From d0b973cf6aed4a7cb705f706624d25b31d19ed52 Mon Sep 17 00:00:00 2001
From: svncommit <devs@roundcube.net>
Date: Thu, 18 Sep 2008 07:54:14 -0400
Subject: [PATCH] Bind cookie gotten over HTTPS to HTTPS only (#1485336).
---
program/lib/Mail/mimePart.php | 141 +++++++++++++++++++++++++++++++++++++++-------
1 files changed, 118 insertions(+), 23 deletions(-)
diff --git a/program/lib/Mail/mimePart.php b/program/lib/Mail/mimePart.php
index 04c4a97..bd30477 100644
--- a/program/lib/Mail/mimePart.php
+++ b/program/lib/Mail/mimePart.php
@@ -135,10 +135,13 @@
define('MAIL_MIMEPART_CRLF', defined('MAIL_MIME_CRLF') ? MAIL_MIME_CRLF : "\r\n", TRUE);
}
+ $contentType = array();
+ $contentDisp = array();
foreach ($params as $key => $value) {
switch ($key) {
case 'content_type':
- $headers['Content-Type'] = $value . (isset($charset) ? '; charset="' . $charset . '"' : '');
+ $contentType['type'] = $value;
+ //$headers['Content-Type'] = $value . (isset($charset) ? '; charset="' . $charset . '"' : '');
break;
case 'encoding':
@@ -151,15 +154,12 @@
break;
case 'disposition':
- $headers['Content-Disposition'] = $value . (isset($dfilename) ? '; filename="' . $dfilename . '"' : '');
+ $contentDisp['disp'] = $value;
break;
case 'dfilename':
- if (isset($headers['Content-Disposition'])) {
- $headers['Content-Disposition'] .= '; filename="' . $value . '"';
- } else {
- $dfilename = $value;
- }
+ $contentDisp['filename'] = $value;
+ $contentType['name'] = $value;
break;
case 'description':
@@ -167,15 +167,47 @@
break;
case 'charset':
- if (isset($headers['Content-Type'])) {
- $headers['Content-Type'] .= '; charset="' . $value . '"';
- } else {
- $charset = $value;
- }
+ $contentType['charset'] = $value;
+ $contentDisp['charset'] = $value;
break;
+
+ case 'language':
+ $contentType['language'] = $value;
+ $contentDisp['language'] = $value;
+ break;
+
+ case 'location':
+ $headers['Content-Location'] = $value;
+ break;
+
+ }
+ }
+ if (isset($contentType['type'])) {
+ $headers['Content-Type'] = $contentType['type'];
+ if (isset($contentType['name'])) {
+ $headers['Content-Type'] .= ';' . MAIL_MIMEPART_CRLF;
+ $headers['Content-Type'] .= $this->_buildHeaderParam('name', $contentType['name'],
+ isset($contentType['charset']) ? $contentType['charset'] : 'US-ASCII',
+ isset($contentType['language']) ? $contentType['language'] : NULL);
+ } elseif (isset($contentType['charset'])) {
+ $headers['Content-Type'] .= "; charset=\"{$contentType['charset']}\"";
}
}
+
+ if (isset($contentDisp['disp'])) {
+ $headers['Content-Disposition'] = $contentDisp['disp'];
+ if (isset($contentDisp['filename'])) {
+ $headers['Content-Disposition'] .= ';' . MAIL_MIMEPART_CRLF;
+ $headers['Content-Disposition'] .= $this->_buildHeaderParam('filename', $contentDisp['filename'],
+ isset($contentDisp['charset']) ? $contentDisp['charset'] : 'US-ASCII',
+ isset($contentDisp['language']) ? $contentDisp['language'] : NULL);
+ }
+ }
+
+
+
+
// Default content-type
if (!isset($headers['Content-Type'])) {
$headers['Content-Type'] = 'text/plain';
@@ -207,7 +239,7 @@
{
$encoded =& $this->_encoded;
- if (!empty($this->_subparts)) {
+ if (count($this->_subparts)) {
srand((double)microtime()*1000000);
$boundary = '=_' . md5(rand() . microtime());
$this->_headers['Content-Type'] .= ';' . MAIL_MIMEPART_CRLF . "\t" . 'boundary="' . $boundary . '"';
@@ -219,15 +251,15 @@
foreach ($tmp['headers'] as $key => $value) {
$headers[] = $key . ': ' . $value;
}
- $subparts[] = implode(MAIL_MIMEPART_CRLF, $headers) . MAIL_MIMEPART_CRLF . MAIL_MIMEPART_CRLF . $tmp['body'];
+ $subparts[] = implode(MAIL_MIMEPART_CRLF, $headers) . MAIL_MIMEPART_CRLF . MAIL_MIMEPART_CRLF . $tmp['body'] . MAIL_MIMEPART_CRLF;
}
- $encoded['body'] = '--' . $boundary . MAIL_MIMEPART_CRLF .
- implode('--' . $boundary . MAIL_MIMEPART_CRLF, $subparts) .
- '--' . $boundary.'--' . MAIL_MIMEPART_CRLF . MAIL_MIMEPART_CRLF;
+ $encoded['body'] = '--' . $boundary . MAIL_MIMEPART_CRLF .
+ rtrim(implode('--' . $boundary . MAIL_MIMEPART_CRLF , $subparts), MAIL_MIMEPART_CRLF) . MAIL_MIMEPART_CRLF .
+ '--' . $boundary.'--' . MAIL_MIMEPART_CRLF;
} else {
- $encoded['body'] = $this->_getEncodedData($this->_body, $this->_encoding) . MAIL_MIMEPART_CRLF;
+ $encoded['body'] = $this->_getEncodedData($this->_body, $this->_encoding);
}
// Add headers to $encoded
@@ -306,7 +338,7 @@
$escape = '=';
$output = '';
- while(list(, $line) = each($lines)){
+ while (list(, $line) = each($lines)) {
$line = preg_split('||', $line, -1, PREG_SPLIT_NO_EMPTY);
$linlen = count($line);
@@ -316,17 +348,25 @@
$char = $line[$i];
$dec = ord($char);
- if (($dec == 32) AND ($i == ($linlen - 1))){ // convert space at eol only
+ if (($dec == 32) AND ($i == ($linlen - 1))) { // convert space at eol only
$char = '=20';
- } elseif(($dec == 9) AND ($i == ($linlen - 1))) { // convert tab at eol only
+ } elseif (($dec == 9) AND ($i == ($linlen - 1))) { // convert tab at eol only
$char = '=09';
- } elseif($dec == 9) {
+ } elseif ($dec == 9) {
; // Do nothing if a tab.
- } elseif(($dec == 61) OR ($dec < 32 ) OR ($dec > 126)) {
+ } elseif (($dec == 61) OR ($dec < 32 ) OR ($dec > 126)) {
$char = $escape . strtoupper(sprintf('%02s', dechex($dec)));
+ } elseif (($dec == 46) AND (($newline == '') || ((strlen($newline) + strlen("=2E")) >= $line_max))) {
+ //Bug #9722: convert full-stop at bol,
+ //some Windows servers need this, won't break anything (cipri)
+ //Bug #11731: full-stop at bol also needs to be encoded
+ //if this line would push us over the line_max limit.
+ $char = '=2E';
}
+ //Note, when changing this line, also change the ($dec == 46)
+ //check line, as it mimics this line due to Bug #11731
if ((strlen($newline) + strlen($char)) >= $line_max) { // MAIL_MIMEPART_CRLF is not counted
$output .= $newline . $escape . $eol; // soft line break; " =\r\n" is okay
$newline = '';
@@ -338,4 +378,59 @@
$output = substr($output, 0, -1 * strlen($eol)); // Don't want last crlf
return $output;
}
+
+ /**
+ * _buildHeaderParam()
+ *
+ * Encodes the paramater of a header.
+ *
+ * @param $name The name of the header-parameter
+ * @param $value The value of the paramter
+ * @param $charset The characterset of $value
+ * @param $language The language used in $value
+ * @param $maxLength The maximum length of a line. Defauls to 78
+ *
+ * @access private
+ */
+ function _buildHeaderParam($name, $value, $charset=NULL, $language=NULL, $maxLength=78)
+ {
+ // RFC 2183/2184/2822:
+ // value needs encoding if contains non-ASCII chars or is longer than 78 chars
+
+ if (!preg_match('#[^\x20-\x7E]#', $value)) { // ASCII
+ $quoted = addcslashes($value, '\\"');
+ if (strlen($name) + strlen($quoted) + 6 <= $maxLength)
+ return " {$name}=\"{$quoted}\"; ";
+ }
+
+ $encValue = preg_replace('#([^\x20-\x7E])#e', '"%" . strtoupper(dechex(ord("\1")))', $value);
+ $value = "$charset'$language'$encValue";
+
+ $header = " {$name}*=\"{$value}\"; ";
+ if (strlen($header) <= $maxLength) {
+ return $header;
+ }
+
+ $preLength = strlen(" {$name}*0*=\"");
+ $sufLength = strlen("\";");
+ $maxLength = MAX(16, $maxLength - $preLength - $sufLength - 2);
+ $maxLengthReg = "|(.{0,$maxLength}[^\%][^\%])|";
+
+ $headers = array();
+ $headCount = 0;
+ while ($value) {
+ $matches = array();
+ $found = preg_match($maxLengthReg, $value, $matches);
+ if ($found) {
+ $headers[] = " {$name}*{$headCount}*=\"{$matches[0]}\"";
+ $value = substr($value, strlen($matches[0]));
+ } else {
+ $headers[] = " {$name}*{$headCount}*=\"{$value}\"";
+ $value = "";
+ }
+ $headCount++;
+ }
+ $headers = implode(MAIL_MIMEPART_CRLF, $headers) . ';';
+ return $headers;
+ }
} // End of class
--
Gitblit v1.9.1