diff options
-rw-r--r-- | CHANGELOG | 9 | ||||
-rw-r--r-- | index.php | 44 | ||||
-rwxr-xr-x | program/include/iniset.php | 4 | ||||
-rw-r--r-- | program/include/rcube_imap_generic.php | 76 | ||||
-rw-r--r-- | program/include/rcube_vcard.php | 6 | ||||
-rw-r--r-- | program/js/app.js | 4 | ||||
-rw-r--r-- | program/steps/mail/func.inc | 3 | ||||
-rw-r--r-- | skins/default/functions.js | 2 |
8 files changed, 77 insertions, 71 deletions
@@ -1,6 +1,15 @@ CHANGELOG Roundcube Webmail =========================== +- Fix handling of backslash as IMAP delimiter +- Fix charset replacement in HTML message bodies (#1487021) +- Fix: contact group input is empty when using rename action more than once on the same group record +- Fix "Server Error! (Not Found)" when using utils/save-pref action (#1487023) +- Fix handling of Thunderbird's vCards (#1487024) + +RELEASE 0.4.1 +------------- + - Fix space-stuffing in format=flowed messages (#1487018) - Fix msgexport.sh now using the new imap wrapper - Avoid displaying password on shell (#1486947) @@ -2,7 +2,7 @@ /* +-------------------------------------------------------------------------+ | Roundcube Webmail IMAP Client | - | Version 0.4.1 | + | Version 0.4.2 | | | | Copyright (C) 2005-2010, Roundcube Dev. - Switzerland | | | @@ -141,22 +141,6 @@ else if ($RCMAIL->task != 'login' && $_SESSION['user_id'] && $RCMAIL->action != } } -// don't check for valid request tokens in these actions -$request_check_whitelist = array('login'=>1, 'spell'=>1); - -// check client X-header to verify request origin -if ($OUTPUT->ajax_call) { - if (!$RCMAIL->config->get('devel_mode') && rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !empty($RCMAIL->user->ID)) { - header('HTTP/1.1 404 Not Found'); - die("Invalid Request"); - } -} -// check request token in POST form submissions -else if (!empty($_POST) && !$request_check_whitelist[$RCMAIL->action] && !$RCMAIL->check_request()) { - $OUTPUT->show_message('invalidrequest', 'error'); - $OUTPUT->send($RCMAIL->task); -} - // not logged in -> show login page if (empty($RCMAIL->user->ID)) { if ($OUTPUT->ajax_call) @@ -176,17 +160,37 @@ if (empty($RCMAIL->user->ID)) { ) ); } - + $OUTPUT->set_env('task', 'login'); $OUTPUT->send('login'); } +// CSRF prevention +else { + // don't check for valid request tokens in these actions + $request_check_whitelist = array('login'=>1, 'spell'=>1); + + // check client X-header to verify request origin + if ($OUTPUT->ajax_call) { + if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) { + header('HTTP/1.1 404 Not Found'); + die("Invalid Request"); + } + } + // check request token in POST form submissions + else if (!empty($_POST) && !$request_check_whitelist[$RCMAIL->action] && !$RCMAIL->check_request()) { + $OUTPUT->show_message('invalidrequest', 'error'); + $OUTPUT->send($RCMAIL->task); + } +} - -// handle keep-alive signal +// handle special actions if ($RCMAIL->action == 'keep-alive') { $OUTPUT->reset(); $OUTPUT->send(); } +else if ($RCMAIL->action == 'save-pref') { + include 'steps/utils/save_pref.inc'; +} // map task/action to a certain include file diff --git a/program/include/iniset.php b/program/include/iniset.php index b4027ecbd..c2c07fc90 100755 --- a/program/include/iniset.php +++ b/program/include/iniset.php @@ -5,7 +5,7 @@ | program/include/iniset.php | | | | This file is part of the Roundcube Webmail client | - | Copyright (C) 2008-2009, Roundcube Dev, - Switzerland | + | Copyright (C) 2008-2010, Roundcube Dev, - Switzerland | | Licensed under the GNU GPL | | | | PURPOSE: | @@ -36,7 +36,7 @@ foreach ($crit_opts as $optname => $optval) { } // application constants -define('RCMAIL_VERSION', '0.4.1'); +define('RCMAIL_VERSION', '0.4.2'); define('RCMAIL_CHARSET', 'UTF-8'); define('JS_OBJECT_NAME', 'rcmail'); define('RCMAIL_START', microtime(true)); diff --git a/program/include/rcube_imap_generic.php b/program/include/rcube_imap_generic.php index b60ddc76e..bfbf072c3 100644 --- a/program/include/rcube_imap_generic.php +++ b/program/include/rcube_imap_generic.php @@ -423,23 +423,7 @@ class rcube_imap_generic return true; } - if (!$this->getCapability('NAMESPACE')) { - return false; - } - - if (!$this->putLine("ns1 NAMESPACE")) { - return false; - } - do { - $line = $this->readLine(1024); - if (preg_match('/^\* NAMESPACE/', $line)) { - $i = 0; - $line = $this->unEscape($line); - $data = $this->parseNamespace(substr($line,11), $i, 0, 0); - } - } while (!$this->startsWith($line, 'ns1', true, true)); - - if (!is_array($data)) { + if (!is_array($data = $this->_namespace())) { return false; } @@ -488,13 +472,9 @@ class rcube_imap_generic } do { - $line = $this->readLine(500); - if ($line[0] == '*') { - $line = rtrim($line); - $a = rcube_explode_quoted_string(' ', $this->unEscape($line)); - if ($a[0] == '*') { - $delimiter = str_replace('"', '', $a[count($a)-2]); - } + $line = $this->readLine(1024); + if (preg_match('/^\* LIST \([^\)]*\) "*([^"]+)"* ""/', $line, $m)) { + $delimiter = $this->unEscape($m[1]); } } while (!$this->startsWith($line, 'ghd', true, true)); @@ -504,23 +484,10 @@ class rcube_imap_generic // if that fails, try namespace extension // try to fetch namespace data - if (!$this->putLine("ns1 NAMESPACE")) { + if (!is_array($data = $this->_namespace())) { return false; } - do { - $line = $this->readLine(1024); - if (preg_match('/^\* NAMESPACE/', $line)) { - $i = 0; - $line = $this->unEscape($line); - $data = $this->parseNamespace(substr($line,11), $i, 0, 0); - } - } while (!$this->startsWith($line, 'ns1', true, true)); - - if (!is_array($data)) { - return false; - } - // extract user space data (opposed to global/shared space) $user_space_data = $data[0]; if (!is_array($user_space_data)) { @@ -539,6 +506,31 @@ class rcube_imap_generic return $delimiter; } + function _namespace() + { + if (!$this->getCapability('NAMESPACE')) { + return false; + } + + if (!$this->putLine("ns1 NAMESPACE")) { + return false; + } + + do { + $line = $this->readLine(1024); + if (preg_match('/^\* NAMESPACE/', $line)) { + $i = 0; + $data = $this->parseNamespace(substr($line,11), $i, 0, 0); + } + } while (!$this->startsWith($line, 'ns1', true, true)); + + if (!is_array($data)) { + return false; + } + + return $data; + } + function connect($host, $user, $password, $options=null) { // set options @@ -1660,9 +1652,9 @@ class rcube_imap_generic // folder name $folders[] = preg_replace(array('/^"/', '/"$/'), '', $this->unEscape($m[3])); // attributes -// $attrib = explode(' ', $m[1]); +// $attrib = explode(' ', $this->unEscape($m[1])); // delimiter -// $delim = $m[2]; +// $delim = $this->unEscape($m[2]); } } while (!$this->startsWith($line, $key, true)); @@ -2173,7 +2165,7 @@ class rcube_imap_generic $in_quotes = false; $elem = 0; - for ($i;$i<$len;$i++) { + for ($i; $i<$len; $i++) { $c = (string)$str[$i]; if ($c == '(' && !$in_quotes) { $i++; @@ -2184,7 +2176,7 @@ class rcube_imap_generic } else if ($c == '\\') { $i++; if ($in_quotes) { - $data[$elem] .= $c.$str[$i]; + $data[$elem] .= $str[$i]; } } else if ($c == '"') { $in_quotes = !$in_quotes; diff --git a/program/include/rcube_vcard.php b/program/include/rcube_vcard.php index 0eb7a780d..9bbc32b3c 100644 --- a/program/include/rcube_vcard.php +++ b/program/include/rcube_vcard.php @@ -218,7 +218,9 @@ class rcube_vcard if ($in_vcard_block && !empty($line)) $vcard_block .= $line . "\n"; - if (trim($line) == 'END:VCARD') { + $line = trim($line); + + if (preg_match('/^END:VCARD$/i', $line)) { // parse vcard $obj = new rcube_vcard(self::cleanup($vcard_block), $charset); if (!empty($obj->displayname)) @@ -226,7 +228,7 @@ class rcube_vcard $in_vcard_block = false; } - else if (trim($line) == 'BEGIN:VCARD') { + else if (preg_match('/^BEGIN:VCARD$/i', $line)) { $vcard_block = $line . "\n"; $in_vcard_block = true; } diff --git a/program/js/app.js b/program/js/app.js index 64cc7c631..5dec2ad39 100644 --- a/program/js/app.js +++ b/program/js/app.js @@ -1292,7 +1292,7 @@ function rcube_webmail() } } - this.http_post('utils/save-pref', '_name=collapsed_folders&_value='+urlencode(this.env.collapsed_folders)); + this.http_post('save-pref', '_name=collapsed_folders&_value='+urlencode(this.env.collapsed_folders)); this.set_unread_count_display(id, false); }; @@ -1463,7 +1463,7 @@ function rcube_webmail() if ((found = $.inArray('subject', this.env.coltypes)) >= 0) this.set_env('subject_col', found); - this.http_post('utils/save-pref', { '_name':'list_cols', '_value':this.env.coltypes, '_session':'list_attrib/columns' }); + this.http_post('save-pref', { '_name':'list_cols', '_value':this.env.coltypes, '_session':'list_attrib/columns' }); }; this.check_droptarget = function(id) diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 119a5da31..0d12a5bde 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -661,7 +661,7 @@ function rcmail_wash_html($html, $p = array(), $cid_replaces) // charset was converted to UTF-8 in rcube_imap::get_message_part(), // -> change charset specification in HTML accordingly - $charset_pattern = '(<meta\s+[^>]* content=)[\'"]?(\w+\/\w+;\s*charset=)([a-z0-9-_]+[\'"]?)'; + $charset_pattern = '(<meta\s+[^>]*content=)[\'"]?(\w+\/\w+;\s*charset=)([a-z0-9-_]+[\'"]?)'; if (preg_match("/$charset_pattern/Ui", $html)) { $html = preg_replace("/$charset_pattern/i", '\\1"\\2'.RCMAIL_CHARSET.'"', $html); } @@ -671,7 +671,6 @@ function rcmail_wash_html($html, $p = array(), $cid_replaces) $html = '<head></head>'. $html; $html = substr_replace($html, '<meta http-equiv="Content-Type" content="text/html; charset='.RCMAIL_CHARSET.'" />', intval(stripos($html, '<head>')+6), 0); } - // turn relative into absolute urls $html = rcmail_resolve_base($html); diff --git a/skins/default/functions.js b/skins/default/functions.js index 338ce203b..4615a462a 100644 --- a/skins/default/functions.js +++ b/skins/default/functions.js @@ -287,7 +287,7 @@ switch_preview_pane: function(elem) rcmail.env.contentframe = null; rcmail.show_contentframe(false); } - rcmail.http_post('utils/save-pref', '_name=preview_pane&_value='+(elem.checked?1:0)); + rcmail.http_post('save-pref', '_name=preview_pane&_value='+(elem.checked?1:0)); }, /* Message composing */ |