summaryrefslogtreecommitdiff
path: root/program
diff options
context:
space:
mode:
Diffstat (limited to 'program')
-rw-r--r--program/include/main.inc43
-rw-r--r--program/include/rcube_browser.php24
-rw-r--r--program/include/rcube_config.php7
-rw-r--r--program/include/rcube_smtp.php2
-rw-r--r--program/js/app.js7
-rw-r--r--program/lib/html2text.php96
-rw-r--r--program/steps/addressbook/func.inc2
-rw-r--r--program/steps/mail/search.inc20
8 files changed, 121 insertions, 80 deletions
diff --git a/program/include/main.inc b/program/include/main.inc
index 25940bd67..714764959 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -640,20 +640,23 @@ function JQ($str)
function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL)
{
$value = NULL;
-
- if ($source==RCUBE_INPUT_GET && isset($_GET[$fname]))
- $value = $_GET[$fname];
- else if ($source==RCUBE_INPUT_POST && isset($_POST[$fname]))
- $value = $_POST[$fname];
- else if ($source==RCUBE_INPUT_GPC)
- {
+
+ if ($source == RCUBE_INPUT_GET) {
+ if (isset($_GET[$fname]))
+ $value = $_GET[$fname];
+ }
+ else if ($source == RCUBE_INPUT_POST) {
+ if (isset($_POST[$fname]))
+ $value = $_POST[$fname];
+ }
+ else if ($source == RCUBE_INPUT_GPC) {
if (isset($_POST[$fname]))
$value = $_POST[$fname];
else if (isset($_GET[$fname]))
$value = $_GET[$fname];
else if (isset($_COOKIE[$fname]))
$value = $_COOKIE[$fname];
- }
+ }
return parse_input_value($value, $allow_html, $charset);
}
@@ -661,7 +664,7 @@ function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL)
/**
* Parse/validate input value. See get_input_value()
* Performs stripslashes() and charset conversion if necessary
- *
+ *
* @param string Input value
* @param boolean Allow HTML tags in field value
* @param string Charset to convert into
@@ -687,15 +690,21 @@ function parse_input_value($value, $allow_html=FALSE, $charset=NULL)
else if (get_magic_quotes_gpc() || get_magic_quotes_runtime())
$value = stripslashes($value);
- // remove HTML tags if not allowed
+ // remove HTML tags if not allowed
if (!$allow_html)
$value = strip_tags($value);
-
+
+ $output_charset = is_object($OUTPUT) ? $OUTPUT->get_charset() : null;
+
+ // remove invalid characters (#1488124)
+ if ($output_charset == 'UTF-8')
+ $value = rc_utf8_clean($value);
+
// convert to internal charset
- if (is_object($OUTPUT) && $charset)
- return rcube_charset_convert($value, $OUTPUT->get_charset(), $charset);
- else
- return $value;
+ if ($charset && $output_charset)
+ $value = rcube_charset_convert($value, $output_charset, $charset);
+
+ return $value;
}
/**
@@ -711,10 +720,10 @@ function request2param($mode = RCUBE_INPUT_GPC, $ignore = 'task|action')
$src = $mode == RCUBE_INPUT_GET ? $_GET : ($mode == RCUBE_INPUT_POST ? $_POST : $_REQUEST);
foreach ($src as $key => $value) {
$fname = $key[0] == '_' ? substr($key, 1) : $key;
- if ($ignore && !preg_match("/($ignore)/", $fname))
+ if ($ignore && !preg_match('/^(' . $ignore . ')$/', $fname))
$out[$fname] = get_input_value($key, $mode);
}
-
+
return $out;
}
diff --git a/program/include/rcube_browser.php b/program/include/rcube_browser.php
index c89c3897f..859f36795 100644
--- a/program/include/rcube_browser.php
+++ b/program/include/rcube_browser.php
@@ -33,19 +33,19 @@ class rcube_browser
$HTTP_USER_AGENT = strtolower($_SERVER['HTTP_USER_AGENT']);
$this->ver = 0;
- $this->win = strstr($HTTP_USER_AGENT, 'win');
- $this->mac = strstr($HTTP_USER_AGENT, 'mac');
- $this->linux = strstr($HTTP_USER_AGENT, 'linux');
- $this->unix = strstr($HTTP_USER_AGENT, 'unix');
+ $this->win = strpos($HTTP_USER_AGENT, 'win') != false;
+ $this->mac = strpos($HTTP_USER_AGENT, 'mac') != false;
+ $this->linux = strpos($HTTP_USER_AGENT, 'linux') != false;
+ $this->unix = strpos($HTTP_USER_AGENT, 'unix') != false;
- $this->opera = strstr($HTTP_USER_AGENT, 'opera');
- $this->ns4 = strstr($HTTP_USER_AGENT, 'mozilla/4') && !stristr($HTTP_USER_AGENT, 'msie');
- $this->ns = ($this->ns4 || strstr($HTTP_USER_AGENT, 'netscape'));
- $this->ie = !$this->opera && stristr($HTTP_USER_AGENT, 'compatible; msie');
- $this->mz = !$this->ie && strstr($HTTP_USER_AGENT, 'mozilla/5');
- $this->chrome = strstr($HTTP_USER_AGENT, 'chrome');
- $this->khtml = strstr($HTTP_USER_AGENT, 'khtml');
- $this->safari = !$this->chrome && ($this->khtml || strstr($HTTP_USER_AGENT, 'safari'));
+ $this->opera = strpos($HTTP_USER_AGENT, 'opera') !== false;
+ $this->ns4 = strpos($HTTP_USER_AGENT, 'mozilla/4') !== false && strpos($HTTP_USER_AGENT, 'msie') === false;
+ $this->ns = ($this->ns4 || strpos($HTTP_USER_AGENT, 'netscape') !== false);
+ $this->ie = !$this->opera && strpos($HTTP_USER_AGENT, 'compatible; msie') !== false;
+ $this->mz = !$this->ie && strpos($HTTP_USER_AGENT, 'mozilla/5') !== false;
+ $this->chrome = strpos($HTTP_USER_AGENT, 'chrome') !== false;
+ $this->khtml = strpos($HTTP_USER_AGENT, 'khtml') !== false;
+ $this->safari = !$this->chrome && ($this->khtml || strpos($HTTP_USER_AGENT, 'safari') !== false);
if ($this->ns || $this->chrome) {
$test = preg_match('/(mozilla|chrome)\/([0-9.]+)/', $HTTP_USER_AGENT, $regs);
diff --git a/program/include/rcube_config.php b/program/include/rcube_config.php
index 01e678150..f80f92c91 100644
--- a/program/include/rcube_config.php
+++ b/program/include/rcube_config.php
@@ -90,11 +90,14 @@ class rcube_config
// enable display_errors in 'show' level, but not for ajax requests
ini_set('display_errors', intval(empty($_REQUEST['_remote']) && ($this->prop['debug_level'] & 4)));
-
+
// set timezone auto settings values
if ($this->prop['timezone'] == 'auto') {
$this->prop['dst_active'] = intval(date('I'));
- $this->prop['_timezone_value'] = date('Z') / 3600 - $this->prop['dst_active'];
+ $this->prop['_timezone_value'] = date('Z') / 3600 - $this->prop['dst_active'];
+ }
+ else if ($this->prop['dst_active'] === null) {
+ $this->prop['dst_active'] = intval(date('I'));
}
// export config data
diff --git a/program/include/rcube_smtp.php b/program/include/rcube_smtp.php
index 5c2dd92d2..56b601290 100644
--- a/program/include/rcube_smtp.php
+++ b/program/include/rcube_smtp.php
@@ -381,7 +381,7 @@ class rcube_smtp
$from = $addresses[0];
// Reject envelope From: addresses with spaces.
- if (strstr($from, ' '))
+ if (strpos($from, ' ') !== false)
return false;
$lines[] = $key . ': ' . $value;
diff --git a/program/js/app.js b/program/js/app.js
index 6c0d2cd8d..8ffcf93af 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -5743,10 +5743,13 @@ function rcube_webmail()
});
};
- this.plain2html = function(plainText, id)
+ this.plain2html = function(plain, id)
{
var lock = this.set_busy(true, 'converting');
- $('#'+id).val(plainText ? '<pre>'+plainText+'</pre>' : '');
+
+ plain = plain.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
+ $('#'+id).val(plain ? '<pre>'+plain+'</pre>' : '');
+
this.set_busy(false, null, lock);
};
diff --git a/program/lib/html2text.php b/program/lib/html2text.php
index 1ab16055b..9fc96eac7 100644
--- a/program/lib/html2text.php
+++ b/program/lib/html2text.php
@@ -145,7 +145,6 @@ class html2text
var $search = array(
"/\r/", // Non-legal carriage return
"/[\n\t]+/", // Newlines and tabs
- '/[ ]{2,}/', // Runs of spaces, pre-handling
'/<script[^>]*>.*?<\/script>/i', // <script>s -- which strip_tags supposedly has problems with
'/<style[^>]*>.*?<\/style>/i', // <style>s -- which strip_tags supposedly has problems with
'/<p[^>]*>/i', // <P>
@@ -161,22 +160,6 @@ class html2text
'/(<table[^>]*>|<\/table>)/i', // <table> and </table>
'/(<tr[^>]*>|<\/tr>)/i', // <tr> and </tr>
'/<td[^>]*>(.*?)<\/td>/i', // <td> and </td>
- '/&(nbsp|#160);/i', // Non-breaking space
- '/&(quot|rdquo|ldquo|#8220|#8221|#147|#148);/i',
- // Double quotes
- '/&(apos|rsquo|lsquo|#8216|#8217);/i', // Single quotes
- '/&gt;/i', // Greater-than
- '/&lt;/i', // Less-than
- '/&(copy|#169);/i', // Copyright
- '/&(trade|#8482|#153);/i', // Trademark
- '/&(reg|#174);/i', // Registered
- '/&(mdash|#151|#8212);/i', // mdash
- '/&(ndash|minus|#8211|#8722);/i', // ndash
- '/&(bull|#149|#8226);/i', // Bullet
- '/&(pound|#163);/i', // Pound sign
- '/&(euro|#8364);/i', // Euro sign
- '/&(amp|#38);/i', // Ampersand: see _converter()
- '/[ ]{2,}/' // Runs of spaces, post-handling
);
/**
@@ -189,7 +172,6 @@ class html2text
var $replace = array(
'', // Non-legal carriage return
' ', // Newlines and tabs
- ' ', // Runs of spaces, pre-handling
'', // <script>s -- which strip_tags supposedly has problems with
'', // <style>s -- which strip_tags supposedly has problems with
"\n\n", // <P>
@@ -205,6 +187,43 @@ class html2text
"\n\n", // <table> and </table>
"\n", // <tr> and </tr>
"\t\t\\1\n", // <td> and </td>
+ );
+
+ /**
+ * List of preg* regular expression patterns to search for,
+ * used in conjunction with $ent_replace.
+ *
+ * @var array $ent_search
+ * @access public
+ * @see $ent_replace
+ */
+ var $ent_search = array(
+ '/&(nbsp|#160);/i', // Non-breaking space
+ '/&(quot|rdquo|ldquo|#8220|#8221|#147|#148);/i',
+ // Double quotes
+ '/&(apos|rsquo|lsquo|#8216|#8217);/i', // Single quotes
+ '/&gt;/i', // Greater-than
+ '/&lt;/i', // Less-than
+ '/&(copy|#169);/i', // Copyright
+ '/&(trade|#8482|#153);/i', // Trademark
+ '/&(reg|#174);/i', // Registered
+ '/&(mdash|#151|#8212);/i', // mdash
+ '/&(ndash|minus|#8211|#8722);/i', // ndash
+ '/&(bull|#149|#8226);/i', // Bullet
+ '/&(pound|#163);/i', // Pound sign
+ '/&(euro|#8364);/i', // Euro sign
+ '/&(amp|#38);/i', // Ampersand: see _converter()
+ '/[ ]{2,}/', // Runs of spaces, post-handling
+ );
+
+ /**
+ * List of pattern replacements corresponding to patterns searched.
+ *
+ * @var array $ent_replace
+ * @access public
+ * @see $ent_search
+ */
+ var $ent_replace = array(
' ', // Non-breaking space
'"', // Double quotes
"'", // Single quotes
@@ -219,7 +238,7 @@ class html2text
'£',
'EUR', // Euro sign. € ?
'|+|amp|+|', // Ampersand: see _converter()
- ' ' // Runs of spaces, post-handling
+ ' ', // Runs of spaces, post-handling
);
/**
@@ -303,7 +322,7 @@ class html2text
* @see _build_link_list()
*/
var $_link_list = '';
-
+
/**
* Number of valid links detected in the text, used for plain text
* display (rendered similar to footnotes).
@@ -314,15 +333,15 @@ class html2text
*/
var $_link_count = 0;
- /**
- * Boolean flag, true if a table of link URLs should be listed after the text.
- *
- * @var boolean $_do_links
- * @access private
- * @see html2text()
+ /**
+ * Boolean flag, true if a table of link URLs should be listed after the text.
+ *
+ * @var boolean $_do_links
+ * @access private
+ * @see html2text()
*/
var $_do_links = true;
-
+
/**
* Constructor.
*
@@ -492,15 +511,21 @@ class html2text
// Convert <PRE>
$this->_convert_pre($text);
- // Run our defined search-and-replace
+ // Run our defined tags search-and-replace
$text = preg_replace($this->search, $this->replace, $text);
+ // Run our defined tags search-and-replace with callback
+ $text = preg_replace_callback($this->callback_search, array('html2text', '_preg_callback'), $text);
+
+ // Strip any other HTML tags
+ $text = strip_tags($text, $this->allowed_tags);
+
+ // Run our defined entities/characters search-and-replace
+ $text = preg_replace($this->ent_search, $this->ent_replace, $text);
+
// Replace known html entities
$text = html_entity_decode($text, ENT_COMPAT, 'UTF-8');
- // Run our defined search-and-replace with callback
- $text = preg_replace_callback($this->callback_search, array('html2text', '_preg_callback'), $text);
-
// Remove unknown/unhandled entities (this cannot be done in search-and-replace block)
$text = preg_replace('/&([a-zA-Z0-9]{2,6}|#[0-9]{2,4});/', '', $text);
@@ -508,15 +533,12 @@ class html2text
// This properly handles situation of "&amp;quot;" in input string
$text = str_replace('|+|amp|+|', '&', $text);
- // Strip any other HTML tags
- $text = strip_tags($text, $this->allowed_tags);
-
// Bring down number of empty lines to 2 max
$text = preg_replace("/\n\s+\n/", "\n\n", $text);
$text = preg_replace("/[\n]{3,}/", "\n\n", $text);
// remove leading empty lines (can be produced by eg. P tag on the beginning)
- $text = preg_replace('/^\n+/', '', $text);
+ $text = ltrim($text, "\n");
// Wrap the text to a readable format
// for PHP versions >= 4.0.2. Default width is 75
@@ -544,9 +566,7 @@ class html2text
if ( !$this->_do_links )
return $display;
- if ( substr($link, 0, 7) == 'http://' || substr($link, 0, 8) == 'https://' ||
- substr($link, 0, 7) == 'mailto:'
- ) {
+ if ( preg_match('!^(https?://|mailto:)!', $link) ) {
$this->_link_count++;
$this->_link_list .= '[' . $this->_link_count . "] $link\n";
$additional = ' [' . $this->_link_count . ']';
diff --git a/program/steps/addressbook/func.inc b/program/steps/addressbook/func.inc
index 2f1fbb70f..cb5cc63dc 100644
--- a/program/steps/addressbook/func.inc
+++ b/program/steps/addressbook/func.inc
@@ -705,7 +705,7 @@ function rcmail_contact_photo($attrib)
$RCMAIL->output->set_env('photo_placeholder', $photo_img);
unset($attrib['placeholder']);
- if (strpos($record['photo'], 'http:') === 0)
+ if (preg_match('!^https?://!i', $record['photo']))
$photo_img = $record['photo'];
else if ($record['photo'])
$photo_img = $RCMAIL->url(array('_action' => 'photo', '_cid' => $record['ID'], '_source' => $SOURCE_ID));
diff --git a/program/steps/mail/search.inc b/program/steps/mail/search.inc
index 2e7fd130c..593eac427 100644
--- a/program/steps/mail/search.inc
+++ b/program/steps/mail/search.inc
@@ -31,6 +31,7 @@ $str = get_input_value('_q', RCUBE_INPUT_GET, true);
$mbox = get_input_value('_mbox', RCUBE_INPUT_GET, true);
$filter = get_input_value('_filter', RCUBE_INPUT_GET);
$headers = get_input_value('_headers', RCUBE_INPUT_GET);
+$subject = array();
$search_request = md5($mbox.$filter.$str);
@@ -70,14 +71,19 @@ else if (preg_match("/^body:.*/i", $str))
list(,$srch) = explode(":", $str);
$subject['text'] = "TEXT";
}
-else if(trim($str))
+else if (strlen(trim($str)))
{
if ($headers) {
- foreach(explode(',', $headers) as $header)
- switch ($header) {
- case 'text': $subject['text'] = 'TEXT'; break;
- default: $subject[$header] = 'HEADER '.strtoupper($header);
+ foreach (explode(',', $headers) as $header) {
+ if ($header == 'text') {
+ // #1488208: get rid of other headers when searching by "TEXT"
+ $subject = array('text' => 'TEXT');
+ break;
}
+ else {
+ $subject[$header] = 'HEADER '.strtoupper($header);
+ }
+ }
// save search modifiers for the current folder to user prefs
$search_mods = $RCMAIL->config->get('search_mods', $SEARCH_MODS_DEFAULT);
@@ -89,9 +95,9 @@ else if(trim($str))
}
}
-$search = $srch ? trim($srch) : trim($str);
+$search = isset($srch) ? trim($srch) : trim($str);
-if ($subject) {
+if (!empty($subject)) {
$search_str .= str_repeat(' OR', count($subject)-1);
foreach ($subject as $sub)
$search_str .= sprintf(" %s {%d}\r\n%s", $sub, strlen($search), $search);