summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG1
-rw-r--r--program/include/rcube_content_filter.php55
-rw-r--r--program/js/app.js2
-rw-r--r--program/steps/mail/autocomplete.inc4
-rw-r--r--program/steps/mail/get.inc38
-rw-r--r--program/steps/settings/folders.inc10
6 files changed, 67 insertions, 43 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 6265ee415..26b600b8a 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
+- Fix crash with eAccelerator (#1488256)
- Fix expanding folders during drag&drop (#1488260)
- Fix wrong postgres sequence name in upgrade from 0.6
- Fix broken CREATE INDEX queries in SQLite DDL files (#1488255)
diff --git a/program/include/rcube_content_filter.php b/program/include/rcube_content_filter.php
new file mode 100644
index 000000000..430defec6
--- /dev/null
+++ b/program/include/rcube_content_filter.php
@@ -0,0 +1,55 @@
+<?php
+
+/*
+ +-----------------------------------------------------------------------+
+ | program/include/rcube_content_filter.php |
+ | |
+ | This file is part of the Roundcube Webmail client |
+ | Copyright (C) 2011, The Roundcube Dev Team |
+ | Licensed under the GNU GPL |
+ | |
+ | PURPOSE: |
+ | PHP stream filter to detect evil content in mail attachments |
+ | |
+ +-----------------------------------------------------------------------+
+ | Author: Thomas Bruederli <roundcube@gmail.com> |
+ +-----------------------------------------------------------------------+
+
+ $Id$
+*/
+
+/**
+ * PHP stream filter to detect html/javascript code in attachments
+ */
+class rcube_content_filter extends php_user_filter
+{
+ private $buffer = '';
+ private $cutoff = 2048;
+
+ function onCreate()
+ {
+ $this->cutoff = rand(2048, 3027);
+ return true;
+ }
+
+ function filter($in, $out, &$consumed, $closing)
+ {
+ while ($bucket = stream_bucket_make_writeable($in)) {
+ $this->buffer .= $bucket->data;
+
+ // check for evil content and abort
+ if (preg_match('/<(script|iframe|object)/i', $this->buffer))
+ return PSFS_ERR_FATAL;
+
+ // keep buffer small enough
+ if (strlen($this->buffer) > 4096)
+ $this->buffer = substr($this->buffer, $this->cutoff);
+
+ $consumed += $bucket->datalen;
+ stream_bucket_append($out, $bucket);
+ }
+
+ return PSFS_PASS_ON;
+ }
+}
+
diff --git a/program/js/app.js b/program/js/app.js
index e1c436263..58d7f1e86 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -3082,7 +3082,7 @@ function rcube_webmail()
if (!vis)
this.stop_spellchecking();
- $(this.env.spellcheck.spell_container).css('visibility', vis ? 'visible' : 'hidden');
+ $(this.env.spellcheck.spell_container)[vis ? 'show' : 'hide']();
}
};
diff --git a/program/steps/mail/autocomplete.inc b/program/steps/mail/autocomplete.inc
index 281a4e9f7..6eea705ef 100644
--- a/program/steps/mail/autocomplete.inc
+++ b/program/steps/mail/autocomplete.inc
@@ -28,8 +28,10 @@ if ($RCMAIL->action == 'group-expand') {
$abook->set_pagesize(1000); // TODO: limit number of group members by config
$result = $abook->list_records(array('email','name'));
while ($result && ($sql_arr = $result->iterate())) {
- foreach ((array)$sql_arr['email'] as $email)
+ foreach ((array)$sql_arr['email'] as $email) {
$members[] = format_email_recipient($email, $sql_arr['name']);
+ break; // only expand one email per contact
+ }
}
$separator = trim($RCMAIL->config->get('recipients_separator', ',')) . ' ';
diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc
index aee2c4d1a..06a718f39 100644
--- a/program/steps/mail/get.inc
+++ b/program/steps/mail/get.inc
@@ -5,7 +5,7 @@
| program/steps/mail/get.inc |
| |
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2005-2009, The Roundcube Dev Team |
+ | Copyright (C) 2005-2011, The Roundcube Dev Team |
| Licensed under the GNU GPL |
| |
| PURPOSE: |
@@ -179,39 +179,3 @@ header('HTTP/1.1 404 Not Found');
exit;
-
-/**
- * PHP stream filter to detect html/javascript code in attachments
- */
-class rcube_content_filter extends php_user_filter
-{
- private $buffer = '';
- private $cutoff = 2048;
-
- function onCreate()
- {
- $this->cutoff = rand(2048, 3027);
- return true;
- }
-
- function filter($in, $out, &$consumed, $closing)
- {
- while ($bucket = stream_bucket_make_writeable($in)) {
- $this->buffer .= $bucket->data;
-
- // check for evil content and abort
- if (preg_match('/<(script|iframe|object)/i', $this->buffer))
- return PSFS_ERR_FATAL;
-
- // keep buffer small enough
- if (strlen($this->buffer) > 4096)
- $this->buffer = substr($this->buffer, $this->cutoff);
-
- $consumed += $bucket->datalen;
- stream_bucket_append($out, $bucket);
- }
-
- return PSFS_PASS_ON;
- }
-}
-
diff --git a/program/steps/settings/folders.inc b/program/steps/settings/folders.inc
index 77cbb5571..3fc366d1c 100644
--- a/program/steps/settings/folders.inc
+++ b/program/steps/settings/folders.inc
@@ -293,10 +293,12 @@ function rcube_subscription_form($attrib)
if (!$disabled && $folder['virtual'] && $folder['level'] == 0 && !empty($namespace)) {
$fname = $folder['id'] . $delimiter;
foreach ($namespace as $ns) {
- foreach ($ns as $item) {
- if ($item[0] === $fname) {
- $disabled = true;
- break 2;
+ if (is_array($ns)) {
+ foreach ($ns as $item) {
+ if ($item[0] === $fname) {
+ $disabled = true;
+ break 2;
+ }
}
}
}