From 77449d011b2367a9f3d7bb179534aa09865aa26e Mon Sep 17 00:00:00 2001 From: alecpl Date: Mon, 28 Nov 2011 09:03:27 +0000 Subject: - Applied fixes from trunk up to r5498 --- CHANGELOG | 7 ++ config/main.inc.php.dist | 4 +- installer/rcube_install.php | 43 +++++++--- program/include/main.inc | 43 ++++++---- program/include/rcube_browser.php | 24 +++--- program/include/rcube_config.php | 7 +- program/include/rcube_smtp.php | 2 +- program/js/app.js | 7 +- program/lib/html2text.php | 96 +++++++++++++--------- program/steps/addressbook/func.inc | 2 +- program/steps/mail/search.inc | 20 +++-- skins/default/functions.js | 164 ++++++++++++++++++++----------------- tests/mailfunc.php | 2 +- 13 files changed, 252 insertions(+), 169 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 71be8a90f..bec2a6147 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,13 @@ CHANGELOG Roundcube Webmail =========================== +- Use strpos() instead of strstr() when possible (#1488211) +- Fix handling HTML entities when converting HTML to text (#1488212) +- Fix fit_string_to_size() renders browser and ui unresponsive (#1488207) +- Fix handling of invalid characters in request (#1488124) +- Fix merging some configuration options in update.sh script (#1485864) +- Fix so TEXT key will remove all HEADER keys in IMAP SEARCH (#1488208) +- Fix handling contact photo url with https:// prefix (#1488202) - Fix possible infinite redirect on attachment preview (#1488199) - Improved clickjacking protection for browsers which don't support X-Frame-Options headers - Fixed bug where similiar folder names were highlighted wrong (#1487860) diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist index d07a3b3c2..e355b2df6 100644 --- a/config/main.inc.php.dist +++ b/config/main.inc.php.dist @@ -653,8 +653,8 @@ $rcmail_config['pagesize'] = 40; // use this timezone to display date/time $rcmail_config['timezone'] = 'auto'; -// is daylight saving On? -$rcmail_config['dst_active'] = (bool)date('I'); +// is daylight saving On? Default: (bool)date('I'); +$rcmail_config['dst_active'] = null; // prefer displaying HTML messages $rcmail_config['prefer_html'] = true; diff --git a/installer/rcube_install.php b/installer/rcube_install.php index ff3f7a4c3..dbe662acf 100644 --- a/installer/rcube_install.php +++ b/installer/rcube_install.php @@ -142,20 +142,22 @@ class rcube_install foreach ($this->config as $prop => $default) { - $value = (isset($_POST["_$prop"]) || $this->bool_config_props[$prop]) ? $_POST["_$prop"] : $default; + $is_default = !isset($_POST["_$prop"]); + $value = !$is_default || $this->bool_config_props[$prop] ? $_POST["_$prop"] : $default; // convert some form data - if ($prop == 'debug_level') { - $val = 0; - if (is_array($value)) + if ($prop == 'debug_level' && !$is_default) { + if (is_array($value)) { + $val = 0; foreach ($value as $dbgval) $val += intval($dbgval); - $value = $val; + $value = $val; + } } else if ($which == 'db' && $prop == 'db_dsnw' && !empty($_POST['_dbtype'])) { if ($_POST['_dbtype'] == 'sqlite') $value = sprintf('%s://%s?mode=0646', $_POST['_dbtype'], $_POST['_dbname']{0} == '/' ? '/' . $_POST['_dbname'] : $_POST['_dbname']); - else + else if ($_POST['_dbtype']) $value = sprintf('%s://%s:%s@%s/%s', $_POST['_dbtype'], rawurlencode($_POST['_dbuser']), rawurlencode($_POST['_dbpass']), $_POST['_dbhost'], $_POST['_dbname']); } @@ -177,9 +179,9 @@ class rcube_install $value = '%p'; } else if ($prop == 'default_imap_folders') { - $value = Array(); + $value = array(); foreach ($this->config['default_imap_folders'] as $_folder) { - switch($_folder) { + switch ($_folder) { case 'Drafts': $_folder = $this->config['drafts_mbox']; break; case 'Sent': $_folder = $this->config['sent_mbox']; break; case 'Junk': $_folder = $this->config['junk_mbox']; break; @@ -206,7 +208,7 @@ class rcube_install // replace the matching line in config file $out = preg_replace( '/(\$rcmail_config\[\''.preg_quote($prop).'\'\])\s+=\s+(.+);/Uie', - "'\\1 = ' . rcube_install::_dump_var(\$value) . ';'", + "'\\1 = ' . rcube_install::_dump_var(\$value, \$prop) . ';'", $out); } @@ -299,7 +301,7 @@ class rcube_install $current = $this->config; $this->config = array(); $this->load_defaults(); - + foreach ($this->replaced_config as $prop => $replacement) { if (isset($current[$prop])) { if ($prop == 'skin_path') @@ -328,9 +330,9 @@ class rcube_install if ($current['keep_alive'] && $current['session_lifetime'] < $current['keep_alive']) $current['session_lifetime'] = max(10, ceil($current['keep_alive'] / 60) * 2); - + $this->config = array_merge($this->config, $current); - + foreach ((array)$current['ldap_public'] as $key => $values) { $this->config['ldap_public'][$key] = $current['ldap_public'][$key]; } @@ -614,7 +616,22 @@ class rcube_install } - static function _dump_var($var) { + static function _dump_var($var, $name=null) { + // special values + switch ($name) { + case 'syslog_facility': + $list = array(32 => 'LOG_AUTH', 80 => 'LOG_AUTHPRIV', 72 => ' LOG_CRON', + 24 => 'LOG_DAEMON', 0 => 'LOG_KERN', 128 => 'LOG_LOCAL0', + 136 => 'LOG_LOCAL1', 144 => 'LOG_LOCAL2', 152 => 'LOG_LOCAL3', + 160 => 'LOG_LOCAL4', 168 => 'LOG_LOCAL5', 176 => 'LOG_LOCAL6', + 184 => 'LOG_LOCAL7', 48 => 'LOG_LPR', 16 => 'LOG_MAIL', + 56 => 'LOG_NEWS', 40 => 'LOG_SYSLOG', 8 => 'LOG_USER', 64 => 'LOG_UUCP'); + if ($val = $list[$var]) + return $val; + break; + } + + if (is_array($var)) { if (empty($var)) { return 'array()'; diff --git a/program/include/main.inc b/program/include/main.inc index 25940bd67..714764959 100644 --- a/program/include/main.inc +++ b/program/include/main.inc @@ -640,20 +640,23 @@ function JQ($str) function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL) { $value = NULL; - - if ($source==RCUBE_INPUT_GET && isset($_GET[$fname])) - $value = $_GET[$fname]; - else if ($source==RCUBE_INPUT_POST && isset($_POST[$fname])) - $value = $_POST[$fname]; - else if ($source==RCUBE_INPUT_GPC) - { + + if ($source == RCUBE_INPUT_GET) { + if (isset($_GET[$fname])) + $value = $_GET[$fname]; + } + else if ($source == RCUBE_INPUT_POST) { + if (isset($_POST[$fname])) + $value = $_POST[$fname]; + } + else if ($source == RCUBE_INPUT_GPC) { if (isset($_POST[$fname])) $value = $_POST[$fname]; else if (isset($_GET[$fname])) $value = $_GET[$fname]; else if (isset($_COOKIE[$fname])) $value = $_COOKIE[$fname]; - } + } return parse_input_value($value, $allow_html, $charset); } @@ -661,7 +664,7 @@ function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL) /** * Parse/validate input value. See get_input_value() * Performs stripslashes() and charset conversion if necessary - * + * * @param string Input value * @param boolean Allow HTML tags in field value * @param string Charset to convert into @@ -687,15 +690,21 @@ function parse_input_value($value, $allow_html=FALSE, $charset=NULL) else if (get_magic_quotes_gpc() || get_magic_quotes_runtime()) $value = stripslashes($value); - // remove HTML tags if not allowed + // remove HTML tags if not allowed if (!$allow_html) $value = strip_tags($value); - + + $output_charset = is_object($OUTPUT) ? $OUTPUT->get_charset() : null; + + // remove invalid characters (#1488124) + if ($output_charset == 'UTF-8') + $value = rc_utf8_clean($value); + // convert to internal charset - if (is_object($OUTPUT) && $charset) - return rcube_charset_convert($value, $OUTPUT->get_charset(), $charset); - else - return $value; + if ($charset && $output_charset) + $value = rcube_charset_convert($value, $output_charset, $charset); + + return $value; } /** @@ -711,10 +720,10 @@ function request2param($mode = RCUBE_INPUT_GPC, $ignore = 'task|action') $src = $mode == RCUBE_INPUT_GET ? $_GET : ($mode == RCUBE_INPUT_POST ? $_POST : $_REQUEST); foreach ($src as $key => $value) { $fname = $key[0] == '_' ? substr($key, 1) : $key; - if ($ignore && !preg_match("/($ignore)/", $fname)) + if ($ignore && !preg_match('/^(' . $ignore . ')$/', $fname)) $out[$fname] = get_input_value($key, $mode); } - + return $out; } diff --git a/program/include/rcube_browser.php b/program/include/rcube_browser.php index c89c3897f..859f36795 100644 --- a/program/include/rcube_browser.php +++ b/program/include/rcube_browser.php @@ -33,19 +33,19 @@ class rcube_browser $HTTP_USER_AGENT = strtolower($_SERVER['HTTP_USER_AGENT']); $this->ver = 0; - $this->win = strstr($HTTP_USER_AGENT, 'win'); - $this->mac = strstr($HTTP_USER_AGENT, 'mac'); - $this->linux = strstr($HTTP_USER_AGENT, 'linux'); - $this->unix = strstr($HTTP_USER_AGENT, 'unix'); + $this->win = strpos($HTTP_USER_AGENT, 'win') != false; + $this->mac = strpos($HTTP_USER_AGENT, 'mac') != false; + $this->linux = strpos($HTTP_USER_AGENT, 'linux') != false; + $this->unix = strpos($HTTP_USER_AGENT, 'unix') != false; - $this->opera = strstr($HTTP_USER_AGENT, 'opera'); - $this->ns4 = strstr($HTTP_USER_AGENT, 'mozilla/4') && !stristr($HTTP_USER_AGENT, 'msie'); - $this->ns = ($this->ns4 || strstr($HTTP_USER_AGENT, 'netscape')); - $this->ie = !$this->opera && stristr($HTTP_USER_AGENT, 'compatible; msie'); - $this->mz = !$this->ie && strstr($HTTP_USER_AGENT, 'mozilla/5'); - $this->chrome = strstr($HTTP_USER_AGENT, 'chrome'); - $this->khtml = strstr($HTTP_USER_AGENT, 'khtml'); - $this->safari = !$this->chrome && ($this->khtml || strstr($HTTP_USER_AGENT, 'safari')); + $this->opera = strpos($HTTP_USER_AGENT, 'opera') !== false; + $this->ns4 = strpos($HTTP_USER_AGENT, 'mozilla/4') !== false && strpos($HTTP_USER_AGENT, 'msie') === false; + $this->ns = ($this->ns4 || strpos($HTTP_USER_AGENT, 'netscape') !== false); + $this->ie = !$this->opera && strpos($HTTP_USER_AGENT, 'compatible; msie') !== false; + $this->mz = !$this->ie && strpos($HTTP_USER_AGENT, 'mozilla/5') !== false; + $this->chrome = strpos($HTTP_USER_AGENT, 'chrome') !== false; + $this->khtml = strpos($HTTP_USER_AGENT, 'khtml') !== false; + $this->safari = !$this->chrome && ($this->khtml || strpos($HTTP_USER_AGENT, 'safari') !== false); if ($this->ns || $this->chrome) { $test = preg_match('/(mozilla|chrome)\/([0-9.]+)/', $HTTP_USER_AGENT, $regs); diff --git a/program/include/rcube_config.php b/program/include/rcube_config.php index 01e678150..f80f92c91 100644 --- a/program/include/rcube_config.php +++ b/program/include/rcube_config.php @@ -90,11 +90,14 @@ class rcube_config // enable display_errors in 'show' level, but not for ajax requests ini_set('display_errors', intval(empty($_REQUEST['_remote']) && ($this->prop['debug_level'] & 4))); - + // set timezone auto settings values if ($this->prop['timezone'] == 'auto') { $this->prop['dst_active'] = intval(date('I')); - $this->prop['_timezone_value'] = date('Z') / 3600 - $this->prop['dst_active']; + $this->prop['_timezone_value'] = date('Z') / 3600 - $this->prop['dst_active']; + } + else if ($this->prop['dst_active'] === null) { + $this->prop['dst_active'] = intval(date('I')); } // export config data diff --git a/program/include/rcube_smtp.php b/program/include/rcube_smtp.php index 5c2dd92d2..56b601290 100644 --- a/program/include/rcube_smtp.php +++ b/program/include/rcube_smtp.php @@ -381,7 +381,7 @@ class rcube_smtp $from = $addresses[0]; // Reject envelope From: addresses with spaces. - if (strstr($from, ' ')) + if (strpos($from, ' ') !== false) return false; $lines[] = $key . ': ' . $value; diff --git a/program/js/app.js b/program/js/app.js index 6c0d2cd8d..8ffcf93af 100644 --- a/program/js/app.js +++ b/program/js/app.js @@ -5743,10 +5743,13 @@ function rcube_webmail() }); }; - this.plain2html = function(plainText, id) + this.plain2html = function(plain, id) { var lock = this.set_busy(true, 'converting'); - $('#'+id).val(plainText ? '
'+plainText+'
' : ''); + + plain = plain.replace(/&/g, '&').replace(//g, '>'); + $('#'+id).val(plain ? '
'+plain+'
' : ''); + this.set_busy(false, null, lock); }; diff --git a/program/lib/html2text.php b/program/lib/html2text.php index 1ab16055b..9fc96eac7 100644 --- a/program/lib/html2text.php +++ b/program/lib/html2text.php @@ -145,7 +145,6 @@ class html2text var $search = array( "/\r/", // Non-legal carriage return "/[\n\t]+/", // Newlines and tabs - '/[ ]{2,}/', // Runs of spaces, pre-handling '/]*>.*?<\/script>/i', //