From 7dfb1fba5001299300736e6b5d95d9400575e3e7 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Thu, 18 Sep 2008 14:59:02 -0400
Subject: [PATCH] Set the right number of arguments for setcookie()
---
program/steps/mail/func.inc | 272 +++++++++++++++++++++++++++++++++++++++++------------
1 files changed, 209 insertions(+), 63 deletions(-)
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index f428237..440de92 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -206,16 +206,25 @@
$js_row_arr['unread'] = true;
if ($header->answered)
$js_row_arr['replied'] = true;
+ if ($header->forwarded)
+ $js_row_arr['forwarded'] = true;
if ($header->flagged)
$js_row_arr['flagged'] = true;
// set message icon
if ($attrib['deletedicon'] && $header->deleted)
$message_icon = $attrib['deletedicon'];
+ else if ($attrib['repliedicon'] && $header->answered)
+ {
+ if ($attrib['forwardedrepliedicon'] && $header->forwarded)
+ $message_icon = $attrib['forwardedrepliedicon'];
+ else
+ $message_icon = $attrib['repliedicon'];
+ }
+ else if ($attrib['forwardedicon'] && $header->forwarded)
+ $message_icon = $attrib['forwardedicon'];
else if ($attrib['unreadicon'] && !$header->seen)
$message_icon = $attrib['unreadicon'];
- else if ($attrib['repliedicon'] && $header->answered)
- $message_icon = $attrib['repliedicon'];
else if ($attrib['messageicon'])
$message_icon = $attrib['messageicon'];
@@ -245,7 +254,7 @@
foreach ($a_show_cols as $col)
{
if ($col=='from' || $col=='to')
- $cont = Q(rcmail_address_string($header->$col, 3, $attrib['addicon']), 'show');
+ $cont = Q(rcmail_address_string($header->$col, 3, false, $attrib['addicon']), 'show');
else if ($col=='subject')
{
$action = $mbox==$CONFIG['drafts_mbox'] ? 'compose' : 'show';
@@ -296,6 +305,10 @@
$OUTPUT->set_env('unreadicon', $skin_path . $attrib['unreadicon']);
if ($attrib['repliedicon'])
$OUTPUT->set_env('repliedicon', $skin_path . $attrib['repliedicon']);
+ if ($attrib['forwardedicon'])
+ $OUTPUT->set_env('forwardedicon', $skin_path . $attrib['forwardedicon']);
+ if ($attrib['forwardedrepliedicon'])
+ $OUTPUT->set_env('forwardedrepliedicon', $skin_path . $attrib['forwardedrepliedicon']);
if ($attrib['attachmenticon'])
$OUTPUT->set_env('attachmenticon', $skin_path . $attrib['attachmenticon']);
if ($attrib['flaggedicon'])
@@ -367,6 +380,7 @@
$a_msg_flags['deleted'] = $header->deleted ? 1 : 0;
$a_msg_flags['unread'] = $header->seen ? 0 : 1;
$a_msg_flags['replied'] = $header->answered ? 1 : 0;
+ $a_msg_flags['forwarded'] = $header->forwarded ? 1 : 0;
$a_msg_flags['flagged'] = $header->flagged ? 1 : 0;
$OUTPUT->command('add_message_row',
@@ -446,7 +460,7 @@
$attrib_str = create_attrib_string($attrib, array('style', 'class', 'id', 'display'));
$out = '<span' . $attrib_str . '>';
- $out .= rcmail_quota_content();
+ $out .= rcmail_quota_content(NULL, $attrib);
$out .= '</span>';
return $out;
}
@@ -455,9 +469,9 @@
/**
*
*/
-function rcmail_quota_content($quota=NULL)
+function rcmail_quota_content($quota=NULL, $attrib=NULL)
{
- global $IMAP, $COMM_PATH;
+ global $IMAP, $COMM_PATH, $RCMAIL;
$display = isset($_SESSION['quota_display']) ? $_SESSION['quota_display'] : '';
@@ -471,7 +485,7 @@
else
$quota = $IMAP->get_quota();
- if ($quota)
+ if ($quota && !($quota['total']==0 && $RCMAIL->config->get('quota_zero_as_unlimited')))
{
$quota_text = sprintf('%s / %s (%.0f%%)',
show_bytes($quota['used'] * 1024),
@@ -481,14 +495,23 @@
// show quota as image (by Brett Patterson)
if ($display == 'image' && function_exists('imagegif'))
{
- $attrib = array('width' => 100, 'height' => 14);
+ if (!$attrib['width'])
+ $attrib['width'] = isset($_SESSION['quota_width']) ? $_SESSION['quota_width'] : 100;
+ else
+ $_SESSION['quota_width'] = $attrib['width'];
+
+ if (!$attrib['height'])
+ $attrib['height'] = isset($_SESSION['quota_height']) ? $_SESSION['quota_height'] : 14;
+ else
+ $_SESSION['quota_height'] = $attrib['height'];
+
$quota_text = sprintf('<img src="./bin/quotaimg.php?u=%s&q=%d&w=%d&h=%d" width="%d" height="%d" alt="%s" title="%s / %s" />',
$quota['used'], $quota['total'],
$attrib['width'], $attrib['height'],
$attrib['width'], $attrib['height'],
$quota_text,
- show_bytes($quota["used"] * 1024),
- show_bytes($quota["total"] * 1024));
+ show_bytes($quota['used'] * 1024),
+ show_bytes($quota['total'] * 1024));
}
}
else
@@ -529,6 +552,27 @@
return Q($out);
}
+/**
+ *
+ */
+function rcmail_mailbox_name_display($attrib)
+{
+ global $RCMAIL;
+
+ if (!$attrib['id'])
+ $attrib['id'] = 'rcmmailboxname';
+
+ $RCMAIL->output->add_gui_object('mailboxname', $attrib['id']);
+
+ return html::span($attrib, rcmail_get_mailbox_name_text());
+}
+
+function rcmail_get_mailbox_name_text()
+{
+ global $RCMAIL;
+ return rcmail_localize_foldername($RCMAIL->imap->get_mailbox_name());
+}
+
/**
* Convert the given message part to proper HTML
@@ -553,17 +597,35 @@
}
// text/html
else if ($part->ctype_secondary == 'html') {
+ $html = $part->body;
+
+ // special replacements (not properly handled by washtml class)
+ $html_search = array(
+ '/(<\/nobr>)(\s+)(<nobr>)/i', // space(s) between <NOBR>
+ '/(<[\/]*st1:[^>]+>)/i', // Microsoft's Smart Tags <ST1>
+ '/<title>.*<\/title>/i', // PHP bug #32547 workaround: remove title tag
+ '/<html[^>]*>/im', // malformed html: remove html tags (#1485139)
+ '/<\/html>/i', // malformed html: remove html tags (#1485139)
+ );
+ $html_replace = array(
+ '\\1'.' '.'\\3',
+ '',
+ '',
+ '',
+ '',
+ );
+ $html = preg_replace($html_search, $html_replace, $html);
+
// charset was converted to UTF-8 in rcube_imap::get_message_part() -> change charset specification in HTML accordingly
- $html = $part->body;
- if (preg_match('/(\s+content=[\'"]\w+\/\w+;\s*charset)=([a-z0-9-]+)/i', $html))
- $html = preg_replace('/(\s+content=[\'"]\w+\/\w+;\s*charset)=([a-z0-9-]+)/i', '\\1='.RCMAIL_CHARSET, $html);
+ if (preg_match('/(\s+content=[\'"]\w+\/\w+;\s*charset)=([a-z0-9-_]+)/i', $html))
+ $html = preg_replace('/(\s+content=[\'"]\w+\/\w+;\s*charset)=([a-z0-9-_]+)/i', '\\1='.RCMAIL_CHARSET, $html);
else {
- // add <head> for malformed messages, washtml cannot work without that
- if (!preg_match('/<head>(.*)<\\/head>/Uims', $html))
- $html = '<head></head>' . $html;
+ // add head for malformed messages, washtml cannot work without that
+ if (!preg_match('/<head[^>]*>(.*)<\/head>/Uims', $html))
+ $html = '<head></head>'. $html;
$html = substr_replace($html, '<meta http-equiv="Content-Type" content="text/html; charset='.RCMAIL_CHARSET.'" />', intval(stripos($html, '</head>')), 0);
}
-
+
// clean HTML with washhtml by Frederic Motte
$wash_opts = array(
'show_washed' => false,
@@ -578,15 +640,13 @@
$wash_opts['html_elements'] = array('html','head','title','body');
}
- /* CSS styles need to be sanitized!
- if ($p['safe']) {
- $wash_opts['html_elements'][] = 'style';
- $wash_opts['html_attribs'] = array('type');
- }
- */
-
$washer = new washtml($wash_opts);
$washer->add_callback('form', 'rcmail_washtml_callback');
+
+ if ($p['safe']) { // allow CSS styles, will be sanitized by rcmail_washtml_callback()
+ $washer->add_callback('style', 'rcmail_washtml_callback');
+ }
+
$body = $washer->wash($html);
$REMOTE_OBJECTS = $washer->extlinks;
@@ -618,9 +678,6 @@
$convert_patterns[] = '/([a-z0-9][a-z0-9\-\.\+\_]*@[a-z0-9]([a-z0-9\-][.]?)*[a-z0-9]\\.[a-z]{2,5})/ie';
$convert_replaces[] = "rcmail_str_replacement('<a href=\"mailto:\\1\" onclick=\"return ".JS_OBJECT_NAME.".command(\'compose\',\'\\1\',this)\">\\1</a>', \$replace_strings)";
-// if ($part->ctype_parameters['format'] != 'flowed')
-// $body = wordwrap(trim($body), 80);
-
// search for patterns like links and e-mail addresses
$body = preg_replace($convert_patterns, $convert_replaces, $body);
@@ -677,6 +734,16 @@
$out = html::div('form', $content);
break;
+ case 'style':
+ // decode all escaped entities and reduce to ascii strings
+ $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entitiy_decode($content));
+
+ // now check for evil strings like expression, behavior or url()
+ if (!preg_match('/expression|behavior|url\(|import/', $stripped)) {
+ $out = html::tag('style', array('type' => 'text/css'), $content);
+ break;
+ }
+
default:
$out = '';
}
@@ -718,22 +785,29 @@
$out = '<table' . $attrib_str . ">\n";
// show these headers
- $standard_headers = array('subject', 'from', 'organization', 'to', 'cc', 'bcc', 'reply-to', 'date');
-
+ $standard_headers = array('subject', 'from', 'organization', 'to', 'cc', 'bcc', 'replyto', 'date');
+
foreach ($standard_headers as $hkey)
{
if (!$headers[$hkey])
continue;
- if ($hkey=='date' && !empty($headers[$hkey]))
+ if ($hkey == 'date')
{
if ($PRINT_MODE)
$header_value = format_date($headers[$hkey], $CONFIG['date_long'] ? $CONFIG['date_long'] : 'x');
else
$header_value = format_date($headers[$hkey]);
}
- else if (in_array($hkey, array('from', 'to', 'cc', 'bcc', 'reply-to')))
- $header_value = Q(rcmail_address_string($headers[$hkey], NULL, $attrib['addicon']), 'show');
+ else if ($hkey == 'replyto')
+ {
+ if ($headers['replyto'] != $headers['from'])
+ $header_value = Q(rcmail_address_string($headers['replyto'], null, true, $attrib['addicon']), 'show');
+ else
+ continue;
+ }
+ else if (in_array($hkey, array('from', 'to', 'cc', 'bcc')))
+ $header_value = Q(rcmail_address_string($headers[$hkey], null, true, $attrib['addicon']), 'show');
else
$header_value = Q($IMAP->decode_header($headers[$hkey]));
@@ -742,6 +816,14 @@
$out .= '<td class="'.$hkey.'" width="90%">'.$header_value."</td>\n</tr>";
$header_count++;
}
+
+ // all headers division
+ $out .= "\n".'<tr><td colspan="2" class="more-headers show-headers"
+ onclick="return '.JS_OBJECT_NAME.'.command(\'load-headers\', \'\', this)"></td></tr>';
+ $out .= "\n".'<tr id="all-headers"><td colspan="2" class="all"><div id="headers-source"></div></td></tr>';
+
+ $OUTPUT->add_gui_object('all_headers_row', 'all-headers');
+ $OUTPUT->add_gui_object('all_headers_box', 'headers-source');
$out .= "\n</table>\n\n";
@@ -805,8 +887,7 @@
$ctype_secondary = strtolower($MESSAGE->structure->ctype_secondary);
// list images after mail body
- if (get_boolean($attrib['showimages'])
- && $CONFIG['inline_images']
+ if ($CONFIG['inline_images']
&& $ctype_primary == 'multipart'
&& !empty($MESSAGE->attachments)
&& !strstr($message_body, '<html'))
@@ -918,8 +999,8 @@
/**
* decode address string and re-format it as HTML links
*/
-function rcmail_address_string($input, $max=NULL, $addicon=NULL)
- {
+function rcmail_address_string($input, $max=null, $linked=false, $addicon=null)
+{
global $IMAP, $PRINT_MODE, $CONFIG, $OUTPUT, $EMAIL_ADDRESS_PATTERN;
$a_parts = $IMAP->decode_address_list($input);
@@ -931,48 +1012,101 @@
$j = 0;
$out = '';
- foreach ($a_parts as $part)
- {
+ foreach ($a_parts as $part) {
$j++;
- if ($PRINT_MODE)
+ if ($PRINT_MODE) {
$out .= sprintf('%s <%s>', Q($part['name']), $part['mailto']);
- else if (preg_match($EMAIL_ADDRESS_PATTERN, $part['mailto']))
- {
- $out .= sprintf('<a href="mailto:%s" onclick="return %s.command(\'compose\',\'%s\',this)" class="rcmContactAddress" title="%s">%s</a>',
- Q($part['mailto']),
- JS_OBJECT_NAME,
- JQ($part['mailto']),
- Q($part['mailto']),
- Q($part['name']));
-
- if ($addicon)
- $out .= sprintf(' <a href="#add" onclick="return %s.command(\'add-contact\',\'%s\',this)" title="%s"><img src="%s%s" alt="add" border="0" /></a>',
- JS_OBJECT_NAME,
- urlencode($part['string']),
- rcube_label('addtoaddressbook'),
- $CONFIG['skin_path'],
- $addicon);
+ }
+ else if (preg_match($EMAIL_ADDRESS_PATTERN, $part['mailto'])) {
+ if ($linked) {
+ $out .= html::a(array(
+ 'href' => 'mailto:'.$part['mailto'],
+ 'onclick' => sprintf("return %s.command('compose','%s',this)", JS_OBJECT_NAME, JQ($part['mailto'])),
+ 'title' => $part['mailto'],
+ 'class' => "rcmContactAddress",
+ ),
+ Q($part['name']));
}
- else
- {
+ else {
+ $out .= html::span(array('title' => $part['mailto'], 'class' => "rcmContactAddress"), Q($part['name']));
+ }
+
+ if ($addicon) {
+ $out .= ' ' . html::a(array(
+ 'href' => "#add",
+ 'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, urlencode($part['string'])),
+ 'title' => rcube_label('addtoaddressbook'),
+ ),
+ html::img(array(
+ 'src' => $CONFIG['skin_path'] . $addicon,
+ 'alt' => "Add contact",
+ 'border' => 0,
+ )));
+ }
+ }
+ else {
if ($part['name'])
$out .= Q($part['name']);
if ($part['mailto'])
$out .= (strlen($out) ? ' ' : '') . sprintf('<%s>', Q($part['mailto']));
- }
+ }
if ($c>$j)
$out .= ','.($max ? ' ' : ' ');
- if ($max && $j==$max && $c>$j)
- {
+ if ($max && $j==$max && $c>$j) {
$out .= '...';
break;
- }
}
+ }
return $out;
+}
+
+
+/**
+ * Wrap text to a given number of characters per line
+ * but respect the mail quotation of replies messages (>)
+ *
+ * @param string Text to wrap
+ * @param int The line width
+ * @return string The wrapped text
+ */
+function rcmail_wrap_quoted($text, $max = 76)
+{
+ // Rebuild the message body with a maximum of $max chars, while keeping quoted message.
+ $lines = preg_split('/\r?\n/', trim($text));
+ $out = '';
+
+ foreach ($lines as $line) {
+ if (strlen($line) > $max) {
+ if (preg_match('/^([>\s]+)/', $line, $regs)) {
+ $length = strlen($regs[0]);
+ $prefix = substr($line, 0, $length);
+
+ // Remove '> ' from the line, then wordwrap() the line
+ $line = wordwrap(substr($line, $length), $max - $length);
+
+ // Rebuild the line with '> ' at the beginning of each 'subline'
+ $newline = '';
+ foreach (explode("\n", $line) as $l) {
+ $newline .= $prefix . $l . "\n";
+ }
+
+ // Remove the righest newline char
+ $line = rtrim($newline);
+ }
+ else {
+ $line = wordwrap($line, $max);
+ }
+ }
+
+ // Append the line
+ $out .= $line . "\n";
}
+
+ return $out;
+}
function rcmail_message_part_controls()
@@ -1044,7 +1178,7 @@
$msg_body = $message->get();
$headers = $message->headers();
-
+
// send thru SMTP server using custom SMTP library
if ($CONFIG['smtp_server'])
{
@@ -1090,8 +1224,19 @@
$sent = mail($headers_enc['To'], $headers_enc['Subject'], $msg_body, $header_str, "-f$from");
}
- if ($sent) // remove MDN headers after sending
+ if ($sent)
+ {
+ // remove MDN headers after sending
unset($headers['Return-Receipt-To'], $headers['Disposition-Notification-To']);
+
+ if ($CONFIG['smtp_log'])
+ write_log('sendmail', sprintf("[%s] User: %d on %s; Message for %s; %s",
+ date("d-M-Y H:i:s O", mktime()),
+ $_SESSION['user_id'],
+ $_SERVER['REMOTE_ADDR'],
+ $mailto,
+ !empty($smtp_response) ? join('; ', $smtp_response) : ''));
+ }
$message->_headers = array();
$message->headers($headers);
@@ -1176,6 +1321,7 @@
'messages' => 'rcmail_message_list',
'messagecountdisplay' => 'rcmail_messagecount_display',
'quotadisplay' => 'rcmail_quota_display',
+ 'mailboxname' => 'rcmail_mailbox_name_display',
'messageheaders' => 'rcmail_message_headers',
'messagebody' => 'rcmail_message_body',
'messagecontentframe' => 'rcmail_messagecontent_frame',
--
Gitblit v1.9.1