diff options
Diffstat (limited to 'program/steps/mail')
-rw-r--r-- | program/steps/mail/addcontact.inc | 121 | ||||
-rw-r--r-- | program/steps/mail/attachments.inc | 250 | ||||
-rw-r--r-- | program/steps/mail/autocomplete.inc | 211 | ||||
-rw-r--r-- | program/steps/mail/copy.inc | 7 | ||||
-rw-r--r-- | program/steps/mail/folders.inc | 5 | ||||
-rw-r--r-- | program/steps/mail/get.inc | 625 | ||||
-rw-r--r-- | program/steps/mail/getunread.inc | 5 | ||||
-rw-r--r-- | program/steps/mail/headers.inc | 5 | ||||
-rw-r--r-- | program/steps/mail/import.inc | 6 |
9 files changed, 640 insertions, 595 deletions
diff --git a/program/steps/mail/addcontact.inc b/program/steps/mail/addcontact.inc index 9d16e094b..76bf2ee32 100644 --- a/program/steps/mail/addcontact.inc +++ b/program/steps/mail/addcontact.inc @@ -5,7 +5,7 @@ | program/steps/mail/addcontact.inc | | | | This file is part of the Roundcube Webmail client | - | Copyright (C) 2005-2009, The Roundcube Dev Team | + | Copyright (C) 2005-2013, The Roundcube Dev Team | | | | Licensed under the GNU General Public License version 3 or | | any later version with exceptions for skins & plugins. | @@ -20,69 +20,74 @@ */ // only process ajax requests -if (!$OUTPUT->ajax_call) - return; +if (!$OUTPUT->ajax_call) { + return; +} // Get default addressbook $CONTACTS = $RCMAIL->get_address_book(-1, true); -if (!empty($_POST['_address']) && is_object($CONTACTS)) -{ - $contact_arr = rcube_mime::decode_address_list(rcube_utils::get_input_value('_address', rcube_utils::INPUT_POST, true), 1, false); - - if (!empty($contact_arr[1]['mailto'])) { - $contact = array( - 'email' => $contact_arr[1]['mailto'], - 'name' => $contact_arr[1]['name'] - ); - - // Validity checks - if (empty($contact['email'])) { - $OUTPUT->show_message('errorsavingcontact', 'error'); - $OUTPUT->send(); - } - - $email = rcube_utils::idn_to_ascii($contact['email']); - if (!rcube_utils::check_email($email, false)) { - $OUTPUT->show_message('emailformaterror', 'error', array('email' => $contact['email'])); - $OUTPUT->send(); +if (!empty($_POST['_address']) && is_object($CONTACTS)) { + $address = rcube_utils::get_input_value('_address', rcube_utils::INPUT_POST, true); + $contact_arr = rcube_mime::decode_address_list($address, 1, false); + + if (!empty($contact_arr[1]['mailto'])) { + $contact = array( + 'email' => $contact_arr[1]['mailto'], + 'name' => $contact_arr[1]['name'], + ); + + // Validity checks + if (empty($contact['email'])) { + $OUTPUT->show_message('errorsavingcontact', 'error'); + $OUTPUT->send(); + } + + $email = rcube_utils::idn_to_ascii($contact['email']); + if (!rcube_utils::check_email($email, false)) { + $OUTPUT->show_message('emailformaterror', 'error', array('email' => $contact['email'])); + $OUTPUT->send(); + } + + $contact['email'] = rcube_utils::idn_to_utf8($contact['email']); + + $contact = $RCMAIL->plugins->exec_hook('contact_displayname', $contact); + + if (empty($contact['firstname']) || empty($contact['surname'])) { + $contact['name'] = rcube_addressbook::compose_display_name($contact); + } + + // validate contact record + if (!$CONTACTS->validate($contact, true)) { + $error = $CONTACTS->get_error(); + // TODO: show dialog to complete record + // if ($error['type'] == rcube_addressbook::ERROR_VALIDATE) { } + + $OUTPUT->show_message($error['message'] ? $error['message'] : 'errorsavingcontact', 'error'); + $OUTPUT->send(); + } + + // check for existing contacts + $existing = $CONTACTS->search('email', $contact['email'], 1, false); + + if ($done = $existing->count) { + $OUTPUT->show_message('contactexists', 'warning'); + } + else { + $plugin = $RCMAIL->plugins->exec_hook('contact_create', array('record' => $contact, 'source' => null)); + $contact = $plugin['record']; + + $done = !$plugin['abort'] ? $CONTACTS->insert($contact) : $plugin['result']; + + if ($done) { + $OUTPUT->show_message('addedsuccessfully', 'confirmation'); + } + } } - - $contact['email'] = rcube_utils::idn_to_utf8($contact['email']); - $contact = $RCMAIL->plugins->exec_hook('contact_displayname', $contact); - - if (empty($contact['firstname']) || empty($contact['surname'])) - $contact['name'] = rcube_addressbook::compose_display_name($contact); - - // validate contact record - if (!$CONTACTS->validate($contact, true)) { - $error = $CONTACTS->get_error(); - // TODO: show dialog to complete record - // if ($error['type'] == rcube_addressbook::ERROR_VALIDATE) { } - - $OUTPUT->show_message($error['message'] ? $error['message'] : 'errorsavingcontact', 'error'); - $OUTPUT->send(); - } - - // check for existing contacts - $existing = $CONTACTS->search('email', $contact['email'], 1, false); - - if ($done = $existing->count) - $OUTPUT->show_message('contactexists', 'warning'); - else { - $plugin = $RCMAIL->plugins->exec_hook('contact_create', array('record' => $contact, 'source' => null)); - $contact = $plugin['record']; - - $done = !$plugin['abort'] ? $CONTACTS->insert($contact) : $plugin['result']; - - if ($done) - $OUTPUT->show_message('addedsuccessfully', 'confirmation'); - } - } } -if (!$done) - $OUTPUT->show_message($plugin['message'] ? $plugin['message'] : 'errorsavingcontact', 'error'); +if (!$done) { + $OUTPUT->show_message($plugin['message'] ? $plugin['message'] : 'errorsavingcontact', 'error'); +} $OUTPUT->send(); - diff --git a/program/steps/mail/attachments.inc b/program/steps/mail/attachments.inc index f0ad97d20..85bc36cac 100644 --- a/program/steps/mail/attachments.inc +++ b/program/steps/mail/attachments.inc @@ -5,7 +5,7 @@ | program/steps/mail/attachments.inc | | | | This file is part of the Roundcube Webmail client | - | Copyright (C) 2005-2009, The Roundcube Dev Team | + | Copyright (C) 2005-2013, The Roundcube Dev Team | | | | Licensed under the GNU General Public License version 3 or | | any later version with exceptions for skins & plugins. | @@ -21,62 +21,73 @@ // Upload progress update if (!empty($_GET['_progress'])) { - $RCMAIL->upload_progress(); + $RCMAIL->upload_progress(); } $COMPOSE_ID = rcube_utils::get_input_value('_id', rcube_utils::INPUT_GPC); $COMPOSE = null; if ($COMPOSE_ID && $_SESSION['compose_data_' . $COMPOSE_ID]) { - $SESSION_KEY = 'compose_data_' . $COMPOSE_ID; - $COMPOSE =& $_SESSION[$SESSION_KEY]; + $SESSION_KEY = 'compose_data_' . $COMPOSE_ID; + $COMPOSE =& $_SESSION[$SESSION_KEY]; } if (!$COMPOSE) { - die("Invalid session var!"); + die("Invalid session var!"); } // remove an attachment -if ($RCMAIL->action=='remove-attachment') -{ - $id = 'undefined'; - if (preg_match('/^rcmfile(\w+)$/', $_POST['_file'], $regs)) - $id = $regs[1]; - if ($attachment = $COMPOSE['attachments'][$id]) - $attachment = $RCMAIL->plugins->exec_hook('attachment_delete', $attachment); - if ($attachment['status']) { - if (is_array($COMPOSE['attachments'][$id])) { - $RCMAIL->session->remove($SESSION_KEY.'.attachments.'.$id); - $OUTPUT->command('remove_from_attachment_list', "rcmfile$id"); +if ($RCMAIL->action=='remove-attachment') { + $id = 'undefined'; + + if (preg_match('/^rcmfile(\w+)$/', $_POST['_file'], $regs)) { + $id = $regs[1]; + } + + if ($attachment = $COMPOSE['attachments'][$id]) { + $attachment = $RCMAIL->plugins->exec_hook('attachment_delete', $attachment); } - } - $OUTPUT->send(); - exit; + if ($attachment['status']) { + if (is_array($COMPOSE['attachments'][$id])) { + $RCMAIL->session->remove($SESSION_KEY.'.attachments.'.$id); + $OUTPUT->command('remove_from_attachment_list', "rcmfile$id"); + } + } + + $OUTPUT->send(); + exit; } -if ($RCMAIL->action=='display-attachment') -{ - $id = 'undefined'; - if (preg_match('/^rcmfile(\w+)$/', $_GET['_file'], $regs)) - $id = $regs[1]; - if ($attachment = $COMPOSE['attachments'][$id]) - $attachment = $RCMAIL->plugins->exec_hook('attachment_display', $attachment); - - if ($attachment['status']) { - if (empty($attachment['size'])) - $attachment['size'] = $attachment['data'] ? strlen($attachment['data']) : @filesize($attachment['path']); - - header('Content-Type: ' . $attachment['mimetype']); - header('Content-Length: ' . $attachment['size']); - - if ($attachment['data']) - echo $attachment['data']; - else if ($attachment['path']) - readfile($attachment['path']); - } - exit; +if ($RCMAIL->action=='display-attachment') { + $id = 'undefined'; + + if (preg_match('/^rcmfile(\w+)$/', $_GET['_file'], $regs)) { + $id = $regs[1]; + } + + if ($attachment = $COMPOSE['attachments'][$id]) { + $attachment = $RCMAIL->plugins->exec_hook('attachment_display', $attachment); + } + + if ($attachment['status']) { + if (empty($attachment['size'])) { + $attachment['size'] = $attachment['data'] ? strlen($attachment['data']) : @filesize($attachment['path']); + } + + header('Content-Type: ' . $attachment['mimetype']); + header('Content-Length: ' . $attachment['size']); + + if ($attachment['data']) { + echo $attachment['data']; + } + else if ($attachment['path']) { + readfile($attachment['path']); + } + } + + exit; } /***** attachment upload action *****/ @@ -87,91 +98,94 @@ $OUTPUT->reset(); $uploadid = rcube_utils::get_input_value('_uploadid', rcube_utils::INPUT_GET); if (is_array($_FILES['_attachments']['tmp_name'])) { - $multiple = count($_FILES['_attachments']['tmp_name']) > 1; - - foreach ($_FILES['_attachments']['tmp_name'] as $i => $filepath) { - // Process uploaded attachment if there is no error - $err = $_FILES['_attachments']['error'][$i]; - - if (!$err) { - $attachment = array( - 'path' => $filepath, - 'size' => $_FILES['_attachments']['size'][$i], - 'name' => $_FILES['_attachments']['name'][$i], - 'mimetype' => rcube_mime::file_content_type($filepath, $_FILES['_attachments']['name'][$i], $_FILES['_attachments']['type'][$i]), - 'group' => $COMPOSE_ID, - ); - - $attachment = $RCMAIL->plugins->exec_hook('attachment_upload', $attachment); + $multiple = count($_FILES['_attachments']['tmp_name']) > 1; + + foreach ($_FILES['_attachments']['tmp_name'] as $i => $filepath) { + // Process uploaded attachment if there is no error + $err = $_FILES['_attachments']['error'][$i]; + + if (!$err) { + $attachment = $RCMAIL->plugins->exec_hook('attachment_upload', array( + 'path' => $filepath, + 'size' => $_FILES['_attachments']['size'][$i], + 'name' => $_FILES['_attachments']['name'][$i], + 'mimetype' => rcube_mime::file_content_type($filepath, $_FILES['_attachments']['name'][$i], $_FILES['_attachments']['type'][$i]), + 'group' => $COMPOSE_ID, + )); + } + + if (!$err && $attachment['status'] && !$attachment['abort']) { + $id = $attachment['id']; + + // store new attachment in session + unset($attachment['status'], $attachment['abort']); + $RCMAIL->session->append($SESSION_KEY.'.attachments', $id, $attachment); + + if (($icon = $COMPOSE['deleteicon']) && is_file($icon)) { + $button = html::img(array( + 'src' => $icon, + 'alt' => $RCMAIL->gettext('delete') + )); + } + else if ($COMPOSE['textbuttons']) { + $button = rcube::Q($RCMAIL->gettext('delete')); + } + else { + $button = ''; + } + + $content = html::a(array( + 'href' => "#delete", + 'onclick' => sprintf("return %s.command('remove-attachment','rcmfile%s', this)", rcmail_output::JS_OBJECT_NAME, $id), + 'title' => $RCMAIL->gettext('delete'), + 'class' => 'delete', + ), $button); + + $content .= rcube::Q($attachment['name']); + + $OUTPUT->command('add2attachment_list', "rcmfile$id", array( + 'html' => $content, + 'name' => $attachment['name'], + 'mimetype' => $attachment['mimetype'], + 'classname' => rcube_utils::file2class($attachment['mimetype'], $attachment['name']), + 'complete' => true), $uploadid); + } + else { // upload failed + if ($err == UPLOAD_ERR_INI_SIZE || $err == UPLOAD_ERR_FORM_SIZE) { + $size = $RCMAIL->show_bytes(parse_bytes(ini_get('upload_max_filesize'))); + $msg = $RCMAIL->gettext(array('name' => 'filesizeerror', 'vars' => array('size' => $size))); + } + else if ($attachment['error']) { + $msg = $attachment['error']; + } + else { + $msg = $RCMAIL->gettext('fileuploaderror'); + } + + if ($attachment['error'] || $err != UPLOAD_ERR_NO_FILE) { + $OUTPUT->command('display_message', $msg, 'error'); + $OUTPUT->command('remove_from_attachment_list', $uploadid); + } + } } - - if (!$err && $attachment['status'] && !$attachment['abort']) { - $id = $attachment['id']; - - // store new attachment in session - unset($attachment['status'], $attachment['abort']); - $RCMAIL->session->append($SESSION_KEY.'.attachments', $id, $attachment); - - if (($icon = $COMPOSE['deleteicon']) && is_file($icon)) { - $button = html::img(array( - 'src' => $icon, - 'alt' => $RCMAIL->gettext('delete') +} +else if ($_SERVER['REQUEST_METHOD'] == 'POST') { + // if filesize exceeds post_max_size then $_FILES array is empty, + // show filesizeerror instead of fileuploaderror + if ($maxsize = ini_get('post_max_size')) { + $msg = $RCMAIL->gettext(array( + 'name' => 'filesizeerror', + 'vars' => array('size' => $RCMAIL->show_bytes(parse_bytes($maxsize))) )); - } - else if ($COMPOSE['textbuttons']) { - $button = rcube::Q($RCMAIL->gettext('delete')); - } - else { - $button = ''; - } - - $content = html::a(array( - 'href' => "#delete", - 'onclick' => sprintf("return %s.command('remove-attachment','rcmfile%s', this)", rcmail_output::JS_OBJECT_NAME, $id), - 'title' => $RCMAIL->gettext('delete'), - 'class' => 'delete', - ), $button); - - $content .= rcube::Q($attachment['name']); - - $OUTPUT->command('add2attachment_list', "rcmfile$id", array( - 'html' => $content, - 'name' => $attachment['name'], - 'mimetype' => $attachment['mimetype'], - 'classname' => rcube_utils::file2class($attachment['mimetype'], $attachment['name']), - 'complete' => true), $uploadid); } - else { // upload failed - if ($err == UPLOAD_ERR_INI_SIZE || $err == UPLOAD_ERR_FORM_SIZE) { - $size = $RCMAIL->show_bytes(parse_bytes(ini_get('upload_max_filesize'))); - $msg = $RCMAIL->gettext(array('name' => 'filesizeerror', 'vars' => array('size' => $size))); - } - else if ($attachment['error']) { - $msg = $attachment['error']; - } - else { + else { $msg = $RCMAIL->gettext('fileuploaderror'); - } - - if ($attachment['error'] || $err != UPLOAD_ERR_NO_FILE) { - $OUTPUT->command('display_message', $msg, 'error'); - $OUTPUT->command('remove_from_attachment_list', $uploadid); - } } - } -} -else if ($_SERVER['REQUEST_METHOD'] == 'POST') { - // if filesize exceeds post_max_size then $_FILES array is empty, - // show filesizeerror instead of fileuploaderror - if ($maxsize = ini_get('post_max_size')) - $msg = $RCMAIL->gettext(array('name' => 'filesizeerror', 'vars' => array('size' => $RCMAIL->show_bytes(parse_bytes($maxsize))))); - else - $msg = $RCMAIL->gettext('fileuploaderror'); - $OUTPUT->command('display_message', $msg, 'error'); - $OUTPUT->command('remove_from_attachment_list', $uploadid); + + $OUTPUT->command('display_message', $msg, 'error'); + $OUTPUT->command('remove_from_attachment_list', $uploadid); } // send html page with JS calls as response $OUTPUT->command('auto_save_start', false); $OUTPUT->send('iframe'); - diff --git a/program/steps/mail/autocomplete.inc b/program/steps/mail/autocomplete.inc index acc86229f..c15de92cf 100644 --- a/program/steps/mail/autocomplete.inc +++ b/program/steps/mail/autocomplete.inc @@ -5,8 +5,8 @@ | program/steps/mail/autocomplete.inc | | | | This file is part of the Roundcube Webmail client | - | Copyright (C) 2008-2011, Roundcube Dev Team | - | Copyright (C) 2011, Kolab Systems AG | + | Copyright (C) 2008-2013, Roundcube Dev Team | + | Copyright (C) 2011-2013, Kolab Systems AG | | | | Licensed under the GNU General Public License version 3 or | | any later version with exceptions for skins & plugins. | @@ -21,24 +21,26 @@ */ if ($RCMAIL->action == 'group-expand') { - $abook = $RCMAIL->get_address_book(rcube_utils::get_input_value('_source', rcube_utils::INPUT_GPC)); - if ($gid = rcube_utils::get_input_value('_gid', rcube_utils::INPUT_GPC)) { - $members = array(); - $abook->set_group($gid); - $abook->set_pagesize(1000); // TODO: limit number of group members by config - $result = $abook->list_records($RCMAIL->config->get('contactlist_fields')); - while ($result && ($sql_arr = $result->iterate())) { - $emails = (array) $abook->get_col_values('email', $sql_arr, true); - if (!empty($emails) && ($email = array_shift($emails))) { - $members[] = format_email_recipient($email, rcube_addressbook::compose_list_name($sql_arr)); - } - } + $abook = $RCMAIL->get_address_book(rcube_utils::get_input_value('_source', rcube_utils::INPUT_GPC)); + if ($gid = rcube_utils::get_input_value('_gid', rcube_utils::INPUT_GPC)) { + $abook->set_group($gid); + $abook->set_pagesize(1000); // TODO: limit number of group members by config + + $separator = trim($RCMAIL->config->get('recipients_separator', ',')) . ' '; + $result = $abook->list_records($RCMAIL->config->get('contactlist_fields')); + $members = array(); + + while ($result && ($sql_arr = $result->iterate())) { + $emails = (array) $abook->get_col_values('email', $sql_arr, true); + if (!empty($emails) && ($email = array_shift($emails))) { + $members[] = format_email_recipient($email, rcube_addressbook::compose_list_name($sql_arr)); + } + } - $separator = trim($RCMAIL->config->get('recipients_separator', ',')) . ' '; - $OUTPUT->command('replace_group_recipients', $gid, join($separator, array_unique($members))); - } + $OUTPUT->command('replace_group_recipients', $gid, join($separator, array_unique($members))); + } - $OUTPUT->send(); + $OUTPUT->send(); } @@ -49,96 +51,107 @@ $search = rcube_utils::get_input_value('_search', rcube_utils::INPUT_GPC, true); $source = rcube_utils::get_input_value('_source', rcube_utils::INPUT_GPC); $sid = rcube_utils::get_input_value('_id', rcube_utils::INPUT_GPC); -if (strlen($source)) - $book_types = array($source); -else - $book_types = (array) $RCMAIL->config->get('autocomplete_addressbooks', 'sql'); +if (strlen($source)) { + $book_types = array($source); +} +else { + $book_types = (array) $RCMAIL->config->get('autocomplete_addressbooks', 'sql'); +} if (!empty($book_types) && strlen($search)) { - $contacts = array(); - $sort_keys = array(); - $books_num = count($book_types); - $search_lc = mb_strtolower($search); - - foreach ($book_types as $id) { - $abook = $RCMAIL->get_address_book($id); - $abook->set_pagesize($MAXNUM); - - if ($result = $abook->search($RCMAIL->config->get('contactlist_fields'), $search, $mode, true, true, 'email')) { - while ($sql_arr = $result->iterate()) { - // Contact can have more than one e-mail address - $email_arr = (array)$abook->get_col_values('email', $sql_arr, true); - $email_cnt = count($email_arr); - $idx = 0; - foreach ($email_arr as $email) { - if (empty($email)) { - continue; - } - - $sql_arr['name'] = rcube_addressbook::compose_list_name($sql_arr); - $contact = format_email_recipient($email, $sql_arr['name']); - - // skip entries that don't match - if ($email_cnt > 1 && strpos(mb_strtolower($contact), $search_lc) === false) { - continue; - } - - // skip duplicates - if (!in_array($contact, $contacts)) { - $contacts[] = $contact; - $sort_keys[] = sprintf('%s %03d', $sql_arr['name'] , $idx++); - - if (count($contacts) >= $MAXNUM) - break 2; - } - - // skip redundant entries (show only first email address) - if ($single) { - break; - } + $contacts = array(); + $sort_keys = array(); + $books_num = count($book_types); + $search_lc = mb_strtolower($search); + + foreach ($book_types as $id) { + $abook = $RCMAIL->get_address_book($id); + $abook->set_pagesize($MAXNUM); + + if ($result = $abook->search($RCMAIL->config->get('contactlist_fields'), $search, $mode, true, true, 'email')) { + while ($sql_arr = $result->iterate()) { + // Contact can have more than one e-mail address + $email_arr = (array)$abook->get_col_values('email', $sql_arr, true); + $email_cnt = count($email_arr); + $idx = 0; + + foreach ($email_arr as $email) { + if (empty($email)) { + continue; + } + + $name = rcube_addressbook::compose_list_name($sql_arr); + $contact = format_email_recipient($email, $name); + + // skip entries that don't match + if ($email_cnt > 1 && strpos(mb_strtolower($contact), $search_lc) === false) { + continue; + } + + // skip duplicates + if (!in_array($contact, $contacts)) { + $contacts[] = $contact; + $sort_keys[] = sprintf('%s %03d', $sql_arr['name'] , $idx++); + + if (count($contacts) >= $MAXNUM) { + break 2; + } + } + + // skip redundant entries (show only first email address) + if ($single) { + break; + } + } + } } - } - } - // also list matching contact groups - if ($abook->groups && count($contacts) < $MAXNUM) { - foreach ($abook->list_groups($search, $mode) as $group) { - $abook->reset(); - $abook->set_group($group['ID']); - $group_prop = $abook->get_group($group['ID']); - - // group (distribution list) with email address(es) - if ($group_prop['email']) { - $idx = 0; - foreach ((array)$group_prop['email'] as $email) { - $contacts[] = format_email_recipient($email, $group['name']); - $sort_keys[] = sprintf('%s %03d', $group['name'] , $idx++); - - if (count($contacts) >= $MAXNUM) - break 2; + // also list matching contact groups + if ($abook->groups && count($contacts) < $MAXNUM) { + foreach ($abook->list_groups($search, $mode) as $group) { + $abook->reset(); + $abook->set_group($group['ID']); + + $group_prop = $abook->get_group($group['ID']); + + // group (distribution list) with email address(es) + if ($group_prop['email']) { + $idx = 0; + foreach ((array)$group_prop['email'] as $email) { + $contacts[] = format_email_recipient($email, $group['name']); + $sort_keys[] = sprintf('%s %03d', $group['name'] , $idx++); + + if (count($contacts) >= $MAXNUM) { + break 2; + } + } + } + // show group with count + else if (($result = $abook->count()) && $result->count) { + $sort_keys[] = $group['name']; + $contacts[] = array( + 'name' => $group['name'] . ' (' . intval($result->count) . ')', + 'id' => $group['ID'], + 'source' => $id + ); + + if (count($contacts) >= $MAXNUM) { + break; + } + } } } - // show group with count - else if (($result = $abook->count()) && $result->count) { - $contacts[] = array('name' => $group['name'] . ' (' . intval($result->count) . ')', 'id' => $group['ID'], 'source' => $id); - $sort_keys[] = $group['name']; + } - if (count($contacts) >= $MAXNUM) - break; + if (count($contacts)) { + // sort contacts index + asort($sort_keys, SORT_LOCALE_STRING); + // re-sort contacts according to index + foreach ($sort_keys as $idx => $val) { + $sort_keys[$idx] = $contacts[$idx]; } - } - } - } - - if (count($contacts)) { - // sort contacts index - asort($sort_keys, SORT_LOCALE_STRING); - // re-sort contacts according to index - foreach ($sort_keys as $idx => $val) { - $sort_keys[$idx] = $contacts[$idx]; + $contacts = array_values($sort_keys); } - $contacts = array_values($sort_keys); - } } $OUTPUT->command('ksearch_query_results', $contacts, $search, $sid); diff --git a/program/steps/mail/copy.inc b/program/steps/mail/copy.inc index 4cebae6c6..a392f309f 100644 --- a/program/steps/mail/copy.inc +++ b/program/steps/mail/copy.inc @@ -5,7 +5,7 @@ | program/steps/mail/copy.inc | | | | This file is part of the Roundcube Webmail client | - | Copyright (C) 2005-2010, The Roundcube Dev Team | + | Copyright (C) 2005-2013, The Roundcube Dev Team | | | | Licensed under the GNU General Public License version 3 or | | any later version with exceptions for skins & plugins. | @@ -20,8 +20,9 @@ */ // only process ajax requests -if (!$OUTPUT->ajax_call) - return; +if (!$OUTPUT->ajax_call) { + return; +} // move messages if (!empty($_POST['_uid']) && strlen($_POST['_target_mbox'])) { diff --git a/program/steps/mail/folders.inc b/program/steps/mail/folders.inc index 1c9ed0dae..519a41fdd 100644 --- a/program/steps/mail/folders.inc +++ b/program/steps/mail/folders.inc @@ -5,7 +5,7 @@ | program/steps/mail/folders.inc | | | | This file is part of the Roundcube Webmail client | - | Copyright (C) 2005-2009, The Roundcube Dev Team | + | Copyright (C) 2005-2013, The Roundcube Dev Team | | | | Licensed under the GNU General Public License version 3 or | | any later version with exceptions for skins & plugins. | @@ -20,8 +20,9 @@ */ // only process ajax requests -if (!$OUTPUT->ajax_call) +if (!$OUTPUT->ajax_call) { return; +} $mbox = rcube_utils::get_input_value('_mbox', rcube_utils::INPUT_POST, true); diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc index d588343de..8f869c67c 100644 --- a/program/steps/mail/get.inc +++ b/program/steps/mail/get.inc @@ -5,7 +5,7 @@ | program/steps/mail/get.inc | | | | This file is part of the Roundcube Webmail client | - | Copyright (C) 2005-2011, The Roundcube Dev Team | + | Copyright (C) 2005-2013, The Roundcube Dev Team | | | | Licensed under the GNU General Public License version 3 or | | any later version with exceptions for skins & plugins. | @@ -22,15 +22,15 @@ // show loading page if (!empty($_GET['_preload'])) { - $url = preg_replace('/([&?]+)_preload=/', '\\1_mimewarning=1&_embed=', $_SERVER['REQUEST_URI']); - $message = $RCMAIL->gettext('loadingdata'); + $url = preg_replace('/([&?]+)_preload=/', '\\1_mimewarning=1&_embed=', $_SERVER['REQUEST_URI']); + $message = $RCMAIL->gettext('loadingdata'); - header('Content-Type: text/html; charset=' . RCUBE_CHARSET); - print "<html>\n<head>\n" + header('Content-Type: text/html; charset=' . RCUBE_CHARSET); + print "<html>\n<head>\n" . '<meta http-equiv="refresh" content="0; url='.rcube::Q($url).'">' . "\n" . '<meta http-equiv="content-type" content="text/html; charset='.RCUBE_CHARSET.'">' . "\n" . "</head>\n<body>\n$message\n</body>\n</html>"; - exit; + exit; } ob_end_clean(); @@ -38,9 +38,9 @@ ob_end_clean(); // similar code as in program/steps/mail/show.inc if (!empty($_GET['_uid'])) { - $uid = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_GET); - $RCMAIL->config->set('prefer_html', true); - $MESSAGE = new rcube_message($uid); + $uid = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_GET); + $RCMAIL->config->set('prefer_html', true); + $MESSAGE = new rcube_message($uid); } // check connection status @@ -50,336 +50,349 @@ $part_id = rcube_utils::get_input_value('_part', rcube_utils::INPUT_GPC); // show part page if (!empty($_GET['_frame'])) { - if ($part_id && ($part = $MESSAGE->mime_parts[$part_id])) { - $filename = rcmail_attachment_name($part); - $OUTPUT->set_pagetitle($filename); - } - - // register UI objects - $OUTPUT->add_handlers(array( - 'messagepartframe' => 'rcmail_message_part_frame', - 'messagepartcontrols' => 'rcmail_message_part_controls', - )); - - $OUTPUT->set_env('mailbox', $RCMAIL->storage->get_folder()); - $OUTPUT->set_env('uid', $uid); - $OUTPUT->set_env('part', $part_id); - $OUTPUT->set_env('filename', $filename); - - $OUTPUT->send('messagepart'); - exit; + if ($part_id && ($part = $MESSAGE->mime_parts[$part_id])) { + $filename = rcmail_attachment_name($part); + $OUTPUT->set_pagetitle($filename); + } + + // register UI objects + $OUTPUT->add_handlers(array( + 'messagepartframe' => 'rcmail_message_part_frame', + 'messagepartcontrols' => 'rcmail_message_part_controls', + )); + + $OUTPUT->set_env('mailbox', $RCMAIL->storage->get_folder()); + $OUTPUT->set_env('uid', $uid); + $OUTPUT->set_env('part', $part_id); + $OUTPUT->set_env('filename', $filename); + + $OUTPUT->send('messagepart'); + exit; } // render thumbnail of an image attachment else if ($_GET['_thumb']) { - $pid = rcube_utils::get_input_value('_part', rcube_utils::INPUT_GET); - if ($part = $MESSAGE->mime_parts[$pid]) { - $thumbnail_size = $RCMAIL->config->get('image_thumbnail_size', 240); - $temp_dir = $RCMAIL->config->get('temp_dir'); - list(,$ext) = explode('/', $part->mimetype); - $mimetype = $part->mimetype; - $file_ident = $MESSAGE->headers->messageID . ':' . $part->mime_id . ':' . $part->size . ':' . $part->mimetype; - $cache_basename = $temp_dir . '/' . md5($file_ident . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size); - $cache_file = $cache_basename . '.' . $ext; - - // render thumbnail image if not done yet - if (!is_file($cache_file)) { - if ($fp = fopen(($orig_name = $cache_basename . '.orig.' . $ext), 'w')) { - $MESSAGE->get_part_content($part->mime_id, $fp); - fclose($fp); - - $image = new rcube_image($orig_name); - if ($imgtype = $image->resize($thumbnail_size, $cache_file, true)) { - $mimetype = 'image/' . $imgtype; - unlink($orig_name); - } - else { - rename($orig_name, $cache_file); + $pid = rcube_utils::get_input_value('_part', rcube_utils::INPUT_GET); + if ($part = $MESSAGE->mime_parts[$pid]) { + $thumbnail_size = $RCMAIL->config->get('image_thumbnail_size', 240); + $temp_dir = $RCMAIL->config->get('temp_dir'); + list(,$ext) = explode('/', $part->mimetype); + $mimetype = $part->mimetype; + $file_ident = $MESSAGE->headers->messageID . ':' . $part->mime_id . ':' . $part->size . ':' . $part->mimetype; + $cache_basename = $temp_dir . '/' . md5($file_ident . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size); + $cache_file = $cache_basename . '.' . $ext; + + // render thumbnail image if not done yet + if (!is_file($cache_file)) { + if ($fp = fopen(($orig_name = $cache_basename . '.orig.' . $ext), 'w')) { + $MESSAGE->get_part_content($part->mime_id, $fp); + fclose($fp); + + $image = new rcube_image($orig_name); + if ($imgtype = $image->resize($thumbnail_size, $cache_file, true)) { + $mimetype = 'image/' . $imgtype; + unlink($orig_name); + } + else { + rename($orig_name, $cache_file); + } + } } - } - } - if (is_file($cache_file)) { - header('Content-Type: ' . $mimetype); - readfile($cache_file); + if (is_file($cache_file)) { + header('Content-Type: ' . $mimetype); + readfile($cache_file); + } } - } - exit; + exit; } else if (strlen($part_id)) { - if ($part = $MESSAGE->mime_parts[$part_id]) { - $mimetype = rcmail_fix_mimetype($part->mimetype); - - // allow post-processing of the message body - $plugin = $RCMAIL->plugins->exec_hook('message_part_get', - array('uid' => $MESSAGE->uid, 'id' => $part->mime_id, 'mimetype' => $mimetype, 'part' => $part, 'download' => !empty($_GET['_download']))); - - if ($plugin['abort']) - exit; - - // overwrite modified vars from plugin - $mimetype = $plugin['mimetype']; - $extensions = rcube_mime::get_mime_extensions($mimetype); - - if ($plugin['body']) - $part->body = $plugin['body']; - - - // compare file mimetype with the stated content-type headers and file extension to avoid malicious operations - if (!empty($_REQUEST['_embed']) && empty($_REQUEST['_nocheck'])) { - $file_extension = strtolower(pathinfo($part->filename, PATHINFO_EXTENSION)); - - // 1. compare filename suffix with expected suffix derived from mimetype - $valid = $file_extension && in_array($file_extension, (array)$extensions) || !empty($_REQUEST['_mimeclass']); - - // 2. detect the real mimetype of the attachment part and compare it with the stated mimetype and filename extension - if ($valid || !$file_extension || $mimetype == 'application/octet-stream' || stripos($mimetype, 'text/') === 0) { - if ($part->body) // part body is already loaded - $body = $part->body; - else if ($part->size && $part->size < 1024*1024) // load the entire part if it's small enough - $body = $part->body = $MESSAGE->get_part_content($part->mime_id); - else // fetch the first 2K of the message part - $body = $MESSAGE->get_part_content($part->mime_id, null, true, 2048); - - // detect message part mimetype - $real_mimetype = rcube_mime::file_content_type($body, $part->filename, $mimetype, true, true); - list($real_ctype_primary, $real_ctype_secondary) = explode('/', $real_mimetype); - - // accept text/plain with any extension - if ($real_mimetype == 'text/plain' && $real_mimetype == $mimetype) - $file_extension = 'txt'; - - // ignore differences in text/* mimetypes. Filetype detection isn't very reliable here - if ($real_ctype_primary == 'text' && strpos($mimetype, $real_ctype_primary) === 0) - $real_mimetype = $mimetype; - - // get valid file extensions - $extensions = rcube_mime::get_mime_extensions($real_mimetype); - $valid_extension = (!$file_extension || in_array($file_extension, (array)$extensions)); - - // ignore filename extension if mimeclass matches (#1489029) - if (!empty($_REQUEST['_mimeclass']) && $real_ctype_primary == $_REQUEST['_mimeclass']) - $valid_extension = true; - - // fix mimetype for images wrongly declared as octet-stream - if ($mimetype == 'application/octet-stream' && strpos($real_mimetype, 'image/') === 0 && $valid_extension) - $mimetype = $real_mimetype; - - $valid = ($real_mimetype == $mimetype && $valid_extension); - } - else { - $real_mimetype = $mimetype; - } - - // show warning if validity checks failed - if (!$valid) { - // send blocked.gif for expected images - if (empty($_REQUEST['_mimewarning']) && strpos($mimetype, 'image/') === 0) { - // Do not cache. Failure might be the result of a misconfiguration, thus real content should be returned once fixed. - $OUTPUT->nocacheing_headers(); - header("Content-Type: image/gif"); - header("Content-Transfer-Encoding: binary"); - readfile(INSTALL_PATH . 'program/resources/blocked.gif'); + if ($part = $MESSAGE->mime_parts[$part_id]) { + $mimetype = rcmail_fix_mimetype($part->mimetype); + + // allow post-processing of the message body + $plugin = $RCMAIL->plugins->exec_hook('message_part_get', array( + 'uid' => $MESSAGE->uid, + 'id' => $part->mime_id, + 'mimetype' => $mimetype, + 'part' => $part, + 'download' => !empty($_GET['_download']) + )); + + if ($plugin['abort']) { + exit; } - else { // html warning with a button to load the file anyway - $OUTPUT = new rcmail_html_page(); - $OUTPUT->write(html::tag('html', null, html::tag('body', 'embed', - html::div(array('class' => 'rcmail-inline-message rcmail-inline-warning'), - $RCMAIL->gettext(array( - 'name' => 'attachmentvalidationerror', - 'vars' => array( - 'expected' => $mimetype . ($file_extension ? " (.$file_extension)" : ''), - 'detected' => $real_mimetype . ($extensions[0] ? " (.$extensions[0])" : ''), - ) - )) . - html::p(array('class' => 'rcmail-inline-buttons'), - html::tag('button', - array('onclick' => "location.href='" . $RCMAIL->url(array_merge($_GET, array('_nocheck' => 1))) . "'"), - $RCMAIL->gettext('showanyway'))) - ) - ))); - } - exit; - } - } - - // TIFF to JPEG conversion, if needed - $tiff_support = !empty($_SESSION['browser_caps']) && !empty($_SESSION['browser_caps']['tif']); - if (!empty($_REQUEST['_embed']) && !$tiff_support - && $RCMAIL->config->get('im_convert_path') - && rcmail_part_image_type($part) == 'image/tiff' - ) { - $tiff2jpeg = true; - $mimetype = 'image/jpeg'; - } + // overwrite modified vars from plugin + $mimetype = $plugin['mimetype']; + $extensions = rcube_mime::get_mime_extensions($mimetype); + if ($plugin['body']) { + $part->body = $plugin['body']; + } - $browser = $RCMAIL->output->browser; - list($ctype_primary, $ctype_secondary) = explode('/', $mimetype); + // compare file mimetype with the stated content-type headers and file extension to avoid malicious operations + if (!empty($_REQUEST['_embed']) && empty($_REQUEST['_nocheck'])) { + $file_extension = strtolower(pathinfo($part->filename, PATHINFO_EXTENSION)); + + // 1. compare filename suffix with expected suffix derived from mimetype + $valid = $file_extension && in_array($file_extension, (array)$extensions) || !empty($_REQUEST['_mimeclass']); + + // 2. detect the real mimetype of the attachment part and compare it with the stated mimetype and filename extension + if ($valid || !$file_extension || $mimetype == 'application/octet-stream' || stripos($mimetype, 'text/') === 0) { + if ($part->body) // part body is already loaded + $body = $part->body; + else if ($part->size && $part->size < 1024*1024) // load the entire part if it's small enough + $body = $part->body = $MESSAGE->get_part_content($part->mime_id); + else // fetch the first 2K of the message part + $body = $MESSAGE->get_part_content($part->mime_id, null, true, 2048); + + // detect message part mimetype + $real_mimetype = rcube_mime::file_content_type($body, $part->filename, $mimetype, true, true); + list($real_ctype_primary, $real_ctype_secondary) = explode('/', $real_mimetype); + + // accept text/plain with any extension + if ($real_mimetype == 'text/plain' && $real_mimetype == $mimetype) { + $file_extension = 'txt'; + } + + // ignore differences in text/* mimetypes. Filetype detection isn't very reliable here + if ($real_ctype_primary == 'text' && strpos($mimetype, $real_ctype_primary) === 0) { + $real_mimetype = $mimetype; + } + + // get valid file extensions + $extensions = rcube_mime::get_mime_extensions($real_mimetype); + $valid_extension = (!$file_extension || in_array($file_extension, (array)$extensions)); + + // ignore filename extension if mimeclass matches (#1489029) + if (!empty($_REQUEST['_mimeclass']) && $real_ctype_primary == $_REQUEST['_mimeclass']) { + $valid_extension = true; + } + + // fix mimetype for images wrongly declared as octet-stream + if ($mimetype == 'application/octet-stream' && strpos($real_mimetype, 'image/') === 0 && $valid_extension) { + $mimetype = $real_mimetype; + } + + $valid = ($real_mimetype == $mimetype && $valid_extension); + } + else { + $real_mimetype = $mimetype; + } + + // show warning if validity checks failed + if (!$valid) { + // send blocked.gif for expected images + if (empty($_REQUEST['_mimewarning']) && strpos($mimetype, 'image/') === 0) { + // Do not cache. Failure might be the result of a misconfiguration, thus real content should be returned once fixed. + $OUTPUT->nocacheing_headers(); + header("Content-Type: image/gif"); + header("Content-Transfer-Encoding: binary"); + readfile(INSTALL_PATH . 'program/resources/blocked.gif'); + } + else { // html warning with a button to load the file anyway + $OUTPUT = new rcmail_html_page(); + $OUTPUT->write(html::tag('html', null, html::tag('body', 'embed', + html::div(array('class' => 'rcmail-inline-message rcmail-inline-warning'), + $RCMAIL->gettext(array( + 'name' => 'attachmentvalidationerror', + 'vars' => array( + 'expected' => $mimetype . ($file_extension ? " (.$file_extension)" : ''), + 'detected' => $real_mimetype . ($extensions[0] ? " (.$extensions[0])" : ''), + ) + )) + . html::p(array('class' => 'rcmail-inline-buttons'), + html::tag('button', array( + 'onclick' => "location.href='" . $RCMAIL->url(array_merge($_GET, array('_nocheck' => 1))) . "'" + ), + $RCMAIL->gettext('showanyway')) + ) + )))); + } + + exit; + } + } - if (!$plugin['download'] && $ctype_primary == 'text') { - header("Content-Type: text/$ctype_secondary; charset=" . ($part->charset ? $part->charset : RCUBE_CHARSET)); - } - else { - header("Content-Type: $mimetype"); - header("Content-Transfer-Encoding: binary"); - } - // deliver part content - if ($ctype_primary == 'text' && $ctype_secondary == 'html' && empty($plugin['download'])) { - // Check if we have enough memory to handle the message in it - // #1487424: we need up to 10x more memory than the body - if (!rcube_utils::mem_check($part->size * 10)) { - $out = '<body>' . $RCMAIL->gettext('messagetoobig'). ' ' - . html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part='.$part->mime_id - .'&_mbox='. urlencode($RCMAIL->storage->get_folder()), $RCMAIL->gettext('download')) . '</body></html>'; - } - else { - // get part body if not available - if (!$part->body) - $part->body = $MESSAGE->get_part_content($part->mime_id); - - // show images? - rcmail_check_safe($MESSAGE); - - // render HTML body - $out = rcmail_print_body($part, array('safe' => $MESSAGE->is_safe, 'inline_html' => false)); - - // insert remote objects warning into HTML body - if ($REMOTE_OBJECTS) { - $body_start = 0; - if ($body_pos = strpos($out, '<body')) { - $body_start = strpos($out, '>', $body_pos) + 1; - } - $out = substr($out, 0, $body_start) . - html::div(array('class' => 'rcmail-inline-message rcmail-inline-warning'), - rcube::Q($RCMAIL->gettext('blockedimages')) . ' ' . - html::tag('button', - array('onclick' => "location.href='" . $RCMAIL->url(array_merge($_GET, array('_safe' => 1))) . "'"), - rcube::Q($RCMAIL->gettext('showimages'))) - ) . - substr($out, $body_start); + // TIFF to JPEG conversion, if needed + $tiff_support = !empty($_SESSION['browser_caps']) && !empty($_SESSION['browser_caps']['tif']); + if (!empty($_REQUEST['_embed']) && !$tiff_support + && $RCMAIL->config->get('im_convert_path') + && rcmail_part_image_type($part) == 'image/tiff' + ) { + $tiff2jpeg = true; + $mimetype = 'image/jpeg'; } - } - // check connection status - if ($part->size && empty($part->body)) { - check_storage_status(); - } - $OUTPUT = new rcmail_html_page(); - $OUTPUT->write($out); - } - else { - // don't kill the connection if download takes more than 30 sec. - @set_time_limit(0); - - $filename = rcmail_attachment_name($part); - - if ($browser->ie && $browser->ver < 7) - $filename = rawurlencode(abbreviate_string($filename, 55)); - else if ($browser->ie) - $filename = rawurlencode($filename); - else - $filename = addcslashes($filename, '"'); - - $disposition = !empty($plugin['download']) ? 'attachment' : 'inline'; - - // Workaround for nasty IE bug (#1488844) - // If Content-Disposition header contains string "attachment" e.g. in filename - // IE handles data as attachment not inline - if ($disposition == 'inline' && $browser->ie && $browser->ver < 9) { - $filename = str_ireplace('attachment', 'attach', $filename); - } - - // add filename extension if missing - if (!pathinfo($filename, PATHINFO_EXTENSION) && ($extensions = rcube_mime::get_mime_extensions($mimetype))) { - $filename .= '.' . $extensions[0]; - } - - header("Content-Disposition: $disposition; filename=\"$filename\""); - - // handle tiff to jpeg conversion - if (!empty($tiff2jpeg)) { - $temp_dir = unslashify($RCMAIL->config->get('temp_dir')); - $file_path = tempnam($temp_dir, 'rcmAttmnt'); - - // write content to temp file - if ($part->body) { - $saved = file_put_contents($file_path, $part->body); - } - else if ($part->size) { - $fd = fopen($file_path, 'w'); - $saved = $RCMAIL->storage->get_message_part($MESSAGE->uid, $part->mime_id, $part, false, $fd); - fclose($fd); - } + $browser = $RCMAIL->output->browser; + list($ctype_primary, $ctype_secondary) = explode('/', $mimetype); - // convert image to jpeg and send it to the browser - if ($saved) { - $image = new rcube_image($file_path); - if ($image->convert(rcube_image::TYPE_JPG, $file_path)) { - header("Content-Length: " . filesize($file_path)); - readfile($file_path); - } - unlink($file_path); - } - } - // do content filtering to avoid XSS through fake images - else if (!empty($_REQUEST['_embed']) && $browser->ie && $browser->ver <= 8) { - if ($part->body) { - echo preg_match('/<(script|iframe|object)/i', $part->body) ? '' : $part->body; - $sent = true; - } - else if ($part->size) { - $stdout = fopen('php://output', 'w'); - stream_filter_register('rcube_content', 'rcube_content_filter') or die('Failed to register content filter'); - stream_filter_append($stdout, 'rcube_content'); - $sent = $RCMAIL->storage->get_message_part($MESSAGE->uid, $part->mime_id, $part, false, $stdout); + if (!$plugin['download'] && $ctype_primary == 'text') { + header("Content-Type: text/$ctype_secondary; charset=" . ($part->charset ? $part->charset : RCUBE_CHARSET)); } - } - // send part as-it-is - else { - if ($part->body) { - header("Content-Length: " . strlen($part->body)); - echo $part->body; - $sent = true; + else { + header("Content-Type: $mimetype"); + header("Content-Transfer-Encoding: binary"); } - else if ($part->size) { - if ($size = (int)$part->d_parameters['size']) { - header("Content-Length: $size"); - } - // 8th argument disables re-formatting of text/* parts (#1489267) - $sent = $RCMAIL->storage->get_message_part($MESSAGE->uid, $part->mime_id, $part, true, null, false, 0, false); + // deliver part content + if ($ctype_primary == 'text' && $ctype_secondary == 'html' && empty($plugin['download'])) { + // Check if we have enough memory to handle the message in it + // #1487424: we need up to 10x more memory than the body + if (!rcube_utils::mem_check($part->size * 10)) { + $out = '<body>' . $RCMAIL->gettext('messagetoobig'). ' ' + . html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part='.$part->mime_id + .'&_mbox='. urlencode($RCMAIL->storage->get_folder()), $RCMAIL->gettext('download')) . '</body></html>'; + } + else { + // get part body if not available + if (!$part->body) { + $part->body = $MESSAGE->get_part_content($part->mime_id); + } + + // show images? + rcmail_check_safe($MESSAGE); + + // render HTML body + $out = rcmail_print_body($part, array('safe' => $MESSAGE->is_safe, 'inline_html' => false)); + + // insert remote objects warning into HTML body + if ($REMOTE_OBJECTS) { + $body_start = 0; + if ($body_pos = strpos($out, '<body')) { + $body_start = strpos($out, '>', $body_pos) + 1; + } + + $out = substr($out, 0, $body_start) + . html::div(array('class' => 'rcmail-inline-message rcmail-inline-warning'), + rcube::Q($RCMAIL->gettext('blockedimages')) . ' ' . + html::tag('button', + array('onclick' => "location.href='" . $RCMAIL->url(array_merge($_GET, array('_safe' => 1))) . "'"), + rcube::Q($RCMAIL->gettext('showimages'))) + ) + . substr($out, $body_start); + } + } + + // check connection status + if ($part->size && empty($part->body)) { + check_storage_status(); + } + + $OUTPUT = new rcmail_html_page(); + $OUTPUT->write($out); + } + else { + // don't kill the connection if download takes more than 30 sec. + @set_time_limit(0); + + $filename = rcmail_attachment_name($part); + + if ($browser->ie && $browser->ver < 7) + $filename = rawurlencode(abbreviate_string($filename, 55)); + else if ($browser->ie) + $filename = rawurlencode($filename); + else + $filename = addcslashes($filename, '"'); + + $disposition = !empty($plugin['download']) ? 'attachment' : 'inline'; + + // Workaround for nasty IE bug (#1488844) + // If Content-Disposition header contains string "attachment" e.g. in filename + // IE handles data as attachment not inline + if ($disposition == 'inline' && $browser->ie && $browser->ver < 9) { + $filename = str_ireplace('attachment', 'attach', $filename); + } + + // add filename extension if missing + if (!pathinfo($filename, PATHINFO_EXTENSION) && ($extensions = rcube_mime::get_mime_extensions($mimetype))) { + $filename .= '.' . $extensions[0]; + } + + header("Content-Disposition: $disposition; filename=\"$filename\""); + + // handle tiff to jpeg conversion + if (!empty($tiff2jpeg)) { + $temp_dir = unslashify($RCMAIL->config->get('temp_dir')); + $file_path = tempnam($temp_dir, 'rcmAttmnt'); + + // write content to temp file + if ($part->body) { + $saved = file_put_contents($file_path, $part->body); + } + else if ($part->size) { + $fd = fopen($file_path, 'w'); + $saved = $RCMAIL->storage->get_message_part($MESSAGE->uid, $part->mime_id, $part, false, $fd); + fclose($fd); + } + + // convert image to jpeg and send it to the browser + if ($saved) { + $image = new rcube_image($file_path); + if ($image->convert(rcube_image::TYPE_JPG, $file_path)) { + header("Content-Length: " . filesize($file_path)); + readfile($file_path); + } + unlink($file_path); + } + } + // do content filtering to avoid XSS through fake images + else if (!empty($_REQUEST['_embed']) && $browser->ie && $browser->ver <= 8) { + if ($part->body) { + echo preg_match('/<(script|iframe|object)/i', $part->body) ? '' : $part->body; + $sent = true; + } + else if ($part->size) { + $stdout = fopen('php://output', 'w'); + stream_filter_register('rcube_content', 'rcube_content_filter') or die('Failed to register content filter'); + stream_filter_append($stdout, 'rcube_content'); + $sent = $RCMAIL->storage->get_message_part($MESSAGE->uid, $part->mime_id, $part, false, $stdout); + } + } + // send part as-it-is + else { + if ($part->body) { + header("Content-Length: " . strlen($part->body)); + echo $part->body; + $sent = true; + } + else if ($part->size) { + if ($size = (int)$part->d_parameters['size']) { + header("Content-Length: $size"); + } + + // 8th argument disables re-formatting of text/* parts (#1489267) + $sent = $RCMAIL->storage->get_message_part($MESSAGE->uid, $part->mime_id, $part, true, null, false, 0, false); + } + } + + // check connection status + if ($part->size && !$sent) { + check_storage_status(); + } } - } - // check connection status - if ($part->size && !$sent) { - check_storage_status(); - } + exit; } - - exit; - } } - // print message else { - // send correct headers for content type - header("Content-Type: text/html"); + // send correct headers for content type + header("Content-Type: text/html"); - $cont = "<html>\n<head><title></title>\n</head>\n<body>"; - $cont .= rcmail_message_body(array()); - $cont .= "\n</body>\n</html>"; + $cont = "<html>\n<head><title></title>\n</head>\n<body>"; + $cont .= rcmail_message_body(array()); + $cont .= "\n</body>\n</html>"; - $OUTPUT = new rcmail_html_page(); - $OUTPUT->write($cont); + $OUTPUT = new rcmail_html_page(); + $OUTPUT->write($cont); - exit; + exit; } diff --git a/program/steps/mail/getunread.inc b/program/steps/mail/getunread.inc index 3b93e8ef6..f708c8aef 100644 --- a/program/steps/mail/getunread.inc +++ b/program/steps/mail/getunread.inc @@ -5,7 +5,7 @@ | program/steps/mail/getunread.inc | | | | This file is part of the Roundcube Webmail client | - | Copyright (C) 2005-2009, The Roundcube Dev Team | + | Copyright (C) 2005-2013, The Roundcube Dev Team | | | | Licensed under the GNU General Public License version 3 or | | any later version with exceptions for skins & plugins. | @@ -21,8 +21,7 @@ $a_folders = $RCMAIL->storage->list_folders_subscribed('', '*', 'mail'); -if (!empty($a_folders)) -{ +if (!empty($a_folders)) { $current = $RCMAIL->storage->get_folder(); $inbox = ($current == 'INBOX'); $trash = $RCMAIL->config->get('trash_mbox'); diff --git a/program/steps/mail/headers.inc b/program/steps/mail/headers.inc index ae1f1db81..9d3e6d348 100644 --- a/program/steps/mail/headers.inc +++ b/program/steps/mail/headers.inc @@ -19,8 +19,7 @@ +-----------------------------------------------------------------------+ */ -if ($uid = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_POST)) -{ +if ($uid = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_POST)) { $source = $RCMAIL->storage->get_raw_headers($uid); if ($source !== false) { @@ -48,5 +47,3 @@ if ($uid = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_POST)) } exit; - - diff --git a/program/steps/mail/import.inc b/program/steps/mail/import.inc index 69124f71a..4f822e0e4 100644 --- a/program/steps/mail/import.inc +++ b/program/steps/mail/import.inc @@ -32,6 +32,7 @@ if (is_array($_FILES['_file'])) { if (!$err) { // check file content type first list($mtype_primary,) = explode('/', rcube_mime::file_content_type($filepath, $_FILES['_file']['name'][$i], $_FILES['_file']['type'][$i])); + if (!in_array($mtype_primary, array('text','message'))) { $OUTPUT->show_message('importmessageerror', 'error'); continue; @@ -39,7 +40,9 @@ if (is_array($_FILES['_file'])) { // read the first few lines to detect header-like structure $fp = fopen($filepath, 'r'); - do { $line = fgets($fp); } + do { + $line = fgets($fp); + } while ($line !== false && trim($line) == ''); if (!preg_match('/^From\s+-/', $line) && !preg_match('/^[a-z-_]+:\s+.+/i', $line)) { @@ -103,4 +106,3 @@ else if ($_SERVER['REQUEST_METHOD'] == 'POST') { // send html page with JS calls as response $OUTPUT->send('iframe'); - |