diff options
Diffstat (limited to 'program/steps/mail/func.inc')
-rw-r--r-- | program/steps/mail/func.inc | 36 |
1 files changed, 24 insertions, 12 deletions
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index abf112212..b62e8a86c 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -273,7 +273,7 @@ function rcmail_js_message_list($a_headers, $insert_top=FALSE, $a_show_cols=null if (in_array($col, array('from', 'to', 'cc', 'replyto'))) $cont = Q(rcmail_address_string($header->$col, 3), 'show'); else if ($col=='subject') { - $cont = abbreviate_string(trim($IMAP->decode_header($header->$col)), 160); + $cont = trim($IMAP->decode_header($header->$col)); if (!$cont) $cont = rcube_label('nosubject'); $cont = Q($cont); } @@ -665,7 +665,8 @@ function rcmail_print_body($part, $p = array()) // trigger plugin hook $data = $RCMAIL->plugins->exec_hook('message_part_before', - array('type' => $part->ctype_secondary, 'body' => $part->body) + $p + array('safe' => false, 'plain' => false, 'inline_html' => true)); + array('type' => $part->ctype_secondary, 'body' => $part->body, 'id' => $part->mime_id) + + $p + array('safe' => false, 'plain' => false, 'inline_html' => true)); // convert html to text/plain if ($data['type'] == 'html' && $data['plain']) { @@ -698,7 +699,8 @@ function rcmail_print_body($part, $p = array()) $body = rcmail_plain_body($body, $part->ctype_parameters['format'] == 'flowed'); // allow post-processing of the message body - $data = $RCMAIL->plugins->exec_hook('message_part_after', array('type' => $part->ctype_secondary, 'body' => $body) + $data); + $data = $RCMAIL->plugins->exec_hook('message_part_after', + array('type' => $part->ctype_secondary, 'body' => $body, 'id' => $part->mime_id) + $data); return $data['type'] == 'html' ? $data['body'] : html::tag('pre', array(), $data['body']); } @@ -827,10 +829,10 @@ function rcmail_washtml_callback($tagname, $attrib, $content) case 'style': // decode all escaped entities and reduce to ascii strings - $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entity_decode($content)); + $stripped = preg_replace('/[^a-zA-Z\(:;]/', '', rcmail_xss_entity_decode($content)); // now check for evil strings like expression, behavior or url() - if (!preg_match('/expression|behavior|url\(|import/', $stripped)) { + if (!preg_match('/expression|behavior|url\(|import[^a]/', $stripped)) { $out = html::tag('style', array('type' => 'text/css'), $content); break; } @@ -940,16 +942,25 @@ function rcmail_message_headers($attrib, $headers=NULL) $table->add(array('class' => 'header '.$hkey), Q($row['value'], ($hkey == 'subject' ? 'strict' : 'show'))); } - // all headers division - $table->add(array('colspan' => 2, 'class' => "more-headers show-headers", 'onclick' => "return ".JS_OBJECT_NAME.".command('load-headers','',this)"), ''); - $table->add_row(array('id' => "all-headers")); - $table->add(array('colspan' => 2, 'class' => "all"), html::div(array('id' => 'headers-source'), '')); + return $table->show($attrib); +} + + +/** + * return block to show full message headers + */ +function rcmail_message_full_headers($attrib, $headers=NULL) +{ + global $OUTPUT; + + $html = html::div(array('class' => "more-headers show-headers", 'onclick' => "return ".JS_OBJECT_NAME.".command('load-headers','',this)"), ''); + $html .= html::div(array('id' => "all-headers", 'class' => "all", 'style' => 'display:none'), html::div(array('id' => 'headers-source'), '')); $OUTPUT->add_gui_object('all_headers_row', 'all-headers'); $OUTPUT->add_gui_object('all_headers_box', 'headers-source'); - - return $table->show($attrib); - } + + return html::div($attrib, $html); +} /** @@ -1749,6 +1760,7 @@ $OUTPUT->add_handlers(array( 'quotadisplay' => 'rcmail_quota_display', 'mailboxname' => 'rcmail_mailbox_name_display', 'messageheaders' => 'rcmail_message_headers', + 'messagefullheaders' => 'rcmail_message_full_headers', 'messagebody' => 'rcmail_message_body', 'messagecontentframe' => 'rcmail_messagecontent_frame', 'messagepartframe' => 'rcmail_message_part_frame', |