From c505e59a6d2cf45233c1e0de186b8d6fe9d804ba Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 5 Sep 2008 09:29:06 +0000
Subject: Respect Content-Location headers in multipart/related messages
 (#1484946)

---
 program/include/rcube_imap.php    | 15 ++++++++-------
 program/include/rcube_message.php | 10 +++++++++-
 program/lib/washtml.php           | 15 +++++++++------
 3 files changed, 26 insertions(+), 14 deletions(-)

(limited to 'program')

diff --git a/program/include/rcube_imap.php b/program/include/rcube_imap.php
index 51e6b7dd5..439c55663 100644
--- a/program/include/rcube_imap.php
+++ b/program/include/rcube_imap.php
@@ -1149,16 +1149,17 @@ class rcube_imap
       if (empty($struct->disposition))
         $struct->disposition = 'inline';
       }
+    
+    // fetch message headers if message/rfc822 or named part (could contain Content-Location header)
+    if ($struct->ctype_primary == 'message' || ($struct->ctype_parameters['name'] && !$struct->content_id)) {
+      $part_headers = iil_C_FetchPartHeader($this->conn, $this->mailbox, $this->_msg_id, $struct->mime_id);
+      $struct->headers = $this->_parse_headers($part_headers) + $struct->headers;
+    }
 
-    // fetch message headers if message/rfc822
-    if ($struct->ctype_primary=='message')
-      {
-      $headers = iil_C_FetchPartBody($this->conn, $this->mailbox, $this->_msg_id, $struct->mime_id.'.HEADER');
-      $struct->headers = $this->_parse_headers($headers);
-      
+    if ($struct->ctype_primary=='message') {
       if (is_array($part[8]) && empty($struct->parts))
         $struct->parts[] = $this->_structure_part($part[8], ++$count, $struct->mime_id);
-      }
+    }
 
     // normalize filename property
     $this->_set_part_filename($struct);
diff --git a/program/include/rcube_message.php b/program/include/rcube_message.php
index 1e3bc7f7e..329c39049 100644
--- a/program/include/rcube_message.php
+++ b/program/include/rcube_message.php
@@ -356,6 +356,10 @@ class rcube_message
             $mail_part->content_id = preg_replace(array('/^</', '/>$/'), '', $mail_part->headers['content-id']);
             $this->inline_parts[] = $mail_part;
           }
+          else if ($message_ctype_secondary == 'related' && $mail_part->headers['content-location']) {
+            $mail_part->content_location = $mail_part->headers['content-base'] . $mail_part->headers['content-location'];
+            $this->inline_parts[] = $mail_part;
+          }
           // is regular attachment
           else {
             if (!$mail_part->filename)
@@ -370,7 +374,11 @@ class rcube_message
         $a_replaces = array();
 
         foreach ($this->inline_parts as $inline_object) {
-          $a_replaces['cid:'.$inline_object->content_id] = $this->get_part_url($inline_object->mime_id);
+          $part_url = $this->get_part_url($inline_object->mime_id);
+          if ($inline_object->content_id)
+            $a_replaces['cid:'.$inline_object->content_id] = $part_url;
+          if ($inline_object->content_location)
+            $a_replaces[$inline_object->content_location] = $part_url;
         }
 
         // add replace array to each content part
diff --git a/program/lib/washtml.php b/program/lib/washtml.php
index 340dc93f3..2c38baa78 100644
--- a/program/lib/washtml.php
+++ b/program/lib/washtml.php
@@ -132,13 +132,14 @@ class washtml
                  '|#[0-9a-f]{3,6}|[a-z0-9\-]+'.
                  ')\s*/i', $str, $match)) {
           if($match[2]) {
-            if(preg_match('/^(http|https|ftp):.*$/i', $match[2], $url)) {
+            if($src = $this->config['cid_map'][$match[2]])
+              $value .= ' url(\''.htmlspecialchars($src, ENT_QUOTES) . '\')';
+            else if(preg_match('/^(http|https|ftp):.*$/i', $match[2], $url)) {
               if($this->config['allow_remote'])
                 $value .= ' url(\''.htmlspecialchars($url[0], ENT_QUOTES).'\')';
               else
                 $this->extlinks = true;
-            } else if(preg_match('/^cid:(.*)$/i', $match[2], $cid))
-              $value .= ' url(\''.htmlspecialchars($this->config['cid_map']['cid:'.$cid[1]], ENT_QUOTES) . '\')';
+            }
           } else if($match[0] != 'url' && $match[0] != 'rbg')//whitelist ?
             $value .= ' ' . $match[0];
           $str = substr($str, strlen($match[0]));
@@ -164,7 +165,10 @@ class washtml
       else if($key == 'style' && ($style = $this->wash_style($value)))
         $t .= ' style="' . $style . '"';
       else if($key == 'src' && strtolower($node->tagName) == 'img') { //check tagName anyway
-        if(preg_match('/^(http|https|ftp):.*/i', $value)) {
+        if($src = $this->config['cid_map'][$value]) {
+          $t .= ' ' . $key . '="' . htmlspecialchars($src, ENT_QUOTES) . '"';
+        }
+        else if(preg_match('/^(http|https|ftp):.*/i', $value)) {
           if($this->config['allow_remote'])
             $t .= ' ' . $key . '="' . htmlspecialchars($value, ENT_QUOTES) . '"';
           else {
@@ -172,8 +176,7 @@ class washtml
             if ($this->config['blocked_src'])
               $t .= ' src="' . htmlspecialchars($this->config['blocked_src'], ENT_QUOTES) . '"';
           }
-        } else if(preg_match('/^cid:(.*)$/i', $value, $cid))
-          $t .= ' ' . $key . '="' . htmlspecialchars($this->config['cid_map']['cid:'.$cid[1]], ENT_QUOTES) . '"';
+        }
       } else
         $washed .= ($washed?' ':'') . $key;
     }
-- 
cgit v1.2.3