diff options
Diffstat (limited to 'program/steps')
-rw-r--r-- | program/steps/addressbook/import.inc | 2 | ||||
-rw-r--r-- | program/steps/addressbook/save.inc | 4 | ||||
-rw-r--r-- | program/steps/mail/addcontact.inc | 2 | ||||
-rw-r--r-- | program/steps/mail/compose.inc | 10 | ||||
-rw-r--r-- | program/steps/mail/func.inc | 17 | ||||
-rw-r--r-- | program/steps/mail/sendmail.inc | 6 | ||||
-rw-r--r-- | program/steps/settings/edit_identity.inc | 6 | ||||
-rw-r--r-- | program/steps/settings/func.inc | 2 | ||||
-rw-r--r-- | program/steps/settings/save_identity.inc | 16 | ||||
-rw-r--r-- | program/steps/utils/error.inc | 7 | ||||
-rw-r--r-- | program/steps/utils/modcss.inc | 12 |
11 files changed, 46 insertions, 38 deletions
diff --git a/program/steps/addressbook/import.inc b/program/steps/addressbook/import.inc index ceb683227..7f979de82 100644 --- a/program/steps/addressbook/import.inc +++ b/program/steps/addressbook/import.inc @@ -136,7 +136,7 @@ if ($_FILES['_file']['tmp_name'] && is_uploaded_file($_FILES['_file']['tmp_name' } // We're using UTF8 internally - $email = idn_to_utf8($email); + $email = rcube_idn_to_utf8($email); if (!$replace) { // compare e-mail address diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc index 1c70b89b6..c3a3a69e9 100644 --- a/program/steps/addressbook/save.inc +++ b/program/steps/addressbook/save.inc @@ -49,8 +49,8 @@ foreach ($a_save_cols as $col) { } // Validity checks -$_email = idn_to_ascii($a_record['email']); -if (!check_email($_email, false)) { +$_email = rcube_idn_to_ascii($a_record['email']); +if (!check_email($_email)) { $OUTPUT->show_message('emailformaterror', 'warning', array('email' => $_email)); rcmail_overwrite_action($return_action); return; diff --git a/program/steps/mail/addcontact.inc b/program/steps/mail/addcontact.inc index 613a63e39..21fbc2db2 100644 --- a/program/steps/mail/addcontact.inc +++ b/program/steps/mail/addcontact.inc @@ -46,7 +46,7 @@ if (!empty($_POST['_address']) && is_object($CONTACTS)) $OUTPUT->send(); } - $contact['email'] = idn_to_utf8($contact['email']); + $contact['email'] = rcube_idn_to_utf8($contact['email']); // use email address part for name if (empty($contact['name']) || $contact['name'] == $contact['email']) diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc index 45b95c937..eb42b2abe 100644 --- a/program/steps/mail/compose.inc +++ b/program/steps/mail/compose.inc @@ -321,7 +321,7 @@ function rcmail_compose_headers($attrib) if (empty($addr_part['mailto'])) continue; - $mailto = idn_to_utf8($addr_part['mailto']); + $mailto = rcube_idn_to_utf8($addr_part['mailto']); if (!in_array($mailto, $sa_recipients) && (!$MESSAGE->compose_from @@ -360,7 +360,7 @@ function rcmail_compose_headers($attrib) if (empty($addr_part['mailto'])) continue; - $mailto = idn_to_utf8($addr_part['mailto']); + $mailto = rcube_idn_to_utf8($addr_part['mailto']); if ($addr_part['name'] && $addr_part['mailto'] != $addr_part['name']) $string = format_email_recipient($mailto, $addr_part['name']); @@ -437,7 +437,7 @@ function rcmail_compose_header_from($attrib) // create SELECT element foreach ($user_identities as $sql_arr) { - $email = mb_strtolower(idn_to_utf8($sql_arr['email'])); + $email = mb_strtolower(rcube_idn_to_utf8($sql_arr['email'])); $identity_id = $sql_arr['identity_id']; $select_from->add(format_email_recipient($email, $sql_arr['name']), $identity_id); @@ -732,9 +732,9 @@ function rcmail_create_reply_body($body, $bodyIsHtml) global $RCMAIL, $MESSAGE, $LINE_LENGTH; // build reply prefix - $from = array_pop($RCMAIL->imap->decode_address_list($MESSAGE->get_header('from'))); + $from = array_pop($RCMAIL->imap->decode_address_list($MESSAGE->get_header('from'), 1, false)); $prefix = sprintf("On %s, %s wrote:", - $MESSAGE->headers->date, $from['name'] ? $from['name'] : idn_to_utf8($from['mailto'])); + $MESSAGE->headers->date, $from['name'] ? $from['name'] : rcube_idn_to_utf8($from['mailto'])); if (!$bodyIsHtml) { $body = preg_replace('/\r?\n/', "\n", $body); diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index b62e8a86c..a4eb13175 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -56,9 +56,9 @@ if (!empty($_GET['_page'])) // set default sort col/order to session if (!isset($_SESSION['sort_col'])) - $_SESSION['sort_col'] = $CONFIG['message_sort_col']; + $_SESSION['sort_col'] = !empty($CONFIG['message_sort_col']) ? $CONFIG['message_sort_col'] : ''; if (!isset($_SESSION['sort_order'])) - $_SESSION['sort_order'] = $CONFIG['message_sort_order']; + $_SESSION['sort_order'] = strtoupper($CONFIG['message_sort_order']) == 'ASC' ? 'ASC' : 'DESC'; // set threads mode $a_threading = $RCMAIL->config->get('message_threading', array()); @@ -1194,15 +1194,16 @@ function rcmail_html4inline($body, $container_id, $body_id='', &$attributes=null */ function rcmail_alter_html_link($matches) { - global $EMAIL_ADDRESS_PATTERN; + global $RCMAIL, $EMAIL_ADDRESS_PATTERN; $tag = $matches[1]; $attrib = parse_attrib_string($matches[2]); $end = '>'; if ($tag == 'link' && preg_match('/^https?:\/\//i', $attrib['href'])) { - $attrib['href'] = "?_task=utils&_action=modcss&u=" . urlencode($attrib['href']) - . "&c=" . urlencode($GLOBALS['rcmail_html_container_id']); + $tempurl = 'tmp-' . md5($attrib['href']) . '.css'; + $_SESSION['modcssurls'][$tempurl] = $attrib['href']; + $attrib['href'] = $RCMAIL->url(array('task' => 'utils', 'action' => 'modcss', 'u' => $tempurl, 'c' => $GLOBALS['rcmail_html_container_id'])); $end = ' />'; } else if (preg_match('/^mailto:'.$EMAIL_ADDRESS_PATTERN.'(\?[^"\'>]+)?/i', $attrib['href'], $mailto)) { @@ -1250,10 +1251,10 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null) // IDNA ASCII to Unicode if ($name == $mailto) - $name = idn_to_utf8($name); + $name = rcube_idn_to_utf8($name); if ($string == $mailto) - $string = idn_to_utf8($string); - $mailto = idn_to_utf8($mailto); + $string = rcube_idn_to_utf8($string); + $mailto = rcube_idn_to_utf8($mailto); if ($PRINT_MODE) { $out .= sprintf('%s <%s>', Q($name), $mailto); diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc index 770660c1d..ecc7f3369 100644 --- a/program/steps/mail/sendmail.inc +++ b/program/steps/mail/sendmail.inc @@ -153,11 +153,11 @@ function rcmail_email_input_format($mailto, $count=false, $check=true) $item = trim($item); // address in brackets without name (do nothing) if (preg_match('/^<\S+@\S+>$/', $item)) { - $item = idn_to_ascii($item); + $item = rcube_idn_to_ascii($item); $result[] = $item; // address without brackets and without name (add brackets) } else if (preg_match('/^\S+@\S+$/', $item)) { - $item = idn_to_ascii($item); + $item = rcube_idn_to_ascii($item); $result[] = '<'.$item.'>'; // address with name (handle name) } else if (preg_match('/\S+@\S+>*$/', $item, $matches)) { @@ -168,7 +168,7 @@ function rcmail_email_input_format($mailto, $count=false, $check=true) && preg_match('/[\(\)\<\>\\\.\[\]@,;:"]/', $name)) { $name = '"'.addcslashes($name, '"').'"'; } - $address = idn_to_ascii($address); + $address = rcube_idn_to_ascii($address); if (!preg_match('/^<\S+@\S+>$/', $address)) $address = '<'.$address.'>'; diff --git a/program/steps/settings/edit_identity.inc b/program/steps/settings/edit_identity.inc index f458cbfee..a78ebc94f 100644 --- a/program/steps/settings/edit_identity.inc +++ b/program/steps/settings/edit_identity.inc @@ -94,9 +94,9 @@ function rcube_identity_form($attrib) $form['addressing']['content']['email']['class'] = 'disabled'; } - $IDENTITY_RECORD['email'] = idn_to_utf8($IDENTITY_RECORD['email']); - $IDENTITY_RECORD['reply-to'] = idn_to_utf8($IDENTITY_RECORD['reply-to']); - $IDENTITY_RECORD['bcc'] = idn_to_utf8($IDENTITY_RECORD['bcc']); + $IDENTITY_RECORD['email'] = rcube_idn_to_utf8($IDENTITY_RECORD['email']); + $IDENTITY_RECORD['reply-to'] = rcube_idn_to_utf8($IDENTITY_RECORD['reply-to']); + $IDENTITY_RECORD['bcc'] = rcube_idn_to_utf8($IDENTITY_RECORD['bcc']); // Allow plugins to modify identity form content $plugin = $RCMAIL->plugins->exec_hook('identity_form', array( diff --git a/program/steps/settings/func.inc b/program/steps/settings/func.inc index 3a3d690bf..7ddfac43e 100644 --- a/program/steps/settings/func.inc +++ b/program/steps/settings/func.inc @@ -72,7 +72,7 @@ function rcmail_identities_list($attrib) // get identities list and define 'mail' column $list = $USER->list_identities(); foreach ($list as $idx => $row) - $list[$idx]['mail'] = trim($row['name'] . ' <' . idn_to_utf8($row['email']) .'>'); + $list[$idx]['mail'] = trim($row['name'] . ' <' . rcube_idn_to_utf8($row['email']) .'>'); // get all identites from DB and define list of cols to be displayed $plugin = $RCMAIL->plugins->exec_hook('identities_list', array( diff --git a/program/steps/settings/save_identity.inc b/program/steps/settings/save_identity.inc index 30cc12495..c8d258fd7 100644 --- a/program/steps/settings/save_identity.inc +++ b/program/steps/settings/save_identity.inc @@ -59,8 +59,8 @@ if (IDENTITIES_LEVEL == 1 || IDENTITIES_LEVEL == 3) // Validate e-mail addresses foreach (array('email', 'reply-to', 'bcc') as $item) { if ($email = $save_data[$item]) { - $ascii_email = idn_to_ascii($email); - if (!check_email($ascii_email, false)) { + $ascii_email = rcube_idn_to_ascii($email); + if (!check_email($ascii_email)) { // show error message $OUTPUT->show_message('emailformaterror', 'error', array('email' => $email), false); rcmail_overwrite_action('edit-identity'); @@ -77,11 +77,11 @@ if ($_POST['_iid']) $save_data = $plugin['record']; if ($save_data['email']) - $save_data['email'] = idn_to_ascii($save_data['email']); + $save_data['email'] = rcube_idn_to_ascii($save_data['email']); if ($save_data['bcc']) - $save_data['bcc'] = idn_to_ascii($save_data['bcc']); + $save_data['bcc'] = rcube_idn_to_ascii($save_data['bcc']); if ($save_data['reply-to']) - $save_data['reply-to'] = idn_to_ascii($save_data['reply-to']); + $save_data['reply-to'] = rcube_idn_to_ascii($save_data['reply-to']); if (!$plugin['abort']) $updated = $USER->update_identity($iid, $save_data); @@ -116,9 +116,9 @@ else if (IDENTITIES_LEVEL < 2) $plugin = $RCMAIL->plugins->exec_hook('identity_create', array('record' => $save_data)); $save_data = $plugin['record']; - $save_data['email'] = idn_to_ascii($save_data['email']); - $save_data['bcc'] = idn_to_ascii($save_data['bcc']); - $save_data['reply-to'] = idn_to_ascii($save_data['reply-to']); + $save_data['email'] = rcube_idn_to_ascii($save_data['email']); + $save_data['bcc'] = rcube_idn_to_ascii($save_data['bcc']); + $save_data['reply-to'] = rcube_idn_to_ascii($save_data['reply-to']); if (!$plugin['abort']) $insert_id = $save_data['email'] ? $USER->insert_identity($save_data) : null; diff --git a/program/steps/utils/error.inc b/program/steps/utils/error.inc index c472faa3e..4f4d6cbe7 100644 --- a/program/steps/utils/error.inc +++ b/program/steps/utils/error.inc @@ -47,6 +47,13 @@ else if ($ERROR_CODE==401) { "Please contact your server-administrator."; } +// forbidden due to request check +else if ($ERROR_CODE==403) { + $__error_title = "REQUEST CHECK FAILED"; + $__error_text = "Access to this service was denied due to failing security checks!<br />\n". + "Please contact your server-administrator."; +} + // failed request (wrong step in URL) else if ($ERROR_CODE==404) { $__error_title = "REQUEST FAILED/FILE NOT FOUND"; diff --git a/program/steps/utils/modcss.inc b/program/steps/utils/modcss.inc index 781779526..5572c9a21 100644 --- a/program/steps/utils/modcss.inc +++ b/program/steps/utils/modcss.inc @@ -5,7 +5,7 @@ | program/steps/utils/modcss.inc | | | | This file is part of the Roundcube Webmail client | - | Copyright (C) 2007-2010, Roundcube Dev. - Switzerland | + | Copyright (C) 2007-2011, Roundcube Dev. - Switzerland | | Licensed under the GNU GPL | | | | PURPOSE: | @@ -21,14 +21,14 @@ $source = ''; -$url = preg_replace('![^a-z0-9:./\-_?$&=%]!i', '', $_GET['u']); -if ($url === null) { +$url = preg_replace('![^a-z0-9.-]!i', '', $_GET['_u']); +if ($url === null || !($realurl = $_SESSION['modcssurls'][$url])) { header('HTTP/1.1 403 Forbidden'); - echo $error; + echo "Unauthorized request"; exit; } -$a_uri = parse_url($url); +$a_uri = parse_url($realurl); $port = $a_uri['port'] ? $a_uri['port'] : 80; $host = $a_uri['host']; $path = $a_uri['path'] . ($a_uri['query'] ? '?'.$a_uri['query'] : ''); @@ -85,7 +85,7 @@ fclose($fp); $mimetype = strtolower($headers['content-type']); if (!empty($source) && in_array($mimetype, array('text/css','text/plain'))) { header('Content-Type: text/css'); - echo rcmail_mod_css_styles($source, preg_replace('/[^a-z0-9]/i', '', $_GET['c'])); + echo rcmail_mod_css_styles($source, preg_replace('/[^a-z0-9]/i', '', $_GET['_c'])); exit; } else |