summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG1
-rw-r--r--program/lib/Mail/mime.php16
-rw-r--r--program/lib/Mail/mimePart.php53
3 files changed, 54 insertions, 16 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 7ecbc997d..adf202762 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
+- Update to Mail_Mime-1.8.5 (#1488521)
- Fix XSS vulnerability in message subject handling using Larry skin (#1488519)
- Fix handling of links with various URI schemes e.g. "skype:" (#1488106)
- Fix handling of links inside PRE elements on html to text conversion
diff --git a/program/lib/Mail/mime.php b/program/lib/Mail/mime.php
index cc72f5b29..76c6ec2ff 100644
--- a/program/lib/Mail/mime.php
+++ b/program/lib/Mail/mime.php
@@ -48,7 +48,7 @@
* @author Aleksander Machniak <alec@php.net>
* @copyright 2003-2006 PEAR <pear-group@php.net>
* @license http://www.opensource.org/licenses/bsd-license.php BSD License
- * @version CVS: $Id$
+ * @version 1.8.5
* @link http://pear.php.net/package/Mail_mime
*
* This class is based on HTML Mime Mail class from
@@ -89,7 +89,7 @@ require_once 'Mail/mimePart.php';
* @author Sean Coates <sean@php.net>
* @copyright 2003-2006 PEAR <pear-group@php.net>
* @license http://www.opensource.org/licenses/bsd-license.php BSD License
- * @version Release: @package_version@
+ * @version Release: 1.8.5
* @link http://pear.php.net/package/Mail_mime
*/
class Mail_mime
@@ -387,6 +387,8 @@ class Mail_mime
* @param string $description Content-Description header
* @param string $h_charset The character set of the headers e.g. filename
* If not specified, $charset will be used
+ * @param array $add_headers Additional part headers. Array keys can be in form
+ * of <header_name>:<parameter_name>
*
* @return mixed True on success or PEAR_Error object
* @access public
@@ -403,7 +405,8 @@ class Mail_mime
$n_encoding = null,
$f_encoding = null,
$description = '',
- $h_charset = null
+ $h_charset = null,
+ $add_headers = array()
) {
$bodyfile = null;
@@ -442,6 +445,7 @@ class Mail_mime
'location' => $location,
'disposition' => $disposition,
'description' => $description,
+ 'add_headers' => $add_headers,
'name_encoding' => $n_encoding,
'filename_encoding' => $f_encoding,
'headers_charset' => $h_charset,
@@ -680,6 +684,9 @@ class Mail_mime
if (!empty($value['description'])) {
$params['description'] = $value['description'];
}
+ if (is_array($value['add_headers'])) {
+ $params['headers'] = $value['add_headers'];
+ }
$ret = $obj->addSubpart($value['body'], $params);
return $ret;
@@ -1319,7 +1326,8 @@ class Mail_mime
*/
function encodeHeader($name, $value, $charset, $encoding)
{
- return Mail_mimePart::encodeHeader(
+ $mime_part = new Mail_mimePart;
+ return $mime_part->encodeHeader(
$name, $value, $charset, $encoding, $this->_build_params['eol']
);
}
diff --git a/program/lib/Mail/mimePart.php b/program/lib/Mail/mimePart.php
index 821990ee0..4e4170d8e 100644
--- a/program/lib/Mail/mimePart.php
+++ b/program/lib/Mail/mimePart.php
@@ -48,7 +48,7 @@
* @author Aleksander Machniak <alec@php.net>
* @copyright 2003-2006 PEAR <pear-group@php.net>
* @license http://www.opensource.org/licenses/bsd-license.php BSD License
- * @version CVS: $Id$
+ * @version 1.8.5
* @link http://pear.php.net/package/Mail_mime
*/
@@ -70,7 +70,7 @@
* @author Aleksander Machniak <alec@php.net>
* @copyright 2003-2006 PEAR <pear-group@php.net>
* @license http://www.opensource.org/licenses/bsd-license.php BSD License
- * @version Release: @package_version@
+ * @version Release: 1.8.5
* @link http://pear.php.net/package/Mail_mime
*/
class Mail_mimePart
@@ -156,6 +156,8 @@ class Mail_mimePart
* headers_charset - Charset of the headers e.g. filename, description.
* If not set, 'charset' will be used
* eol - End of line sequence. Default: "\r\n"
+ * headers - Hash array with additional part headers. Array keys can be
+ * in form of <header_name>:<parameter_name>
* body_file - Location of file with part's body (instead of $body)
*
* @access public
@@ -168,6 +170,11 @@ class Mail_mimePart
$this->_eol = MAIL_MIMEPART_CRLF;
}
+ // Additional part headers
+ if (!empty($params['headers']) && is_array($params['headers'])) {
+ $headers = $params['headers'];
+ }
+
foreach ($params as $key => $value) {
switch ($key) {
case 'encoding':
@@ -216,13 +223,17 @@ class Mail_mimePart
$params['headers_charset'] = $params['charset'];
}
}
+
+ // header values encoding parameters
+ $h_charset = !empty($params['headers_charset']) ? $params['headers_charset'] : 'US-ASCII';
+ $h_language = !empty($params['language']) ? $params['language'] : null;
+ $h_encoding = !empty($params['name_encoding']) ? $params['name_encoding'] : null;
+
+
if (!empty($params['filename'])) {
$headers['Content-Type'] .= ';' . $this->_eol;
$headers['Content-Type'] .= $this->_buildHeaderParam(
- 'name', $params['filename'],
- !empty($params['headers_charset']) ? $params['headers_charset'] : 'US-ASCII',
- !empty($params['language']) ? $params['language'] : null,
- !empty($params['name_encoding']) ? $params['name_encoding'] : null
+ 'name', $params['filename'], $h_charset, $h_language, $h_encoding
);
}
@@ -232,23 +243,41 @@ class Mail_mimePart
if (!empty($params['filename'])) {
$headers['Content-Disposition'] .= ';' . $this->_eol;
$headers['Content-Disposition'] .= $this->_buildHeaderParam(
- 'filename', $params['filename'],
- !empty($params['headers_charset']) ? $params['headers_charset'] : 'US-ASCII',
- !empty($params['language']) ? $params['language'] : null,
+ 'filename', $params['filename'], $h_charset, $h_language,
!empty($params['filename_encoding']) ? $params['filename_encoding'] : null
);
}
+
+ // add attachment size
+ $size = $this->_body_file ? filesize($this->_body_file) : strlen($body);
+ if ($size) {
+ $headers['Content-Disposition'] .= ';' . $this->_eol . ' size=' . $size;
+ }
}
if (!empty($params['description'])) {
$headers['Content-Description'] = $this->encodeHeader(
- 'Content-Description', $params['description'],
- !empty($params['headers_charset']) ? $params['headers_charset'] : 'US-ASCII',
- !empty($params['name_encoding']) ? $params['name_encoding'] : 'quoted-printable',
+ 'Content-Description', $params['description'], $h_charset, $h_encoding,
$this->_eol
);
}
+ // Search and add existing headers' parameters
+ foreach ($headers as $key => $value) {
+ $items = explode(':', $key);
+ if (count($items) == 2) {
+ $header = $items[0];
+ $param = $items[1];
+ if (isset($headers[$header])) {
+ $headers[$header] .= ';' . $this->_eol;
+ }
+ $headers[$header] .= $this->_buildHeaderParam(
+ $param, $value, $h_charset, $h_language, $h_encoding
+ );
+ unset($headers[$key]);
+ }
+ }
+
// Default encoding
if (!isset($this->_encoding)) {
$this->_encoding = '7bit';