diff options
| -rw-r--r-- | .htaccess | 2 | ||||
| -rw-r--r-- | CHANGELOG | 2 | ||||
| -rw-r--r-- | program/include/rcmail.php | 23 | ||||
| -rw-r--r-- | program/js/app.js | 15 | ||||
| -rw-r--r-- | program/js/common.js | 2 | ||||
| -rw-r--r-- | program/js/list.js | 12 | ||||
| -rw-r--r-- | program/lib/Roundcube/rcube_plugin_api.php | 286 | ||||
| -rw-r--r-- | program/steps/mail/compose.inc | 26 | ||||
| -rw-r--r-- | program/steps/mail/func.inc | 2 | ||||
| -rw-r--r-- | program/steps/mail/get.inc | 4 |
10 files changed, 197 insertions, 177 deletions
@@ -34,7 +34,7 @@ RewriteRule ^(?!installer|[a-f0-9]{16})(\.?[^\.]+)$ - [F] # - deny access to some locations RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F] # - deny access to some documentation files -RewriteRule /?(README\.md|composer\.json-dist|composer\.json|package\.xml)$ - [F] +RewriteRule /?(README\.md|composer\.json-dist|composer\.json|package\.xml|Dockerfile)$ - [F] </IfModule> <IfModule mod_deflate.c> @@ -1,8 +1,10 @@ CHANGELOG Roundcube Webmail =========================== +- Fix blocked.gif image usage with assets_dir set - Fix bug where max_group_members was ignored when adding a new contact (#1490214) - Hide MDN and DSN options in compose if disabled by admin (#1490221) +- Fix checks based on window.ActiveXObject in IE > 10 RELEASE 1.1-rc -------------- diff --git a/program/include/rcmail.php b/program/include/rcmail.php index a16319f72..2327109c0 100644 --- a/program/include/rcmail.php +++ b/program/include/rcmail.php @@ -2284,6 +2284,29 @@ class rcmail extends rcube return $result; } + /** + * Get resource file content (with assets_dir support) + * + * @param string $name File name + */ + public function get_resource_content($name) + { + if (!strpos($name, '/')) { + $name = "program/resources/$name"; + } + + $assets_dir = $this->config->get('assets_dir'); + + if ($assets_dir) { + $path = slashify($assets_dir) . $name; + if (@file_exists($path)) { + $name = $path; + } + } + + return file_get_contents($name, false); + } + /************************************************************************ ********* Deprecated methods (to be removed) ********* diff --git a/program/js/app.js b/program/js/app.js index ece521861..30e7fddf4 100644 --- a/program/js/app.js +++ b/program/js/app.js @@ -8066,7 +8066,7 @@ function rcube_webmail() if (plugin && plugin.enabledPlugin) return 1; - if (window.ActiveXObject) { + if ('ActiveXObject' in window) { try { if (plugin = new ActiveXObject("AcroPDF.PDF")) return 1; @@ -8099,7 +8099,7 @@ function rcube_webmail() if (plugin && plugin.enabledPlugin) return 1; - if (window.ActiveXObject) { + if ('ActiveXObject' in window) { try { if (plugin = new ActiveXObject("ShockwaveFlash.ShockwaveFlash")) return 1; @@ -8183,7 +8183,7 @@ rcube_webmail.long_subject_title = function(elem, indent) if (!elem.title) { var $elem = $(elem); if ($elem.width() + (indent || 0) * 15 > $elem.parent().width()) - elem.title = $elem.text(); + elem.title = rcube_webmail.subject_text(elem); } }; @@ -8200,10 +8200,17 @@ rcube_webmail.long_subject_title_ex = function(elem) tmp.remove(); if (w + $('span.branch', $elem).width() * 15 > $elem.width()) - elem.title = txt; + elem.title = rcube_webmail.subject_text(elem); } }; +rcube_webmail.subject_text = function(elem) +{ + var t = $(elem).clone(); + t.find('.skip-on-drag').remove(); + return t.text(); +}; + rcube_webmail.prototype.get_cookie = getCookie; // copy event engine prototype diff --git a/program/js/common.js b/program/js/common.js index 76643068d..2b96a8a30 100644 --- a/program/js/common.js +++ b/program/js/common.js @@ -103,7 +103,7 @@ function roundcube_browser() this.xmlhttp_test = function() { var activeX_test = new Function("try{var o=new ActiveXObject('Microsoft.XMLHTTP');return true;}catch(err){return false;}"); - this.xmlhttp = (window.XMLHttpRequest || (window.ActiveXObject && activeX_test())); + this.xmlhttp = window.XMLHttpRequest || (('ActiveXObject' in window) && activeX_test()); return this.xmlhttp; }; diff --git a/program/js/list.js b/program/js/list.js index dbc14d6b8..bbf6e1e01 100644 --- a/program/js/list.js +++ b/program/js/list.js @@ -219,7 +219,7 @@ init_header: function() if (this.column_fixed == r) continue; col = this.thead.rows[0].cells[r]; - col.onmousedown = function(e){ return p.drag_column(e, this); }; + col.onmousedown = function(e) { return p.drag_column(e, this); }; this.colcount++; } } @@ -240,8 +240,8 @@ init_fixed_header: function() $(this.list).before(this.fixed_header); var me = this; - $(window).resize(function(){ me.resize() }); - $(window).scroll(function(){ + $(window).resize(function() { me.resize(); }); + $(window).scroll(function() { var w = $(window); me.fixed_header.css('marginLeft', (-w.scrollLeft()) + 'px'); if (!bw.webkit) @@ -270,14 +270,14 @@ resize: function() var column_widths = []; // get column widths from original thead - $(this.tbody).parent().find('thead tr td').each(function(index) { + $(this.tbody).parent().find('thead th,thead td').each(function(index) { column_widths[index] = $(this).width(); }); // apply fixed widths to fixed table header $(this.thead).parent().width($(this.tbody).parent().width()); - $(this.thead).find('tr td').each(function(index) { - $(this).css('width', column_widths[index]); + $(this.thead).find('th,td').each(function(index) { + $(this).width(column_widths[index]); }); $(window).scroll(); diff --git a/program/lib/Roundcube/rcube_plugin_api.php b/program/lib/Roundcube/rcube_plugin_api.php index c74162619..346e832fb 100644 --- a/program/lib/Roundcube/rcube_plugin_api.php +++ b/program/lib/Roundcube/rcube_plugin_api.php @@ -40,47 +40,15 @@ class rcube_plugin_api public $allowed_session_prefs = array(); public $active_plugins = array(); - protected $plugins = array(); - protected $tasks = array(); - protected $actions = array(); - protected $actionmap = array(); - protected $objectsmap = array(); + protected $plugins = array(); + protected $tasks = array(); + protected $actions = array(); + protected $actionmap = array(); + protected $objectsmap = array(); protected $template_contents = array(); - protected $exec_stack = array(); - - // Deprecated names of hooks, will be removed after 0.5-stable release - protected $deprecated_hooks = array( - 'create_user' => 'user_create', - 'kill_session' => 'session_destroy', - 'upload_attachment' => 'attachment_upload', - 'save_attachment' => 'attachment_save', - 'get_attachment' => 'attachment_get', - 'cleanup_attachments' => 'attachments_cleanup', - 'display_attachment' => 'attachment_display', - 'remove_attachment' => 'attachment_delete', - 'outgoing_message_headers' => 'message_outgoing_headers', - 'outgoing_message_body' => 'message_outgoing_body', - 'address_sources' => 'addressbooks_list', - 'get_address_book' => 'addressbook_get', - 'create_contact' => 'contact_create', - 'save_contact' => 'contact_update', - 'contact_save' => 'contact_update', - 'delete_contact' => 'contact_delete', - 'manage_folders' => 'folders_list', - 'list_mailboxes' => 'mailboxes_list', - 'save_preferences' => 'preferences_save', - 'user_preferences' => 'preferences_list', - 'list_prefs_sections' => 'preferences_sections_list', - 'list_identities' => 'identities_list', - 'create_identity' => 'identity_create', - 'delete_identity' => 'identity_delete', - 'save_identity' => 'identity_update', - 'identity_save' => 'identity_update', - // to be removed after 0.8 - 'imap_init' => 'storage_init', - 'mailboxes_list' => 'storage_folders', - 'imap_connect' => 'storage_connect', - ); + protected $exec_stack = array(); + protected $deprecated_hooks = array(); + /** * This implements the 'singleton' design pattern @@ -225,7 +193,7 @@ class rcube_plugin_api true, false); } } - elseif ($require) { + else if ($require) { rcube::raise_error(array('code' => 520, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Failed to load plugin file $fn"), true, false); @@ -243,130 +211,134 @@ class rcube_plugin_api */ public function get_info($plugin_name) { - static $composer_lock, $license_uris = array( - 'Apache' => 'http://www.apache.org/licenses/LICENSE-2.0.html', - 'Apache-2' => 'http://www.apache.org/licenses/LICENSE-2.0.html', - 'Apache-1' => 'http://www.apache.org/licenses/LICENSE-1.0', - 'Apache-1.1' => 'http://www.apache.org/licenses/LICENSE-1.1', - 'GPL' => 'http://www.gnu.org/licenses/gpl.html', - 'GPLv2' => 'http://www.gnu.org/licenses/gpl-2.0.html', - 'GPL-2.0' => 'http://www.gnu.org/licenses/gpl-2.0.html', - 'GPLv3' => 'http://www.gnu.org/licenses/gpl-3.0.html', - 'GPLv3+' => 'http://www.gnu.org/licenses/gpl-3.0.html', - 'GPL-3.0' => 'http://www.gnu.org/licenses/gpl-3.0.html', - 'GPL-3.0+' => 'http://www.gnu.org/licenses/gpl.html', - 'GPL-2.0+' => 'http://www.gnu.org/licenses/gpl.html', - 'AGPLv3' => 'http://www.gnu.org/licenses/agpl.html', - 'AGPLv3+' => 'http://www.gnu.org/licenses/agpl.html', - 'AGPL-3.0' => 'http://www.gnu.org/licenses/agpl.html', - 'LGPL' => 'http://www.gnu.org/licenses/lgpl.html', - 'LGPLv2' => 'http://www.gnu.org/licenses/lgpl-2.0.html', - 'LGPLv2.1' => 'http://www.gnu.org/licenses/lgpl-2.1.html', - 'LGPLv3' => 'http://www.gnu.org/licenses/lgpl.html', - 'LGPL-2.0' => 'http://www.gnu.org/licenses/lgpl-2.0.html', - 'LGPL-2.1' => 'http://www.gnu.org/licenses/lgpl-2.1.html', - 'LGPL-3.0' => 'http://www.gnu.org/licenses/lgpl.html', - 'LGPL-3.0+' => 'http://www.gnu.org/licenses/lgpl.html', - 'BSD' => 'http://opensource.org/licenses/bsd-license.html', - 'BSD-2-Clause' => 'http://opensource.org/licenses/BSD-2-Clause', - 'BSD-3-Clause' => 'http://opensource.org/licenses/BSD-3-Clause', - 'FreeBSD' => 'http://opensource.org/licenses/BSD-2-Clause', - 'MIT' => 'http://www.opensource.org/licenses/mit-license.php', - 'PHP' => 'http://opensource.org/licenses/PHP-3.0', - 'PHP-3' => 'http://www.php.net/license/3_01.txt', - 'PHP-3.0' => 'http://www.php.net/license/3_0.txt', - 'PHP-3.01' => 'http://www.php.net/license/3_01.txt', - ); - - $dir = dir($this->dir); - $fn = unslashify($dir->path) . "/$plugin_name/$plugin_name.php"; - $info = false; - - if (!class_exists($plugin_name, false)) { - if (is_readable($fn)) - include($fn); - else - return false; - } - - if (class_exists($plugin_name)) - $info = $plugin_name::info(); - - // fall back to composer.json file - if (!$info) { - $composer = INSTALL_PATH . "/plugins/$plugin_name/composer.json"; - if (is_readable($composer) && ($json = @json_decode(file_get_contents($composer), true))) { - list($info['vendor'], $info['name']) = explode('/', $json['name']); - $info['version'] = $json['version']; - $info['license'] = $json['license']; - $info['uri'] = $json['homepage']; - $info['require'] = array_filter(array_keys((array)$json['require']), function($pname) { - if (strpos($pname, '/') == false) - return false; - list($vendor, $name) = explode('/', $pname); - return !($name == 'plugin-installer' || $vendor == 'pear-pear'); - }); + static $composer_lock, $license_uris = array( + 'Apache' => 'http://www.apache.org/licenses/LICENSE-2.0.html', + 'Apache-2' => 'http://www.apache.org/licenses/LICENSE-2.0.html', + 'Apache-1' => 'http://www.apache.org/licenses/LICENSE-1.0', + 'Apache-1.1' => 'http://www.apache.org/licenses/LICENSE-1.1', + 'GPL' => 'http://www.gnu.org/licenses/gpl.html', + 'GPLv2' => 'http://www.gnu.org/licenses/gpl-2.0.html', + 'GPL-2.0' => 'http://www.gnu.org/licenses/gpl-2.0.html', + 'GPLv3' => 'http://www.gnu.org/licenses/gpl-3.0.html', + 'GPLv3+' => 'http://www.gnu.org/licenses/gpl-3.0.html', + 'GPL-3.0' => 'http://www.gnu.org/licenses/gpl-3.0.html', + 'GPL-3.0+' => 'http://www.gnu.org/licenses/gpl.html', + 'GPL-2.0+' => 'http://www.gnu.org/licenses/gpl.html', + 'AGPLv3' => 'http://www.gnu.org/licenses/agpl.html', + 'AGPLv3+' => 'http://www.gnu.org/licenses/agpl.html', + 'AGPL-3.0' => 'http://www.gnu.org/licenses/agpl.html', + 'LGPL' => 'http://www.gnu.org/licenses/lgpl.html', + 'LGPLv2' => 'http://www.gnu.org/licenses/lgpl-2.0.html', + 'LGPLv2.1' => 'http://www.gnu.org/licenses/lgpl-2.1.html', + 'LGPLv3' => 'http://www.gnu.org/licenses/lgpl.html', + 'LGPL-2.0' => 'http://www.gnu.org/licenses/lgpl-2.0.html', + 'LGPL-2.1' => 'http://www.gnu.org/licenses/lgpl-2.1.html', + 'LGPL-3.0' => 'http://www.gnu.org/licenses/lgpl.html', + 'LGPL-3.0+' => 'http://www.gnu.org/licenses/lgpl.html', + 'BSD' => 'http://opensource.org/licenses/bsd-license.html', + 'BSD-2-Clause' => 'http://opensource.org/licenses/BSD-2-Clause', + 'BSD-3-Clause' => 'http://opensource.org/licenses/BSD-3-Clause', + 'FreeBSD' => 'http://opensource.org/licenses/BSD-2-Clause', + 'MIT' => 'http://www.opensource.org/licenses/mit-license.php', + 'PHP' => 'http://opensource.org/licenses/PHP-3.0', + 'PHP-3' => 'http://www.php.net/license/3_01.txt', + 'PHP-3.0' => 'http://www.php.net/license/3_0.txt', + 'PHP-3.01' => 'http://www.php.net/license/3_01.txt', + ); + + $dir = dir($this->dir); + $fn = unslashify($dir->path) . "/$plugin_name/$plugin_name.php"; + $info = false; + + if (!class_exists($plugin_name, false)) { + if (is_readable($fn)) { + include($fn); + } + else { + return false; + } } - // read local composer.lock file (once) - if (!isset($composer_lock)) { - $composer_lock = @json_decode(@file_get_contents(INSTALL_PATH . "/composer.lock"), true); - if ($composer_lock['packages']) { - foreach ($composer_lock['packages'] as $i => $package) { - $composer_lock['installed'][$package['name']] = $package; - } - } + if (class_exists($plugin_name)) { + $info = $plugin_name::info(); } - // load additional information from local composer.lock file - if ($lock = $composer_lock['installed'][$json['name']]) { - $info['version'] = $lock['version']; - $info['uri'] = $lock['homepage'] ? $lock['homepage'] : $lock['source']['uri']; - $info['src_uri'] = $lock['dist']['uri'] ? $lock['dist']['uri'] : $lock['source']['uri']; + // fall back to composer.json file + if (!$info) { + $composer = INSTALL_PATH . "/plugins/$plugin_name/composer.json"; + if (is_readable($composer) && ($json = @json_decode(file_get_contents($composer), true))) { + list($info['vendor'], $info['name']) = explode('/', $json['name']); + $info['version'] = $json['version']; + $info['license'] = $json['license']; + $info['uri'] = $json['homepage']; + $info['require'] = array_filter(array_keys((array)$json['require']), function($pname) { + if (strpos($pname, '/') == false) { + return false; + } + list($vendor, $name) = explode('/', $pname); + return !($name == 'plugin-installer' || $vendor == 'pear-pear'); + }); + } + + // read local composer.lock file (once) + if (!isset($composer_lock)) { + $composer_lock = @json_decode(@file_get_contents(INSTALL_PATH . "/composer.lock"), true); + if ($composer_lock['packages']) { + foreach ($composer_lock['packages'] as $i => $package) { + $composer_lock['installed'][$package['name']] = $package; + } + } + } + + // load additional information from local composer.lock file + if ($lock = $composer_lock['installed'][$json['name']]) { + $info['version'] = $lock['version']; + $info['uri'] = $lock['homepage'] ? $lock['homepage'] : $lock['source']['uri']; + $info['src_uri'] = $lock['dist']['uri'] ? $lock['dist']['uri'] : $lock['source']['uri']; + } } - } - - // fall back to package.xml file - if (!$info) { - $package = INSTALL_PATH . "/plugins/$plugin_name/package.xml"; - if (is_readable($package) && ($file = file_get_contents($package))) { - $doc = new DOMDocument(); - $doc->loadXML($file); - $xpath = new DOMXPath($doc); - $xpath->registerNamespace('rc', "http://pear.php.net/dtd/package-2.0"); - - // XPaths of plugin metadata elements - $metadata = array( - 'name' => 'string(//rc:package/rc:name)', - 'version' => 'string(//rc:package/rc:version/rc:release)', - 'license' => 'string(//rc:package/rc:license)', - 'license_uri' => 'string(//rc:package/rc:license/@uri)', - 'src_uri' => 'string(//rc:package/rc:srcuri)', - 'uri' => 'string(//rc:package/rc:uri)', - ); - - foreach ($metadata as $key => $path) { - $info[$key] = $xpath->evaluate($path); - } - - // dependent required plugins (can be used, but not included in config) - $deps = $xpath->evaluate('//rc:package/rc:dependencies/rc:required/rc:package/rc:name'); - for ($i = 0; $i < $deps->length; $i++) { - $dn = $deps->item($i)->nodeValue; - $info['require'][] = $dn; - } + + // fall back to package.xml file + if (!$info) { + $package = INSTALL_PATH . "/plugins/$plugin_name/package.xml"; + if (is_readable($package) && ($file = file_get_contents($package))) { + $doc = new DOMDocument(); + $doc->loadXML($file); + $xpath = new DOMXPath($doc); + $xpath->registerNamespace('rc', "http://pear.php.net/dtd/package-2.0"); + + // XPaths of plugin metadata elements + $metadata = array( + 'name' => 'string(//rc:package/rc:name)', + 'version' => 'string(//rc:package/rc:version/rc:release)', + 'license' => 'string(//rc:package/rc:license)', + 'license_uri' => 'string(//rc:package/rc:license/@uri)', + 'src_uri' => 'string(//rc:package/rc:srcuri)', + 'uri' => 'string(//rc:package/rc:uri)', + ); + + foreach ($metadata as $key => $path) { + $info[$key] = $xpath->evaluate($path); + } + + // dependent required plugins (can be used, but not included in config) + $deps = $xpath->evaluate('//rc:package/rc:dependencies/rc:required/rc:package/rc:name'); + for ($i = 0; $i < $deps->length; $i++) { + $dn = $deps->item($i)->nodeValue; + $info['require'][] = $dn; + } + } } - } - // At least provide the name - if (!$info && class_exists($plugin_name)) { - $info = array('name' => $plugin_name, 'version' => '--'); - } - else if ($info['license'] && empty($info['license_uri']) && ($license_uri = $license_uris[$info['license']])) { - $info['license_uri'] = $license_uri; - } + // At least provide the name + if (!$info && class_exists($plugin_name)) { + $info = array('name' => $plugin_name, 'version' => '--'); + } + else if ($info['license'] && empty($info['license_uri']) && ($license_uri = $license_uris[$info['license']])) { + $info['license_uri'] = $license_uri; + } - return $info; + return $info; } /** diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc index 20a27ecb0..d4db232ea 100644 --- a/program/steps/mail/compose.inc +++ b/program/steps/mail/compose.inc @@ -781,12 +781,13 @@ function rcmail_prepare_message_body() unset($plugin); // add blocked.gif attachment (#1486516) - if ($isHtml && preg_match('#<img src="\./program/resources/blocked\.gif"#', $body)) { - if ($attachment = rcmail_save_image('program/resources/blocked.gif', 'image/gif')) { + if ($isHtml && preg_match('#<img src="program/resources/blocked\.gif"#', $body)) { + $content = $RCMAIL->get_resource_content('blocked.gif'); + if ($content && ($attachment = rcmail_save_image('blocked.gif', 'image/gif', $content))) { $COMPOSE['attachments'][$attachment['id']] = $attachment; $url = sprintf('%s&_id=%s&_action=display-attachment&_file=rcmfile%s', $RCMAIL->comm_path, $COMPOSE['id'], $attachment['id']); - $body = preg_replace('#\./program/resources/blocked\.gif#', $url, $body); + $body = preg_replace('#program/resources/blocked\.gif#', $url, $body); } } @@ -1400,18 +1401,31 @@ function rcmail_save_attachment(&$message, $pid) return false; } -function rcmail_save_image($path, $mimetype='') +function rcmail_save_image($path, $mimetype = '', $data = null) { global $COMPOSE; // handle attachments in memory - $data = file_get_contents($path); + if (empty($data)) { + $data = file_get_contents($path); + $is_file = true; + } + $name = rcmail_basename($path); + if (empty($mimetype)) { + if ($is_file) { + $mimetype = rcube_mime::file_content_type($path, $name); + } + else { + $mimetype = rcube_mime::file_content_type($data, $name, 'application/octet-stream', true); + } + } + $attachment = array( 'group' => $COMPOSE['id'], 'name' => $name, - 'mimetype' => $mimetype ? $mimetype : rcube_mime::file_content_type($path, $name), + 'mimetype' => $mimetype, 'data' => $data, 'size' => strlen($data), ); diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 6423636f0..48d989954 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -815,7 +815,7 @@ function rcmail_wash_html($html, $p, $cid_replaces) $wash_opts = array( 'show_washed' => false, 'allow_remote' => $p['safe'], - 'blocked_src' => "./program/resources/blocked.gif", + 'blocked_src' => 'program/resources/blocked.gif', 'charset' => RCUBE_CHARSET, 'cid_map' => $cid_replaces, 'html_elements' => array('body'), diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc index 775349d1c..150737a83 100644 --- a/program/steps/mail/get.inc +++ b/program/steps/mail/get.inc @@ -183,10 +183,12 @@ else if (strlen($part_id)) { // send blocked.gif for expected images if (empty($_REQUEST['_mimewarning']) && strpos($mimetype, 'image/') === 0) { // Do not cache. Failure might be the result of a misconfiguration, thus real content should be returned once fixed. + $content = $RCMAIL->get_resource_content('blocked.gif'); $OUTPUT->nocacheing_headers(); header("Content-Type: image/gif"); header("Content-Transfer-Encoding: binary"); - readfile(INSTALL_PATH . 'program/resources/blocked.gif'); + header("Content-Length: " . strlen($content)); + echo $content; } else { // html warning with a button to load the file anyway $OUTPUT = new rcmail_html_page(); |