diff options
-rw-r--r-- | CHANGELOG | 3 | ||||
-rw-r--r-- | program/include/rcube_imap.php | 11 | ||||
-rw-r--r-- | program/include/rcube_imap_generic.php | 48 | ||||
-rw-r--r-- | program/include/rcube_message.php | 13 |
4 files changed, 71 insertions, 4 deletions
@@ -3,6 +3,9 @@ CHANGELOG Roundcube Webmail RELEASE 0.5.1 ------------- +- Fix handling of attachments with invalid content type (#1487767) +- Add workaround for DBMail's bug http://www.dbmail.org/mantis/view.php?id=881 (#1487766) +- Use IMAP's ID extension (RFC2971) to print more info into debug log - Security: add optional referer check to prevent CSRF in GET requests - Fix email_dns_check setting not used for identities/contacts (#1487740) - Fix ICANN example addresses doesn't validate (#1487742) diff --git a/program/include/rcube_imap.php b/program/include/rcube_imap.php index bfbf740fd..dd821bf37 100644 --- a/program/include/rcube_imap.php +++ b/program/include/rcube_imap.php @@ -148,9 +148,18 @@ class rcube_imap $this->options['port'] = $port; - if ($this->options['debug']) + if ($this->options['debug']) { $this->conn->setDebug(true, array($this, 'debug_handler')); + $this->options['ident'] = array( + 'name' => 'Roundcube Webmail', + 'version' => RCMAIL_VERSION, + 'php' => PHP_VERSION, + 'os' => PHP_OS, + 'command' => $_SERVER['REQUEST_URI'], + ); + } + $attempt = 0; do { $data = rcmail::get_instance()->plugins->exec_hook('imap_connect', diff --git a/program/include/rcube_imap_generic.php b/program/include/rcube_imap_generic.php index 3b2e3ee87..9b8d29f8a 100644 --- a/program/include/rcube_imap_generic.php +++ b/program/include/rcube_imap_generic.php @@ -759,6 +759,11 @@ class rcube_imap_generic } } + // Send ID info + if (!empty($this->prefs['ident']) && $this->getCapability('ID')) { + $this->id($this->prefs['ident']); + } + $auth_methods = array(); $result = null; @@ -1157,6 +1162,44 @@ class rcube_imap_generic return false; } + /** + * Executes ID command (RFC2971) + * + * @param array $items Client identification information key/value hash + * + * @return array Server identification information key/value hash + * @access public + * @since 0.6 + */ + function id($items=array()) + { + if (is_array($items) && !empty($items)) { + foreach ($items as $key => $value) { + $args[] = $this->escape($key); + $args[] = $this->escape($value); + } + } + + list($code, $response) = $this->execute('ID', array( + !empty($args) ? '(' . implode(' ', (array) $args) . ')' : $this->escape(null) + )); + + + if ($code == self::ERROR_OK && preg_match('/\* ID /i', $response)) { + $response = substr($response, 5); // remove prefix "* ID " + $items = $this->tokenizeResponse($response); + $result = null; + + for ($i=0, $len=count($items); $i<$len; $i += 2) { + $result[$items[$i]] = $items[$i+1]; + } + + return $result; + } + + return false; + } + function sort($mailbox, $field, $add='', $is_uid=FALSE, $encoding = 'US-ASCII') { $field = strtoupper($field); @@ -3284,10 +3327,11 @@ class rcube_imap_generic else if ($string === '') { return '""'; } + // need quoted-string? find special chars: SP, CTL, (, ), {, %, *, ", \, ] + // plus [ character as a workaround for DBMail's bug (#1487766) else if ($force_quotes || - preg_match('/([\x00-\x20\x28-\x29\x7B\x25\x2A\x22\x5C\x5D\x7F]+)/', $string) + preg_match('/([\x00-\x20\x28-\x29\x7B\x25\x2A\x22\x5B\x5C\x5D\x7F]+)/', $string) ) { - // string: special chars: SP, CTL, (, ), {, %, *, ", \, ] return '"' . strtr($string, array('"'=>'\\"', '\\' => '\\\\')) . '"'; } diff --git a/program/include/rcube_message.php b/program/include/rcube_message.php index 75b55fee0..5c0773815 100644 --- a/program/include/rcube_message.php +++ b/program/include/rcube_message.php @@ -478,10 +478,21 @@ class rcube_message if (!empty($mail_part->filename)) $this->attachments[] = $mail_part; } - // is a regular attachment (content-type name regexp according to RFC4288.4.2) + // regular attachment with valid content type + // (content-type name regexp according to RFC4288.4.2) else if (preg_match('/^[a-z0-9!#$&.+^_-]+\/[a-z0-9!#$&.+^_-]+$/i', $part_mimetype)) { if (!$mail_part->filename) $mail_part->filename = 'Part '.$mail_part->mime_id; + + $this->attachments[] = $mail_part; + } + // attachment with invalid content type + // replace malformed content type with application/octet-stream (#1487767) + else if ($mail_part->filename) { + $mail_part->ctype_primary = 'application'; + $mail_part->ctype_secondary = 'octet-stream'; + $mail_part->mimetype = 'application/octet-stream'; + $this->attachments[] = $mail_part; } } |