diff options
author | Aleksander Machniak <alec@alec.pl> | 2012-11-14 13:58:15 +0100 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2012-11-14 13:58:15 +0100 |
commit | 52d0d949104e6b43d8daa39dad64b20cc003440c (patch) | |
tree | 228a3261bca9a362488f7fef386a47389d86c625 | |
parent | ce248f83e52092d264de23a0bd51a0233d6498e7 (diff) |
Fix handling of text/enriched content on message reply/forward/edit
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | program/include/rcube_message.php | 5 | ||||
-rw-r--r-- | program/steps/mail/compose.inc | 20 |
3 files changed, 21 insertions, 5 deletions
@@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Fix handling of text/enriched content on message reply/forward/edit - Fix XSS vulnerability in handling of text/enriched messages (#1488806) - Fix handling of 'media' attribute on linked css (#1488789) - Fix excessive LFs at the end of composed message with top_posting=true (#1488797) diff --git a/program/include/rcube_message.php b/program/include/rcube_message.php index 9b8484c15..74bf4574f 100644 --- a/program/include/rcube_message.php +++ b/program/include/rcube_message.php @@ -198,14 +198,15 @@ class rcube_message * Determine if the message contains a HTML part * * @param bool $recursive Enables checking in all levels of the structure + * @param bool $enriched Enables checking for text/enriched parts too * * @return bool True if a HTML is available, False if not */ - function has_html_part($recursive = true) + function has_html_part($recursive = true, $enriched = false) { // check all message parts foreach ($this->parts as $part) { - if ($part->mimetype == 'text/html') { + if ($part->mimetype == 'text/html' || ($enriched && $part->mimetype == 'text/enriched')) { // Level check, we'll skip e.g. HTML attachments if (!$recursive) { $level = explode('.', $part->mime_id); diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc index 87a06e10d..ffc1c7518 100644 --- a/program/steps/mail/compose.inc +++ b/program/steps/mail/compose.inc @@ -611,13 +611,13 @@ function rcmail_compose_editor_mode() $useHtml = !empty($_POST['_is_html']); } else if ($compose_mode == RCUBE_COMPOSE_DRAFT || $compose_mode == RCUBE_COMPOSE_EDIT) { - $useHtml = $MESSAGE->has_html_part(false); + $useHtml = $MESSAGE->has_html_part(false, true); } else if ($compose_mode == RCUBE_COMPOSE_REPLY) { - $useHtml = ($html_editor == 1 || ($html_editor >= 2 && $MESSAGE->has_html_part(false))); + $useHtml = ($html_editor == 1 || ($html_editor >= 2 && $MESSAGE->has_html_part(false, true))); } else if ($compose_mode == RCUBE_COMPOSE_FORWARD) { - $useHtml = ($html_editor == 1 || ($html_editor == 3 && $MESSAGE->has_html_part(false))); + $useHtml = ($html_editor == 1 || ($html_editor == 3 && $MESSAGE->has_html_part(false, true))); } else { $useHtml = ($html_editor == 1); @@ -730,6 +730,10 @@ function rcmail_compose_part_body($part, $isHtml = false) if ($isHtml) { if ($part->ctype_secondary == 'html') { } + else if ($part->ctype_secondary == 'enriched') { + require_once(INSTALL_PATH . 'program/lib/enriched.inc'); + $body = enriched_to_html($body); + } else { // try to remove the signature if ($RCMAIL->config->get('strip_existing_sig', true)) { @@ -743,6 +747,12 @@ function rcmail_compose_part_body($part, $isHtml = false) } } else { + if ($part->ctype_secondary == 'enriched') { + require_once(INSTALL_PATH . 'program/lib/enriched.inc'); + $body = enriched_to_html($body); + $part->ctype_secondary = 'html'; + } + if ($part->ctype_secondary == 'html') { // use html part if it has been used for message (pre)viewing // decrease line length for quoting @@ -750,6 +760,10 @@ function rcmail_compose_part_body($part, $isHtml = false) $txt = new html2text($body, false, true, $len); $body = $txt->get_text(); } + else if ($part->ctype_secondary == 'enriched') { + require_once(INSTALL_PATH . 'program/lib/enriched.inc'); + $body = enriched_to_html($body); + } else { if ($part->ctype_secondary == 'plain' && $part->ctype_parameters['format'] == 'flowed') { $body = rcube_mime::unfold_flowed($body); |