From acf633c73bc8df9a5036bc52d7568f4213ab73c7 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 06 May 2016 02:32:01 -0400
Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241)
---
program/include/rcmail.php | 59 +++++++++++++++++++++++++++++------------------------------
1 files changed, 29 insertions(+), 30 deletions(-)
diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index ca944f4..1d4751e 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -145,8 +145,13 @@
$this->task = $task;
$this->comm_path = $this->url(array('task' => $this->task));
+ if (!empty($_REQUEST['_framed'])) {
+ $this->comm_path .= '&_framed=1';
+ }
+
if ($this->output) {
$this->output->set_env('task', $this->task);
+ $this->output->set_env('comm_path', $this->comm_path);
}
}
@@ -170,9 +175,11 @@
// set localization
setlocale(LC_ALL, $lang . '.utf8', $lang . '.UTF-8', 'en_US.utf8', 'en_US.UTF-8');
- // workaround for http://bugs.php.net/bug.php?id=18556
- if (version_compare(PHP_VERSION, '5.5.0', '<') && in_array($lang, array('tr_TR', 'ku', 'az_AZ'))) {
- setlocale(LC_CTYPE, 'en_US.utf8', 'en_US.UTF-8');
+ // Workaround for http://bugs.php.net/bug.php?id=18556
+ // Also strtoupper/strtolower and other methods are locale-aware
+ // for these locales it is problematic (#1490519)
+ if (in_array($lang, array('tr_TR', 'ku', 'az_AZ'))) {
+ setlocale(LC_CTYPE, 'en_US.utf8', 'en_US.UTF-8', 'C');
}
}
@@ -430,6 +437,9 @@
$this->output->set_env('user_id', $this->user->get_hash());
}
+ // set compose mode for all tasks (message compose step can be triggered from everywhere)
+ $this->output->set_env('compose_extwin', $this->config->get('compose_extwin',false));
+
// add some basic labels to client
$this->output->add_label('loading', 'servererror', 'connerror', 'requesttimedout', 'refreshing');
@@ -497,30 +507,18 @@
$username_domain = $this->config->get('username_domain');
$login_lc = $this->config->get('login_lc', 2);
- if (!$host) {
- $host = $default_host;
- }
-
- // Validate that selected host is in the list of configured hosts
- if (is_array($default_host)) {
- $allowed = false;
-
- foreach ($default_host as $key => $host_allowed) {
- if (!is_numeric($key)) {
- $host_allowed = $key;
- }
- if ($host == $host_allowed) {
- $allowed = true;
- break;
- }
+ // host is validated in rcmail::autoselect_host(), so here
+ // we'll only handle unset host (if possible)
+ if (!$host && !empty($default_host)) {
+ if (is_array($default_host)) {
+ list($key, $val) = each($default_host);
+ $host = is_numeric($key) ? $val : $key;
+ }
+ else {
+ $host = $default_host;
}
- if (!$allowed) {
- $host = null;
- }
- }
- else if (!empty($default_host) && $host != rcube_utils::parse_host($default_host)) {
- $host = null;
+ $host = rcube_utils::parse_host($host);
}
if (!$host) {
@@ -1346,7 +1344,8 @@
*/
public function folder_selector($p = array())
{
- $p += array('maxlength' => 100, 'realnames' => false, 'is_escaped' => true);
+ $realnames = $this->config->get('show_real_foldernames');
+ $p += array('maxlength' => 100, 'realnames' => $realnames, 'is_escaped' => true);
$a_mailboxes = array();
$storage = $this->get_storage();
@@ -1637,7 +1636,7 @@
$count = count($path);
if ($count > 1) {
- for ($i = 0; $i < $count; $i++) {
+ for ($i = 1; $i < $count; $i++) {
$folder = implode($delimiter, array_slice($path, 0, -$i));
if ($folder_class = $this->folder_classname($folder)) {
$name = implode($delimiter, array_slice($path, $count - $i));
@@ -1809,17 +1808,17 @@
$lang = 'en';
}
- $script = json_encode(array(
+ $script = array(
'mode' => $mode,
'lang' => $lang,
'skin_path' => $this->output->get_skin_path(),
'spellcheck' => intval($this->config->get('enable_spellcheck')),
'spelldict' => intval($this->config->get('spellcheck_dictionary'))
- ));
+ );
$this->output->include_script('tiny_mce/tiny_mce.js');
$this->output->include_script('editor.js');
- $this->output->add_script("rcmail_editor_init($script)", 'docready');
+ $this->output->set_env('html_editor_init', $script);
}
/**
--
Gitblit v1.9.1