From f06aa8058b7e32ba32d4551074b6e0b8a300f751 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Mon, 21 Oct 2013 15:02:40 -0400
Subject: [PATCH] Bump version after security fix
---
program/steps/mail/show.inc | 272 +++++++++++++++++++++++++++++++----------------------
1 files changed, 159 insertions(+), 113 deletions(-)
diff --git a/program/steps/mail/show.inc b/program/steps/mail/show.inc
index 9beb425..20e76a6 100644
--- a/program/steps/mail/show.inc
+++ b/program/steps/mail/show.inc
@@ -4,9 +4,12 @@
+-----------------------------------------------------------------------+
| program/steps/mail/show.inc |
| |
- | This file is part of the RoundCube Webmail client |
- | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland |
- | Licensed under the GNU GPL |
+ | This file is part of the Roundcube Webmail client |
+ | Copyright (C) 2005-2009, The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
| |
| PURPOSE: |
| Display a mail message similar as a usual mail application does |
@@ -22,122 +25,94 @@
$PRINT_MODE = $RCMAIL->action=='print' ? TRUE : FALSE;
// similar code as in program/steps/mail/get.inc
-if ($_GET['_uid']) {
- $MESSAGE = new rcube_message(get_input_value('_uid', RCUBE_INPUT_GET));
+if ($uid = get_input_value('_uid', RCUBE_INPUT_GET)) {
+ $MESSAGE = new rcube_message($uid);
- // set message charset as default
- if (!empty($MESSAGE->headers->charset))
- $IMAP->set_charset($MESSAGE->headers->charset);
-
- // go back to list if message not found (wrong UID)
+ // if message not found (wrong UID)...
if (empty($MESSAGE->headers)) {
- $OUTPUT->show_message('messageopenerror', 'error');
- if ($RCMAIL->action=='preview' && $OUTPUT->template_exists('messagepreview'))
- $OUTPUT->send('messagepreview');
- else {
- rcmail_overwrite_action('');
- return;
- }
+ rcmail_message_error($uid);
}
-
- $mbox_name = $IMAP->get_mailbox_name();
-
+
+ $mbox_name = $RCMAIL->storage->get_folder();
+
// show images?
rcmail_check_safe($MESSAGE);
- // calculate Etag for this request
- $etag = md5($MESSAGE->uid.$mbox_name.session_id()
- .intval($MESSAGE->headers->mdn_sent)
- .intval($MESSAGE->is_safe)
- .(!empty($MESSAGE->attachments) ? intval($CONFIG['inline_images']) : '')
- .intval($PRINT_MODE));
+ // set message charset as default
+ if (!empty($MESSAGE->headers->charset))
+ $RCMAIL->storage->set_charset($MESSAGE->headers->charset);
- // allow caching, unless remote images are present
- if ((bool)$MESSAGE->is_safe)
- send_nocacheing_headers();
- else if (empty($CONFIG['devel_mode']))
- send_modified_header($_SESSION['login_time'], $etag, !$MESSAGE->headers->seen);
+ $OUTPUT->set_pagetitle(abbreviate_string($MESSAGE->subject, 128, '...', true));
- $OUTPUT->set_pagetitle($MESSAGE->subject);
-
// give message uid to the client
$OUTPUT->set_env('uid', $MESSAGE->uid);
// set environement
$OUTPUT->set_env('safemode', $MESSAGE->is_safe);
$OUTPUT->set_env('sender', $MESSAGE->sender['string']);
$OUTPUT->set_env('permaurl', rcmail_url('show', array('_uid' => $MESSAGE->uid, '_mbox' => $mbox_name)));
+ $OUTPUT->set_env('delimiter', $RCMAIL->storage->get_hierarchy_delimiter());
$OUTPUT->set_env('mailbox', $mbox_name);
+
+ // mimetypes supported by the browser (default settings)
+ $mimetypes = $RCMAIL->config->get('client_mimetypes', 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/x-javascript,application/pdf');
+ $OUTPUT->set_env('mimetypes', is_string($mimetypes) ? explode(',', $mimetypes) : (array)$mimetypes);
+
+ if ($CONFIG['drafts_mbox'])
+ $OUTPUT->set_env('drafts_mailbox', $CONFIG['drafts_mbox']);
if ($CONFIG['trash_mbox'])
$OUTPUT->set_env('trash_mailbox', $CONFIG['trash_mbox']);
+ if ($CONFIG['junk_mbox'])
+ $OUTPUT->set_env('junk_mailbox', $CONFIG['junk_mbox']);
+ if ($CONFIG['delete_junk'])
+ $OUTPUT->set_env('delete_junk', true);
+ if ($CONFIG['flag_for_deletion'])
+ $OUTPUT->set_env('flag_for_deletion', true);
+ if ($CONFIG['read_when_deleted'])
+ $OUTPUT->set_env('read_when_deleted', true);
+ if ($CONFIG['skip_deleted'])
+ $OUTPUT->set_env('skip_deleted', true);
+ if ($CONFIG['display_next'])
+ $OUTPUT->set_env('display_next', true);
+ if ($MESSAGE->headers->others['list-post'])
+ $OUTPUT->set_env('list_post', true);
+ if ($CONFIG['forward_attachment'])
+ $OUTPUT->set_env('forward_attachment', true);
+
if (!$OUTPUT->ajax_call)
- $OUTPUT->add_label('checkingmail', 'deletemessage', 'movemessagetotrash', 'movingmessage');
-
+ $OUTPUT->add_label('checkingmail', 'deletemessage', 'movemessagetotrash',
+ 'movingmessage', 'deletingmessage');
+
// check for unset disposition notification
- if ($MESSAGE->headers->mdn_to &&
- !$MESSAGE->headers->mdn_sent && !$MESSAGE->headers->seen &&
- ($IMAP->check_permflag('MDNSENT') || $IMAP->check_permflag('*')) &&
- $mbox_name != $CONFIG['drafts_mbox'] &&
- $mbox_name != $CONFIG['sent_mbox'])
- {
- if (intval($CONFIG['mdn_requests']) === 1)
- {
- if (rcmail_send_mdn($MESSAGE->uid))
+ if ($MESSAGE->headers->mdn_to
+ && empty($MESSAGE->headers->flags['MDNSENT'])
+ && empty($MESSAGE->headers->flags['SEEN'])
+ && ($RCMAIL->storage->check_permflag('MDNSENT') || $RCMAIL->storage->check_permflag('*'))
+ && $mbox_name != $CONFIG['drafts_mbox']
+ && $mbox_name != $CONFIG['sent_mbox']
+ ) {
+ $mdn_cfg = intval($CONFIG['mdn_requests']);
+
+ if ($mdn_cfg == 1 || (($mdn_cfg == 3 || $mdn_cfg == 4) && rcmail_contact_exists($MESSAGE->sender['mailto']))) {
+ // Send MDN
+ if (rcmail_send_mdn($MESSAGE, $smtp_error))
$OUTPUT->show_message('receiptsent', 'confirmation');
+ else if ($smtp_error)
+ $OUTPUT->show_message($smtp_error['label'], 'error', $smtp_error['vars']);
else
$OUTPUT->show_message('errorsendingreceipt', 'error');
}
- else if (empty($CONFIG['mdn_requests']))
- {
+ else if ($mdn_cfg != 2 && $mdn_cfg != 4) {
+ // Ask user
$OUTPUT->add_label('mdnrequest');
$OUTPUT->set_env('mdn_request', true);
}
}
- // get previous, first, next and last message UID
- if ($RCMAIL->action != 'preview' && $RCMAIL->action != 'print')
- {
- $next = $prev = $first = $last = -1;
-
- if ((!($_SESSION['sort_col'] == 'date' && $_SESSION['sort_order'] == 'DESC') &&
- $IMAP->get_capability('sort')) || !empty($_REQUEST['_search']))
- {
- // Only if we use custom sorting
- $a_msg_index = $IMAP->message_index(NULL, $_SESSION['sort_col'], $_SESSION['sort_order']);
-
- $MESSAGE->index = array_search($IMAP->get_id($MESSAGE->uid), $a_msg_index);
-
- $prev = isset($a_msg_index[$MESSAGE->index-1]) ? $IMAP->get_uid($a_msg_index[$MESSAGE->index-1]) : -1 ;
- $first = count($a_msg_index)>0 ? $IMAP->get_uid($a_msg_index[0]) : -1;
- $next = isset($a_msg_index[$MESSAGE->index+1]) ? $IMAP->get_uid($a_msg_index[$MESSAGE->index+1]) : -1 ;
- $last = count($a_msg_index)>0 ? $IMAP->get_uid($a_msg_index[count($a_msg_index)-1]) : -1;
- }
- else
- {
- // this assumes that we are sorted by date_DESC
- $cnt = $IMAP->messagecount();
- $seq = $IMAP->get_id($MESSAGE->uid);
- $MESSAGE->index = $cnt - $seq;
-
- $prev = $IMAP->get_uid($seq + 1);
- $first = $IMAP->get_uid($cnt);
- $next = $IMAP->get_uid($seq - 1);
- $last = $IMAP->get_uid(1);
- }
-
- if ($prev > 0)
- $OUTPUT->set_env('prev_uid', $prev);
- if ($first > 0)
- $OUTPUT->set_env('first_uid', $first);
- if ($next > 0)
- $OUTPUT->set_env('next_uid', $next);
- if ($last > 0)
- $OUTPUT->set_env('last_uid', $last);
- }
-
- // mark message as read
- if (!$MESSAGE->headers->seen) {
- $IMAP->set_flag($MESSAGE->uid, 'SEEN');
- $RCMAIL->plugins->exec_hook('message_read', array('uid' => $MESSAGE->uid, 'mailbox' => $IMAP->mailbox, 'message' => $MESSAGE));
+ if (empty($MESSAGE->headers->flags['SEEN'])
+ && ($RCMAIL->action == 'show' || ($RCMAIL->action == 'preview' && intval($CONFIG['preview_pane_mark_read']) == 0))
+ ) {
+ $RCMAIL->plugins->exec_hook('message_read', array('uid' => $MESSAGE->uid,
+ 'mailbox' => $mbox_name, 'message' => $MESSAGE));
}
}
@@ -146,7 +121,7 @@
function rcmail_message_attachments($attrib)
{
global $PRINT_MODE, $MESSAGE;
-
+
$out = $ol = '';
if (sizeof($MESSAGE->attachments)) {
@@ -155,7 +130,7 @@
$ol .= html::tag('li', null, sprintf("%s (%s)", Q($attach_prop->filename), Q(show_bytes($attach_prop->size))));
}
else {
- if (rc_strlen($attach_prop->filename) > 50) {
+ if (mb_strlen($attach_prop->filename) > 50) {
$filename = abbreviate_string($attach_prop->filename, 50);
$title = $attach_prop->filename;
}
@@ -164,14 +139,14 @@
$title = '';
}
- $ol .= html::tag('li', null,
+ $ol .= html::tag('li', rcmail_filetype2classname($attach_prop->mimetype, $attach_prop->filename),
html::a(array(
- 'href' => $MESSAGE->get_part_url($attach_prop->mime_id),
+ 'href' => $MESSAGE->get_part_url($attach_prop->mime_id, false),
'onclick' => sprintf(
'return %s.command(\'load-attachment\',{part:\'%s\', mimetype:\'%s\'},this)',
JS_OBJECT_NAME,
$attach_prop->mime_id,
- $attach_prop->mimetype),
+ rcmail_fix_mimetype($attach_prop->mimetype)),
'title' => Q($title),
),
Q($filename)));
@@ -179,44 +154,115 @@
}
$out = html::tag('ul', $attrib, $ol, html::$common_attrib);
- }
-
+ }
+
return $out;
}
-
-
-function rcmail_remote_objects_msg($attrib)
+function rcmail_remote_objects_msg()
{
global $MESSAGE, $RCMAIL;
-
- if (!$attrib['id'])
- $attrib['id'] = 'rcmremoteobjmsg';
-
+
+ $attrib['id'] = 'remote-objects-message';
+ $attrib['class'] = 'notice';
+ $attrib['style'] = 'display: none';
+
$msg = Q(rcube_label('blockedimages')) . ' ';
$msg .= html::a(array('href' => "#loadimages", 'onclick' => JS_OBJECT_NAME.".command('load-images')"), Q(rcube_label('showimages')));
-
+
// add link to save sender in addressbook and reload message
if ($MESSAGE->sender['mailto'] && $RCMAIL->config->get('show_images') == 1) {
$msg .= ' ' . html::a(array('href' => "#alwaysload", 'onclick' => JS_OBJECT_NAME.".command('always-load')", 'style' => "white-space:nowrap"),
Q(rcube_label(array('name' => 'alwaysshow', 'vars' => array('sender' => $MESSAGE->sender['mailto'])))));
}
-
+
$RCMAIL->output->add_gui_object('remoteobjectsmsg', $attrib['id']);
return html::div($attrib, $msg);
+}
+
+function rcmail_message_buttons()
+{
+ global $MESSAGE, $RCMAIL, $CONFIG;
+
+ $mbox = $RCMAIL->storage->get_folder();
+ $delim = $RCMAIL->storage->get_hierarchy_delimiter();
+ $dbox = $CONFIG['drafts_mbox'];
+
+ // the message is not a draft
+ if ($mbox != $dbox && strpos($mbox, $dbox.$delim) !== 0) {
+ return '';
+ }
+
+ $attrib['id'] = 'message-buttons';
+ $attrib['class'] = 'notice';
+
+ $msg = Q(rcube_label('isdraft')) . ' ';
+ $msg .= html::a(array('href' => "#edit", 'onclick' => JS_OBJECT_NAME.".command('edit')"), Q(rcube_label('edit')));
+
+ return html::div($attrib, $msg);
+}
+
+function rcmail_message_objects($attrib)
+{
+ global $RCMAIL, $MESSAGE;
+
+ if (!$attrib['id'])
+ $attrib['id'] = 'message-objects';
+
+ $content = array(
+ rcmail_message_buttons(),
+ rcmail_remote_objects_msg(),
+ );
+
+ $plugin = $RCMAIL->plugins->exec_hook('message_objects',
+ array('content' => $content, 'message' => $MESSAGE));
+
+ $content = implode("\n", $plugin['content']);
+
+ return html::div($attrib, $content);
+}
+
+function rcmail_contact_exists($email)
+{
+ global $RCMAIL;
+
+ if ($email) {
+ // @TODO: search in all address books?
+ $CONTACTS = $RCMAIL->get_address_book(null, true);
+ $existing = $CONTACTS->search('email', $email, true, false);
+ if ($existing->count)
+ return true;
+ }
+
+ return false;
}
$OUTPUT->add_handlers(array(
'messageattachments' => 'rcmail_message_attachments',
'mailboxname' => 'rcmail_mailbox_name_display',
- 'blockedobjects' => 'rcmail_remote_objects_msg'));
+ 'messageobjects' => 'rcmail_message_objects',
+));
-if ($RCMAIL->action=='print' && $OUTPUT->template_exists('printmessage'))
- $OUTPUT->send('printmessage');
+if ($RCMAIL->action=='print' && $OUTPUT->template_exists('messageprint'))
+ $OUTPUT->send('messageprint', false);
else if ($RCMAIL->action=='preview' && $OUTPUT->template_exists('messagepreview'))
- $OUTPUT->send('messagepreview');
+ $OUTPUT->send('messagepreview', false);
else
- $OUTPUT->send('message');
-?>
+ $OUTPUT->send('message', false);
+
+
+// mark message as read
+if ($MESSAGE && $MESSAGE->headers && empty($MESSAGE->headers->flags['SEEN']) &&
+ ($RCMAIL->action == 'show' || ($RCMAIL->action == 'preview' && intval($CONFIG['preview_pane_mark_read']) == 0)))
+{
+ if ($RCMAIL->storage->set_flag($MESSAGE->uid, 'SEEN')) {
+ if ($count = rcmail_get_unseen_count($mbox_name)) {
+ rcmail_set_unseen_count($mbox_name, $count - 1);
+ }
+ }
+}
+
+exit;
+
--
Gitblit v1.9.1