CHANGELOG | ●●●●● patch | view | raw | blame | history | |
program/include/rcube_imap.php | ●●●●● patch | view | raw | blame | history | |
program/include/rcube_imap_generic.php | ●●●●● patch | view | raw | blame | history | |
program/include/rcube_message.php | ●●●●● patch | view | raw | blame | history |
CHANGELOG
@@ -3,6 +3,9 @@ RELEASE 0.5.1 ------------- - Fix handling of attachments with invalid content type (#1487767) - Add workaround for DBMail's bug http://www.dbmail.org/mantis/view.php?id=881 (#1487766) - Use IMAP's ID extension (RFC2971) to print more info into debug log - Security: add optional referer check to prevent CSRF in GET requests - Fix email_dns_check setting not used for identities/contacts (#1487740) - Fix ICANN example addresses doesn't validate (#1487742) program/include/rcube_imap.php
@@ -148,9 +148,18 @@ $this->options['port'] = $port; if ($this->options['debug']) if ($this->options['debug']) { $this->conn->setDebug(true, array($this, 'debug_handler')); $this->options['ident'] = array( 'name' => 'Roundcube Webmail', 'version' => RCMAIL_VERSION, 'php' => PHP_VERSION, 'os' => PHP_OS, 'command' => $_SERVER['REQUEST_URI'], ); } $attempt = 0; do { $data = rcmail::get_instance()->plugins->exec_hook('imap_connect', program/include/rcube_imap_generic.php
@@ -759,6 +759,11 @@ } } // Send ID info if (!empty($this->prefs['ident']) && $this->getCapability('ID')) { $this->id($this->prefs['ident']); } $auth_methods = array(); $result = null; @@ -1152,6 +1157,44 @@ $index = $this->search($mailbox, 'ALL UNSEEN', false, array('COUNT')); if (is_array($index)) { return (int) $index['COUNT']; } return false; } /** * Executes ID command (RFC2971) * * @param array $items Client identification information key/value hash * * @return array Server identification information key/value hash * @access public * @since 0.6 */ function id($items=array()) { if (is_array($items) && !empty($items)) { foreach ($items as $key => $value) { $args[] = $this->escape($key); $args[] = $this->escape($value); } } list($code, $response) = $this->execute('ID', array( !empty($args) ? '(' . implode(' ', (array) $args) . ')' : $this->escape(null) )); if ($code == self::ERROR_OK && preg_match('/\* ID /i', $response)) { $response = substr($response, 5); // remove prefix "* ID " $items = $this->tokenizeResponse($response); $result = null; for ($i=0, $len=count($items); $i<$len; $i += 2) { $result[$items[$i]] = $items[$i+1]; } return $result; } return false; @@ -3284,10 +3327,11 @@ else if ($string === '') { return '""'; } // need quoted-string? find special chars: SP, CTL, (, ), {, %, *, ", \, ] // plus [ character as a workaround for DBMail's bug (#1487766) else if ($force_quotes || preg_match('/([\x00-\x20\x28-\x29\x7B\x25\x2A\x22\x5C\x5D\x7F]+)/', $string) preg_match('/([\x00-\x20\x28-\x29\x7B\x25\x2A\x22\x5B\x5C\x5D\x7F]+)/', $string) ) { // string: special chars: SP, CTL, (, ), {, %, *, ", \, ] return '"' . strtr($string, array('"'=>'\\"', '\\' => '\\\\')) . '"'; } program/include/rcube_message.php
@@ -478,10 +478,21 @@ if (!empty($mail_part->filename)) $this->attachments[] = $mail_part; } // is a regular attachment (content-type name regexp according to RFC4288.4.2) // regular attachment with valid content type // (content-type name regexp according to RFC4288.4.2) else if (preg_match('/^[a-z0-9!#$&.+^_-]+\/[a-z0-9!#$&.+^_-]+$/i', $part_mimetype)) { if (!$mail_part->filename) $mail_part->filename = 'Part '.$mail_part->mime_id; $this->attachments[] = $mail_part; } // attachment with invalid content type // replace malformed content type with application/octet-stream (#1487767) else if ($mail_part->filename) { $mail_part->ctype_primary = 'application'; $mail_part->ctype_secondary = 'octet-stream'; $mail_part->mimetype = 'application/octet-stream'; $this->attachments[] = $mail_part; } }