githubFork/roundcubemail.git

parent: 39f883e1 | patch | commit | ignore whitespace

Merge branch 'release-0.8' of github.com:roundcube/roundcubemail into relea...

Thomas Bruederli

2013-01-25 f7c50e28dbd637b3b60c6aea0fac3768f8f59f05

Merge branch 'release-0.8' of github.com:roundcube/roundcubemail into release-0.8

13 files modified

	CHANGELOG	4 ●●●●● patch \| view \| raw \| blame \| history
	installer/check.php	7 ●●●●● patch \| view \| raw \| blame \| history
	installer/config.php	7 ●●●●● patch \| view \| raw \| blame \| history
	installer/rcube_install.php	7 ●●●●● patch \| view \| raw \| blame \| history
	installer/test.php	7 ●●●●● patch \| view \| raw \| blame \| history
	program/js/app.js	2 ●●●●● patch \| view \| raw \| blame \| history
	program/lib/washtml.php	2 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/mail/func.inc	2 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/mail/get.inc	7 ●●●●● patch \| view \| raw \| blame \| history
	skins/classic/iehacks.css	8 ●●●●● patch \| view \| raw \| blame \| history
	skins/larry/iehacks.css	6 ●●●●● patch \| view \| raw \| blame \| history
	skins/larry/mail.css	3 ●●●●● patch \| view \| raw \| blame \| history
	skins/larry/styles.css	1 ●●●●● patch \| view \| raw \| blame \| history

 CHANGELOG

@@ -1,6 +1,10 @@
CHANGELOG Roundcube Webmail
===========================

- Fix #countcontrols issue in IE<=8 when text is very long (#1488890)
- Fix unwanted horizontal scrollbar in message preview header (#1488866)
- Add workaround for IE<=8 bug where Content-Disposition:inline was ignored (#1488844)
- Fix XSS vulnerability in vbscript: and data:text links handling (#1488850)
- Fix absolute positioning in HTML messages (#1488819)
- Fix keybord events on messages list in opera browser (#1488823)
- Fix cache (in)validation after setting \Deleted flag

 installer/check.php

@@ -1,3 +1,10 @@
<?php

if (!class_exists('rcube_install') || !is_object($RCI)) {
    die("Not allowed! Please open installer/index.php instead.");
}

?>
<form action="index.php" method="get">
<?php


 installer/config.php

@@ -1,3 +1,10 @@
<?php

if (!class_exists('rcube_install') || !is_object($RCI)) {
    die("Not allowed! Please open installer/index.php instead.");
}

?>
<form action="index.php" method="post">
<input type="hidden" name="_step" value="2" />
<?php

 installer/rcube_install.php

@@ -251,7 +251,12 @@
        $seen[$prop] = true;
      }
    }
    

    // the old default mime_magic reference is obsolete
    if ($this->config['mime_magic'] == '/usr/share/misc/magic') {
        $out['obsolete'][] = array('prop' => 'mime_magic', 'explain' => "Set value to null in order to use system default");
    }

    // iterate over default config
    foreach ($defaults as $prop => $value) {
      if (!isset($seen[$prop]) && isset($required[$prop]) && !(is_bool($this->config[$prop]) || strlen($this->config[$prop])))

 installer/test.php

@@ -1,3 +1,10 @@
<?php

if (!class_exists('rcube_install') || !is_object($RCI)) {
    die("Not allowed! Please open installer/index.php instead.");
}

?>
<form action="index.php?_step=3" method="post">

<h3>Check config files</h3>

 program/js/app.js

@@ -2541,7 +2541,7 @@
    for (i=0, len=selection.length; i<len; i++) {
      uid = selection[i];
      if (list.rows[uid].has_children && !list.rows[uid].expanded)
        list.select_childs(uid);
        list.select_children(uid);
    }

    // if config is set to flag for deletion

 program/lib/washtml.php

@@ -214,7 +214,7 @@
      $key = strtolower($key);
      $value = $node->getAttribute($key);
      if (isset($this->_html_attribs[$key]) ||
         ($key == 'href' && !preg_match('!^javascript!i', $value)
         ($key == 'href' && !preg_match('!^(javascript|vbscript|data:text)!i', $value)
           && preg_match('!^([a-z][a-z0-9.+-]+:|//|#).+!i', $value))
      ) {
        $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';

 program/steps/mail/func.inc

@@ -1414,7 +1414,7 @@
      if ($addicon && $_SESSION['writeable_abook']) {
        $address .= html::a(array(
            'href' => "#add",
            'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, $string),
            'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, JQ($string)),
            'title' => rcube_label('addtoaddressbook'),
            'class' => 'rcmaddcontact',
          ),

 program/steps/mail/get.inc

@@ -150,6 +150,13 @@

      $disposition = !empty($plugin['download']) ? 'attachment' : 'inline';

      // Workaround for nasty IE bug (#1488844)
      // If Content-Disposition header contains string "attachment" e.g. in filename
      // IE handles data as attachment not inline
      if ($disposition == 'inline' && $browser->ie && $browser->ver < 9) {
        $filename = str_ireplace('attachment', 'attach', $filename);
      }

      header("Content-Disposition: $disposition; filename=\"$filename\"");

      // do content filtering to avoid XSS through fake images

 skins/classic/iehacks.css

@@ -184,13 +184,7 @@
  overflow: hidden;
}

#countcontrols
{
  width: 24em;
  padding-right: 10px;
}

body.iframe 
body.iframe
{
  width: expression((parseInt(document.documentElement.clientWidth))+'px');
}

 skins/larry/iehacks.css

@@ -65,6 +65,12 @@
    filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#404040', endColorstr='#060606', GradientType=0);
}

#toplogo {
    position: absolute;
    top: 0px;
    left: 10px;
}

.records-table tr.selected td {
    filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#019bc6', endColorstr='#017cb4', GradientType=0);
}

 skins/larry/mail.css

@@ -717,7 +717,7 @@

h3.subject {
    font-size: 14px;
    margin: 0 8em 0 0;
    margin: 0 12em 0 0;
    padding: 8px 8px 4px 8px;
    white-space: nowrap;
    overflow: hidden;
@@ -885,7 +885,6 @@
    position: absolute;
    top: 8px;
    right: 8px;
    width: 18em;
    text-align: right;
    white-space: nowrap;
}

 skins/larry/styles.css

@@ -513,6 +513,7 @@
}

#topnav {
    position: relative;
    height: 46px;
    margin-bottom: 10px;
    padding: 0 0 0 10px;

			@@ -1,6 +1,10 @@
			CHANGELOG Roundcube Webmail
			===========================

			- Fix #countcontrols issue in IE<=8 when text is very long (#1488890)
			- Fix unwanted horizontal scrollbar in message preview header (#1488866)
			- Add workaround for IE<=8 bug where Content-Disposition:inline was ignored (#1488844)
			- Fix XSS vulnerability in vbscript: and data:text links handling (#1488850)
			- Fix absolute positioning in HTML messages (#1488819)
			- Fix keybord events on messages list in opera browser (#1488823)
			- Fix cache (in)validation after setting \Deleted flag

			@@ -1,3 +1,10 @@
			<?php

			if (!class_exists('rcube_install') \|\| !is_object($RCI)) {
			die("Not allowed! Please open installer/index.php instead.");
			}

			?>
			<form action="index.php" method="get">
			<?php

			@@ -251,7 +251,12 @@
			$seen[$prop] = true;
			}
			}


			// the old default mime_magic reference is obsolete
			if ($this->config['mime_magic'] == '/usr/share/misc/magic') {
			$out['obsolete'][] = array('prop' => 'mime_magic', 'explain' => "Set value to null in order to use system default");
			}

			// iterate over default config
			foreach ($defaults as $prop => $value) {
			if (!isset($seen[$prop]) && isset($required[$prop]) && !(is_bool($this->config[$prop]) \|\| strlen($this->config[$prop])))

			@@ -2541,7 +2541,7 @@
			for (i=0, len=selection.length; i<len; i++) {
			uid = selection[i];
			if (list.rows[uid].has_children && !list.rows[uid].expanded)
			list.select_childs(uid);
			list.select_children(uid);
			}

			// if config is set to flag for deletion

			@@ -214,7 +214,7 @@
			$key = strtolower($key);
			$value = $node->getAttribute($key);
			if (isset($this->_html_attribs[$key]) \|\|
			($key == 'href' && !preg_match('!^javascript!i', $value)
			($key == 'href' && !preg_match('!^(javascript\|vbscript\|data:text)!i', $value)
			&& preg_match('!^([a-z][a-z0-9.+-]+:\|//\|#).+!i', $value))
			) {
			$t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';

			@@ -1414,7 +1414,7 @@
			if ($addicon && $_SESSION['writeable_abook']) {
			$address .= html::a(array(
			'href' => "#add",
			'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, $string),
			'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, JQ($string)),
			'title' => rcube_label('addtoaddressbook'),
			'class' => 'rcmaddcontact',
			),

			@@ -150,6 +150,13 @@

			$disposition = !empty($plugin['download']) ? 'attachment' : 'inline';

			// Workaround for nasty IE bug (#1488844)
			// If Content-Disposition header contains string "attachment" e.g. in filename
			// IE handles data as attachment not inline
			if ($disposition == 'inline' && $browser->ie && $browser->ver < 9) {
			$filename = str_ireplace('attachment', 'attach', $filename);
			}

			header("Content-Disposition: $disposition; filename=\"$filename\"");

			// do content filtering to avoid XSS through fake images

			@@ -184,13 +184,7 @@
			overflow: hidden;
			}

			#countcontrols
			{
			width: 24em;
			padding-right: 10px;
			}

			body.iframe
			body.iframe
			{
			width: expression((parseInt(document.documentElement.clientWidth))+'px');
			}

			@@ -65,6 +65,12 @@
			filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#404040', endColorstr='#060606', GradientType=0);
			}

			#toplogo {
			position: absolute;
			top: 0px;
			left: 10px;
			}

			.records-table tr.selected td {
			filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#019bc6', endColorstr='#017cb4', GradientType=0);
			}

			@@ -717,7 +717,7 @@

			h3.subject {
			font-size: 14px;
			margin: 0 8em 0 0;
			margin: 0 12em 0 0;
			padding: 8px 8px 4px 8px;
			white-space: nowrap;
			overflow: hidden;
			@@ -885,7 +885,6 @@
			position: absolute;
			top: 8px;
			right: 8px;
			width: 18em;
			text-align: right;
			white-space: nowrap;
			}

			@@ -513,6 +513,7 @@
			}

			#topnav {
			position: relative;
			height: 46px;
			margin-bottom: 10px;
			padding: 0 0 0 10px;