| program/include/rcube_content_filter.php | ●●●●● patch | view | raw | blame | history | |
| program/include/rcube_html_page.php | ●●●●● patch | view | raw | blame | history | |
| program/include/rcube_imap_cache.php | ●●●●● patch | view | raw | blame | history |
program/include/rcube_content_filter.php
@@ -23,33 +23,34 @@ */ class rcube_content_filter extends php_user_filter { private $buffer = ''; private $cutoff = 2048; private $buffer = ''; private $cutoff = 2048; function onCreate() { $this->cutoff = rand(2048, 3027); return true; } function filter($in, $out, &$consumed, $closing) { while ($bucket = stream_bucket_make_writeable($in)) { $this->buffer .= $bucket->data; // check for evil content and abort if (preg_match('/<(script|iframe|object)/i', $this->buffer)) return PSFS_ERR_FATAL; // keep buffer small enough if (strlen($this->buffer) > 4096) $this->buffer = substr($this->buffer, $this->cutoff); $consumed += $bucket->datalen; stream_bucket_append($out, $bucket); function onCreate() { $this->cutoff = rand(2048, 3027); return true; } return PSFS_PASS_ON; } } function filter($in, $out, &$consumed, $closing) { while ($bucket = stream_bucket_make_writeable($in)) { $this->buffer .= $bucket->data; // check for evil content and abort if (preg_match('/<(script|iframe|object)/i', $this->buffer)) { return PSFS_ERR_FATAL; } // keep buffer small enough if (strlen($this->buffer) > 4096) { $this->buffer = substr($this->buffer, $this->cutoff); } $consumed += $bucket->datalen; stream_bucket_append($out, $bucket); } return PSFS_PASS_ON; } } program/include/rcube_html_page.php
@@ -52,9 +52,13 @@ public function include_script($file, $position='head') { static $sa_files = array(); if (!preg_match('|^https?://|i', $file) && $file[0] != '/') $file = $this->scripts_path . $file . (($fs = @filemtime($this->scripts_path . $file)) ? '?s='.$fs : ''); if (!preg_match('|^https?://|i', $file) && $file[0] != '/') { $file = $this->scripts_path . $file; if ($fs = @filemtime($file)) { $file .= '?s=' . $fs; } } if (in_array($file, $sa_files)) { return; @@ -65,6 +69,7 @@ if (!is_array($this->script_files[$position])) { $this->script_files[$position] = array(); } $this->script_files[$position][] = $file; } @@ -77,9 +82,10 @@ public function add_script($script, $position='head') { if (!isset($this->scripts[$position])) { $this->scripts[$position] = "\n".rtrim($script); } else { $this->scripts[$position] .= "\n".rtrim($script); $this->scripts[$position] = "\n" . rtrim($script); } else { $this->scripts[$position] .= "\n" . rtrim($script); } } @@ -100,7 +106,7 @@ */ public function add_header($str) { $this->header .= "\n".$str; $this->header .= "\n" . $str; } /** @@ -111,7 +117,7 @@ */ public function add_footer($str) { $this->footer .= "\n".$str; $this->footer .= "\n" . $str; } /** @@ -262,7 +268,8 @@ ) { $css = ''; foreach ($this->css_files as $file) { $css .= html::tag('link', array('rel' => 'stylesheet', 'type' => 'text/css', 'href' => $file, 'nl' => true)); $css .= html::tag('link', array('rel' => 'stylesheet', 'type' => 'text/css', 'href' => $file, 'nl' => true)); } $output = substr_replace($output, $css, $pos, 0); } @@ -279,10 +286,12 @@ // trigger hook with final HTML content to be sent $hook = rcmail::get_instance()->plugins->exec_hook("send_page", array('content' => $output)); if (!$hook['abort']) { if ($this->charset != RCMAIL_CHARSET) if ($this->charset != RCMAIL_CHARSET) { echo rcube_charset_convert($hook['content'], RCMAIL_CHARSET, $this->charset); else } else { echo $hook['content']; } } } @@ -296,14 +305,17 @@ $file = $matches[3]; // correct absolute paths if ($file[0] == '/') if ($file[0] == '/') { $file = $this->base_path . $file; } // add file modification timestamp if (preg_match('/\.(js|css)$/', $file)) $file .= '?s=' . @filemtime($file); if (preg_match('/\.(js|css)$/', $file)) { if ($fs = @filemtime($file)) { $file .= '?s=' . $fs; } } return sprintf("%s=%s%s%s", $matches[1], $matches[2], $file, $matches[4]); return $matches[1] . '=' . $matches[2] . $file . $matches[4]; } }
@@ -120,8 +120,9 @@ */ function get_index($mailbox, $sort_field = null, $sort_order = null, $existing = false) { if (empty($this->icache[$mailbox])) if (empty($this->icache[$mailbox])) { $this->icache[$mailbox] = array(); } $sort_order = strtoupper($sort_order) == 'ASC' ? 'ASC' : 'DESC'; @@ -226,8 +227,9 @@ */ function get_thread($mailbox) { if (empty($this->icache[$mailbox])) if (empty($this->icache[$mailbox])) { $this->icache[$mailbox] = array(); } // Seek in internal cache if (array_key_exists('thread', $this->icache[$mailbox])) { @@ -404,16 +406,19 @@ */ function add_message($mailbox, $message, $force = false) { if (!is_object($message) || empty($message->uid)) if (!is_object($message) || empty($message->uid)) { return; } $msg = serialize($this->db->encode(clone $message)); $flags = 0; if (!empty($message->flags)) { foreach ($this->flags as $idx => $flag) if (!empty($message->flags[$flag])) foreach ($this->flags as $idx => $flag) { if (!empty($message->flags[$flag])) { $flags += $idx; } } } unset($msg->flags); @@ -428,8 +433,9 @@ ." AND uid = ?", $flags, $msg, $this->userid, $mailbox, (int) $message->uid); if ($this->db->affected_rows()) if ($this->db->affected_rows()) { return; } } // insert new record @@ -524,27 +530,30 @@ // The index should be only removed from database when // UIDVALIDITY was detected or the mailbox is empty // otherwise use 'valid' flag to not loose HIGHESTMODSEQ value if ($remove) if ($remove) { $this->db->query( "DELETE FROM ".get_table_name('cache_index') ." WHERE user_id = ".intval($this->userid) .(strlen($mailbox) ? " AND mailbox = ".$this->db->quote($mailbox) : "") ); else } else { $this->db->query( "UPDATE ".get_table_name('cache_index') ." SET valid = 0" ." WHERE user_id = ".intval($this->userid) .(strlen($mailbox) ? " AND mailbox = ".$this->db->quote($mailbox) : "") ); } if (strlen($mailbox)) { unset($this->icache[$mailbox]['index']); // Index removed, set flag to skip SELECT query in get_index() $this->icache[$mailbox]['index_queried'] = true; } else else { $this->icache = array(); } } @@ -566,8 +575,9 @@ // Thread data removed, set flag to skip SELECT query in get_thread() $this->icache[$mailbox]['thread_queried'] = true; } else else { $this->icache = array(); } } @@ -672,19 +682,21 @@ ); $data = implode('@', $data); if ($exists) if ($exists) { $sql_result = $this->db->query( "UPDATE ".get_table_name('cache_index') ." SET data = ?, valid = 1, changed = ".$this->db->now() ." WHERE user_id = ?" ." AND mailbox = ?", $data, $this->userid, $mailbox); else } else { $sql_result = $this->db->query( "INSERT INTO ".get_table_name('cache_index') ." (user_id, mailbox, data, valid, changed)" ." VALUES (?, ?, ?, 1, ".$this->db->now().")", $this->userid, $mailbox, $data); } } @@ -701,19 +713,21 @@ ); $data = implode('@', $data); if ($exists) if ($exists) { $sql_result = $this->db->query( "UPDATE ".get_table_name('cache_thread') ." SET data = ?, changed = ".$this->db->now() ." WHERE user_id = ?" ." AND mailbox = ?", $data, $this->userid, $mailbox); else } else { $sql_result = $this->db->query( "INSERT INTO ".get_table_name('cache_thread') ." (user_id, mailbox, data, changed)" ." VALUES (?, ?, ?, ".$this->db->now().")", $this->userid, $mailbox, $data); } } @@ -1023,9 +1037,11 @@ if ($message) { $message->flags = array(); foreach ($this->flags as $idx => $flag) if (($sql_arr['flags'] & $idx) == $idx) foreach ($this->flags as $idx => $flag) { if (($sql_arr['flags'] & $idx) == $idx) { $message->flags[$flag] = true; } } } return $message;
