From bde85428d69069637782d9507475df78890f08d0 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 10 May 2013 03:37:25 -0400
Subject: [PATCH] Fix handling of invalid email addresses in headers (#1489092)
---
program/lib/Roundcube/rcube_mime.php | 331 +++++++++++++++++++++++++++++++++++++++++--------------
1 files changed, 246 insertions(+), 85 deletions(-)
diff --git a/program/lib/Roundcube/rcube_mime.php b/program/lib/Roundcube/rcube_mime.php
index 25ee31d..5968288 100644
--- a/program/lib/Roundcube/rcube_mime.php
+++ b/program/lib/Roundcube/rcube_mime.php
@@ -2,8 +2,6 @@
/*
+-----------------------------------------------------------------------+
- | program/include/rcube_mime.php |
- | |
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2005-2012, The Roundcube Dev Team |
| Copyright (C) 2011-2012, Kolab Systems AG |
@@ -14,13 +12,11 @@
| |
| PURPOSE: |
| MIME message parsing utilities |
- | |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
| Author: Aleksander Machniak <alec@alec.pl> |
+-----------------------------------------------------------------------+
*/
-
/**
* Class for parsing MIME messages
@@ -59,7 +55,7 @@
return $charset;
}
- return RCMAIL_CHARSET;
+ return RCUBE_CHARSET;
}
@@ -131,10 +127,11 @@
* @param int $max List only this number of addresses
* @param boolean $decode Decode address strings
* @param string $fallback Fallback charset if none specified
+ * @param boolean $addronly Return flat array with e-mail addresses only
*
- * @return array Indexed list of addresses
+ * @return array Indexed list of addresses
*/
- static function decode_address_list($input, $max = null, $decode = true, $fallback = null)
+ static function decode_address_list($input, $max = null, $decode = true, $fallback = null, $addronly = false)
{
$a = self::parse_address_list($input, $decode, $fallback);
$out = array();
@@ -149,20 +146,21 @@
foreach ($a as $val) {
$j++;
$address = trim($val['address']);
- $name = trim($val['name']);
- if ($name && $address && $name != $address)
- $string = sprintf('%s <%s>', preg_match("/$special_chars/", $name) ? '"'.addcslashes($name, '"').'"' : $name, $address);
- else if ($address)
- $string = $address;
- else if ($name)
- $string = $name;
+ if ($addronly) {
+ $out[$j] = $address;
+ }
+ else {
+ $name = trim($val['name']);
+ if ($name && $address && $name != $address)
+ $string = sprintf('%s <%s>', preg_match("/$special_chars/", $name) ? '"'.addcslashes($name, '"').'"' : $name, $address);
+ else if ($address)
+ $string = $address;
+ else if ($name)
+ $string = $name;
- $out[$j] = array(
- 'name' => $name,
- 'mailto' => $address,
- 'string' => $string
- );
+ $out[$j] = array('name' => $name, 'mailto' => $address, 'string' => $string);
+ }
if ($max && $j==$max)
break;
@@ -363,6 +361,11 @@
$address = $m[1];
$name = '';
}
+ // special case (#1489092)
+ else if (preg_match('/(\s*<MAILER-DAEMON>)$/', $val, $m)) {
+ $address = 'MAILER-DAEMON';
+ $name = substr($val, 0, -strlen($m[1]));
+ }
else {
$name = $val;
}
@@ -480,13 +483,20 @@
$q_level = 0;
foreach ($text as $idx => $line) {
- if ($line[0] == '>' && preg_match('/^(>+\s*)/', $line, $regs)) {
- $q = strlen(str_replace(' ', '', $regs[0]));
- $line = substr($line, strlen($regs[0]));
+ if (preg_match('/^(>+)/', $line, $m)) {
+ // remove quote chars
+ $q = strlen($m[1]);
+ $line = preg_replace('/^>+/', '', $line);
+ // remove (optional) space-staffing
+ $line = preg_replace('/^ /', '', $line);
- if ($q == $q_level && $line
- && isset($text[$last])
- && $text[$last][strlen($text[$last])-1] == ' '
+ // The same paragraph (We join current line with the previous one) when:
+ // - the same level of quoting
+ // - previous line was flowed
+ // - previous line contains more than only one single space (and quote char(s))
+ if ($q == $q_level
+ && isset($text[$last]) && $text[$last][strlen($text[$last])-1] == ' '
+ && !preg_match('/^>+ {0,1}$/', $text[$last])
) {
$text[$last] .= $line;
unset($text[$idx]);
@@ -539,10 +549,13 @@
foreach ($text as $idx => $line) {
if ($line != '-- ') {
- if ($line[0] == '>' && preg_match('/^(>+ {0,1})+/', $line, $regs)) {
- $level = substr_count($regs[0], '>');
+ if (preg_match('/^(>+)/', $line, $m)) {
+ // remove quote chars
+ $level = strlen($m[1]);
+ $line = preg_replace('/^>+/', '', $line);
+ // remove (optional) space-staffing and spaces before the line end
+ $line = preg_replace('/(^ | +$)/', '', $line);
$prefix = str_repeat('>', $level) . ' ';
- $line = rtrim(substr($line, strlen($regs[0])));
$line = $prefix . self::wordwrap($line, $length - $level - 2, " \r\n$prefix", false, $charset);
}
else if ($line) {
@@ -560,100 +573,144 @@
/**
- * Improved wordwrap function.
+ * Improved wordwrap function with multibyte support.
+ * The code is based on Zend_Text_MultiByte::wordWrap().
*
- * @param string $string Text to wrap
- * @param int $width Line width
- * @param string $break Line separator
- * @param bool $cut Enable to cut word
- * @param string $charset Charset of $string
+ * @param string $string Text to wrap
+ * @param int $width Line width
+ * @param string $break Line separator
+ * @param bool $cut Enable to cut word
+ * @param string $charset Charset of $string
+ * @param bool $wrap_quoted When enabled quoted lines will not be wrapped
*
* @return string Text
*/
- public static function wordwrap($string, $width=75, $break="\n", $cut=false, $charset=null)
+ public static function wordwrap($string, $width=75, $break="\n", $cut=false, $charset=null, $wrap_quoted=true)
{
- if ($charset && function_exists('mb_internal_encoding'))
- mb_internal_encoding($charset);
+ if (!$charset) {
+ $charset = RCUBE_CHARSET;
+ }
- $para = preg_split('/\r?\n/', $string);
- $string = '';
+ // detect available functions
+ $strlen_func = function_exists('iconv_strlen') ? 'iconv_strlen' : 'mb_strlen';
+ $strpos_func = function_exists('iconv_strpos') ? 'iconv_strpos' : 'mb_strpos';
+ $strrpos_func = function_exists('iconv_strrpos') ? 'iconv_strrpos' : 'mb_strrpos';
+ $substr_func = function_exists('iconv_substr') ? 'iconv_substr' : 'mb_substr';
- while (count($para)) {
- $line = array_shift($para);
- if ($line[0] == '>') {
- $string .= $line.$break;
- continue;
- }
+ // Convert \r\n to \n, this is our line-separator
+ $string = str_replace("\r\n", "\n", $string);
+ $separator = "\n"; // must be 1 character length
+ $result = array();
- $list = explode(' ', $line);
- $len = 0;
- while (count($list)) {
- $line = array_shift($list);
- $l = mb_strlen($line);
- $newlen = $len + $l + ($len ? 1 : 0);
+ while (($stringLength = $strlen_func($string, $charset)) > 0) {
+ $breakPos = $strpos_func($string, $separator, 0, $charset);
- if ($newlen <= $width) {
- $string .= ($len ? ' ' : '').$line;
- $len += (1 + $l);
+ // quoted line (do not wrap)
+ if ($wrap_quoted && $string[0] == '>') {
+ if ($breakPos === $stringLength - 1 || $breakPos === false) {
+ $subString = $string;
+ $cutLength = null;
}
else {
- if ($l > $width) {
- if ($cut) {
- $start = 0;
- while ($l) {
- $str = mb_substr($line, $start, $width);
- $strlen = mb_strlen($str);
- $string .= ($len ? $break : '').$str;
- $start += $strlen;
- $l -= $strlen;
- $len = $strlen;
+ $subString = $substr_func($string, 0, $breakPos, $charset);
+ $cutLength = $breakPos + 1;
+ }
+ }
+ // next line found and current line is shorter than the limit
+ else if ($breakPos !== false && $breakPos < $width) {
+ if ($breakPos === $stringLength - 1) {
+ $subString = $string;
+ $cutLength = null;
+ }
+ else {
+ $subString = $substr_func($string, 0, $breakPos, $charset);
+ $cutLength = $breakPos + 1;
+ }
+ }
+ else {
+ $subString = $substr_func($string, 0, $width, $charset);
+
+ // last line
+ if ($breakPos === false && $subString === $string) {
+ $cutLength = null;
+ }
+ else {
+ $nextChar = $substr_func($string, $width, 1, $charset);
+
+ if ($nextChar === ' ' || $nextChar === $separator) {
+ $afterNextChar = $substr_func($string, $width + 1, 1, $charset);
+
+ if ($afterNextChar === false) {
+ $subString .= $nextChar;
+ }
+
+ $cutLength = $strlen_func($subString, $charset) + 1;
+ }
+ else {
+ if ($strrpos_func[0] == 'm') {
+ $spacePos = $strrpos_func($subString, ' ', 0, $charset);
+ }
+ else {
+ $spacePos = $strrpos_func($subString, ' ', $charset);
+ }
+
+ if ($spacePos !== false) {
+ $subString = $substr_func($subString, 0, $spacePos, $charset);
+ $cutLength = $spacePos + 1;
+ }
+ else if ($cut === false) {
+ $spacePos = $strpos_func($string, ' ', 0, $charset);
+
+ if ($spacePos !== false && $spacePos < $breakPos) {
+ $subString = $substr_func($string, 0, $spacePos, $charset);
+ $cutLength = $spacePos + 1;
+ }
+ else {
+ $subString = $substr_func($string, 0, $breakPos, $charset);
+ $cutLength = $breakPos + 1;
}
}
else {
- $string .= ($len ? $break : '').$line;
- if (count($list)) {
- $string .= $break;
- }
- $len = 0;
+ $subString = $substr_func($subString, 0, $width, $charset);
+ $cutLength = $width;
}
- }
- else {
- $string .= $break.$line;
- $len = $l;
}
}
}
- if (count($para)) {
- $string .= $break;
+ $result[] = $subString;
+
+ if ($cutLength !== null) {
+ $string = $substr_func($string, $cutLength, ($stringLength - $cutLength), $charset);
+ }
+ else {
+ break;
}
}
- if ($charset && function_exists('mb_internal_encoding'))
- mb_internal_encoding(RCMAIL_CHARSET);
-
- return $string;
+ return implode($break, $result);
}
/**
* A method to guess the mime_type of an attachment.
*
- * @param string $path Path to the file.
+ * @param string $path Path to the file or file contents
* @param string $name File name (with suffix)
- * @param string $failover Mime type supplied for failover.
- * @param string $is_stream Set to True if $path contains file body
+ * @param string $failover Mime type supplied for failover
+ * @param boolean $is_stream Set to True if $path contains file contents
+ * @param boolean $skip_suffix Set to True if the config/mimetypes.php mappig should be ignored
*
* @return string
* @author Till Klampaeckel <till@php.net>
* @see http://de2.php.net/manual/en/ref.fileinfo.php
* @see http://de2.php.net/mime_content_type
*/
- public static function file_content_type($path, $name, $failover = 'application/octet-stream', $is_stream = false)
+ public static function file_content_type($path, $name, $failover = 'application/octet-stream', $is_stream = false, $skip_suffix = false)
{
$mime_type = null;
$mime_magic = rcube::get_instance()->config->get('mime_magic');
- $mime_ext = @include RCUBE_CONFIG_DIR . '/mimetypes.php';
+ $mime_ext = $skip_suffix ? null : @include(RCUBE_CONFIG_DIR . '/mimetypes.php');
// use file name suffix with hard-coded mime-type map
if (is_array($mime_ext) && $name) {
@@ -664,7 +721,16 @@
// try fileinfo extension if available
if (!$mime_type && function_exists('finfo_open')) {
- if ($finfo = finfo_open(FILEINFO_MIME, $mime_magic)) {
+ // null as a 2nd argument should be the same as no argument
+ // this however is not true on all systems/versions
+ if ($mime_magic) {
+ $finfo = finfo_open(FILEINFO_MIME, $mime_magic);
+ }
+ else {
+ $finfo = finfo_open(FILEINFO_MIME);
+ }
+
+ if ($finfo) {
if ($is_stream)
$mime_type = finfo_buffer($finfo, $path);
else
@@ -693,6 +759,101 @@
/**
+ * Get mimetype => file extension mapping
+ *
+ * @param string Mime-Type to get extensions for
+ * @return array List of extensions matching the given mimetype or a hash array with ext -> mimetype mappings if $mimetype is not given
+ */
+ public static function get_mime_extensions($mimetype = null)
+ {
+ static $mime_types, $mime_extensions;
+
+ // return cached data
+ if (is_array($mime_types)) {
+ return $mimetype ? $mime_types[$mimetype] : $mime_extensions;
+ }
+
+ // load mapping file
+ $file_paths = array();
+
+ if ($mime_types = rcube::get_instance()->config->get('mime_types')) {
+ $file_paths[] = $mime_types;
+ }
+
+ // try common locations
+ if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN') {
+ $file_paths[] = 'C:/xampp/apache/conf/mime.types.';
+ }
+ else {
+ $file_paths[] = '/etc/mime.types';
+ $file_paths[] = '/etc/httpd/mime.types';
+ $file_paths[] = '/etc/httpd2/mime.types';
+ $file_paths[] = '/etc/apache/mime.types';
+ $file_paths[] = '/etc/apache2/mime.types';
+ $file_paths[] = '/usr/local/etc/httpd/conf/mime.types';
+ $file_paths[] = '/usr/local/etc/apache/conf/mime.types';
+ }
+
+ foreach ($file_paths as $fp) {
+ if (is_readable($fp)) {
+ $lines = file($fp, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
+ break;
+ }
+ }
+
+ $mime_types = $mime_extensions = array();
+ $regex = "/([\w\+\-\.\/]+)\t+([\w\s]+)/i";
+ foreach((array)$lines as $line) {
+ // skip comments or mime types w/o any extensions
+ if ($line[0] == '#' || !preg_match($regex, $line, $matches))
+ continue;
+
+ $mime = $matches[1];
+ foreach (explode(' ', $matches[2]) as $ext) {
+ $ext = trim($ext);
+ $mime_types[$mime][] = $ext;
+ $mime_extensions[$ext] = $mime;
+ }
+ }
+
+ // fallback to some well-known types most important for daily emails
+ if (empty($mime_types)) {
+ $mime_extensions = (array) @include(RCUBE_CONFIG_DIR . '/mimetypes.php');
+
+ foreach ($mime_extensions as $ext => $mime) {
+ $mime_types[$mime][] = $ext;
+ }
+ }
+
+ // Add some known aliases that aren't included by some mime.types (#1488891)
+ // the order is important here so standard extensions have higher prio
+ $aliases = array(
+ 'image/gif' => array('gif'),
+ 'image/png' => array('png'),
+ 'image/x-png' => array('png'),
+ 'image/jpeg' => array('jpg', 'jpeg', 'jpe'),
+ 'image/jpg' => array('jpg', 'jpeg', 'jpe'),
+ 'image/pjpeg' => array('jpg', 'jpeg', 'jpe'),
+ 'image/tiff' => array('tif'),
+ 'message/rfc822' => array('eml'),
+ 'text/x-mail' => array('eml'),
+ );
+
+ foreach ($aliases as $mime => $exts) {
+ $mime_types[$mime] = array_unique(array_merge((array) $mime_types[$mime], $exts));
+
+ foreach ($exts as $ext) {
+ if (!isset($mime_extensions[$ext])) {
+ $mime_extensions[$ext] = $mime;
+ }
+ }
+ }
+
+ return $mimetype ? $mime_types[$mimetype] : $mime_extensions;
+ }
+
+
+ /**
* Detect image type of the given binary data by checking magic numbers.
*
* @param string $data Binary file content
--
Gitblit v1.9.1