diff options
Diffstat (limited to 'program/steps/mail/func.inc')
| -rw-r--r-- | program/steps/mail/func.inc | 316 |
1 files changed, 214 insertions, 102 deletions
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index cb1a5ddae..274c40b5c 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -5,7 +5,7 @@ | program/steps/mail/func.inc | | | | This file is part of the Roundcube Webmail client | - | Copyright (C) 2005-2010, The Roundcube Dev Team | + | Copyright (C) 2005-2012, The Roundcube Dev Team | | | | Licensed under the GNU General Public License version 3 or | | any later version with exceptions for skins & plugins. | @@ -89,11 +89,12 @@ if (empty($RCMAIL->action) || $RCMAIL->action == 'list') { } $threading = (bool) $RCMAIL->storage->get_threading(); + $delimiter = $RCMAIL->storage->get_hierarchy_delimiter(); // set current mailbox and some other vars in client environment $OUTPUT->set_env('mailbox', $mbox_name); $OUTPUT->set_env('pagesize', $RCMAIL->storage->get_pagesize()); - $OUTPUT->set_env('delimiter', $RCMAIL->storage->get_hierarchy_delimiter()); + $OUTPUT->set_env('delimiter', $delimiter); $OUTPUT->set_env('threading', $threading); $OUTPUT->set_env('threads', $threading || $RCMAIL->storage->get_capability('THREAD')); $OUTPUT->set_env('preview_pane_mark_read', $RCMAIL->config->get('preview_pane_mark_read', 0)); @@ -121,7 +122,10 @@ if (empty($RCMAIL->action) || $RCMAIL->action == 'list') { 'movingmessage', 'copyingmessage', 'deletingmessage', 'markingmessage', 'copy', 'move', 'quota'); - $OUTPUT->set_pagetitle(rcmail_localize_foldername($RCMAIL->storage->mod_folder($mbox_name))); + $pagetitle = $RCMAIL->localize_foldername($RCMAIL->storage->mod_folder($mbox_name), true); + $pagetitle = str_replace($delimiter, " \xC2\xBB ", $pagetitle); + + $OUTPUT->set_pagetitle($pagetitle); } /** @@ -628,39 +632,6 @@ function rcmail_wash_html($html, $p, $cid_replaces) $p += array('safe' => false, 'inline_html' => true); - // special replacements (not properly handled by washtml class) - $html_search = array( - '/(<\/nobr>)(\s+)(<nobr>)/i', // space(s) between <NOBR> - '/<title[^>]*>[^<]*<\/title>/i', // PHP bug #32547 workaround: remove title tag - '/^(\0\0\xFE\xFF|\xFF\xFE\0\0|\xFE\xFF|\xFF\xFE|\xEF\xBB\xBF)/', // byte-order mark (only outlook?) - '/<html\s[^>]+>/i', // washtml/DOMDocument cannot handle xml namespaces - ); - $html_replace = array( - '\\1'.' '.'\\3', - '', - '', - '<html>', - ); - $html = preg_replace($html_search, $html_replace, trim($html)); - - // PCRE errors handling (#1486856), should we use something like for every preg_* use? - if ($html === null && ($preg_error = preg_last_error()) != PREG_NO_ERROR) { - $errstr = "Could not clean up HTML message! PCRE Error: $preg_error."; - - if ($preg_error == PREG_BACKTRACK_LIMIT_ERROR) - $errstr .= " Consider raising pcre.backtrack_limit!"; - if ($preg_error == PREG_RECURSION_LIMIT_ERROR) - $errstr .= " Consider raising pcre.recursion_limit!"; - - raise_error(array('code' => 620, 'type' => 'php', - 'line' => __LINE__, 'file' => __FILE__, - 'message' => $errstr), true, false); - return ''; - } - - // fix (unknown/malformed) HTML tags before "wash" - $html = preg_replace_callback('/(<[\/]*)([^\s>]+)/', 'rcmail_html_tag_callback', $html); - // charset was converted to UTF-8 in rcube_storage::get_message_part(), // change/add charset specification in HTML accordingly, // washtml cannot work without that @@ -674,9 +645,6 @@ function rcmail_wash_html($html, $p, $cid_replaces) $html = '<head>' . $meta . '</head>' . $html; } - // turn relative into absolute urls - $html = rcmail_resolve_base($html); - // clean HTML with washhtml by Frederic Motte $wash_opts = array( 'show_washed' => false, @@ -702,7 +670,7 @@ function rcmail_wash_html($html, $p, $cid_replaces) $wash_opts['html_attribs'] = $p['html_attribs']; // initialize HTML washer - $washer = new washtml($wash_opts); + $washer = new rcube_washtml($wash_opts); if (!$p['skip_washer_form_callback']) $washer->add_callback('form', 'rcmail_washtml_callback'); @@ -739,8 +707,11 @@ function rcmail_print_body($part, $p = array()) + $p + array('safe' => false, 'plain' => false, 'inline_html' => true)); // convert html to text/plain - if ($data['type'] == 'html' && $data['plain']) { - $txt = new html2text($data['body'], false, true); + if ($data['plain'] && ($data['type'] == 'html' || $data['type'] == 'enriched')) { + if ($data['type'] == 'enriched') { + $data['body'] = rcube_enriched::to_html($data['body']); + } + $txt = new rcube_html2text($data['body'], false, true); $body = $txt->get_text(); $part->ctype_secondary = 'plain'; } @@ -751,8 +722,7 @@ function rcmail_print_body($part, $p = array()) } // text/enriched else if ($data['type'] == 'enriched') { - require_once(INSTALL_PATH . 'program/lib/enriched.inc'); - $body = enriched_to_html($data['body']); + $body = rcube_enriched::to_html($data['body']); $body = rcmail_wash_html($body, $data, $part->replaces); $part->ctype_secondary = 'html'; } @@ -790,7 +760,8 @@ function rcmail_plain_body($body, $flowed=false) global $RCMAIL; // make links and email-addresses clickable - $replacer = new rcmail_string_replacer; + $attribs = array('link_attribs' => array('rel' => 'noreferrer', 'target' => '_blank')); + $replacer = new rcmail_string_replacer($attribs); // search for patterns like links and e-mail addresses and replace with tokens $body = $replacer->replace($body); @@ -922,31 +893,15 @@ function rcmail_washtml_callback($tagname, $attrib, $content, $washtml) /** - * Callback function for HTML tags fixing - */ -function rcmail_html_tag_callback($matches) -{ - $tagname = $matches[2]; - - $tagname = preg_replace(array( - '/:.*$/', // Microsoft's Smart Tags <st1:xxxx> - '/[^a-z0-9_\[\]\!-]/i', // forbidden characters - ), '', $tagname); - - return $matches[1].$tagname; -} - - -/** * return table with message headers */ -function rcmail_message_headers($attrib, $headers=NULL) +function rcmail_message_headers($attrib, $headers=null) { global $OUTPUT, $MESSAGE, $PRINT_MODE, $RCMAIL; static $sa_attrib; // keep header table attrib - if (is_array($attrib) && !$sa_attrib) + if (is_array($attrib) && !$sa_attrib && !$attrib['valueof']) $sa_attrib = $attrib; else if (!is_array($attrib) && is_array($sa_attrib)) $attrib = $sa_attrib; @@ -955,11 +910,20 @@ function rcmail_message_headers($attrib, $headers=NULL) return FALSE; // get associative array of headers object - if (!$headers) - $headers = is_object($MESSAGE->headers) ? get_object_vars($MESSAGE->headers) : $MESSAGE->headers; + if (!$headers) { + $headers_obj = $MESSAGE->headers; + $headers = get_object_vars($MESSAGE->headers); + } + else if (is_object($headers)) { + $headers_obj = $headers; + $headers = get_object_vars($headers_obj); + } + else { + $headers_obj = rcube_message_header::from_array($headers); + } // show these headers - $standard_headers = array('subject', 'from', 'to', 'cc', 'bcc', 'replyto', + $standard_headers = array('subject', 'from', 'sender', 'to', 'cc', 'bcc', 'replyto', 'mail-reply-to', 'mail-followup-to', 'date', 'priority'); $exclude_headers = $attrib['exclude'] ? explode(',', $attrib['exclude']) : array(); $output_headers = array(); @@ -1010,6 +974,14 @@ function rcmail_message_headers($attrib, $headers=NULL) else continue; } + else if ($hkey == 'sender') { + if ($headers['sender'] != $headers['from']) { + $header_value = rcmail_address_string($value, $attrib['max'], true, $attrib['addicon'], $headers['charset'], $header_title); + $ishtml = true; + } + else + continue; + } else if ($hkey == 'mail-followup-to') { $header_value = rcmail_address_string($value, $attrib['max'], true, $attrib['addicon'], $headers['charset'], $header_title); $ishtml = true; @@ -1032,7 +1004,7 @@ function rcmail_message_headers($attrib, $headers=NULL) } $plugin = $RCMAIL->plugins->exec_hook('message_headers_output', - array('output' => $output_headers, 'headers' => $MESSAGE->headers, 'exclude' => $exclude_headers)); + array('output' => $output_headers, 'headers' => $headers_obj, 'exclude' => $exclude_headers)); // single header value is requested if (!empty($attrib['valueof'])) @@ -1111,12 +1083,13 @@ function rcmail_message_body($attrib) if (!empty($MESSAGE->parts)) { foreach ($MESSAGE->parts as $i => $part) { - if ($part->type == 'headers') - $out .= rcmail_message_headers(sizeof($header_attrib) ? $header_attrib : NULL, $part->headers); + if ($part->type == 'headers') { + $out .= html::div('message-partheaders', rcmail_message_headers(sizeof($header_attrib) ? $header_attrib : null, $part->headers)); + } else if ($part->type == 'content') { - // unsapported + // unsupported (e.g. encrypted) if ($part->realtype) { - if ($part->realtype == 'multipart/encrypted') { + if ($part->realtype == 'multipart/encrypted' || $part->realtype == 'application/pkcs7-mime') { $out .= html::span('part-notice', rcube_label('encryptedmessage')); } continue; @@ -1140,6 +1113,15 @@ function rcmail_message_body($attrib) if (!isset($part->body)) $part->body = $MESSAGE->get_part_content($part->mime_id); + // extract headers from message/rfc822 parts + if ($part->mimetype == 'message/rfc822') { + $msgpart = rcube_mime::parse_message($part->body); + if (!empty($msgpart->headers)) { + $part = $msgpart; + $out .= html::div('message-partheaders', rcmail_message_headers(sizeof($header_attrib) ? $header_attrib : null, $part->headers)); + } + } + // message is cached but not exists (#1485443), or other error if ($part->body === false) { rcmail_message_error($MESSAGE->uid); @@ -1204,10 +1186,9 @@ function rcmail_message_body($attrib) $show_link = array( 'href' => $MESSAGE->get_part_url($attach_prop->mime_id, false), 'onclick' => sprintf( - 'return %s.command(\'load-attachment\',{part:\'%s\', mimetype:\'%s\'},this)', + 'return %s.command(\'load-attachment\',\'%s\',this)', JS_OBJECT_NAME, - $attach_prop->mime_id, - $mimetype) + $attach_prop->mime_id) ); $out .= html::p('image-attachment', html::a($show_link + array('class' => 'image-link', 'style' => sprintf('width:%dpx', $thumbnail_size)), @@ -1264,7 +1245,7 @@ function rcmail_part_image_type($part) // Content-Type: image/*... if (preg_match($mime_regex, $part->mimetype)) { - return $part->mimetype; + return rcmail_fix_mimetype($part->mimetype); } // Many clients use application/octet-stream, we'll detect mimetype @@ -1293,20 +1274,6 @@ function rcmail_part_image_type($part) } } -/** - * Convert all relative URLs according to a <base> in HTML - */ -function rcmail_resolve_base($body) -{ - // check for <base href=...> - if (preg_match('!(<base.*href=["\']?)([hftps]{3,5}://[a-z0-9/.%-]+)!i', $body, $regs)) { - $replacer = new rcube_base_replacer($regs[2]); - $body = $replacer->replace($body); - } - - return $body; -} - /** * modify a HTML message that it can be displayed inside a HTML page @@ -1407,7 +1374,7 @@ function rcmail_html4inline($body, $container_id, $body_id='', &$attributes=null /** - * parse link attributes and set correct target + * parse link (a, link, area) attributes and set correct target */ function rcmail_alter_html_link($matches) { @@ -1416,9 +1383,9 @@ function rcmail_alter_html_link($matches) // Support unicode/punycode in top-level domain part $EMAIL_PATTERN = '([a-z0-9][a-z0-9\-\.\+\_]*@[^&@"\'.][^@&"\']*\\.([^\\x00-\\x40\\x5b-\\x60\\x7b-\\x7f]{2,}|xn--[a-z0-9]{2,}))'; - $tag = $matches[1]; + $tag = strtolower($matches[1]); $attrib = parse_attrib_string($matches[2]); - $end = '>'; + $end = '>'; // Remove non-printable characters in URL (#1487805) if ($attrib['href']) @@ -1445,6 +1412,11 @@ function rcmail_alter_html_link($matches) $attrib['target'] = '_blank'; } + // Better security by adding rel="noreferrer" (#1484686) + if (($tag == 'a' || $tag == 'area') && $attrib['href'] && $attrib['href'][0] != '#') { + $attrib['rel'] = 'noreferrer'; + } + // allowed attributes for a|link|area tags $allow = array('href','name','target','onclick','id','class','style','title', 'rel','type','media','alt','coords','nohref','hreflang','shape'); @@ -1480,6 +1452,11 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null, $mailto = $part['mailto']; $string = $part['string']; + // phishing email prevention (#1488981), e.g. "valid@email.addr <phishing@email.addr>" + if ($name && $name != $mailto && strpos($name, '@')) { + $name = ''; + } + // IDNA ASCII to Unicode if ($name == $mailto) $name = rcube_idn_to_utf8($name); @@ -1510,7 +1487,7 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null, if ($addicon && $_SESSION['writeable_abook']) { $address .= html::a(array( 'href' => "#add", - 'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, $string), + 'onclick' => sprintf("return %s.command('add-contact','%s',this)", JS_OBJECT_NAME, JQ($string)), 'title' => rcube_label('addtoaddressbook'), 'class' => 'rcmaddcontact', ), @@ -1638,10 +1615,7 @@ function rcmail_message_part_controls($attrib) $part = $MESSAGE->mime_parts[$part]; $table = new html_table(array('cols' => 3)); - $filename = $part->filename; - if (empty($filename) && $attach_prop->mimetype == 'text/html') { - $filename = rcube_label('htmlmessage'); - } + $filename = rcmail_attachment_name($part); if (!empty($filename)) { $table->add('title', Q(rcube_label('filename'))); @@ -1656,7 +1630,6 @@ function rcmail_message_part_controls($attrib) } - function rcmail_message_part_frame($attrib) { global $MESSAGE; @@ -1702,11 +1675,11 @@ function rcmail_send_mdn($message, &$smtp_error) if ($message->headers->mdn_to && empty($message->headers->flags['MDNSENT']) && ($RCMAIL->storage->check_permflag('MDNSENT') || $RCMAIL->storage->check_permflag('*'))) { - $identity = $RCMAIL->user->get_identity(); - $sender = format_email_recipient($identity['email'], $identity['name']); + $identity = rcmail_identity_select($message); + $sender = format_email_recipient($identity['email'], $identity['name']); $recipient = array_shift(rcube_mime::decode_address_list( $message->headers->mdn_to, 1, true, $message->headers->charset)); - $mailto = $recipient['mailto']; + $mailto = $recipient['mailto']; $compose = new Mail_mime("\r\n"); @@ -1731,6 +1704,9 @@ function rcmail_send_mdn($message, &$smtp_error) if ($agent = $RCMAIL->config->get('useragent')) $headers['User-Agent'] = $agent; + if ($RCMAIL->config->get('mdn_use_from')) + $options['mdn_use_from'] = true; + $body = rcube_label("yourmessage") . "\r\n\r\n" . "\t" . rcube_label("to") . ': ' . rcube_mime::decode_mime_string($message->headers->to, $message->headers->charset) . "\r\n" . "\t" . rcube_label("subject") . ': ' . $message->subject . "\r\n" . @@ -1752,7 +1728,7 @@ function rcmail_send_mdn($message, &$smtp_error) $compose->setTXTBody(rc_wordwrap($body, 75, "\r\n")); $compose->addAttachment($report, 'message/disposition-notification', 'MDNPart2.txt', false, '7bit', 'inline'); - $sent = rcmail_deliver_message($compose, $identity['email'], $mailto, $smtp_error, $body_file); + $sent = rcmail_deliver_message($compose, $identity['email'], $mailto, $smtp_error, $body_file, $options); if ($sent) { @@ -1764,6 +1740,107 @@ function rcmail_send_mdn($message, &$smtp_error) return false; } +/** + * Detect recipient identity from specified message + */ +function rcmail_identity_select($MESSAGE, $identities = null, $compose_mode = 'reply') +{ + $a_recipients = array(); + $a_names = array(); + + if ($identities === null) { + $identities = rcmail::get_instance()->user->list_identities(null, true); + } + + // extract all recipients of the reply-message + if (is_object($MESSAGE->headers) && in_array($compose_mode, array('reply', 'forward'))) { + $a_to = rcube_mime::decode_address_list($MESSAGE->headers->to, null, true, $MESSAGE->headers->charset); + foreach ($a_to as $addr) { + if (!empty($addr['mailto'])) { + $a_recipients[] = format_email($addr['mailto']); + $a_names[] = $addr['name']; + } + } + + if (!empty($MESSAGE->headers->cc)) { + $a_cc = rcube_mime::decode_address_list($MESSAGE->headers->cc, null, true, $MESSAGE->headers->charset); + foreach ($a_cc as $addr) { + if (!empty($addr['mailto'])) { + $a_recipients[] = format_email($addr['mailto']); + $a_names[] = $addr['name']; + } + } + } + } + + $from_idx = null; + $found_idx = null; + $default_identity = 0; // default identity is always first on the list + + // Select identity + foreach ($identities as $idx => $ident) { + // use From header + if (in_array($compose_mode, array('draft', 'edit'))) { + if ($MESSAGE->headers->from == $ident['ident']) { + $from_idx = $idx; + break; + } + } + // reply to yourself + else if ($compose_mode == 'reply' && $MESSAGE->headers->from == $ident['ident']) { + $from_idx = $idx; + break; + } + // use replied message recipients + else if (($found = array_search($ident['email_ascii'], $a_recipients)) !== false) { + if ($found_idx === null) { + $found_idx = $idx; + } + // match identity name + if ($a_names[$found] && $ident['name'] && $a_names[$found] == $ident['name']) { + $from_idx = $idx; + break; + } + } + } + + // If matching by name+address doesn't found any matches, get first found address (identity) + if ($from_idx === null) { + $from_idx = $found_idx; + } + + // Try Return-Path + if ($from_idx === null && ($return_path = $MESSAGE->headers->others['return-path'])) { + foreach ($identities as $idx => $ident) { + if (strpos($return_path, str_replace('@', '=', $ident['email_ascii']).'@') !== false) { + $from_idx = $idx; + break; + } + } + } + + // Fallback using Delivered-To + if ($from_idx === null && ($delivered_to = $MESSAGE->headers->others['delivered-to'])) { + foreach ($identities as $idx => $ident) { + if (in_array($ident['email_ascii'], (array)$delivered_to)) { + $from_idx = $idx; + break; + } + } + } + + // Fallback using Envelope-To + if ($from_idx === null && ($envelope_to = $MESSAGE->headers->others['envelope-to'])) { + foreach ($identities as $idx => $ident) { + if (in_array($ident['email_ascii'], (array)$envelope_to)) { + $from_idx = $idx; + break; + } + } + } + + return $identities[$from_idx !== null ? $from_idx : $default_identity]; +} // Fixes some content-type names function rcmail_fix_mimetype($name) @@ -1773,9 +1850,44 @@ function rcmail_fix_mimetype($name) if (preg_match('/^application\/pdf.+/', $name)) $name = 'application/pdf'; + // treat image/pjpeg as image/jpeg + else if (preg_match('/^image\/p?jpe?g$/', $name)) + $name = 'image/jpeg'; + return $name; } +// return attachment filename, handle empty filename case +function rcmail_attachment_name($attachment, $display = false) +{ + $filename = $attachment->filename; + + if ($filename === null || $filename === '') { + if ($attachment->mimetype == 'text/html') { + $filename = rcube_label('htmlmessage'); + } + else { + $ext = (array) rcube_mime::get_mime_extensions($attachment->mimetype); + $ext = array_shift($ext); + $filename = rcube_label('messagepart') . ' ' . $attachment->mime_id; + if ($ext) { + $filename .= '.' . $ext; + } + } + } + + $filename = preg_replace('[\r\n]', '', $filename); + + // Display smart names for some known mimetypes + if ($display) { + if (preg_match('/application\/(pgp|pkcs7)-signature/i', $attachment->mimetype)) { + $filename = rcube_label('digitalsig'); + } + } + + return $filename; +} + function rcmail_search_filter($attrib) { global $OUTPUT, $CONFIG; |