diff options
Diffstat (limited to 'program/lib/Roundcube')
-rw-r--r-- | program/lib/Roundcube/bootstrap.php | 15 | ||||
-rw-r--r-- | program/lib/Roundcube/rcube.php | 9 | ||||
-rw-r--r-- | program/lib/Roundcube/rcube_config.php | 10 | ||||
-rw-r--r-- | program/lib/Roundcube/rcube_imap.php | 8 | ||||
-rw-r--r-- | program/lib/Roundcube/rcube_ldap.php | 3 | ||||
-rw-r--r-- | program/lib/Roundcube/rcube_message.php | 16 | ||||
-rw-r--r-- | program/lib/Roundcube/rcube_plugin_api.php | 313 | ||||
-rw-r--r-- | program/lib/Roundcube/rcube_smtp.php | 14 | ||||
-rw-r--r-- | program/lib/Roundcube/rcube_washtml.php | 4 |
9 files changed, 202 insertions, 190 deletions
diff --git a/program/lib/Roundcube/bootstrap.php b/program/lib/Roundcube/bootstrap.php index af87beb24..24c1f86d4 100644 --- a/program/lib/Roundcube/bootstrap.php +++ b/program/lib/Roundcube/bootstrap.php @@ -3,7 +3,7 @@ /* +-----------------------------------------------------------------------+ | This file is part of the Roundcube PHP suite | - | Copyright (C) 2005-2014, The Roundcube Dev Team | + | Copyright (C) 2005-2015, The Roundcube Dev Team | | | | Licensed under the GNU General Public License version 3 or | | any later version with exceptions for skins & plugins. | @@ -54,7 +54,7 @@ foreach ($config as $optname => $optval) { } // framework constants -define('RCUBE_VERSION', '1.1-git'); +define('RCUBE_VERSION', '1.2-git'); define('RCUBE_CHARSET', 'UTF-8'); if (!defined('RCUBE_LIB_DIR')) { @@ -490,8 +490,11 @@ function rcube_autoload($classname) */ function rcube_pear_error($err) { - error_log(sprintf("%s (%s): %s", - $err->getMessage(), - $err->getCode(), - $err->getUserinfo()), 0); + $msg = sprintf("ERROR: %s (%s)", $err->getMessage(), $err->getCode()); + + if ($info = $err->getUserinfo()) { + $msg .= ': ' . $info; + } + + error_log($msg, 0); } diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php index 547e2b4ac..3aca88843 100644 --- a/program/lib/Roundcube/rcube.php +++ b/program/lib/Roundcube/rcube.php @@ -215,7 +215,10 @@ class rcube $this->mc_available = 0; // add all configured hosts to pool - $pconnect = $this->config->get('memcache_pconnect', true); + $pconnect = $this->config->get('memcache_pconnect', true); + $timeout = $this->config->get('memcache_timeout', 1); + $retry_interval = $this->config->get('memcache_retry_interval', 15); + foreach ($this->config->get('memcache_hosts', array()) as $host) { if (substr($host, 0, 7) != 'unix://') { list($host, $port) = explode(':', $host); @@ -226,7 +229,7 @@ class rcube } $this->mc_available += intval($this->memcache->addServer( - $host, $port, $pconnect, 1, 1, 15, false, array($this, 'memcache_failure'))); + $host, $port, $pconnect, 1, $timeout, $retry_interval, false, array($this, 'memcache_failure'))); } // test connection and failover (will result in $this->mc_available == 0 on complete failure) @@ -1706,7 +1709,7 @@ class rcube if (!$sent) { self::raise_error(array('code' => 800, 'type' => 'smtp', 'line' => __LINE__, 'file' => __FILE__, - 'message' => "SMTP error: ".join("\n", $response)), TRUE, FALSE); + 'message' => join("\n", $response)), true, false); } } // send mail using PHP's mail() function diff --git a/program/lib/Roundcube/rcube_config.php b/program/lib/Roundcube/rcube_config.php index 3fae931d7..89e45449d 100644 --- a/program/lib/Roundcube/rcube_config.php +++ b/program/lib/Roundcube/rcube_config.php @@ -233,8 +233,14 @@ class rcube_config $this->prop['skin'] = self::DEFAULT_SKIN; // fix paths - $this->prop['log_dir'] = $this->prop['log_dir'] ? realpath(unslashify($this->prop['log_dir'])) : RCUBE_INSTALL_PATH . 'logs'; - $this->prop['temp_dir'] = $this->prop['temp_dir'] ? realpath(unslashify($this->prop['temp_dir'])) : RCUBE_INSTALL_PATH . 'temp'; + foreach (array('log_dir' => 'logs', 'temp_dir' => 'temp') as $key => $dir) { + foreach (array($this->prop[$key], '../' . $this->prop[$key], RCUBE_INSTALL_PATH . $dir) as $path) { + if ($path && ($realpath = realpath(unslashify($path)))) { + $this->prop[$key] = $realpath; + break; + } + } + } // fix default imap folders encoding foreach (array('drafts_mbox', 'junk_mbox', 'sent_mbox', 'trash_mbox') as $folder) { diff --git a/program/lib/Roundcube/rcube_imap.php b/program/lib/Roundcube/rcube_imap.php index a1fd87442..d17b33f6e 100644 --- a/program/lib/Roundcube/rcube_imap.php +++ b/program/lib/Roundcube/rcube_imap.php @@ -3951,7 +3951,13 @@ class rcube_imap extends rcube_storage // @TODO: Honor MAXSIZE and DEPTH options foreach ($queries as $attrib => $entry) { - if ($result = $this->conn->getAnnotation($folder, $entry, $attrib)) { + $result = $this->conn->getAnnotation($folder, $entry, $attrib); + + // an error, invalidate any previous getAnnotation() results + if (!is_array($result)) { + return null; + } + else { foreach ($result as $fldr => $data) { $res[$fldr] = array_merge((array) $res[$fldr], $data); } diff --git a/program/lib/Roundcube/rcube_ldap.php b/program/lib/Roundcube/rcube_ldap.php index 981f2e841..13d55bde6 100644 --- a/program/lib/Roundcube/rcube_ldap.php +++ b/program/lib/Roundcube/rcube_ldap.php @@ -117,13 +117,14 @@ class rcube_ldap extends rcube_addressbook // fieldmap property is given if (is_array($p['fieldmap'])) { + $p['fieldmap'] = array_filter($p['fieldmap']); foreach ($p['fieldmap'] as $rf => $lf) $this->fieldmap[$rf] = $this->_attr_name(strtolower($lf)); } else if (!empty($p)) { // read deprecated *_field properties to remain backwards compatible foreach ($p as $prop => $value) - if (preg_match('/^(.+)_field$/', $prop, $matches)) + if (!empty($value) && preg_match('/^(.+)_field$/', $prop, $matches)) $this->fieldmap[$matches[1]] = $this->_attr_name(strtolower($value)); } diff --git a/program/lib/Roundcube/rcube_message.php b/program/lib/Roundcube/rcube_message.php index 20329a7f1..8af334446 100644 --- a/program/lib/Roundcube/rcube_message.php +++ b/program/lib/Roundcube/rcube_message.php @@ -627,8 +627,19 @@ class rcube_message $p->ctype_secondary = 'plain'; $p->mimetype = 'text/plain'; $p->realtype = 'multipart/encrypted'; + $p->mime_id = $structure->mime_id; $this->parts[] = $p; + + // add encrypted payload part as attachment + if (is_array($structure->parts)) { + for ($i=0; $i < count($structure->parts); $i++) { + $subpart = $structure->parts[$i]; + if ($subpart->mimetype == 'application/octet-stream' || !empty($subpart->filename)) { + $this->attachments[] = $subpart; + } + } + } } // this is an S/MIME ecrypted message -> create a plaintext body with the according message else if ($mimetype == 'application/pkcs7-mime') { @@ -638,8 +649,13 @@ class rcube_message $p->ctype_secondary = 'plain'; $p->mimetype = 'text/plain'; $p->realtype = 'application/pkcs7-mime'; + $p->mime_id = $structure->mime_id; $this->parts[] = $p; + + if (!empty($structure->filename)) { + $this->attachments[] = $structure; + } } // message contains multiple parts else if (is_array($structure->parts) && !empty($structure->parts)) { diff --git a/program/lib/Roundcube/rcube_plugin_api.php b/program/lib/Roundcube/rcube_plugin_api.php index ba5dffefd..8fd3253e0 100644 --- a/program/lib/Roundcube/rcube_plugin_api.php +++ b/program/lib/Roundcube/rcube_plugin_api.php @@ -42,47 +42,15 @@ class rcube_plugin_api public $allowed_session_prefs = array(); public $active_plugins = array(); - protected $plugins = array(); - protected $tasks = array(); - protected $actions = array(); - protected $actionmap = array(); - protected $objectsmap = array(); + protected $plugins = array(); + protected $tasks = array(); + protected $actions = array(); + protected $actionmap = array(); + protected $objectsmap = array(); protected $template_contents = array(); - protected $exec_stack = array(); - - // Deprecated names of hooks, will be removed after 0.5-stable release - protected $deprecated_hooks = array( - 'create_user' => 'user_create', - 'kill_session' => 'session_destroy', - 'upload_attachment' => 'attachment_upload', - 'save_attachment' => 'attachment_save', - 'get_attachment' => 'attachment_get', - 'cleanup_attachments' => 'attachments_cleanup', - 'display_attachment' => 'attachment_display', - 'remove_attachment' => 'attachment_delete', - 'outgoing_message_headers' => 'message_outgoing_headers', - 'outgoing_message_body' => 'message_outgoing_body', - 'address_sources' => 'addressbooks_list', - 'get_address_book' => 'addressbook_get', - 'create_contact' => 'contact_create', - 'save_contact' => 'contact_update', - 'contact_save' => 'contact_update', - 'delete_contact' => 'contact_delete', - 'manage_folders' => 'folders_list', - 'list_mailboxes' => 'mailboxes_list', - 'save_preferences' => 'preferences_save', - 'user_preferences' => 'preferences_list', - 'list_prefs_sections' => 'preferences_sections_list', - 'list_identities' => 'identities_list', - 'create_identity' => 'identity_create', - 'delete_identity' => 'identity_delete', - 'save_identity' => 'identity_update', - 'identity_save' => 'identity_update', - // to be removed after 0.8 - 'imap_init' => 'storage_init', - 'mailboxes_list' => 'storage_folders', - 'imap_connect' => 'storage_connect', - ); + protected $exec_stack = array(); + protected $deprecated_hooks = array(); + /** * This implements the 'singleton' design pattern @@ -243,7 +211,7 @@ class rcube_plugin_api true, false); } } - elseif ($require) { + else if ($require) { rcube::raise_error(array('code' => 520, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Failed to load plugin file $fn"), true, false); @@ -274,130 +242,134 @@ class rcube_plugin_api */ public function get_info($plugin_name) { - static $composer_lock, $license_uris = array( - 'Apache' => 'http://www.apache.org/licenses/LICENSE-2.0.html', - 'Apache-2' => 'http://www.apache.org/licenses/LICENSE-2.0.html', - 'Apache-1' => 'http://www.apache.org/licenses/LICENSE-1.0', - 'Apache-1.1' => 'http://www.apache.org/licenses/LICENSE-1.1', - 'GPL' => 'http://www.gnu.org/licenses/gpl.html', - 'GPLv2' => 'http://www.gnu.org/licenses/gpl-2.0.html', - 'GPL-2.0' => 'http://www.gnu.org/licenses/gpl-2.0.html', - 'GPLv3' => 'http://www.gnu.org/licenses/gpl-3.0.html', - 'GPLv3+' => 'http://www.gnu.org/licenses/gpl-3.0.html', - 'GPL-3.0' => 'http://www.gnu.org/licenses/gpl-3.0.html', - 'GPL-3.0+' => 'http://www.gnu.org/licenses/gpl.html', - 'GPL-2.0+' => 'http://www.gnu.org/licenses/gpl.html', - 'AGPLv3' => 'http://www.gnu.org/licenses/agpl.html', - 'AGPLv3+' => 'http://www.gnu.org/licenses/agpl.html', - 'AGPL-3.0' => 'http://www.gnu.org/licenses/agpl.html', - 'LGPL' => 'http://www.gnu.org/licenses/lgpl.html', - 'LGPLv2' => 'http://www.gnu.org/licenses/lgpl-2.0.html', - 'LGPLv2.1' => 'http://www.gnu.org/licenses/lgpl-2.1.html', - 'LGPLv3' => 'http://www.gnu.org/licenses/lgpl.html', - 'LGPL-2.0' => 'http://www.gnu.org/licenses/lgpl-2.0.html', - 'LGPL-2.1' => 'http://www.gnu.org/licenses/lgpl-2.1.html', - 'LGPL-3.0' => 'http://www.gnu.org/licenses/lgpl.html', - 'LGPL-3.0+' => 'http://www.gnu.org/licenses/lgpl.html', - 'BSD' => 'http://opensource.org/licenses/bsd-license.html', - 'BSD-2-Clause' => 'http://opensource.org/licenses/BSD-2-Clause', - 'BSD-3-Clause' => 'http://opensource.org/licenses/BSD-3-Clause', - 'FreeBSD' => 'http://opensource.org/licenses/BSD-2-Clause', - 'MIT' => 'http://www.opensource.org/licenses/mit-license.php', - 'PHP' => 'http://opensource.org/licenses/PHP-3.0', - 'PHP-3' => 'http://www.php.net/license/3_01.txt', - 'PHP-3.0' => 'http://www.php.net/license/3_0.txt', - 'PHP-3.01' => 'http://www.php.net/license/3_01.txt', - ); - - $dir = dir($this->dir); - $fn = unslashify($dir->path) . "/$plugin_name/$plugin_name.php"; - $info = false; - - if (!class_exists($plugin_name, false)) { - if (is_readable($fn)) - include($fn); - else - return false; - } - - if (class_exists($plugin_name)) - $info = $plugin_name::info(); - - // fall back to composer.json file - if (!$info) { - $composer = INSTALL_PATH . "/plugins/$plugin_name/composer.json"; - if (is_readable($composer) && ($json = @json_decode(file_get_contents($composer), true))) { - list($info['vendor'], $info['name']) = explode('/', $json['name']); - $info['version'] = $json['version']; - $info['license'] = $json['license']; - $info['uri'] = $json['homepage']; - $info['require'] = array_filter(array_keys((array)$json['require']), function($pname) { - if (strpos($pname, '/') == false) - return false; - list($vendor, $name) = explode('/', $pname); - return !($name == 'plugin-installer' || $vendor == 'pear-pear'); - }); - } - - // read local composer.lock file (once) - if (!isset($composer_lock)) { - $composer_lock = @json_decode(@file_get_contents(INSTALL_PATH . "/composer.lock"), true); - if ($composer_lock['packages']) { - foreach ($composer_lock['packages'] as $i => $package) { - $composer_lock['installed'][$package['name']] = $package; + static $composer_lock, $license_uris = array( + 'Apache' => 'http://www.apache.org/licenses/LICENSE-2.0.html', + 'Apache-2' => 'http://www.apache.org/licenses/LICENSE-2.0.html', + 'Apache-1' => 'http://www.apache.org/licenses/LICENSE-1.0', + 'Apache-1.1' => 'http://www.apache.org/licenses/LICENSE-1.1', + 'GPL' => 'http://www.gnu.org/licenses/gpl.html', + 'GPLv2' => 'http://www.gnu.org/licenses/gpl-2.0.html', + 'GPL-2.0' => 'http://www.gnu.org/licenses/gpl-2.0.html', + 'GPLv3' => 'http://www.gnu.org/licenses/gpl-3.0.html', + 'GPLv3+' => 'http://www.gnu.org/licenses/gpl-3.0.html', + 'GPL-3.0' => 'http://www.gnu.org/licenses/gpl-3.0.html', + 'GPL-3.0+' => 'http://www.gnu.org/licenses/gpl.html', + 'GPL-2.0+' => 'http://www.gnu.org/licenses/gpl.html', + 'AGPLv3' => 'http://www.gnu.org/licenses/agpl.html', + 'AGPLv3+' => 'http://www.gnu.org/licenses/agpl.html', + 'AGPL-3.0' => 'http://www.gnu.org/licenses/agpl.html', + 'LGPL' => 'http://www.gnu.org/licenses/lgpl.html', + 'LGPLv2' => 'http://www.gnu.org/licenses/lgpl-2.0.html', + 'LGPLv2.1' => 'http://www.gnu.org/licenses/lgpl-2.1.html', + 'LGPLv3' => 'http://www.gnu.org/licenses/lgpl.html', + 'LGPL-2.0' => 'http://www.gnu.org/licenses/lgpl-2.0.html', + 'LGPL-2.1' => 'http://www.gnu.org/licenses/lgpl-2.1.html', + 'LGPL-3.0' => 'http://www.gnu.org/licenses/lgpl.html', + 'LGPL-3.0+' => 'http://www.gnu.org/licenses/lgpl.html', + 'BSD' => 'http://opensource.org/licenses/bsd-license.html', + 'BSD-2-Clause' => 'http://opensource.org/licenses/BSD-2-Clause', + 'BSD-3-Clause' => 'http://opensource.org/licenses/BSD-3-Clause', + 'FreeBSD' => 'http://opensource.org/licenses/BSD-2-Clause', + 'MIT' => 'http://www.opensource.org/licenses/mit-license.php', + 'PHP' => 'http://opensource.org/licenses/PHP-3.0', + 'PHP-3' => 'http://www.php.net/license/3_01.txt', + 'PHP-3.0' => 'http://www.php.net/license/3_0.txt', + 'PHP-3.01' => 'http://www.php.net/license/3_01.txt', + ); + + $dir = dir($this->dir); + $fn = unslashify($dir->path) . "/$plugin_name/$plugin_name.php"; + $info = false; + + if (!class_exists($plugin_name, false)) { + if (is_readable($fn)) { + include($fn); + } + else { + return false; + } + } + + if (class_exists($plugin_name)) { + $info = $plugin_name::info(); + } + + // fall back to composer.json file + if (!$info) { + $composer = INSTALL_PATH . "/plugins/$plugin_name/composer.json"; + if (is_readable($composer) && ($json = @json_decode(file_get_contents($composer), true))) { + list($info['vendor'], $info['name']) = explode('/', $json['name']); + $info['version'] = $json['version']; + $info['license'] = $json['license']; + $info['uri'] = $json['homepage']; + $info['require'] = array_filter(array_keys((array)$json['require']), function($pname) { + if (strpos($pname, '/') == false) { + return false; + } + list($vendor, $name) = explode('/', $pname); + return !($name == 'plugin-installer' || $vendor == 'pear-pear'); + }); + } + + // read local composer.lock file (once) + if (!isset($composer_lock)) { + $composer_lock = @json_decode(@file_get_contents(INSTALL_PATH . "/composer.lock"), true); + if ($composer_lock['packages']) { + foreach ($composer_lock['packages'] as $i => $package) { + $composer_lock['installed'][$package['name']] = $package; + } + } } - } - } - - // load additional information from local composer.lock file - if ($lock = $composer_lock['installed'][$json['name']]) { - $info['version'] = $lock['version']; - $info['uri'] = $lock['homepage'] ? $lock['homepage'] : $lock['source']['uri']; - $info['src_uri'] = $lock['dist']['uri'] ? $lock['dist']['uri'] : $lock['source']['uri']; - } - } - - // fall back to package.xml file - if (!$info) { - $package = INSTALL_PATH . "/plugins/$plugin_name/package.xml"; - if (is_readable($package) && ($file = file_get_contents($package))) { - $doc = new DOMDocument(); - $doc->loadXML($file); - $xpath = new DOMXPath($doc); - $xpath->registerNamespace('rc', "http://pear.php.net/dtd/package-2.0"); - - // XPaths of plugin metadata elements - $metadata = array( - 'name' => 'string(//rc:package/rc:name)', - 'version' => 'string(//rc:package/rc:version/rc:release)', - 'license' => 'string(//rc:package/rc:license)', - 'license_uri' => 'string(//rc:package/rc:license/@uri)', - 'src_uri' => 'string(//rc:package/rc:srcuri)', - 'uri' => 'string(//rc:package/rc:uri)', - ); - - foreach ($metadata as $key => $path) { - $info[$key] = $xpath->evaluate($path); - } - - // dependent required plugins (can be used, but not included in config) - $deps = $xpath->evaluate('//rc:package/rc:dependencies/rc:required/rc:package/rc:name'); - for ($i = 0; $i < $deps->length; $i++) { - $dn = $deps->item($i)->nodeValue; - $info['require'][] = $dn; - } - } - } - - // At least provide the name - if (!$info && class_exists($plugin_name)) { - $info = array('name' => $plugin_name, 'version' => '--'); - } - else if ($info['license'] && empty($info['license_uri']) && ($license_uri = $license_uris[$info['license']])) { - $info['license_uri'] = $license_uri; - } - - return $info; + + // load additional information from local composer.lock file + if ($lock = $composer_lock['installed'][$json['name']]) { + $info['version'] = $lock['version']; + $info['uri'] = $lock['homepage'] ? $lock['homepage'] : $lock['source']['uri']; + $info['src_uri'] = $lock['dist']['uri'] ? $lock['dist']['uri'] : $lock['source']['uri']; + } + } + + // fall back to package.xml file + if (!$info) { + $package = INSTALL_PATH . "/plugins/$plugin_name/package.xml"; + if (is_readable($package) && ($file = file_get_contents($package))) { + $doc = new DOMDocument(); + $doc->loadXML($file); + $xpath = new DOMXPath($doc); + $xpath->registerNamespace('rc', "http://pear.php.net/dtd/package-2.0"); + + // XPaths of plugin metadata elements + $metadata = array( + 'name' => 'string(//rc:package/rc:name)', + 'version' => 'string(//rc:package/rc:version/rc:release)', + 'license' => 'string(//rc:package/rc:license)', + 'license_uri' => 'string(//rc:package/rc:license/@uri)', + 'src_uri' => 'string(//rc:package/rc:srcuri)', + 'uri' => 'string(//rc:package/rc:uri)', + ); + + foreach ($metadata as $key => $path) { + $info[$key] = $xpath->evaluate($path); + } + + // dependent required plugins (can be used, but not included in config) + $deps = $xpath->evaluate('//rc:package/rc:dependencies/rc:required/rc:package/rc:name'); + for ($i = 0; $i < $deps->length; $i++) { + $dn = $deps->item($i)->nodeValue; + $info['require'][] = $dn; + } + } + } + + // At least provide the name + if (!$info && class_exists($plugin_name)) { + $info = array('name' => $plugin_name, 'version' => '--'); + } + else if ($info['license'] && empty($info['license_uri']) && ($license_uri = $license_uris[$info['license']])) { + $info['license_uri'] = $license_uri; + } + + return $info; } /** @@ -433,9 +405,11 @@ class rcube_plugin_api */ public function unregister_hook($hook, $callback) { - $callback_id = array_search($callback, $this->handlers[$hook]); + $callback_id = array_search($callback, (array) $this->handlers[$hook]); if ($callback_id !== false) { - unset($this->handlers[$hook][$callback_id]); + // array_splice() removes the element and re-indexes keys + // that is required by the 'for' loop in exec_hook() below + array_splice($this->handlers[$hook], $callback_id, 1); } } @@ -454,13 +428,14 @@ class rcube_plugin_api $args = array('arg' => $args); } - // TODO: avoid recusion by checking in_array($hook, $this->exec_stack) ? + // TODO: avoid recursion by checking in_array($hook, $this->exec_stack) ? $args += array('abort' => false); array_push($this->exec_stack, $hook); - foreach ((array)$this->handlers[$hook] as $callback) { - $ret = call_user_func($callback, $args); + // Use for loop here, so handlers added in the hook will be executed too + for ($i = 0; $i < count($this->handlers[$hook]); $i++) { + $ret = call_user_func($this->handlers[$hook][$i], $args); if ($ret && is_array($ret)) { $args = $ret + $args; } diff --git a/program/lib/Roundcube/rcube_smtp.php b/program/lib/Roundcube/rcube_smtp.php index 70f15dc7b..c3a51467b 100644 --- a/program/lib/Roundcube/rcube_smtp.php +++ b/program/lib/Roundcube/rcube_smtp.php @@ -243,8 +243,9 @@ class rcube_smtp if (PEAR::isError($this->conn->mailFrom($from, $from_params))) { $err = $this->conn->getResponse(); $this->error = array('label' => 'smtpfromerror', 'vars' => array( - 'from' => $from, 'code' => $this->conn->_code, 'msg' => $err[1])); - $this->response[] = "Failed to set sender '$from'"; + 'from' => $from, 'code' => $err[0], 'msg' => $err[1])); + $this->response[] = "Failed to set sender '$from'. " + . $err[1] . ' (Code: ' . $err[0] . ')'; $this->reset(); return false; } @@ -262,8 +263,9 @@ class rcube_smtp if (PEAR::isError($this->conn->rcptTo($recipient, $recipient_params))) { $err = $this->conn->getResponse(); $this->error = array('label' => 'smtptoerror', 'vars' => array( - 'to' => $recipient, 'code' => $this->conn->_code, 'msg' => $err[1])); - $this->response[] = "Failed to add recipient '$recipient'"; + 'to' => $recipient, 'code' => $err[0], 'msg' => $err[1])); + $this->response[] = "Failed to add recipient '$recipient'. " + . $err[1] . ' (Code: ' . $err[0] . ')'; $this->reset(); return false; } @@ -286,7 +288,7 @@ class rcube_smtp } // Send the message's headers and the body as SMTP data. - if (PEAR::isError($result = $this->conn->data($data, $text_headers))) { + if (PEAR::isError($this->conn->data($data, $text_headers))) { $err = $this->conn->getResponse(); if (!in_array($err[0], array(354, 250, 221))) { $msg = sprintf('[%d] %s', $err[0], $err[1]); @@ -296,7 +298,7 @@ class rcube_smtp } $this->error = array('label' => 'smtperror', 'vars' => array('msg' => $msg)); - $this->response[] = "Failed to send data"; + $this->response[] = "Failed to send data. " . $msg; $this->reset(); return false; } diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php index 4bf189e99..e0cce685b 100644 --- a/program/lib/Roundcube/rcube_washtml.php +++ b/program/lib/Roundcube/rcube_washtml.php @@ -244,8 +244,8 @@ class rcube_washtml $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"'; } else if ($key == 'style' && ($style = $this->wash_style($value))) { - $quot = strpos($style, '"') !== false ? "'" : '"'; - $t .= ' style=' . $quot . $style . $quot; + // replace double quotes to prevent syntax error and XSS issues (#1490227) + $t .= ' style="' . str_replace('"', '"', $style) . '"'; } else if ($key == 'background' || ($key == 'src' && preg_match('/^(img|source)$/i', $node->tagName)) |