From 3cf664939b98befe8e9f9a8e3fa8a7e9a85a5745 Mon Sep 17 00:00:00 2001 From: thomascube Date: Wed, 21 Mar 2007 09:56:49 +0000 Subject: Minor bugfixes posted to the dev-mailing list --- CHANGELOG | 10 ++++++++++ INSTALL | 4 ++++ program/include/main.inc | 24 ++++++++++++++++-------- program/include/rcube_imap.inc | 9 +++++++-- program/steps/mail/compose.inc | 10 +++++----- program/steps/mail/func.inc | 2 +- 6 files changed, 43 insertions(+), 16 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 15e6c730d..dd63ce85b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,16 @@ CHANGELOG RoundCube Webmail --------------------------- +2007/03/21 (thomasb) +---------- +- Updated PEAR::Mail_mime package +- Added Persian localization +- Updated Catalan and Brazilian Portuguese translations +- Updated INSTALL manual with a note about database passwords +- Accept single quotes for HTML attributes when modifying message body (thanks Jason) +- Sanitize input for new users/identities (thanks Colin Alston) + + 2007/03/19 (thomasb) ---------- - Don't download HTML message parts diff --git a/INSTALL b/INSTALL index c5f1d30e2..0d56bb60e 100644 --- a/INSTALL +++ b/INSTALL @@ -60,6 +60,10 @@ RoundCube with utf-8 charset. Here's an example of the init procedure: # mysql roundcubemail < SQL/mysql5.initial.sql +Note: 'password' is the master password for the roundcube user. It is strongly +recommended you replace this with a more secure password. Please keep in +mind: You need to specify this password later in 'config/db.inc.php'. + * SQLite -------- diff --git a/program/include/main.inc b/program/include/main.inc index e522b4350..3fe196a74 100644 --- a/program/include/main.inc +++ b/program/include/main.inc @@ -580,10 +580,10 @@ function rcmail_create_user($user, $host) $DB->query("INSERT INTO ".get_table_name('users')." (created, last_login, username, mail_host, alias, language) VALUES (".$DB->now().", ".$DB->now().", ?, ?, ?, ?)", - $user, - $host, - $user_email, - $_SESSION['user_lang']); + strip_newlines($user), + strip_newlines($host), + strip_newlines($user_email), + $_SESSION['user_lang']); if ($user_id = $DB->insert_id(get_sequence_name('users'))) { @@ -595,7 +595,7 @@ function rcmail_create_user($user, $host) $user_name = $user!=$user_email ? $user : ''; // try to resolve the e-mail address from the virtuser table - if (!empty($CONFIG['virtuser_query']) && + if (!empty($CONFIG['virtuser_query']) && ($sql_result = $DB->query(preg_replace('/%u/', $user, $CONFIG['virtuser_query']))) && ($DB->num_rows()>0)) while ($sql_arr = $DB->fetch_array($sql_result)) @@ -604,7 +604,7 @@ function rcmail_create_user($user, $host) (user_id, del, standard, name, email) VALUES (?, 0, 1, ?, ?)", $user_id, - $user_name, + strip_newlines($user_name), preg_replace('/^@/', $user . '@', $sql_arr[0])); } else @@ -614,8 +614,8 @@ function rcmail_create_user($user, $host) (user_id, del, standard, name, email) VALUES (?, 0, 1, ?, ?)", $user_id, - $user_name, - $user_email); + strip_newlines($user_name), + strip_newlines($user_email)); } // get existing mailboxes @@ -1140,6 +1140,14 @@ function strip_quotes($str) return preg_replace('/[\'"]/', '', $str); } +/** + * Remove new lines characters from given string + */ +function strip_newlines($str) +{ + return preg_replace('/[\r\n]/', '', $str); +} + // ************** template parsing and gui functions ************** diff --git a/program/include/rcube_imap.inc b/program/include/rcube_imap.inc index 3463ae21b..871b6c1f4 100644 --- a/program/include/rcube_imap.inc +++ b/program/include/rcube_imap.inc @@ -2117,7 +2117,12 @@ class rcube_imap $j++; $address = $val['address']; $name = preg_replace(array('/^[\'"]/', '/[\'"]$/'), '', trim($val['name'])); - $string = $name!==$address ? sprintf('%s <%s>', strpos($name, ',')!==FALSE ? '"'.$name.'"' : $name, $address) : $address; + if ($name && $address && $name != $address) + $string = sprintf('%s <%s>', strpos($name, ',')!==FALSE ? '"'.$name.'"' : $name, $address); + else if ($address) + $string = $address; + else if ($name) + $string = $name; $out[$j] = array('name' => $name, 'mailto' => $address, @@ -2476,7 +2481,7 @@ class rcube_imap foreach ($sub_a as $k => $v) { - if ((strpos($v, '@') > 0) && (strpos($v, '.') > 0)) + if (strpos($v, '@') > 0) $result[$key]['address'] = str_replace('<', '', str_replace('>', '', $v)); else $result[$key]['name'] .= (empty($result[$key]['name'])?'':' ').str_replace("\"",'',stripslashes($v)); diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc index a794e9814..24057a224 100644 --- a/program/steps/mail/compose.inc +++ b/program/steps/mail/compose.inc @@ -201,7 +201,7 @@ function rcmail_compose_headers($attrib) $fvalue = ''; foreach ($to_addresses as $addr_part) { - if (!in_array($addr_part['mailto'], $sa_recipients) && (!$MESSAGE['FROM'] || !in_array($addr_part['mailto'], $MESSAGE['FROM']))) + if (!empty($addr_part['mailto']) && !in_array($addr_part['mailto'], $sa_recipients) && (!$MESSAGE['FROM'] || !in_array($addr_part['mailto'], $MESSAGE['FROM']))) { $fvalue .= (strlen($fvalue) ? ', ':'').$addr_part['string']; $sa_recipients[] = $addr_part['mailto']; @@ -384,8 +384,8 @@ function rcmail_compose_body($attrib) $body = rcmail_first_text_part($MESSAGE); $isHtml = false; } - if (strlen($body)) - $body = rcmail_create_reply_body($body, $isHtml); + + $body = rcmail_create_reply_body($body, $isHtml); } // forward message body inline else if ($compose_mode == RCUBE_COMPOSE_FORWARD) @@ -417,8 +417,8 @@ function rcmail_compose_body($attrib) $body = rcmail_first_text_part($MESSAGE); $isHtml = false; } - if (strlen($body)) - $body = rcmail_create_draft_body($body, $isHtml); + + $body = rcmail_create_draft_body($body, $isHtml); } $OUTPUT->include_script('tiny_mce/tiny_mce.js'); diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index e5e4db837..1b98f1d52 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -1252,7 +1252,7 @@ function rcmail_sanitize_html($body, $container_id) // parse link attributes and set correct target function rcmail_alter_html_link($in) { - $in = preg_replace('/=([^("|\s)]+)(\s|$)/', '="\1"', $in); + $in = preg_replace('/=([^("|\'|\s)]+)(\s|$)/', '="\1"', $in); $attrib = parse_attrib_string($in); if (stristr((string)$attrib['href'], 'mailto:')) -- cgit v1.2.3