From f54a3a6d41e5700c45120091a57f2c73b804ae25 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Mon, 02 Mar 2009 08:21:52 -0500
Subject: [PATCH] Add callback for <a> tags to add target=_blank
---
program/steps/mail/func.inc | 608 +++++++++++++++++++++++++++++++++++++-----------------
1 files changed, 416 insertions(+), 192 deletions(-)
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 7607ccc..702625c 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -5,7 +5,7 @@
| program/steps/mail/func.inc |
| |
| This file is part of the RoundCube Webmail client |
- | Copyright (C) 2005-2008, RoundCube Dev. - Switzerland |
+ | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland |
| Licensed under the GNU GPL |
| |
| PURPOSE: |
@@ -19,25 +19,34 @@
*/
-require_once('lib/enriched.inc');
require_once('include/rcube_smtp.inc');
-
$EMAIL_ADDRESS_PATTERN = '/([a-z0-9][a-z0-9\-\.\+\_]*@[a-z0-9]([a-z0-9\-][.]?)*[a-z0-9]\\.[a-z]{2,5})/i';
-if (empty($_SESSION['mbox']))
- $_SESSION['mbox'] = $IMAP->get_mailbox_name();
+// actions that do not require imap connection
+$NOIMAP_ACTIONS = array('spell', 'addcontact', 'autocomplete', 'upload', 'display-attachment', 'remove-attachment');
+
+
+// log in to imap server
+if (!in_array($RCMAIL->action, $NOIMAP_ACTIONS) && !$RCMAIL->imap_connect()) {
+ $RCMAIL->kill_session();
+
+ if ($OUTPUT->ajax_call)
+ $OUTPUT->redirect(array(), 2000);
+
+ $OUTPUT->set_env('task', 'login');
+ $OUTPUT->send('login');
+}
+
// set imap properties and session vars
if ($mbox = get_input_value('_mbox', RCUBE_INPUT_GPC))
$IMAP->set_mailbox(($_SESSION['mbox'] = $mbox));
+else
+ $_SESSION['mbox'] = $IMAP->get_mailbox_name();
if (!empty($_GET['_page']))
$IMAP->set_page(($_SESSION['page'] = intval($_GET['_page'])));
-
-// set mailbox to INBOX if not set
-if (empty($_SESSION['mbox']))
- $_SESSION['mbox'] = $IMAP->get_mailbox_name();
// set default sort col/order to session
if (!isset($_SESSION['sort_col']))
@@ -53,25 +62,44 @@
$OUTPUT->set_env('search_text', $_SESSION['last_text_search']);
}
-
-// set current mailbox in client environment
-$OUTPUT->set_env('mailbox', $IMAP->get_mailbox_name());
-$OUTPUT->set_env('quota', $IMAP->get_capability('quota'));
-$OUTPUT->set_env('delimiter', $IMAP->get_hierarchy_delimiter());
-
-if ($CONFIG['trash_mbox'])
- $OUTPUT->set_env('trash_mailbox', $CONFIG['trash_mbox']);
-if ($CONFIG['drafts_mbox'])
- $OUTPUT->set_env('drafts_mailbox', $CONFIG['drafts_mbox']);
-if ($CONFIG['junk_mbox'])
- $OUTPUT->set_env('junk_mailbox', $CONFIG['junk_mbox']);
-
-if (!$OUTPUT->ajax_call)
- rcube_add_label('checkingmail', 'deletemessage', 'movemessagetotrash', 'movingmessage');
-
-// set page title
+// set main env variables, labels and page title
if (empty($RCMAIL->action) || $RCMAIL->action == 'list')
- $OUTPUT->set_pagetitle(rcmail_localize_foldername($IMAP->get_mailbox_name()));
+ {
+ $mbox_name = $IMAP->get_mailbox_name();
+
+ if (empty($RCMAIL->action))
+ {
+ // initialize searching result if search_filter is used
+ if ($_SESSION['search_filter'] && $_SESSION['search_filter'] != 'ALL')
+ {
+ $search_request = md5($mbox_name.$_SESSION['search_filter']);
+
+ $IMAP->search($mbox_name, $_SESSION['search_filter'], RCMAIL_CHARSET, $_SESSION['sort_col']);
+ $_SESSION['search'][$search_request] = $IMAP->get_search_set();
+ $OUTPUT->set_env('search_request', $search_request);
+ }
+
+ // make sure the message count is refreshed (for default view)
+ $IMAP->messagecount($mbox_name, 'ALL', true);
+ }
+
+ // set current mailbox in client environment
+ $OUTPUT->set_env('mailbox', $mbox_name);
+ $OUTPUT->set_env('quota', $IMAP->get_capability('quota'));
+ $OUTPUT->set_env('delimiter', $IMAP->get_hierarchy_delimiter());
+
+ if ($CONFIG['trash_mbox'])
+ $OUTPUT->set_env('trash_mailbox', $CONFIG['trash_mbox']);
+ if ($CONFIG['drafts_mbox'])
+ $OUTPUT->set_env('drafts_mailbox', $CONFIG['drafts_mbox']);
+ if ($CONFIG['junk_mbox'])
+ $OUTPUT->set_env('junk_mailbox', $CONFIG['junk_mbox']);
+
+ if (!$OUTPUT->ajax_call)
+ $OUTPUT->add_label('checkingmail', 'deletemessage', 'movemessagetotrash', 'movingmessage');
+
+ $OUTPUT->set_pagetitle(rcmail_localize_foldername($mbox_name));
+ }
/**
@@ -89,7 +117,7 @@
$sort_order = $_SESSION['sort_order'];
// add some labels to client
- rcube_add_label('from', 'to');
+ $OUTPUT->add_label('from', 'to');
// get message headers
$a_headers = $IMAP->list_headers('', '', $sort_col, $sort_order);
@@ -103,8 +131,16 @@
$out = '<table' . $attrib_str . ">\n";
- // define list of cols to be displayed
- $a_show_cols = is_array($CONFIG['list_cols']) ? $CONFIG['list_cols'] : array('subject');
+ // define list of cols to be displayed based on parameter or config
+ if (empty($attrib['columns']))
+ $a_show_cols = is_array($CONFIG['list_cols']) ? $CONFIG['list_cols'] : array('subject');
+ else
+ $a_show_cols = preg_split('/[\s,;]+/', strip_quotes($attrib['columns']));
+
+ // store column list in a session-variable
+ $_SESSION['list_columns'] = $a_show_cols;
+
+ // define sortable columns
$a_sort_cols = array('subject', 'date', 'from', 'to', 'size');
$mbox = $IMAP->get_mailbox_name();
@@ -119,9 +155,8 @@
$out .= '<col class="icon" />';
foreach ($a_show_cols as $col)
- $out .= sprintf('<col class="%s" />', $col);
+ $out .= ($col!='attachment') ? sprintf('<col class="%s" />', $col) : '<col class="icon" />';
- $out .= '<col class="icon" />';
$out .= "</colgroup>\n";
// add table title
@@ -131,7 +166,17 @@
foreach ($a_show_cols as $col)
{
// get column name
- $col_name = $col != 'flag' ? Q(rcube_label($col)) : sprintf($image_tag, $skin_path, $attrib['unflaggedicon'], '');
+ switch ($col)
+ {
+ case 'flag':
+ $col_name = sprintf($image_tag, $skin_path, $attrib['unflaggedicon'], '');
+ break;
+ case 'attachment':
+ $col_name = sprintf($image_tag, $skin_path, $attrib['attachmenticon'], '');
+ break;
+ default:
+ $col_name = Q(rcube_label($col));
+ }
// make sort links
$sort = '';
@@ -179,10 +224,12 @@
$sort_class = $col==$sort_col ? " sorted$sort_order" : '';
// put it all together
- $out .= '<td class="'.$col.$sort_class.'" id="rcmHead'.$col.'">' . "$col_name$sort</td>\n";
+ if ($col!='attachment')
+ $out .= '<td class="'.$col.$sort_class.'" id="rcm'.$col.'">' . "$col_name$sort</td>\n";
+ else
+ $out .= '<td class="icon" id="rcm'.$col.'">' . "$col_name$sort</td>\n";
}
- $out .= '<td class="icon">'.($attrib['attachmenticon'] ? sprintf($image_tag, $skin_path, $attrib['attachmenticon'], '') : '')."</td>\n";
$out .= "</tr></thead>\n<tbody>\n";
// no messages in this mailbox
@@ -197,7 +244,7 @@
{
$message_icon = $attach_icon = $flagged_icon = '';
$js_row_arr = array();
- $zebra_class = $i%2 ? 'even' : 'odd';
+ $zebra_class = $i%2 ? ' even' : ' odd';
// set messag attributes to javascript array
if ($header->deleted)
@@ -206,16 +253,25 @@
$js_row_arr['unread'] = true;
if ($header->answered)
$js_row_arr['replied'] = true;
+ if ($header->forwarded)
+ $js_row_arr['forwarded'] = true;
if ($header->flagged)
$js_row_arr['flagged'] = true;
// set message icon
if ($attrib['deletedicon'] && $header->deleted)
$message_icon = $attrib['deletedicon'];
+ else if ($attrib['repliedicon'] && $header->answered)
+ {
+ if ($attrib['forwardedrepliedicon'] && $header->forwarded)
+ $message_icon = $attrib['forwardedrepliedicon'];
+ else
+ $message_icon = $attrib['repliedicon'];
+ }
+ else if ($attrib['forwardedicon'] && $header->forwarded)
+ $message_icon = $attrib['forwardedicon'];
else if ($attrib['unreadicon'] && !$header->seen)
$message_icon = $attrib['unreadicon'];
- else if ($attrib['repliedicon'] && $header->answered)
- $message_icon = $attrib['repliedicon'];
else if ($attrib['messageicon'])
$message_icon = $attrib['messageicon'];
@@ -225,21 +281,20 @@
$flagged_icon = $attrib['unflaggedicon'];
// set attachment icon
- if ($attrib['attachmenticon'] && preg_match("/multipart\/[mr]/i", $header->ctype))
+ if ($attrib['attachmenticon'] && preg_match("/multipart\/m/i", $header->ctype))
$attach_icon = $attrib['attachmenticon'];
- $out .= sprintf('<tr id="rcmrow%d" class="message%s%s %s">'."\n",
+ $out .= sprintf('<tr id="rcmrow%d" class="message%s%s%s%s">'."\n",
$header->uid,
$header->seen ? '' : ' unread',
$header->deleted ? ' deleted' : '',
$header->flagged ? ' flagged' : '',
- $zebra_class);
+ $zebra_class);
$out .= sprintf("<td class=\"icon\">%s</td>\n", $message_icon ? sprintf($image_tag, $skin_path, $message_icon, '') : '');
- if (!empty($header->charset))
- $IMAP->set_charset($header->charset);
+ $IMAP->set_charset(!empty($header->charset) ? $header->charset : $CONFIG['default_charset']);
// format each col
foreach ($a_show_cols as $col)
@@ -250,9 +305,9 @@
{
$action = $mbox==$CONFIG['drafts_mbox'] ? 'compose' : 'show';
$uid_param = $mbox==$CONFIG['drafts_mbox'] ? '_draft_uid' : '_uid';
- $cont = Q($IMAP->decode_header($header->$col));
- if (empty($cont)) $cont = Q(rcube_label('nosubject'));
- $cont = sprintf('<a href="%s" onclick="return rcube_event.cancel(event)">%s</a>', Q(rcmail_url($action, array($uid_param=>$header->uid, '_mbox'=>$mbox))), $cont);
+ $cont = abbreviate_string(trim($IMAP->decode_header($header->$col)), 160);
+ if (empty($cont)) $cont = rcube_label('nosubject');
+ $cont = sprintf('<a href="%s" onclick="return rcube_event.cancel(event)">%s</a>', Q(rcmail_url($action, array($uid_param=>$header->uid, '_mbox'=>$mbox))), Q($cont));
}
else if ($col=='flag')
$cont = $flagged_icon ? sprintf($image_tag, $skin_path, $flagged_icon, '') : '';
@@ -263,10 +318,12 @@
else
$cont = Q($header->$col);
- $out .= '<td class="'.$col.'">' . $cont . "</td>\n";
+ if ($col!='attachment')
+ $out .= '<td class="'.$col.'">' . $cont . "</td>\n";
+ else
+ $out .= sprintf("<td class=\"icon\">%s</td>\n", $attach_icon ? sprintf($image_tag, $skin_path, $attach_icon, '') : ' ');
}
- $out .= sprintf("<td class=\"icon\">%s</td>\n", $attach_icon ? sprintf($image_tag, $skin_path, $attach_icon, '') : '');
$out .= "</tr>\n";
if (sizeof($js_row_arr))
@@ -275,7 +332,6 @@
// complete message table
$out .= "</tbody></table>\n";
-
$message_count = $IMAP->messagecount();
@@ -296,6 +352,10 @@
$OUTPUT->set_env('unreadicon', $skin_path . $attrib['unreadicon']);
if ($attrib['repliedicon'])
$OUTPUT->set_env('repliedicon', $skin_path . $attrib['repliedicon']);
+ if ($attrib['forwardedicon'])
+ $OUTPUT->set_env('forwardedicon', $skin_path . $attrib['forwardedicon']);
+ if ($attrib['forwardedrepliedicon'])
+ $OUTPUT->set_env('forwardedrepliedicon', $skin_path . $attrib['forwardedrepliedicon']);
if ($attrib['attachmenticon'])
$OUTPUT->set_env('attachmenticon', $skin_path . $attrib['attachmenticon']);
if ($attrib['flaggedicon'])
@@ -319,7 +379,11 @@
{
global $CONFIG, $IMAP, $OUTPUT;
- $a_show_cols = is_array($CONFIG['list_cols']) ? $CONFIG['list_cols'] : array('subject');
+ if (empty($_SESSION['list_columns']))
+ $a_show_cols = is_array($CONFIG['list_cols']) ? $CONFIG['list_cols'] : array('subject');
+ else
+ $a_show_cols = $_SESSION['list_columns'];
+
$mbox = $IMAP->get_mailbox_name();
// show 'to' instead of from in sent messages
@@ -338,8 +402,13 @@
if (empty($header))
continue;
- if (!empty($header->charset))
- $IMAP->set_charset($header->charset);
+ $IMAP->set_charset(!empty($header->charset) ? $header->charset : $CONFIG['default_charset']);
+
+ // remove 'attachment' and 'flag' columns, we don't need them here
+ if(($key = array_search('attachment', $a_show_cols)) !== FALSE)
+ unset($a_show_cols[$key]);
+ if(($key = array_search('flag', $a_show_cols)) !== FALSE)
+ unset($a_show_cols[$key]);
// format each col; similar as in rcmail_message_list()
foreach ($a_show_cols as $col)
@@ -350,9 +419,9 @@
{
$action = $mbox==$CONFIG['drafts_mbox'] ? 'compose' : 'show';
$uid_param = $mbox==$CONFIG['drafts_mbox'] ? '_draft_uid' : '_uid';
- $cont = Q($IMAP->decode_header($header->$col));
- if (!$cont) $cont = Q(rcube_label('nosubject'));
- $cont = sprintf('<a href="%s" onclick="return rcube_event.cancel(event)">%s</a>', Q(rcmail_url($action, array($uid_param=>$header->uid, '_mbox'=>$mbox))), $cont);
+ $cont = abbreviate_string(trim($IMAP->decode_header($header->$col)), 160);
+ if (!$cont) $cont = rcube_label('nosubject');
+ $cont = sprintf('<a href="%s" onclick="return rcube_event.cancel(event)">%s</a>', Q(rcmail_url($action, array($uid_param=>$header->uid, '_mbox'=>$mbox))), Q($cont));
}
else if ($col=='size')
$cont = show_bytes($header->$col);
@@ -367,6 +436,7 @@
$a_msg_flags['deleted'] = $header->deleted ? 1 : 0;
$a_msg_flags['unread'] = $header->seen ? 0 : 1;
$a_msg_flags['replied'] = $header->answered ? 1 : 0;
+ $a_msg_flags['forwarded'] = $header->forwarded ? 1 : 0;
$a_msg_flags['flagged'] = $header->flagged ? 1 : 0;
$OUTPUT->command('add_message_row',
@@ -389,18 +459,12 @@
if (empty($attrib['id']))
$attrib['id'] = 'rcmailcontentwindow';
- // allow the following attributes to be added to the <iframe> tag
- $attrib_str = create_attrib_string($attrib, array('id', 'class', 'style', 'src', 'width', 'height', 'frameborder'));
- $framename = $attrib['id'];
+ $attrib['name'] = $attrib['id'];
- $out = sprintf('<iframe name="%s"%s></iframe>'."\n",
- $framename,
- $attrib_str);
-
- $OUTPUT->set_env('contentframe', $framename);
+ $OUTPUT->set_env('contentframe', $attrib['id']);
$OUTPUT->set_env('blankpage', $attrib['src'] ? $OUTPUT->abs_url($attrib['src']) : 'program/blank.gif');
- return $out;
+ return html::iframe($attrib);
}
@@ -416,14 +480,7 @@
$OUTPUT->add_gui_object('countdisplay', $attrib['id']);
- // allow the following attributes to be added to the <span> tag
- $attrib_str = create_attrib_string($attrib, array('style', 'class', 'id'));
-
-
- $out = '<span' . $attrib_str . '>';
- $out .= rcmail_get_messagecount_text();
- $out .= '</span>';
- return $out;
+ return html::span($attrib, rcmail_get_messagecount_text());
}
@@ -442,20 +499,14 @@
$OUTPUT->add_gui_object('quotadisplay', $attrib['id']);
- // allow the following attributes to be added to the <span> tag
- $attrib_str = create_attrib_string($attrib, array('style', 'class', 'id', 'display'));
-
- $out = '<span' . $attrib_str . '>';
- $out .= rcmail_quota_content();
- $out .= '</span>';
- return $out;
+ return html::span($attrib, rcmail_quota_content(NULL, $attrib));
}
/**
*
*/
-function rcmail_quota_content($quota=NULL)
+function rcmail_quota_content($quota=NULL, $attrib=NULL)
{
global $IMAP, $COMM_PATH, $RCMAIL;
@@ -481,14 +532,23 @@
// show quota as image (by Brett Patterson)
if ($display == 'image' && function_exists('imagegif'))
{
- $attrib = array('width' => 100, 'height' => 14);
+ if (!$attrib['width'])
+ $attrib['width'] = isset($_SESSION['quota_width']) ? $_SESSION['quota_width'] : 100;
+ else
+ $_SESSION['quota_width'] = $attrib['width'];
+
+ if (!$attrib['height'])
+ $attrib['height'] = isset($_SESSION['quota_height']) ? $_SESSION['quota_height'] : 14;
+ else
+ $_SESSION['quota_height'] = $attrib['height'];
+
$quota_text = sprintf('<img src="./bin/quotaimg.php?u=%s&q=%d&w=%d&h=%d" width="%d" height="%d" alt="%s" title="%s / %s" />',
$quota['used'], $quota['total'],
$attrib['width'], $attrib['height'],
$attrib['width'], $attrib['height'],
$quota_text,
- show_bytes($quota["used"] * 1024),
- show_bytes($quota["total"] * 1024));
+ show_bytes($quota['used'] * 1024),
+ show_bytes($quota['total'] * 1024));
}
}
else
@@ -550,22 +610,129 @@
return rcmail_localize_foldername($RCMAIL->imap->get_mailbox_name());
}
+/**
+ * Sets message is_safe flag according to 'show_images' option value
+ *
+ * @param object rcube_message Message
+ */
+function rcmail_check_safe(&$message)
+{
+ global $RCMAIL;
+
+ $show_images = $RCMAIL->config->get('show_images');
+ if (!$message->is_safe
+ && !empty($show_images)
+ && $message->has_html_part())
+ {
+ switch($show_images) {
+ case '1': // known senders only
+ $CONTACTS = new rcube_contacts($RCMAIL->db, $_SESSION['user_id']);
+ if ($CONTACTS->search('email', $message->sender['mailto'], true, false)->count) {
+ $message->set_safe(true);
+ }
+ break;
+ case '2': // always
+ $message->set_safe(true);
+ break;
+ }
+ }
+}
+
+/**
+ * Cleans up the given message HTML Body (for displaying)
+ *
+ * @param string HTML
+ * @param array Display parameters
+ * @param array CID map replaces (inline images)
+ * @return string Clean HTML
+ */
+function rcmail_wash_html($html, $p = array(), $cid_replaces)
+{
+ global $REMOTE_OBJECTS;
+
+ $p += array('safe' => false, 'inline_html' => true);
+
+ // special replacements (not properly handled by washtml class)
+ $html_search = array(
+ '/(<\/nobr>)(\s+)(<nobr>)/i', // space(s) between <NOBR>
+ '/(<[\/]*st1:[^>]+>)/i', // Microsoft's Smart Tags <ST1>
+ '/<\/?rte_text>/i', // Rich Text Editor tags (#1485647)
+ '/<title>.*<\/title>/i', // PHP bug #32547 workaround: remove title tag
+ '/<html[^>]*>/im', // malformed html: remove html tags (#1485139)
+ '/<\/html>/i', // malformed html: remove html tags (#1485139)
+ '/^[\xFE\xFF\xBB\xBF\x00]+((?:<\!doctype|\<html))/im', // remove byte-order mark (only outlook?)
+ );
+ $html_replace = array(
+ '\\1'.' '.'\\3',
+ '',
+ '',
+ '',
+ '',
+ '',
+ '\\1',
+ );
+ $html = preg_replace($html_search, $html_replace, $html);
+
+ // charset was converted to UTF-8 in rcube_imap::get_message_part() -> change charset specification in HTML accordingly
+ $charset_pattern = '/(\s+content=[\'"]?\w+\/\w+;\s*charset)=([a-z0-9-_]+)/i';
+ if (preg_match($charset_pattern, $html)) {
+ $html = preg_replace($charset_pattern, '\\1='.RCMAIL_CHARSET, $html);
+ }
+ else {
+ // add head for malformed messages, washtml cannot work without that
+ if (!preg_match('/<head[^>]*>(.*)<\/head>/Uims', $html))
+ $html = '<head></head>'. $html;
+ $html = substr_replace($html, '<meta http-equiv="content-type" content="text/html; charset='.RCMAIL_CHARSET.'" />', intval(stripos($html, '<head>')+6), 0);
+ }
+
+ // turn relative into absolute urls
+ $html = rcmail_resolve_base($html);
+
+ // clean HTML with washhtml by Frederic Motte
+ $wash_opts = array(
+ 'show_washed' => false,
+ 'allow_remote' => $p['safe'],
+ 'blocked_src' => "./program/blocked.gif",
+ 'charset' => RCMAIL_CHARSET,
+ 'cid_map' => $cid_replaces,
+ 'html_elements' => array('body'),
+ );
+
+ if (!$p['inline_html']) {
+ $wash_opts['html_elements'] = array('html','head','title','body');
+ }
+ if ($p['safe']) {
+ $wash_opts['html_elements'][] = 'link';
+ $wash_opts['html_attribs'] = array('rel','type');
+ }
+
+ $washer = new washtml($wash_opts);
+ $washer->add_callback('a', 'rcmail_washtml_callback');
+ $washer->add_callback('form', 'rcmail_washtml_callback');
+
+ if ($p['safe']) { // allow CSS styles, will be sanitized by rcmail_washtml_callback()
+ $washer->add_callback('style', 'rcmail_washtml_callback');
+ }
+
+ $html = $washer->wash($html);
+ $REMOTE_OBJECTS = $washer->extlinks;
+
+ return $html;
+}
+
/**
* Convert the given message part to proper HTML
* which can be displayed the message view
*
* @param object rcube_message_part Message part
- * @param bool True if external objects (ie. images ) are allowed
- * @param bool True if part should be converted to plaintext
+ * @param array Display parameters array
* @return string Formatted HTML string
*/
function rcmail_print_body($part, $p = array())
{
- global $REMOTE_OBJECTS;
-
$p += array('safe' => false, 'plain' => false, 'inline_html' => true);
-
+
// convert html to text/plain
if ($part->ctype_secondary == 'html' && $p['plain']) {
$txt = new html2text($part->body, false, true);
@@ -574,51 +741,12 @@
}
// text/html
else if ($part->ctype_secondary == 'html') {
- // charset was converted to UTF-8 in rcube_imap::get_message_part() -> change charset specification in HTML accordingly
- $html = $part->body;
- if (preg_match('/(\s+content=[\'"]\w+\/\w+;\s*charset)=([a-z0-9-_]+)/i', $html))
- $html = preg_replace('/(\s+content=[\'"]\w+\/\w+;\s*charset)=([a-z0-9-_]+)/i', '\\1='.RCMAIL_CHARSET, $html);
- else {
- // add <head> for malformed messages, washtml cannot work without that
- if (!preg_match('/<head>(.*)<\\/head>/Uims', $html))
- $html = '<head></head>' . $html;
- $html = substr_replace($html, '<meta http-equiv="Content-Type" content="text/html; charset='.RCMAIL_CHARSET.'" />', intval(stripos($html, '</head>')), 0);
- }
-
- // PHP bug #32547 workaround: remove title tag
- $html = preg_replace('/<title>.*<\/title>/', '', $html);
-
- // clean HTML with washhtml by Frederic Motte
- $wash_opts = array(
- 'show_washed' => false,
- 'allow_remote' => $p['safe'],
- 'blocked_src' => "./program/blocked.gif",
- 'charset' => RCMAIL_CHARSET,
- 'cid_map' => $part->replaces,
- 'html_elements' => array('body'),
- );
-
- if (!$p['inline_html']) {
- $wash_opts['html_elements'] = array('html','head','title','body');
- }
-
- /* CSS styles need to be sanitized!
- if ($p['safe']) {
- $wash_opts['html_elements'][] = 'style';
- $wash_opts['html_attribs'] = array('type');
- }
- */
-
- $washer = new washtml($wash_opts);
- $washer->add_callback('form', 'rcmail_washtml_callback');
- $body = $washer->wash($html);
- $REMOTE_OBJECTS = $washer->extlinks;
-
- return $body;
+ return rcmail_wash_html($part->body, $p, $part->replaces);
}
// text/enriched
else if ($part->ctype_secondary=='enriched') {
$part->ctype_secondary = 'html';
+ require_once('lib/enriched.inc');
return Q(enriched_to_html($part->body), 'show');
}
else
@@ -628,25 +756,15 @@
/**** assert plaintext ****/
// make links and email-addresses clickable
- $convert_patterns = $convert_replaces = $replace_strings = array();
+ $replacements = new rcube_string_replacer;
$url_chars = 'a-z0-9_\-\+\*\$\/&%=@#:;';
$url_chars_within = '\?\.~,!';
-
- $convert_patterns[] = "/([\w]+):\/\/([a-z0-9\-\.]+[a-z]{2,4}([$url_chars$url_chars_within]*[$url_chars])?)/ie";
- $convert_replaces[] = "rcmail_str_replacement('<a href=\"\\1://\\2\" target=\"_blank\">\\1://\\2</a>', \$replace_strings)";
-
- $convert_patterns[] = "/([^\/:]|\s)(www\.)([a-z0-9\-]{2,}[a-z]{2,4}([$url_chars$url_chars_within]*[$url_chars])?)/ie";
- $convert_replaces[] = "rcmail_str_replacement('\\1<a href=\"http://\\2\\3\" target=\"_blank\">\\2\\3</a>', \$replace_strings)";
- $convert_patterns[] = '/([a-z0-9][a-z0-9\-\.\+\_]*@[a-z0-9]([a-z0-9\-][.]?)*[a-z0-9]\\.[a-z]{2,5})/ie';
- $convert_replaces[] = "rcmail_str_replacement('<a href=\"mailto:\\1\" onclick=\"return ".JS_OBJECT_NAME.".command(\'compose\',\'\\1\',this)\">\\1</a>', \$replace_strings)";
-
-// if ($part->ctype_parameters['format'] != 'flowed')
-// $body = wordwrap(trim($body), 80);
-
// search for patterns like links and e-mail addresses
- $body = preg_replace($convert_patterns, $convert_replaces, $body);
+ $body = preg_replace_callback("/([\w]+):\/\/([a-z0-9\-\.]+[a-z]{2,4}([$url_chars$url_chars_within]*[$url_chars])?)/i", array($replacements, 'link_callback'), $body);
+ $body = preg_replace_callback("/([^\/:]|\s)(www\.)([a-z0-9\-]{2,}[a-z]{2,4}([$url_chars$url_chars_within]*[$url_chars])?)/i", array($replacements, 'link_callback'), $body);
+ $body = preg_replace_callback('/([a-z0-9][a-z0-9\-\.\+\_]*@[a-z0-9]([a-z0-9\-][.]?)*[a-z0-9]\\.[a-z]{2,5})/i', array($replacements, 'mailto_callback'), $body);
// split body into single lines
$a_lines = preg_split('/\r?\n/', $body);
@@ -675,10 +793,11 @@
}
// insert the links for urls and mailtos
- $body = preg_replace("/##string_replacement\{([0-9]+)\}##/e", "\$replace_strings[\\1]", join("\n", $a_lines));
-
- return "<div class=\"pre\">".$body."\n</div>";
+ $body = $replacements->resolve(join("\n", $a_lines));
+
+ return html::tag('pre', array(), $body);
}
+
/**
* add a string to the replacement array and return a replacement string
@@ -701,6 +820,21 @@
$out = html::div('form', $content);
break;
+ case 'a':
+ if ($attrib) $attrib .= ' target="_blank"';
+ $out = '<a'.$attrib.'>' . $content . '</a>';
+ break;
+
+ case 'style':
+ // decode all escaped entities and reduce to ascii strings
+ $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entitiy_decode($content));
+
+ // now check for evil strings like expression, behavior or url()
+ if (!preg_match('/expression|behavior|url\(|import/', $stripped)) {
+ $out = html::tag('style', array('type' => 'text/css'), $content);
+ break;
+ }
+
default:
$out = '';
}
@@ -731,10 +865,6 @@
if (!$headers)
$headers = is_object($MESSAGE->headers) ? get_object_vars($MESSAGE->headers) : $MESSAGE->headers;
- // add empty subject if none exsists
- if (empty($headers['subject']))
- $headers['subject'] = rcube_label('nosubject');
-
$header_count = 0;
// allow the following attributes to be added to the <table> tag
@@ -742,30 +872,47 @@
$out = '<table' . $attrib_str . ">\n";
// show these headers
- $standard_headers = array('subject', 'from', 'organization', 'to', 'cc', 'bcc', 'reply-to', 'date');
-
+ $standard_headers = array('subject', 'from', 'to', 'cc', 'bcc', 'replyto', 'date');
+
foreach ($standard_headers as $hkey)
{
if (!$headers[$hkey])
continue;
- if ($hkey=='date' && !empty($headers[$hkey]))
+ if ($hkey == 'date')
{
if ($PRINT_MODE)
$header_value = format_date($headers[$hkey], $CONFIG['date_long'] ? $CONFIG['date_long'] : 'x');
else
$header_value = format_date($headers[$hkey]);
}
- else if (in_array($hkey, array('from', 'to', 'cc', 'bcc', 'reply-to')))
+ else if ($hkey == 'replyto')
+ {
+ if ($headers['replyto'] != $headers['from'])
+ $header_value = Q(rcmail_address_string($headers['replyto'], null, true, $attrib['addicon']), 'show');
+ else
+ continue;
+ }
+ else if (in_array($hkey, array('from', 'to', 'cc', 'bcc')))
$header_value = Q(rcmail_address_string($headers[$hkey], null, true, $attrib['addicon']), 'show');
+ else if ($hkey == 'subject' && empty($headers[$hkey]))
+ $header_value = Q(rcube_label('nosubject'));
else
- $header_value = Q($IMAP->decode_header($headers[$hkey]));
+ $header_value = Q(trim($IMAP->decode_header($headers[$hkey])));
$out .= "\n<tr>\n";
$out .= '<td class="header-title">'.Q(rcube_label($hkey)).": </td>\n";
$out .= '<td class="'.$hkey.'" width="90%">'.$header_value."</td>\n</tr>";
$header_count++;
}
+
+ // all headers division
+ $out .= "\n".'<tr><td colspan="2" class="more-headers show-headers"
+ onclick="return '.JS_OBJECT_NAME.'.command(\'load-headers\', \'\', this)"></td></tr>';
+ $out .= "\n".'<tr id="all-headers"><td colspan="2" class="all"><div id="headers-source"></div></td></tr>';
+
+ $OUTPUT->add_gui_object('all_headers_row', 'all-headers');
+ $OUTPUT->add_gui_object('all_headers_box', 'headers-source');
$out .= "\n</table>\n\n";
@@ -822,15 +969,14 @@
}
}
else
- $out .= html::div('message-part', html::div('pre', Q($MESSAGE->body)));
+ $out .= html::div('message-part', html::tag('pre', array(), Q($MESSAGE->body)));
$ctype_primary = strtolower($MESSAGE->structure->ctype_primary);
$ctype_secondary = strtolower($MESSAGE->structure->ctype_secondary);
// list images after mail body
- if (get_boolean($attrib['showimages'])
- && $CONFIG['inline_images']
+ if ($CONFIG['inline_images']
&& $ctype_primary == 'multipart'
&& !empty($MESSAGE->attachments)
&& !strstr($message_body, '<html'))
@@ -855,19 +1001,30 @@
}
+/**
+ * Convert all relative URLs according to a <base> in HTML
+ */
+function rcmail_resolve_base($body)
+{
+ // check for <base href=...>
+ if (preg_match('!(<base.*href=["\']?)([hftps]{3,5}://[a-z0-9/.%-]+)!i', $body, $regs)) {
+ $replacer = new rcube_base_replacer($regs[2]);
+
+ // replace all relative paths
+ $body = preg_replace_callback('/(src|background|href)=(["\']?)([\.\/]+[^"\'\s]+)(\2|\s|>)/Ui', array($replacer, 'callback'), $body);
+ $body = preg_replace_callback('/(url\s*\()(["\']?)([\.\/]+[^"\'\)\s]+)(\2)\)/Ui', array($replacer, 'callback'), $body);
+ }
+
+ return $body;
+}
/**
* modify a HTML message that it can be displayed inside a HTML page
*/
function rcmail_html4inline($body, $container_id)
{
- $base_url = "";
$last_style_pos = 0;
$body_lc = strtolower($body);
-
- // check for <base href>
- if (preg_match(($base_reg = '/(<base.*href=["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)([^<]*>)/i'), $body, $base_regs))
- $base_url = $base_regs[2];
// find STYLE tags
while (($pos = strpos($body_lc, '<style', $last_style_pos)) && ($pos2 = strpos($body_lc, '</style>', $pos)))
@@ -875,21 +1032,13 @@
$pos = strpos($body_lc, '>', $pos)+1;
// replace all css definitions with #container [def]
- $styles = rcmail_mod_css_styles(substr($body, $pos, $pos2-$pos), $container_id, $base_url);
+ $styles = rcmail_mod_css_styles(substr($body, $pos, $pos2-$pos), $container_id);
$body = substr($body, 0, $pos) . $styles . substr($body, $pos2);
$body_lc = strtolower($body);
$last_style_pos = $pos2;
}
- // resolve <base href>
- if ($base_url)
- {
- $body = preg_replace('/(src|background|href)=(["\']?)([\.\/]+[^"\'\s]+)(\2|\s|>)/Uie', "'\\1=\"'.make_absolute_url('\\3', '$base_url').'\"'", $body);
- $body = preg_replace('/(url\s*\()(["\']?)([\.\/]+[^"\'\)\s]+)(\2)\)/Uie', "'\\1\''.make_absolute_url('\\3', '$base_url').'\')'", $body);
- $body = preg_replace($base_reg, '', $body);
- }
-
// modify HTML links to open a new window if clicked
$body = preg_replace('/<(a|link)\s+([^>]+)>/Uie', "rcmail_alter_html_link('\\1','\\2', '$container_id');", $body);
@@ -920,23 +1069,26 @@
* parse link attributes and set correct target
*/
function rcmail_alter_html_link($tag, $attrs, $container_id)
- {
+{
$attrib = parse_attrib_string($attrs);
+ $end = '>';
- if ($tag == 'link' && preg_match('/^https?:\/\//i', $attrib['href']))
+ if ($tag == 'link' && preg_match('/^https?:\/\//i', $attrib['href'])) {
$attrib['href'] = "./bin/modcss.php?u=" . urlencode($attrib['href']) . "&c=" . urlencode($container_id);
-
- else if (stristr((string)$attrib['href'], 'mailto:'))
+ $end = ' />';
+ }
+ else if (stristr((string)$attrib['href'], 'mailto:')) {
$attrib['onclick'] = sprintf(
"return %s.command('compose','%s',this)",
JS_OBJECT_NAME,
JQ(substr($attrib['href'], 7)));
-
- else if (!empty($attrib['href']) && $attrib['href']{0}!='#')
- $attrib['target'] = '_blank';
-
- return "<$tag" . create_attrib_string($attrib, array('href','name','target','onclick','id','class','style','title','rel','type','media')) . ' />';
}
+ else if (!empty($attrib['href']) && $attrib['href'][0] != '#') {
+ $attrib['target'] = '_blank';
+ }
+
+ return "<$tag" . html::attrib_string($attrib, array('href','name','target','onclick','id','class','style','title','rel','type','media')) . $end;
+}
/**
@@ -983,7 +1135,6 @@
html::img(array(
'src' => $CONFIG['skin_path'] . $addicon,
'alt' => "Add contact",
- 'border' => 0,
)));
}
}
@@ -1003,6 +1154,51 @@
}
}
+ return $out;
+}
+
+
+/**
+ * Wrap text to a given number of characters per line
+ * but respect the mail quotation of replies messages (>)
+ *
+ * @param string Text to wrap
+ * @param int The line width
+ * @return string The wrapped text
+ */
+function rcmail_wrap_quoted($text, $max = 76)
+{
+ // Rebuild the message body with a maximum of $max chars, while keeping quoted message.
+ $lines = preg_split('/\r?\n/', trim($text));
+ $out = '';
+
+ foreach ($lines as $line) {
+ if (strlen($line) > $max) {
+ if (preg_match('/^([>\s]+)/', $line, $regs)) {
+ $length = strlen($regs[0]);
+ $prefix = substr($line, 0, $length);
+
+ // Remove '> ' from the line, then wordwrap() the line
+ $line = wordwrap(substr($line, $length), $max - $length);
+
+ // Rebuild the line with '> ' at the beginning of each 'subline'
+ $newline = '';
+ foreach (explode("\n", $line) as $l) {
+ $newline .= $prefix . $l . "\n";
+ }
+
+ // Remove the righest newline char
+ $line = rtrim($newline);
+ }
+ else {
+ $line = wordwrap($line, $max);
+ }
+ }
+
+ // Append the line
+ $out .= $line . "\n";
+ }
+
return $out;
}
@@ -1041,12 +1237,9 @@
$part = $MESSAGE->mime_parts[asciiwords(get_input_value('_part', RCUBE_INPUT_GPC))];
$ctype_primary = strtolower($part->ctype_primary);
- $attrib['src'] = Q('./?'.str_replace('_frame=', ($ctype_primary=='text' ? '_show=' : '_preload='), $_SERVER['QUERY_STRING']));
+ $attrib['src'] = './?' . str_replace('_frame=', ($ctype_primary=='text' ? '_show=' : '_preload='), $_SERVER['QUERY_STRING']);
- $attrib_str = create_attrib_string($attrib, array('id', 'class', 'style', 'src', 'width', 'height'));
- $out = '<iframe '. $attrib_str . "></iframe>";
-
- return $out;
+ return html::iframe($attrib);
}
@@ -1072,7 +1265,7 @@
*/
function rcmail_deliver_message(&$message, $from, $mailto)
{
- global $CONFIG;
+ global $CONFIG, $RCMAIL;
$msg_body = $message->get();
$headers = $message->headers();
@@ -1128,9 +1321,8 @@
unset($headers['Return-Receipt-To'], $headers['Disposition-Notification-To']);
if ($CONFIG['smtp_log'])
- write_log('sendmail', sprintf("[%s] User: %d on %s; Message for %s; %s",
- date("d-M-Y H:i:s O", mktime()),
- $_SESSION['user_id'],
+ write_log('sendmail', sprintf("User %s [%s]; Message for %s; %s",
+ $RCMAIL->user->get_username(),
$_SERVER['REMOTE_ADDR'],
$mailto,
!empty($smtp_response) ? join('; ', $smtp_response) : ''));
@@ -1149,7 +1341,8 @@
$message = new rcube_message($uid);
- if ($message->headers->mdn_to && !$message->headers->mdn_sent && $IMAP->check_permflag('MDNSENT'))
+ if ($message->headers->mdn_to && !$message->headers->mdn_sent &&
+ ($IMAP->check_permflag('MDNSENT') || $IMAP->check_permflag('*')))
{
$identity = $RCMAIL->user->get_identity();
$sender = format_email_recipient($identity['email'], $identity['name']);
@@ -1213,6 +1406,36 @@
}
+function rcmail_search_filter($attrib)
+{
+ global $OUTPUT;
+
+ if (!strlen($attrib['id']))
+ $attrib['id'] = 'rcmlistfilter';
+
+ $attrib['onchange'] = JS_OBJECT_NAME.'.filter_mailbox(this.value)';
+
+ /*
+ RFC3501 (6.4.4): 'ALL', 'RECENT',
+ 'ANSWERED', 'DELETED', 'FLAGGED', 'SEEN',
+ 'UNANSWERED', 'UNDELETED', 'UNFLAGGED', 'UNSEEN',
+ 'NEW', // = (RECENT UNSEEN)
+ 'OLD' // = NOT RECENT
+ */
+
+ $select_filter = new html_select($attrib);
+ $select_filter->add(rcube_label('all'), 'ALL');
+ $select_filter->add(rcube_label('unread'), 'UNSEEN');
+ $select_filter->add(rcube_label('flagged'), 'FLAGGED');
+ $select_filter->add(rcube_label('unanswered'), 'UNANSWERED');
+
+ $out = $select_filter->show($_SESSION['search_filter']);
+
+ $OUTPUT->add_gui_object('search_filter', $attrib['id']);
+
+ return $out;
+}
+
// register UI objects
$OUTPUT->add_handlers(array(
'mailboxlist' => 'rcmail_mailbox_list',
@@ -1225,6 +1448,7 @@
'messagecontentframe' => 'rcmail_messagecontent_frame',
'messagepartframe' => 'rcmail_message_part_frame',
'messagepartcontrols' => 'rcmail_message_part_controls',
+ 'searchfilter' => 'rcmail_search_filter',
'searchform' => array($OUTPUT, 'search_form'),
));
--
Gitblit v1.9.1