From 7dfb1fba5001299300736e6b5d95d9400575e3e7 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Thu, 18 Sep 2008 14:59:02 -0400
Subject: [PATCH] Set the right number of arguments for setcookie()
---
program/steps/mail/func.inc | 162 ++++++++++++++++++++++++++++++++++++++++++++----------
1 files changed, 132 insertions(+), 30 deletions(-)
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 7607ccc..440de92 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -206,16 +206,25 @@
$js_row_arr['unread'] = true;
if ($header->answered)
$js_row_arr['replied'] = true;
+ if ($header->forwarded)
+ $js_row_arr['forwarded'] = true;
if ($header->flagged)
$js_row_arr['flagged'] = true;
// set message icon
if ($attrib['deletedicon'] && $header->deleted)
$message_icon = $attrib['deletedicon'];
+ else if ($attrib['repliedicon'] && $header->answered)
+ {
+ if ($attrib['forwardedrepliedicon'] && $header->forwarded)
+ $message_icon = $attrib['forwardedrepliedicon'];
+ else
+ $message_icon = $attrib['repliedicon'];
+ }
+ else if ($attrib['forwardedicon'] && $header->forwarded)
+ $message_icon = $attrib['forwardedicon'];
else if ($attrib['unreadicon'] && !$header->seen)
$message_icon = $attrib['unreadicon'];
- else if ($attrib['repliedicon'] && $header->answered)
- $message_icon = $attrib['repliedicon'];
else if ($attrib['messageicon'])
$message_icon = $attrib['messageicon'];
@@ -296,6 +305,10 @@
$OUTPUT->set_env('unreadicon', $skin_path . $attrib['unreadicon']);
if ($attrib['repliedicon'])
$OUTPUT->set_env('repliedicon', $skin_path . $attrib['repliedicon']);
+ if ($attrib['forwardedicon'])
+ $OUTPUT->set_env('forwardedicon', $skin_path . $attrib['forwardedicon']);
+ if ($attrib['forwardedrepliedicon'])
+ $OUTPUT->set_env('forwardedrepliedicon', $skin_path . $attrib['forwardedrepliedicon']);
if ($attrib['attachmenticon'])
$OUTPUT->set_env('attachmenticon', $skin_path . $attrib['attachmenticon']);
if ($attrib['flaggedicon'])
@@ -367,6 +380,7 @@
$a_msg_flags['deleted'] = $header->deleted ? 1 : 0;
$a_msg_flags['unread'] = $header->seen ? 0 : 1;
$a_msg_flags['replied'] = $header->answered ? 1 : 0;
+ $a_msg_flags['forwarded'] = $header->forwarded ? 1 : 0;
$a_msg_flags['flagged'] = $header->flagged ? 1 : 0;
$OUTPUT->command('add_message_row',
@@ -446,7 +460,7 @@
$attrib_str = create_attrib_string($attrib, array('style', 'class', 'id', 'display'));
$out = '<span' . $attrib_str . '>';
- $out .= rcmail_quota_content();
+ $out .= rcmail_quota_content(NULL, $attrib);
$out .= '</span>';
return $out;
}
@@ -455,7 +469,7 @@
/**
*
*/
-function rcmail_quota_content($quota=NULL)
+function rcmail_quota_content($quota=NULL, $attrib=NULL)
{
global $IMAP, $COMM_PATH, $RCMAIL;
@@ -481,14 +495,23 @@
// show quota as image (by Brett Patterson)
if ($display == 'image' && function_exists('imagegif'))
{
- $attrib = array('width' => 100, 'height' => 14);
+ if (!$attrib['width'])
+ $attrib['width'] = isset($_SESSION['quota_width']) ? $_SESSION['quota_width'] : 100;
+ else
+ $_SESSION['quota_width'] = $attrib['width'];
+
+ if (!$attrib['height'])
+ $attrib['height'] = isset($_SESSION['quota_height']) ? $_SESSION['quota_height'] : 14;
+ else
+ $_SESSION['quota_height'] = $attrib['height'];
+
$quota_text = sprintf('<img src="./bin/quotaimg.php?u=%s&q=%d&w=%d&h=%d" width="%d" height="%d" alt="%s" title="%s / %s" />',
$quota['used'], $quota['total'],
$attrib['width'], $attrib['height'],
$attrib['width'], $attrib['height'],
$quota_text,
- show_bytes($quota["used"] * 1024),
- show_bytes($quota["total"] * 1024));
+ show_bytes($quota['used'] * 1024),
+ show_bytes($quota['total'] * 1024));
}
}
else
@@ -574,19 +597,34 @@
}
// text/html
else if ($part->ctype_secondary == 'html') {
+ $html = $part->body;
+
+ // special replacements (not properly handled by washtml class)
+ $html_search = array(
+ '/(<\/nobr>)(\s+)(<nobr>)/i', // space(s) between <NOBR>
+ '/(<[\/]*st1:[^>]+>)/i', // Microsoft's Smart Tags <ST1>
+ '/<title>.*<\/title>/i', // PHP bug #32547 workaround: remove title tag
+ '/<html[^>]*>/im', // malformed html: remove html tags (#1485139)
+ '/<\/html>/i', // malformed html: remove html tags (#1485139)
+ );
+ $html_replace = array(
+ '\\1'.' '.'\\3',
+ '',
+ '',
+ '',
+ '',
+ );
+ $html = preg_replace($html_search, $html_replace, $html);
+
// charset was converted to UTF-8 in rcube_imap::get_message_part() -> change charset specification in HTML accordingly
- $html = $part->body;
if (preg_match('/(\s+content=[\'"]\w+\/\w+;\s*charset)=([a-z0-9-_]+)/i', $html))
$html = preg_replace('/(\s+content=[\'"]\w+\/\w+;\s*charset)=([a-z0-9-_]+)/i', '\\1='.RCMAIL_CHARSET, $html);
else {
- // add <head> for malformed messages, washtml cannot work without that
- if (!preg_match('/<head>(.*)<\\/head>/Uims', $html))
- $html = '<head></head>' . $html;
+ // add head for malformed messages, washtml cannot work without that
+ if (!preg_match('/<head[^>]*>(.*)<\/head>/Uims', $html))
+ $html = '<head></head>'. $html;
$html = substr_replace($html, '<meta http-equiv="Content-Type" content="text/html; charset='.RCMAIL_CHARSET.'" />', intval(stripos($html, '</head>')), 0);
}
-
- // PHP bug #32547 workaround: remove title tag
- $html = preg_replace('/<title>.*<\/title>/', '', $html);
// clean HTML with washhtml by Frederic Motte
$wash_opts = array(
@@ -602,15 +640,13 @@
$wash_opts['html_elements'] = array('html','head','title','body');
}
- /* CSS styles need to be sanitized!
- if ($p['safe']) {
- $wash_opts['html_elements'][] = 'style';
- $wash_opts['html_attribs'] = array('type');
- }
- */
-
$washer = new washtml($wash_opts);
$washer->add_callback('form', 'rcmail_washtml_callback');
+
+ if ($p['safe']) { // allow CSS styles, will be sanitized by rcmail_washtml_callback()
+ $washer->add_callback('style', 'rcmail_washtml_callback');
+ }
+
$body = $washer->wash($html);
$REMOTE_OBJECTS = $washer->extlinks;
@@ -642,9 +678,6 @@
$convert_patterns[] = '/([a-z0-9][a-z0-9\-\.\+\_]*@[a-z0-9]([a-z0-9\-][.]?)*[a-z0-9]\\.[a-z]{2,5})/ie';
$convert_replaces[] = "rcmail_str_replacement('<a href=\"mailto:\\1\" onclick=\"return ".JS_OBJECT_NAME.".command(\'compose\',\'\\1\',this)\">\\1</a>', \$replace_strings)";
-// if ($part->ctype_parameters['format'] != 'flowed')
-// $body = wordwrap(trim($body), 80);
-
// search for patterns like links and e-mail addresses
$body = preg_replace($convert_patterns, $convert_replaces, $body);
@@ -701,6 +734,16 @@
$out = html::div('form', $content);
break;
+ case 'style':
+ // decode all escaped entities and reduce to ascii strings
+ $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entitiy_decode($content));
+
+ // now check for evil strings like expression, behavior or url()
+ if (!preg_match('/expression|behavior|url\(|import/', $stripped)) {
+ $out = html::tag('style', array('type' => 'text/css'), $content);
+ break;
+ }
+
default:
$out = '';
}
@@ -742,21 +785,28 @@
$out = '<table' . $attrib_str . ">\n";
// show these headers
- $standard_headers = array('subject', 'from', 'organization', 'to', 'cc', 'bcc', 'reply-to', 'date');
-
+ $standard_headers = array('subject', 'from', 'organization', 'to', 'cc', 'bcc', 'replyto', 'date');
+
foreach ($standard_headers as $hkey)
{
if (!$headers[$hkey])
continue;
- if ($hkey=='date' && !empty($headers[$hkey]))
+ if ($hkey == 'date')
{
if ($PRINT_MODE)
$header_value = format_date($headers[$hkey], $CONFIG['date_long'] ? $CONFIG['date_long'] : 'x');
else
$header_value = format_date($headers[$hkey]);
}
- else if (in_array($hkey, array('from', 'to', 'cc', 'bcc', 'reply-to')))
+ else if ($hkey == 'replyto')
+ {
+ if ($headers['replyto'] != $headers['from'])
+ $header_value = Q(rcmail_address_string($headers['replyto'], null, true, $attrib['addicon']), 'show');
+ else
+ continue;
+ }
+ else if (in_array($hkey, array('from', 'to', 'cc', 'bcc')))
$header_value = Q(rcmail_address_string($headers[$hkey], null, true, $attrib['addicon']), 'show');
else
$header_value = Q($IMAP->decode_header($headers[$hkey]));
@@ -766,6 +816,14 @@
$out .= '<td class="'.$hkey.'" width="90%">'.$header_value."</td>\n</tr>";
$header_count++;
}
+
+ // all headers division
+ $out .= "\n".'<tr><td colspan="2" class="more-headers show-headers"
+ onclick="return '.JS_OBJECT_NAME.'.command(\'load-headers\', \'\', this)"></td></tr>';
+ $out .= "\n".'<tr id="all-headers"><td colspan="2" class="all"><div id="headers-source"></div></td></tr>';
+
+ $OUTPUT->add_gui_object('all_headers_row', 'all-headers');
+ $OUTPUT->add_gui_object('all_headers_box', 'headers-source');
$out .= "\n</table>\n\n";
@@ -829,8 +887,7 @@
$ctype_secondary = strtolower($MESSAGE->structure->ctype_secondary);
// list images after mail body
- if (get_boolean($attrib['showimages'])
- && $CONFIG['inline_images']
+ if ($CONFIG['inline_images']
&& $ctype_primary == 'multipart'
&& !empty($MESSAGE->attachments)
&& !strstr($message_body, '<html'))
@@ -1007,6 +1064,51 @@
}
+/**
+ * Wrap text to a given number of characters per line
+ * but respect the mail quotation of replies messages (>)
+ *
+ * @param string Text to wrap
+ * @param int The line width
+ * @return string The wrapped text
+ */
+function rcmail_wrap_quoted($text, $max = 76)
+{
+ // Rebuild the message body with a maximum of $max chars, while keeping quoted message.
+ $lines = preg_split('/\r?\n/', trim($text));
+ $out = '';
+
+ foreach ($lines as $line) {
+ if (strlen($line) > $max) {
+ if (preg_match('/^([>\s]+)/', $line, $regs)) {
+ $length = strlen($regs[0]);
+ $prefix = substr($line, 0, $length);
+
+ // Remove '> ' from the line, then wordwrap() the line
+ $line = wordwrap(substr($line, $length), $max - $length);
+
+ // Rebuild the line with '> ' at the beginning of each 'subline'
+ $newline = '';
+ foreach (explode("\n", $line) as $l) {
+ $newline .= $prefix . $l . "\n";
+ }
+
+ // Remove the righest newline char
+ $line = rtrim($newline);
+ }
+ else {
+ $line = wordwrap($line, $max);
+ }
+ }
+
+ // Append the line
+ $out .= $line . "\n";
+ }
+
+ return $out;
+}
+
+
function rcmail_message_part_controls()
{
global $MESSAGE;
--
Gitblit v1.9.1