Apply more bugfixes from trunk for 0.5.1
| | |
| | | |
| | | RELEASE 0.5.1 |
| | | ------------- |
| | | - Security: add optional referer check to prevent CSRF in GET requests |
| | | - Fix email_dns_check setting not used for identities/contacts (#1487740) |
| | | - Fix ICANN example addresses doesn't validate (#1487742) |
| | | - Security: protect login form submission from CSRF |
| | | - Security: prevent from relaying malicious requests through modcss.inc |
| | | - Fix handling of non-image attachments in multipart/related messages (#1487750) |
| | | - Fix IDNA support when IDN/INTL modules are in use (#1487742) |
| | | - Fix handling of invalid HTML comments in messages (#1487759) |
| | | - Fix parsing FETCH response for very long headers (#1487753) |
| | | - Fix add/remove columns in message list when message_sort_order isn't set (#1487751) |
| | | - Fix settings UI on IE 6 (#1487724) |
| | | - Remove double borders in folder listing (#1487713) |
| | | - Separate full message headers UI element from headers table (#1487715) |
| | |
| | | // There have been problems reported with this feature. |
| | | $rcmail_config['double_auth'] = false; |
| | | |
| | | // check referer of incoming requests |
| | | $rcmail_config['referer_check'] = false; |
| | | |
| | | // this key is used to encrypt the users imap password which is stored |
| | | // in the session record (and the client cookie if remember password is enabled). |
| | | // please provide a string of exactly 24 chars. |
| | |
| | | |
| | | // try to log in |
| | | if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') { |
| | | $request_valid = $_SESSION['temp'] && $RCMAIL->check_request(RCUBE_INPUT_POST, 'login'); |
| | | |
| | | // purge the session in case of new login when a session already exists |
| | | $RCMAIL->kill_session(); |
| | | |
| | |
| | | 'pass' => get_input_value('_pass', RCUBE_INPUT_POST, true, |
| | | $RCMAIL->config->get('password_charset', 'ISO-8859-1')), |
| | | 'cookiecheck' => true, |
| | | 'valid' => $request_valid, |
| | | )); |
| | | |
| | | // check if client supports cookies |
| | | if ($auth['cookiecheck'] && empty($_COOKIE)) { |
| | | $OUTPUT->show_message("cookiesdisabled", 'warning'); |
| | | } |
| | | else if ($_SESSION['temp'] && !$auth['abort'] && |
| | | else if ($auth['valid'] && !$auth['abort'] && |
| | | !empty($auth['host']) && !empty($auth['user']) && |
| | | $RCMAIL->login($auth['user'], $auth['pass'], $auth['host'])) { |
| | | // create new session ID |
| | |
| | | else { |
| | | $error_code = is_object($IMAP) ? $IMAP->get_error_code() : -1; |
| | | |
| | | $OUTPUT->show_message($error_code < -1 ? 'imaperror' : 'loginfailed', 'warning'); |
| | | $OUTPUT->show_message($error_code < -1 ? 'imaperror' : (!$auth['valid'] ? 'invalidrequest' : 'loginfailed'), 'warning'); |
| | | $RCMAIL->plugins->exec_hook('login_failed', array( |
| | | 'code' => $error_code, 'host' => $auth['host'], 'user' => $auth['user'])); |
| | | $RCMAIL->kill_session(); |
| | | } |
| | | } |
| | | |
| | | // end session |
| | | else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id'])) { |
| | | // end session (after optional referer check) |
| | | else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id']) && (!$RCMAIL->config->get('referer_check') || rcube_check_referer())) { |
| | | $userdata = array('user' => $_SESSION['username'], 'host' => $_SESSION['imap_host'], 'lang' => $RCMAIL->user->language); |
| | | $OUTPUT->show_message('loggedout'); |
| | | $RCMAIL->logout_actions(); |
| | |
| | | ); |
| | | } |
| | | |
| | | $OUTPUT->set_env('task', 'login'); |
| | | $RCMAIL->set_task('login'); |
| | | $OUTPUT->send('login'); |
| | | } |
| | | // CSRF prevention |
| | |
| | | $OUTPUT->show_message('invalidrequest', 'error'); |
| | | $OUTPUT->send($RCMAIL->task); |
| | | } |
| | | |
| | | // check referer if configured |
| | | if (!$request_check_whitelist[$RCMAIL->action] && $RCMAIL->config->get('referer_check') && !rcube_check_referer()) { |
| | | raise_error(array( |
| | | 'code' => 403, |
| | | 'type' => 'php', |
| | | 'message' => "Referer check failed"), true, true); |
| | | } |
| | | } |
| | | |
| | | // handle special actions |
| | |
| | | |
| | | |
| | | /** |
| | | * Check whether the HTTP referer matches the current request |
| | | * |
| | | * @return boolean True if referer is the same host+path, false if not |
| | | */ |
| | | function rcube_check_referer() |
| | | { |
| | | $uri = parse_url($_SERVER['REQUEST_URI']); |
| | | $referer = parse_url(rc_request_header('Referer')); |
| | | return $referer['host'] == rc_request_header('Host') && $referer['path'] == $uri['path']; |
| | | } |
| | | |
| | | |
| | | /** |
| | | * @access private |
| | | * @return mixed |
| | | */ |
| | |
| | | return false; |
| | | } |
| | | |
| | | /* |
| | | * Idn_to_ascii wrapper. |
| | | * Intl/Idn modules version of this function doesn't work with e-mail address |
| | | */ |
| | | function rcube_idn_to_ascii($str) |
| | | { |
| | | return rcube_idn_convert($str, true); |
| | | } |
| | | |
| | | /* |
| | | * Idn_to_ascii wrapper. |
| | | * Intl/Idn modules version of this function doesn't work with e-mail address |
| | | */ |
| | | function rcube_idn_to_utf8($str) |
| | | { |
| | | return rcube_idn_convert($str, false); |
| | | } |
| | | |
| | | function rcube_idn_convert($input, $is_utf=false) |
| | | { |
| | | if ($at = strpos($input, '@')) { |
| | | $user = substr($input, 0, $at); |
| | | $domain = substr($input, $at+1); |
| | | } |
| | | else { |
| | | $domain = $input; |
| | | } |
| | | |
| | | $domain = $is_utf ? idn_to_ascii($domain) : idn_to_utf8($domain); |
| | | |
| | | return $at ? $user . '@' . $domain : $domain; |
| | | } |
| | | |
| | | |
| | | /** |
| | | * Helper class to turn relative urls into absolute ones |
| | |
| | | |
| | | // Here we need IDNA ASCII |
| | | // Only rcube_contacts class is using domain names in Unicode |
| | | $host = idn_to_ascii($host); |
| | | $host = rcube_idn_to_ascii($host); |
| | | if (strpos($username, '@')) { |
| | | // lowercase domain name |
| | | list($local, $domain) = explode('@', $username); |
| | | $username = $local . '@' . mb_strtolower($domain); |
| | | $username = idn_to_ascii($username); |
| | | $username = rcube_idn_to_ascii($username); |
| | | } |
| | | |
| | | // user already registered -> overwrite username |
| | |
| | | $domain = rcube_parse_host($this->prop['mail_domain']); |
| | | |
| | | if ($encode) |
| | | $domain = idn_to_ascii($domain); |
| | | $domain = rcube_idn_to_ascii($domain); |
| | | |
| | | return $domain; |
| | | } |
| | |
| | | // INTERNALDATE "16-Nov-2008 21:08:46 +0100" BODYSTRUCTURE (...) |
| | | // BODY[HEADER.FIELDS ... |
| | | |
| | | if (preg_match('/^\* [0-9]+ FETCH \((.*) BODY/s', $line, $matches)) { |
| | | if (preg_match('/^\* [0-9]+ FETCH \((.*) BODY/sU', $line, $matches)) { |
| | | $str = $matches[1]; |
| | | |
| | | // swap parents with quotes, then explode |
| | |
| | | |
| | | // BODYSTRUCTURE |
| | | if ($bodystr) { |
| | | while (!preg_match('/ BODYSTRUCTURE (.*) BODY\[HEADER.FIELDS/s', $line, $m)) { |
| | | while (!preg_match('/ BODYSTRUCTURE (.*) BODY\[HEADER.FIELDS/sU', $line, $m)) { |
| | | $line2 = $this->readLine(1024); |
| | | $line .= $this->multLine($line2, true); |
| | | } |
| | |
| | | break; |
| | | case 'content-type': |
| | | $ctype_parts = preg_split('/[; ]/', $string); |
| | | $result[$id]->ctype = array_shift($ctype_parts); |
| | | $result[$id]->ctype = strtolower(array_shift($ctype_parts)); |
| | | if (preg_match('/charset\s*=\s*"?([a-z0-9\-\.\_]+)"?/i', $string, $regs)) { |
| | | $result[$id]->charset = $regs[1]; |
| | | } |
| | |
| | | |
| | | foreach ($this->prop['hosts'] as $host) |
| | | { |
| | | $host = idn_to_ascii(rcube_parse_host($host)); |
| | | $host = rcube_idn_to_ascii(rcube_parse_host($host)); |
| | | $this->_debug("C: Connect [$host".($this->prop['port'] ? ':'.$this->prop['port'] : '')."]"); |
| | | |
| | | if ($lc = @ldap_connect($host, $this->prop['port'])) |
| | |
| | | ) { |
| | | $this->attachments[] = $inline_object; |
| | | } |
| | | // MS Outlook sometimes also adds non-image attachments as related |
| | | // We'll add all such attachments to the attachments list |
| | | // Warning: some browsers support pdf in <img/> |
| | | // @TODO: we should fetch HTML body and find attachment's content-id |
| | | // to handle also image attachments without reference in the body |
| | | if (!empty($inline_object->filename) |
| | | && !preg_match('/^image\/(gif|jpe?g|png|tiff|bmp|svg)/', $inline_object->mimetype) |
| | | ) { |
| | | $this->attachments[] = $inline_object; |
| | | } |
| | | } |
| | | |
| | | // add replace array to each content part |
| | |
| | | sprintf("DELETE FROM %s WHERE sess_id = ?", get_table_name('session')), |
| | | $key); |
| | | |
| | | if ($key == $this->key) |
| | | $this->vars = false; |
| | | return true; |
| | | } |
| | | |
| | |
| | | $loaded = true; |
| | | } |
| | | |
| | | if ($idn && $domain && preg_match('/(^|@|\.)xn--/i', $domain)) { |
| | | if ($idn && $domain && preg_match('/(^|\.)xn--/i', $domain)) { |
| | | try { |
| | | $domain = $idn->decode($domain); |
| | | } |
| | |
| | | $helo_host = 'localhost'; |
| | | |
| | | // IDNA Support |
| | | $smtp_host = idn_to_ascii($smtp_host); |
| | | $smtp_host = rcube_idn_to_ascii($smtp_host); |
| | | |
| | | $this->conn = new Net_SMTP($smtp_host, $smtp_port, $helo_host); |
| | | |
| | |
| | | if ($smtp_user && $smtp_pass) |
| | | { |
| | | // IDNA Support |
| | | if (strpos($smtp_user, '@')) |
| | | $smtp_user = idn_to_ascii($smtp_user); |
| | | if (strpos($smtp_user, '@')) { |
| | | $smtp_user = rcube_idn_to_ascii($smtp_user); |
| | | } |
| | | |
| | | $result = $this->conn->auth($smtp_user, $smtp_pass, $smtp_auth_type, $use_tls, $smtp_authz); |
| | | |
| | |
| | | $username = $this->app->user->get_username(); |
| | | } |
| | | |
| | | return idn_to_utf8($username); |
| | | return rcube_idn_to_utf8($username); |
| | | } |
| | | |
| | | |
| | |
| | | // So, e-mail address should be validated also on server side after idn_to_ascii() use |
| | | //domain_literal = '\\x5b('+dtext+'|'+quoted_pair+')*\\x5d', |
| | | //sub_domain = '('+atom+'|'+domain_literal+')', |
| | | domain = '([^@\\x2e]+\\x2e)+[a-z]{2,}', |
| | | // allow punycode in last domain part for ICANN test domains |
| | | domain = '([^@\\x2e]+\\x2e)+([a-z]{2,}|xn--[a-z0-9]{2,})', |
| | | // ICANN e-mail test (http://idn.icann.org/E-mail_test) |
| | | icann_domains = [ |
| | | '\\u0645\\u062b\\u0627\\u0644\\x2e\\u0625\\u062e\\u062a\\u0628\\u0627\\u0631', |
| | | '\\u4f8b\\u5b50\\x2e\\u6d4b\\u8bd5', |
| | | '\\u4f8b\\u5b50\\x2e\\u6e2c\\u8a66', |
| | | '\\u03c0\\u03b1\\u03c1\\u03ac\\u03b4\\u03b5\\u03b9\\u03b3\\u03bc\\u03b1\\x2e\\u03b4\\u03bf\\u03ba\\u03b9\\u03bc\\u03ae', |
| | | '\\u0909\\u0926\\u093e\\u0939\\u0930\\u0923\\x2e\\u092a\\u0930\\u0940\\u0915\\u094d\\u0937\\u093e', |
| | | '\\u4f8b\\u3048\\x2e\\u30c6\\u30b9\\u30c8', |
| | | '\\uc2e4\\ub840\\x2e\\ud14c\\uc2a4\\ud2b8', |
| | | '\\u0645\\u062b\\u0627\\u0644\\x2e\\u0622\\u0632\\u0645\\u0627\\u06cc\\u0634\u06cc', |
| | | '\\u043f\\u0440\\u0438\\u043c\\u0435\\u0440\\x2e\\u0438\\u0441\\u043f\\u044b\\u0442\\u0430\\u043d\\u0438\\u0435', |
| | | '\\u0b89\\u0ba4\\u0bbe\\u0bb0\\u0ba3\\u0bae\\u0bcd\\x2e\\u0baa\\u0bb0\\u0bbf\\u0b9f\\u0bcd\\u0b9a\\u0bc8', |
| | | '\\u05d1\\u05f2\\u05b7\\u05e9\\u05e4\\u05bc\\u05d9\\u05dc\\x2e\\u05d8\\u05e2\\u05e1\\u05d8' |
| | | ], |
| | | icann_addr = 'mailtest\\x40('+icann_domains.join('|')+')', |
| | | word = '('+atom+'|'+quoted_string+')', |
| | | delim = '[,;\s\n]', |
| | | local_part = word+'(\\x2e'+word+')*', |
| | | addr_spec = local_part+'\\x40'+domain, |
| | | addr_spec = '(('+local_part+'\\x40'+domain+')|('+icann_addr+'))', |
| | | reg1 = inline ? new RegExp('(^|<|'+delim+')'+addr_spec+'($|>|'+delim+')', 'i') : new RegExp('^'+addr_spec+'$', 'i'); |
| | | |
| | | return reg1.test(input) ? true : false; |
| | |
| | | * - changed $ignore_elements behaviour |
| | | * - added RFC2397 support |
| | | * - base URL support |
| | | * - invalid HTML comments removal before parsing |
| | | */ |
| | | |
| | | class washtml |
| | |
| | | else |
| | | $this->config['base_url'] = ''; |
| | | |
| | | // Remove invalid HTML comments (#1487759) |
| | | $html = preg_replace('/<![^>]*>/', '', $html); |
| | | |
| | | @$node->loadHTML($html); |
| | | return $this->dumpHtml($node); |
| | | } |
| | |
| | | $labels['addbcc'] = 'Bcc hinzufügen'; |
| | | $labels['addreplyto'] = 'Antwortadresse hinzufügen'; |
| | | $labels['addfollowupto'] = 'Followup-To hinzufügen'; |
| | | $labels['mdnrequest'] = 'Der Sender dieser Nachricht möchte gerne eine Lesebestätigung. Wollen Sie dieses bestätigen?'; |
| | | $labels['mdnrequest'] = 'Der Sender dieser Nachricht möchte gerne eine Empfangsbestätigung. Wollen Sie dieses bestätigen?'; |
| | | $labels['receiptread'] = 'Empfangsbestätigung (gelesen)'; |
| | | $labels['yourmessage'] = 'Dies ist eine Empfangsbestätigung für Ihre Nachricht'; |
| | | $labels['receiptnote'] = 'Hinweis: Der Empfänger hat den Empfang der Nachricht bestätigt. Dies ist keine Garantie, dass die Nachricht gelesen und verstanden wurde.'; |
| | |
| | | $labels['mailboxview'] = 'Mailbox-Ansicht'; |
| | | $labels['mdnrequests'] = 'Empfangsbestätigung senden'; |
| | | $labels['askuser'] = 'immer fragen'; |
| | | $labels['autosend'] = 'Lesebestätigung automatisch senden'; |
| | | $labels['autosendknown'] = 'Lesebestätigung nur an meine Kontakte senden'; |
| | | $labels['autosend'] = 'automatisch senden'; |
| | | $labels['autosendknown'] = 'nur an meine Kontakte senden'; |
| | | $labels['autosendknownignore'] = 'für bekannte Absender, sonst ignorieren'; |
| | | $labels['ignore'] = 'ignorieren'; |
| | | $labels['readwhendeleted'] = 'Beim Löschen als gelesen markieren'; |
| | |
| | | } |
| | | |
| | | // We're using UTF8 internally |
| | | $email = idn_to_utf8($email); |
| | | $email = rcube_idn_to_utf8($email); |
| | | |
| | | if (!$replace) { |
| | | // compare e-mail address |
| | |
| | | } |
| | | |
| | | // Validity checks |
| | | $_email = idn_to_ascii($a_record['email']); |
| | | if (!check_email($_email, false)) { |
| | | $_email = rcube_idn_to_ascii($a_record['email']); |
| | | if (!check_email($_email)) { |
| | | $OUTPUT->show_message('emailformaterror', 'warning', array('email' => $_email)); |
| | | rcmail_overwrite_action($return_action); |
| | | return; |
| | |
| | | $OUTPUT->send(); |
| | | } |
| | | |
| | | $contact['email'] = idn_to_utf8($contact['email']); |
| | | $contact['email'] = rcube_idn_to_utf8($contact['email']); |
| | | |
| | | // use email address part for name |
| | | if (empty($contact['name']) || $contact['name'] == $contact['email']) |
| | |
| | | if (empty($addr_part['mailto'])) |
| | | continue; |
| | | |
| | | $mailto = idn_to_utf8($addr_part['mailto']); |
| | | $mailto = rcube_idn_to_utf8($addr_part['mailto']); |
| | | |
| | | if (!in_array($mailto, $sa_recipients) |
| | | && (!$MESSAGE->compose_from |
| | |
| | | if (empty($addr_part['mailto'])) |
| | | continue; |
| | | |
| | | $mailto = idn_to_utf8($addr_part['mailto']); |
| | | $mailto = rcube_idn_to_utf8($addr_part['mailto']); |
| | | |
| | | if ($addr_part['name'] && $addr_part['mailto'] != $addr_part['name']) |
| | | $string = format_email_recipient($mailto, $addr_part['name']); |
| | |
| | | // create SELECT element |
| | | foreach ($user_identities as $sql_arr) |
| | | { |
| | | $email = mb_strtolower(idn_to_utf8($sql_arr['email'])); |
| | | $email = mb_strtolower(rcube_idn_to_utf8($sql_arr['email'])); |
| | | $identity_id = $sql_arr['identity_id']; |
| | | $select_from->add(format_email_recipient($email, $sql_arr['name']), $identity_id); |
| | | |
| | |
| | | global $RCMAIL, $MESSAGE, $LINE_LENGTH; |
| | | |
| | | // build reply prefix |
| | | $from = array_pop($RCMAIL->imap->decode_address_list($MESSAGE->get_header('from'))); |
| | | $from = array_pop($RCMAIL->imap->decode_address_list($MESSAGE->get_header('from'), 1, false)); |
| | | $prefix = sprintf("On %s, %s wrote:", |
| | | $MESSAGE->headers->date, $from['name'] ? $from['name'] : idn_to_utf8($from['mailto'])); |
| | | $MESSAGE->headers->date, $from['name'] ? $from['name'] : rcube_idn_to_utf8($from['mailto'])); |
| | | |
| | | if (!$bodyIsHtml) { |
| | | $body = preg_replace('/\r?\n/', "\n", $body); |
| | |
| | | |
| | | // set default sort col/order to session |
| | | if (!isset($_SESSION['sort_col'])) |
| | | $_SESSION['sort_col'] = $CONFIG['message_sort_col']; |
| | | $_SESSION['sort_col'] = !empty($CONFIG['message_sort_col']) ? $CONFIG['message_sort_col'] : ''; |
| | | if (!isset($_SESSION['sort_order'])) |
| | | $_SESSION['sort_order'] = $CONFIG['message_sort_order']; |
| | | $_SESSION['sort_order'] = strtoupper($CONFIG['message_sort_order']) == 'ASC' ? 'ASC' : 'DESC'; |
| | | |
| | | // set threads mode |
| | | $a_threading = $RCMAIL->config->get('message_threading', array()); |
| | |
| | | */ |
| | | function rcmail_alter_html_link($matches) |
| | | { |
| | | global $EMAIL_ADDRESS_PATTERN; |
| | | global $RCMAIL, $EMAIL_ADDRESS_PATTERN; |
| | | |
| | | $tag = $matches[1]; |
| | | $attrib = parse_attrib_string($matches[2]); |
| | | $end = '>'; |
| | | |
| | | if ($tag == 'link' && preg_match('/^https?:\/\//i', $attrib['href'])) { |
| | | $attrib['href'] = "?_task=utils&_action=modcss&u=" . urlencode($attrib['href']) |
| | | . "&c=" . urlencode($GLOBALS['rcmail_html_container_id']); |
| | | $tempurl = 'tmp-' . md5($attrib['href']) . '.css'; |
| | | $_SESSION['modcssurls'][$tempurl] = $attrib['href']; |
| | | $attrib['href'] = $RCMAIL->url(array('task' => 'utils', 'action' => 'modcss', 'u' => $tempurl, 'c' => $GLOBALS['rcmail_html_container_id'])); |
| | | $end = ' />'; |
| | | } |
| | | else if (preg_match('/^mailto:'.$EMAIL_ADDRESS_PATTERN.'(\?[^"\'>]+)?/i', $attrib['href'], $mailto)) { |
| | |
| | | |
| | | // IDNA ASCII to Unicode |
| | | if ($name == $mailto) |
| | | $name = idn_to_utf8($name); |
| | | $name = rcube_idn_to_utf8($name); |
| | | if ($string == $mailto) |
| | | $string = idn_to_utf8($string); |
| | | $mailto = idn_to_utf8($mailto); |
| | | $string = rcube_idn_to_utf8($string); |
| | | $mailto = rcube_idn_to_utf8($mailto); |
| | | |
| | | if ($PRINT_MODE) { |
| | | $out .= sprintf('%s <%s>', Q($name), $mailto); |
| | |
| | | $item = trim($item); |
| | | // address in brackets without name (do nothing) |
| | | if (preg_match('/^<\S+@\S+>$/', $item)) { |
| | | $item = idn_to_ascii($item); |
| | | $item = rcube_idn_to_ascii($item); |
| | | $result[] = $item; |
| | | // address without brackets and without name (add brackets) |
| | | } else if (preg_match('/^\S+@\S+$/', $item)) { |
| | | $item = idn_to_ascii($item); |
| | | $item = rcube_idn_to_ascii($item); |
| | | $result[] = '<'.$item.'>'; |
| | | // address with name (handle name) |
| | | } else if (preg_match('/\S+@\S+>*$/', $item, $matches)) { |
| | |
| | | && preg_match('/[\(\)\<\>\\\.\[\]@,;:"]/', $name)) { |
| | | $name = '"'.addcslashes($name, '"').'"'; |
| | | } |
| | | $address = idn_to_ascii($address); |
| | | $address = rcube_idn_to_ascii($address); |
| | | if (!preg_match('/^<\S+@\S+>$/', $address)) |
| | | $address = '<'.$address.'>'; |
| | | |
| | |
| | | $form['addressing']['content']['email']['class'] = 'disabled'; |
| | | } |
| | | |
| | | $IDENTITY_RECORD['email'] = idn_to_utf8($IDENTITY_RECORD['email']); |
| | | $IDENTITY_RECORD['reply-to'] = idn_to_utf8($IDENTITY_RECORD['reply-to']); |
| | | $IDENTITY_RECORD['bcc'] = idn_to_utf8($IDENTITY_RECORD['bcc']); |
| | | $IDENTITY_RECORD['email'] = rcube_idn_to_utf8($IDENTITY_RECORD['email']); |
| | | $IDENTITY_RECORD['reply-to'] = rcube_idn_to_utf8($IDENTITY_RECORD['reply-to']); |
| | | $IDENTITY_RECORD['bcc'] = rcube_idn_to_utf8($IDENTITY_RECORD['bcc']); |
| | | |
| | | // Allow plugins to modify identity form content |
| | | $plugin = $RCMAIL->plugins->exec_hook('identity_form', array( |
| | |
| | | // get identities list and define 'mail' column |
| | | $list = $USER->list_identities(); |
| | | foreach ($list as $idx => $row) |
| | | $list[$idx]['mail'] = trim($row['name'] . ' <' . idn_to_utf8($row['email']) .'>'); |
| | | $list[$idx]['mail'] = trim($row['name'] . ' <' . rcube_idn_to_utf8($row['email']) .'>'); |
| | | |
| | | // get all identites from DB and define list of cols to be displayed |
| | | $plugin = $RCMAIL->plugins->exec_hook('identities_list', array( |
| | |
| | | // Validate e-mail addresses |
| | | foreach (array('email', 'reply-to', 'bcc') as $item) { |
| | | if ($email = $save_data[$item]) { |
| | | $ascii_email = idn_to_ascii($email); |
| | | if (!check_email($ascii_email, false)) { |
| | | $ascii_email = rcube_idn_to_ascii($email); |
| | | if (!check_email($ascii_email)) { |
| | | // show error message |
| | | $OUTPUT->show_message('emailformaterror', 'error', array('email' => $email), false); |
| | | rcmail_overwrite_action('edit-identity'); |
| | |
| | | $save_data = $plugin['record']; |
| | | |
| | | if ($save_data['email']) |
| | | $save_data['email'] = idn_to_ascii($save_data['email']); |
| | | $save_data['email'] = rcube_idn_to_ascii($save_data['email']); |
| | | if ($save_data['bcc']) |
| | | $save_data['bcc'] = idn_to_ascii($save_data['bcc']); |
| | | $save_data['bcc'] = rcube_idn_to_ascii($save_data['bcc']); |
| | | if ($save_data['reply-to']) |
| | | $save_data['reply-to'] = idn_to_ascii($save_data['reply-to']); |
| | | $save_data['reply-to'] = rcube_idn_to_ascii($save_data['reply-to']); |
| | | |
| | | if (!$plugin['abort']) |
| | | $updated = $USER->update_identity($iid, $save_data); |
| | |
| | | $plugin = $RCMAIL->plugins->exec_hook('identity_create', array('record' => $save_data)); |
| | | $save_data = $plugin['record']; |
| | | |
| | | $save_data['email'] = idn_to_ascii($save_data['email']); |
| | | $save_data['bcc'] = idn_to_ascii($save_data['bcc']); |
| | | $save_data['reply-to'] = idn_to_ascii($save_data['reply-to']); |
| | | $save_data['email'] = rcube_idn_to_ascii($save_data['email']); |
| | | $save_data['bcc'] = rcube_idn_to_ascii($save_data['bcc']); |
| | | $save_data['reply-to'] = rcube_idn_to_ascii($save_data['reply-to']); |
| | | |
| | | if (!$plugin['abort']) |
| | | $insert_id = $save_data['email'] ? $USER->insert_identity($save_data) : null; |
| | |
| | | "Please contact your server-administrator."; |
| | | } |
| | | |
| | | // forbidden due to request check |
| | | else if ($ERROR_CODE==403) { |
| | | $__error_title = "REQUEST CHECK FAILED"; |
| | | $__error_text = "Access to this service was denied due to failing security checks!<br />\n". |
| | | "Please contact your server-administrator."; |
| | | } |
| | | |
| | | // failed request (wrong step in URL) |
| | | else if ($ERROR_CODE==404) { |
| | | $__error_title = "REQUEST FAILED/FILE NOT FOUND"; |
| | |
| | | | program/steps/utils/modcss.inc | |
| | | | | |
| | | | This file is part of the Roundcube Webmail client | |
| | | | Copyright (C) 2007-2010, Roundcube Dev. - Switzerland | |
| | | | Copyright (C) 2007-2011, Roundcube Dev. - Switzerland | |
| | | | Licensed under the GNU GPL | |
| | | | | |
| | | | PURPOSE: | |
| | |
| | | |
| | | $source = ''; |
| | | |
| | | $url = preg_replace('![^a-z0-9:./\-_?$&=%]!i', '', $_GET['u']); |
| | | if ($url === null) { |
| | | $url = preg_replace('![^a-z0-9.-]!i', '', $_GET['_u']); |
| | | if ($url === null || !($realurl = $_SESSION['modcssurls'][$url])) { |
| | | header('HTTP/1.1 403 Forbidden'); |
| | | echo $error; |
| | | echo "Unauthorized request"; |
| | | exit; |
| | | } |
| | | |
| | | $a_uri = parse_url($url); |
| | | $a_uri = parse_url($realurl); |
| | | $port = $a_uri['port'] ? $a_uri['port'] : 80; |
| | | $host = $a_uri['host']; |
| | | $path = $a_uri['path'] . ($a_uri['query'] ? '?'.$a_uri['query'] : ''); |
| | |
| | | $mimetype = strtolower($headers['content-type']); |
| | | if (!empty($source) && in_array($mimetype, array('text/css','text/plain'))) { |
| | | header('Content-Type: text/css'); |
| | | echo rcmail_mod_css_styles($source, preg_replace('/[^a-z0-9]/i', '', $_GET['c'])); |
| | | echo rcmail_mod_css_styles($source, preg_replace('/[^a-z0-9]/i', '', $_GET['_c'])); |
| | | exit; |
| | | } |
| | | else |
| | |
| | | |
| | | body.iframe |
| | | { |
| | | margin: 0px; |
| | | margin: 20px 0 0 0; |
| | | background-color: #FFF; |
| | | } |
| | | |
| | |
| | | float: right; |
| | | } |
| | | |
| | | body.iframe .boxtitle |
| | | { |
| | | position: fixed; |
| | | top: 0; |
| | | left: 0; |
| | | width: 100%; |
| | | } |
| | | |
| | | .boxcontent |
| | | { |
| | | padding: 15px 10px 10px 10px; |
| | |
| | | // create a tab |
| | | a = $('<a>').text(legend.text()).attr('href', '#'); |
| | | tab = $('<span>').attr({'id': 'tab'+idx, 'class': 'tablink'}) |
| | | .click(function() { return rcube_show_tab(id, idx); }) |
| | | .click(function() { rcube_show_tab(id, idx); return false }) |
| | | |
| | | // remove legend |
| | | legend.remove(); |
| | |
| | | |
| | | div.messageheaderbox |
| | | { |
| | | margin: 6px 8px 0px 8px; |
| | | margin: -14px 8px 0px 8px; |
| | | border: 1px solid #ccc; |
| | | } |
| | | |