From acf633c73bc8df9a5036bc52d7568f4213ab73c7 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 06 May 2016 02:32:01 -0400
Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241)

---
 plugins/additional_message_headers/additional_message_headers.php |   41 +++++++++++++++++++++++++++--------------
 1 files changed, 27 insertions(+), 14 deletions(-)

diff --git a/plugins/additional_message_headers/additional_message_headers.php b/plugins/additional_message_headers/additional_message_headers.php
index 21016dd..5c07ec8 100644
--- a/plugins/additional_message_headers/additional_message_headers.php
+++ b/plugins/additional_message_headers/additional_message_headers.php
@@ -6,8 +6,8 @@
  * Very simple plugin which will add additional headers
  * to or remove them from outgoing messages.
  *
- * Enable the plugin in config/main.inc.php and add your desired headers:
- * $rcmail_config['additional_message_headers'] = array('User-Agent');
+ * Enable the plugin in config.inc.php and add your desired headers:
+ * $config['additional_message_headers'] = array('User-Agent' => 'My-Very-Own-Webmail');
  *
  * @version @package_version@
  * @author Ziba Scott
@@ -15,29 +15,42 @@
  */
 class additional_message_headers extends rcube_plugin
 {
-    public $task = 'mail';
-
     function init()
     {
-        $this->add_hook('outgoing_message_headers', array($this, 'message_headers'));
+        $this->add_hook('message_before_send', array($this, 'message_headers'));
     }
 
     function message_headers($args)
     {
-	$this->load_config();
+        $this->load_config();
+
+        $rcube = rcube::get_instance();
 
         // additional email headers
-        $additional_headers = rcmail::get_instance()->config->get('additional_message_headers',array());
-        foreach($additional_headers as $header=>$value){
-            if (null === $value) {
-                unset($args['headers'][$header]);
-            } else {
-                $args['headers'][$header] = $value;
+        $additional_headers = $rcube->config->get('additional_message_headers', array());
+
+        if (!empty($additional_headers)) {
+            // Mail_mime >= 1.9.0
+            if (method_exists($message, 'isMultipart')) {
+                $args['message']->headers($additional_headers, true);
+            }
+            else {
+                $headers = $args['message']->headers();
+
+                foreach ((array) $additional_headers as $header => $value) {
+                    if ($value === null) {
+                        unset($headers[$header]);
+                    }
+                    else {
+                        $headers[$header] = $value;
+                    }
+                }
+
+                $args['message']->_headers = array();
+                $args['message']->headers($headers);
             }
         }
 
         return $args;
     }
 }
-
-?>

--
Gitblit v1.9.1