diff options
| author | Thomas Bruederli <thomas@roundcube.net> | 2013-01-25 17:57:09 +0100 |
|---|---|---|
| committer | Thomas Bruederli <thomas@roundcube.net> | 2013-01-25 17:57:09 +0100 |
| commit | f7c50e28dbd637b3b60c6aea0fac3768f8f59f05 (patch) | |
| tree | df0e68dc3d7f6df13473b5f5a717805af0c04c92 /program | |
| parent | 39f883e1f9fab83a47b76fb4802c2d01fa9c4e76 (diff) | |
| parent | 00a6b75622fb49dfe84173b04f8353fbc4216c9c (diff) | |
Merge branch 'release-0.8' of github.com:roundcube/roundcubemail into release-0.8
Diffstat (limited to 'program')
| -rw-r--r-- | program/js/app.js | 2 | ||||
| -rw-r--r-- | program/lib/washtml.php | 2 | ||||
| -rw-r--r-- | program/steps/mail/func.inc | 2 | ||||
| -rw-r--r-- | program/steps/mail/get.inc | 7 |
4 files changed, 10 insertions, 3 deletions
diff --git a/program/js/app.js b/program/js/app.js index 8fe68bf9e..08411f0e2 100644 --- a/program/js/app.js +++ b/program/js/app.js @@ -2541,7 +2541,7 @@ function rcube_webmail() for (i=0, len=selection.length; i<len; i++) { uid = selection[i]; if (list.rows[uid].has_children && !list.rows[uid].expanded) - list.select_childs(uid); + list.select_children(uid); } // if config is set to flag for deletion diff --git a/program/lib/washtml.php b/program/lib/washtml.php index 0d4ffdb4b..d13d66404 100644 --- a/program/lib/washtml.php +++ b/program/lib/washtml.php @@ -214,7 +214,7 @@ class washtml $key = strtolower($key); $value = $node->getAttribute($key); if (isset($this->_html_attribs[$key]) || - ($key == 'href' && !preg_match('!^javascript!i', $value) + ($key == 'href' && !preg_match('!^(javascript|vbscript|data:text)!i', $value) && preg_match('!^([a-z][a-z0-9.+-]+:|//|#).+!i', $value)) ) { $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"'; diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 5fa5ad6e4..e486cc6e6 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -1414,7 +1414,7 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null, if ($addicon && $_SESSION['writeable_abook']) { $address .= html::a(array( 'href' => "#add", - 'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, $string), + 'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, JQ($string)), 'title' => rcube_label('addtoaddressbook'), 'class' => 'rcmaddcontact', ), diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc index 924433df3..2cc2f12ca 100644 --- a/program/steps/mail/get.inc +++ b/program/steps/mail/get.inc @@ -150,6 +150,13 @@ else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) { $disposition = !empty($plugin['download']) ? 'attachment' : 'inline'; + // Workaround for nasty IE bug (#1488844) + // If Content-Disposition header contains string "attachment" e.g. in filename + // IE handles data as attachment not inline + if ($disposition == 'inline' && $browser->ie && $browser->ver < 9) { + $filename = str_ireplace('attachment', 'attach', $filename); + } + header("Content-Disposition: $disposition; filename=\"$filename\""); // do content filtering to avoid XSS through fake images |