diff options
Diffstat (limited to 'program/steps')
-rw-r--r-- | program/steps/addressbook/export.inc | 4 | ||||
-rw-r--r-- | program/steps/addressbook/import.inc | 11 | ||||
-rw-r--r-- | program/steps/addressbook/save.inc | 2 | ||||
-rw-r--r-- | program/steps/mail/compose.inc | 20 | ||||
-rw-r--r-- | program/steps/mail/copy.inc | 8 | ||||
-rw-r--r-- | program/steps/mail/func.inc | 23 | ||||
-rw-r--r-- | program/steps/mail/get.inc | 53 | ||||
-rw-r--r-- | program/steps/mail/mark.inc | 10 | ||||
-rw-r--r-- | program/steps/mail/move_del.inc | 2 | ||||
-rw-r--r-- | program/steps/mail/sendmail.inc | 44 | ||||
-rw-r--r-- | program/steps/mail/show.inc | 2 | ||||
-rw-r--r-- | program/steps/settings/about.inc | 67 | ||||
-rw-r--r-- | program/steps/settings/edit_folder.inc | 2 | ||||
-rw-r--r-- | program/steps/settings/func.inc | 15 | ||||
-rw-r--r-- | program/steps/settings/save_prefs.inc | 3 | ||||
-rw-r--r-- | program/steps/utils/save_pref.inc | 16 |
16 files changed, 152 insertions, 130 deletions
diff --git a/program/steps/addressbook/export.inc b/program/steps/addressbook/export.inc index 15bf8b0d4..761f26b75 100644 --- a/program/steps/addressbook/export.inc +++ b/program/steps/addressbook/export.inc @@ -138,7 +138,9 @@ header('Content-Disposition: attachment; filename="contacts.vcf"'); while ($result && ($row = $result->next())) { // we already have a vcard record if ($row['vcard'] && $row['name']) { - $row['vcard'] = preg_replace('/\r?\n/', rcube_vcard::$eol, $row['vcard']); + // fix folding and end-of-line chars + $row['vcard'] = preg_replace('/\r|\n\s+/', '', $row['vcard']); + $row['vcard'] = preg_replace('/\n/', rcube_vcard::$eol, $row['vcard']); echo rcube_vcard::rfc2425_fold($row['vcard']) . rcube_vcard::$eol; } // copy values into vcard object diff --git a/program/steps/addressbook/import.inc b/program/steps/addressbook/import.inc index df07d64bc..72da15078 100644 --- a/program/steps/addressbook/import.inc +++ b/program/steps/addressbook/import.inc @@ -209,6 +209,15 @@ if (is_array($_FILES['_file'])) { foreach ($vcards as $vcard) { $a_record = $vcard->get_assoc(); + // Generate contact's display name (must be before validation), the same we do in save.inc + if (empty($a_record['name'])) { + $a_record['name'] = rcube_addressbook::compose_display_name($a_record, true); + // Reset it if equals to email address (from compose_display_name()) + if ($a_record['name'] == $a_record['email'][0]) { + $a_record['name'] = ''; + } + } + // skip invalid (incomplete) entries if (!$CONTACTS->validate($a_record, true)) { $IMPORT_STATS->invalid++; @@ -250,7 +259,7 @@ if (is_array($_FILES['_file'])) { if ($success) { $IMPORT_STATS->inserted++; - $IMPORT_STATS->names[] = $vcard->displayname ? $vcard->displayname : $email; + $IMPORT_STATS->names[] = $a_record['name'] ? $a_record['name'] : $email; } else { $IMPORT_STATS->errors++; diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc index 8cab6e817..25bfbd48b 100644 --- a/program/steps/addressbook/save.inc +++ b/program/steps/addressbook/save.inc @@ -192,7 +192,7 @@ else { if (($maxnum = $RCMAIL->config->get('max_group_members', 0)) && ($counts->count + 1 > $maxnum)) $OUTPUT->show_message('maxgroupmembersreached', 'warning', array('max' => $maxnum)); - $CONTACTS->add_to_group($gid, $plugin['ids']); + $CONTACTS->add_to_group($plugin['group_id'], $plugin['ids']); } } else diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc index c166eb74e..81b598377 100644 --- a/program/steps/mail/compose.inc +++ b/program/steps/mail/compose.inc @@ -139,7 +139,6 @@ if (!empty($CONFIG['drafts_mbox'])) { } // set current mailbox in client environment $OUTPUT->set_env('mailbox', $RCMAIL->storage->get_folder()); -$OUTPUT->set_env('sig_above', $RCMAIL->config->get('sig_above', false)); $OUTPUT->set_env('top_posting', intval($RCMAIL->config->get('reply_mode')) > 0); $OUTPUT->set_env('recipients_separator', trim($RCMAIL->config->get('recipients_separator', ','))); @@ -152,6 +151,7 @@ if ($font && !is_array($font)) { // get reference message and set compose mode if ($msg_uid = $COMPOSE['param']['draft_uid']) { $compose_mode = RCUBE_COMPOSE_DRAFT; + $OUTPUT->set_env('draft_id', $msg_uid); $RCMAIL->storage->set_folder($CONFIG['drafts_mbox']); } else if ($msg_uid = $COMPOSE['param']['reply_uid']) { @@ -220,9 +220,9 @@ if (!empty($msg_uid) && empty($COMPOSE['as_attachment'])) } } else if ($compose_mode == RCUBE_COMPOSE_DRAFT) { - if ($MESSAGE->headers->others['x-draft-info']) { + if ($draft_info = $MESSAGE->headers->get('x-draft-info')) { // get reply_uid/forward_uid to flag the original message when sending - $info = rcmail_draftinfo_decode($MESSAGE->headers->others['x-draft-info']); + $info = rcmail_draftinfo_decode($draft_info); if ($info['type'] == 'reply') $COMPOSE['reply_uid'] = $info['uid']; @@ -239,8 +239,8 @@ if (!empty($msg_uid) && empty($COMPOSE['as_attachment'])) } } - if ($MESSAGE->headers->in_reply_to) - $COMPOSE['reply_msgid'] = '<'.$MESSAGE->headers->in_reply_to.'>'; + if ($in_reply_to = $MESSAGE->headers->get('in-reply-to')) + $COMPOSE['reply_msgid'] = '<' . $in_reply_to . '>'; $COMPOSE['references'] = $MESSAGE->headers->references; } @@ -461,7 +461,7 @@ function rcmail_compose_header_from($attrib) if (count($MESSAGE->identities)) { $a_signatures = array(); - $separator = $RCMAIL->config->get('sig_above') + $separator = intval($RCMAIL->config->get('reply_mode')) > 0 && ($compose_mode == RCUBE_COMPOSE_REPLY || $compose_mode == RCUBE_COMPOSE_FORWARD) ? '---' : '-- '; $field_attrib['onchange'] = JS_OBJECT_NAME.".change_identity(this)"; @@ -571,7 +571,7 @@ function rcmail_prepare_message_body() rcmail_write_forward_attachments(); } // reply/edit/draft/forward - else if ($compose_mode && ($compose_mode != RCUBE_COMPOSE_REPLY || $RCMAIL->config->get('reply_mode') != -1)) { + else if ($compose_mode && ($compose_mode != RCUBE_COMPOSE_REPLY || intval($RCMAIL->config->get('reply_mode')) != -1)) { $isHtml = rcmail_compose_editor_mode(); if (!empty($MESSAGE->parts)) { @@ -997,10 +997,12 @@ function rcmail_write_compose_attachments(&$message, $bodyIsHtml) foreach ((array)$message->mime_parts as $pid => $part) { if ($part->disposition == 'attachment' || ($part->disposition == 'inline' && $bodyIsHtml) || $part->filename) { - if (($part->ctype_primary == 'message' && $bodyIsHtml) || $part->ctype_primary == 'multipart') { + // skip parts that aren't valid attachments + if ($part->ctype_primary == 'multipart' || $part->mimetype == 'application/ms-tnef') { continue; } - if ($part->mimetype == 'application/ms-tnef') { + // skip message attachments in reply mode + if ($part->ctype_primary == 'message' && $compose_mode == RCUBE_COMPOSE_REPLY) { continue; } // skip inline images when forwarding in plain text diff --git a/program/steps/mail/copy.inc b/program/steps/mail/copy.inc index a72378b0e..876657485 100644 --- a/program/steps/mail/copy.inc +++ b/program/steps/mail/copy.inc @@ -24,10 +24,10 @@ if (!$OUTPUT->ajax_call) return; // move messages -if (!empty($_POST['_uid']) && !empty($_POST['_target_mbox'])) { - $uids = get_input_value('_uid', RCUBE_INPUT_POST); +if (!empty($_POST['_uid']) && strlen($_POST['_target_mbox'])) { + $uids = get_input_value('_uid', RCUBE_INPUT_POST); $target = get_input_value('_target_mbox', RCUBE_INPUT_POST, true); - $mbox = get_input_value('_mbox', RCUBE_INPUT_POST, true); + $mbox = get_input_value('_mbox', RCUBE_INPUT_POST, true); $copied = $RCMAIL->storage->copy_message($uids, $target, $mbox); @@ -47,7 +47,7 @@ if (!empty($_POST['_uid']) && !empty($_POST['_target_mbox'])) { } // unknown action or missing query param else { - exit; + $OUTPUT->show_message('internalerror', 'error'); } // send response diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 274c40b5c..60db3f310 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -896,7 +896,7 @@ function rcmail_washtml_callback($tagname, $attrib, $content, $washtml) * return table with message headers */ function rcmail_message_headers($attrib, $headers=null) - { +{ global $OUTPUT, $MESSAGE, $PRINT_MODE, $RCMAIL; static $sa_attrib; @@ -1194,7 +1194,7 @@ function rcmail_message_body($attrib) html::a($show_link + array('class' => 'image-link', 'style' => sprintf('width:%dpx', $thumbnail_size)), html::img(array( 'class' => 'image-thumbnail', - 'src' => $MESSAGE->get_part_url($attach_prop->mime_id, true) . '&_thumb=1', + 'src' => $MESSAGE->get_part_url($attach_prop->mime_id, 'image') . '&_thumb=1', 'title' => $attach_prop->filename, 'alt' => $attach_prop->filename, 'style' => sprintf('max-width:%dpx; max-height:%dpx', $thumbnail_size, $thumbnail_size), @@ -1214,7 +1214,7 @@ function rcmail_message_body($attrib) html::tag('legend', 'image-filename', Q($attach_prop->filename)) . html::p(array('align' => "center"), html::img(array( - 'src' => $MESSAGE->get_part_url($attach_prop->mime_id, true), + 'src' => $MESSAGE->get_part_url($attach_prop->mime_id, 'image'), 'title' => $attach_prop->filename, 'alt' => $attach_prop->filename, ))) @@ -1897,13 +1897,15 @@ function rcmail_search_filter($attrib) $attrib['onchange'] = JS_OBJECT_NAME.'.filter_mailbox(this.value)'; - /* - RFC3501 (6.4.4): 'ALL', 'RECENT', - 'ANSWERED', 'DELETED', 'FLAGGED', 'SEEN', - 'UNANSWERED', 'UNDELETED', 'UNFLAGGED', 'UNSEEN', - 'NEW', // = (RECENT UNSEEN) - 'OLD' // = NOT RECENT - */ + // Content-Type values of messages with attachments + // the same as in app.js:add_message_row() + $ctypes = array('application/', 'multipart/m', 'multipart/signed', 'multipart/report'); + + // Build search string of "with attachment" filter + $attachment = str_repeat(' OR', count($ctypes)-1); + foreach ($ctypes as $type) { + $attachment .= ' HEADER Content-Type ' . rcube_imap_generic::escape($type); + } $select_filter = new html_select($attrib); $select_filter->add(rcube_label('all'), 'ALL'); @@ -1914,6 +1916,7 @@ function rcmail_search_filter($attrib) $select_filter->add(rcube_label('deleted'), 'DELETED'); $select_filter->add(rcube_label('undeleted'), 'UNDELETED'); } + $select_filter->add(rcube_label('withattachment'), $attachment); $select_filter->add(rcube_label('priority').': '.rcube_label('highest'), 'HEADER X-PRIORITY 1'); $select_filter->add(rcube_label('priority').': '.rcube_label('high'), 'HEADER X-PRIORITY 2'); $select_filter->add(rcube_label('priority').': '.rcube_label('normal'), 'NOT HEADER X-PRIORITY 1 NOT HEADER X-PRIORITY 2 NOT HEADER X-PRIORITY 4 NOT HEADER X-PRIORITY 5'); diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc index 23dc22b7c..bcc6f11bc 100644 --- a/program/steps/mail/get.inc +++ b/program/steps/mail/get.inc @@ -22,7 +22,7 @@ // show loading page if (!empty($_GET['_preload'])) { - $url = preg_replace('/([&?]+)_preload=/', '\\1_embed=', $_SERVER['REQUEST_URI']); + $url = preg_replace('/([&?]+)_preload=/', '\\1_mimewarning=1&_embed=', $_SERVER['REQUEST_URI']); $message = rcube_label('loadingdata'); header('Content-Type: text/html; charset=' . RCMAIL_CHARSET); @@ -62,9 +62,10 @@ else if ($_GET['_thumb']) { $thumbnail_size = $RCMAIL->config->get('image_thumbnail_size', 240); $temp_dir = $RCMAIL->config->get('temp_dir'); list(,$ext) = explode('/', $part->mimetype); - $cache_basename = $temp_dir . '/' . md5($MESSAGE->headers->messageID . $part->mime_id . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size); - $cache_file = $cache_basename . '.' . $ext; $mimetype = $part->mimetype; + $file_ident = $MESSAGE->headers->messageID . ':' . $part->mime_id . ':' . $part->size . ':' . $part->mimetype; + $cache_basename = $temp_dir . '/' . md5($file_ident . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size); + $cache_file = $cache_basename . '.' . $ext; // render thumbnail image if not done yet if (!is_file($cache_file)) { @@ -118,7 +119,7 @@ else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) { $file_extension = strtolower(pathinfo($part->filename, PATHINFO_EXTENSION)); // 1. compare filename suffix with expected suffix derived from mimetype - $valid = $file_extension && in_array($file_extension, (array)$extensions); + $valid = $file_extension && in_array($file_extension, (array)$extensions) || !empty($_REQUEST['_mimeclass']); // 2. detect the real mimetype of the attachment part and compare it with the stated mimetype and filename extension if ($valid || !$file_extension || $mimetype == 'application/octet-stream' || $mimetype == 'text/plain') { @@ -145,6 +146,10 @@ else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) { $extensions = rcube_mime::get_mime_extensions($real_mimetype); $valid_extension = (!$file_extension || in_array($file_extension, (array)$extensions)); + // ignore filename extension if mimeclass matches (#1489029) + if (!empty($_REQUEST['_mimeclass']) && $real_ctype_primary == $_REQUEST['_mimeclass']) + $valid_extension = true; + // fix mimetype for images wrongly declared as octet-stream if ($mimetype == 'application/octet-stream' && strpos($real_mimetype, 'image/') === 0 && $valid_extension) $mimetype = $real_mimetype; @@ -157,22 +162,32 @@ else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) { // show warning if validity checks failed if (!$valid) { - $OUTPUT = new rcmail_html_page(); - $OUTPUT->write(html::tag('html', null, html::tag('body', 'embed', - html::div(array('class' => 'rcmail-inline-message rcmail-inline-warning'), - rcube_label(array( - 'name' => 'attachmentvalidationerror', - 'vars' => array( - 'expected' => $mimetype . ($file_extension ? "(.$file_extension)" : ''), - 'detected' => $real_mimetype . ($extensions[0] ? "(.$extensions[0])" : ''), + // send blocked.gif for expected images + if (empty($_REQUEST['_mimewarning']) && strpos($mimetype, 'image/') === 0) { + // Do not cache. Failure might be the result of a misconfiguration, thus real content should be returned once fixed. + $OUTPUT->nocacheing_headers(); + header("Content-Type: image/gif"); + header("Content-Transfer-Encoding: binary"); + readfile(INSTALL_PATH . 'program/resources/blocked.gif'); + } + else { // html warning with a button to load the file anyway + $OUTPUT = new rcmail_html_page(); + $OUTPUT->write(html::tag('html', null, html::tag('body', 'embed', + html::div(array('class' => 'rcmail-inline-message rcmail-inline-warning'), + rcube_label(array( + 'name' => 'attachmentvalidationerror', + 'vars' => array( + 'expected' => $mimetype . ($file_extension ? "(.$file_extension)" : ''), + 'detected' => $real_mimetype . ($extensions[0] ? "(.$extensions[0])" : ''), + ) + )) . + html::p(array('class' => 'rcmail-inline-buttons'), + html::tag('button', + array('onclick' => "location.href='" . $RCMAIL->url(array_merge($_GET, array('_nocheck' => 1))) . "'"), + rcube_label('showanyway'))) ) - )) . - html::p(array('class' => 'rcmail-inline-buttons'), - html::tag('button', - array('onclick' => "location.href='" . $RCMAIL->url(array_merge($_GET, array('_nocheck' => 1))) . "'"), - rcube_label('showanyway'))) - ) - ))); + ))); + } exit; } } diff --git a/program/steps/mail/mark.inc b/program/steps/mail/mark.inc index c220fc5c4..dfc892ea1 100644 --- a/program/steps/mail/mark.inc +++ b/program/steps/mail/mark.inc @@ -113,7 +113,7 @@ if (($uids = get_input_value('_uid', RCUBE_INPUT_POST)) && ($flag = get_input_va $OUTPUT->command('set_rowcount', rcmail_get_messagecount_text($msg_count), $mbox); if ($threading) { - $count = get_input_value('_count', RCUBE_INPUT_POST); + $count = get_input_value('_count', RCUBE_INPUT_POST); } // add new rows from next page (if any) @@ -125,9 +125,9 @@ if (($uids = get_input_value('_uid', RCUBE_INPUT_POST)) && ($flag = get_input_va } } } - - $OUTPUT->send(); +} +else { + $OUTPUT->show_message('internalerror', 'error'); } -exit; - +$OUTPUT->send(); diff --git a/program/steps/mail/move_del.inc b/program/steps/mail/move_del.inc index 3fc6ac5a7..e21ba2c6b 100644 --- a/program/steps/mail/move_del.inc +++ b/program/steps/mail/move_del.inc @@ -74,6 +74,8 @@ else if ($RCMAIL->action=='delete' && !empty($_POST['_uid'])) { } // unknown action or missing query param else { + $OUTPUT->show_message('internalerror', 'error'); + $OUTPUT->send(); exit; } diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc index eb0ba89c6..2f96e930f 100644 --- a/program/steps/mail/sendmail.inc +++ b/program/steps/mail/sendmail.inc @@ -255,6 +255,33 @@ function rcmail_email_input_format($mailto, $count=false, $check=true) } +function rcmail_generic_message_footer($isHtml) +{ + global $CONFIG; + + if ($isHtml && !empty($CONFIG['generic_message_footer_html'])) { + $file = $CONFIG['generic_message_footer_html']; + $html_footer = true; + } + else { + $file = $CONFIG['generic_message_footer']; + $html_footer = false; + } + + if ($file && realpath($file)) { + // sanity check + if (!preg_match('/\.(php|ini|conf)$/', $file) && strpos($file, '/etc/') === false) { + $footer = file_get_contents($file); + if ($isHtml && !$html_footer) + $footer = '<pre>' . $footer . '</pre>'; + return $footer; + } + } + + return false; +} + + /****** compose message ********/ if (strlen($_POST['_draft_saveid']) > 3) @@ -466,7 +493,7 @@ if (!$savedraft) { $message_body = preg_replace('/\s*id="_rc_sig"/', '', $message_body); // add inline css for blockquotes - $bstyle = 'padding-left:5px; border-left:#1010ff 2px solid; margin-left:5px; width:100%'; + $bstyle = 'padding-left:5px; border-left:#1010ff 2px solid; margin-left:5px'; $message_body = preg_replace('/<blockquote>/', '<blockquote type="cite" style="'.$bstyle.'">', $message_body); } @@ -490,19 +517,10 @@ if (!$savedraft) { } // generic footer for all messages - if ($isHtml && !empty($CONFIG['generic_message_footer_html'])) { - $footer = file_get_contents(realpath($CONFIG['generic_message_footer_html'])); - $footer = rcube_charset_convert($footer, RCMAIL_CHARSET, $message_charset); - } - else if (!empty($CONFIG['generic_message_footer'])) { - $footer = file_get_contents(realpath($CONFIG['generic_message_footer'])); + if ($footer = rcmail_generic_message_footer($isHtml)) { $footer = rcube_charset_convert($footer, RCMAIL_CHARSET, $message_charset); - if ($isHtml) - $footer = '<pre>'.$footer.'</pre>'; - } - - if ($footer) $message_body .= "\r\n" . $footer; + } } if ($isHtml) { @@ -820,6 +838,6 @@ else { if ($store_folder && !$saved) $OUTPUT->command('sent_successfully', 'error', rcube_label('errorsavingsent')); else - $OUTPUT->command('sent_successfully', 'confirmation', rcube_label('messagesent')); + $OUTPUT->command('sent_successfully', 'confirmation', rcube_label('messagesent'), $store_target); $OUTPUT->send('iframe'); } diff --git a/program/steps/mail/show.inc b/program/steps/mail/show.inc index 552c180f5..1947c0f29 100644 --- a/program/steps/mail/show.inc +++ b/program/steps/mail/show.inc @@ -109,7 +109,7 @@ if ($uid) { $OUTPUT->set_env('skip_deleted', true); if ($CONFIG['display_next']) $OUTPUT->set_env('display_next', true); - if ($MESSAGE->headers->others['list-post']) + if ($MESSAGE->headers->get('list-post', false)) $OUTPUT->set_env('list_post', true); if ($CONFIG['forward_attachment']) $OUTPUT->set_env('forward_attachment', true); diff --git a/program/steps/settings/about.inc b/program/steps/settings/about.inc index 9b13402f1..0fdefddda 100644 --- a/program/steps/settings/about.inc +++ b/program/steps/settings/about.inc @@ -40,17 +40,28 @@ function rcmail_plugins_list($attrib) $attrib['id'] = 'rcmpluginlist'; $plugins = array_filter((array) $RCMAIL->config->get('plugins')); - $plugins = array_flip($plugins); + $plugin_info = array(); - foreach ($plugins as $name => $plugin) { - rcube_plugin_data($name, $plugins); + foreach ($plugins as $name) { + if ($info = $RCMAIL->plugins->get_info($name)) + $plugin_info[$name] = $info; } - if (empty($plugins)) { + // load info from required plugins, too + foreach ($plugin_info as $name => $info) { + if (is_array($info['required']) && !empty($info['required'])) { + foreach ($info['required'] as $req_name) { + if (!isset($plugin_info[$req_name]) && ($req_info = $RCMAIL->plugins->get_info($req_name))) + $plugin_info[$req_name] = $req_info; + } + } + } + + if (empty($plugin_info)) { return ''; } - ksort($plugins, SORT_LOCALE_STRING); + ksort($plugin_info, SORT_LOCALE_STRING); $table = new html_table($attrib); @@ -60,8 +71,8 @@ function rcmail_plugins_list($attrib) $table->add_header('license', rcube_label('license')); $table->add_header('source', rcube_label('source')); - foreach ($plugins as $name => $data) { - $uri = $data['srcuri'] ? $data['srcuri'] : $data['uri']; + foreach ($plugin_info as $name => $data) { + $uri = $data['src_uri'] ? $data['src_uri'] : $data['uri']; if ($uri && stripos($uri, 'http') !== 0) { $uri = 'http://' . $uri; } @@ -78,48 +89,6 @@ function rcmail_plugins_list($attrib) return $table->show(); } -function rcube_plugin_data($name, &$plugins = array()) -{ - // XPaths of plugin metadata elements - $metadata = array( - 'name' => 'string(//rc:package/rc:name)', - 'version' => 'string(//rc:package/rc:version/rc:release)', - 'license' => 'string(//rc:package/rc:license)', - 'license_uri' => 'string(//rc:package/rc:license/@uri)', - 'srcuri' => 'string(//rc:package/rc:srcuri)', - 'uri' => 'string(//rc:package/rc:uri)', - ); - - $package = INSTALL_PATH . "/plugins/$name/package.xml"; - if (file_exists($package) && ($file = file_get_contents($package))) { - $doc = new DOMDocument(); - $doc->loadXML($file); - $xpath = new DOMXPath($doc); - $xpath->registerNamespace('rc', "http://pear.php.net/dtd/package-2.0"); - $data = array(); - - foreach ($metadata as $key => $path) { - $data[$key] = $xpath->evaluate($path); - } - - $plugins[$name] = $data; - - // dependent required plugins (can be used, but not included in config) - $deps = $xpath->evaluate('//rc:package/rc:dependencies/rc:required/rc:package/rc:name'); - $cnt = $deps->length; - - for ($i=0; $i<$cnt; $i++) { - $dn = $deps->item($i)->nodeValue; - if (!array_key_exists($dn, $plugins)) { - rcube_plugin_data($dn, $plugins); - } - } - } - else { - unset($plugins[$name]); - } -} - $OUTPUT->set_pagetitle(rcube_label('about')); diff --git a/program/steps/settings/edit_folder.inc b/program/steps/settings/edit_folder.inc index cd2372790..fdb38e602 100644 --- a/program/steps/settings/edit_folder.inc +++ b/program/steps/settings/edit_folder.inc @@ -78,7 +78,7 @@ function rcmail_folder_form($attrib) // Location (name) if ($options['protected']) { - $foldername = Q(str_replace($delimiter, ' » ', rcmail_localize_folderpath($mbox_imap))); + $foldername = str_replace($delimiter, ' » ', Q(rcmail_localize_folderpath($mbox_imap))); } else if ($options['norename']) { $foldername = Q($folder); diff --git a/program/steps/settings/func.inc b/program/steps/settings/func.inc index 2f726c7e8..319c58db9 100644 --- a/program/steps/settings/func.inc +++ b/program/steps/settings/func.inc @@ -581,8 +581,7 @@ function rcmail_user_prefs($current=null) if (!isset($no_override['reply_mode'])) { $field_id = 'rcmfd_reply_mode'; - $select_replymode = new html_select(array('name' => '_reply_mode', 'id' => $field_id, - 'onchange' => "\$('#rcmfd_sig_above').attr('disabled',this.selectedIndex<2)")); + $select_replymode = new html_select(array('name' => '_reply_mode', 'id' => $field_id)); $select_replymode->add(rcube_label('replyempty'), -1); $select_replymode->add(rcube_label('replybottomposting'), 0); $select_replymode->add(rcube_label('replytopposting'), 1); @@ -631,18 +630,6 @@ function rcmail_user_prefs($current=null) ); } - if (!isset($no_override['sig_above'])) { - $field_id = 'rcmfd_sig_above'; - $select_sigabove = new html_select(array('name' => '_sig_above', 'id' => $field_id, 'disabled' => $config['reply_mode'] < 1)); - $select_sigabove->add(rcube_label('belowquote'), 0); - $select_sigabove->add(rcube_label('abovequote'), 1); - - $blocks['sig']['options']['sig_above'] = array( - 'title' => html::label($field_id, Q(rcube_label('replysignaturepos'))), - 'content' => $select_sigabove->show($config['sig_above']?1:0), - ); - } - if (!isset($no_override['strip_existing_sig'])) { $field_id = 'rcmfd_strip_existing_sig'; $input_stripexistingsig = new html_checkbox(array('name' => '_strip_existing_sig', 'id' => $field_id, 'value' => 1)); diff --git a/program/steps/settings/save_prefs.inc b/program/steps/settings/save_prefs.inc index 5daab0d24..dfb2b13ac 100644 --- a/program/steps/settings/save_prefs.inc +++ b/program/steps/settings/save_prefs.inc @@ -86,7 +86,6 @@ switch ($CURR_SECTION) 'show_sig' => isset($_POST['_show_sig']) ? intval($_POST['_show_sig']) : 1, 'reply_mode' => isset($_POST['_reply_mode']) ? intval($_POST['_reply_mode']) : 0, 'strip_existing_sig' => isset($_POST['_strip_existing_sig']), - 'sig_above' => !empty($_POST['_sig_above']) && $_POST['_reply_mode'] > 0, 'default_font' => get_input_value('_default_font', RCUBE_INPUT_POST), 'forward_attachment' => !empty($_POST['_forward_attachment']), ); @@ -158,7 +157,7 @@ switch ($CURR_SECTION) $a_user_prefs['timezone'] = (string) $a_user_prefs['timezone']; if (isset($a_user_prefs['refresh_interval']) && !empty($CONFIG['min_refresh_interval'])) { - if ($a_user_prefs['refresh_interval'] > $CONFIG['min_refresh_interval']) { + if ($a_user_prefs['refresh_interval'] < $CONFIG['min_refresh_interval']) { $a_user_prefs['refresh_interval'] = $CONFIG['min_refresh_interval']; } } diff --git a/program/steps/utils/save_pref.inc b/program/steps/utils/save_pref.inc index b550ad7ef..7def8733d 100644 --- a/program/steps/utils/save_pref.inc +++ b/program/steps/utils/save_pref.inc @@ -21,6 +21,22 @@ $name = get_input_value('_name', RCUBE_INPUT_POST); $value = get_input_value('_value', RCUBE_INPUT_POST); +$whitelist = array( + 'preview_pane', + 'list_cols', + 'collapsed_folders', + 'collapsed_abooks', +); + +if (!in_array($name, array_merge($whitelist, $RCMAIL->plugins->allowed_prefs))) { + raise_error(array('code' => 500, 'type' => 'php', + 'file' => __FILE__, 'line' => __LINE__, + 'message' => sprintf("Hack attempt detected (user: %s)", $RCMAIL->get_user_name())), + true, false); + + $OUTPUT->reset(); + $OUTPUT->send(); +} // save preference value $RCMAIL->user->save_prefs(array($name => $value)); |