Fix handling of invalid characters in message headers and output (#1489032)
| | |
| | | CHANGELOG Roundcube Webmail |
| | | =========================== |
| | | |
| | | - Fix handling of invalid characters in message headers and output (#1489032) |
| | | - Fix selecting collapsed rows on select-all (#1489036) |
| | | - Fix possible header duplicates when using additional headers (#1489033) |
| | | - Fix session issues with use_https=true (#1488986) |
| | |
| | | public static $common_attrib = array('id','class','style','title','align'); |
| | | public static $containers = array('iframe','div','span','p','h1','h2','h3','form','textarea','table','thead','tbody','tr','th','td','style','script'); |
| | | |
| | | |
| | | /** |
| | | * Constructor |
| | | * |
| | |
| | | */ |
| | | public static function quote($str) |
| | | { |
| | | return @htmlspecialchars($str, ENT_COMPAT, RCUBE_CHARSET); |
| | | static $flags; |
| | | |
| | | if (!$flags) { |
| | | $flags = ENT_COMPAT; |
| | | if (defined('ENT_SUBSTITUTE')) { |
| | | $flags |= ENT_SUBSTITUTE; |
| | | } |
| | | } |
| | | |
| | | return @htmlspecialchars($str, $flags, RCUBE_CHARSET); |
| | | } |
| | | } |
| | | |
| | |
| | | |
| | | $this->headers = $this->storage->get_message($uid); |
| | | |
| | | if (!$this->headers) |
| | | if (!$this->headers) { |
| | | return; |
| | | } |
| | | |
| | | $this->mime = new rcube_mime($this->headers->charset); |
| | | |
| | | $this->subject = $this->mime->decode_mime_string($this->headers->subject); |
| | | $this->subject = $this->headers->get('subject'); |
| | | list(, $this->sender) = each($this->mime->decode_address_list($this->headers->from, 1)); |
| | | |
| | | $this->set_safe((intval($_GET['_safe']) || $_SESSION['safe_messages'][$this->folder.':'.$uid])); |
| | |
| | | */ |
| | | public function get_header($name, $raw = false) |
| | | { |
| | | if (empty($this->headers)) |
| | | if (empty($this->headers)) { |
| | | return null; |
| | | } |
| | | |
| | | if ($this->headers->$name) |
| | | $value = $this->headers->$name; |
| | | else if ($this->headers->others[$name]) |
| | | $value = $this->headers->others[$name]; |
| | | |
| | | return $raw ? $value : $this->mime->decode_header($value); |
| | | return $this->headers->get($name, !$raw); |
| | | } |
| | | |
| | | |
| | |
| | | $value = $this->others[$name]; |
| | | } |
| | | |
| | | return $decode ? rcube_mime::decode_header($value, $this->charset) : $value; |
| | | if ($decode) { |
| | | $value = rcube_mime::decode_header($value, $this->charset); |
| | | $value = rcube_charset::clean($value); |
| | | } |
| | | |
| | | return $value; |
| | | } |
| | | |
| | | /** |
| | |
| | | } |
| | | } |
| | | else if ($compose_mode == RCUBE_COMPOSE_DRAFT) { |
| | | if ($MESSAGE->headers->others['x-draft-info']) { |
| | | if ($draft_info = $MESSAGE->headers->get('x-draft-info')) { |
| | | // get reply_uid/forward_uid to flag the original message when sending |
| | | $info = rcmail_draftinfo_decode($MESSAGE->headers->others['x-draft-info']); |
| | | $info = rcmail_draftinfo_decode($draft_info); |
| | | |
| | | if ($info['type'] == 'reply') |
| | | $COMPOSE['reply_uid'] = $info['uid']; |
| | |
| | | } |
| | | } |
| | | |
| | | if ($MESSAGE->headers->in_reply_to) |
| | | $COMPOSE['reply_msgid'] = '<'.$MESSAGE->headers->in_reply_to.'>'; |
| | | if ($in_reply_to = $MESSAGE->headers->get('in-reply-to')) |
| | | $COMPOSE['reply_msgid'] = '<' . $in_reply_to . '>'; |
| | | |
| | | $COMPOSE['references'] = $MESSAGE->headers->references; |
| | | } |
| | |
| | | * return table with message headers |
| | | */ |
| | | function rcmail_message_headers($attrib, $headers=null) |
| | | { |
| | | { |
| | | global $OUTPUT, $MESSAGE, $PRINT_MODE, $RCMAIL; |
| | | static $sa_attrib; |
| | | |
| | |
| | | $OUTPUT->set_env('skip_deleted', true); |
| | | if ($CONFIG['display_next']) |
| | | $OUTPUT->set_env('display_next', true); |
| | | if ($MESSAGE->headers->others['list-post']) |
| | | if ($MESSAGE->headers->get('list-post', false)) |
| | | $OUTPUT->set_env('list_post', true); |
| | | if ($CONFIG['forward_attachment']) |
| | | $OUTPUT->set_env('forward_attachment', true); |