From fb061aaecead8248d1a5cc43cc9593832d7bbdc0 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Tue, 08 Mar 2011 03:07:43 -0500
Subject: [PATCH] Use PHPs session_regenerte_id() instead of using (unreliable) mt_rand() function (#1486281)
---
program/steps/mail/func.inc | 25 +++++++++++++++----------
1 files changed, 15 insertions(+), 10 deletions(-)
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 9abfef7..0903176 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -1194,15 +1194,19 @@
*/
function rcmail_alter_html_link($matches)
{
- global $EMAIL_ADDRESS_PATTERN;
+ global $RCMAIL, $EMAIL_ADDRESS_PATTERN;
$tag = $matches[1];
$attrib = parse_attrib_string($matches[2]);
$end = '>';
+ // Remove non-printable characters in URL (#1487805)
+ $attrib['href'] = preg_replace('/[\x00-\x1F]/', '', $attrib['href']);
+
if ($tag == 'link' && preg_match('/^https?:\/\//i', $attrib['href'])) {
- $attrib['href'] = "?_task=utils&_action=modcss&u=" . urlencode($attrib['href'])
- . "&c=" . urlencode($GLOBALS['rcmail_html_container_id']);
+ $tempurl = 'tmp-' . md5($attrib['href']) . '.css';
+ $_SESSION['modcssurls'][$tempurl] = $attrib['href'];
+ $attrib['href'] = $RCMAIL->url(array('task' => 'utils', 'action' => 'modcss', 'u' => $tempurl, 'c' => $GLOBALS['rcmail_html_container_id']));
$end = ' />';
}
else if (preg_match('/^mailto:'.$EMAIL_ADDRESS_PATTERN.'(\?[^"\'>]+)?/i', $attrib['href'], $mailto)) {
@@ -1250,17 +1254,17 @@
// IDNA ASCII to Unicode
if ($name == $mailto)
- $name = idn_to_utf8($name);
+ $name = rcube_idn_to_utf8($name);
if ($string == $mailto)
- $string = idn_to_utf8($string);
- $mailto = idn_to_utf8($mailto);
+ $string = rcube_idn_to_utf8($string);
+ $mailto = rcube_idn_to_utf8($mailto);
if ($PRINT_MODE) {
$out .= sprintf('%s <%s>', Q($name), $mailto);
}
else if (check_email($part['mailto'], false)) {
if ($linked) {
- $out .= html::a(array(
+ $address = html::a(array(
'href' => 'mailto:'.$mailto,
'onclick' => sprintf("return %s.command('compose','%s',this)", JS_OBJECT_NAME, JQ($mailto)),
'title' => $mailto,
@@ -1269,12 +1273,12 @@
Q($name ? $name : $mailto));
}
else {
- $out .= html::span(array('title' => $mailto, 'class' => "rcmContactAddress"),
+ $address = html::span(array('title' => $mailto, 'class' => "rcmContactAddress"),
Q($name ? $name : $mailto));
}
if ($addicon && $got_writable_abook) {
- $out .= ' ' . html::a(array(
+ $address = html::span(null, $address . html::a(array(
'href' => "#add",
'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, urlencode($string)),
'title' => rcube_label('addtoaddressbook'),
@@ -1282,8 +1286,9 @@
html::img(array(
'src' => $CONFIG['skin_path'] . $addicon,
'alt' => "Add contact",
- )));
+ ))));
}
+ $out .= $address;
}
else {
if ($name)
--
Gitblit v1.9.1