CHANGELOG | ●●●●● patch | view | raw | blame | history | |
program/include/rcube_content_filter.php | ●●●●● patch | view | raw | blame | history | |
program/js/app.js | ●●●●● patch | view | raw | blame | history | |
program/steps/mail/autocomplete.inc | ●●●●● patch | view | raw | blame | history | |
program/steps/mail/get.inc | ●●●●● patch | view | raw | blame | history | |
program/steps/settings/folders.inc | ●●●●● patch | view | raw | blame | history |
CHANGELOG
@@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== - Fix crash with eAccelerator (#1488256) - Fix expanding folders during drag&drop (#1488260) - Fix wrong postgres sequence name in upgrade from 0.6 - Fix broken CREATE INDEX queries in SQLite DDL files (#1488255) program/include/rcube_content_filter.php
New file @@ -0,0 +1,55 @@ <?php /* +-----------------------------------------------------------------------+ | program/include/rcube_content_filter.php | | | | This file is part of the Roundcube Webmail client | | Copyright (C) 2011, The Roundcube Dev Team | | Licensed under the GNU GPL | | | | PURPOSE: | | PHP stream filter to detect evil content in mail attachments | | | +-----------------------------------------------------------------------+ | Author: Thomas Bruederli <roundcube@gmail.com> | +-----------------------------------------------------------------------+ $Id$ */ /** * PHP stream filter to detect html/javascript code in attachments */ class rcube_content_filter extends php_user_filter { private $buffer = ''; private $cutoff = 2048; function onCreate() { $this->cutoff = rand(2048, 3027); return true; } function filter($in, $out, &$consumed, $closing) { while ($bucket = stream_bucket_make_writeable($in)) { $this->buffer .= $bucket->data; // check for evil content and abort if (preg_match('/<(script|iframe|object)/i', $this->buffer)) return PSFS_ERR_FATAL; // keep buffer small enough if (strlen($this->buffer) > 4096) $this->buffer = substr($this->buffer, $this->cutoff); $consumed += $bucket->datalen; stream_bucket_append($out, $bucket); } return PSFS_PASS_ON; } } program/js/app.js
@@ -3082,7 +3082,7 @@ if (!vis) this.stop_spellchecking(); $(this.env.spellcheck.spell_container).css('visibility', vis ? 'visible' : 'hidden'); $(this.env.spellcheck.spell_container)[vis ? 'show' : 'hide'](); } }; program/steps/mail/autocomplete.inc
@@ -28,8 +28,10 @@ $abook->set_pagesize(1000); // TODO: limit number of group members by config $result = $abook->list_records(array('email','name')); while ($result && ($sql_arr = $result->iterate())) { foreach ((array)$sql_arr['email'] as $email) foreach ((array)$sql_arr['email'] as $email) { $members[] = format_email_recipient($email, $sql_arr['name']); break; // only expand one email per contact } } $separator = trim($RCMAIL->config->get('recipients_separator', ',')) . ' '; program/steps/mail/get.inc
@@ -5,7 +5,7 @@ | program/steps/mail/get.inc | | | | This file is part of the Roundcube Webmail client | | Copyright (C) 2005-2009, The Roundcube Dev Team | | Copyright (C) 2005-2011, The Roundcube Dev Team | | Licensed under the GNU GPL | | | | PURPOSE: | @@ -178,40 +178,4 @@ header('HTTP/1.1 404 Not Found'); exit; /** * PHP stream filter to detect html/javascript code in attachments */ class rcube_content_filter extends php_user_filter { private $buffer = ''; private $cutoff = 2048; function onCreate() { $this->cutoff = rand(2048, 3027); return true; } function filter($in, $out, &$consumed, $closing) { while ($bucket = stream_bucket_make_writeable($in)) { $this->buffer .= $bucket->data; // check for evil content and abort if (preg_match('/<(script|iframe|object)/i', $this->buffer)) return PSFS_ERR_FATAL; // keep buffer small enough if (strlen($this->buffer) > 4096) $this->buffer = substr($this->buffer, $this->cutoff); $consumed += $bucket->datalen; stream_bucket_append($out, $bucket); } return PSFS_PASS_ON; } } program/steps/settings/folders.inc
@@ -293,10 +293,12 @@ if (!$disabled && $folder['virtual'] && $folder['level'] == 0 && !empty($namespace)) { $fname = $folder['id'] . $delimiter; foreach ($namespace as $ns) { foreach ($ns as $item) { if ($item[0] === $fname) { $disabled = true; break 2; if (is_array($ns)) { foreach ($ns as $item) { if ($item[0] === $fname) { $disabled = true; break 2; } } } }