From acf633c73bc8df9a5036bc52d7568f4213ab73c7 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 06 May 2016 02:32:01 -0400
Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241)

---
 program/include/rcmail.php |   25 ++++++++++++++++++-------
 1 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index f0afc6b..1d4751e 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -145,8 +145,13 @@
         $this->task      = $task;
         $this->comm_path = $this->url(array('task' => $this->task));
 
+        if (!empty($_REQUEST['_framed'])) {
+            $this->comm_path .= '&_framed=1';
+        }
+
         if ($this->output) {
             $this->output->set_env('task', $this->task);
+            $this->output->set_env('comm_path', $this->comm_path);
         }
     }
 
@@ -170,9 +175,11 @@
         // set localization
         setlocale(LC_ALL, $lang . '.utf8', $lang . '.UTF-8', 'en_US.utf8', 'en_US.UTF-8');
 
-        // workaround for http://bugs.php.net/bug.php?id=18556
-        if (version_compare(PHP_VERSION, '5.5.0', '<') && in_array($lang, array('tr_TR', 'ku', 'az_AZ'))) {
-            setlocale(LC_CTYPE, 'en_US.utf8', 'en_US.UTF-8');
+        // Workaround for http://bugs.php.net/bug.php?id=18556
+        // Also strtoupper/strtolower and other methods are locale-aware
+        // for these locales it is problematic (#1490519)
+        if (in_array($lang, array('tr_TR', 'ku', 'az_AZ'))) {
+            setlocale(LC_CTYPE, 'en_US.utf8', 'en_US.UTF-8', 'C');
         }
     }
 
@@ -429,6 +436,9 @@
         if ($this->user && $this->user->ID) {
             $this->output->set_env('user_id', $this->user->get_hash());
         }
+
+        // set compose mode for all tasks (message compose step can be triggered from everywhere)
+        $this->output->set_env('compose_extwin', $this->config->get('compose_extwin',false));
 
         // add some basic labels to client
         $this->output->add_label('loading', 'servererror', 'connerror', 'requesttimedout', 'refreshing');
@@ -1334,7 +1344,8 @@
      */
     public function folder_selector($p = array())
     {
-        $p += array('maxlength' => 100, 'realnames' => false, 'is_escaped' => true);
+        $realnames = $this->config->get('show_real_foldernames');
+        $p += array('maxlength' => 100, 'realnames' => $realnames, 'is_escaped' => true);
         $a_mailboxes = array();
         $storage = $this->get_storage();
 
@@ -1797,17 +1808,17 @@
             $lang = 'en';
         }
 
-        $script = json_encode(array(
+        $script = array(
             'mode'       => $mode,
             'lang'       => $lang,
             'skin_path'  => $this->output->get_skin_path(),
             'spellcheck' => intval($this->config->get('enable_spellcheck')),
             'spelldict'  => intval($this->config->get('spellcheck_dictionary'))
-        ));
+        );
 
         $this->output->include_script('tiny_mce/tiny_mce.js');
         $this->output->include_script('editor.js');
-        $this->output->add_script("rcmail_editor_init($script)", 'docready');
+        $this->output->set_env('html_editor_init', $script);
     }
 
     /**

--
Gitblit v1.9.1