diff options
| -rw-r--r-- | CHANGELOG | 7 | ||||
| -rw-r--r-- | plugins/acl/localization/de_DE.inc | 83 | ||||
| -rw-r--r-- | plugins/http_authentication/http_authentication.php | 5 | ||||
| -rw-r--r-- | plugins/http_authentication/logout.html | 29 | ||||
| -rw-r--r-- | plugins/newmail_notifier/newmail_notifier.js | 8 | ||||
| -rw-r--r-- | plugins/newmail_notifier/newmail_notifier.php | 2 | ||||
| -rw-r--r-- | program/include/rcube_imap_generic.php | 14 | ||||
| -rw-r--r-- | program/include/rcube_ldap.php | 33 | ||||
| -rwxr-xr-x | program/include/rcube_template.php | 2 | ||||
| -rw-r--r-- | program/js/app.js | 24 | ||||
| -rw-r--r-- | program/steps/addressbook/save.inc | 6 | ||||
| -rw-r--r-- | program/steps/addressbook/upload_photo.inc | 10 | ||||
| -rw-r--r-- | program/steps/mail/compose.inc | 48 |
13 files changed, 217 insertions, 54 deletions
@@ -1,11 +1,16 @@ CHANGELOG Roundcube Webmail =========================== +- Fixed selecting identity on reply/forward (#1487981) +- Fix image type check for contact photo uploads + +RELEASE 0.6-beta +---------------- +- Added unique connection identifier to IMAP debug messages - Add option to hide selected LDAP addressbook on the list - Add client-side checking of uploaded files size - Add newlines between organization, department, jobtitle (#1488028) - Recalculate date when replying to a message and localize the cite header (#1487675) -- Fix XSS vulnerability in UI messages (#1488030) - Fix handling of email addresses with quoted local part (#1487939) - Fix EOL character in vCard exports (#1487873) - Added optional "multithreading" autocomplete feature diff --git a/plugins/acl/localization/de_DE.inc b/plugins/acl/localization/de_DE.inc new file mode 100644 index 000000000..92c7e4290 --- /dev/null +++ b/plugins/acl/localization/de_DE.inc @@ -0,0 +1,83 @@ +<?php + +$labels['sharing'] = 'Freigabe'; +$labels['myrights'] = 'Zugriffsrechte'; +$labels['username'] = 'Benutzer:'; +$labels['advanced'] = 'erweiterter Modus'; +$labels['newuser'] = 'Eintrag hinzufügen'; +$labels['actions'] = 'Zugriffsrechte Aktionen...'; +$labels['anyone'] = 'Alle Benutzer (anyone)'; +$labels['anonymous'] = 'Gäste (anonymous)'; +$labels['identifier'] = 'Bezeichnung'; + +$labels['acll'] = 'Ordner sichtbar'; +$labels['aclr'] = 'Nachrichten lesen'; +$labels['acls'] = 'Lesestatus ändern'; +$labels['aclw'] = 'Flags schreiben'; +$labels['acli'] = 'Nachrichten Hinzufügen'; +$labels['aclp'] = 'Nachrichten Senden an'; +$labels['aclc'] = 'Unterordner erstellen'; +$labels['aclk'] = 'Unterordner erstellen'; +$labels['acld'] = 'Nachrichten als gelöscht markieren'; +$labels['aclt'] = 'Nachrichten als gelöscht markieren'; +$labels['acle'] = 'Nachrichten endgültig Löschen'; +$labels['aclx'] = 'Ordner löschen'; +$labels['acla'] = 'Zugriffsrechte Verwalten'; + +$labels['aclfull'] = 'Vollzugriff'; +$labels['aclother'] = 'Andere'; +$labels['aclread'] = 'Lesen'; +$labels['aclwrite'] = 'Schreiben'; +$labels['acldelete'] = 'Löschen'; + +$labels['shortacll'] = 'Sichtbar'; +$labels['shortaclr'] = 'Lesen'; +$labels['shortacls'] = 'Lesestatus'; +$labels['shortaclw'] = 'Flags ändern'; +$labels['shortacli'] = 'Hinzufügen'; +$labels['shortaclp'] = 'Senden an'; +$labels['shortaclc'] = 'Erstellen'; +$labels['shortaclk'] = 'Erstellen'; +$labels['shortacld'] = 'Löschen'; +$labels['shortaclt'] = 'Löschen'; +$labels['shortacle'] = 'endgültig löschen'; +$labels['shortaclx'] = 'Ordner löschen'; +$labels['shortacla'] = 'Verwalten'; + +$labels['shortaclother'] = 'Andere'; +$labels['shortaclread'] = 'Lesen'; +$labels['shortaclwrite'] = 'Schreiben'; +$labels['shortacldelete'] = 'Löschen'; + +$labels['longacll'] = 'Der Ordner ist sichtbar und kann abonniert werden'; +$labels['longaclr'] = 'Nachrichten im Ordner können gelesen werden'; +$labels['longacls'] = 'Der Lesestatus von Nachrichten kann geändert werden'; +$labels['longaclw'] = 'Alle Nachrichten-Flags und Schlüsselwörter außer "Gelesen" und "Gelöscht" können geändert werden'; +$labels['longacli'] = 'Nachrichten können in diesen Ordner kopiert oder verschoben werden'; +$labels['longaclp'] = 'Nachrichten können an diesen Ordner gesendet werden'; +$labels['longaclc'] = 'Unterordner können in diesem Ordner erstellt oder umbenannt werden'; +$labels['longaclk'] = 'Unterordner können in diesem Ordner erstellt oder umbenannt werden'; +$labels['longacld'] = 'Der "gelöscht" Status von Nachrichten kann geändert werden'; +$labels['longaclt'] = 'Der "gelöscht" Status von Nachrichten kann geändert werden'; +$labels['longacle'] = 'Als "gelöscht" markiert Nachrichten können gelöscht werden.'; +$labels['longaclx'] = 'Der Ordner kann gelöscht oder umbenannt werden'; +$labels['longacla'] = 'Die Zugriffsrechte des Ordners können geändert werden'; + +$labels['longaclfull'] = 'Vollzugriff inklusive Ordner-Verwaltung'; +$labels['longaclread'] = 'Der Ordnerinhalt kann gelesen werden'; +$labels['longaclwrite'] = 'Nachrichten können markiert, an den Ordner gesendet und in den Ordner kopiert oder verschoben werden'; +$labels['longacldelete'] = 'Nachrichten können gelöscht werden'; + +$messages['deleting'] = 'Zugriffsrechte werden entzogen...'; +$messages['saving'] = 'Zugriffsrechte werden gewährt...'; +$messages['updatesuccess'] = 'Zugriffsrechte erfolgreich geändert'; +$messages['deletesuccess'] = 'Zugriffsrechte erfolgreich entzogen'; +$messages['createsuccess'] = 'Zugriffsrechte erfolgreich gewährt'; +$messages['updateerror'] = 'Zugriffsrechte konnten nicht geändert werden'; +$messages['deleteerror'] = 'Zugriffsrechte konnten nicht entzogen werden'; +$messages['createerror'] = 'Zugriffsrechte konnten nicht gewährt werden'; +$messages['deleteconfirm'] = 'Sind Sie sicher, daß Sie die Zugriffsrechte den ausgewählten Benutzern entziehen möchten?'; +$messages['norights'] = 'Es wurden keine Zugriffsrechte ausgewählt!'; +$messages['nouser'] = 'Es wurde kein Benutzer ausgewählt!'; + +?> diff --git a/plugins/http_authentication/http_authentication.php b/plugins/http_authentication/http_authentication.php index 296ee7cc2..fa074f09a 100644 --- a/plugins/http_authentication/http_authentication.php +++ b/plugins/http_authentication/http_authentication.php @@ -9,8 +9,7 @@ * // redirect the client to this URL after logout. This page is then responsible to clear HTTP auth * $rcmail_config['logout_url'] = 'http://server.tld/logout.html'; * - * see http://stackoverflow.com/questions/31326/is-there-a-browser-equivalent-to-ies-clearauthenticationcache - * about how HTTP auth can be cleared + * See logout.html (in this directory) for an example how HTTP auth can be cleared. * * @version 1.4 * @author Thomas Bruederli @@ -54,7 +53,7 @@ class http_authentication extends rcube_plugin return $args; } - + function logout($args) { // redirect to configured URL in order to clear HTTP auth credentials diff --git a/plugins/http_authentication/logout.html b/plugins/http_authentication/logout.html new file mode 100644 index 000000000..0a78a62f2 --- /dev/null +++ b/plugins/http_authentication/logout.html @@ -0,0 +1,29 @@ +<!DOCTYPE html> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=utf-8"> +<title>Logout</title> +<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js"></script> +<script type="text/javascript"> + +// as seen on http://stackoverflow.com/questions/31326/is-there-a-browser-equivalent-to-ies-clearauthenticationcache +$(document).ready(function(){ + if (document.all && document.execCommand) { + document.execCommand("ClearAuthenticationCache", "false"); + } + else { + $.ajax({ + url: location.href, + type: 'POST', + username: '__LOGOUT__', + password: '***********' + }); + } +}); + +</script> +</head> +<body> +<h1>You've successully been logged out!</h1> + +</body>
\ No newline at end of file diff --git a/plugins/newmail_notifier/newmail_notifier.js b/plugins/newmail_notifier/newmail_notifier.js index 6e1ae9fbb..6afd66aee 100644 --- a/plugins/newmail_notifier/newmail_notifier.js +++ b/plugins/newmail_notifier/newmail_notifier.js @@ -1,7 +1,7 @@ /** * New Mail Notifier plugin script * - * @version 0.1 + * @version 0.2 * @author Aleksander Machniak <alec@alec.pl> */ @@ -50,14 +50,16 @@ function newmail_notifier_basic() // Sound notification function newmail_notifier_sound() { + var elem, src = 'plugins/newmail_notifier/sound.wav'; + // HTML5 try { - var elem = $('<audio src="success.wav" />'); + elem = $('<audio src="' + src + '" />'); elem.get(0).play(); } // old method catch (e) { - var elem = $('<embed id="sound" src="success.wav" hidden=true autostart=true loop=false />'); + elem = $('<embed id="sound" src="' + src + '" hidden=true autostart=true loop=false />'); elem.appendTo($('body')); window.setTimeout("$('#sound').remove()", 5000); } diff --git a/plugins/newmail_notifier/newmail_notifier.php b/plugins/newmail_notifier/newmail_notifier.php index 679072c7a..a72d728dc 100644 --- a/plugins/newmail_notifier/newmail_notifier.php +++ b/plugins/newmail_notifier/newmail_notifier.php @@ -7,7 +7,7 @@ * 1. Basic - focus browser window and change favicon * 2. Sound - play wav file * - * @version 0.1 + * @version 0.2 * @author Aleksander Machniak <alec@alec.pl> * * diff --git a/program/include/rcube_imap_generic.php b/program/include/rcube_imap_generic.php index e3c987cd3..102845ed0 100644 --- a/program/include/rcube_imap_generic.php +++ b/program/include/rcube_imap_generic.php @@ -105,6 +105,7 @@ class rcube_imap_generic private $prefs; private $cmd_tag; private $cmd_num = 0; + private $resourceid; private $_debug = false; private $_debug_handler = false; @@ -734,8 +735,13 @@ class rcube_imap_generic $line = trim(fgets($this->fp, 8192)); - if ($this->_debug && $line) { - $this->debug('S: '. $line); + if ($this->_debug) { + // set connection identifier for debug output + preg_match('/#([0-9]+)/', (string)$this->fp, $m); + $this->resourceid = strtoupper(substr(md5($m[1].$this->user.microtime()), 0, 4)); + + if ($line) + $this->debug('S: '. $line); } // Connected to wrong port or connection error? @@ -3361,6 +3367,10 @@ class rcube_imap_generic */ private function debug($message) { + if ($this->resourceid) { + $message = sprintf('[%s] %s', $this->resourceid, $message); + } + if ($this->_debug_handler) { call_user_func_array($this->_debug_handler, array(&$this, $message)); } else { diff --git a/program/include/rcube_ldap.php b/program/include/rcube_ldap.php index c363dc572..bf978a7ff 100644 --- a/program/include/rcube_ldap.php +++ b/program/include/rcube_ldap.php @@ -431,34 +431,41 @@ class rcube_ldap extends rcube_addressbook // we have a search result resource if ($this->ldap_result && $this->result->count > 0) { + // sorting still on the ldap server if ($this->sort_col && $this->prop['scope'] !== 'base' && !$this->vlv_active) ldap_sort($this->conn, $this->ldap_result, $this->sort_col); + // start and end of the page $start_row = $this->vlv_active ? 0 : $this->result->first; $start_row = $subset < 0 ? $start_row + $this->page_size + $subset : $start_row; $last_row = $this->result->first + $this->page_size; $last_row = $subset != 0 ? $start_row + abs($subset) : $last_row; + // get all entries from the ldap server $entries = ldap_get_entries($this->conn, $this->ldap_result); - for ($i = $start_row; $i < min($entries['count'], $last_row); $i++) - $this->result->add($this->_ldap2result($entries[$i])); - } - // temp hack for filtering group members - if ($this->groups and $this->group_id) - { - $result = new rcube_result_set(); - while ($record = $this->result->iterate()) + // filtering for group members + if ($this->groups and $this->group_id) { - if ($this->group_members[$record['ID']]) + $count = 0; + $members = array(); + foreach ($entries as $entry) { - $result->add($record); - $result->count++; + if ($this->group_members[base64_encode($entry['dn'])]) + { + $members[] = $entry; + $count++; + } } + $entries = $members; + $entries['count'] = $count; + $this->result->count = $count; } - $this->result = $result; - } + // filter entries for this page + for ($i = $start_row; $i < min($entries['count'], $last_row); $i++) + $this->result->add($this->_ldap2result($entries[$i])); + } return $this->result; } diff --git a/program/include/rcube_template.php b/program/include/rcube_template.php index f5c741fc5..c4dd73b23 100755 --- a/program/include/rcube_template.php +++ b/program/include/rcube_template.php @@ -434,7 +434,7 @@ class rcube_template extends rcube_html_page if ($write) { // add debug console - if ($this->config['debug_level'] & 8) { + if ($realname != 'error' && ($this->config['debug_level'] & 8)) { $this->add_footer('<div id="console" style="position:absolute;top:5px;left:5px;width:405px;padding:2px;background:white;z-index:9000;display:none"> <a href="#toggle" onclick="con=$(\'#dbgconsole\');con[con.is(\':visible\')?\'hide\':\'show\']();return false">console</a> <textarea name="console" id="dbgconsole" rows="20" cols="40" wrap="off" style="display:none;width:400px;border:none;font-size:10px" spellcheck="false"></textarea></div>' diff --git a/program/js/app.js b/program/js/app.js index d15950d36..bbb14e7ad 100644 --- a/program/js/app.js +++ b/program/js/app.js @@ -402,6 +402,10 @@ function rcube_webmail() break; } + // prevent from form submit with Enter key in file input fields + if (bw.ie) + $('input[type=file]').keydown(function(e) { if (e.keyCode == '13') e.preventDefault(); }); + // flag object as complete this.loaded = true; @@ -3997,12 +4001,19 @@ function rcube_webmail() }; // update a contact record in the list - this.update_contact_row = function(cid, cols_arr, newcid) + this.update_contact_row = function(cid, cols_arr, newcid, source) { var c, row, list = this.contact_list; cid = String(cid).replace(this.identifier_expr, '_'); + // when in searching mode, concat cid with the source name + if (!list.rows[cid]) { + cid = cid+'-'+source; + if (newcid) + newcid = newcid+'-'+source; + } + if (list.rows[cid] && (row = list.rows[cid].obj)) { for (c=0; c<cols_arr.length; c++) if (row.cells[c]) @@ -5833,11 +5844,12 @@ function rcube_webmail() // handle upload errors, parsing iframe content in onload $(frame_name).bind('load', {ts:ts}, onload); - form.target = frame_name; - form.action = this.url(action, { _id:this.env.compose_id||'', _uploadid:ts }); - form.setAttribute('method', 'POST'); - form.setAttribute('enctype', 'multipart/form-data'); - form.submit(); + $(form).attr({ + target: frame_name, + action: this.url(action, { _id:this.env.compose_id||'', _uploadid:ts }), + method: 'POST'}) + .attr(form.encoding ? 'encoding' : 'enctype', 'multipart/form-data') + .submit(); return frame_name; }; diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc index c463bf7fe..ddbd630ef 100644 --- a/program/steps/addressbook/save.inc +++ b/program/steps/addressbook/save.inc @@ -104,12 +104,13 @@ if (isset($a_record['photo'])) { $RCMAIL->session->remove('contacts'); } +$source = get_input_value('_source', RCUBE_INPUT_GPC); // update an existing contact if (!empty($cid)) { $plugin = $RCMAIL->plugins->exec_hook('contact_update', - array('id' => $cid, 'record' => $a_record, 'source' => get_input_value('_source', RCUBE_INPUT_GPC))); + array('id' => $cid, 'record' => $a_record, 'source' => $source)); $a_record = $plugin['record']; if (!$plugin['abort']) @@ -136,7 +137,7 @@ if (!empty($cid)) $a_js_cols[] = Q((string)$record[$col]); // update the changed col in list - $OUTPUT->command('parent.update_contact_row', $cid, $a_js_cols, $newcid); + $OUTPUT->command('parent.update_contact_row', $cid, $a_js_cols, $newcid, $source); // show confirmation $OUTPUT->show_message('successfullysaved', 'confirmation', null, false); @@ -152,7 +153,6 @@ if (!empty($cid)) // insert a new contact else { - $source = get_input_value('_source', RCUBE_INPUT_GPC); // Name of the addressbook already selected on the list $orig_source = get_input_value('_orig_source', RCUBE_INPUT_GPC); diff --git a/program/steps/addressbook/upload_photo.inc b/program/steps/addressbook/upload_photo.inc index 1ed71f8cb..f0430ae80 100644 --- a/program/steps/addressbook/upload_photo.inc +++ b/program/steps/addressbook/upload_photo.inc @@ -19,14 +19,20 @@ */ +// Supported image format types +// ImageMagick works with other non-image types (e.g.pdf) we don't want here +$IMAGE_TYPES = explode(',', 'jpeg,jpg,jp2,tiff,tif,bmp,eps,gif,png,png8,png24,png32,svg,ico'); + // clear all stored output properties (like scripts and env vars) $OUTPUT->reset(); -console($_FILES); + if ($filepath = $_FILES['_photo']['tmp_name']) { // check file type and resize image $imageprop = rcmail::imageprops($_FILES['_photo']['tmp_name']); - if ($imageprop['width'] && $imageprop['height']) { + if (in_array(strtolower($imageprop['type']), $IMAGE_TYPES) + && $imageprop['width'] && $imageprop['height'] + ) { $maxsize = intval($RCMAIL->config->get('contact_photo_size', 160)); $tmpfname = tempnam($RCMAIL->config->get('temp_dir'), 'rcmImgConvert'); $save_hook = 'attachment_upload'; diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc index 9a94ff742..4449ea0b2 100644 --- a/program/steps/mail/compose.inc +++ b/program/steps/mail/compose.inc @@ -225,9 +225,11 @@ $MESSAGE->compose = array(); $MESSAGE->identities = $USER->list_identities(); if (count($MESSAGE->identities)) { - foreach ($MESSAGE->identities as $idx => $sql_arr) { - $email = mb_strtolower(rcube_idn_to_utf8($sql_arr['email'])); - $MESSAGE->identities[$idx]['email_ascii'] = $sql_arr['email']; + foreach ($MESSAGE->identities as $idx => $ident) { + $email = mb_strtolower(rcube_idn_to_utf8($ident['email'])); + + $MESSAGE->identities[$idx]['email_ascii'] = $ident['email']; + $MESSAGE->identities[$idx]['ident'] = format_email_recipient($ident['email'], $ident['name']); $MESSAGE->identities[$idx]['email'] = $email; } } @@ -242,7 +244,7 @@ else if (!empty($_SESSION['compose']['param']['from'])) { else if (count($MESSAGE->identities)) { // extract all recipients of the reply-message $a_recipients = array(); - if ($compose_mode == RCUBE_COMPOSE_REPLY && is_object($MESSAGE->headers)) + if (is_object($MESSAGE->headers) && in_array($compose_mode, array(RCUBE_COMPOSE_REPLY, RCUBE_COMPOSE_FORWARD))) { $a_to = $IMAP->decode_address_list($MESSAGE->headers->to); foreach ($a_to as $addr) { @@ -260,39 +262,47 @@ else if (count($MESSAGE->identities)) { } $from_idx = null; - $default_identity = 0; + $default_identity = null; $return_path = $MESSAGE->headers->others['return-path']; // Select identity - foreach ($MESSAGE->identities as $idx => $sql_arr) { + foreach ($MESSAGE->identities as $idx => $ident) { // save default identity ID - if ($sql_arr['standard']) { + if ($ident['standard']) { $default_identity = $idx; } - // we need ascii here - $email = $sql_arr['email_ascii']; - $ident = format_email_recipient($email, $sql_arr['name']); - // select identity - if (in_array($compose_mode, array(RCUBE_COMPOSE_DRAFT, RCUBE_COMPOSE_EDIT, RCUBE_COMPOSE_REPLY))) { - if ($MESSAGE->headers->from == $ident) { + // use From header + if (in_array($compose_mode, array(RCUBE_COMPOSE_DRAFT, RCUBE_COMPOSE_EDIT))) { + if ($MESSAGE->headers->from == $ident['ident']) { $from_idx = $idx; break; } } - // set identity if it's one of the reply-message recipients - else if (in_array($email, $a_recipients) && ($from_idx === null || $sql_arr['standard'])) { + // reply to yourself + else if ($compose_mode == RCUBE_COMPOSE_REPLY && $MESSAGE->headers->from == $ident['ident']) { $from_idx = $idx; + break; } - // set identity when replying to mailing list - else if (strpos($return_path, str_replace('@', '=', $email).'@') !== false) { + // use replied message recipients + else if (in_array($ident['email_ascii'], $a_recipients)) { $from_idx = $idx; } } - // Still no ID, use first identity + // Fallback using Return-Path + if ($from_idx === null && $return_path) { + foreach ($MESSAGE->identities as $idx => $ident) { + if (strpos($return_path, str_replace('@', '=', $ident['email_ascii']).'@') !== false) { + $from_idx = $idx; + break; + } + } + } + + // Still no ID, use default/first identity if ($from_idx === null) { - $from_idx = $default_identity; + $from_idx = $default_identity !== null ? $default_identity : key(reset($MESSAGE->identities)); } $ident = $MESSAGE->identities[$from_idx]; |