From 6a35c82a3ca43546198361aefdea94b04ecb5457 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Wed, 02 Nov 2005 17:43:55 -0500
Subject: [PATCH] Added more XSS protection (Bug #1308236) and some visual enhancements
---
skins/default/mail.css | 31 +++++----
program/steps/mail/func.inc | 49 ++++++++++++----
skins/default/templates/message.html | 12 ++--
skins/default/templates/compose.html | 2
program/steps/mail/sendmail.inc | 11 ++-
program/js/app.js | 17 ++---
6 files changed, 75 insertions(+), 47 deletions(-)
diff --git a/program/js/app.js b/program/js/app.js
index a61cc1e..3f86e9f 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -2046,18 +2046,17 @@
if (this.gui_objects.mailboxlist)
{
var item, reg, text_obj;
+ var s_current = this.env.mailbox.toLowerCase().replace(this.mbox_expression, '');
var s_mbox = String(mbox).toLowerCase().replace(this.mbox_expression, '');
var s_current = this.env.mailbox.toLowerCase().replace(this.mbox_expression, '');
- var nodes = this.gui_objects.mailboxlist.getElementsByTagName('LI');
- for (var n=0; n<nodes.length; n++)
- {
- item = nodes[n];
- if (item.className && item.className.indexOf('mailbox '+s_mbox+' ')>=0)
- this.set_classname(item, 'selected', true);
- else if (item.className && item.className.indexOf('mailbox '+s_current)>=0)
- this.set_classname(item, 'selected', false);
- }
+ var current_li = document.getElementById('rcmbx'+s_current);
+ var mbox_li = document.getElementById('rcmbx'+s_mbox);
+
+ if (current_li)
+ this.set_classname(current_li, 'selected', false);
+ if (mbox_li)
+ this.set_classname(mbox_li, 'selected', true);
}
this.env.mailbox = mbox;
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 7a6b6ff..0419654 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -41,6 +41,13 @@
}
+// set default sort col/order to session
+if (!isset($_SESSION['sort_col']))
+ $_SESSION['sort_col'] = $CONFIG['message_sort_col'];
+if (!isset($_SESSION['sort_order']))
+ $_SESSION['sort_order'] = $CONFIG['message_sort_order'];
+
+
// define url for getting message parts
if (strlen($_GET['_uid']))
$GET_URL = sprintf('%s&_action=get&_mbox=%s&_uid=%d', $COMM_PATH, $IMAP->get_mailbox_name(), $_GET['_uid']);
@@ -147,7 +154,7 @@
// return html for a structured list <ul> for the mailbox tree
function rcmail_render_folder_tree_html(&$arrFolders, &$special, &$mbox, $maxlength, $nestLevel=0)
{
- global $JS_OBJECT_NAME, $IMAP;
+ global $JS_OBJECT_NAME, $IMAP, $CONFIG;
$idx = 0;
$out = '';
@@ -170,9 +177,23 @@
// add unread message count display
if ($unread_count = $IMAP->messagecount($folder['id'], 'UNSEEN', ($folder['id']==$mbox)))
$foldername .= sprintf(' (%d)', $unread_count);
+
+ // make folder name safe for ids and class names
+ $folder_css = $class_name = preg_replace('/[^a-z0-9\-_]/', '', $folder_lc);
- $out .= sprintf('<li class="mailbox %s %s%s%s"><a href="#%s" onclick="return %s.command(\'list\',\'%s\')" onmouseup="return %s.mbox_mouse_up(\'%s\')">%s</a>'."\n",
- preg_replace('/[^a-z0-9\-_]/', '', $folder_lc),
+ // set special class for Sent, Drafts, Trash and Junk
+ if ($folder['id']==$CONFIG['sent_mbox'])
+ $class_name = 'sent';
+ else if ($folder['id']==$CONFIG['drafts_mbox'])
+ $class_name = 'drafts';
+ else if ($folder['id']==$CONFIG['trash_mbox'])
+ $class_name = 'trash';
+ else if ($folder['id']==$CONFIG['junk_mbox'])
+ $class_name = 'junk';
+
+ $out .= sprintf('<li id="rcmbx%s" class="mailbox %s %s%s%s"><a href="./#%s" onclick="return %s.command(\'list\',\'%s\')" onmouseup="return %s.mbox_mouse_up(\'%s\')">%s</a>',
+ $folder_css,
+ $class_name,
$zebra_class,
$unread_count ? ' unread' : '',
$folder['id']==$mbox ? ' selected' : '',
@@ -184,7 +205,7 @@
rep_specialchars_output($foldername, 'html', 'all'));
if (!empty($folder['folders']))
- $out .= '<ul>' . rcmail_render_folder_tree_html($folder['folders'], $special, $mbox, $maxlength, $nestLevel+1) . "</ul>\n";
+ $out .= "\n<ul>\n" . rcmail_render_folder_tree_html($folder['folders'], $special, $mbox, $maxlength, $nestLevel+1) . "</ul>\n";
$out .= "</li>\n";
$idx++;
@@ -239,8 +260,8 @@
$image_tag = '<img src="%s%s" alt="%s" border="0" />';
// check to see if we have some settings for sorting
- $sort_col = isset($_SESSION['sort_col']) ? $_SESSION['sort_col'] : $CONFIG['message_sort_col'];
- $sort_order = isset($_SESSION['sort_order']) ? $_SESSION['sort_order'] : $CONFIG['message_sort_order'];
+ $sort_col = $_SESSION['sort_col'];
+ $sort_order = $_SESSION['sort_order'];
// get message headers
$a_headers = $IMAP->list_headers('', '', $sort_col, $sort_order);
@@ -982,13 +1003,18 @@
// remove SCRIPT tags
- while (($pos = strpos($body_lc, '<script')) && ($pos2 = strpos($body_lc, '</script>', $pos)))
+ foreach (array('script', 'applet', 'object', 'embed', 'iframe') as $tag)
{
- $pos2 += 8;
- $body = substr($body, 0, $pos) . substr($body, $pos2, strlen($body)-$pos2);
- $body_lc = strtolower($body);
+ while (($pos = strpos($body_lc, '<'.$tag)) && ($pos2 = strpos($body_lc, '</'.$tag.'>', $pos)))
+ {
+ $pos2 += 8;
+ $body = substr($body, 0, $pos) . substr($body, $pos2, strlen($body)-$pos2);
+ $body_lc = strtolower($body);
+ }
}
-
+
+ // replace event handlers on any object
+ $body = preg_replace('/\s(on[a-z]+)=/im', ' __removed=', $body);
// resolve <base href>
$base_reg = '/(<base.*href=["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)([^<]*>)/i';
@@ -999,7 +1025,6 @@
$body = preg_replace('/(url\s*\()(["\']?)([\.\/]+[^"\'\)\s]+)(\2)\)/Uie', "'\\1\''.make_absolute_url('\\3', '$base_url').'\')'", $body);
$body = preg_replace($base_reg, '', $body);
}
-
// add comments arround html and other tags
$out = preg_replace(array('/(<\/?html[^>]*>)/i',
diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc
index fbb31b3..48a5ccc 100644
--- a/program/steps/mail/sendmail.inc
+++ b/program/steps/mail/sendmail.inc
@@ -65,10 +65,11 @@
/****** check submission and compose message ********/
-$mailto_regexp = '/,\s*$/';
+$mailto_regexp = array('/,\s*[\r\n]+/', '/[\r\n]+/', '/,\s*$/m');
+$mailto_replace = array(' ', ', ', '');
-// trip ending ', ' from
-$mailto = preg_replace($mailto_regexp, '', $_POST['_to']);
+// repalce new lines and strip ending ', '
+$mailto = preg_replace($mailto_regexp, $mailto_replace, stripslashes($_POST['_to']));
// decode address strings
$to_address_arr = $IMAP->decode_address_list($mailto);
@@ -90,10 +91,10 @@
// additional recipients
if ($_POST['_cc'])
- $headers['Cc'] = preg_replace($mailto_regexp, '', $_POST['_cc']);
+ $headers['Cc'] = preg_replace($mailto_regexp, $mailto_replace, stripslashes($_POST['_cc']));
if ($_POST['_bcc'])
- $headers['Bcc'] = preg_replace($mailto_regexp, '', $_POST['_bcc']);
+ $headers['Bcc'] = preg_replace($mailto_regexp, $mailto_replace, stripslashes($_POST['_bcc']));
if (strlen($identity_arr['bcc']))
$headers['Bcc'] = ($headers['Bcc'] ? $headers['Bcc'].', ' : '') . $identity_arr['bcc'];
diff --git a/skins/default/mail.css b/skins/default/mail.css
index 72c1c6c..f586386 100644
--- a/skins/default/mail.css
+++ b/skins/default/mail.css
@@ -75,7 +75,7 @@
position: absolute;
top: 60px;
right: 40px;
- width: 250px;
+ width: 200px;
height: 20px;
text-align: right;
}
@@ -412,9 +412,14 @@
top: 85px;
left: 200px;
right: 40px;
+ bottom: 40px;
+ border: 1px solid #cccccc;
+ background-color: #FFFFFF;
+ overflow: auto;
/* css hack for IE */
- margin-bottom: 10px;
- width: expression(document.body.clientWidth-240);
+ /* margin-bottom: 10px; */
+ width: expression((parseInt(document.documentElement.clientWidth)-240)+'px');
+ height: expression((parseInt(document.documentElement.clientHeight)-125)+'px');
}
table.headers-table
@@ -433,10 +438,11 @@
table.headers-table td.header-title
{
- width: 70px;
+ width: 80px;
color: #666666;
font-weight: bold;
text-align: right;
+ white-space: nowrap;
padding-right: 4px;
}
@@ -481,18 +487,15 @@
#messagebody
{
min-height: 300px;
- margin-top: 10px;
- margin-bottom: 10px;
+ padding-top: 10px;
+ padding-bottom: 10px;
background-color: #FFFFFF;
- border: 1px solid #cccccc;
- border-top: none;
}
div.message-part
{
padding: 8px;
padding-top: 10px;
- border-top: 1px solid #cccccc;
overflow: hidden;
}
@@ -513,8 +516,8 @@
display: none;
height: 20px;
min-height: 20px;
+ margin: 8px 8px 0px 8px;
padding: 10px 10px 6px 46px;
- margin-top: 8px;
}
#remote-objects-message a
@@ -544,12 +547,12 @@
top: 90px;
left: 200px;
right: 40px;
- bottom: 20px;
+ bottom: 40px;
padding: 0px;
margin: 0px;
/* css hack for IE */
width: expression(document.documentElement.clientWidth-240);
- /* height: expression((parseInt(document.documentElement.clientHeight)-130)+'px'); */
+ height: expression((parseInt(document.documentElement.clientHeight)-130)+'px');
}
/*
@@ -635,10 +638,10 @@
#compose-body
{
margin-top: 10px;
- width: 100% !important;
+ width: 99% !important;
width: 95%;
height: 95%;
- min-height: 400px;
+ min-height: 300px;
font-size: 9pt;
font-family: "Courier New", Courier, monospace;
}
diff --git a/skins/default/templates/compose.html b/skins/default/templates/compose.html
index 26c9de5..9dda5da 100644
--- a/skins/default/templates/compose.html
+++ b/skins/default/templates/compose.html
@@ -87,7 +87,7 @@
</tr><tr>
-<td style="width:100%; height:100%;">
+<td style="width:100%; height:100%; vertical-align:top;">
<roundcube:object name="composeBody" id="compose-body" form="form" cols="80" rows="20" warp="virtual" />
</td>
diff --git a/skins/default/templates/message.html b/skins/default/templates/message.html
index a5c46ef..7d4ff55 100644
--- a/skins/default/templates/message.html
+++ b/skins/default/templates/message.html
@@ -10,6 +10,12 @@
<roundcube:include file="/includes/taskbar.html" />
<roundcube:include file="/includes/header.html" />
+<div id="messagecountbar">
+<roundcube:button command="previousmessage" imageAct="/images/buttons/previous_act.png" imagePas="/images/buttons/previous_pas.png" width="11" height="11" title="previousmessages" />
+ <roundcube:object name="messageCountDisplay" />
+<roundcube:button command="nextmessage" imageAct="/images/buttons/next_act.png" imagePas="/images/buttons/next_pas.png" width="11" height="11" title="nextmessages" />
+</div>
+
<div id="messagetoolbar">
<roundcube:button command="list" image="/images/buttons/back_act.png" width="32" height="32" title="backtolist" />
<roundcube:button command="reply" imageAct="/images/buttons/reply_act.png" imagePas="/images/buttons/reply_pas.png" width="32" height="32" title="replytomessage" />
@@ -18,12 +24,6 @@
<roundcube:button command="print" imageAct="/images/buttons/print_act.png" imagePas="/images/buttons/print_pas.png" width="32" height="32" title="printmessage" />
<roundcube:button command="viewsource" imageAct="/images/buttons/source_act.png" imagePas="/images/buttons/source_pas.png" width="32" height="32" title="viewsource" />
<roundcube:object name="mailboxlist" type="select" noSelection="moveto" maxlength="25" onchange="rcmail.command('moveto', this.options[this.selectedIndex].value)" class="mboxlist" />
-</div>
-
-<div id="messagecountbar">
-<roundcube:button command="previousmessage" imageAct="/images/buttons/previous_act.png" imagePas="/images/buttons/previous_pas.png" width="11" height="11" title="previousmessages" />
- <roundcube:object name="messageCountDisplay" />
-<roundcube:button command="nextmessage" imageAct="/images/buttons/next_act.png" imagePas="/images/buttons/next_pas.png" width="11" height="11" title="nextmessages" />
</div>
<div id="mailboxlist-header"><roundcube:label name="mailboxlist" /></div>
--
Gitblit v1.9.1