From acf633c73bc8df9a5036bc52d7568f4213ab73c7 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 06 May 2016 02:32:01 -0400
Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241)
---
program/include/rcmail.php | 126 ++++++++++++++++++++++++-----------------
1 files changed, 73 insertions(+), 53 deletions(-)
diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index bb42cab..1d4751e 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -145,8 +145,13 @@
$this->task = $task;
$this->comm_path = $this->url(array('task' => $this->task));
+ if (!empty($_REQUEST['_framed'])) {
+ $this->comm_path .= '&_framed=1';
+ }
+
if ($this->output) {
$this->output->set_env('task', $this->task);
+ $this->output->set_env('comm_path', $this->comm_path);
}
}
@@ -170,9 +175,11 @@
// set localization
setlocale(LC_ALL, $lang . '.utf8', $lang . '.UTF-8', 'en_US.utf8', 'en_US.UTF-8');
- // workaround for http://bugs.php.net/bug.php?id=18556
- if (version_compare(PHP_VERSION, '5.5.0', '<') && in_array($lang, array('tr_TR', 'ku', 'az_AZ'))) {
- setlocale(LC_CTYPE, 'en_US.utf8', 'en_US.UTF-8');
+ // Workaround for http://bugs.php.net/bug.php?id=18556
+ // Also strtoupper/strtolower and other methods are locale-aware
+ // for these locales it is problematic (#1490519)
+ if (in_array($lang, array('tr_TR', 'ku', 'az_AZ'))) {
+ setlocale(LC_CTYPE, 'en_US.utf8', 'en_US.UTF-8', 'C');
}
}
@@ -430,8 +437,11 @@
$this->output->set_env('user_id', $this->user->get_hash());
}
+ // set compose mode for all tasks (message compose step can be triggered from everywhere)
+ $this->output->set_env('compose_extwin', $this->config->get('compose_extwin',false));
+
// add some basic labels to client
- $this->output->add_label('loading', 'servererror', 'requesttimedout', 'refreshing');
+ $this->output->add_label('loading', 'servererror', 'connerror', 'requesttimedout', 'refreshing');
return $this->output;
}
@@ -492,32 +502,23 @@
return false;
}
- $config = $this->config->all();
+ $default_host = $this->config->get('default_host');
+ $default_port = $this->config->get('default_port');
+ $username_domain = $this->config->get('username_domain');
+ $login_lc = $this->config->get('login_lc', 2);
- if (!$host) {
- $host = $config['default_host'];
- }
-
- // Validate that selected host is in the list of configured hosts
- if (is_array($config['default_host'])) {
- $allowed = false;
-
- foreach ($config['default_host'] as $key => $host_allowed) {
- if (!is_numeric($key)) {
- $host_allowed = $key;
- }
- if ($host == $host_allowed) {
- $allowed = true;
- break;
- }
+ // host is validated in rcmail::autoselect_host(), so here
+ // we'll only handle unset host (if possible)
+ if (!$host && !empty($default_host)) {
+ if (is_array($default_host)) {
+ list($key, $val) = each($default_host);
+ $host = is_numeric($key) ? $val : $key;
+ }
+ else {
+ $host = $default_host;
}
- if (!$allowed) {
- $host = null;
- }
- }
- else if (!empty($config['default_host']) && $host != rcube_utils::parse_host($config['default_host'])) {
- $host = null;
+ $host = rcube_utils::parse_host($host);
}
if (!$host) {
@@ -533,23 +534,23 @@
if (!empty($a_host['port']))
$port = $a_host['port'];
- else if ($ssl && $ssl != 'tls' && (!$config['default_port'] || $config['default_port'] == 143))
+ else if ($ssl && $ssl != 'tls' && (!$default_port || $default_port == 143))
$port = 993;
}
if (!$port) {
- $port = $config['default_port'];
+ $port = $default_port;
}
// Check if we need to add/force domain to username
- if (!empty($config['username_domain'])) {
- $domain = is_array($config['username_domain']) ? $config['username_domain'][$host] : $config['username_domain'];
+ if (!empty($username_domain)) {
+ $domain = is_array($username_domain) ? $username_domain[$host] : $username_domain;
if ($domain = rcube_utils::parse_host((string)$domain, $host)) {
$pos = strpos($username, '@');
// force configured domains
- if (!empty($config['username_domain_forced']) && $pos !== false) {
+ if ($pos !== false && $this->config->get('username_domain_forced')) {
$username = substr($username, 0, $pos) . '@' . $domain;
}
// just add domain if not specified
@@ -559,14 +560,10 @@
}
}
- if (!isset($config['login_lc'])) {
- $config['login_lc'] = 2; // default
- }
-
// Convert username to lowercase. If storage backend
// is case-insensitive we need to store always the same username (#1487113)
- if ($config['login_lc']) {
- if ($config['login_lc'] == 2 || $config['login_lc'] === true) {
+ if ($login_lc) {
+ if ($login_lc == 2 || $login_lc === true) {
$username = mb_strtolower($username);
}
else if (strpos($username, '@')) {
@@ -604,7 +601,7 @@
$user->touch();
}
// create new system user
- else if ($config['auto_create_user']) {
+ else if ($this->config->get('auto_create_user')) {
if ($created = rcube_user::create($username, $host)) {
$user = $created;
}
@@ -651,7 +648,7 @@
$this->fix_namespace_settings($user);
// create default folders on login
- if ($config['create_default_folders']) {
+ if ($this->config->get('create_default_folders')) {
$storage->create_default_folders();
}
@@ -847,6 +844,9 @@
// write performance stats to logs/console
if ($this->config->get('devel_mode')) {
+ // make sure logged numbers use unified format
+ setlocale(LC_NUMERIC, 'en_US.utf8', 'en_US.UTF-8', 'en_US', 'C');
+
if (function_exists('memory_get_usage'))
$mem = $this->show_bytes(memory_get_usage());
if (function_exists('memory_get_peak_usage'))
@@ -1344,7 +1344,8 @@
*/
public function folder_selector($p = array())
{
- $p += array('maxlength' => 100, 'realnames' => false, 'is_escaped' => true);
+ $realnames = $this->config->get('show_real_foldernames');
+ $p += array('maxlength' => 100, 'realnames' => $realnames, 'is_escaped' => true);
$a_mailboxes = array();
$storage = $this->get_storage();
@@ -1361,10 +1362,29 @@
$delimiter = $storage->get_hierarchy_delimiter();
- foreach ($list as $folder) {
- if (empty($p['exceptions']) || !in_array($folder, $p['exceptions'])) {
- $this->build_folder_tree($a_mailboxes, $folder, $delimiter);
+ if (!empty($p['exceptions'])) {
+ $list = array_diff($list, (array) $p['exceptions']);
+ }
+
+ if (!empty($p['additional'])) {
+ foreach ($p['additional'] as $add_folder) {
+ $add_items = explode($delimiter, $add_folder);
+ $folder = '';
+ while (count($add_items)) {
+ $folder .= array_shift($add_items);
+
+ // @TODO: sorting
+ if (!in_array($folder, $list)) {
+ $list[] = $folder;
+ }
+
+ $folder .= $delimiter;
+ }
}
+ }
+
+ foreach ($list as $folder) {
+ $this->build_folder_tree($a_mailboxes, $folder, $delimiter);
}
$select = new html_select($p);
@@ -1600,9 +1620,13 @@
*
* @return string Localized folder name in UTF-8 encoding
*/
- public function localize_foldername($name, $with_path = true)
+ public function localize_foldername($name, $with_path = false)
{
$realnames = $this->config->get('show_real_foldernames');
+
+ if (!$realnames && ($folder_class = $this->folder_classname($name))) {
+ return $this->gettext($folder_class);
+ }
// try to localize path of the folder
if ($with_path && !$realnames) {
@@ -1612,7 +1636,7 @@
$count = count($path);
if ($count > 1) {
- for ($i = 0; $i < $count; $i++) {
+ for ($i = 1; $i < $count; $i++) {
$folder = implode($delimiter, array_slice($path, 0, -$i));
if ($folder_class = $this->folder_classname($folder)) {
$name = implode($delimiter, array_slice($path, $count - $i));
@@ -1620,10 +1644,6 @@
}
}
}
- }
-
- if (!$realnames && ($folder_class = $this->folder_classname($name))) {
- return $this->gettext($folder_class);
}
return rcube_charset::convert($name, 'UTF7-IMAP');
@@ -1788,17 +1808,17 @@
$lang = 'en';
}
- $script = json_encode(array(
+ $script = array(
'mode' => $mode,
'lang' => $lang,
'skin_path' => $this->output->get_skin_path(),
'spellcheck' => intval($this->config->get('enable_spellcheck')),
'spelldict' => intval($this->config->get('spellcheck_dictionary'))
- ));
+ );
$this->output->include_script('tiny_mce/tiny_mce.js');
$this->output->include_script('editor.js');
- $this->output->add_script("rcmail_editor_init($script)", 'docready');
+ $this->output->set_env('html_editor_init', $script);
}
/**
--
Gitblit v1.9.1