From f06aa8058b7e32ba32d4551074b6e0b8a300f751 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Mon, 21 Oct 2013 15:02:40 -0400
Subject: [PATCH] Bump version after security fix

---
 program/steps/mail/get.inc |   63 ++++++++++---------------------
 1 files changed, 20 insertions(+), 43 deletions(-)

diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc
index 721c661..2cc2f12 100644
--- a/program/steps/mail/get.inc
+++ b/program/steps/mail/get.inc
@@ -5,8 +5,11 @@
  | program/steps/mail/get.inc                                            |
  |                                                                       |
  | This file is part of the Roundcube Webmail client                     |
- | Copyright (C) 2005-2009, The Roundcube Dev Team                       |
- | Licensed under the GNU GPL                                            |
+ | Copyright (C) 2005-2011, The Roundcube Dev Team                       |
+ |                                                                       |
+ | Licensed under the GNU General Public License version 3 or            |
+ | any later version with exceptions for skins & plugins.                |
+ | See the README file for a full license statement.                     |
  |                                                                       |
  | PURPOSE:                                                              |
  |   Delivering a specific part of a mail message                        |
@@ -36,7 +39,7 @@
 ob_end_clean();
 
 // Now we need IMAP connection
-if (!$RCMAIL->imap_connect()) {
+if (!$RCMAIL->storage_connect()) {
   // Get action is often executed simultanously.
   // Some servers have MAXPERIP or other limits.
   // To workaround this we'll wait for some time
@@ -66,6 +69,9 @@
 
 // show part page
 if (!empty($_GET['_frame'])) {
+  if (($part_id = get_input_value('_part', RCUBE_INPUT_GPC)) && ($part = $MESSAGE->mime_parts[$part_id]) && $part->filename)
+    $OUTPUT->set_pagetitle($part->filename);
+
   $OUTPUT->send('messagepart');
   exit;
 }
@@ -79,7 +85,7 @@
 
     // allow post-processing of the message body
     $plugin = $RCMAIL->plugins->exec_hook('message_part_get',
-      array('id' => $part->mime_id, 'mimetype' => $mimetype, 'part' => $part, 'download' => !empty($_GET['_download'])));
+      array('uid' => $MESSAGE->uid, 'id' => $part->mime_id, 'mimetype' => $mimetype, 'part' => $part, 'download' => !empty($_GET['_download'])));
 
     if ($plugin['abort'])
       exit;
@@ -114,7 +120,7 @@
       if (!rcmail_mem_check($part->size * 10)) {
         $out = '<body>' . rcube_label('messagetoobig'). ' '
           . html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part='.$part->mime_id
-            .'&_mbox='. urlencode($IMAP->get_mailbox_name()), rcube_label('download')) . '</body></html>';
+            .'&_mbox='. urlencode($RCMAIL->storage->get_folder()), rcube_label('download')) . '</body></html>';
       }
       else {
         // get part body if not available
@@ -144,6 +150,13 @@
 
       $disposition = !empty($plugin['download']) ? 'attachment' : 'inline';
 
+      // Workaround for nasty IE bug (#1488844)
+      // If Content-Disposition header contains string "attachment" e.g. in filename
+      // IE handles data as attachment not inline
+      if ($disposition == 'inline' && $browser->ie && $browser->ver < 9) {
+        $filename = str_ireplace('attachment', 'attach', $filename);
+      }
+
       header("Content-Disposition: $disposition; filename=\"$filename\"");
 
       // do content filtering to avoid XSS through fake images
@@ -154,7 +167,7 @@
           $stdout = fopen('php://output', 'w');
           stream_filter_register('rcube_content', 'rcube_content_filter') or die('Failed to register content filter');
           stream_filter_append($stdout, 'rcube_content');
-          $IMAP->get_message_part($MESSAGE->uid, $part->mime_id, $part, false, $stdout);
+          $RCMAIL->storage->get_message_part($MESSAGE->uid, $part->mime_id, $part, false, $stdout);
         }
       }
       else {
@@ -162,7 +175,7 @@
         if ($part->body)
           echo $part->body;
         else if ($part->size)
-          $IMAP->get_message_part($MESSAGE->uid, $part->mime_id, $part, true);
+          $RCMAIL->storage->get_message_part($MESSAGE->uid, $part->mime_id, $part, true);
       }
     }
 
@@ -190,40 +203,4 @@
 header('HTTP/1.1 404 Not Found');
 exit;
 
-
-
-/**
- * PHP stream filter to detect html/javascript code in attachments
- */
-class rcube_content_filter extends php_user_filter
-{
-  private $buffer = '';
-  private $cutoff = 2048;
-
-  function onCreate()
-  {
-    $this->cutoff = rand(2048, 3027);
-    return true;
-  }
-
-  function filter($in, $out, &$consumed, $closing)
-  {
-    while ($bucket = stream_bucket_make_writeable($in)) {
-      $this->buffer .= $bucket->data;
-
-      // check for evil content and abort
-      if (preg_match('/<(script|iframe|object)/i', $this->buffer))
-        return PSFS_ERR_FATAL;
-
-      // keep buffer small enough
-      if (strlen($this->buffer) > 4096)
-        $this->buffer = substr($this->buffer, $this->cutoff);
-
-      $consumed += $bucket->datalen;
-      stream_bucket_append($out, $bucket);
-    }
-
-    return PSFS_PASS_ON;
-  }
-}
 

--
Gitblit v1.9.1