From 96c946ee6ced0a9a68ef251528a3f900d5a01396 Mon Sep 17 00:00:00 2001 From: alecpl Date: Wed, 21 Dec 2011 10:07:42 +0000 Subject: - Applied fixes from trunk up to r5633 --- program/steps/mail/autocomplete.inc | 4 +++- program/steps/mail/get.inc | 38 +------------------------------------ 2 files changed, 4 insertions(+), 38 deletions(-) (limited to 'program/steps/mail') diff --git a/program/steps/mail/autocomplete.inc b/program/steps/mail/autocomplete.inc index 281a4e9f7..6eea705ef 100644 --- a/program/steps/mail/autocomplete.inc +++ b/program/steps/mail/autocomplete.inc @@ -28,8 +28,10 @@ if ($RCMAIL->action == 'group-expand') { $abook->set_pagesize(1000); // TODO: limit number of group members by config $result = $abook->list_records(array('email','name')); while ($result && ($sql_arr = $result->iterate())) { - foreach ((array)$sql_arr['email'] as $email) + foreach ((array)$sql_arr['email'] as $email) { $members[] = format_email_recipient($email, $sql_arr['name']); + break; // only expand one email per contact + } } $separator = trim($RCMAIL->config->get('recipients_separator', ',')) . ' '; diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc index aee2c4d1a..06a718f39 100644 --- a/program/steps/mail/get.inc +++ b/program/steps/mail/get.inc @@ -5,7 +5,7 @@ | program/steps/mail/get.inc | | | | This file is part of the Roundcube Webmail client | - | Copyright (C) 2005-2009, The Roundcube Dev Team | + | Copyright (C) 2005-2011, The Roundcube Dev Team | | Licensed under the GNU GPL | | | | PURPOSE: | @@ -179,39 +179,3 @@ header('HTTP/1.1 404 Not Found'); exit; - -/** - * PHP stream filter to detect html/javascript code in attachments - */ -class rcube_content_filter extends php_user_filter -{ - private $buffer = ''; - private $cutoff = 2048; - - function onCreate() - { - $this->cutoff = rand(2048, 3027); - return true; - } - - function filter($in, $out, &$consumed, $closing) - { - while ($bucket = stream_bucket_make_writeable($in)) { - $this->buffer .= $bucket->data; - - // check for evil content and abort - if (preg_match('/<(script|iframe|object)/i', $this->buffer)) - return PSFS_ERR_FATAL; - - // keep buffer small enough - if (strlen($this->buffer) > 4096) - $this->buffer = substr($this->buffer, $this->cutoff); - - $consumed += $bucket->datalen; - stream_bucket_append($out, $bucket); - } - - return PSFS_PASS_ON; - } -} - -- cgit v1.2.3