diff options
| author | alecpl <alec@alec.pl> | 2011-12-21 10:07:42 +0000 |
|---|---|---|
| committer | alecpl <alec@alec.pl> | 2011-12-21 10:07:42 +0000 |
| commit | 96c946ee6ced0a9a68ef251528a3f900d5a01396 (patch) | |
| tree | aa48a1c71b47bb32be33261b0c16524b64cfdb7c | |
| parent | 89dc8499c3e51d426f685ff70e4e878d992ad2c7 (diff) | |
- Applied fixes from trunk up to r5633
| -rw-r--r-- | CHANGELOG | 1 | ||||
| -rw-r--r-- | program/include/rcube_content_filter.php | 55 | ||||
| -rw-r--r-- | program/js/app.js | 2 | ||||
| -rw-r--r-- | program/steps/mail/autocomplete.inc | 4 | ||||
| -rw-r--r-- | program/steps/mail/get.inc | 38 | ||||
| -rw-r--r-- | program/steps/settings/folders.inc | 10 |
6 files changed, 67 insertions, 43 deletions
@@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Fix crash with eAccelerator (#1488256) - Fix expanding folders during drag&drop (#1488260) - Fix wrong postgres sequence name in upgrade from 0.6 - Fix broken CREATE INDEX queries in SQLite DDL files (#1488255) diff --git a/program/include/rcube_content_filter.php b/program/include/rcube_content_filter.php new file mode 100644 index 000000000..430defec6 --- /dev/null +++ b/program/include/rcube_content_filter.php @@ -0,0 +1,55 @@ +<?php + +/* + +-----------------------------------------------------------------------+ + | program/include/rcube_content_filter.php | + | | + | This file is part of the Roundcube Webmail client | + | Copyright (C) 2011, The Roundcube Dev Team | + | Licensed under the GNU GPL | + | | + | PURPOSE: | + | PHP stream filter to detect evil content in mail attachments | + | | + +-----------------------------------------------------------------------+ + | Author: Thomas Bruederli <roundcube@gmail.com> | + +-----------------------------------------------------------------------+ + + $Id$ +*/ + +/** + * PHP stream filter to detect html/javascript code in attachments + */ +class rcube_content_filter extends php_user_filter +{ + private $buffer = ''; + private $cutoff = 2048; + + function onCreate() + { + $this->cutoff = rand(2048, 3027); + return true; + } + + function filter($in, $out, &$consumed, $closing) + { + while ($bucket = stream_bucket_make_writeable($in)) { + $this->buffer .= $bucket->data; + + // check for evil content and abort + if (preg_match('/<(script|iframe|object)/i', $this->buffer)) + return PSFS_ERR_FATAL; + + // keep buffer small enough + if (strlen($this->buffer) > 4096) + $this->buffer = substr($this->buffer, $this->cutoff); + + $consumed += $bucket->datalen; + stream_bucket_append($out, $bucket); + } + + return PSFS_PASS_ON; + } +} + diff --git a/program/js/app.js b/program/js/app.js index e1c436263..58d7f1e86 100644 --- a/program/js/app.js +++ b/program/js/app.js @@ -3082,7 +3082,7 @@ function rcube_webmail() if (!vis) this.stop_spellchecking(); - $(this.env.spellcheck.spell_container).css('visibility', vis ? 'visible' : 'hidden'); + $(this.env.spellcheck.spell_container)[vis ? 'show' : 'hide'](); } }; diff --git a/program/steps/mail/autocomplete.inc b/program/steps/mail/autocomplete.inc index 281a4e9f7..6eea705ef 100644 --- a/program/steps/mail/autocomplete.inc +++ b/program/steps/mail/autocomplete.inc @@ -28,8 +28,10 @@ if ($RCMAIL->action == 'group-expand') { $abook->set_pagesize(1000); // TODO: limit number of group members by config $result = $abook->list_records(array('email','name')); while ($result && ($sql_arr = $result->iterate())) { - foreach ((array)$sql_arr['email'] as $email) + foreach ((array)$sql_arr['email'] as $email) { $members[] = format_email_recipient($email, $sql_arr['name']); + break; // only expand one email per contact + } } $separator = trim($RCMAIL->config->get('recipients_separator', ',')) . ' '; diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc index aee2c4d1a..06a718f39 100644 --- a/program/steps/mail/get.inc +++ b/program/steps/mail/get.inc @@ -5,7 +5,7 @@ | program/steps/mail/get.inc | | | | This file is part of the Roundcube Webmail client | - | Copyright (C) 2005-2009, The Roundcube Dev Team | + | Copyright (C) 2005-2011, The Roundcube Dev Team | | Licensed under the GNU GPL | | | | PURPOSE: | @@ -179,39 +179,3 @@ header('HTTP/1.1 404 Not Found'); exit; - -/** - * PHP stream filter to detect html/javascript code in attachments - */ -class rcube_content_filter extends php_user_filter -{ - private $buffer = ''; - private $cutoff = 2048; - - function onCreate() - { - $this->cutoff = rand(2048, 3027); - return true; - } - - function filter($in, $out, &$consumed, $closing) - { - while ($bucket = stream_bucket_make_writeable($in)) { - $this->buffer .= $bucket->data; - - // check for evil content and abort - if (preg_match('/<(script|iframe|object)/i', $this->buffer)) - return PSFS_ERR_FATAL; - - // keep buffer small enough - if (strlen($this->buffer) > 4096) - $this->buffer = substr($this->buffer, $this->cutoff); - - $consumed += $bucket->datalen; - stream_bucket_append($out, $bucket); - } - - return PSFS_PASS_ON; - } -} - diff --git a/program/steps/settings/folders.inc b/program/steps/settings/folders.inc index 77cbb5571..3fc366d1c 100644 --- a/program/steps/settings/folders.inc +++ b/program/steps/settings/folders.inc @@ -293,10 +293,12 @@ function rcube_subscription_form($attrib) if (!$disabled && $folder['virtual'] && $folder['level'] == 0 && !empty($namespace)) { $fname = $folder['id'] . $delimiter; foreach ($namespace as $ns) { - foreach ($ns as $item) { - if ($item[0] === $fname) { - $disabled = true; - break 2; + if (is_array($ns)) { + foreach ($ns as $item) { + if ($item[0] === $fname) { + $disabled = true; + break 2; + } } } } |