diff options
Diffstat (limited to 'program/steps/mail')
| -rw-r--r-- | program/steps/mail/attachments.inc | 8 | ||||
| -rw-r--r-- | program/steps/mail/check_recent.inc | 10 | ||||
| -rw-r--r-- | program/steps/mail/compose.inc | 210 | ||||
| -rw-r--r-- | program/steps/mail/func.inc | 89 | ||||
| -rw-r--r-- | program/steps/mail/get.inc | 108 | ||||
| -rw-r--r-- | program/steps/mail/sendmail.inc | 12 | ||||
| -rw-r--r-- | program/steps/mail/show.inc | 3 |
7 files changed, 304 insertions, 136 deletions
diff --git a/program/steps/mail/attachments.inc b/program/steps/mail/attachments.inc index 21a9f5b99..180fc0bb9 100644 --- a/program/steps/mail/attachments.inc +++ b/program/steps/mail/attachments.inc @@ -89,6 +89,8 @@ $OUTPUT->reset(); $uploadid = get_input_value('_uploadid', RCUBE_INPUT_GET); if (is_array($_FILES['_attachments']['tmp_name'])) { + $multiple = count($_FILES['_attachments']['tmp_name']) > 1; + foreach ($_FILES['_attachments']['tmp_name'] as $i => $filepath) { // Process uploaded attachment if there is no error $err = $_FILES['_attachments']['error'][$i]; @@ -149,8 +151,10 @@ if (is_array($_FILES['_attachments']['tmp_name'])) { $msg = rcube_label('fileuploaderror'); } - $OUTPUT->command('display_message', $msg, 'error'); - $OUTPUT->command('remove_from_attachment_list', $uploadid); + if ($attachment['error'] || $err != UPLOAD_ERR_NO_FILE) { + $OUTPUT->command('display_message', $msg, 'error'); + $OUTPUT->command('remove_from_attachment_list', $uploadid); + } } } } diff --git a/program/steps/mail/check_recent.inc b/program/steps/mail/check_recent.inc index 1a1b08c60..90d17c15b 100644 --- a/program/steps/mail/check_recent.inc +++ b/program/steps/mail/check_recent.inc @@ -19,8 +19,14 @@ +-----------------------------------------------------------------------+ */ +// If there's no folder or messages list, there's nothing to update +// This can happen on 'refresh' request +if (empty($_REQUEST['_folderlist']) && empty($_REQUEST['_list'])) { + return; +} + $current = $RCMAIL->storage->get_folder(); -$check_all = !empty($_GET['_refresh']) || (bool)$RCMAIL->config->get('check_all_folders'); +$check_all = $RCMAIL->action != 'refresh' || (bool)$RCMAIL->config->get('check_all_folders'); // list of folders to check if ($check_all) { @@ -102,6 +108,4 @@ foreach ($a_mailboxes as $mbox_name) { } } -$RCMAIL->plugins->exec_hook('keep_alive', array()); - $OUTPUT->send(); diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc index 2d45105c2..c039e42c6 100644 --- a/program/steps/mail/compose.inc +++ b/program/steps/mail/compose.inc @@ -249,18 +249,7 @@ else { $MESSAGE->compose = array(); // get user's identities -$MESSAGE->identities = $RCMAIL->user->list_identities(); -if (count($MESSAGE->identities)) -{ - foreach ($MESSAGE->identities as $idx => $ident) { - $ident['email'] = format_email($ident['email']); - $email = format_email(rcube_idn_to_utf8($ident['email'])); - - $MESSAGE->identities[$idx]['email_ascii'] = $ident['email']; - $MESSAGE->identities[$idx]['ident'] = format_email_recipient($ident['email'], $ident['name']); - $MESSAGE->identities[$idx]['email'] = $email; - } -} +$MESSAGE->identities = $RCMAIL->user->list_identities(null, true); // Set From field value if (!empty($_POST['_from'])) { @@ -270,83 +259,10 @@ else if (!empty($COMPOSE['param']['from'])) { $MESSAGE->compose['from'] = $COMPOSE['param']['from']; } else if (count($MESSAGE->identities)) { - $a_recipients = array(); - $a_names = array(); - - // extract all recipients of the reply-message - if (is_object($MESSAGE->headers) && in_array($compose_mode, array(RCUBE_COMPOSE_REPLY, RCUBE_COMPOSE_FORWARD))) - { - $a_to = rcube_mime::decode_address_list($MESSAGE->headers->to, null, true, $MESSAGE->headers->charset); - foreach ($a_to as $addr) { - if (!empty($addr['mailto'])) { - $a_recipients[] = format_email($addr['mailto']); - $a_names[] = $addr['name']; - } - } - - if (!empty($MESSAGE->headers->cc)) { - $a_cc = rcube_mime::decode_address_list($MESSAGE->headers->cc, null, true, $MESSAGE->headers->charset); - foreach ($a_cc as $addr) { - if (!empty($addr['mailto'])) { - $a_recipients[] = format_email($addr['mailto']); - $a_names[] = $addr['name']; - } - } - } - } - - $from_idx = null; - $found_idx = null; - $default_identity = 0; // default identity is always first on the list - $return_path = $MESSAGE->headers->others['return-path']; - - // Select identity - foreach ($MESSAGE->identities as $idx => $ident) { - // use From header - if (in_array($compose_mode, array(RCUBE_COMPOSE_DRAFT, RCUBE_COMPOSE_EDIT))) { - if ($MESSAGE->headers->from == $ident['ident']) { - $from_idx = $idx; - break; - } - } - // reply to yourself - else if ($compose_mode == RCUBE_COMPOSE_REPLY && $MESSAGE->headers->from == $ident['ident']) { - $from_idx = $idx; - break; - } - // use replied message recipients - else if (($found = array_search($ident['email_ascii'], $a_recipients)) !== false) { - if ($found_idx === null) { - $found_idx = $idx; - } - // match identity name - if ($a_names[$found] && $ident['name'] && $a_names[$found] == $ident['name']) { - $from_idx = $idx; - break; - } - } - } - - // If matching by name+address doesn't found any amtches, get first found address (identity) - if ($from_idx === null) { - $from_idx = $found_idx; - } - - // Fallback using Return-Path - if ($from_idx === null && $return_path) { - foreach ($MESSAGE->identities as $idx => $ident) { - if (strpos($return_path, str_replace('@', '=', $ident['email_ascii']).'@') !== false) { - $from_idx = $idx; - break; - } - } - } - - $ident = $MESSAGE->identities[$from_idx !== null ? $from_idx : $default_identity]; - $from_id = $ident['identity_id']; + $ident = rcmail_identity_select($MESSAGE, $MESSAGE->identities, $compose_mode); $MESSAGE->compose['from_email'] = $ident['email']; - $MESSAGE->compose['from'] = $from_id; + $MESSAGE->compose['from'] = $ident['identity_id']; } // Set other headers @@ -463,6 +379,92 @@ $MESSAGE_BODY = rcmail_prepare_message_body(); /****** compose mode functions ********/ +function rcmail_identity_select($MESSAGE, $identities, $compose_mode) +{ + $a_recipients = array(); + $a_names = array(); + + // extract all recipients of the reply-message + if (is_object($MESSAGE->headers) && in_array($compose_mode, array(RCUBE_COMPOSE_REPLY, RCUBE_COMPOSE_FORWARD))) { + $a_to = rcube_mime::decode_address_list($MESSAGE->headers->to, null, true, $MESSAGE->headers->charset); + foreach ($a_to as $addr) { + if (!empty($addr['mailto'])) { + $a_recipients[] = format_email($addr['mailto']); + $a_names[] = $addr['name']; + } + } + + if (!empty($MESSAGE->headers->cc)) { + $a_cc = rcube_mime::decode_address_list($MESSAGE->headers->cc, null, true, $MESSAGE->headers->charset); + foreach ($a_cc as $addr) { + if (!empty($addr['mailto'])) { + $a_recipients[] = format_email($addr['mailto']); + $a_names[] = $addr['name']; + } + } + } + } + + $from_idx = null; + $found_idx = null; + $default_identity = 0; // default identity is always first on the list + + // Select identity + foreach ($identities as $idx => $ident) { + // use From header + if (in_array($compose_mode, array(RCUBE_COMPOSE_DRAFT, RCUBE_COMPOSE_EDIT))) { + if ($MESSAGE->headers->from == $ident['ident']) { + $from_idx = $idx; + break; + } + } + // reply to yourself + else if ($compose_mode == RCUBE_COMPOSE_REPLY && $MESSAGE->headers->from == $ident['ident']) { + $from_idx = $idx; + break; + } + // use replied message recipients + else if (($found = array_search($ident['email_ascii'], $a_recipients)) !== false) { + if ($found_idx === null) { + $found_idx = $idx; + } + // match identity name + if ($a_names[$found] && $ident['name'] && $a_names[$found] == $ident['name']) { + $from_idx = $idx; + break; + } + } + } + + // If matching by name+address doesn't found any amtches, get first found address (identity) + if ($from_idx === null) { + $from_idx = $found_idx; + } + + // Try Return-Path + if ($from_idx === null && ($return_path = $MESSAGE->headers->others['return-path'])) { + foreach ($identities as $idx => $ident) { + if (strpos($return_path, str_replace('@', '=', $ident['email_ascii']).'@') !== false) { + $from_idx = $idx; + break; + } + } + } + + // Fallback using Delivered-To + if ($from_idx === null && ($delivered_to = $MESSAGE->headers->others['delivered-to'])) { + foreach ($identities as $idx => $ident) { + if (in_array($ident['email_ascii'], $delivered_to)) { + $from_idx = $idx; + break; + } + } + } + + return $identities[$from_idx !== null ? $from_idx : $default_identity]; +} + + function rcmail_compose_headers($attrib) { global $MESSAGE; @@ -611,13 +613,13 @@ function rcmail_compose_editor_mode() $useHtml = !empty($_POST['_is_html']); } else if ($compose_mode == RCUBE_COMPOSE_DRAFT || $compose_mode == RCUBE_COMPOSE_EDIT) { - $useHtml = $MESSAGE->has_html_part(false); + $useHtml = $MESSAGE->has_html_part(false, true); } else if ($compose_mode == RCUBE_COMPOSE_REPLY) { - $useHtml = ($html_editor == 1 || ($html_editor >= 2 && $MESSAGE->has_html_part(false))); + $useHtml = ($html_editor == 1 || ($html_editor >= 2 && $MESSAGE->has_html_part(false, true))); } else if ($compose_mode == RCUBE_COMPOSE_FORWARD) { - $useHtml = ($html_editor == 1 || ($html_editor == 3 && $MESSAGE->has_html_part(false))); + $useHtml = ($html_editor == 1 || ($html_editor == 3 && $MESSAGE->has_html_part(false, true))); } else { $useHtml = ($html_editor == 1); @@ -730,6 +732,10 @@ function rcmail_compose_part_body($part, $isHtml = false) if ($isHtml) { if ($part->ctype_secondary == 'html') { } + else if ($part->ctype_secondary == 'enriched') { + require_once(INSTALL_PATH . 'program/lib/enriched.inc'); + $body = enriched_to_html($body); + } else { // try to remove the signature if ($RCMAIL->config->get('strip_existing_sig', true)) { @@ -743,6 +749,12 @@ function rcmail_compose_part_body($part, $isHtml = false) } } else { + if ($part->ctype_secondary == 'enriched') { + require_once(INSTALL_PATH . 'program/lib/enriched.inc'); + $body = enriched_to_html($body); + $part->ctype_secondary = 'html'; + } + if ($part->ctype_secondary == 'html') { // use html part if it has been used for message (pre)viewing // decrease line length for quoting @@ -750,6 +762,10 @@ function rcmail_compose_part_body($part, $isHtml = false) $txt = new html2text($body, false, true, $len); $body = $txt->get_text(); } + else if ($part->ctype_secondary == 'enriched') { + require_once(INSTALL_PATH . 'program/lib/enriched.inc'); + $body = enriched_to_html($body); + } else { if ($part->ctype_secondary == 'plain' && $part->ctype_parameters['format'] == 'flowed') { $body = rcube_mime::unfold_flowed($body); @@ -906,9 +922,10 @@ function rcmail_create_reply_body($body, $bodyIsHtml) if (!$bodyIsHtml) { $body = preg_replace('/\r?\n/', "\n", $body); + $body = trim($body, "\n"); // soft-wrap and quote message text - $body = rcmail_wrap_and_quote(rtrim($body, "\n"), $LINE_LENGTH); + $body = rcmail_wrap_and_quote($body, $LINE_LENGTH); $prefix .= "\n"; $suffix = ''; @@ -953,8 +970,7 @@ function rcmail_create_forward_body($body, $bodyIsHtml) $date = format_date($MESSAGE->headers->date, $RCMAIL->config->get('date_long')); $charset = $RCMAIL->output->get_charset(); - if (!$bodyIsHtml) - { + if (!$bodyIsHtml) { $prefix = "\n\n\n-------- " . rcube_label('originalmessage') . " --------\n"; $prefix .= rcube_label('subject') . ': ' . $MESSAGE->subject . "\n"; $prefix .= rcube_label('date') . ': ' . $date . "\n"; @@ -967,9 +983,9 @@ function rcmail_create_forward_body($body, $bodyIsHtml) $prefix .= rcube_label('replyto') . ': ' . $MESSAGE->get_header('replyto') . "\n"; $prefix .= "\n"; + $body = trim($body, "\r\n"); } - else - { + else { // set is_safe flag (we need this for html body washing) rcmail_check_safe($MESSAGE); // clean up html tags @@ -1601,7 +1617,7 @@ function rcmail_addressbook_list($attrib = array()) 'rel' => '%s', 'onclick' => "return ".JS_OBJECT_NAME.".command('list-adresses','%s',this)"), '%s')); - foreach ($RCMAIL->get_address_sources() as $j => $source) { + foreach ($RCMAIL->get_address_sources(false, true) as $j => $source) { $id = strval(strlen($source['id']) ? $source['id'] : $j); $js_id = JQ($id); @@ -1614,7 +1630,7 @@ function rcmail_addressbook_list($attrib = array()) html_identifier($id), $class_name, $source['id'], - $js_id, (!empty($source['name']) ? Q($source['name']) : Q($id))); + $js_id, (!empty($source['name']) ? $source['name'] : $id)); } $OUTPUT->add_gui_object('addressbookslist', $attrib['id']); diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 47d1a484a..cb1a5ddae 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -471,7 +471,7 @@ function rcmail_messagecontent_frame($attrib) $OUTPUT->set_env('contentframe', $attrib['id']); $OUTPUT->set_env('blankpage', $attrib['src'] ? $OUTPUT->abs_url($attrib['src']) : 'program/resources/blank.gif'); - return html::iframe($attrib); + return $OUTPUT->frame($attrib, true); } @@ -751,9 +751,10 @@ function rcmail_print_body($part, $p = array()) } // text/enriched else if ($data['type'] == 'enriched') { - $part->ctype_secondary = 'html'; require_once(INSTALL_PATH . 'program/lib/enriched.inc'); - $body = Q(enriched_to_html($data['body']), 'show'); + $body = enriched_to_html($data['body']); + $body = rcmail_wash_html($body, $data, $part->replaces); + $part->ctype_secondary = 'html'; } else { // assert plaintext @@ -789,7 +790,7 @@ function rcmail_plain_body($body, $flowed=false) global $RCMAIL; // make links and email-addresses clickable - $replacer = new rcube_string_replacer; + $replacer = new rcmail_string_replacer; // search for patterns like links and e-mail addresses and replace with tokens $body = $replacer->replace($body); @@ -801,8 +802,8 @@ function rcmail_plain_body($body, $flowed=false) // find/mark quoted lines... for ($n=0, $cnt=count($body); $n < $cnt; $n++) { - if ($body[$n][0] == '>' && preg_match('/^(>+\s*)+/', $body[$n], $regs)) { - $q = strlen(preg_replace('/\s/', '', $regs[0])); + if ($body[$n][0] == '>' && preg_match('/^(>+ {0,1})+/', $body[$n], $regs)) { + $q = substr_count($regs[0], '>'); $body[$n] = substr($body[$n], strlen($regs[0])); if ($q > $quote_level) { @@ -1060,10 +1061,10 @@ function rcmail_localized_priority($value) '4' => 'low', '5' => 'lowest', ); - + if ($value && $labels_map[$value]) return rcube_label($labels_map[$value]); - + return ''; } @@ -1186,7 +1187,10 @@ function rcmail_message_body($attrib) } // list images after mail body - if ($CONFIG['inline_images'] && !empty($MESSAGE->attachments)) { + if ($RCMAIL->config->get('inline_images', true) && !empty($MESSAGE->attachments)) { + $thumbnail_size = $RCMAIL->config->get('image_thumbnail_size', 240); + $client_mimetypes = (array)$RCMAIL->config->get('client_mimetypes'); + foreach ($MESSAGE->attachments as $attach_prop) { // skip inline images if ($attach_prop->content_id && $attach_prop->disposition == 'inline') { @@ -1194,13 +1198,47 @@ function rcmail_message_body($attrib) } // Content-Type: image/*... - if (rcmail_part_image_type($attach_prop)) { - $out .= html::tag('hr') . html::p(array('align' => "center"), - html::img(array( - 'src' => $MESSAGE->get_part_url($attach_prop->mime_id, true), - 'title' => $attach_prop->filename, - 'alt' => $attach_prop->filename, - ))); + if ($mimetype = rcmail_part_image_type($attach_prop)) { + // display thumbnails + if ($thumbnail_size) { + $show_link = array( + 'href' => $MESSAGE->get_part_url($attach_prop->mime_id, false), + 'onclick' => sprintf( + 'return %s.command(\'load-attachment\',{part:\'%s\', mimetype:\'%s\'},this)', + JS_OBJECT_NAME, + $attach_prop->mime_id, + $mimetype) + ); + $out .= html::p('image-attachment', + html::a($show_link + array('class' => 'image-link', 'style' => sprintf('width:%dpx', $thumbnail_size)), + html::img(array( + 'class' => 'image-thumbnail', + 'src' => $MESSAGE->get_part_url($attach_prop->mime_id, true) . '&_thumb=1', + 'title' => $attach_prop->filename, + 'alt' => $attach_prop->filename, + 'style' => sprintf('max-width:%dpx; max-height:%dpx', $thumbnail_size, $thumbnail_size), + )) + ) . + html::span('image-filename', Q($attach_prop->filename)) . + html::span('image-filesize', Q($RCMAIL->message_part_size($attach_prop))) . + html::span('attachment-links', + (in_array($mimetype, $client_mimetypes) ? html::a($show_link, rcube_label('showattachment')) . ' ' : '') . + html::a($show_link['href'] . '&_download=1', rcube_label('download')) + ) . + html::br(array('style' => 'clear:both')) + ); + } + else { + $out .= html::tag('fieldset', 'image-attachment', + html::tag('legend', 'image-filename', Q($attach_prop->filename)) . + html::p(array('align' => "center"), + html::img(array( + 'src' => $MESSAGE->get_part_url($attach_prop->mime_id, true), + 'title' => $attach_prop->filename, + 'alt' => $attach_prop->filename, + ))) + ); + } } } } @@ -1247,7 +1285,7 @@ function rcmail_part_image_type($part) if ($part->filename && preg_match('/^application\/octet-stream$/i', $part->mimetype) - && preg_match('/\.([^.])$/i', $part->filename, $m) + && preg_match('/\.([^.]+)$/i', $part->filename, $m) && ($extension = strtolower($m[1])) && isset($types[$extension]) ) { @@ -1294,7 +1332,7 @@ function rcmail_html4inline($body, $container_id, $body_id='', &$attributes=null // modify HTML links to open a new window if clicked $GLOBALS['rcmail_html_container_id'] = $container_id; - $body = preg_replace_callback('/<(a|link)\s+([^>]+)>/Ui', 'rcmail_alter_html_link', $body); + $body = preg_replace_callback('/<(a|link|area)\s+([^>]+)>/Ui', 'rcmail_alter_html_link', $body); unset($GLOBALS['rcmail_html_container_id']); $body = preg_replace(array( @@ -1407,7 +1445,11 @@ function rcmail_alter_html_link($matches) $attrib['target'] = '_blank'; } - return "<$tag" . html::attrib_string($attrib, array('href','name','target','onclick','id','class','style','title','rel','type','media')) . $end; + // allowed attributes for a|link|area tags + $allow = array('href','name','target','onclick','id','class','style','title', + 'rel','type','media','alt','coords','nohref','hreflang','shape'); + + return "<$tag" . html::attrib_string($attrib, $allow) . $end; } @@ -1446,7 +1488,9 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null, $mailto = rcube_idn_to_utf8($mailto); if ($PRINT_MODE) { - $out .= sprintf('%s <%s>', Q($name), $mailto); + $out .= ($out ? ', ' : '') . sprintf('%s <%s>', Q($name), $mailto); + // for printing we display all addresses + continue; } else if (check_email($part['mailto'], false)) { if ($linked) { @@ -1555,7 +1599,7 @@ function rcmail_wrap_and_quote($text, $length = 72) $out .= $line . "\n"; } - return $out; + return rtrim($out, "\n"); } @@ -1620,7 +1664,7 @@ function rcmail_message_part_frame($attrib) $part = $MESSAGE->mime_parts[asciiwords(get_input_value('_part', RCUBE_INPUT_GPC))]; $ctype_primary = strtolower($part->ctype_primary); - $attrib['src'] = './?' . str_replace('_frame=', ($ctype_primary=='text' ? '_show=' : '_preload='), $_SERVER['QUERY_STRING']); + $attrib['src'] = './?' . str_replace('_frame=', ($ctype_primary=='text' ? '_embed=' : '_preload='), $_SERVER['QUERY_STRING']); return html::iframe($attrib); } @@ -1806,6 +1850,7 @@ $OUTPUT->add_handlers(array( // register action aliases $RCMAIL->register_action_map(array( + 'refresh' => 'check_recent.inc', 'preview' => 'show.inc', 'print' => 'show.inc', 'moveto' => 'move_del.inc', diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc index bcd57dee0..71a5e1b02 100644 --- a/program/steps/mail/get.inc +++ b/program/steps/mail/get.inc @@ -60,6 +60,42 @@ if (!empty($_GET['_frame'])) { exit; } +// render thumbnail of an image attachment +else if ($_GET['_thumb']) { + $pid = get_input_value('_part', RCUBE_INPUT_GET); + if ($part = $MESSAGE->mime_parts[$pid]) { + $thumbnail_size = $RCMAIL->config->get('image_thumbnail_size', 240); + $temp_dir = $RCMAIL->config->get('temp_dir'); + list(,$ext) = explode('/', $part->mimetype); + $cache_basename = $temp_dir . '/' . md5($MESSAGE->headers->messageID . $part->mime_id . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size); + $cache_file = $cache_basename . '.' . $ext; + $mimetype = $part->mimetype; + + // render thumbnail image if not done yet + if (!is_file($cache_file)) { + $fp = fopen(($orig_name = $cache_basename . '.orig.' . $ext), 'w'); + $MESSAGE->get_part_content($part->mime_id, $fp); + fclose($fp); + + $image = new rcube_image($orig_name); + if ($imgtype = $image->resize($RCMAIL->config->get('image_thumbnail_size', 240), $cache_file, true)) { + $mimetype = 'image/' . $imgtype; + unlink($orig_name); + } + else { + rename($orig_name, $cache_file); + } + } + + if (is_file($cache_file)) { + header('Content-Type: ' . $mimetype); + readfile($cache_file); + } + } + + exit; +} + else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) { if ($part = $MESSAGE->mime_parts[$pid]) { @@ -76,6 +112,71 @@ else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) { // overwrite modified vars from plugin $mimetype = $plugin['mimetype']; + $extensions = rcube_mime::get_mime_extensions($mimetype); + + if ($plugin['body']) + $part->body = $plugin['body']; + + + // compare file mimetype with the stated content-type headers and file extension to avoid malicious operations + if (!empty($_REQUEST['_embed']) && empty($_REQUEST['_nocheck'])) { + $file_extension = strtolower(pathinfo($part->filename, PATHINFO_EXTENSION)); + + // 1. compare filename suffix with expected suffix derived from mimetype + $valid = $file_extension && in_array($file_extension, (array)$extensions); + + // 2. detect the real mimetype of the attachment part and compare it with the stated mimetype and filename extension + if ($valid || !$file_extension || $mimetype == 'application/octet-stream') { + if ($part->body) // part body is already loaded + $body = $part->body; + else if ($part->size && $part->size < 1024*1024) // load the entire part if it's small enough + $body = $part->body = $MESSAGE->get_part_content($part->mime_id); + else // fetch the first 2K of the message part + $body = $MESSAGE->get_part_content($part->mime_id, null, true, 2048); + + // detect message part mimetype + $real_mimetype = rcube_mime::file_content_type($body, $part->filename, $mimetype, true, true); + list($real_ctype_primary, $real_ctype_secondary) = explode('/', $real_mimetype); + + // ignore differences in text/* mimetypes. Filetype detection isn't very reliable here + if ($real_ctype_primary == 'text' && strpos($mimetype, $real_ctype_primary) === 0) + $real_mimetype = $mimetype; + + // get valid file extensions + $extensions = rcube_mime::get_mime_extensions($real_mimetype); + $valid_extension = (!$file_extension || in_array($file_extension, (array)$extensions)); + + // fix mimetype for images wrongly declared as octet-stream + if ($mimetype == 'application/octet-stream' && strpos($real_mimetype, 'image/') === 0 && $valid_extension) + $mimetype = $real_mimetype; + + $valid = ($real_mimetype == $mimetype && $valid_extension); + } + else { + $real_mimetype = $mimetype; + } + + // show warning if validity checks failed + if (!$valid) { + $OUTPUT = new rcmail_html_page(); + $OUTPUT->write(html::tag('html', null, html::tag('body', array('style' => 'font-family:sans-serif; margin:1em'), + html::div(array('class' => 'warning', 'style' => 'border:2px solid #ffdf0e; background:#fef893; padding:1em 1em 0 1em;'), + rcube_label(array( + 'name' => 'attachmentvalidationerror', + 'vars' => array('expected' => "$mimetype (.$file_extension)", 'detected' => "$real_mimetype (.$extensions[0])") + )) . + html::p('buttons', + html::tag('button', null, + html::a(array( + 'href' => $RCMAIL->url(array_merge($_GET, array('_nocheck' => 1))), + 'style' => 'text-decoration:none;color:#000', + ), rcube_label('showanyway'))) + )) + ))); + exit; + } + } + // TIFF to JPEG conversion, if needed $tiff_support = !empty($_SESSION['browser_caps']) && !empty($_SESSION['browser_caps']['tif']); @@ -87,11 +188,9 @@ else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) { $mimetype = 'image/jpeg'; } - list($ctype_primary, $ctype_secondary) = explode('/', $mimetype); - if ($plugin['body']) - $part->body = $plugin['body']; $browser = $RCMAIL->output->browser; + list($ctype_primary, $ctype_secondary) = explode('/', $mimetype); // send download headers if ($plugin['download']) { @@ -108,6 +207,7 @@ else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) { header("Content-Transfer-Encoding: binary"); } + // deliver part content if ($ctype_primary == 'text' && $ctype_secondary == 'html' && empty($plugin['download'])) { // Check if we have enough memory to handle the message in it @@ -130,7 +230,7 @@ else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) { check_storage_status(); } - $OUTPUT = new rcube_output_html(); + $OUTPUT = new rcube_html_page(); $OUTPUT->write($out); } else { diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc index 4fac872d1..c26d774a2 100644 --- a/program/steps/mail/sendmail.inc +++ b/program/steps/mail/sendmail.inc @@ -364,7 +364,7 @@ if (!empty($mailcc)) { if (!empty($mailbcc)) { $headers['Bcc'] = $mailbcc; } -if (!empty($identity_arr['bcc'])) { +if (!empty($identity_arr['bcc']) && stripos($headers['Bcc'], $identity_arr['bcc']) === false) { $headers['Bcc'] = ($headers['Bcc'] ? $headers['Bcc'].', ' : '') . $identity_arr['bcc']; $RECIPIENT_COUNT ++; } @@ -559,8 +559,8 @@ if ($isHtml) { $plugin['body'] = rcmail_replace_emoticons($plugin['body']); // add a plain text version of the e-mail as an alternative part. - $h2t = new html2text($plugin['body'], false, true, 0); - $plainTextPart = rc_wordwrap($h2t->get_text(), $LINE_LENGTH, "\r\n"); + $h2t = new html2text($plugin['body'], false, true, 0, $message_charset); + $plainTextPart = rc_wordwrap($h2t->get_text(), $LINE_LENGTH, "\r\n", false, $message_charset); $plainTextPart = wordwrap($plainTextPart, 998, "\r\n", true); // make sure all line endings are CRLF (#1486712) @@ -585,10 +585,10 @@ else { $message_body = $plugin['body']; // compose format=flowed content if enabled - if ($flowed = $RCMAIL->config->get('send_format_flowed', true)) - $message_body = rcube_mime::format_flowed($message_body, min($LINE_LENGTH+2, 79)); + if ($flowed = ($savedraft || $RCMAIL->config->get('send_format_flowed', true))) + $message_body = rcube_mime::format_flowed($message_body, min($LINE_LENGTH+2, 79), $message_charset); else - $message_body = rc_wordwrap($message_body, $LINE_LENGTH, "\r\n"); + $message_body = rc_wordwrap($message_body, $LINE_LENGTH, "\r\n", false, $message_charset); $message_body = wordwrap($message_body, 998, "\r\n", true); diff --git a/program/steps/mail/show.inc b/program/steps/mail/show.inc index f89660719..82594f3e4 100644 --- a/program/steps/mail/show.inc +++ b/program/steps/mail/show.inc @@ -62,8 +62,7 @@ if ($uid = get_input_value('_uid', RCUBE_INPUT_GET)) { $OUTPUT->set_env('compose_extwin', $RCMAIL->config->get('compose_extwin',false)); // mimetypes supported by the browser (default settings) - $mimetypes = $RCMAIL->config->get('client_mimetypes', 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,image/bmp,image/tiff,application/x-javascript,application/pdf,application/x-shockwave-flash'); - $mimetypes = is_string($mimetypes) ? explode(',', $mimetypes) : (array)$mimetypes; + $mimetypes = (array)$RCMAIL->config->get('client_mimetypes'); // Remove unsupported types, which makes that attachment which cannot be // displayed in a browser will be downloaded directly without displaying an overlay page |