summaryrefslogtreecommitdiff
path: root/program/steps
diff options
context:
space:
mode:
authorthomascube <thomas@roundcube.net>2007-08-10 08:27:40 +0000
committerthomascube <thomas@roundcube.net>2007-08-10 08:27:40 +0000
commit719a257f0c8fd750a4984ed56273dc653565729e (patch)
tree2707636618edff63d691180a99a48cbdda350703 /program/steps
parent4b9efbb9f49911b17bde2d46b86df825e987101e (diff)
Some bugfixes, security issues + minor improvements
Diffstat (limited to 'program/steps')
-rw-r--r--program/steps/mail/func.inc28
-rw-r--r--program/steps/mail/get.inc4
-rw-r--r--program/steps/mail/show.inc2
-rw-r--r--program/steps/settings/manage_folders.inc4
4 files changed, 21 insertions, 17 deletions
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 8c5f987c3..730606265 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -646,6 +646,7 @@ function rcmail_parse_message(&$structure, $arg=array(), $recursive=FALSE)
foreach ($structure->parts as $p => $sub_part)
{
+ $rel_parts = $attachmnts = null;
$sub_ctype_primary = strtolower($sub_part->ctype_primary);
$sub_ctype_secondary = strtolower($sub_part->ctype_secondary);
@@ -656,19 +657,22 @@ function rcmail_parse_message(&$structure, $arg=array(), $recursive=FALSE)
$html_part = $p;
else if ($sub_ctype_primary=='text' && $sub_ctype_secondary=='enriched')
$enriched_part = $p;
- else if ($sub_ctype_primary=='multipart' && $sub_ctype_secondary=='related')
+ else if ($sub_ctype_primary=='multipart' && ($sub_ctype_secondary=='related' || $sub_ctype_secondary=='mixed'))
$related_part = $p;
}
-
+
// parse related part (alternative part could be in here)
- if ($related_part!==NULL && $prefer_html)
- {
- list($parts, $attachmnts) = rcmail_parse_message($structure->parts[$related_part], $arg, TRUE);
- $a_return_parts = array_merge($a_return_parts, $parts);
+ if ($related_part!==NULL)
+ {
+ list($rel_parts, $attachmnts) = rcmail_parse_message($structure->parts[$related_part], $arg, TRUE);
$a_attachments = array_merge($a_attachments, $attachmnts);
- }
+ }
+
+ // merge related parts if any
+ if ($rel_parts && $prefer_html && !$html_part)
+ $a_return_parts = array_merge($a_return_parts, $rel_parts);
- // print html/plain part
+ // choose html/plain part to print
else if ($html_part!==NULL && $prefer_html)
$print_part = &$structure->parts[$html_part];
else if ($enriched_part!==NULL)
@@ -683,7 +687,7 @@ function rcmail_parse_message(&$structure, $arg=array(), $recursive=FALSE)
$a_return_parts[] = $print_part;
}
// show plaintext warning
- else if ($html_part!==NULL)
+ else if ($html_part!==NULL && empty($a_return_parts))
{
$c = new stdClass;
$c->type = 'content';
@@ -913,8 +917,8 @@ function rcmail_message_body($attrib)
$ctype_secondary = strtolower($MESSAGE['structure']->ctype_secondary);
// list images after mail body
- if (get_boolean($attrib['showimages']) && $ctype_primary=='multipart' && $ctype_secondary=='mixed' &&
- sizeof($MESSAGE['attachments']) && !strstr($message_body, '<html') && strlen($GET_URL))
+ if (get_boolean($attrib['showimages']) && $ctype_primary=='multipart' &&
+ !empty($MESSAGE['attachments']) && !strstr($message_body, '<html') && strlen($GET_URL))
{
foreach ($MESSAGE['attachments'] as $attach_prop)
{
@@ -1239,7 +1243,7 @@ function rcmail_message_part_frame($attrib)
$part = $MESSAGE['parts'][$_GET['_part']];
$ctype_primary = strtolower($part->ctype_primary);
- $attrib['src'] = './?'.str_replace('_frame=', ($ctype_primary=='text' ? '_show=' : '_preload='), $_SERVER['QUERY_STRING']);
+ $attrib['src'] = Q('./?'.str_replace('_frame=', ($ctype_primary=='text' ? '_show=' : '_preload='), $_SERVER['QUERY_STRING']));
$attrib_str = create_attrib_string($attrib, array('id', 'class', 'style', 'src', 'width', 'height'));
$out = '<iframe '. $attrib_str . "></iframe>";
diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc
index 11688f125..cbf8e0c88 100644
--- a/program/steps/mail/get.inc
+++ b/program/steps/mail/get.inc
@@ -29,7 +29,7 @@ if ($_GET['_preload'])
$message = rcube_label('loadingdata');
print "<html>\n<head>\n" .
- '<meta http-equiv="refresh" content="0; url='.htmlspecialchars($url).'">' .
+ '<meta http-equiv="refresh" content="0; url='.Q($url).'">' .
"\n</head>\n<body>" .
$message .
"\n</body>\n</html>";
@@ -107,7 +107,7 @@ else if ($pid = get_input_value('_part', RCUBE_INPUT_GET))
else
{
header(sprintf('Content-Disposition: %s; filename="%s";',
- $part->disposition ? $part->disposition : 'attachment',
+ $_GET['_download'] ? 'attachment' : 'inline',
$part->filename ? $part->filename : "roundcube.$ctype_secondary"));
// turn off output buffering and print part content
diff --git a/program/steps/mail/show.inc b/program/steps/mail/show.inc
index 6c247aea9..e25da03a6 100644
--- a/program/steps/mail/show.inc
+++ b/program/steps/mail/show.inc
@@ -48,7 +48,7 @@ if ($_GET['_uid'])
// allow caching, unless remote images are present
if ((bool)get_input_value('_safe', RCUBE_INPUT_GET))
send_nocacheing_headers();
- else
+ else if (empty($CONFIG['devel_mode']))
send_modified_header($_SESSION['login_time'], $etag);
$MESSAGE['subject'] = rcube_imap::decode_mime_string($MESSAGE['headers']->subject, $MESSAGE['headers']->charset);
diff --git a/program/steps/settings/manage_folders.inc b/program/steps/settings/manage_folders.inc
index 150b7cd72..b08d9ccc9 100644
--- a/program/steps/settings/manage_folders.inc
+++ b/program/steps/settings/manage_folders.inc
@@ -27,7 +27,7 @@ rcmail_imap_init(TRUE);
if ($_action=='subscribe')
{
if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_POST))
- $IMAP->subscribe(array($mboxes));
+ $IMAP->subscribe($mboxes);
if ($OUTPUT->ajax_call)
$OUTPUT->remote_response('// subscribed');
@@ -37,7 +37,7 @@ if ($_action=='subscribe')
else if ($_action=='unsubscribe')
{
if ($mboxes = get_input_value('_mboxes', RCUBE_INPUT_POST))
- $IMAP->unsubscribe(array($mboxes));
+ $IMAP->unsubscribe($mboxes);
if ($OUTPUT->ajax_call)
$OUTPUT->remote_response('// unsubscribed');