From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/steps/mail/func.inc | 1490 +++++++++++++++++++++++++++++++++--------------------------
1 files changed, 835 insertions(+), 655 deletions(-)
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 629e68b..28e6baa 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -5,8 +5,11 @@
| program/steps/mail/func.inc |
| |
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2005-2010, Roundcube Dev. - Switzerland |
- | Licensed under the GNU GPL |
+ | Copyright (C) 2005-2012, The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
| |
| PURPOSE: |
| Provide webmail functionality and GUI objects |
@@ -14,51 +17,34 @@
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
-
- $Id$
-
*/
// setup some global vars used by mail steps
$SENT_MBOX = $RCMAIL->config->get('sent_mbox');
$DRAFTS_MBOX = $RCMAIL->config->get('drafts_mbox');
-$SEARCH_MODS_DEFAULT = array('*' => array('subject'=>1, 'from'=>1), $SENT_MBOX => array('subject'=>1, 'to'=>1), $DRAFTS_MBOX => array('subject'=>1, 'to'=>1));
+$SEARCH_MODS_DEFAULT = array(
+ '*' => array('subject'=>1, 'from'=>1),
+ $SENT_MBOX => array('subject'=>1, 'to'=>1),
+ $DRAFTS_MBOX => array('subject'=>1, 'to'=>1)
+);
-// Simplified for IDN in Unicode
-//$EMAIL_ADDRESS_PATTERN = '([a-z0-9][a-z0-9\-\.\+\_]*@[a-z0-9][a-z0-9\-\.]*\\.[a-z]{2,5})';
-$EMAIL_ADDRESS_PATTERN = '([a-z0-9][a-z0-9\-\.\+\_]*@[^&@"\'.][^@&"\']*\\.[a-z]{2,5})';
-
-// actions that do not require imap connection here
-$NOIMAP_ACTIONS = array('addcontact', 'autocomplete', 'upload', 'display-attachment', 'remove-attachment', 'get');
-
-// always instantiate imap object (but not yet connect to server)
-$RCMAIL->imap_init();
-
-// log in to imap server
-if (!in_array($RCMAIL->action, $NOIMAP_ACTIONS) && !$RCMAIL->imap_connect()) {
- $RCMAIL->kill_session();
-
- if ($OUTPUT->ajax_call)
- $OUTPUT->redirect(array(), 2000);
-
- $OUTPUT->set_env('task', 'login');
- $OUTPUT->send('login');
-}
+// always instantiate storage object (but not connect to server yet)
+$RCMAIL->storage_init();
// set imap properties and session vars
-if ($mbox = get_input_value('_mbox', RCUBE_INPUT_GPC))
- $IMAP->set_mailbox(($_SESSION['mbox'] = $mbox));
-else if ($IMAP)
- $_SESSION['mbox'] = $IMAP->get_mailbox_name();
+if (strlen(trim($mbox = get_input_value('_mbox', RCUBE_INPUT_GPC, true))))
+ $RCMAIL->storage->set_folder(($_SESSION['mbox'] = $mbox));
+else if ($RCMAIL->storage)
+ $_SESSION['mbox'] = $RCMAIL->storage->get_folder();
if (!empty($_GET['_page']))
- $IMAP->set_page(($_SESSION['page'] = intval($_GET['_page'])));
+ $RCMAIL->storage->set_page(($_SESSION['page'] = intval($_GET['_page'])));
// set default sort col/order to session
if (!isset($_SESSION['sort_col']))
- $_SESSION['sort_col'] = $CONFIG['message_sort_col'];
+ $_SESSION['sort_col'] = !empty($CONFIG['message_sort_col']) ? $CONFIG['message_sort_col'] : '';
if (!isset($_SESSION['sort_order']))
- $_SESSION['sort_order'] = $CONFIG['message_sort_order'];
+ $_SESSION['sort_order'] = strtoupper($CONFIG['message_sort_order']) == 'ASC' ? 'ASC' : 'DESC';
// set threads mode
$a_threading = $RCMAIL->config->get('message_threading', array());
@@ -69,58 +55,56 @@
unset($a_threading[$_SESSION['mbox']]);
$RCMAIL->user->save_prefs(array('message_threading' => $a_threading));
}
-$IMAP->set_threading($a_threading[$_SESSION['mbox']]);
+$RCMAIL->storage->set_threading($a_threading[$_SESSION['mbox']]);
// set message set for search result
if (!empty($_REQUEST['_search']) && isset($_SESSION['search'])
&& $_SESSION['search_request'] == $_REQUEST['_search']
) {
- $IMAP->set_search_set($_SESSION['search']);
+ $RCMAIL->storage->set_search_set($_SESSION['search']);
$OUTPUT->set_env('search_request', $_REQUEST['_search']);
$OUTPUT->set_env('search_text', $_SESSION['last_text_search']);
}
// set main env variables, labels and page title
if (empty($RCMAIL->action) || $RCMAIL->action == 'list') {
- $mbox_name = $IMAP->get_mailbox_name();
+ // connect to storage server and trigger error on failure
+ $RCMAIL->storage_connect();
+
+ $mbox_name = $RCMAIL->storage->get_folder();
if (empty($RCMAIL->action)) {
// initialize searching result if search_filter is used
if ($_SESSION['search_filter'] && $_SESSION['search_filter'] != 'ALL') {
$search_request = md5($mbox_name.$_SESSION['search_filter']);
- $IMAP->search($mbox_name, $_SESSION['search_filter'], RCMAIL_CHARSET, $_SESSION['sort_col']);
- $_SESSION['search'] = $IMAP->get_search_set();
+ $RCMAIL->storage->search($mbox_name, $_SESSION['search_filter'], RCMAIL_CHARSET, rcmail_sort_column());
+ $_SESSION['search'] = $RCMAIL->storage->get_search_set();
$_SESSION['search_request'] = $search_request;
$OUTPUT->set_env('search_request', $search_request);
- }
+ }
- $search_mods = $RCMAIL->config->get('search_mods', $SEARCH_MODS_DEFAULT);
- $OUTPUT->set_env('search_mods', $search_mods);
+ $search_mods = $RCMAIL->config->get('search_mods', $SEARCH_MODS_DEFAULT);
+ $OUTPUT->set_env('search_mods', $search_mods);
}
+
+ $threading = (bool) $RCMAIL->storage->get_threading();
// set current mailbox and some other vars in client environment
$OUTPUT->set_env('mailbox', $mbox_name);
- $OUTPUT->set_env('pagesize', $IMAP->page_size);
- $OUTPUT->set_env('quota', $IMAP->get_capability('quota'));
- $OUTPUT->set_env('delimiter', $IMAP->get_hierarchy_delimiter());
- $OUTPUT->set_env('threading', (bool) $IMAP->threading);
- $OUTPUT->set_env('threads', $IMAP->threading
- || $IMAP->get_capability('thread=references')
- || $IMAP->get_capability('thread=orderedsubject')
- || $IMAP->get_capability('thread=refs')
- );
-
- if ($CONFIG['flag_for_deletion'])
- $OUTPUT->set_env('flag_for_deletion', true);
- if ($CONFIG['read_when_deleted'])
- $OUTPUT->set_env('read_when_deleted', true);
- if ($CONFIG['skip_deleted'])
- $OUTPUT->set_env('skip_deleted', true);
- if ($CONFIG['display_next'])
- $OUTPUT->set_env('display_next', true);
-
+ $OUTPUT->set_env('pagesize', $RCMAIL->storage->get_pagesize());
+ $OUTPUT->set_env('delimiter', $RCMAIL->storage->get_hierarchy_delimiter());
+ $OUTPUT->set_env('threading', $threading);
+ $OUTPUT->set_env('threads', $threading || $RCMAIL->storage->get_capability('THREAD'));
$OUTPUT->set_env('preview_pane_mark_read', $RCMAIL->config->get('preview_pane_mark_read', 0));
+ if ($RCMAIL->storage->get_capability('QUOTA')) {
+ $OUTPUT->set_env('quota', true);
+ }
+
+ foreach (array('delete_junk','flag_for_deletion','read_when_deleted','skip_deleted','display_next','message_extwin','compose_extwin','forward_attachment') as $prop) {
+ if ($CONFIG[$prop])
+ $OUTPUT->set_env($prop, true);
+ }
if ($CONFIG['trash_mbox'])
$OUTPUT->set_env('trash_mailbox', $CONFIG['trash_mbox']);
@@ -129,20 +113,87 @@
if ($CONFIG['junk_mbox'])
$OUTPUT->set_env('junk_mailbox', $CONFIG['junk_mbox']);
+ if (!empty($_SESSION['browser_caps']))
+ $OUTPUT->set_env('browser_capabilities', $_SESSION['browser_caps']);
+
if (!$OUTPUT->ajax_call)
$OUTPUT->add_label('checkingmail', 'deletemessage', 'movemessagetotrash',
- 'movingmessage', 'copyingmessage', 'copy', 'move', 'quota');
+ 'movingmessage', 'copyingmessage', 'deletingmessage', 'markingmessage',
+ 'copy', 'move', 'quota');
- $OUTPUT->set_pagetitle(rcmail_localize_foldername($mbox_name));
+ $OUTPUT->set_pagetitle(rcmail_localize_foldername($RCMAIL->storage->mod_folder($mbox_name)));
}
+/**
+ * Returns 'to' if current folder is configured Sent or Drafts
+ * or their subfolders, otherwise returns 'from'.
+ *
+ * @return string Column name
+ */
+function rcmail_message_list_smart_column_name()
+{
+ global $RCMAIL;
+
+ $delim = $RCMAIL->storage->get_hierarchy_delimiter();
+ $mbox = $RCMAIL->storage->get_folder();
+ $sent_mbox = $RCMAIL->config->get('sent_mbox');
+ $drafts_mbox = $RCMAIL->config->get('drafts_mbox');
+
+ if (strpos($mbox.$delim, $sent_mbox.$delim) === 0 || strpos($mbox.$delim, $drafts_mbox.$delim) === 0) {
+ return 'to';
+ }
+
+ return 'from';
+}
+
+/**
+ * Returns configured messages list sorting column name
+ * The name is context-sensitive, which means if sorting is set to 'fromto'
+ * it will return 'from' or 'to' according to current folder type.
+ *
+ * @return string Column name
+ */
+function rcmail_sort_column()
+{
+ global $RCMAIL;
+
+ if (isset($_SESSION['sort_col'])) {
+ $column = $_SESSION['sort_col'];
+ }
+ else {
+ $column = $RCMAIL->config->get('message_sort_col');
+ }
+
+ // get name of smart From/To column in folder context
+ if ($column == 'fromto') {
+ $column = rcmail_message_list_smart_column_name();
+ }
+
+ return $column;
+}
+
+/**
+ * Returns configured message list sorting order
+ *
+ * @return string Sorting order (ASC|DESC)
+ */
+function rcmail_sort_order()
+{
+ global $RCMAIL;
+
+ if (isset($_SESSION['sort_order'])) {
+ return $_SESSION['sort_order'];
+ }
+
+ return $RCMAIL->config->get('message_sort_order');
+}
/**
* return the message list as HTML table
*/
function rcmail_message_list($attrib)
{
- global $IMAP, $CONFIG, $OUTPUT;
+ global $CONFIG, $OUTPUT;
// add some labels to client
$OUTPUT->add_label('from', 'to');
@@ -163,15 +214,6 @@
// save some variables for use in ajax list
$_SESSION['list_attrib'] = $attrib;
-
- $mbox = $IMAP->get_mailbox_name();
- $delim = $IMAP->get_hierarchy_delimiter();
-
- // show 'to' instead of 'from' in sent/draft messages
- if ((strpos($mbox.$delim, $CONFIG['sent_mbox'].$delim)===0 || strpos($mbox.$delim, $CONFIG['drafts_mbox'].$delim)===0)
- && (($f = array_search('from', $a_show_cols)) !== false) && array_search('to', $a_show_cols) === false)
- $a_show_cols[$f] = 'to';
-
// make sure 'threads' and 'subject' columns are present
if (!in_array('subject', $a_show_cols))
array_unshift($a_show_cols, 'subject');
@@ -207,7 +249,7 @@
*/
function rcmail_js_message_list($a_headers, $insert_top=FALSE, $a_show_cols=null)
{
- global $CONFIG, $IMAP, $RCMAIL, $OUTPUT;
+ global $CONFIG, $RCMAIL, $OUTPUT;
if (empty($a_show_cols)) {
if (!empty($_SESSION['list_attrib']['columns']))
@@ -221,8 +263,7 @@
$head_replace = true;
}
- $mbox = $IMAP->get_mailbox_name();
- $delim = $IMAP->get_hierarchy_delimiter();
+ $mbox = $RCMAIL->storage->get_folder();
// make sure 'threads' and 'subject' columns are present
if (!in_array('subject', $a_show_cols))
@@ -232,15 +273,10 @@
$_SESSION['list_attrib']['columns'] = $a_show_cols;
- // show 'to' instead of 'from' in sent/draft messages
- if ((strpos($mbox.$delim, $CONFIG['sent_mbox'].$delim)===0 || strpos($mbox.$delim, $CONFIG['drafts_mbox'].$delim)===0)
- && (($f = array_search('from', $a_show_cols)) !== false) && array_search('to', $a_show_cols) === false)
- $a_show_cols[$f] = 'to';
-
// Make sure there are no duplicated columns (#1486999)
$a_show_cols = array_unique($a_show_cols);
- // Plugins may set header's list_cols/list_flags and other rcube_mail_header variables
+ // Plugins may set header's list_cols/list_flags and other rcube_message_header variables
// and list columns
$plugin = $RCMAIL->plugins->exec_hook('messages_list',
array('messages' => $a_headers, 'cols' => $a_show_cols));
@@ -250,13 +286,18 @@
$thead = $head_replace ? rcmail_message_list_head($_SESSION['list_attrib'], $a_show_cols) : NULL;
- $OUTPUT->command('set_message_coltypes', $a_show_cols, $thead);
+ // get name of smart From/To column in folder context
+ if (($f = array_search('fromto', $a_show_cols)) !== false) {
+ $smart_col = rcmail_message_list_smart_column_name();
+ }
+
+ $OUTPUT->command('set_message_coltypes', $a_show_cols, $thead, $smart_col);
if (empty($a_headers))
return;
// remove 'threads', 'attachment', 'flag', 'status' columns, we don't need them here
- foreach (array('threads', 'attachment', 'flag', 'status') as $col) {
+ foreach (array('threads', 'attachment', 'flag', 'status', 'priority') as $col) {
if (($key = array_search($col, $a_show_cols)) !== FALSE)
unset($a_show_cols[$key]);
}
@@ -269,20 +310,20 @@
$a_msg_cols = array();
$a_msg_flags = array();
- $IMAP->set_charset(!empty($header->charset) ? $header->charset : $CONFIG['default_charset']);
-
// format each col; similar as in rcmail_message_list()
foreach ($a_show_cols as $col) {
- if (in_array($col, array('from', 'to', 'cc', 'replyto')))
- $cont = Q(rcmail_address_string($header->$col, 3), 'show');
- else if ($col=='subject') {
- $cont = abbreviate_string(trim($IMAP->decode_header($header->$col)), 160);
+ $col_name = $col == 'fromto' ? $smart_col : $col;
+
+ if (in_array($col_name, array('from', 'to', 'cc', 'replyto')))
+ $cont = rcmail_address_string($header->$col_name, 3, false, null, $header->charset);
+ else if ($col == 'subject') {
+ $cont = trim(rcube_mime::decode_header($header->$col, $header->charset));
if (!$cont) $cont = rcube_label('nosubject');
$cont = Q($cont);
}
- else if ($col=='size')
+ else if ($col == 'size')
$cont = show_bytes($header->$col);
- else if ($col=='date')
+ else if ($col == 'date')
$cont = format_date($header->date);
else
$cont = Q($header->$col);
@@ -290,6 +331,7 @@
$a_msg_cols[$col] = $cont;
}
+ $a_msg_flags = array_change_key_case(array_map('intval', (array) $header->flags));
if ($header->depth)
$a_msg_flags['depth'] = $header->depth;
else if ($header->has_children)
@@ -300,23 +342,15 @@
$a_msg_flags['has_children'] = $header->has_children;
if ($header->unread_children)
$a_msg_flags['unread_children'] = $header->unread_children;
- if ($header->deleted)
- $a_msg_flags['deleted'] = 1;
- if (!$header->seen)
- $a_msg_flags['unread'] = 1;
- if ($header->answered)
- $a_msg_flags['replied'] = 1;
- if ($header->forwarded)
- $a_msg_flags['forwarded'] = 1;
- if ($header->flagged)
- $a_msg_flags['flagged'] = 1;
if ($header->others['list-post'])
$a_msg_flags['ml'] = 1;
+ if ($header->priority)
+ $a_msg_flags['prio'] = (int) $header->priority;
$a_msg_flags['ctype'] = Q($header->ctype);
$a_msg_flags['mbox'] = $mbox;
- // merge with plugin result
+ // merge with plugin result (Deprecated, use $header->flags)
if (!empty($header->list_flags) && is_array($header->list_flags))
$a_msg_flags = array_merge($a_msg_flags, $header->list_flags);
if (!empty($header->list_cols) && is_array($header->list_cols))
@@ -329,8 +363,8 @@
$insert_top);
}
- if ($IMAP->threading) {
- $OUTPUT->command('init_threads', (array) $roots);
+ if ($RCMAIL->storage->get_threading()) {
+ $OUTPUT->command('init_threads', (array) $roots, $mbox);
}
}
@@ -340,7 +374,7 @@
*/
function rcmail_message_list_head($attrib, $a_show_cols)
{
- global $CONFIG;
+ global $RCMAIL;
$skin_path = $_SESSION['skin_path'];
$image_tag = html::img(array('src' => "%s%s", 'alt' => "%s"));
@@ -349,8 +383,18 @@
$sort_col = $_SESSION['sort_col'];
$sort_order = $_SESSION['sort_order'];
+ $dont_override = (array)$RCMAIL->config->get('dont_override');
+ $disabled_sort = in_array('message_sort_col', $dont_override);
+ $disabled_order = in_array('message_sort_order', $dont_override);
+
+ $RCMAIL->output->set_env('disabled_sort_col', $disabled_sort);
+ $RCMAIL->output->set_env('disabled_sort_order', $disabled_order);
+
// define sortable columns
- $a_sort_cols = array('subject', 'date', 'from', 'to', 'size', 'cc');
+ if ($disabled_sort)
+ $a_sort_cols = $sort_col && !$disabled_order ? array($sort_col) : array();
+ else
+ $a_sort_cols = array('subject', 'date', 'from', 'to', 'fromto', 'size', 'cc');
if (!empty($attrib['optionsmenuicon'])) {
$onclick = 'return ' . JS_OBJECT_NAME . ".command('menu-open', 'messagelistmenu')";
@@ -368,6 +412,11 @@
$cells = array();
+ // get name of smart From/To column in folder context
+ if (($f = array_search('fromto', $a_show_cols)) !== false) {
+ $smart_col = rcmail_message_list_smart_column_name();
+ }
+
foreach ($a_show_cols as $col) {
// get column name
switch ($col) {
@@ -375,11 +424,15 @@
$col_name = '<span class="flagged"> </span>';
break;
case 'attachment':
+ case 'priority':
case 'status':
$col_name = '<span class="' . $col .'"> </span>';
break;
case 'threads':
$col_name = $list_menu;
+ break;
+ case 'fromto':
+ $col_name = Q(rcube_label($smart_col));
break;
default:
$col_name = Q(rcube_label($col));
@@ -388,8 +441,10 @@
// make sort links
if (in_array($col, $a_sort_cols))
$col_name = html::a(array('href'=>"./#sort", 'onclick' => 'return '.JS_OBJECT_NAME.".command('sort','".$col."',this)", 'title' => rcube_label('sortby')), $col_name);
+ else if ($col_name[0] != '<')
+ $col_name = '<span class="' . $col .'">' . $col_name . '</span>';
- $sort_class = $col == $sort_col ? " sorted$sort_order" : '';
+ $sort_class = $col == $sort_col && !$disabled_order ? " sorted$sort_order" : '';
$class_name = $col.$sort_class;
// put it all together
@@ -404,7 +459,7 @@
* return an HTML iframe for loading mail content
*/
function rcmail_messagecontent_frame($attrib)
- {
+{
global $OUTPUT, $RCMAIL;
if (empty($attrib['id']))
@@ -414,115 +469,53 @@
if ($RCMAIL->config->get('preview_pane'))
$OUTPUT->set_env('contentframe', $attrib['id']);
- $OUTPUT->set_env('blankpage', $attrib['src'] ? $OUTPUT->abs_url($attrib['src']) : 'program/blank.gif');
+ $OUTPUT->set_env('blankpage', $attrib['src'] ? $OUTPUT->abs_url($attrib['src']) : 'program/resources/blank.gif');
- return html::iframe($attrib);
- }
+ return $OUTPUT->frame($attrib, true);
+}
function rcmail_messagecount_display($attrib)
- {
- global $IMAP, $OUTPUT;
+{
+ global $RCMAIL;
if (!$attrib['id'])
$attrib['id'] = 'rcmcountdisplay';
- $OUTPUT->add_gui_object('countdisplay', $attrib['id']);
+ $RCMAIL->output->add_gui_object('countdisplay', $attrib['id']);
- return html::span($attrib, rcmail_get_messagecount_text());
- }
+ $content = $RCMAIL->action != 'show' ? rcmail_get_messagecount_text() : rcube_label('loading');
-
-function rcmail_quota_display($attrib)
- {
- global $OUTPUT;
-
- if (!$attrib['id'])
- $attrib['id'] = 'rcmquotadisplay';
-
- if(isset($attrib['display']))
- $_SESSION['quota_display'] = $attrib['display'];
-
- $OUTPUT->add_gui_object('quotadisplay', $attrib['id']);
-
- $quota = rcmail_quota_content($attrib);
-
- $OUTPUT->add_script('$(document).ready(function(){
- rcmail.set_quota('.json_serialize($quota).')});', 'foot');
-
- return html::span($attrib, '');
- }
-
-
-function rcmail_quota_content($attrib=NULL)
- {
- global $COMM_PATH, $RCMAIL;
-
- $quota = $RCMAIL->imap->get_quota();
- $quota = $RCMAIL->plugins->exec_hook('quota', $quota);
-
- $quota_result = (array) $quota;
- $quota_result['type'] = isset($_SESSION['quota_display']) ? $_SESSION['quota_display'] : '';
-
- if (!$quota['total'] && $RCMAIL->config->get('quota_zero_as_unlimited')) {
- $quota_result['title'] = rcube_label('unlimited');
- $quota_result['percent'] = 0;
- }
- else if ($quota['total']) {
- if (!isset($quota['percent']))
- $quota_result['percent'] = min(100, round(($quota['used']/max(1,$quota['total']))*100));
-
- $title = sprintf('%s / %s (%.0f%%)',
- show_bytes($quota['used'] * 1024), show_bytes($quota['total'] * 1024),
- $quota_result['percent']);
-
- $quota_result['title'] = $title;
-
- if ($attrib['width'])
- $quota_result['width'] = $attrib['width'];
- if ($attrib['height'])
- $quota_result['height'] = $attrib['height'];
- }
- else {
- $quota_result['title'] = rcube_label('unknown');
- $quota_result['percent'] = 0;
- }
-
- return $quota_result;
- }
+ return html::span($attrib, $content);
+}
function rcmail_get_messagecount_text($count=NULL, $page=NULL)
- {
- global $RCMAIL, $IMAP, $MESSAGE;
+{
+ global $RCMAIL;
- if (isset($MESSAGE->index))
- {
- return rcube_label(array('name' => 'messagenrof',
- 'vars' => array('nr' => $MESSAGE->index+1,
- 'count' => $count!==NULL ? $count : $IMAP->messagecount(NULL, 'ALL')))); // Only messages, no threads here
- }
+ if ($page === NULL) {
+ $page = $RCMAIL->storage->get_page();
+ }
- if ($page===NULL)
- $page = $IMAP->list_page;
-
- $start_msg = ($page-1) * $IMAP->page_size + 1;
+ $page_size = $RCMAIL->storage->get_pagesize();
+ $start_msg = ($page-1) * $page_size + 1;
if ($count!==NULL)
$max = $count;
else if ($RCMAIL->action)
- $max = $IMAP->messagecount(NULL, $IMAP->threading ? 'THREADS' : 'ALL');
+ $max = $RCMAIL->storage->count(NULL, $RCMAIL->storage->get_threading() ? 'THREADS' : 'ALL');
if ($max==0)
$out = rcube_label('mailboxempty');
else
- $out = rcube_label(array('name' => $IMAP->threading ? 'threadsfromto' : 'messagesfromto',
+ $out = rcube_label(array('name' => $RCMAIL->storage->get_threading() ? 'threadsfromto' : 'messagesfromto',
'vars' => array('from' => $start_msg,
- 'to' => min($max, $start_msg + $IMAP->page_size - 1),
+ 'to' => min($max, $start_msg + $page_size - 1),
'count' => $max)));
return Q($out);
- }
+}
function rcmail_mailbox_name_display($attrib)
@@ -541,28 +534,49 @@
function rcmail_get_mailbox_name_text()
{
global $RCMAIL;
- return rcmail_localize_foldername($RCMAIL->imap->get_mailbox_name());
+ return rcmail_localize_foldername($RCMAIL->storage->get_folder());
}
-function rcmail_send_unread_count($mbox_name, $force=false, $count=null)
+function rcmail_send_unread_count($mbox_name, $force=false, $count=null, $mark='')
{
global $RCMAIL;
- $old_unseen = $_SESSION['unseen_count'][$mbox_name];
+ $old_unseen = rcmail_get_unseen_count($mbox_name);
if ($count === null)
- $unseen = $RCMAIL->imap->messagecount($mbox_name, 'UNSEEN', $force);
+ $unseen = $RCMAIL->storage->count($mbox_name, 'UNSEEN', $force);
else
$unseen = $count;
if ($unseen != $old_unseen || ($mbox_name == 'INBOX'))
- $RCMAIL->output->command('set_unread_count', $mbox_name, $unseen, ($mbox_name == 'INBOX'));
+ $RCMAIL->output->command('set_unread_count', $mbox_name, $unseen,
+ ($mbox_name == 'INBOX'), $unseen && $mark ? $mark : '');
- // @TODO: this data is doubled (session and cache tables) if caching is enabled
- $_SESSION['unseen_count'][$mbox_name] = $unseen;
+ rcmail_set_unseen_count($mbox_name, $unseen);
return $unseen;
+}
+
+
+function rcmail_set_unseen_count($mbox_name, $count)
+{
+ // @TODO: this data is doubled (session and cache tables) if caching is enabled
+
+ // Make sure we have an array here (#1487066)
+ if (!is_array($_SESSION['unseen_count']))
+ $_SESSION['unseen_count'] = array();
+
+ $_SESSION['unseen_count'][$mbox_name] = $count;
+}
+
+
+function rcmail_get_unseen_count($mbox_name)
+{
+ if (is_array($_SESSION['unseen_count']) && array_key_exists($mbox_name, $_SESSION['unseen_count']))
+ return $_SESSION['unseen_count'][$mbox_name];
+ else
+ return null;
}
@@ -575,21 +589,26 @@
{
global $RCMAIL;
- $show_images = $RCMAIL->config->get('show_images');
if (!$message->is_safe
- && !empty($show_images)
- && $message->has_html_part())
- {
- switch($show_images) {
- case '1': // known senders only
- $CONTACTS = new rcube_contacts($RCMAIL->db, $_SESSION['user_id']);
- if ($CONTACTS->search('email', $message->sender['mailto'], true, false)->count) {
- $message->set_safe(true);
+ && ($show_images = $RCMAIL->config->get('show_images'))
+ && $message->has_html_part()
+ ) {
+ switch ($show_images) {
+ case 1: // known senders only
+ // get default addressbook, like in addcontact.inc
+ $CONTACTS = $RCMAIL->get_address_book(-1, true);
+
+ if ($CONTACTS) {
+ $result = $CONTACTS->search('email', $message->sender['mailto'], 1, false);
+ if ($result->count) {
+ $message->set_safe(true);
+ }
}
- break;
- case '2': // always
+ break;
+
+ case 2: // always
$message->set_safe(true);
- break;
+ break;
}
}
}
@@ -603,65 +622,30 @@
* @param array CID map replaces (inline images)
* @return string Clean HTML
*/
-function rcmail_wash_html($html, $p = array(), $cid_replaces)
+function rcmail_wash_html($html, $p, $cid_replaces)
{
global $REMOTE_OBJECTS;
$p += array('safe' => false, 'inline_html' => true);
- // special replacements (not properly handled by washtml class)
- $html_search = array(
- '/(<\/nobr>)(\s+)(<nobr>)/i', // space(s) between <NOBR>
- '/<title[^>]*>.*<\/title>/i', // PHP bug #32547 workaround: remove title tag
- '/^(\0\0\xFE\xFF|\xFF\xFE\0\0|\xFE\xFF|\xFF\xFE|\xEF\xBB\xBF)/', // byte-order mark (only outlook?)
- '/<html\s[^>]+>/i', // washtml/DOMDocument cannot handle xml namespaces
- );
- $html_replace = array(
- '\\1'.' '.'\\3',
- '',
- '',
- '<html>',
- );
- $html = preg_replace($html_search, $html_replace, $html);
+ // charset was converted to UTF-8 in rcube_storage::get_message_part(),
+ // change/add charset specification in HTML accordingly,
+ // washtml cannot work without that
+ $meta = '<meta http-equiv="Content-Type" content="text/html; charset='.RCMAIL_CHARSET.'" />';
- // PCRE errors handling (#1486856), should we use something like for every preg_* use?
- if ($html === null && ($preg_error = preg_last_error()) != PREG_NO_ERROR) {
- $errstr = "Could not clean up HTML message! PCRE Error: $preg_error.";
-
- if ($preg_error == PREG_BACKTRACK_LIMIT_ERROR)
- $errstr .= " Consider raising pcre.backtrack_limit!";
- if ($preg_error == PREG_RECURSION_LIMIT_ERROR)
- $errstr .= " Consider raising pcre.recursion_limit!";
-
- raise_error(array('code' => 600, 'type' => 'php',
- 'line' => __LINE__, 'file' => __FILE__,
- 'message' => $errstr), true, false);
- return '';
+ // remove old meta tag and add the new one, making sure
+ // that it is placed in the head (#1488093)
+ $html = preg_replace('/<meta[^>]+charset=[a-z0-9-_]+[^>]*>/Ui', '', $html);
+ $html = preg_replace('/(<head[^>]*>)/Ui', '\\1'.$meta, $html, -1, $rcount);
+ if (!$rcount) {
+ $html = '<head>' . $meta . '</head>' . $html;
}
-
- // fix (unknown/malformed) HTML tags before "wash"
- $html = preg_replace_callback('/(<[\/]*)([^\s>]+)/', 'rcmail_html_tag_callback', $html);
-
- // charset was converted to UTF-8 in rcube_imap::get_message_part(),
- // -> change charset specification in HTML accordingly
- $charset_pattern = '(<meta\s+[^>]*content=)[\'"]?(\w+\/\w+;\s*charset=)([a-z0-9-_]+[\'"]?)';
- if (preg_match("/$charset_pattern/Ui", $html)) {
- $html = preg_replace("/$charset_pattern/i", '\\1"\\2'.RCMAIL_CHARSET.'"', $html);
- }
- else {
- // add meta content-type to malformed messages, washtml cannot work without that
- if (!preg_match('/<head[^>]*>(.*)<\/head>/Uims', $html))
- $html = '<head></head>'. $html;
- $html = substr_replace($html, '<meta http-equiv="Content-Type" content="text/html; charset='.RCMAIL_CHARSET.'" />', intval(stripos($html, '<head>')+6), 0);
- }
- // turn relative into absolute urls
- $html = rcmail_resolve_base($html);
// clean HTML with washhtml by Frederic Motte
$wash_opts = array(
'show_washed' => false,
'allow_remote' => $p['safe'],
- 'blocked_src' => "./program/blocked.gif",
+ 'blocked_src' => "./program/resources/blocked.gif",
'charset' => RCMAIL_CHARSET,
'cid_map' => $cid_replaces,
'html_elements' => array('body'),
@@ -682,7 +666,7 @@
$wash_opts['html_attribs'] = $p['html_attribs'];
// initialize HTML washer
- $washer = new washtml($wash_opts);
+ $washer = new rcube_washtml($wash_opts);
if (!$p['skip_washer_form_callback'])
$washer->add_callback('form', 'rcmail_washtml_callback');
@@ -690,6 +674,9 @@
// allow CSS styles, will be sanitized by rcmail_washtml_callback()
if (!$p['skip_washer_style_callback'])
$washer->add_callback('style', 'rcmail_washtml_callback');
+
+ // Remove non-UTF8 characters (#1487813)
+ $html = rc_utf8_clean($html);
$html = $washer->wash($html);
$REMOTE_OBJECTS = $washer->extlinks;
@@ -712,11 +699,12 @@
// trigger plugin hook
$data = $RCMAIL->plugins->exec_hook('message_part_before',
- array('type' => $part->ctype_secondary, 'body' => $part->body) + $p + array('safe' => false, 'plain' => false, 'inline_html' => true));
+ array('type' => $part->ctype_secondary, 'body' => $part->body, 'id' => $part->mime_id)
+ + $p + array('safe' => false, 'plain' => false, 'inline_html' => true));
// convert html to text/plain
if ($data['type'] == 'html' && $data['plain']) {
- $txt = new html2text($data['body'], false, true);
+ $txt = new rcube_html2text($data['body'], false, true);
$body = $txt->get_text();
$part->ctype_secondary = 'plain';
}
@@ -727,9 +715,9 @@
}
// text/enriched
else if ($data['type'] == 'enriched') {
+ $body = rcube_enriched::to_html($data['body']);
+ $body = rcmail_wash_html($body, $data, $part->replaces);
$part->ctype_secondary = 'html';
- require_once('lib/enriched.inc');
- $body = Q(enriched_to_html($data['body']), 'show');
}
else {
// assert plaintext
@@ -745,7 +733,8 @@
$body = rcmail_plain_body($body, $part->ctype_parameters['format'] == 'flowed');
// allow post-processing of the message body
- $data = $RCMAIL->plugins->exec_hook('message_part_after', array('type' => $part->ctype_secondary, 'body' => $body) + $data);
+ $data = $RCMAIL->plugins->exec_hook('message_part_after',
+ array('type' => $part->ctype_secondary, 'body' => $body, 'id' => $part->mime_id) + $data);
return $data['type'] == 'html' ? $data['body'] : html::tag('pre', array(), $data['body']);
}
@@ -764,79 +753,87 @@
global $RCMAIL;
// make links and email-addresses clickable
- $replacer = new rcube_string_replacer;
+ $replacer = new rcmail_string_replacer;
- // search for patterns like links and e-mail addresses
- $body = preg_replace_callback($replacer->link_pattern, array($replacer, 'link_callback'), $body);
- $body = preg_replace_callback($replacer->mailto_pattern, array($replacer, 'mailto_callback'), $body);
+ // search for patterns like links and e-mail addresses and replace with tokens
+ $body = $replacer->replace($body);
// split body into single lines
- $a_lines = preg_split('/\r?\n/', $body);
+ $body = preg_split('/\r?\n/', $body);
$quote_level = 0;
$last = -1;
// find/mark quoted lines...
- for ($n=0, $cnt=count($a_lines); $n < $cnt; $n++) {
- if ($a_lines[$n][0] == '>' && preg_match('/^(>+\s*)+/', $a_lines[$n], $regs)) {
- $q = strlen(preg_replace('/\s/', '', $regs[0]));
- $a_lines[$n] = substr($a_lines[$n], strlen($regs[0]));
+ for ($n=0, $cnt=count($body); $n < $cnt; $n++) {
+ if ($body[$n][0] == '>' && preg_match('/^(>+ {0,1})+/', $body[$n], $regs)) {
+ $q = substr_count($regs[0], '>');
+ $body[$n] = substr($body[$n], strlen($regs[0]));
- if ($q > $quote_level)
- $a_lines[$n] = $replacer->get_replacement($replacer->add(
- str_repeat('<blockquote>', $q - $quote_level))) . $a_lines[$n];
- else if ($q < $quote_level)
- $a_lines[$n] = $replacer->get_replacement($replacer->add(
- str_repeat('</blockquote>', $quote_level - $q))) . $a_lines[$n];
+ if ($q > $quote_level) {
+ $body[$n] = $replacer->get_replacement($replacer->add(
+ str_repeat('<blockquote>', $q - $quote_level))) . $body[$n];
+ $last = $n;
+ }
+ else if ($q < $quote_level) {
+ $body[$n] = $replacer->get_replacement($replacer->add(
+ str_repeat('</blockquote>', $quote_level - $q))) . $body[$n];
+ $last = $n;
+ }
else if ($flowed) {
// previous line is flowed
- if (isset($a_lines[$last]) && $a_lines[$n]
- && $a_lines[$last][strlen($a_lines[$last])-1] == ' ') {
+ if (isset($body[$last]) && $body[$n]
+ && $body[$last][strlen($body[$last])-1] == ' ') {
// merge lines
- $a_lines[$last] .= $a_lines[$n];
- unset($a_lines[$n]);
+ $body[$last] .= $body[$n];
+ unset($body[$n]);
}
- else
+ else {
$last = $n;
+ }
}
}
else {
$q = 0;
if ($flowed) {
// sig separator - line is fixed
- if ($a_lines[$n] == '-- ') {
- $last = $n;
+ if ($body[$n] == '-- ') {
+ $last = $last_sig = $n;
}
else {
// remove space-stuffing
- if ($a_lines[$n][0] == ' ')
- $a_lines[$n] = substr($a_lines[$n], 1);
+ if ($body[$n][0] == ' ')
+ $body[$n] = substr($body[$n], 1);
// previous line is flowed?
- if (isset($a_lines[$last]) && $a_lines[$n]
- && $a_lines[$last] != '-- '
- && $a_lines[$last][strlen($a_lines[$last])-1] == ' '
+ if (isset($body[$last]) && $body[$n]
+ && $last !== $last_sig
+ && $body[$last][strlen($body[$last])-1] == ' '
) {
- $a_lines[$last] .= $a_lines[$n];
- unset($a_lines[$n]);
+ $body[$last] .= $body[$n];
+ unset($body[$n]);
}
else {
$last = $n;
}
}
if ($quote_level > 0)
- $a_lines[$last] = $replacer->get_replacement($replacer->add(
- str_repeat('</blockquote>', $quote_level))) . $a_lines[$last];
+ $body[$last] = $replacer->get_replacement($replacer->add(
+ str_repeat('</blockquote>', $quote_level))) . $body[$last];
}
else if ($quote_level > 0)
- $a_lines[$n] = $replacer->get_replacement($replacer->add(
- str_repeat('</blockquote>', $quote_level))) . $a_lines[$n];
+ $body[$n] = $replacer->get_replacement($replacer->add(
+ str_repeat('</blockquote>', $quote_level))) . $body[$n];
}
$quote_level = $q;
}
- // quote plain text
- $body = Q(join("\n", $a_lines), 'dummy', false);
+ $body = join("\n", $body);
+
+ // quote plain text (don't use Q() here, to display entities "as is")
+ $table = get_html_translation_table(HTML_SPECIALCHARS);
+ unset($table['?']);
+ $body = strtr($body, $table);
// colorize signature (up to <sig_max_lines> lines)
$len = strlen($body);
@@ -861,7 +858,7 @@
/**
* Callback function for washtml cleaning class
*/
-function rcmail_washtml_callback($tagname, $attrib, $content)
+function rcmail_washtml_callback($tagname, $attrib, $content, $washtml)
{
switch ($tagname) {
case 'form':
@@ -870,11 +867,14 @@
case 'style':
// decode all escaped entities and reduce to ascii strings
- $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entity_decode($content));
+ $stripped = preg_replace('/[^a-zA-Z\(:;]/', '', rcmail_xss_entity_decode($content));
// now check for evil strings like expression, behavior or url()
- if (!preg_match('/expression|behavior|url\(|import/', $stripped)) {
- $out = html::tag('style', array('type' => 'text/css'), $content);
+ if (!preg_match('/expression|behavior|javascript:|import[^a]/i', $stripped)) {
+ if (!$washtml->get_config('allow_remote') && stripos($stripped, 'url('))
+ $washtml->extlinks = true;
+ else
+ $out = html::tag('style', array('type' => 'text/css'), $content);
break;
}
@@ -887,31 +887,15 @@
/**
- * Callback function for HTML tags fixing
- */
-function rcmail_html_tag_callback($matches)
-{
- $tagname = $matches[2];
-
- $tagname = preg_replace(array(
- '/:.*$/', // Microsoft's Smart Tags <st1:xxxx>
- '/[^a-z0-9_\[\]\!-]/i', // forbidden characters
- ), '', $tagname);
-
- return $matches[1].$tagname;
-}
-
-
-/**
* return table with message headers
*/
-function rcmail_message_headers($attrib, $headers=NULL)
- {
- global $IMAP, $OUTPUT, $MESSAGE, $PRINT_MODE, $RCMAIL;
+function rcmail_message_headers($attrib, $headers=null)
+{
+ global $OUTPUT, $MESSAGE, $PRINT_MODE, $RCMAIL;
static $sa_attrib;
// keep header table attrib
- if (is_array($attrib) && !$sa_attrib)
+ if (is_array($attrib) && !$sa_attrib && !$attrib['valueof'])
$sa_attrib = $attrib;
else if (!is_array($attrib) && is_array($sa_attrib))
$attrib = $sa_attrib;
@@ -920,21 +904,38 @@
return FALSE;
// get associative array of headers object
- if (!$headers)
- $headers = is_object($MESSAGE->headers) ? get_object_vars($MESSAGE->headers) : $MESSAGE->headers;
+ if (!$headers) {
+ $headers_obj = $MESSAGE->headers;
+ $headers = get_object_vars($MESSAGE->headers);
+ }
+ else if (is_object($headers)) {
+ $headers_obj = $headers;
+ $headers = get_object_vars($headers_obj);
+ }
+ else {
+ $headers_obj = rcube_message_header::from_array($headers);
+ }
// show these headers
- $standard_headers = array('subject', 'from', 'to', 'cc', 'bcc', 'replyto',
- 'mail-reply-to', 'mail-followup-to', 'date');
+ $standard_headers = array('subject', 'from', 'sender', 'to', 'cc', 'bcc', 'replyto',
+ 'mail-reply-to', 'mail-followup-to', 'date', 'priority');
+ $exclude_headers = $attrib['exclude'] ? explode(',', $attrib['exclude']) : array();
$output_headers = array();
foreach ($standard_headers as $hkey) {
+ $ishtml = false;
+
if ($headers[$hkey])
$value = $headers[$hkey];
else if ($headers['others'][$hkey])
$value = $headers['others'][$hkey];
- else
+ else if (!$attrib['valueof'])
continue;
+
+ if (in_array($hkey, $exclude_headers))
+ continue;
+
+ $header_title = rcube_label(preg_replace('/(^mail-|-)/', '', $hkey));
if ($hkey == 'date') {
if ($PRINT_MODE)
@@ -942,53 +943,112 @@
else
$header_value = format_date($value);
}
+ else if ($hkey == 'priority') {
+ if ($value) {
+ $header_value = html::span('prio' . $value, rcmail_localized_priority($value));
+ }
+ else
+ continue;
+ }
else if ($hkey == 'replyto') {
- if ($headers['replyto'] != $headers['from'])
- $header_value = rcmail_address_string($value, null, true, $attrib['addicon']);
+ if ($headers['replyto'] != $headers['from']) {
+ $header_value = rcmail_address_string($value, $attrib['max'], true, $attrib['addicon'], $headers['charset'], $header_title);
+ $ishtml = true;
+ }
else
continue;
}
else if ($hkey == 'mail-reply-to') {
if ($headers['mail-replyto'] != $headers['reply-to']
&& $headers['reply-to'] != $headers['from']
- )
- $header_value = rcmail_address_string($value, null, true, $attrib['addicon']);
+ ) {
+ $header_value = rcmail_address_string($value, $attrib['max'], true, $attrib['addicon'], $headers['charset'], $header_title);
+ $ishtml = true;
+ }
+ else
+ continue;
+ }
+ else if ($hkey == 'sender') {
+ if ($headers['sender'] != $headers['from']) {
+ $header_value = rcmail_address_string($value, $attrib['max'], true, $attrib['addicon'], $headers['charset'], $header_title);
+ $ishtml = true;
+ }
else
continue;
}
else if ($hkey == 'mail-followup-to') {
- $header_value = rcmail_address_string($value, null, true, $attrib['addicon']);
+ $header_value = rcmail_address_string($value, $attrib['max'], true, $attrib['addicon'], $headers['charset'], $header_title);
+ $ishtml = true;
}
- else if (in_array($hkey, array('from', 'to', 'cc', 'bcc')))
- $header_value = rcmail_address_string($value, null, true, $attrib['addicon']);
+ else if (in_array($hkey, array('from', 'to', 'cc', 'bcc'))) {
+ $header_value = rcmail_address_string($value, $attrib['max'], true, $attrib['addicon'], $headers['charset'], $header_title);
+ $ishtml = true;
+ }
else if ($hkey == 'subject' && empty($value))
$header_value = rcube_label('nosubject');
else
- $header_value = trim($IMAP->decode_header($value));
+ $header_value = trim(rcube_mime::decode_header($value, $headers['charset']));
- $output_headers[$hkey] = array('title' => rcube_label($hkey), 'value' => $header_value, 'raw' => $value);
+ $output_headers[$hkey] = array(
+ 'title' => $header_title,
+ 'value' => $header_value,
+ 'raw' => $value,
+ 'html' => $ishtml,
+ );
}
- $plugin = $RCMAIL->plugins->exec_hook('message_headers_output', array('output' => $output_headers, 'headers' => $MESSAGE->headers));
+ $plugin = $RCMAIL->plugins->exec_hook('message_headers_output',
+ array('output' => $output_headers, 'headers' => $headers_obj, 'exclude' => $exclude_headers));
+
+ // single header value is requested
+ if (!empty($attrib['valueof']))
+ return Q($plugin['output'][$attrib['valueof']]['value'], ($attrib['valueof'] == 'subject' ? 'strict' : 'show'));
// compose html table
$table = new html_table(array('cols' => 2));
foreach ($plugin['output'] as $hkey => $row) {
$table->add(array('class' => 'header-title'), Q($row['title']));
- $table->add(array('class' => $hkey, 'width' => "90%"), Q($row['value'], ($hkey == 'subject' ? 'strict' : 'show')));
+ $table->add(array('class' => 'header '.$hkey), $row['html'] ? $row['value'] : Q($row['value'], ($hkey == 'subject' ? 'strict' : 'show')));
}
- // all headers division
- $table->add(array('colspan' => 2, 'class' => "more-headers show-headers", 'onclick' => "return ".JS_OBJECT_NAME.".command('load-headers','',this)"), '');
- $table->add_row(array('id' => "all-headers"));
- $table->add(array('colspan' => 2, 'class' => "all"), html::div(array('id' => 'headers-source'), ''));
-
+ return $table->show($attrib);
+}
+
+/**
+ * Convert Priority header value into a localized string
+ */
+function rcmail_localized_priority($value)
+{
+ $labels_map = array(
+ '1' => 'highest',
+ '2' => 'high',
+ '3' => 'normal',
+ '4' => 'low',
+ '5' => 'lowest',
+ );
+
+ if ($value && $labels_map[$value])
+ return rcube_label($labels_map[$value]);
+
+ return '';
+}
+
+/**
+ * return block to show full message headers
+ */
+function rcmail_message_full_headers($attrib, $headers=NULL)
+{
+ global $OUTPUT;
+
+ $html = html::div(array('id' => "all-headers", 'class' => "all", 'style' => 'display:none'), html::div(array('id' => 'headers-source'), ''));
+ $html .= html::div(array('class' => "more-headers show-headers", 'onclick' => "return ".JS_OBJECT_NAME.".command('show-headers','',this)", 'title' => rcube_label('togglefullheaders')), '');
+
$OUTPUT->add_gui_object('all_headers_row', 'all-headers');
$OUTPUT->add_gui_object('all_headers_box', 'headers-source');
- return $table->show($attrib);
- }
+ return html::div($attrib, $html);
+}
/**
@@ -998,8 +1058,8 @@
* @return string HTML content showing the message body
*/
function rcmail_message_body($attrib)
- {
- global $CONFIG, $OUTPUT, $MESSAGE, $IMAP, $RCMAIL, $REMOTE_OBJECTS;
+{
+ global $CONFIG, $OUTPUT, $MESSAGE, $RCMAIL, $REMOTE_OBJECTS;
if (!is_array($MESSAGE->parts) && empty($MESSAGE->body))
return '';
@@ -1015,20 +1075,46 @@
if (preg_match('/^headertable([a-z]+)$/i', $attr, $regs))
$header_attrib[$regs[1]] = $value;
- if (!empty($MESSAGE->parts))
- {
- foreach ($MESSAGE->parts as $i => $part)
- {
- if ($part->type == 'headers')
- $out .= rcmail_message_headers(sizeof($header_attrib) ? $header_attrib : NULL, $part->headers);
- else if ($part->type == 'content' && $part->size)
- {
+ if (!empty($MESSAGE->parts)) {
+ foreach ($MESSAGE->parts as $i => $part) {
+ if ($part->type == 'headers') {
+ $out .= html::div('message-partheaders', rcmail_message_headers(sizeof($header_attrib) ? $header_attrib : null, $part->headers));
+ }
+ else if ($part->type == 'content') {
+ // unsupported (e.g. encrypted)
+ if ($part->realtype) {
+ if ($part->realtype == 'multipart/encrypted' || $part->realtype == 'application/pkcs7-mime') {
+ $out .= html::span('part-notice', rcube_label('encryptedmessage'));
+ }
+ continue;
+ }
+ else if (!$part->size) {
+ continue;
+ }
+ // Check if we have enough memory to handle the message in it
+ // #1487424: we need up to 10x more memory than the body
+ else if (!rcmail_mem_check($part->size * 10)) {
+ $out .= html::span('part-notice', rcube_label('messagetoobig'). ' '
+ . html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part='.$part->mime_id
+ .'&_mbox='. urlencode($RCMAIL->storage->get_folder()), rcube_label('download')));
+ continue;
+ }
+
if (empty($part->ctype_parameters) || empty($part->ctype_parameters['charset']))
$part->ctype_parameters['charset'] = $MESSAGE->headers->charset;
// fetch part if not available
if (!isset($part->body))
$part->body = $MESSAGE->get_part_content($part->mime_id);
+
+ // extract headers from message/rfc822 parts
+ if ($part->mimetype == 'message/rfc822') {
+ $msgpart = rcube_mime::parse_message($part->body);
+ if (!empty($msgpart->headers)) {
+ $part = $msgpart;
+ $out .= html::div('message-partheaders', rcmail_message_headers(sizeof($header_attrib) ? $header_attrib : null, $part->headers));
+ }
+ }
// message is cached but not exists (#1485443), or other error
if ($part->body === false) {
@@ -1041,7 +1127,7 @@
$body = rcmail_print_body($part, array('safe' => $safe_mode, 'plain' => !$CONFIG['prefer_html']));
if ($part->ctype_secondary == 'html') {
- $body = rcmail_html4inline($body, $attrib['id'], 'rcmBody', $attrs);
+ $body = rcmail_html4inline($body, $attrib['id'], 'rcmBody', $attrs, $safe_mode);
$div_attr = array('class' => 'message-htmlpart');
$style = array();
@@ -1056,40 +1142,80 @@
}
else
$out .= html::div('message-part', $plugin['prefix'] . $body);
- }
}
}
+ }
else {
- $plugin = $RCMAIL->plugins->exec_hook('message_body_prefix', array(
- 'part' => $MESSAGE, 'prefix' => ''));
-
- $out .= html::div('message-part', $plugin['prefix'] . html::tag('pre', array(),
- rcmail_plain_body(Q($MESSAGE->body, 'strict', false))));
+ // Check if we have enough memory to handle the message in it
+ // #1487424: we need up to 10x more memory than the body
+ if (!rcmail_mem_check(strlen($MESSAGE->body) * 10)) {
+ $out .= html::span('part-notice', rcube_label('messagetoobig'). ' '
+ . html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part=0'
+ .'&_mbox='. urlencode($RCMAIL->storage->get_folder()), rcube_label('download')));
}
+ else {
+ $plugin = $RCMAIL->plugins->exec_hook('message_body_prefix', array(
+ 'part' => $MESSAGE, 'prefix' => ''));
- $ctype_primary = strtolower($MESSAGE->structure->ctype_primary);
- $ctype_secondary = strtolower($MESSAGE->structure->ctype_secondary);
+ $out .= html::div('message-part', $plugin['prefix'] . html::tag('pre', array(),
+ rcmail_plain_body(Q($MESSAGE->body, 'strict', false))));
+ }
+ }
// list images after mail body
- if ($CONFIG['inline_images']
- && $ctype_primary == 'multipart'
- && !empty($MESSAGE->attachments))
- {
+ if ($RCMAIL->config->get('inline_images', true) && !empty($MESSAGE->attachments)) {
+ $thumbnail_size = $RCMAIL->config->get('image_thumbnail_size', 240);
+ $client_mimetypes = (array)$RCMAIL->config->get('client_mimetypes');
+
foreach ($MESSAGE->attachments as $attach_prop) {
+ // skip inline images
+ if ($attach_prop->content_id && $attach_prop->disposition == 'inline') {
+ continue;
+ }
+
// Content-Type: image/*...
- if (preg_match('/^image\//i', $attach_prop->mimetype) ||
- // ...or known file extension: many clients are using application/octet-stream
- ($attach_prop->filename &&
- preg_match('/^application\/octet-stream$/i', $attach_prop->mimetype) &&
- preg_match('/\.(jpg|jpeg|png|gif|bmp)$/i', $attach_prop->filename))
- ) {
- $out .= html::tag('hr') . html::p(array('align' => "center"),
- html::img(array(
- 'src' => $MESSAGE->get_part_url($attach_prop->mime_id),
- 'title' => $attach_prop->filename,
- 'alt' => $attach_prop->filename,
- )));
+ if ($mimetype = rcmail_part_image_type($attach_prop)) {
+ // display thumbnails
+ if ($thumbnail_size) {
+ $show_link = array(
+ 'href' => $MESSAGE->get_part_url($attach_prop->mime_id, false),
+ 'onclick' => sprintf(
+ 'return %s.command(\'load-attachment\',{part:\'%s\', mimetype:\'%s\'},this)',
+ JS_OBJECT_NAME,
+ $attach_prop->mime_id,
+ $mimetype)
+ );
+ $out .= html::p('image-attachment',
+ html::a($show_link + array('class' => 'image-link', 'style' => sprintf('width:%dpx', $thumbnail_size)),
+ html::img(array(
+ 'class' => 'image-thumbnail',
+ 'src' => $MESSAGE->get_part_url($attach_prop->mime_id, 'image') . '&_thumb=1',
+ 'title' => $attach_prop->filename,
+ 'alt' => $attach_prop->filename,
+ 'style' => sprintf('max-width:%dpx; max-height:%dpx', $thumbnail_size, $thumbnail_size),
+ ))
+ ) .
+ html::span('image-filename', Q($attach_prop->filename)) .
+ html::span('image-filesize', Q($RCMAIL->message_part_size($attach_prop))) .
+ html::span('attachment-links',
+ (in_array($mimetype, $client_mimetypes) ? html::a($show_link, rcube_label('showattachment')) . ' ' : '') .
+ html::a($show_link['href'] . '&_download=1', rcube_label('download'))
+ ) .
+ html::br(array('style' => 'clear:both'))
+ );
}
+ else {
+ $out .= html::tag('fieldset', 'image-attachment',
+ html::tag('legend', 'image-filename', Q($attach_prop->filename)) .
+ html::p(array('align' => "center"),
+ html::img(array(
+ 'src' => $MESSAGE->get_part_url($attach_prop->mime_id, 'image'),
+ 'title' => $attach_prop->filename,
+ 'alt' => $attach_prop->filename,
+ )))
+ );
+ }
+ }
}
}
@@ -1098,52 +1224,77 @@
$OUTPUT->set_env('blockedobjects', true);
return html::div($attrib, $out);
- }
-
-
-/**
- * Convert all relative URLs according to a <base> in HTML
- */
-function rcmail_resolve_base($body)
-{
- // check for <base href=...>
- if (preg_match('!(<base.*href=["\']?)([hftps]{3,5}://[a-z0-9/.%-]+)!i', $body, $regs)) {
- $replacer = new rcube_base_replacer($regs[2]);
-
- // replace all relative paths
- $body = preg_replace_callback('/(src|background|href)=(["\']?)([\.\/]+[^"\'\s]+)(\2|\s|>)/Ui', array($replacer, 'callback'), $body);
- $body = preg_replace_callback('/(url\s*\()(["\']?)([\.\/]+[^"\'\)\s]+)(\2)\)/Ui', array($replacer, 'callback'), $body);
- }
-
- return $body;
}
+
+function rcmail_part_image_type($part)
+{
+ $rcmail = rcmail::get_instance();
+
+ // Skip TIFF images if browser doesn't support this format...
+ $tiff_support = !empty($_SESSION['browser_caps']) && !empty($_SESSION['browser_caps']['tif']);
+ // until we can convert them to JPEG
+ $tiff_support = $tiff_support || $rcmail->config->get('im_convert_path');
+
+ // Content-type regexp
+ $mime_regex = $tiff_support ? '/^image\//i' : '/^image\/(?!tif)/i';
+
+ // Content-Type: image/*...
+ if (preg_match($mime_regex, $part->mimetype)) {
+ return rcmail_fix_mimetype($part->mimetype);
+ }
+
+ // Many clients use application/octet-stream, we'll detect mimetype
+ // by checking filename extension
+
+ // Supported image filename extensions to image type map
+ $types = array(
+ 'jpg' => 'image/jpeg',
+ 'jpeg' => 'image/jpeg',
+ 'png' => 'image/png',
+ 'gif' => 'image/gif',
+ 'bmp' => 'image/bmp',
+ );
+ if ($tiff_support) {
+ $types['tif'] = 'image/tiff';
+ $types['tiff'] = 'image/tiff';
+ }
+
+ if ($part->filename
+ && preg_match('/^application\/octet-stream$/i', $part->mimetype)
+ && preg_match('/\.([^.]+)$/i', $part->filename, $m)
+ && ($extension = strtolower($m[1]))
+ && isset($types[$extension])
+ ) {
+ return $types[$extension];
+ }
+}
+
/**
* modify a HTML message that it can be displayed inside a HTML page
*/
-function rcmail_html4inline($body, $container_id, $body_id='', &$attributes=null)
+function rcmail_html4inline($body, $container_id, $body_id='', &$attributes=null, $allow_remote=false)
{
$last_style_pos = 0;
- $body_lc = strtolower($body);
$cont_id = $container_id.($body_id ? ' div.'.$body_id : '');
// find STYLE tags
- while (($pos = strpos($body_lc, '<style', $last_style_pos)) && ($pos2 = strpos($body_lc, '</style>', $pos)))
+ while (($pos = stripos($body, '<style', $last_style_pos)) && ($pos2 = stripos($body, '</style>', $pos)))
{
- $pos = strpos($body_lc, '>', $pos)+1;
+ $pos = strpos($body, '>', $pos) + 1;
+ $len = $pos2 - $pos;
// replace all css definitions with #container [def]
- $styles = rcmail_mod_css_styles(
- substr($body, $pos, $pos2-$pos), $cont_id);
+ $styles = substr($body, $pos, $len);
+ $styles = rcmail_mod_css_styles($styles, $cont_id, $allow_remote);
- $body = substr($body, 0, $pos) . $styles . substr($body, $pos2);
- $body_lc = strtolower($body);
- $last_style_pos = $pos2;
+ $body = substr_replace($body, $styles, $pos, $len);
+ $last_style_pos = $pos2 + strlen($styles) - $len;
}
// modify HTML links to open a new window if clicked
$GLOBALS['rcmail_html_container_id'] = $container_id;
- $body = preg_replace_callback('/<(a|link)\s+([^>]+)>/Ui', 'rcmail_alter_html_link', $body);
+ $body = preg_replace_callback('/<(a|link|area)\s+([^>]+)>/Ui', 'rcmail_alter_html_link', $body);
unset($GLOBALS['rcmail_html_container_id']);
$body = preg_replace(array(
@@ -1178,20 +1329,22 @@
$attributes = array();
// Handle body attributes that doesn't play nicely with div elements
- if (preg_match('/<div class="' . preg_quote($body_id, '/') . '" ([^>]+)/', $body, $m)) {
+ $regexp = '/<div class="' . preg_quote($body_id, '/') . '"([^>]*)/';
+ if (preg_match($regexp, $body, $m)) {
$attrs = $m[0];
// Get bgcolor, we'll set it as background-color of the message container
- if (preg_match('/bgcolor=["\']*([a-z0-9#]+)["\']*/', $attrs, $mb)) {
+ if ($m[1] && preg_match('/bgcolor=["\']*([a-z0-9#]+)["\']*/', $attrs, $mb)) {
$attributes['background-color'] = $mb[1];
$attrs = preg_replace('/bgcolor=["\']*([a-z0-9#]+)["\']*/', '', $attrs);
}
// Get background, we'll set it as background-image of the message container
- if (preg_match('/background=["\']*([^"\'>\s]+)["\']*/', $attrs, $mb)) {
+ if ($m[1] && preg_match('/background=["\']*([^"\'>\s]+)["\']*/', $attrs, $mb)) {
$attributes['background-image'] = 'url('.$mb[1].')';
$attrs = preg_replace('/background=["\']*([^"\'>\s]+)["\']*/', '', $attrs);
}
- if (!empty($attributes))
- $body = preg_replace('/<div class="' . preg_quote($body_id, '/') . '" [^>]+/', rtrim($attrs), $body, 1);
+ if (!empty($attributes)) {
+ $body = preg_replace($regexp, rtrim($attrs), $body, 1);
+ }
// handle body styles related to background image
if ($attributes['background-image']) {
@@ -1207,8 +1360,9 @@
}
// make sure there's 'rcmBody' div, we need it for proper css modification
// its name is hardcoded in rcmail_message_body() also
- else
+ else {
$body = '<div class="' . $body_id . '">' . $body . '</div>';
+ }
return $body;
}
@@ -1219,41 +1373,56 @@
*/
function rcmail_alter_html_link($matches)
{
- global $EMAIL_ADDRESS_PATTERN;
+ global $RCMAIL;
+
+ // Support unicode/punycode in top-level domain part
+ $EMAIL_PATTERN = '([a-z0-9][a-z0-9\-\.\+\_]*@[^&@"\'.][^@&"\']*\\.([^\\x00-\\x40\\x5b-\\x60\\x7b-\\x7f]{2,}|xn--[a-z0-9]{2,}))';
$tag = $matches[1];
$attrib = parse_attrib_string($matches[2]);
$end = '>';
+ // Remove non-printable characters in URL (#1487805)
+ if ($attrib['href'])
+ $attrib['href'] = preg_replace('/[\x00-\x1F]/', '', $attrib['href']);
+
if ($tag == 'link' && preg_match('/^https?:\/\//i', $attrib['href'])) {
- $attrib['href'] = "?_task=utils&_action=modcss&u=" . urlencode($attrib['href'])
- . "&c=" . urlencode($GLOBALS['rcmail_html_container_id']);
+ $tempurl = 'tmp-' . md5($attrib['href']) . '.css';
+ $_SESSION['modcssurls'][$tempurl] = $attrib['href'];
+ $attrib['href'] = $RCMAIL->url(array('task' => 'utils', 'action' => 'modcss', 'u' => $tempurl, 'c' => $GLOBALS['rcmail_html_container_id']));
$end = ' />';
}
- else if (preg_match('/^mailto:'.$EMAIL_ADDRESS_PATTERN.'(\?[^"\'>]+)?/i', $attrib['href'], $mailto)) {
+ else if (preg_match('/^mailto:'.$EMAIL_PATTERN.'(\?[^"\'>]+)?/i', $attrib['href'], $mailto)) {
$attrib['href'] = $mailto[0];
$attrib['onclick'] = sprintf(
"return %s.command('compose','%s',this)",
JS_OBJECT_NAME,
- JQ($mailto[1].$mailto[2]));
+ JQ($mailto[1].$mailto[3]));
+ }
+ else if (empty($attrib['href']) && !$attrib['name']) {
+ $attrib['href'] = './#NOP';
+ $attrib['onclick'] = 'return false';
}
else if (!empty($attrib['href']) && $attrib['href'][0] != '#') {
$attrib['target'] = '_blank';
}
- return "<$tag" . html::attrib_string($attrib, array('href','name','target','onclick','id','class','style','title','rel','type','media')) . $end;
+ // allowed attributes for a|link|area tags
+ $allow = array('href','name','target','onclick','id','class','style','title',
+ 'rel','type','media','alt','coords','nohref','hreflang','shape');
+
+ return "<$tag" . html::attrib_string($attrib, $allow) . $end;
}
/**
* decode address string and re-format it as HTML links
*/
-function rcmail_address_string($input, $max=null, $linked=false, $addicon=null)
+function rcmail_address_string($input, $max=null, $linked=false, $addicon=null, $default_charset=null, $title=null)
{
- global $IMAP, $RCMAIL, $PRINT_MODE, $CONFIG;
- static $got_writable_abook = null;
+ global $RCMAIL, $PRINT_MODE, $CONFIG;
- $a_parts = $IMAP->decode_address_list($input);
+ $a_parts = rcube_mime::decode_address_list($input, null, true, $default_charset);
if (!sizeof($a_parts))
return $input;
@@ -1261,31 +1430,39 @@
$c = count($a_parts);
$j = 0;
$out = '';
+ $allvalues = array();
- if ($got_writable_abook === null && $books = $RCMAIL->get_address_sources(true)) {
- $got_writable_abook = true;
+ if ($addicon && !isset($_SESSION['writeable_abook'])) {
+ $_SESSION['writeable_abook'] = $RCMAIL->get_address_sources(true) ? true : false;
}
foreach ($a_parts as $part) {
$j++;
-
$name = $part['name'];
$mailto = $part['mailto'];
$string = $part['string'];
+ $valid = check_email($mailto, false);
+
+ // phishing email prevention (#1488981), e.g. "valid@email.addr <phishing@email.addr>"
+ if ($name && $valid && $name != $mailto && strpos($name, '@')) {
+ $name = '';
+ }
// IDNA ASCII to Unicode
if ($name == $mailto)
- $name = idn_to_utf8($name);
+ $name = rcube_idn_to_utf8($name);
if ($string == $mailto)
- $string = idn_to_utf8($string);
- $mailto = idn_to_utf8($mailto);
+ $string = rcube_idn_to_utf8($string);
+ $mailto = rcube_idn_to_utf8($mailto);
if ($PRINT_MODE) {
- $out .= sprintf('%s <%s>', Q($name), $mailto);
+ $out .= ($out ? ', ' : '') . sprintf('%s <%s>', Q($name), $mailto);
+ // for printing we display all addresses
+ continue;
}
- else if (check_email($part['mailto'], false)) {
+ else if ($valid) {
if ($linked) {
- $out .= html::a(array(
+ $address = html::a(array(
'href' => 'mailto:'.$mailto,
'onclick' => sprintf("return %s.command('compose','%s',this)", JS_OBJECT_NAME, JQ($mailto)),
'title' => $mailto,
@@ -1294,15 +1471,16 @@
Q($name ? $name : $mailto));
}
else {
- $out .= html::span(array('title' => $mailto, 'class' => "rcmContactAddress"),
+ $address = html::span(array('title' => $mailto, 'class' => "rcmContactAddress"),
Q($name ? $name : $mailto));
}
- if ($addicon && $got_writable_abook) {
- $out .= ' ' . html::a(array(
+ if ($addicon && $_SESSION['writeable_abook']) {
+ $address .= html::a(array(
'href' => "#add",
- 'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, urlencode($string)),
+ 'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, JQ($string)),
'title' => rcube_label('addtoaddressbook'),
+ 'class' => 'rcmaddcontact',
),
html::img(array(
'src' => $CONFIG['skin_path'] . $addicon,
@@ -1311,19 +1489,40 @@
}
}
else {
+ $address = '';
if ($name)
- $out .= Q($name);
+ $address .= Q($name);
if ($mailto)
- $out .= (strlen($out) ? ' ' : '') . sprintf('<%s>', Q($mailto));
+ $address = trim($address . ' ' . Q($name ? sprintf('<%s>', $mailto) : $mailto));
}
- if ($c>$j)
- $out .= ','.($max ? ' ' : ' ');
+ $address = html::span('adr', $address);
+ $allvalues[] = $address;
- if ($max && $j==$max && $c>$j) {
- $out .= '...';
- break;
+ if (!$moreadrs)
+ $out .= ($out ? ', ' : '') . $address;
+
+ if ($max && $j == $max && $c > $j) {
+ if ($linked) {
+ $moreadrs = $c - $j;
+ }
+ else {
+ $out .= '...';
+ break;
+ }
}
+ }
+
+ if ($moreadrs) {
+ $out .= ' ' . html::a(array(
+ 'href' => '#more',
+ 'class' => 'morelink',
+ 'onclick' => sprintf("return %s.show_popup_dialog('%s','%s')",
+ JS_OBJECT_NAME,
+ JQ(join(', ', $allvalues)),
+ JQ($title))
+ ),
+ Q(rcube_label(array('name' => 'andnmore', 'vars' => array('nr' => $moreadrs)))));
}
return $out;
@@ -1333,17 +1532,17 @@
/**
* Wrap text to a given number of characters per line
* but respect the mail quotation of replies messages (>).
- * Finally add another quotation level by prpending the lines
+ * Finally add another quotation level by prepending the lines
* with >
*
* @param string Text to wrap
- * @param int The line width
+ * @param int The line width
* @return string The wrapped text
*/
function rcmail_wrap_and_quote($text, $length = 72)
{
// Rebuild the message body with a maximum of $max chars, while keeping quoted message.
- $max = min(77, $length + 8);
+ $max = max(75, $length + 8);
$lines = preg_split('/\r?\n/', trim($text));
$out = '';
@@ -1353,7 +1552,7 @@
$line = '>' . rtrim($line);
else if (mb_strlen($line) > $max) {
$newline = '';
- foreach(explode("\n", rc_wordwrap($line, $length - 2)) as $l) {
+ foreach (explode("\n", rc_wordwrap($line, $length - 2)) as $l) {
if (strlen($l))
$newline .= '> ' . $l . "\n";
else
@@ -1368,7 +1567,7 @@
$out .= $line . "\n";
}
- return $out;
+ return rtrim($out, "\n");
}
@@ -1396,31 +1595,30 @@
}
-function rcmail_message_part_controls()
+function rcmail_message_part_controls($attrib)
{
- global $MESSAGE;
+ global $MESSAGE, $RCMAIL;
$part = asciiwords(get_input_value('_part', RCUBE_INPUT_GPC));
if (!is_object($MESSAGE) || !is_array($MESSAGE->parts) || !($_GET['_uid'] && $_GET['_part']) || !$MESSAGE->mime_parts[$part])
return '';
- $part = $MESSAGE->mime_parts[$part];
+ $part = $MESSAGE->mime_parts[$part];
$table = new html_table(array('cols' => 3));
- if (!empty($part->filename)) {
+ $filename = rcmail_attachment_name($part);
+
+ if (!empty($filename)) {
$table->add('title', Q(rcube_label('filename')));
- $table->add(null, Q($part->filename));
- $table->add(null, '[' . html::a('?'.str_replace('_frame=', '_download=', $_SERVER['QUERY_STRING']), Q(rcube_label('download'))) . ']');
+ $table->add('header', Q($filename));
+ $table->add('download-link', html::a(array('href' => './?'.str_replace('_frame=', '_download=', $_SERVER['QUERY_STRING'])), Q(rcube_label('download'))));
}
- if (!empty($part->size)) {
- $table->add('title', Q(rcube_label('filesize')));
- $table->add(null, Q(show_bytes($part->size)));
- }
+ $table->add('title', Q(rcube_label('filesize')));
+ $table->add('header', Q($RCMAIL->message_part_size($part)));
return $table->show($attrib);
}
-
function rcmail_message_part_frame($attrib)
@@ -1430,7 +1628,7 @@
$part = $MESSAGE->mime_parts[asciiwords(get_input_value('_part', RCUBE_INPUT_GPC))];
$ctype_primary = strtolower($part->ctype_primary);
- $attrib['src'] = './?' . str_replace('_frame=', ($ctype_primary=='text' ? '_show=' : '_preload='), $_SERVER['QUERY_STRING']);
+ $attrib['src'] = './?' . str_replace('_frame=', ($ctype_primary=='text' ? '_embed=' : '_preload='), $_SERVER['QUERY_STRING']);
return html::iframe($attrib);
}
@@ -1439,158 +1637,16 @@
/**
* clear message composing settings
*/
-function rcmail_compose_cleanup()
+function rcmail_compose_cleanup($id)
{
- if (!isset($_SESSION['compose']))
+ if (!isset($_SESSION['compose_data_'.$id]))
return;
$rcmail = rcmail::get_instance();
- $rcmail->plugins->exec_hook('attachments_cleanup', array());
- $rcmail->session->remove('compose');
+ $rcmail->plugins->exec_hook('attachments_cleanup', array('group' => $id));
+ $rcmail->session->remove('compose_data_'.$id);
}
-
-/**
- * Send the given message using the configured method
- *
- * @param object $message Reference to Mail_MIME object
- * @param string $from Sender address string
- * @param array $mailto Array of recipient address strings
- * @param array $smtp_error SMTP error array (reference)
- * @param string $body_file Location of file with saved message body (reference)
- * @param array $smtp_opts SMTP options (e.g. DSN request)
- *
- * @return boolean Send status.
- */
-function rcmail_deliver_message(&$message, $from, $mailto, &$smtp_error, &$body_file, $smtp_opts=null)
-{
- global $CONFIG, $RCMAIL;
-
- $headers = $message->headers();
-
- // send thru SMTP server using custom SMTP library
- if ($CONFIG['smtp_server']) {
- // generate list of recipients
- $a_recipients = array($mailto);
-
- if (strlen($headers['Cc']))
- $a_recipients[] = $headers['Cc'];
- if (strlen($headers['Bcc']))
- $a_recipients[] = $headers['Bcc'];
-
- // clean Bcc from header for recipients
- $send_headers = $headers;
- unset($send_headers['Bcc']);
- // here too, it because txtHeaders() below use $message->_headers not only $send_headers
- unset($message->_headers['Bcc']);
-
- $smtp_headers = $message->txtHeaders($send_headers, true);
-
- if ($message->getParam('delay_file_io')) {
- // use common temp dir
- $temp_dir = $RCMAIL->config->get('temp_dir');
- $body_file = tempnam($temp_dir, 'rcmMsg');
- if (PEAR::isError($mime_result = $message->saveMessageBody($body_file))) {
- raise_error(array('code' => 600, 'type' => 'php',
- 'file' => __FILE__, 'line' => __LINE__,
- 'message' => "Could not create message: ".$mime_result->getMessage()),
- TRUE, FALSE);
- return false;
- }
- $msg_body = fopen($body_file, 'r');
- } else {
- $msg_body = $message->get();
- }
-
- // send message
- if (!is_object($RCMAIL->smtp))
- $RCMAIL->smtp_init(true);
-
- $sent = $RCMAIL->smtp->send_mail($from, $a_recipients, $smtp_headers, $msg_body, $smtp_opts);
- $smtp_response = $RCMAIL->smtp->get_response();
- $smtp_error = $RCMAIL->smtp->get_error();
-
- // log error
- if (!$sent)
- raise_error(array('code' => 800, 'type' => 'smtp', 'line' => __LINE__, 'file' => __FILE__,
- 'message' => "SMTP error: ".join("\n", $smtp_response)), TRUE, FALSE);
- }
- // send mail using PHP's mail() function
- else {
- // unset some headers because they will be added by the mail() function
- $headers_enc = $message->headers($headers);
- $headers_php = $message->_headers;
- unset($headers_php['To'], $headers_php['Subject']);
-
- // reset stored headers and overwrite
- $message->_headers = array();
- $header_str = $message->txtHeaders($headers_php);
-
- // #1485779
- if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN') {
- if (preg_match_all('/<([^@]+@[^>]+)>/', $headers_enc['To'], $m)) {
- $headers_enc['To'] = implode(', ', $m[1]);
- }
- }
-
- $msg_body = $message->get();
-
- if (PEAR::isError($msg_body))
- raise_error(array('code' => 600, 'type' => 'php',
- 'file' => __FILE__, 'line' => __LINE__,
- 'message' => "Could not create message: ".$msg_body->getMessage()),
- TRUE, FALSE);
- else {
- $delim = $RCMAIL->config->header_delimiter();
- $to = $headers_enc['To'];
- $subject = $headers_enc['Subject'];
-
- if ($delim != "\r\n") {
- $header_str = str_replace("\r\n", $delim, $header_str);
- $msg_body = str_replace("\r\n", $delim, $msg_body);
- $to = str_replace("\r\n", $delim, $to);
- $subject = str_replace("\r\n", $delim, $subject);
- }
-
- if (ini_get('safe_mode'))
- $sent = mail($to, $subject, $msg_body, $header_str);
- else
- $sent = mail($to, $subject, $msg_body, $header_str, "-f$from");
- }
- }
-
- if ($sent) {
- $RCMAIL->plugins->exec_hook('message_sent', array('headers' => $headers, 'body' => $msg_body));
-
- // remove MDN headers after sending
- unset($headers['Return-Receipt-To'], $headers['Disposition-Notification-To']);
-
- // get all recipients
- if ($headers['Cc'])
- $mailto .= $headers['Cc'];
- if ($headers['Bcc'])
- $mailto .= $headers['Bcc'];
- if (preg_match_all('/<([^@]+@[^>]+)>/', $mailto, $m))
- $mailto = implode(', ', array_unique($m[1]));
-
- if ($CONFIG['smtp_log']) {
- write_log('sendmail', sprintf("User %s [%s]; Message for %s; %s",
- $RCMAIL->user->get_username(),
- $_SERVER['REMOTE_ADDR'],
- $mailto,
- !empty($smtp_response) ? join('; ', $smtp_response) : ''));
- }
- }
-
- if (is_resource($msg_body)) {
- fclose($msg_body);
- }
-
- $message->_headers = array();
- $message->headers($headers);
-
- return $sent;
-}
/**
* Send the MDN response
@@ -1602,18 +1658,19 @@
*/
function rcmail_send_mdn($message, &$smtp_error)
{
- global $RCMAIL, $IMAP;
+ global $RCMAIL;
- if (!is_a($message, rcube_message))
+ if (!is_object($message) || !is_a($message, 'rcube_message'))
$message = new rcube_message($message);
- if ($message->headers->mdn_to && !$message->headers->mdn_sent &&
- ($IMAP->check_permflag('MDNSENT') || $IMAP->check_permflag('*')))
+ if ($message->headers->mdn_to && empty($message->headers->flags['MDNSENT']) &&
+ ($RCMAIL->storage->check_permflag('MDNSENT') || $RCMAIL->storage->check_permflag('*')))
{
- $identity = $RCMAIL->user->get_identity();
- $sender = format_email_recipient($identity['email'], $identity['name']);
- $recipient = array_shift($IMAP->decode_address_list($message->headers->mdn_to));
- $mailto = $recipient['mailto'];
+ $identity = rcmail_identity_select($message);
+ $sender = format_email_recipient($identity['email'], $identity['name']);
+ $recipient = array_shift(rcube_mime::decode_address_list(
+ $message->headers->mdn_to, 1, true, $message->headers->charset));
+ $mailto = $recipient['mailto'];
$compose = new Mail_mime("\r\n");
@@ -1638,8 +1695,11 @@
if ($agent = $RCMAIL->config->get('useragent'))
$headers['User-Agent'] = $agent;
+ if ($RCMAIL->config->get('mdn_use_from'))
+ $options['mdn_use_from'] = true;
+
$body = rcube_label("yourmessage") . "\r\n\r\n" .
- "\t" . rcube_label("to") . ': ' . rcube_imap::decode_mime_string($message->headers->to, $message->headers->charset) . "\r\n" .
+ "\t" . rcube_label("to") . ': ' . rcube_mime::decode_mime_string($message->headers->to, $message->headers->charset) . "\r\n" .
"\t" . rcube_label("subject") . ': ' . $message->subject . "\r\n" .
"\t" . rcube_label("sent") . ': ' . format_date($message->headers->date, $RCMAIL->config->get('date_long')) . "\r\n" .
"\r\n" . rcube_label("receiptnote") . "\r\n";
@@ -1659,11 +1719,11 @@
$compose->setTXTBody(rc_wordwrap($body, 75, "\r\n"));
$compose->addAttachment($report, 'message/disposition-notification', 'MDNPart2.txt', false, '7bit', 'inline');
- $sent = rcmail_deliver_message($compose, $identity['email'], $mailto, $smtp_error, $body_file);
+ $sent = rcmail_deliver_message($compose, $identity['email'], $mailto, $smtp_error, $body_file, $options);
if ($sent)
{
- $IMAP->set_flag($message->uid, 'MDNSENT');
+ $RCMAIL->storage->set_flag($message->uid, 'MDNSENT');
return true;
}
}
@@ -1671,50 +1731,114 @@
return false;
}
-// Returns unique Message-ID
-function rcmail_gen_message_id()
+/**
+ * Detect recipient identity from specified message
+ */
+function rcmail_identity_select($MESSAGE, $identities = null, $compose_mode = 'reply')
{
- global $RCMAIL;
+ $a_recipients = array();
+ $a_names = array();
- $local_part = md5(uniqid('rcmail'.mt_rand(),true));
- $domain_part = $RCMAIL->user->get_username('domain');
-
- // Try to find FQDN, some spamfilters doesn't like 'localhost' (#1486924)
- if (!preg_match('/\.[a-z]+$/i', $domain_part)) {
- if (($host = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']))
- && preg_match('/\.[a-z]+$/i', $host)) {
- $domain_part = $host;
+ if ($identities === null) {
+ $identities = rcmail::get_instance()->user->list_identities(null, true);
}
- else if (($host = preg_replace('/:[0-9]+$/', '', $_SERVER['SERVER_NAME']))
- && preg_match('/\.[a-z]+$/i', $host)) {
- $domain_part = $host;
+
+ // extract all recipients of the reply-message
+ if (is_object($MESSAGE->headers) && in_array($compose_mode, array('reply', 'forward'))) {
+ $a_to = rcube_mime::decode_address_list($MESSAGE->headers->to, null, true, $MESSAGE->headers->charset);
+ foreach ($a_to as $addr) {
+ if (!empty($addr['mailto'])) {
+ $a_recipients[] = format_email($addr['mailto']);
+ $a_names[] = $addr['name'];
+ }
+ }
+
+ if (!empty($MESSAGE->headers->cc)) {
+ $a_cc = rcube_mime::decode_address_list($MESSAGE->headers->cc, null, true, $MESSAGE->headers->charset);
+ foreach ($a_cc as $addr) {
+ if (!empty($addr['mailto'])) {
+ $a_recipients[] = format_email($addr['mailto']);
+ $a_names[] = $addr['name'];
+ }
+ }
+ }
}
- }
- return sprintf('<%s@%s>', $local_part, $domain_part);
-}
+ $from_idx = null;
+ $found_idx = null;
+ $default_identity = 0; // default identity is always first on the list
-// Returns RFC2822 formatted current date in user's timezone
-function rcmail_user_date()
-{
- global $CONFIG;
+ // Select identity
+ foreach ($identities as $idx => $ident) {
+ // use From header
+ if (in_array($compose_mode, array('draft', 'edit'))) {
+ if ($MESSAGE->headers->from == $ident['ident']) {
+ $from_idx = $idx;
+ break;
+ }
+ }
+ // reply to yourself
+ else if ($compose_mode == 'reply' && $MESSAGE->headers->from == $ident['ident']) {
+ $from_idx = $idx;
+ break;
+ }
+ // use replied message recipients
+ else if (($found = array_search($ident['email_ascii'], $a_recipients)) !== false) {
+ if ($found_idx === null) {
+ $found_idx = $idx;
+ }
+ // match identity name
+ if ($a_names[$found] && $ident['name'] && $a_names[$found] == $ident['name']) {
+ $from_idx = $idx;
+ break;
+ }
+ }
+ }
- // get user's timezone
- if ($CONFIG['timezone'] === 'auto') {
- $tz = isset($_SESSION['timezone']) ? $_SESSION['timezone'] : date('Z')/3600;
- }
- else {
- $tz = $CONFIG['timezone'];
- if ($CONFIG['dst_active'])
- $tz++;
- }
+ // If matching by name+address doesn't found any matches, get first found address (identity)
+ if ($from_idx === null) {
+ $from_idx = $found_idx;
+ }
- $date = time() + $tz * 60 * 60;
- $date = gmdate('r', $date);
- $tz = sprintf('%+05d', intval($tz) * 100 + ($tz - intval($tz)) * 60);
- $date = preg_replace('/[+-][0-9]{4}$/', $tz, $date);
+ // Try Return-Path
+ if ($from_idx === null && ($return_path = $MESSAGE->headers->others['return-path'])) {
+ foreach ($identities as $idx => $ident) {
+ // Return-Path header contains an email address, but on some mailing list
+ // it can be e.g. <pear-dev-return-55250-local=domain.tld@lists.php.net>
+ // where local@domain.tld is the address we're looking for (#1489241)
+ $ident1 = $ident['email_ascii'];
+ $ident2 = str_replace('@', '=', $ident1);
- return $date;
+ foreach ((array)$return_path as $path) {
+ if (stripos($path, $ident1) !== false || stripos($path, $ident2)) {
+ $from_idx = $idx;
+ break 2;
+ }
+ }
+ }
+ }
+
+ // Fallback using Delivered-To
+ if ($from_idx === null && ($delivered_to = $MESSAGE->headers->others['delivered-to'])) {
+ foreach ($identities as $idx => $ident) {
+ if (in_array($ident['email_ascii'], (array)$delivered_to)) {
+ $from_idx = $idx;
+ break;
+ }
+ }
+ }
+
+ // Fallback using Envelope-To
+ if ($from_idx === null && ($envelope_to = $MESSAGE->headers->others['envelope-to'])) {
+ foreach ($identities as $idx => $ident) {
+ if (in_array($ident['email_ascii'], (array)$envelope_to)) {
+ $from_idx = $idx;
+ break;
+ }
+ }
+ }
+
+ return $identities[$from_idx !== null ? $from_idx : $default_identity];
}
// Fixes some content-type names
@@ -1724,8 +1848,42 @@
// application/pdf.A520491B_3BF7_494D_8855_7FAC2C6C0608
if (preg_match('/^application\/pdf.+/', $name))
$name = 'application/pdf';
+ // treat image/pjpeg (image/pjpg, image/jpg) as image/jpeg (#1489097)
+ else if (preg_match('/^image\/p?jpe?g$/', $name))
+ $name = 'image/jpeg';
return $name;
+}
+
+// return attachment filename, handle empty filename case
+function rcmail_attachment_name($attachment, $display = false)
+{
+ $filename = $attachment->filename;
+
+ if ($filename === null || $filename === '') {
+ if ($attachment->mimetype == 'text/html') {
+ $filename = rcube_label('htmlmessage');
+ }
+ else {
+ $ext = (array) rcube_mime::get_mime_extensions($attachment->mimetype);
+ $ext = array_shift($ext);
+ $filename = rcube_label('messagepart') . ' ' . $attachment->mime_id;
+ if ($ext) {
+ $filename .= '.' . $ext;
+ }
+ }
+ }
+
+ $filename = preg_replace('[\r\n]', '', $filename);
+
+ // Display smart names for some known mimetypes
+ if ($display) {
+ if (preg_match('/application\/(pgp|pkcs7)-signature/i', $attachment->mimetype)) {
+ $filename = rcube_label('digitalsig');
+ }
+ }
+
+ return $filename;
}
function rcmail_search_filter($attrib)
@@ -1750,8 +1908,15 @@
$select_filter->add(rcube_label('unread'), 'UNSEEN');
$select_filter->add(rcube_label('flagged'), 'FLAGGED');
$select_filter->add(rcube_label('unanswered'), 'UNANSWERED');
- if (!$CONFIG['skip_deleted'])
+ if (!$CONFIG['skip_deleted']) {
$select_filter->add(rcube_label('deleted'), 'DELETED');
+ $select_filter->add(rcube_label('undeleted'), 'UNDELETED');
+ }
+ $select_filter->add(rcube_label('priority').': '.rcube_label('highest'), 'HEADER X-PRIORITY 1');
+ $select_filter->add(rcube_label('priority').': '.rcube_label('high'), 'HEADER X-PRIORITY 2');
+ $select_filter->add(rcube_label('priority').': '.rcube_label('normal'), 'NOT HEADER X-PRIORITY 1 NOT HEADER X-PRIORITY 2 NOT HEADER X-PRIORITY 4 NOT HEADER X-PRIORITY 5');
+ $select_filter->add(rcube_label('priority').': '.rcube_label('low'), 'HEADER X-PRIORITY 4');
+ $select_filter->add(rcube_label('priority').': '.rcube_label('lowest'), 'HEADER X-PRIORITY 5');
$out = $select_filter->show($_SESSION['search_filter']);
@@ -1766,7 +1931,7 @@
// Set env variables for messageerror.html template
if ($RCMAIL->action == 'show') {
- $mbox_name = $RCMAIL->imap->get_mailbox_name();
+ $mbox_name = $RCMAIL->storage->get_folder();
$RCMAIL->output->set_env('mailbox', $mbox_name);
$RCMAIL->output->set_env('uid', null);
}
@@ -1784,6 +1949,7 @@
'quotadisplay' => 'rcmail_quota_display',
'mailboxname' => 'rcmail_mailbox_name_display',
'messageheaders' => 'rcmail_message_headers',
+ 'messagefullheaders' => 'rcmail_message_full_headers',
'messagebody' => 'rcmail_message_body',
'messagecontentframe' => 'rcmail_messagecontent_frame',
'messagepartframe' => 'rcmail_message_part_frame',
@@ -1792,4 +1958,18 @@
'searchform' => array($OUTPUT, 'search_form'),
));
-
+// register action aliases
+$RCMAIL->register_action_map(array(
+ 'refresh' => 'check_recent.inc',
+ 'preview' => 'show.inc',
+ 'print' => 'show.inc',
+ 'moveto' => 'move_del.inc',
+ 'delete' => 'move_del.inc',
+ 'send' => 'sendmail.inc',
+ 'expunge' => 'folders.inc',
+ 'purge' => 'folders.inc',
+ 'remove-attachment' => 'attachments.inc',
+ 'display-attachment' => 'attachments.inc',
+ 'upload' => 'attachments.inc',
+ 'group-expand' => 'autocomplete.inc',
+));
--
Gitblit v1.9.1