From a3b85d7b8560cdc1057fcaffa3acbd247b4b5b7a Mon Sep 17 00:00:00 2001
From: Thomas B. <thomas@roundcube.net>
Date: Mon, 07 Oct 2013 13:19:03 -0400
Subject: [PATCH] Merge pull request #133 from cwickert/release-0.9-canned-responses
---
plugins/managesieve/managesieve.php | 75 +++++++++++++++++++++++++++++--------
1 files changed, 59 insertions(+), 16 deletions(-)
diff --git a/plugins/managesieve/managesieve.php b/plugins/managesieve/managesieve.php
index 0ddeba5..80face7 100644
--- a/plugins/managesieve/managesieve.php
+++ b/plugins/managesieve/managesieve.php
@@ -62,7 +62,7 @@
"x-beenthere",
);
- const VERSION = '5.2';
+ const VERSION = '6.2';
const PROGNAME = 'Roundcube (Managesieve)';
const PORT = 4190;
@@ -200,10 +200,19 @@
$include_path .= ini_get('include_path');
set_include_path($include_path);
- $host = rcube_parse_host($this->rc->config->get('managesieve_host', 'localhost'));
+ // Get connection parameters
+ $host = $this->rc->config->get('managesieve_host', 'localhost');
+ $port = $this->rc->config->get('managesieve_port');
+ $tls = $this->rc->config->get('managesieve_usetls', false);
+
+ $host = rcube_parse_host($host);
$host = rcube_idn_to_ascii($host);
- $port = $this->rc->config->get('managesieve_port');
+ // remove tls:// prefix, set TLS flag
+ if (($host = preg_replace('|^tls://|i', '', $host, 1, $cnt)) && $cnt) {
+ $tls = true;
+ }
+
if (empty($port)) {
$port = getservbyname('sieve', 'tcp');
if (empty($port)) {
@@ -216,8 +225,8 @@
'password' => $this->rc->decrypt($_SESSION['password']),
'host' => $host,
'port' => $port,
+ 'usetls' => $tls,
'auth_type' => $this->rc->config->get('managesieve_auth_type'),
- 'usetls' => $this->rc->config->get('managesieve_usetls', false),
'disabled' => $this->rc->config->get('managesieve_disabled_extensions'),
'debug' => $this->rc->config->get('managesieve_debug', false),
'auth_cid' => $this->rc->config->get('managesieve_auth_cid'),
@@ -530,9 +539,37 @@
// Init plugin and handle managesieve connection
$error = $this->managesieve_start();
- // filters set add action
- if (!empty($_POST['_newset'])) {
+ // get request size limits (#1488648)
+ $max_post = max(array(
+ ini_get('max_input_vars'),
+ ini_get('suhosin.request.max_vars'),
+ ini_get('suhosin.post.max_vars'),
+ ));
+ $max_depth = max(array(
+ ini_get('suhosin.request.max_array_depth'),
+ ini_get('suhosin.post.max_array_depth'),
+ ));
+ // check request size limit
+ if ($max_post && count($_POST, COUNT_RECURSIVE) >= $max_post) {
+ rcube::raise_error(array(
+ 'code' => 500, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Request size limit exceeded (one of max_input_vars/suhosin.request.max_vars/suhosin.post.max_vars)"
+ ), true, false);
+ $this->rc->output->show_message('managesieve.filtersaveerror', 'error');
+ }
+ // check request depth limits
+ else if ($max_depth && count($_POST['_header']) > $max_depth) {
+ rcube::raise_error(array(
+ 'code' => 500, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => "Request size limit exceeded (one of suhosin.request.max_array_depth/suhosin.post.max_array_depth)"
+ ), true, false);
+ $this->rc->output->show_message('managesieve.filtersaveerror', 'error');
+ }
+ // filters set add action
+ else if (!empty($_POST['_newset'])) {
$name = get_input_value('_name', RCUBE_INPUT_POST, true);
$copy = get_input_value('_copy', RCUBE_INPUT_POST, true);
$from = get_input_value('_from', RCUBE_INPUT_POST);
@@ -798,7 +835,7 @@
case 'fileinto':
case 'fileinto_copy':
- $mailbox = $this->strip_value($mailboxes[$idx]);
+ $mailbox = $this->strip_value($mailboxes[$idx], false, false);
$this->form['actions'][$i]['target'] = $this->mod_mailbox($mailbox, 'in');
if ($type == 'fileinto_copy') {
$type = 'fileinto';
@@ -930,7 +967,7 @@
$this->rc->output->command('parent.managesieve_updatelist',
isset($new) ? 'add' : 'update',
array(
- 'name' => Q($this->form['name']),
+ 'name' => $this->form['name'],
'id' => $fid,
'disabled' => $this->form['disabled']
));
@@ -1012,7 +1049,7 @@
foreach ($list as $idx => $set) {
$scripts['S'.$idx] = $set;
$result[] = array(
- 'name' => Q($set),
+ 'name' => $set,
'id' => 'S'.$idx,
'class' => !in_array($set, $this->active) ? 'disabled' : '',
);
@@ -1057,7 +1094,7 @@
$this->rc->output->set_env('blankpage', $attrib['src'] ?
$this->rc->output->abs_url($attrib['src']) : 'program/resources/blank.gif');
- return html::tag('iframe', $attrib);
+ return $this->rc->output->frame($attrib);
}
function filterset_form($attrib)
@@ -1671,16 +1708,16 @@
private function genid()
{
- $result = preg_replace('/[^0-9]/', '', microtime(true));
- return $result;
+ return preg_replace('/[^0-9]/', '', microtime(true));
}
- private function strip_value($str, $allow_html=false)
+ private function strip_value($str, $allow_html = false, $trim = true)
{
- if (!$allow_html)
+ if (!$allow_html) {
$str = strip_tags($str);
+ }
- return trim($str);
+ return $trim ? trim($str) : $str;
}
private function error_class($id, $type, $target, $elem_prefix='')
@@ -1810,6 +1847,12 @@
// Get active script name
if ($active = $this->sieve->get_active()) {
$this->active = array($active);
+ }
+
+ // Hide scripts from config
+ $exceptions = $this->rc->config->get('managesieve_filename_exceptions');
+ if (!empty($exceptions)) {
+ $this->list = array_diff($this->list, (array)$exceptions);
}
}
@@ -1996,7 +2039,7 @@
$fname = $filter['name'] ? $filter['name'] : "#$i";
$result[] = array(
'id' => $idx,
- 'name' => Q($fname),
+ 'name' => $fname,
'class' => $filter['disabled'] ? 'disabled' : '',
);
$i++;
--
Gitblit v1.9.1