From 21e724153e80249d0b0f0aaa2f730ad2c045532c Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Tue, 22 Jul 2008 04:01:42 -0400
Subject: [PATCH] Improve HTML sanitization with washtml

---
 program/include/rcube_message.php |   34 ++++++++++++++++++++++------------
 1 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/program/include/rcube_message.php b/program/include/rcube_message.php
index 174b1f3..48f9997 100644
--- a/program/include/rcube_message.php
+++ b/program/include/rcube_message.php
@@ -21,9 +21,8 @@
 
 
 /**
- * Interface class for accessing an IMAP server
- *
- * This is a wrapper that implements the Iloha IMAP Library (IIL)
+ * Logical representation of a mail message with all its data
+ * and related functions
  *
  * @package    Mail
  * @author     Thomas Bruederli <roundcube@gmail.com>
@@ -43,6 +42,7 @@
   public $mime_parts = array();
   public $attachments = array();
   public $subject = '';
+  public $sender = null;
   public $is_safe = false;
   
   
@@ -54,9 +54,9 @@
     $this->uid = $uid;
     $this->headers = $this->imap->get_headers($uid);
     $this->subject = rcube_imap::decode_mime_string($this->headers->subject, $this->headers->charset);
+    list(, $this->sender) = each($this->imap->decode_address_list($this->headers->from));
     
-    $this->is_safe = (intval($_GET['_safe']) || $_SESSION['safe_messages'][$uid]) ? true : false;
-    $_SESSION['safe_messages'][$uid] = $this->is_safe;
+    $this->set_safe((intval($_GET['_safe']) || $_SESSION['safe_messages'][$uid]));
     
     $this->opt = array(
       'safe' => $this->is_safe,
@@ -65,8 +65,8 @@
     );
     
     if ($this->structure = $this->imap->get_structure($uid)) {
-      $this->parse_structure($this->structure);
       $this->get_mime_numbers($this->structure);
+      $this->parse_structure($this->structure);
     }
     else {
       $this->body = $this->imap->get_body($uid);
@@ -83,10 +83,20 @@
    */
   public function get_header($name, $raw = false)
   {
-    $value = $this->header->$name;
+    $value = $this->headers->$name;
     return $raw ? $value : $this->imap->decode_header($value);
   }
   
+  /**
+   * Set is_safe var and session data
+   *
+   * @param bool enable/disable
+   */
+  public function set_safe($safe = true)
+  {
+    $this->is_safe = $safe;
+    $_SESSION['safe_messages'][$this->uid] = $this->is_safe;
+  }
   
   /**
    * Compose a valid URL for getting a message part
@@ -356,18 +366,18 @@
       }
 
       // if this was a related part try to resolve references
-      if ($message_ctype_secondary == 'related' && sizeof($this->inline_objects)) {
+      if ($message_ctype_secondary == 'related' && sizeof($this->inline_parts)) {
         $a_replaces = array();
 
         foreach ($this->inline_parts as $inline_object) {
-          $a_replaces['cid:'.$inline_object->content_id] = htmlspecialchars(sprintf($this->opt['get_url'], $inline_object->mime_id));
+          $a_replaces['cid:'.$inline_object->content_id] = $this->get_part_url($inline_object->mime_id);
         }
 
         // add replace array to each content part
         // (will be applied later when part body is available)
-        for ($i=0; $i<count($a_return_parts); $i++) {
-          if ($a_return_parts[$i]->type=='content')
-            $a_return_parts[$i]->replaces = $a_replaces;
+        foreach ($this->parts as $i => $part) {
+          if ($part->type == 'content')
+            $this->parts[$i]->replaces = $a_replaces;
         }
       }
     }

--
Gitblit v1.9.1