Q($cont);
}
else if ($col == 'size')
- $cont = show_bytes($header->$col);
+ $cont = $RCMAIL->show_bytes($header->$col);
else if ($col == 'date')
- $cont = $RCMAIL->format_date($header->date);
- else if ($col == 'folder')
- $cont = rcube::Q(rcube_charset::convert($header->folder, 'UTF7-IMAP'));
+ $cont = $RCMAIL->format_date($sort_col == 'arrival' ? $header->internaldate : $header->date);
+ else if ($col == 'folder') {
+ if ($last_folder !== $header->folder) {
+ $last_folder = $header->folder;
+ $last_folder_name = rcube_charset::convert($last_folder, 'UTF7-IMAP');
+ $last_folder_name = $RCMAIL->localize_foldername($last_folder_name, true);
+ $last_folder_name = str_replace($delimiter, " \xC2\xBB ", $last_folder_name);
+ }
+
+ $cont = rcube::Q($last_folder_name);
+ }
else
$cont = rcube::Q($header->$col);
@@ -520,8 +550,6 @@
{
global $RCMAIL;
- $skin_path = $_SESSION['skin_path'];
-
// check to see if we have some settings for sorting
$sort_col = $_SESSION['sort_col'];
$sort_order = $_SESSION['sort_order'];
@@ -543,7 +571,7 @@
$onclick = 'return ' . rcmail_output::JS_OBJECT_NAME . ".command('menu-open', 'messagelistmenu', this, event)";
$inner = $RCMAIL->gettext('listoptions');
if (is_string($attrib['optionsmenuicon']) && $attrib['optionsmenuicon'] != 'true') {
- $inner = html::img(array('src' => $skin_path . $attrib['optionsmenuicon'], 'alt' => $RCMAIL->gettext('listoptions')));
+ $inner = html::img(array('src' => $RCMAIL->output->abs_url($attrib['optionsmenuicon'], true), 'alt' => $RCMAIL->gettext('listoptions')));
}
$list_menu = html::a(array(
'href' => '#list-options',
@@ -566,8 +594,9 @@
}
foreach ($a_show_cols as $col) {
- $label = '';
+ $label = '';
$sortable = false;
+ $rel_col = $col == 'date' && $sort_col == 'arrival' ? 'arrival' : $col;
// get column name
switch ($col) {
@@ -585,11 +614,11 @@
$col_name = $list_menu;
break;
case 'fromto':
- $label = $RCMAIL->gettext($smart_col);
+ $label = $RCMAIL->gettext($smart_col);
$col_name = rcube::Q($label);
break;
default:
- $label = $RCMAIL->gettext($col);
+ $label = $RCMAIL->gettext($col);
$col_name = rcube::Q($label);
}
@@ -599,7 +628,7 @@
$col_name = html::a(array(
'href' => "./#sort",
'class' => 'sortcol',
- 'rel' => $col,
+ 'rel' => $rel_col,
'title' => $RCMAIL->gettext('sortby')
), $col_name);
}
@@ -607,7 +636,7 @@
$col_name = '<span class="' . $col .'">' . $col_name . '</span>';
}
- $sort_class = $col == $sort_col && !$disabled_order ? " sorted$sort_order" : '';
+ $sort_class = $rel_col == $sort_col && !$disabled_order ? " sorted$sort_order" : '';
$class_name = $col.$sort_class;
// put it all together
@@ -624,18 +653,10 @@
*/
function rcmail_messagecontent_frame($attrib)
{
- global $OUTPUT, $RCMAIL;
+ global $OUTPUT;
if (empty($attrib['id']))
$attrib['id'] = 'rcmailcontentwindow';
-
- $attrib['name'] = $attrib['id'];
-
- if ($RCMAIL->config->get('preview_pane')) {
- $OUTPUT->set_env('contentframe', $attrib['id']);
- }
-
- $OUTPUT->set_env('blankpage', $attrib['src'] ? $OUTPUT->abs_url($attrib['src']) : 'program/resources/blank.gif');
return $OUTPUT->frame($attrib, true);
}
@@ -696,7 +717,7 @@
function rcmail_get_mailbox_name_text()
{
global $RCMAIL;
- return $RCMAIL->localize_foldername($RCMAIL->storage->get_folder());
+ return $RCMAIL->localize_foldername($RCMAIL->output->get_env('mailbox') ?: $RCMAIL->storage->get_folder());
}
function rcmail_send_unread_count($mbox_name, $force=false, $count=null, $mark='')
@@ -756,7 +777,7 @@
// get default addressbook, like in addcontact.inc
$CONTACTS = $RCMAIL->get_address_book(-1, true);
- if ($CONTACTS) {
+ if ($CONTACTS && $message->sender['mailto']) {
$result = $CONTACTS->search('email', $message->sender['mailto'], 1, false);
if ($result->count) {
$message->set_safe(true);
@@ -804,7 +825,7 @@
$wash_opts = array(
'show_washed' => false,
'allow_remote' => $p['safe'],
- 'blocked_src' => "./program/resources/blocked.gif",
+ 'blocked_src' => 'program/resources/blocked.gif',
'charset' => RCUBE_CHARSET,
'cid_map' => $cid_replaces,
'html_elements' => array('body'),
@@ -849,17 +870,19 @@
* Convert the given message part to proper HTML
* which can be displayed the message view
*
- * @param object rcube_message_part Message part
- * @param array Display parameters array
+ * @param string Message part body
+ * @param rcube_message_part Message part
+ * @param array Display parameters array
+ *
* @return string Formatted HTML string
*/
-function rcmail_print_body($part, $p = array())
+function rcmail_print_body($body, $part, $p = array())
{
global $RCMAIL;
// trigger plugin hook
$data = $RCMAIL->plugins->exec_hook('message_part_before',
- array('type' => $part->ctype_secondary, 'body' => $part->body, 'id' => $part->mime_id)
+ array('type' => $part->ctype_secondary, 'body' => $body, 'id' => $part->mime_id)
+ $p + array('safe' => false, 'plain' => false, 'inline_html' => true));
// convert html to text/plain
@@ -868,8 +891,7 @@
$data['body'] = rcube_enriched::to_html($data['body']);
}
- $txt = new rcube_html2text($data['body'], false, true);
- $body = $txt->get_text();
+ $body = $RCMAIL->html2text($data['body']);
$part->ctype_secondary = 'plain';
}
// text/html
@@ -885,7 +907,7 @@
}
else {
// assert plaintext
- $body = $part->body;
+ $body = $data['body'];
$part->ctype_secondary = $data['type'] = 'plain';
}
@@ -914,7 +936,7 @@
*/
function rcmail_plain_body($body, $flowed = false)
{
- $options = array('flowed' => $flowed, 'wrap' => !$flowed);
+ $options = array('flowed' => $flowed, 'wrap' => !$flowed, 'replacer' => 'rcmail_string_replacer');
$text2html = new rcube_text2html($body, false, $options);
$body = $text2html->get_html();
@@ -932,6 +954,13 @@
break;
case 'style':
+ // Crazy big styles may freeze the browser (#1490539)
+ // remove content with more than 5k lines
+ if (substr_count($content, "\n") > 5000) {
+ $out = '';
+ break;
+ }
+
// decode all escaped entities and reduce to ascii strings
$stripped = preg_replace('/[^a-zA-Z\(:;]/', '', rcube_utils::xss_entity_decode($content));
@@ -960,10 +989,12 @@
static $sa_attrib;
// keep header table attrib
- if (is_array($attrib) && !$sa_attrib && !$attrib['valueof'])
+ if (is_array($attrib) && !$sa_attrib && !$attrib['valueof']) {
$sa_attrib = $attrib;
- else if (!is_array($attrib) && is_array($sa_attrib))
+ }
+ else if (!is_array($attrib) && is_array($sa_attrib)) {
$attrib = $sa_attrib;
+ }
if (!isset($MESSAGE)) {
return false;
@@ -1011,10 +1042,12 @@
}
else if ($hkey == 'priority') {
if ($value) {
- $header_value = html::span('prio' . $value, rcmail_localized_priority($value));
+ $header_value = html::span('prio' . $value, rcube::Q(rcmail_localized_priority($value)));
+ $ishtml = true;
}
- else
+ else {
continue;
+ }
}
else if ($hkey == 'replyto') {
if ($headers['replyto'] != $headers['from']) {
@@ -1022,8 +1055,9 @@
$attrib['addicon'], $headers['charset'], $header_title);
$ishtml = true;
}
- else
+ else {
continue;
+ }
}
else if ($hkey == 'mail-reply-to') {
if ($headers['mail-replyto'] != $headers['reply-to']
@@ -1033,8 +1067,9 @@
$attrib['addicon'], $headers['charset'], $header_title);
$ishtml = true;
}
- else
+ else {
continue;
+ }
}
else if ($hkey == 'sender') {
if ($headers['sender'] != $headers['from']) {
@@ -1042,8 +1077,9 @@
$attrib['addicon'], $headers['charset'], $header_title);
$ishtml = true;
}
- else
+ else {
continue;
+ }
}
else if ($hkey == 'mail-followup-to') {
$header_value = rcmail_address_string($value, $attrib['max'], true,
@@ -1057,8 +1093,10 @@
}
else if ($hkey == 'subject' && empty($value))
$header_value = $RCMAIL->gettext('nosubject');
- else
+ else {
+ $value = is_array($value) ? implode(' ', $value) : $value;
$header_value = trim(rcube_mime::decode_header($value, $headers['charset']));
+ }
$output_headers[$hkey] = array(
'title' => $header_title,
@@ -1078,14 +1116,15 @@
// single header value is requested
if (!empty($attrib['valueof'])) {
- return rcube::Q($plugin['output'][$attrib['valueof']]['value'], ($attrib['valueof'] == 'subject' ? 'strict' : 'show'));
+ $row = $plugin['output'][$attrib['valueof']];
+ return $row['html'] ? $row['value'] : rcube::Q($row['value']);
}
// compose html table
$table = new html_table(array('cols' => 2));
foreach ($plugin['output'] as $hkey => $row) {
- $val = $row['html'] ? $row['value'] : rcube::Q($row['value'], ($hkey == 'subject' ? 'strict' : 'show'));
+ $val = $row['html'] ? $row['value'] : rcube::Q($row['value']);
$table->add(array('class' => 'header-title'), rcube::Q($row['title']));
$table->add(array('class' => 'header '.$hkey), $val);
@@ -1119,7 +1158,7 @@
/**
* return block to show full message headers
*/
-function rcmail_message_full_headers($attrib, $headers=NULL)
+function rcmail_message_full_headers($attrib)
{
global $OUTPUT, $RCMAIL;
@@ -1154,7 +1193,8 @@
$attrib['id'] = 'rcmailMsgBody';
$safe_mode = $MESSAGE->is_safe || intval($_GET['_safe']);
- $out = '';
+ $out = '';
+ $part_no = 0;
$header_attrib = array();
foreach ($attrib as $attr => $value) {
@@ -1172,7 +1212,16 @@
// unsupported (e.g. encrypted)
if ($part->realtype) {
if ($part->realtype == 'multipart/encrypted' || $part->realtype == 'application/pkcs7-mime') {
- $out .= html::span('part-notice', $RCMAIL->gettext('encryptedmessage'));
+ if (!empty($_SESSION['browser_caps']['pgpmime']) && ($pgp_mime_part = $MESSAGE->get_multipart_encrypted_part())) {
+ $out .= html::span('part-notice', $RCMAIL->gettext('externalmessagedecryption'));
+ $OUTPUT->set_env('pgp_mime_part', $pgp_mime_part->mime_id);
+ $OUTPUT->set_env('pgp_mime_container', '#' . $attrib['id']);
+ $OUTPUT->add_label('loadingdata');
+ }
+
+ if (!$MESSAGE->encrypted_part) {
+ $out .= html::span('part-notice', $RCMAIL->gettext('encryptedmessage'));
+ }
}
continue;
}
@@ -1185,42 +1234,33 @@
else if (!rcube_utils::mem_check($part->size * 10)) {
$out .= html::span('part-notice', $RCMAIL->gettext('messagetoobig'). ' '
. html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part='.$part->mime_id
- .'&_mbox='. urlencode($RCMAIL->storage->get_folder()), $RCMAIL->gettext('download')));
+ .'&_mbox='. urlencode($MESSAGE->folder), $RCMAIL->gettext('download')));
continue;
}
- if (empty($part->ctype_parameters) || empty($part->ctype_parameters['charset'])) {
- $part->ctype_parameters['charset'] = $MESSAGE->headers->charset;
- }
-
- // fetch part if not available
- if (!isset($part->body)) {
- $part->body = $MESSAGE->get_part_content($part->mime_id);
- }
-
- // extract headers from message/rfc822 parts
- if ($part->mimetype == 'message/rfc822') {
- $msgpart = rcube_mime::parse_message($part->body);
- if (!empty($msgpart->headers)) {
- $part = $msgpart;
- $out .= html::div('message-partheaders', rcmail_message_headers(sizeof($header_attrib) ? $header_attrib : null, $part->headers));
- }
- }
+ // fetch part body
+ $body = $MESSAGE->get_part_body($part->mime_id, true);
// message is cached but not exists (#1485443), or other error
- if ($part->body === false) {
+ if ($body === false) {
rcmail_message_error($MESSAGE->uid);
+ }
+
+ // check if the message body is PGP encrypted
+ if (strpos($body, '-----BEGIN PGP MESSAGE-----') !== false) {
+ $OUTPUT->set_env('is_pgp_content', '#message-part' . ($part_no + 1));
}
$plugin = $RCMAIL->plugins->exec_hook('message_body_prefix',
array('part' => $part, 'prefix' => ''));
- $body = rcmail_print_body($part, array('safe' => $safe_mode, 'plain' => !$RCMAIL->config->get('prefer_html')));
+ $body = rcmail_print_body($body, $part, array('safe' => $safe_mode, 'plain' => !$RCMAIL->config->get('prefer_html')));
if ($part->ctype_secondary == 'html') {
- $body = rcmail_html4inline($body, $attrib['id'], 'rcmBody', $attrs, $safe_mode);
- $div_attr = array('class' => 'message-htmlpart');
- $style = array();
+ $container_id = 'message-htmlpart' . (++$part_no);
+ $body = rcmail_html4inline($body, $container_id, 'rcmBody', $attrs, $safe_mode);
+ $div_attr = array('class' => 'message-htmlpart', 'id' => $container_id);
+ $style = array();
if (!empty($attrs)) {
foreach ($attrs as $a_idx => $a_val)
@@ -1231,8 +1271,11 @@
$out .= html::div($div_attr, $plugin['prefix'] . $body);
}
- else
- $out .= html::div('message-part', $plugin['prefix'] . $body);
+ else {
+ $container_id = 'message-part' . (++$part_no);
+ $div_attr = array('class' => 'message-part', 'id' => $container_id);
+ $out .= html::div($div_attr, $plugin['prefix'] . $body);
+ }
}
}
}
@@ -1242,7 +1285,7 @@
if (!rcube_utils::mem_check(strlen($MESSAGE->body) * 10)) {
$out .= html::span('part-notice', $RCMAIL->gettext('messagetoobig'). ' '
. html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part=0'
- .'&_mbox='. urlencode($RCMAIL->storage->get_folder()), $RCMAIL->gettext('download')));
+ .'&_mbox='. urlencode($MESSAGE->folder), $RCMAIL->gettext('download')));
}
else {
$plugin = $RCMAIL->plugins->exec_hook('message_body_prefix',
@@ -1361,10 +1404,10 @@
/**
* modify a HTML message that it can be displayed inside a HTML page
*/
-function rcmail_html4inline($body, $container_id, $body_id='', &$attributes=null, $allow_remote=false)
+function rcmail_html4inline($body, $container_id, $body_class='', &$attributes=null, $allow_remote=false)
{
$last_style_pos = 0;
- $cont_id = $container_id.($body_id ? ' div.'.$body_id : '');
+ $cont_id = $container_id . ($body_class ? ' div.'.$body_class : '');
// find STYLE tags
while (($pos = stripos($body, '<style', $last_style_pos)) && ($pos2 = stripos($body, '</style>', $pos))) {
@@ -1408,7 +1451,7 @@
'<!--\\1-->',
'<?',
'?>',
- '<div class="'.$body_id.'"\\1>',
+ '<div class="' . $body_class . '"\\1>',
'</div>',
),
$body);
@@ -1416,7 +1459,7 @@
$attributes = array();
// Handle body attributes that doesn't play nicely with div elements
- $regexp = '/<div class="' . preg_quote($body_id, '/') . '"([^>]*)/';
+ $regexp = '/<div class="' . preg_quote($body_class, '/') . '"([^>]*)/';
if (preg_match($regexp, $body, $m)) {
$attrs = $m[0];
@@ -1453,7 +1496,7 @@
// make sure there's 'rcmBody' div, we need it for proper css modification
// its name is hardcoded in rcmail_message_body() also
else {
- $body = '<div class="' . $body_id . '">' . $body . '</div>';
+ $body = '<div class="' . $body_class . '">' . $body . '</div>';
}
return $body;
@@ -1590,7 +1633,7 @@
$content = rcube::Q($name ? sprintf('%s <%s>', $name, $mailto) : $mailto);
}
else {
- $content = rcube::Q($name ? $name : $mailto);
+ $content = rcube::Q($name ?: $mailto);
$attrs['title'] = $mailto;
}
@@ -1598,7 +1641,7 @@
}
else {
$address = html::span(array('title' => $mailto, 'class' => "rcmContactAddress"),
- rcube::Q($name ? $name : $mailto));
+ rcube::Q($name ?: $mailto));
}
if ($addicon && $_SESSION['writeable_abook']) {
@@ -1610,7 +1653,7 @@
rcmail_output::JS_OBJECT_NAME, rcube::JQ($string)),
),
html::img(array(
- 'src' => $RCMAIL->config->get('skin_path') . $addicon,
+ 'src' => $RCMAIL->output->abs_url($addicon, true),
'alt' => "Add contact",
)));
}
@@ -1742,20 +1785,6 @@
}
/**
- * clear message composing settings
- */
-function rcmail_compose_cleanup($id)
-{
- if (!isset($_SESSION['compose_data_'.$id])) {
- return;
- }
-
- $rcmail = rcmail::get_instance();
- $rcmail->plugins->exec_hook('attachments_cleanup', array('group' => $id));
- $rcmail->session->remove('compose_data_'.$id);
-}
-
-/**
* Send the MDN response
*
* @param mixed $message Original message object (rcube_message) or UID
@@ -1798,6 +1827,7 @@
'Message-ID' => $RCMAIL->gen_message_id(),
'X-Sender' => $identity['email'],
'References' => trim($message->headers->references . ' ' . $message->headers->messageID),
+ 'In-Reply-To' => $message->headers->messageID,
);
$report = "Final-Recipient: rfc822; {$identity['email']}\r\n"
@@ -1813,20 +1843,21 @@
$report .= "Reporting-UA: $agent\r\n";
}
+ $to = rcube_mime::decode_mime_string($message->headers->to, $message->headers->charset);
+ $date = $RCMAIL->format_date($message->headers->date, $RCMAIL->config->get('date_long'));
$body = $RCMAIL->gettext("yourmessage") . "\r\n\r\n" .
- "\t" . $RCMAIL->gettext("to") . ': ' . rcube_mime::decode_mime_string($message->headers->to, $message->headers->charset) . "\r\n" .
- "\t" . $RCMAIL->gettext("subject") . ': ' . $message->subject . "\r\n" .
- "\t" . $RCMAIL->gettext("date") . ': ' . $RCMAIL->format_date($message->headers->date, $RCMAIL->config->get('date_long')) . "\r\n" .
+ "\t" . $RCMAIL->gettext("to") . ": {$to}\r\n" .
+ "\t" . $RCMAIL->gettext("subject") . ": {$message->subject}\r\n" .
+ "\t" . $RCMAIL->gettext("date") . ": {$date}\r\n" .
"\r\n" . $RCMAIL->gettext("receiptnote");
- $compose->headers($headers);
+ $compose->headers(array_filter($headers));
$compose->setContentType('multipart/report', array('report-type'=> 'disposition-notification'));
$compose->setTXTBody(rcube_mime::wordwrap($body, 75, "\r\n"));
$compose->addAttachment($report, 'message/disposition-notification', 'MDNPart2.txt', false, '7bit', 'inline');
- if ($RCMAIL->config->get('mdn_use_from')) {
- $options['mdn_use_from'] = true;
- }
+ // SMTP options
+ $options = array('mdn_use_from' => (bool) $RCMAIL->config->get('mdn_use_from'));
$sent = $RCMAIL->deliver_message($compose, $identity['email'], $mailto, $smtp_error, $body_file, $options);
@@ -1950,9 +1981,16 @@
// Fixes some content-type names
function rcmail_fix_mimetype($name)
{
+ $map = array(
+ 'image/x-ms-bmp' => 'image/bmp', // #1490282
+ );
+
+ if ($alias = $map[strtolower($name)]) {
+ $name = $alias;
+ }
// Some versions of Outlook create garbage Content-Type:
// application/pdf.A520491B_3BF7_494D_8855_7FAC2C6C0608
- if (preg_match('/^application\/pdf.+/', $name)) {
+ else if (preg_match('/^application\/pdf.+/', $name)) {
$name = 'application/pdf';
}
// treat image/pjpeg (image/pjpg, image/jpg) as image/jpeg (#1489097)
@@ -2000,8 +2038,9 @@
{
global $RCMAIL;
- if (!strlen($attrib['id']))
+ if (!strlen($attrib['id'])) {
$attrib['id'] = 'rcmlistfilter';
+ }
$attrib['onchange'] = rcmail_output::JS_OBJECT_NAME.'.filter_mailbox(this.value)';
@@ -2015,30 +2054,48 @@
$attachment .= ' HEADER Content-Type ' . rcube_imap_generic::escape($type);
}
- $select_filter = new html_select($attrib);
- $select_filter->add($RCMAIL->gettext('all'), 'ALL');
- $select_filter->add($RCMAIL->gettext('unread'), 'UNSEEN');
- $select_filter->add($RCMAIL->gettext('flagged'), 'FLAGGED');
- $select_filter->add($RCMAIL->gettext('unanswered'), 'UNANSWERED');
+ $select = new html_select($attrib);
+ $select->add($RCMAIL->gettext('all'), 'ALL');
+ $select->add($RCMAIL->gettext('unread'), 'UNSEEN');
+ $select->add($RCMAIL->gettext('flagged'), 'FLAGGED');
+ $select->add($RCMAIL->gettext('unanswered'), 'UNANSWERED');
if (!$RCMAIL->config->get('skip_deleted')) {
- $select_filter->add($RCMAIL->gettext('deleted'), 'DELETED');
- $select_filter->add($RCMAIL->gettext('undeleted'), 'UNDELETED');
+ $select->add($RCMAIL->gettext('deleted'), 'DELETED');
+ $select->add($RCMAIL->gettext('undeleted'), 'UNDELETED');
}
- $select_filter->add($RCMAIL->gettext('withattachment'), $attachment);
- $select_filter->add($RCMAIL->gettext('priority').': '.$RCMAIL->gettext('highest'), 'HEADER X-PRIORITY 1');
- $select_filter->add($RCMAIL->gettext('priority').': '.$RCMAIL->gettext('high'), 'HEADER X-PRIORITY 2');
- $select_filter->add($RCMAIL->gettext('priority').': '.$RCMAIL->gettext('normal'), 'NOT HEADER X-PRIORITY 1 NOT HEADER X-PRIORITY 2 NOT HEADER X-PRIORITY 4 NOT HEADER X-PRIORITY 5');
- $select_filter->add($RCMAIL->gettext('priority').': '.$RCMAIL->gettext('low'), 'HEADER X-PRIORITY 4');
- $select_filter->add($RCMAIL->gettext('priority').': '.$RCMAIL->gettext('lowest'), 'HEADER X-PRIORITY 5');
-
- $out = $select_filter->show($_SESSION['search_filter']);
+ $select->add($RCMAIL->gettext('withattachment'), $attachment);
+ $select->add($RCMAIL->gettext('priority').': '.$RCMAIL->gettext('highest'), 'HEADER X-PRIORITY 1');
+ $select->add($RCMAIL->gettext('priority').': '.$RCMAIL->gettext('high'), 'HEADER X-PRIORITY 2');
+ $select->add($RCMAIL->gettext('priority').': '.$RCMAIL->gettext('normal'), 'NOT HEADER X-PRIORITY 1 NOT HEADER X-PRIORITY 2 NOT HEADER X-PRIORITY 4 NOT HEADER X-PRIORITY 5');
+ $select->add($RCMAIL->gettext('priority').': '.$RCMAIL->gettext('low'), 'HEADER X-PRIORITY 4');
+ $select->add($RCMAIL->gettext('priority').': '.$RCMAIL->gettext('lowest'), 'HEADER X-PRIORITY 5');
$RCMAIL->output->add_gui_object('search_filter', $attrib['id']);
- return $out;
+ return $select->show($_REQUEST['_search'] ? $_SESSION['search_filter'] : 'ALL');
}
-function rcmail_message_error($uid=null)
+function rcmail_search_interval($attrib)
+{
+ global $RCMAIL;
+
+ if (!strlen($attrib['id'])) {
+ $attrib['id'] = 'rcmsearchinterval';
+ }
+
+ $select = new html_select($attrib);
+ $select->add('', '');
+
+ foreach (array('1W', '1M', '1Y', '-1W', '-1M', '-1Y') as $value) {
+ $select->add($RCMAIL->gettext('searchinterval' . $value), $value);
+ }
+
+ $RCMAIL->output->add_gui_object('search_interval', $attrib['id']);
+
+ return $select->show($_REQUEST['_search'] ? $_SESSION['search_interval'] : '');
+}
+
+function rcmail_message_error()
{
global $RCMAIL;
@@ -2151,3 +2208,93 @@
return $jsresult;
}
+
+function rcmail_save_attachment($message, $pid, $compose_id, $params = array())
+{
+ global $COMPOSE;
+
+ $rcmail = rcmail::get_instance();
+ $storage = $rcmail->get_storage();
+
+ if ($pid) {
+ // attachment requested
+ $part = $message->mime_parts[$pid];
+ $size = $part->size;
+ $mimetype = $part->ctype_primary . '/' . $part->ctype_secondary;
+ $filename = $params['filename'] ?: rcmail_attachment_name($part);
+ }
+ else {
+ // the whole message requested
+ $size = $message->size;
+ $mimetype = 'message/rfc822';
+ $filename = $params['filename'] ?: 'message_rfc822.eml';
+ }
+
+ // don't load too big attachments into memory
+ if (!rcube_utils::mem_check($size)) {
+ $temp_dir = unslashify($rcmail->config->get('temp_dir'));
+ $path = tempnam($temp_dir, 'rcmAttmnt');
+
+ if ($fp = fopen($path, 'w')) {
+ if ($pid) {
+ // part body
+ $message->get_part_body($pid, false, 0, $fp);
+ }
+ else {
+ // complete message
+ $storage->get_raw_body($message->uid, $fp);
+ }
+
+ fclose($fp);
+ }
+ else {
+ return false;
+ }
+ }
+ else if ($pid) {
+ // part body
+ $data = $message->get_part_body($pid);
+ }
+ else {
+ // complete message
+ $data = $storage->get_raw_body($message->uid);
+ }
+
+ $attachment = array(
+ 'group' => $compose_id,
+ 'name' => $filename,
+ 'mimetype' => $mimetype,
+ 'content_id' => $part ? $part->content_id : null,
+ 'data' => $data,
+ 'path' => $path,
+ 'size' => $path ? filesize($path) : strlen($data),
+ 'charset' => $part ? $part->charset : null,
+ );
+
+ $attachment = $rcmail->plugins->exec_hook('attachment_save', $attachment);
+
+ if ($attachment['status']) {
+ unset($attachment['data'], $attachment['status'], $attachment['content_id'], $attachment['abort']);
+
+ // rcube_session::append() replaces current session data with the old values
+ // (in rcube_session::reload()). This is a problem in 'compose' action, because before
+ // the first append() use we set some important data in the session.
+ // It also overwrites attachments list. Fixing reload() is not so simple if possible
+ // as we don't really know what has been added and what removed in meantime.
+ // So, for now we'll do not use append() on 'compose' action (#1490608).
+
+ if ($rcmail->action == 'compose') {
+ $COMPOSE['attachments'][$attachment['id']] = $attachment;
+ }
+ else {
+ $rcmail->session->append('compose_data_' . $compose_id . '.attachments', $attachment['id'], $attachment);
+ }
+
+ return $attachment;
+ }
+ else if ($path) {
+ @unlink($path);
+ }
+
+ return false;
+}
--
Gitblit v1.9.1