diff options
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | program/lib/Mail/mime.php | 16 | ||||
-rw-r--r-- | program/lib/Mail/mimePart.php | 53 |
3 files changed, 54 insertions, 16 deletions
@@ -1,6 +1,7 @@ CHANGELOG Roundcube Webmail =========================== +- Update to Mail_Mime-1.8.5 (#1488521) - Fix XSS vulnerability in message subject handling using Larry skin (#1488519) - Fix handling of links with various URI schemes e.g. "skype:" (#1488106) - Fix handling of links inside PRE elements on html to text conversion diff --git a/program/lib/Mail/mime.php b/program/lib/Mail/mime.php index cc72f5b29..76c6ec2ff 100644 --- a/program/lib/Mail/mime.php +++ b/program/lib/Mail/mime.php @@ -48,7 +48,7 @@ * @author Aleksander Machniak <alec@php.net> * @copyright 2003-2006 PEAR <pear-group@php.net> * @license http://www.opensource.org/licenses/bsd-license.php BSD License - * @version CVS: $Id$ + * @version 1.8.5 * @link http://pear.php.net/package/Mail_mime * * This class is based on HTML Mime Mail class from @@ -89,7 +89,7 @@ require_once 'Mail/mimePart.php'; * @author Sean Coates <sean@php.net> * @copyright 2003-2006 PEAR <pear-group@php.net> * @license http://www.opensource.org/licenses/bsd-license.php BSD License - * @version Release: @package_version@ + * @version Release: 1.8.5 * @link http://pear.php.net/package/Mail_mime */ class Mail_mime @@ -387,6 +387,8 @@ class Mail_mime * @param string $description Content-Description header * @param string $h_charset The character set of the headers e.g. filename * If not specified, $charset will be used + * @param array $add_headers Additional part headers. Array keys can be in form + * of <header_name>:<parameter_name> * * @return mixed True on success or PEAR_Error object * @access public @@ -403,7 +405,8 @@ class Mail_mime $n_encoding = null, $f_encoding = null, $description = '', - $h_charset = null + $h_charset = null, + $add_headers = array() ) { $bodyfile = null; @@ -442,6 +445,7 @@ class Mail_mime 'location' => $location, 'disposition' => $disposition, 'description' => $description, + 'add_headers' => $add_headers, 'name_encoding' => $n_encoding, 'filename_encoding' => $f_encoding, 'headers_charset' => $h_charset, @@ -680,6 +684,9 @@ class Mail_mime if (!empty($value['description'])) { $params['description'] = $value['description']; } + if (is_array($value['add_headers'])) { + $params['headers'] = $value['add_headers']; + } $ret = $obj->addSubpart($value['body'], $params); return $ret; @@ -1319,7 +1326,8 @@ class Mail_mime */ function encodeHeader($name, $value, $charset, $encoding) { - return Mail_mimePart::encodeHeader( + $mime_part = new Mail_mimePart; + return $mime_part->encodeHeader( $name, $value, $charset, $encoding, $this->_build_params['eol'] ); } diff --git a/program/lib/Mail/mimePart.php b/program/lib/Mail/mimePart.php index 821990ee0..4e4170d8e 100644 --- a/program/lib/Mail/mimePart.php +++ b/program/lib/Mail/mimePart.php @@ -48,7 +48,7 @@ * @author Aleksander Machniak <alec@php.net> * @copyright 2003-2006 PEAR <pear-group@php.net> * @license http://www.opensource.org/licenses/bsd-license.php BSD License - * @version CVS: $Id$ + * @version 1.8.5 * @link http://pear.php.net/package/Mail_mime */ @@ -70,7 +70,7 @@ * @author Aleksander Machniak <alec@php.net> * @copyright 2003-2006 PEAR <pear-group@php.net> * @license http://www.opensource.org/licenses/bsd-license.php BSD License - * @version Release: @package_version@ + * @version Release: 1.8.5 * @link http://pear.php.net/package/Mail_mime */ class Mail_mimePart @@ -156,6 +156,8 @@ class Mail_mimePart * headers_charset - Charset of the headers e.g. filename, description. * If not set, 'charset' will be used * eol - End of line sequence. Default: "\r\n" + * headers - Hash array with additional part headers. Array keys can be + * in form of <header_name>:<parameter_name> * body_file - Location of file with part's body (instead of $body) * * @access public @@ -168,6 +170,11 @@ class Mail_mimePart $this->_eol = MAIL_MIMEPART_CRLF; } + // Additional part headers + if (!empty($params['headers']) && is_array($params['headers'])) { + $headers = $params['headers']; + } + foreach ($params as $key => $value) { switch ($key) { case 'encoding': @@ -216,13 +223,17 @@ class Mail_mimePart $params['headers_charset'] = $params['charset']; } } + + // header values encoding parameters + $h_charset = !empty($params['headers_charset']) ? $params['headers_charset'] : 'US-ASCII'; + $h_language = !empty($params['language']) ? $params['language'] : null; + $h_encoding = !empty($params['name_encoding']) ? $params['name_encoding'] : null; + + if (!empty($params['filename'])) { $headers['Content-Type'] .= ';' . $this->_eol; $headers['Content-Type'] .= $this->_buildHeaderParam( - 'name', $params['filename'], - !empty($params['headers_charset']) ? $params['headers_charset'] : 'US-ASCII', - !empty($params['language']) ? $params['language'] : null, - !empty($params['name_encoding']) ? $params['name_encoding'] : null + 'name', $params['filename'], $h_charset, $h_language, $h_encoding ); } @@ -232,23 +243,41 @@ class Mail_mimePart if (!empty($params['filename'])) { $headers['Content-Disposition'] .= ';' . $this->_eol; $headers['Content-Disposition'] .= $this->_buildHeaderParam( - 'filename', $params['filename'], - !empty($params['headers_charset']) ? $params['headers_charset'] : 'US-ASCII', - !empty($params['language']) ? $params['language'] : null, + 'filename', $params['filename'], $h_charset, $h_language, !empty($params['filename_encoding']) ? $params['filename_encoding'] : null ); } + + // add attachment size + $size = $this->_body_file ? filesize($this->_body_file) : strlen($body); + if ($size) { + $headers['Content-Disposition'] .= ';' . $this->_eol . ' size=' . $size; + } } if (!empty($params['description'])) { $headers['Content-Description'] = $this->encodeHeader( - 'Content-Description', $params['description'], - !empty($params['headers_charset']) ? $params['headers_charset'] : 'US-ASCII', - !empty($params['name_encoding']) ? $params['name_encoding'] : 'quoted-printable', + 'Content-Description', $params['description'], $h_charset, $h_encoding, $this->_eol ); } + // Search and add existing headers' parameters + foreach ($headers as $key => $value) { + $items = explode(':', $key); + if (count($items) == 2) { + $header = $items[0]; + $param = $items[1]; + if (isset($headers[$header])) { + $headers[$header] .= ';' . $this->_eol; + } + $headers[$header] .= $this->_buildHeaderParam( + $param, $value, $h_charset, $h_language, $h_encoding + ); + unset($headers[$key]); + } + } + // Default encoding if (!isset($this->_encoding)) { $this->_encoding = '7bit'; |