summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGELOG3
-rw-r--r--program/include/rcube_imap.php11
-rw-r--r--program/include/rcube_imap_generic.php48
-rw-r--r--program/include/rcube_message.php13
4 files changed, 71 insertions, 4 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 9375dc769..867472610 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -3,6 +3,9 @@ CHANGELOG Roundcube Webmail
RELEASE 0.5.1
-------------
+- Fix handling of attachments with invalid content type (#1487767)
+- Add workaround for DBMail's bug http://www.dbmail.org/mantis/view.php?id=881 (#1487766)
+- Use IMAP's ID extension (RFC2971) to print more info into debug log
- Security: add optional referer check to prevent CSRF in GET requests
- Fix email_dns_check setting not used for identities/contacts (#1487740)
- Fix ICANN example addresses doesn't validate (#1487742)
diff --git a/program/include/rcube_imap.php b/program/include/rcube_imap.php
index bfbf740fd..dd821bf37 100644
--- a/program/include/rcube_imap.php
+++ b/program/include/rcube_imap.php
@@ -148,9 +148,18 @@ class rcube_imap
$this->options['port'] = $port;
- if ($this->options['debug'])
+ if ($this->options['debug']) {
$this->conn->setDebug(true, array($this, 'debug_handler'));
+ $this->options['ident'] = array(
+ 'name' => 'Roundcube Webmail',
+ 'version' => RCMAIL_VERSION,
+ 'php' => PHP_VERSION,
+ 'os' => PHP_OS,
+ 'command' => $_SERVER['REQUEST_URI'],
+ );
+ }
+
$attempt = 0;
do {
$data = rcmail::get_instance()->plugins->exec_hook('imap_connect',
diff --git a/program/include/rcube_imap_generic.php b/program/include/rcube_imap_generic.php
index 3b2e3ee87..9b8d29f8a 100644
--- a/program/include/rcube_imap_generic.php
+++ b/program/include/rcube_imap_generic.php
@@ -759,6 +759,11 @@ class rcube_imap_generic
}
}
+ // Send ID info
+ if (!empty($this->prefs['ident']) && $this->getCapability('ID')) {
+ $this->id($this->prefs['ident']);
+ }
+
$auth_methods = array();
$result = null;
@@ -1157,6 +1162,44 @@ class rcube_imap_generic
return false;
}
+ /**
+ * Executes ID command (RFC2971)
+ *
+ * @param array $items Client identification information key/value hash
+ *
+ * @return array Server identification information key/value hash
+ * @access public
+ * @since 0.6
+ */
+ function id($items=array())
+ {
+ if (is_array($items) && !empty($items)) {
+ foreach ($items as $key => $value) {
+ $args[] = $this->escape($key);
+ $args[] = $this->escape($value);
+ }
+ }
+
+ list($code, $response) = $this->execute('ID', array(
+ !empty($args) ? '(' . implode(' ', (array) $args) . ')' : $this->escape(null)
+ ));
+
+
+ if ($code == self::ERROR_OK && preg_match('/\* ID /i', $response)) {
+ $response = substr($response, 5); // remove prefix "* ID "
+ $items = $this->tokenizeResponse($response);
+ $result = null;
+
+ for ($i=0, $len=count($items); $i<$len; $i += 2) {
+ $result[$items[$i]] = $items[$i+1];
+ }
+
+ return $result;
+ }
+
+ return false;
+ }
+
function sort($mailbox, $field, $add='', $is_uid=FALSE, $encoding = 'US-ASCII')
{
$field = strtoupper($field);
@@ -3284,10 +3327,11 @@ class rcube_imap_generic
else if ($string === '') {
return '""';
}
+ // need quoted-string? find special chars: SP, CTL, (, ), {, %, *, ", \, ]
+ // plus [ character as a workaround for DBMail's bug (#1487766)
else if ($force_quotes ||
- preg_match('/([\x00-\x20\x28-\x29\x7B\x25\x2A\x22\x5C\x5D\x7F]+)/', $string)
+ preg_match('/([\x00-\x20\x28-\x29\x7B\x25\x2A\x22\x5B\x5C\x5D\x7F]+)/', $string)
) {
- // string: special chars: SP, CTL, (, ), {, %, *, ", \, ]
return '"' . strtr($string, array('"'=>'\\"', '\\' => '\\\\')) . '"';
}
diff --git a/program/include/rcube_message.php b/program/include/rcube_message.php
index 75b55fee0..5c0773815 100644
--- a/program/include/rcube_message.php
+++ b/program/include/rcube_message.php
@@ -478,10 +478,21 @@ class rcube_message
if (!empty($mail_part->filename))
$this->attachments[] = $mail_part;
}
- // is a regular attachment (content-type name regexp according to RFC4288.4.2)
+ // regular attachment with valid content type
+ // (content-type name regexp according to RFC4288.4.2)
else if (preg_match('/^[a-z0-9!#$&.+^_-]+\/[a-z0-9!#$&.+^_-]+$/i', $part_mimetype)) {
if (!$mail_part->filename)
$mail_part->filename = 'Part '.$mail_part->mime_id;
+
+ $this->attachments[] = $mail_part;
+ }
+ // attachment with invalid content type
+ // replace malformed content type with application/octet-stream (#1487767)
+ else if ($mail_part->filename) {
+ $mail_part->ctype_primary = 'application';
+ $mail_part->ctype_secondary = 'octet-stream';
+ $mail_part->mimetype = 'application/octet-stream';
+
$this->attachments[] = $mail_part;
}
}