Kolab Groupware OBS

roundcubemail.spec Changed

default-configuration.patch Changed

@@ -1,8 +1,7 @@
-diff --git a/config/defaults.inc.php b/config/defaults.inc.php
-index 6f61a4c..28eb9df 100644
---- a/config/defaults.inc.php
-+++ b/config/defaults.inc.php
-@@ -430,7 +430,7 @@ $config['mail_domain'] = '';
+diff -ur roundcubemail-1.1.csrf/config/defaults.inc.php roundcubemail-1.1/config/defaults.inc.php
+--- roundcubemail-1.1.csrf/config/defaults.inc.php	2014-11-05 12:16:39.115271616 +0100
++++ roundcubemail-1.1/config/defaults.inc.php	2014-11-05 12:35:03.596562886 +0100
+@@ -430,7 +430,7 @@
  // Password charset.
  // Use it if your authentication backend doesn't support UTF-8.
  // Defaults to ISO-8859-1 for backward compatibility
@@ -11,16 +10,16 @@
  
  // How many seconds must pass between emails sent by a user
  $config['sendmail_delay'] = 0;
-@@ -624,7 +624,7 @@ $config['spellcheck_dictionary'] = false;
- // - 'atd'     - install your own After the Deadline server or check with the people at http://www.afterthedeadline.com before using their API
- // Since Google shut down their public spell checking service, you need to 
- // connect to a Nox Spell Server when using 'googie' here. Therefore specify the 'spellcheck_uri'
+@@ -642,7 +642,7 @@
+ // Since Google shut down their public spell checking service, the default settings
+ // connect to http://spell.roundcube.net which is a hosted service provided by Roundcube.
+ // You can connect to any other googie-compliant service by setting 'spellcheck_uri' accordingly.
 -$config['spellcheck_engine'] = 'googie';
 +$config['spellcheck_engine'] = 'pspell';
  
  // For locally installed Nox Spell Server or After the Deadline services,
  // please specify the URI to call it.
-@@ -1007,7 +1007,7 @@ $config['check_all_folders'] = false;
+@@ -1025,7 +1025,7 @@
  $config['display_next'] = true;
  
  // Default messages listing mode. One of 'threads' or 'list'.

roundcubemail-1.1-appjs.patch Deleted

@@ -1,46 +0,0 @@
-diff -ur roundcubemail-1.1-2-assets/program/js/app.js roundcubemail-1.1/program/js/app.js
---- roundcubemail-1.1-2-assets/program/js/app.js	2014-10-13 10:04:50.996719819 +0200
-+++ roundcubemail-1.1/program/js/app.js	2014-10-13 10:09:02.723630175 +0200
-@@ -58,7 +58,6 @@
-     request_timeout: 180,  // seconds
-     draft_autosave: 0,     // seconds
-     comm_path: './',
--    blankpage: 'program/resources/blank.gif',
-     recipients_separator: ',',
-     recipients_delimiter: ', ',
-     popup_width: 1150,
-@@ -163,6 +162,9 @@
-       return;
-     }
- 
-+    if (!this.env.blankpage)
-+      this.env.blankpage = (this.env.assets_path ? this.env.assets_path : '') + 'program/resources/blank.gif';
-+
-     // find all registered gui containers
-     for (n in this.gui_containers)
-       this.gui_containers[n] = $('#'+this.gui_containers[n]);
-@@ -7972,7 +7974,7 @@
- 
-     img.onload = function() { ref.env.browser_capabilities.tif = 1; };
-     img.onerror = function() { ref.env.browser_capabilities.tif = 0; };
--    img.src = 'program/resources/blank.tif';
-+    img.src = (this.env.assets_path ? this.env.assets_path : '') + 'program/resources/blank.tif';
-   };
- 
-   this.pdf_support_check = function()
-diff -ur roundcubemail-1.1-2-assets/program/steps/mail/show.inc roundcubemail-1.1/program/steps/mail/show.inc
---- roundcubemail-1.1-2-assets/program/steps/mail/show.inc	2014-09-23 17:39:14.000000000 +0200
-+++ roundcubemail-1.1/program/steps/mail/show.inc	2014-10-13 10:51:05.896904043 +0200
-@@ -352,10 +352,10 @@
-             '_alt'    => $placeholder,
-         ));
- 
--        $attrib['onerror'] = "this.src = '" . ($placeholder ? $placeholder : 'program/resources/blank.gif') . "'";
-+        $attrib['onerror'] = "this.src = '" . $RCMAIL->output->asset_url(($placeholder ? $placeholder : 'program/resources/blank.gif')) . "'";
-     }
-     else {
--        $photo_img = $placeholder ? $placeholder : 'program/resources/blank.gif';
-+        $photo_img = ($placeholder ? $placeholder : $RCMAIL->output->asset_url('program/resources/blank.gif'));
-     }
- 
-     return html::img(array('src' => $photo_img, 'alt' => $RCMAIL->gettext('contactphoto')) + $attrib);

roundcubemail-1.1-assets.patch Deleted

@@ -1,67 +0,0 @@
-diff --git a/program/include/rcmail_output_html.php b/program/include/rcmail_output_html.php
-index aae54d4..3df5589 100644
---- a/program/include/rcmail_output_html.php
-+++ b/program/include/rcmail_output_html.php
-@@ -184,7 +184,7 @@ EOF;
-             }
- 
-             $path = (rcube_utils::https_check() ? 'https' : 'http') . '://'
--                . $_SERVER['SERVER_NAME'] . $base . '/' . $path;
-+                . $_SERVER['HTTP_HOST'] . rtrim($base, '/') . '/' . ltrim($path, '/');
-         }
- 
-         $this->assets_path = $path;
-@@ -306,10 +306,27 @@ EOF;
-         }
- 
-         foreach ($skin_paths as $skin_path) {
--            $path = realpath($skin_path . $file);
-+            $path = $skin_path . $file;
-+
-+            if (is_file($path)) {
-+                return $skin_path . $file;
-+            }
-+
-+            $path = rtrim(RCUBE_INSTALL_PATH, '/');
-+            $path .= '/' . 'public_html/assets/';
-+            $path .= rtrim($skin_path, '/') . '/' . $file;
-+
-             if (is_file($path)) {
-                 return $skin_path . $file;
-             }
-+
-+            $path = rtrim(RCUBE_INSTALL_PATH, '/');
-+            $path .= '/' . $skin_path . $file;
-+            $path = realpath($path);
-+
-+            if ($skin_path[0] != '/' && is_file($path)) {
-+                return $path;
-+            }
-         }
- 
-         return false;
-@@ -491,9 +491,10 @@ EOF;
- 
-             // fallback to deprecated template names
-             if (!is_readable($path) && $this->deprecated_templates[$realname]) {
--                $path = "$skin_path/templates/" . $this->deprecated_templates[$realname] . ".html";
-+                // Try an old path
-+                $tpath = "$skin_path/templates/" . $this->deprecated_templates[$realname] . ".html";
- 
--                if (is_readable($path)) {
-+                if (is_readable($tpath)) {
-                     rcube::raise_error(array(
-                         'code' => 502, 'type' => 'php',
-                         'file' => __FILE__, 'line' => __LINE__,
-@@ -552,6 +569,10 @@ EOF;
-                 }
-             }
- 
-+            if (!is_readable($path) && $path[0] != '/' && is_readable(rtrim(RCUBE_INSTALL_PATH, '/') . '/' . $path)) {
-+                $path = rtrim(RCUBE_INSTALL_PATH, '/') . '/' . $path;
-+            }
-+
-             if (is_readable($path)) {
-                 $this->config->set('skin_path', $skin_path);
-                 $this->base_path = preg_replace('!plugins/\w+/!', '', $skin_path);  // set base_path to core skin directory (not plugin's skin)
-

roundcubemail-1.1-csrf.patch Changed

@@ -1,34 +1,7 @@
-diff -ur roundcubemail-1.1.orig/config/defaults.inc.php roundcubemail-1.1/config/defaults.inc.php
---- roundcubemail-1.1.orig/config/defaults.inc.php  2014-09-04 13:26:10.000000000 +0200
-+++ roundcubemail-1.1/config/defaults.inc.php   2014-09-06 14:30:33.910366429 +0200
-@@ -532,6 +532,23 @@
- // Note: useful when SMTP server stores sent mail in user mailbox
- $config['no_save_sent_messages'] = false;
- 
-+// Improve system security by using special URL with security token.
-+// This can be set to a number defining token length. Default: 16.
-+// Warning: This requires http server configuration. Sample:
-+//    RewriteRule ^/roundcubemail/[a-f0-9]{16}/(.*) /roundcubemail/$1 [PT]
-+//    Alias /roundcubemail /var/www/roundcubemail/
-+// Note: Use assets_path to not prevent the browser from caching assets
-+$config['use_secure_urls'] = false;
-+
-+// Allows to define separate server/path for image/js/css files
-+// Warning: If the domain is different cross-domain access to some
-+// resources need to be allowed
-+// Sample:
-+//    <FilesMatch ".(eot|ttf|woff)">
-+//    Header set Access-Control-Allow-Origin "*"
-+//    </FilesMatch>
-+$config['assets_path'] = '';
-+
- // ----------------------------------
- // PLUGINS
- // ----------------------------------
 diff -ur roundcubemail-1.1.orig/.htaccess roundcubemail-1.1/.htaccess
---- roundcubemail-1.1.orig/.htaccess    2014-09-04 13:26:10.000000000 +0200
-+++ roundcubemail-1.1/.htaccess 2014-09-06 14:30:33.908366428 +0200
-@@ -31,7 +31,7 @@
+--- roundcubemail-1.1.orig/.htaccess	2014-11-04 15:28:27.000000000 +0100
++++ roundcubemail-1.1/.htaccess	2014-11-05 12:16:39.115271616 +0100
+@@ -30,7 +30,7 @@
  # security rules:
  # - deny access to files not containing a dot or starting with a dot
  #   in all locations except installer directory
@@ -38,8 +11,8 @@
  RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
  # - deny access to some documentation files
 diff -ur roundcubemail-1.1.orig/index.php roundcubemail-1.1/index.php
---- roundcubemail-1.1.orig/index.php    2014-09-04 13:26:10.000000000 +0200
-+++ roundcubemail-1.1/index.php 2014-09-06 14:30:33.911366430 +0200
+--- roundcubemail-1.1.orig/index.php	2014-11-04 15:28:27.000000000 +0100
++++ roundcubemail-1.1/index.php	2014-11-05 12:16:39.116271617 +0100
 @@ -90,9 +90,9 @@
  
  // try to log in
@@ -112,8 +85,8 @@
      // check access to disabled actions
      $disabled_actions = (array) $RCMAIL->config->get('disabled_actions');
 diff -ur roundcubemail-1.1.orig/plugins/acl/acl.js roundcubemail-1.1/plugins/acl/acl.js
---- roundcubemail-1.1.orig/plugins/acl/acl.js   2014-09-04 13:26:10.000000000 +0200
-+++ roundcubemail-1.1/plugins/acl/acl.js    2014-09-06 14:30:33.911366430 +0200
+--- roundcubemail-1.1.orig/plugins/acl/acl.js	2014-11-04 15:28:27.000000000 +0100
++++ roundcubemail-1.1/plugins/acl/acl.js	2014-11-05 12:16:39.116271617 +0100
 @@ -58,8 +58,11 @@
      var users = this.acl_get_usernames();
  
@@ -163,9 +136,9 @@
  
  // Cancel/Hide form
 diff -ur roundcubemail-1.1.orig/plugins/acl/acl.php roundcubemail-1.1/plugins/acl/acl.php
---- roundcubemail-1.1.orig/plugins/acl/acl.php  2014-09-04 13:26:10.000000000 +0200
-+++ roundcubemail-1.1/plugins/acl/acl.php   2014-09-06 14:30:33.912366431 +0200
-@@ -452,10 +452,10 @@
+--- roundcubemail-1.1.orig/plugins/acl/acl.php	2014-11-04 15:28:27.000000000 +0100
++++ roundcubemail-1.1/plugins/acl/acl.php	2014-11-05 12:16:39.118271620 +0100
+@@ -454,10 +454,10 @@
       */
      private function action_save()
      {
@@ -180,7 +153,7 @@
  
          $acl    = array_intersect(str_split($acl), $this->rights_supported());
          $users  = $oldid ? array($user) : explode(',', $user);
-@@ -508,8 +508,8 @@
+@@ -510,8 +510,8 @@
       */
      private function action_delete()
      {
@@ -192,8 +165,8 @@
          $user = explode(',', $user);
  
 diff -ur roundcubemail-1.1.orig/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php roundcubemail-1.1/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php
---- roundcubemail-1.1.orig/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php 2014-09-04 13:26:10.000000000 +0200
-+++ roundcubemail-1.1/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php  2014-09-06 14:30:33.914366432 +0200
+--- roundcubemail-1.1.orig/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php	2014-11-04 15:28:27.000000000 +0100
++++ roundcubemail-1.1/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php	2014-11-05 12:16:39.119271621 +0100
 @@ -349,7 +349,7 @@
                  }
              }
@@ -238,10 +211,9 @@
                  $id = $this->genid();
                  $content = $this->action_div($fid, $id, false);
  
-Only in roundcubemail-1.1/plugins/managesieve/lib/Roundcube: rcube_sieve_engine.php.orig
 diff -ur roundcubemail-1.1.orig/program/include/rcmail_output_html.php roundcubemail-1.1/program/include/rcmail_output_html.php
---- roundcubemail-1.1.orig/program/include/rcmail_output_html.php   2014-09-04 13:26:10.000000000 +0200
-+++ roundcubemail-1.1/program/include/rcmail_output_html.php    2014-09-06 14:30:33.917366435 +0200
+--- roundcubemail-1.1.orig/program/include/rcmail_output_html.php	2014-11-04 15:28:27.000000000 +0100
++++ roundcubemail-1.1/program/include/rcmail_output_html.php	2014-11-05 12:25:02.235810998 +0100
 @@ -45,6 +45,7 @@
      protected $footer = '';
      protected $body = '';
@@ -259,7 +231,7 @@
          if (!empty($_REQUEST['_extwin']))
              $this->set_env('extwin', 1);
          if ($this->framed || $framed)
-@@ -145,6 +148,50 @@
+@@ -145,6 +148,52 @@
      }
  
      /**
@@ -269,16 +241,18 @@
 +     */
 +    public function set_assets_path($path)
 +    {
-+        $path = trim($path, '/') . '/';
-+
 +        if (empty($path)) {
 +            return;
 +        }
 +
++        $path = rtrim($path, '/') . '/';
++
 +        // convert to absolute URL
 +        if (!preg_match('|^https?://|', $path)) {
-+            $base = preg_replace('/[?#&].*$/', '', $_SERVER['REQUEST_URI']);
-+            $base = rtrim($base, '/');
++            if ($path[0] != '/') {
++                $base = preg_replace('/[?#&].*$/', '', $_SERVER['REQUEST_URI']);
++                $base = rtrim($base, '/');
++            }
 +
 +            // remove url token if exists
 +            if ($len = intval($this->config->get('use_secure_urls'))) {
@@ -299,7 +273,7 @@
 +            }
 +
 +            $path = (rcube_utils::https_check() ? 'https' : 'http') . '://'
-+                . $_SERVER['SERVER_NAME'] . $base . '/' . $path;
++                . $_SERVER['SERVER_NAME'] . $base . ($base ? '/' : '') . $path;
 +        }
 +
 +        $this->assets_path = $path;
@@ -310,7 +284,7 @@
       * Getter for the current page title
       *
       * @return string The page title
-@@ -367,14 +414,15 @@
+@@ -369,14 +418,15 @@
      /**
       * Redirect to a certain url
       *
@@ -330,7 +304,7 @@
          header('Location: ' . $location);
          exit;
      }
-@@ -659,6 +707,24 @@
+@@ -667,6 +717,24 @@
          exit;
      }
  
@@ -355,7 +329,7 @@
  
      /*****  Template parsing methods  *****/
  
-@@ -715,6 +781,8 @@
+@@ -723,6 +791,8 @@
              $file = $this->file_mod($file);
          }
  
@@ -364,7 +338,7 @@
          return $matches[1] . '=' . $matches[2] . $file . $matches[4];
      }
  
-@@ -1329,6 +1397,7 @@
+@@ -1337,6 +1407,7 @@
      {
          if (!preg_match('|^https?://|i', $file) && $file[0] != '/') {
              $file = $this->file_mod($this->scripts_path . $file);
@@ -372,7 +346,7 @@
          }
  
          if (!is_array($this->script_files[$position])) {
-@@ -1541,7 +1610,7 @@
+@@ -1549,7 +1620,7 @@
          }
  
          $attrib['name'] = $attrib['id'];
@@ -381,7 +355,7 @@
  
          // register as 'contentframe' object
          if ($is_contentframe || $attrib['contentframe']) {
-@@ -1758,9 +1827,11 @@
+@@ -1766,9 +1837,11 @@
      {
          $images = preg_split('/[\s\t\n,]+/', $attrib['images'], -1, PREG_SPLIT_NO_EMPTY);

debian.series Changed

roundcubemail-1.1.tar.gz/.htaccess Changed

roundcubemail-1.1.tar.gz/CHANGELOG Changed

@@ -1,6 +1,9 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Fix skin path handling in plugin context (#1488967)
+- Prevent memory exhaustion on image resizing with GD on Windows (#1489937)
+- Add plugin hook for database table name lookups as requested in #1489837
 - Added Oracle database support
 - Support contacts import in GMail CSV format
 - Added namespace filter in Folder Manager
@@ -49,8 +52,19 @@
 - Don't remove links when html signature is converted to text (#1489621)
 - Fix page title when using search filter (#1490023)
 - Fix mbox files import
+- Fix so attachment charset is set in headers of forward/draft message (#1490109)
+- Fix bug where wrong charset could be used for text attachment preview page (#1490106)
 - Fix setting flags on servers with no PERMANENTFLAGS response (#1490087)
 - Fix regression in SHAA password generation in ldap driver of password plugin (#1490094)
+- Fix displaying of HTML messages with absolutely positioned elements in Larry skin (#1490103)
+- Fix font style display issue in HTML messages with styled <span> elements (#1490101)
+- Fix download of attachments that are part of TNEF message (#1490091)
+- Fix handling of uuencoded messages if messages_cache is enabled (#1490108)
+- Fix handling of base64-encoded attachments with extra spaces (#1490111)
+- Fix handling of UNKNOWN-CTE response, try do decode content client-side (#1490046)
+- Fix bug where creating subfolders in shared folders wasn't possible without ACL extension (#1490113)
+- Fix reply scrolling issue with text mode and start message below the quote (#1490114)
+- Fix possible issues in skin/skin_path config handling (#1490125)
 
 RELEASE 1.0.3
 -------------

roundcubemail-1.1.tar.gz/INSTALL Changed

roundcubemail-1.1.tar.gz/SQL/oracle.initial.sql Changed

roundcubemail-1.1.tar.gz/bin/cleandb.sh Changed

roundcubemail-1.1.tar.gz/bin/decrypt.sh Changed

roundcubemail-1.1.tar.gz/bin/deluser.sh Changed

roundcubemail-1.1.tar.gz/bin/dumpschema.sh Changed

roundcubemail-1.1.tar.gz/bin/exportgettext.sh Changed

roundcubemail-1.1.tar.gz/bin/gc.sh Changed

roundcubemail-1.1.tar.gz/bin/importgettext.sh Changed

roundcubemail-1.1.tar.gz/bin/indexcontacts.sh Changed

roundcubemail-1.1.tar.gz/bin/installto.sh Changed

roundcubemail-1.1.tar.gz/bin/moduserprefs.sh Changed

roundcubemail-1.1.tar.gz/bin/msgexport.sh Changed

roundcubemail-1.1.tar.gz/bin/msgimport.sh Changed

roundcubemail-1.1.tar.gz/bin/update.sh Changed

roundcubemail-1.1.tar.gz/bin/updatecss.sh Changed

roundcubemail-1.1.tar.gz/bin/updatedb.sh Changed

roundcubemail-1.1.tar.gz/config/defaults.inc.php Changed

@@ -618,12 +618,13 @@
 $config['spellcheck_dictionary'] = false;
 
 // Set the spell checking engine. Possible values:
-// - 'googie'  - the default
+// - 'googie'  - the default (also used for connecting to Nox Spell Server, see 'spellcheck_uri' setting)
 // - 'pspell'  - requires the PHP Pspell module and aspell installed
 // - 'enchant' - requires the PHP Enchant module
 // - 'atd'     - install your own After the Deadline server or check with the people at http://www.afterthedeadline.com before using their API
-// Since Google shut down their public spell checking service, you need to 
-// connect to a Nox Spell Server when using 'googie' here. Therefore specify the 'spellcheck_uri'
+// Since Google shut down their public spell checking service, the default settings
+// connect to http://spell.roundcube.net which is a hosted service provided by Roundcube.
+// You can connect to any other googie-compliant service by setting 'spellcheck_uri' accordingly.
 $config['spellcheck_engine'] = 'googie';
 
 // For locally installed Nox Spell Server or After the Deadline services,

roundcubemail-1.1.tar.gz/index.php Changed

roundcubemail-1.1.tar.gz/installer/check.php Changed

roundcubemail-1.1.tar.gz/installer/index.php Changed

roundcubemail-1.1.tar.gz/plugins/acl/acl.php Changed

@@ -114,14 +114,16 @@
             }
 
             if ($this->rc->config->get('acl_groups')) {
-                $prefix = $this->rc->config->get('acl_group_prefix');
-                $result = $this->ldap->list_groups($search, $mode);
+                $prefix      = $this->rc->config->get('acl_group_prefix');
+                $group_field = $this->rc->config->get('acl_group_field', 'name');
+                $result      = $this->ldap->list_groups($search, $mode);
 
                 foreach ($result as $record) {
-                    $group = $record['name'];
+                    $group    = $record['name'];
+                    $group_id = is_array($record[$group_field]) ? $record[$group_field][0] : $record[$group_field];
 
                     if ($group) {
-                        $users[] = array('name' => ($prefix ? $prefix : '')  . $group, 'display' => $group);
+                        $users[] = array('name' => ($prefix ? $prefix : '') . $group_id, 'display' => $group);
                         $keys[]  = $group;
                     }
                 }

roundcubemail-1.1.tar.gz/plugins/acl/config.inc.php.dist Changed

roundcubemail-1.1.tar.gz/plugins/acl/tests/Acl.php Changed

roundcubemail-1.1.tar.gz/plugins/additional_message_headers/tests/AdditionalMessageHeaders.php Changed

roundcubemail-1.1.tar.gz/plugins/archive/tests/Archive.php Changed

roundcubemail-1.1.tar.gz/plugins/autologon/tests/Autologon.php Changed

roundcubemail-1.1.tar.gz/plugins/database_attachments/tests/DatabaseAttachments.php Changed

roundcubemail-1.1.tar.gz/plugins/debug_logger/debug_logger.php Changed

roundcubemail-1.1.tar.gz/plugins/debug_logger/tests/DebugLogger.php Changed

roundcubemail-1.1.tar.gz/plugins/emoticons/tests/Emoticons.php Changed

roundcubemail-1.1.tar.gz/plugins/enigma/lib/enigma_driver_phpssl.php Changed

roundcubemail-1.1.tar.gz/plugins/enigma/tests/Enigma.php Changed

roundcubemail-1.1.tar.gz/plugins/example_addressbook/example_addressbook.php Changed

roundcubemail-1.1.tar.gz/plugins/example_addressbook/tests/ExampleAddressbook.php Changed

roundcubemail-1.1.tar.gz/plugins/filesystem_attachments/tests/FilesystemAttachments.php Changed

roundcubemail-1.1.tar.gz/plugins/help/tests/Help.php Changed

roundcubemail-1.1.tar.gz/plugins/hide_blockquote/tests/HideBlockquote.php Changed

roundcubemail-1.1.tar.gz/plugins/http_authentication/tests/HttpAuthentication.php Changed

roundcubemail-1.1.tar.gz/plugins/identity_select/tests/IdentitySelect.php Changed

roundcubemail-1.1.tar.gz/plugins/jqueryui/tests/Jqueryui.php Changed

roundcubemail-1.1.tar.gz/plugins/legacy_browser/tests/LegacyBrowser.php Changed

roundcubemail-1.1.tar.gz/plugins/managesieve/config.inc.php.dist Changed

roundcubemail-1.1.tar.gz/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php Changed

@@ -5,8 +5,8 @@
  *
  * Engine part of Managesieve plugin implementing UI and backend access.
  *
- * Copyright (C) 2008-2013, The Roundcube Dev Team
- * Copyright (C) 2011-2013, Kolab Systems AG
+ * Copyright (C) 2008-2014, The Roundcube Dev Team
+ * Copyright (C) 2011-2014, Kolab Systems AG
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -1177,16 +1177,7 @@
 
     function filter_frame($attrib)
     {
-        if (!$attrib['id'])
-            $attrib['id'] = 'rcmfilterframe';
-
-        $attrib['name'] = $attrib['id'];
-
-        $this->rc->output->set_env('contentframe', $attrib['name']);
-        $this->rc->output->set_env('blankpage', $attrib['src'] ?
-        $this->rc->output->abs_url($attrib['src']) : 'program/resources/blank.gif');
-
-        return $this->rc->output->frame($attrib);
+        return $this->rc->output->frame($attrib, true);
     }
 
     function filterset_form($attrib)

roundcubemail-1.1.tar.gz/plugins/managesieve/managesieve.php Changed

roundcubemail-1.1.tar.gz/plugins/managesieve/tests/Managesieve.php Changed

roundcubemail-1.1.tar.gz/plugins/managesieve/tests/Parser.php Changed

roundcubemail-1.1.tar.gz/plugins/managesieve/tests/Tokenizer.php Changed

roundcubemail-1.1.tar.gz/plugins/managesieve/tests/Vacation.php Changed

roundcubemail-1.1.tar.gz/plugins/markasjunk/tests/Markasjunk.php Changed

roundcubemail-1.1.tar.gz/plugins/new_user_dialog/tests/NewUserDialog.php Changed

roundcubemail-1.1.tar.gz/plugins/new_user_identity/composer.json Changed

roundcubemail-1.1.tar.gz/plugins/new_user_identity/config.inc.php.dist Added

roundcubemail-1.1.tar.gz/plugins/new_user_identity/new_user_identity.php Changed

@@ -9,41 +9,89 @@
  * @version @package_version@
  * @author Kris Steinhoff
  * @license GNU GPLv3+
- *
- * Example configuration:
- *
- *  // The id of the address book to use to automatically set a new
- *  // user's full name in their new identity. (This should be an
- *  // string, which refers to the $config['ldap_public'] array.)
- *  $config['new_user_identity_addressbook'] = 'People';
- *
- *  // When automatically setting a new users's full name in their
- *  // new identity, match the user's login name against this field.
- *  $config['new_user_identity_match'] = 'uid';
  */
 class new_user_identity extends rcube_plugin
 {
     public $task = 'login';
 
+    private $rc;
     private $ldap;
 
     function init()
     {
+        $this->rc = rcmail::get_instance();
+
         $this->add_hook('user_create', array($this, 'lookup_user_name'));
+        $this->add_hook('login_after', array($this, 'login_after'));
     }
 
     function lookup_user_name($args)
     {
         if ($this->init_ldap($args['host'])) {
             $results = $this->ldap->search('*', $args['user'], true);
+
             if (count($results->records) == 1) {
                 $user_name  = is_array($results->records[0]['name']) ? $results->records[0]['name'][0] : $results->records[0]['name'];
                 $user_email = is_array($results->records[0]['email']) ? $results->records[0]['email'][0] : $results->records[0]['email'];
 
-                $args['user_name'] = $user_name;
+                $args['user_name']  = $user_name;
+                $args['email_list'] = array();
+
                 if (!$args['user_email'] && strpos($user_email, '@')) {
                     $args['user_email'] = rcube_utils::idn_to_ascii($user_email);
                 }
+
+                foreach (array_keys($results[0]) as $key) {
+                    if (!preg_match('/^email($|:)/', $key)) {
+                        continue;
+                    }
+
+                    foreach ((array) $results->records[0][$key] as $alias) {
+                        if (strpos($alias, '@')) {
+                            $args['email_list'][] = rcube_utils::idn_to_ascii($alias);
+                        }
+                    }
+                }
+
+            }
+        }
+
+        return $args;
+    }
+
+    function login_after($args)
+    {
+        $this->load_config();
+
+        if ($this->ldap || !$this->rc->config->get('new_user_identity_onlogin')) {
+            return $args;
+        }
+
+        $identities = $this->rc->user->list_identities();
+        $ldap_entry = $this->lookup_user_name(array(
+                'user' => $this->rc->user->data['username'],
+                'host' => $this->rc->user->data['mail_host'],
+        ));
+
+        foreach ((array) $ldap_entry['email_list'] as $email) {
+            foreach ($identities as $identity) {
+                if ($identity['email'] == $email ) {
+                    continue 2;
+                }
+            }
+
+            $plugin = $this->rc->plugins->exec_hook('identity_create', array(
+                'login'  => true,
+                'record' => array(
+                    'user_id'  => $this->rc->user->ID,
+                    'standard' => 0,
+                    'email'    => $email,
+                    'name'     => $ldap_entry['user_name']
+                ),
+            ));
+
+            if (!$plugin['abort'] && $plugin['record']['email']) {
+                $this->rc->user->insert_identity($plugin['record']);
             }
         }
         return $args;
@@ -55,11 +103,11 @@
             return $this->ldap->ready;
         }
 
-        $rcmail = rcmail::get_instance();
+        $this->load_config();
 
-        $addressbook = $rcmail->config->get('new_user_identity_addressbook');
-        $ldap_config = (array)$rcmail->config->get('ldap_public');
-        $match       = $rcmail->config->get('new_user_identity_match');
+        $addressbook = $this->rc->config->get('new_user_identity_addressbook');
+        $ldap_config = (array)$this->rc->config->get('ldap_public');
+        $match       = $this->rc->config->get('new_user_identity_match');
 
         if (empty($addressbook) || empty($match) || empty($ldap_config[$addressbook])) {
             return false;
@@ -67,8 +115,8 @@
 
         $this->ldap = new new_user_identity_ldap_backend(
             $ldap_config[$addressbook],
-            $rcmail->config->get('ldap_debug'),
-            $rcmail->config->mail_domain($host),
+            $this->rc->config->get('ldap_debug'),
+            $this->rc->config->mail_domain($host),
             $match);
 
         return $this->ldap->ready;

roundcubemail-1.1.tar.gz/plugins/new_user_identity/package.xml Changed

roundcubemail-1.1.tar.gz/plugins/new_user_identity/tests/NewUserIdentity.php Changed

roundcubemail-1.1.tar.gz/plugins/newmail_notifier/tests/NewmailNotifier.php Changed

roundcubemail-1.1.tar.gz/plugins/password/README Changed

@@ -317,31 +317,25 @@
 
  2.20. Plesk (Plesk RPC-API)
  ---------------------------
- 
+
  Driver for changing Passwords via Plesk RPC-API. This Driver also works with
  Parallels Plesk Automation (PPA).
- 
+
  You need to allow the IP of the Roundcube-Server for RPC-Calls in the Panel.
- 
- 
+
  Set $config['password_plesk_host'] to the Hostname / IP where Plesk runs
- 
  Set your Admin or RPC User: $config['password_plesk_user']
- 
  Set the Password of the User: $config['password_plesk_pass']
- 
  Set $config['password_plesk_rpc_port']  for the RPC-Port. Usually its 8443
- 
- Set the RPC-Path in $config['password_plesk_rpc_path']. Normally this is: enterprise/control/agent.php;
+ Set the RPC-Path in $config['password_plesk_rpc_path']. Normally this is: enterprise/control/agent.php.
 
- 
 
  3. Driver API
  -------------
 
- Driver file (<driver_name>.php) must define 'password_save' function with
- two arguments. First - current password, second - new password. Function
- should return PASSWORD_SUCCESS on success or any of PASSWORD_CONNECT_ERROR,
+ Driver file (<driver_name>.php) must define rcube_<driver_name>_password class
+ with public save() method that has two arguments. First - current password, second - new password.
+ This method should return PASSWORD_SUCCESS on success or any of PASSWORD_CONNECT_ERROR,
  PASSWORD_CRYPT_ERROR, PASSWORD_ERROR when driver was unable to change password.
  Extended result (as a hash-array with 'message' and 'code' items) can be returned
  too. See existing drivers in drivers/ directory for examples.

roundcubemail-1.1.tar.gz/plugins/password/config.inc.php.dist Changed

roundcubemail-1.1.tar.gz/plugins/password/drivers/ldap.php Changed

@@ -38,7 +38,8 @@
         // Building user DN
         if ($userDN = $rcmail->config->get('password_ldap_userDN_mask')) {
             $userDN = self::substitute_vars($userDN);
-        } else {
+        }
+        else {
             $userDN = $this->search_userdn($rcmail);
         }
 
@@ -78,13 +79,25 @@
             return PASSWORD_CONNECT_ERROR;
         }
 
-        $crypted_pass = self::hash_password($passwd, $rcmail->config->get('password_ldap_encodage'));
         $force        = $rcmail->config->get('password_ldap_force_replace');
         $pwattr       = $rcmail->config->get('password_ldap_pwattr');
         $lchattr      = $rcmail->config->get('password_ldap_lchattr');
         $smbpwattr    = $rcmail->config->get('password_ldap_samba_pwattr');
         $smblchattr   = $rcmail->config->get('password_ldap_samba_lchattr');
         $samba        = $rcmail->config->get('password_ldap_samba');
+        $encodage     = $rcmail->config->get('password_ldap_encodage');
+
+        // Support multiple userPassword values where desired.
+        // multiple encodings can be specified separated by '+' (e.g. "cram-md5+ssha")
+        $encodages    = explode('+', $encodage);
+        $crypted_pass = array();
+
+        foreach ($encodages as $enc) {
+            $cpw = self::hash_password($passwd, $enc);
+            if (!empty($cpw)) {
+                $crypted_pass[] = $cpw;
+            }
+        }
 
         // Support password_ldap_samba option for backward compat.
         if ($samba && !$smbpwattr) {
@@ -93,7 +106,7 @@
         }
 
         // Crypt new password
-        if (!$crypted_pass) {
+        if (empty($crypted_pass)) {
             return PASSWORD_CRYPT_ERROR;
         }
 
@@ -297,6 +310,7 @@
             }
             break;
 
+
         case 'smd5':
             mt_srand((double) microtime() * 1000000);
             $salt = substr(pack('h*', md5(mt_rand())), 0, 8);
@@ -332,6 +346,11 @@
             $crypted_password = rcube_charset::convert('"' . $password_clear . '"', RCUBE_CHARSET, 'UTF-16LE');
             break;
 
+        case 'cram-md5':
+            require_once __DIR__ . '/../helpers/dovecot_hmacmd5.php';
+            return dovecot_hmacmd5($password_clear);
+            break;
+
         case 'clear':
         default:
             $crypted_password = $password_clear;

roundcubemail-1.1.tar.gz/plugins/password/drivers/plesk.php Changed

roundcubemail-1.1.tar.gz/plugins/password/helpers/dovecot_hmacmd5.php Added

@@ -0,0 +1,191 @@
+<?php
+
+/**
+ *
+ * dovecot_hmacmd5.php V1.01
+ *
+ * Generates HMAC-MD5 'contexts' for Dovecot's password files.
+ *
+ * (C) 2008 Hajo Noerenberg
+ *
+ * http://www.noerenberg.de/hajo/pub/dovecot_hmacmd5.php.txt
+ *
+ * Most of the code has been shamelessly stolen from various sources:
+ *
+ * (C) Paul Johnston 1999 - 2000 / http://pajhome.org.uk/crypt/md5/
+ * (C) William K. Cole 2008 / http://www.scconsult.com/bill/crampass.pl
+ * (C) Borfast 2002 / http://www.zend.com/code/codex.php?ozid=962&single=1
+ * (C) Thomas Weber / http://pajhome.org.uk/crypt/md5/contrib/md5.java.txt
+ *
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 3.0 as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program. If not, see <http://www.gnu.org/licenses/gpl-3.0.txt>.
+ *
+ */
+
+/* Convert a 32-bit number to a hex string with ls-byte first
+ */
+
+function rhex($n) {
+	$hex_chr = "0123456789abcdef"; $r = '';
+	for($j = 0; $j <= 3; $j++)
+		$r .= $hex_chr[($n >> ($j * 8 + 4)) & 0x0F] . $hex_chr[($n >> ($j * 8)) & 0x0F];
+	return $r;
+}
+
+/* zeroFill() is needed because PHP doesn't have a zero-fill
+ * right shift operator like JavaScript's >>>
+ */
+
+function zeroFill($a, $b) {
+	$z = hexdec(80000000);
+	if ($z & $a) {
+		$a >>= 1;
+		$a &= (~$z);
+		$a |= 0x40000000;
+		$a >>= ($b-1);
+	} else {
+		$a >>= $b;
+	}
+	return $a;
+}
+
+/* Bitwise rotate a 32-bit number to the left
+ */
+
+function bit_rol($num, $cnt) {
+	return ($num << $cnt) | (zeroFill($num, (32 - $cnt)));
+}
+
+/* Add integers, wrapping at 2^32
+ */
+
+function safe_add($x, $y) {
+	return (($x&0x7FFFFFFF) + ($y&0x7FFFFFFF)) ^ ($x&0x80000000) ^ ($y&0x80000000);
+}
+
+/* These functions implement the four basic operations the algorithm uses.
+ */
+
+function md5_cmn($q, $a, $b, $x, $s, $t) {
+	return safe_add(bit_rol(safe_add(safe_add($a, $q), safe_add($x, $t)), $s), $b);
+}
+function md5_ff($a, $b, $c, $d, $x, $s, $t) {
+	return md5_cmn(($b & $c) | ((~$b) & $d), $a, $b, $x, $s, $t);
+}
+function md5_gg($a, $b, $c, $d, $x, $s, $t) {
+	return md5_cmn(($b & $d) | ($c & (~$d)), $a, $b, $x, $s, $t);
+}
+function md5_hh($a, $b, $c, $d, $x, $s, $t) {
+	return md5_cmn($b ^ $c ^ $d, $a, $b, $x, $s, $t);
+}
+function md5_ii($a, $b, $c, $d, $x, $s, $t) {
+	return md5_cmn($c ^ ($b | (~$d)), $a, $b, $x, $s, $t);
+}
+
+/* Calculate the first round of the MD5 algorithm
+ */
+
+function md5_oneround($s, $io) {
+
+	$s = str_pad($s, 64, chr(0x00));
+
+	$x = array_fill(0, 16, 0);
+
+	for($i = 0; $i < 64; $i++)
+		$x[$i >> 2] |= (($io ? 0x36 : 0x5c) ^ ord($s[$i])) << (($i % 4) * 8);
+
+	$a = $olda =  1732584193;
+	$b = $oldb = -271733879;
+	$c = $oldc = -1732584194;
+	$d = $oldd =  271733878;
+
+	$a = md5_ff($a, $b, $c, $d, $x[ 0], 7 , -680876936);
+	$d = md5_ff($d, $a, $b, $c, $x[ 1], 12, -389564586);
+	$c = md5_ff($c, $d, $a, $b, $x[ 2], 17,  606105819);
+	$b = md5_ff($b, $c, $d, $a, $x[ 3], 22, -1044525330);
+	$a = md5_ff($a, $b, $c, $d, $x[ 4], 7 , -176418897);
+	$d = md5_ff($d, $a, $b, $c, $x[ 5], 12,  1200080426);
+	$c = md5_ff($c, $d, $a, $b, $x[ 6], 17, -1473231341);
+	$b = md5_ff($b, $c, $d, $a, $x[ 7], 22, -45705983);
+	$a = md5_ff($a, $b, $c, $d, $x[ 8], 7 ,  1770035416);
+	$d = md5_ff($d, $a, $b, $c, $x[ 9], 12, -1958414417);
+	$c = md5_ff($c, $d, $a, $b, $x[10], 17, -42063);
+	$b = md5_ff($b, $c, $d, $a, $x[11], 22, -1990404162);
+	$a = md5_ff($a, $b, $c, $d, $x[12], 7 ,  1804603682);
+	$d = md5_ff($d, $a, $b, $c, $x[13], 12, -40341101);
+	$c = md5_ff($c, $d, $a, $b, $x[14], 17, -1502002290);
+	$b = md5_ff($b, $c, $d, $a, $x[15], 22,  1236535329);
+
+	$a = md5_gg($a, $b, $c, $d, $x[ 1], 5 , -165796510);
+	$d = md5_gg($d, $a, $b, $c, $x[ 6], 9 , -1069501632);
+	$c = md5_gg($c, $d, $a, $b, $x[11], 14,  643717713);
+	$b = md5_gg($b, $c, $d, $a, $x[ 0], 20, -373897302);
+	$a = md5_gg($a, $b, $c, $d, $x[ 5], 5 , -701558691);
+	$d = md5_gg($d, $a, $b, $c, $x[10], 9 ,  38016083);
+	$c = md5_gg($c, $d, $a, $b, $x[15], 14, -660478335);
+	$b = md5_gg($b, $c, $d, $a, $x[ 4], 20, -405537848);
+	$a = md5_gg($a, $b, $c, $d, $x[ 9], 5 ,  568446438);
+	$d = md5_gg($d, $a, $b, $c, $x[14], 9 , -1019803690);
+	$c = md5_gg($c, $d, $a, $b, $x[ 3], 14, -187363961);
+	$b = md5_gg($b, $c, $d, $a, $x[ 8], 20,  1163531501);
+	$a = md5_gg($a, $b, $c, $d, $x[13], 5 , -1444681467);
+	$d = md5_gg($d, $a, $b, $c, $x[ 2], 9 , -51403784);
+	$c = md5_gg($c, $d, $a, $b, $x[ 7], 14,  1735328473);
+	$b = md5_gg($b, $c, $d, $a, $x[12], 20, -1926607734);
+
+	$a = md5_hh($a, $b, $c, $d, $x[ 5], 4 , -378558);
+	$d = md5_hh($d, $a, $b, $c, $x[ 8], 11, -2022574463);
+	$c = md5_hh($c, $d, $a, $b, $x[11], 16,  1839030562);
+	$b = md5_hh($b, $c, $d, $a, $x[14], 23, -35309556);
+	$a = md5_hh($a, $b, $c, $d, $x[ 1], 4 , -1530992060);
+	$d = md5_hh($d, $a, $b, $c, $x[ 4], 11,  1272893353);
+	$c = md5_hh($c, $d, $a, $b, $x[ 7], 16, -155497632);
+	$b = md5_hh($b, $c, $d, $a, $x[10], 23, -1094730640);
+	$a = md5_hh($a, $b, $c, $d, $x[13], 4 ,  681279174);
+	$d = md5_hh($d, $a, $b, $c, $x[ 0], 11, -358537222);
+	$c = md5_hh($c, $d, $a, $b, $x[ 3], 16, -722521979);
+	$b = md5_hh($b, $c, $d, $a, $x[ 6], 23,  76029189);
+	$a = md5_hh($a, $b, $c, $d, $x[ 9], 4 , -640364487);
+	$d = md5_hh($d, $a, $b, $c, $x[12], 11, -421815835);
+	$c = md5_hh($c, $d, $a, $b, $x[15], 16,  530742520);
+	$b = md5_hh($b, $c, $d, $a, $x[ 2], 23, -995338651);
+
+	$a = md5_ii($a, $b, $c, $d, $x[ 0], 6 , -198630844);
+	$d = md5_ii($d, $a, $b, $c, $x[ 7], 10,  1126891415);
+	$c = md5_ii($c, $d, $a, $b, $x[14], 15, -1416354905);
+	$b = md5_ii($b, $c, $d, $a, $x[ 5], 21, -57434055);
+	$a = md5_ii($a, $b, $c, $d, $x[12], 6 ,  1700485571);
+	$d = md5_ii($d, $a, $b, $c, $x[ 3], 10, -1894986606);
+	$c = md5_ii($c, $d, $a, $b, $x[10], 15, -1051523);
+	$b = md5_ii($b, $c, $d, $a, $x[ 1], 21, -2054922799);
+	$a = md5_ii($a, $b, $c, $d, $x[ 8], 6 ,  1873313359);
+	$d = md5_ii($d, $a, $b, $c, $x[15], 10, -30611744);
+	$c = md5_ii($c, $d, $a, $b, $x[ 6], 15, -1560198380);
+	$b = md5_ii($b, $c, $d, $a, $x[13], 21,  1309151649);
+	$a = md5_ii($a, $b, $c, $d, $x[ 4], 6 , -145523070);
+	$d = md5_ii($d, $a, $b, $c, $x[11], 10, -1120210379);
+	$c = md5_ii($c, $d, $a, $b, $x[ 2], 15,  718787259);
+	$b = md5_ii($b, $c, $d, $a, $x[ 9], 21, -343485551);
+
+	$a = safe_add($a, $olda);
+	$b = safe_add($b, $oldb);
+	$c = safe_add($c, $oldc);
+	$d = safe_add($d, $oldd);
+
+	return rhex($a) . rhex($b) . rhex($c) . rhex($d);
+}
+
+function dovecot_hmacmd5 ($s) {
+	if (strlen($s) > 64) $s=pack("H*", md5($s));
+	return "{CRAM-MD5}" . md5_oneround($s, 0) . md5_oneround($s, 1);
+}

roundcubemail-1.1.tar.gz/plugins/password/tests/Password.php Changed

roundcubemail-1.1.tar.gz/plugins/redundant_attachments/tests/RedundantAttachments.php Changed

roundcubemail-1.1.tar.gz/plugins/show_additional_headers/tests/ShowAdditionalHeaders.php Changed

roundcubemail-1.1.tar.gz/plugins/squirrelmail_usercopy/tests/SquirrelmailUsercopy.php Changed

roundcubemail-1.1.tar.gz/plugins/subscriptions_option/tests/SubscriptionsOption.php Changed

roundcubemail-1.1.tar.gz/plugins/userinfo/tests/Userinfo.php Changed

roundcubemail-1.1.tar.gz/plugins/vcard_attachments/tests/VcardAttachments.php Changed

roundcubemail-1.1.tar.gz/plugins/vcard_attachments/vcard_attachments.php Changed

roundcubemail-1.1.tar.gz/plugins/virtuser_file/tests/VirtuserFile.php Changed

roundcubemail-1.1.tar.gz/plugins/virtuser_query/tests/VirtuserQuery.php Changed

roundcubemail-1.1.tar.gz/plugins/zipdownload/tests/Zipdownload.php Changed

roundcubemail-1.1.tar.gz/plugins/zipdownload/zipdownload.php Changed

@@ -144,20 +144,14 @@
                 }
             }
 
-            $disp_name = $this->_convert_filename($filename);
+            $disp_name   = $this->_convert_filename($filename);
+            $tmpfn       = tempnam($temp_dir, 'zipattach');
+            $tmpfp       = fopen($tmpfn, 'w');
+            $tempfiles[] = $tmpfn;
 
-            if ($part->body) {
-                $orig_message_raw = $part->body;
-                $zip->addFromString($disp_name, $orig_message_raw);
-            }
-            else {
-                $tmpfn = tempnam($temp_dir, 'zipattach');
-                $tmpfp = fopen($tmpfn, 'w');
-                $imap->get_message_part($message->uid, $part->mime_id, $part, null, $tmpfp, true);
-                $tempfiles[] = $tmpfn;
-                fclose($tmpfp);
-                $zip->addFile($tmpfn, $disp_name);
-            }
+            $message->get_part_body($part->mime_id, false, 0, $tmpfp);
+            $zip->addFile($tmpfn, $disp_name);
+            fclose($tmpfp);
         }
 
         $zip->close();

roundcubemail-1.1.tar.gz/program/include/rcmail.php Changed

roundcubemail-1.1.tar.gz/program/include/rcmail_output_html.php Changed

@@ -187,6 +187,8 @@
             $valid = !$skin;
         }
 
+        $skin_path = rtrim($skin_path, '/');
+
         $this->config->set('skin_path', $skin_path);
         $this->base_path = $skin_path;
 
@@ -460,6 +462,8 @@
     {
         $plugin   = false;
         $realname = $name;
+        $plugin_skin_paths = array();
+
         $this->template_name = $realname;
 
         $temp = explode('.', $name, 2);
@@ -469,7 +473,6 @@
             $skin_dir = $plugin . '/skins/' . $this->config->get('skin');
 
             // apply skin search escalation list to plugin directory
-            $plugin_skin_paths = array();
             foreach ($this->skin_paths as $skin_path) {
                 $plugin_skin_paths[] = $this->app->plugins->url . $plugin . '/' . $skin_path;
             }
@@ -480,7 +483,7 @@
                 $plugin_skin_paths[] = $this->app->plugins->url . $skin_dir;
             }
 
-            // add plugin skin paths to search list
+            // prepend plugin skin paths to search list
             $this->skin_paths = array_merge($plugin_skin_paths, $this->skin_paths);
         }
 
@@ -523,6 +526,8 @@
                 'file' => __FILE__,
                 'message' => 'Error loading template for '.$realname
                 ), true, $write);
+
+            $this->skin_paths = array_slice($this->skin_paths, count($plugin_skin_paths));
             return false;
         }
 
@@ -547,6 +552,9 @@
         $output = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $output);
         $this->footer = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $this->footer);
 
+        // remove plugin skin paths from current context
+        $this->skin_paths = array_slice($this->skin_paths, count($plugin_skin_paths));
+
         if (!$write) {
             return $output;
         }

roundcubemail-1.1.tar.gz/program/js/app.js Changed

@@ -3319,7 +3319,7 @@
     if (!this.gui_objects.messageform)
       return false;
 
-    var i, input_from = $("[name='_from']"),
+    var i, pos, input_from = $("[name='_from']"),
       input_to = $("[name='_to']"),
       input_subject = $("input[name='_subject']"),
       input_message = $("[name='_message']").get(0),
@@ -3353,12 +3353,19 @@
     }
 
     if (!html_mode) {
-      this.set_caret_pos(input_message, this.env.top_posting ? 0 : $(input_message).val().length);
+      pos = this.env.top_posting ? 0 : input_message.value.length;
+      this.set_caret_pos(input_message, pos);
+
       // add signature according to selected identity
       // if we have HTML editor, signature is added in callback
       if (input_from.prop('type') == 'select-one') {
         this.change_identity(input_from[0]);
       }
+
+      // scroll to the bottom of the textarea (#1490114)
+      if (pos) {
+        $(input_message).scrollTop(input_message.scrollHeight);
+      }
     }
 
     // check for locally stored compose data
@@ -3652,7 +3659,7 @@
   this.save_response = function()
   {
     // show dialog to enter a name and to modify the text to be saved
-    var buttons = {}, text = this.editor.get_content(true, true),
+    var buttons = {}, text = this.editor.get_content({selection: true, format: 'text', nosig: true}),
       html = '<form class="propform">' +
       '<div class="prop block"><label>' + this.get_label('responsename') + '</label>' +
       '<input type="text" name="name" id="ffresponsename" size="40" /></div>' +
@@ -3840,7 +3847,7 @@
       if (val = $('[name="_' + hash_fields[i] + '"]').val())
         str += val + ':';
 
-    str += this.editor.get_content();
+    str += this.editor.get_content({refresh: false});
 
     if (this.env.attachments)
       for (id in this.env.attachments)
@@ -7830,13 +7837,17 @@
   // and return the message uid
   this.get_single_uid = function()
   {
-    return this.env.uid ? this.env.uid : (this.message_list ? this.message_list.get_single_selection() : null);
+    var uid = this.env.uid || (this.message_list ? this.message_list.get_single_selection() : null);
+    var result = ref.triggerEvent('get_single_uid', { uid: uid });
+    return result || uid;
   };
 
   // same as above but for contacts
   this.get_single_cid = function()
   {
-    return this.env.cid ? this.env.cid : (this.contact_list ? this.contact_list.get_single_selection() : null);
+    var cid = this.env.cid || (this.contact_list ? this.contact_list.get_single_selection() : null);
+    var result = ref.triggerEvent('get_single_cid', { cid: cid });
+    return result || cid;
   };
 
   // get the IMP mailbox of the message with the given UID

roundcubemail-1.1.tar.gz/program/js/editor.js Changed

@@ -40,7 +40,7 @@
       selector: '#' + ($('#' + id).is('.mce_editor') ? id : 'fake-editor-id'),
       theme: 'modern',
       language: config.lang,
-      content_css: 'program/js/tinymce/roundcube/content.css?v1',
+      content_css: 'program/js/tinymce/roundcube/content.css?v2',
       menubar: false,
       statusbar: false,
       toolbar_items_size: 'small',
@@ -391,29 +391,33 @@
   };
 
   // get selected text (if no selection returns all text) from the editor
-  this.get_content = function(selected, plain)
+  this.get_content = function(args)
   {
-    // apply spellcheck changes if spell checker is active
-    this.spellcheck_stop();
+    var sigstart, ed = this.editor, text = '', strip = false,
+      defaults = {refresh: true, selection: false, nosig: false, format: 'html'};
+
+    args = $.extend(defaults, args);
 
-    var sigstart, ed = this.editor,
-      format = plain ? 'text' : 'html',
-      text = '', strip = false;
+    // apply spellcheck changes if spell checker is active
+    if (args.refresh) {
+      this.spellcheck_stop();
+    }
 
     // get selected text from tinymce editor
     if (ed) {
       ed.getWin().focus(); // correct focus in IE & Chrome
-      if (selected)
-        text = ed.selection.getContent({format: format});
+      if (args.selection)
+        text = ed.selection.getContent({format: args.format});
 
       if (!text) {
-        text = ed.getContent({format: format});
-        strip = true;
+        text = ed.getContent({format: args.format});
+        // @todo: strip signature in html mode
+        strip = args.format == 'text';
       }
     }
     // get selected text from compose textarea
     else if (ed = rcube_find_object(this.id)) {
-      if (selected && $(ed).is(':focus')) {
+      if (args.selection && $(ed).is(':focus')) {
         text = rcmail.get_input_selection(ed).text;
       }
 
@@ -424,7 +428,8 @@
     }
 
     // strip off signature
-    if (strip) {
+    // @todo: make this optional
+    if (strip && args.nosig) {
       sigstart = text.indexOf('-- \n');
       if (sigstart > 0) {
         text = text.substring(0, sigstart);

roundcubemail-1.1.tar.gz/program/js/googiespell.js Changed

@@ -312,7 +312,9 @@
     this.ignore = ignore;
     this.hideLangWindow();
 
-    if ($(this.text_area).val() == '' || ignore) {
+    var area = $(this.text_area);
+
+    if (area.val() == '' || ignore) {
         if (!this.custom_no_spelling_error)
             this.flashNoSpellingErrorState();
         else
@@ -321,7 +323,7 @@
         return;
     }
 
-    this.createEditLayer(this.text_area.offsetWidth, this.text_area.offsetHeight);
+    this.createEditLayer(area.width(), area.height());
     this.createErrorWindow();
     $('body').append(this.error_window);
 
@@ -331,7 +333,7 @@
     if (this.main_controller)
         $(this.spell_span).unbind('click');
 
-    this.orginal_text = $(this.text_area).val();
+    this.orginal_text = area.val();
 };
 
 this.parseResult = function(r_text)
@@ -674,10 +676,10 @@
 {
     this.edit_layer = document.createElement('div');
     $(this.edit_layer).addClass('googie_edit_layer').attr('id', 'googie_edit_layer')
-        .width('auto').height(height);
+        .width(width).height(height);
 
     if (this.text_area.nodeName.toLowerCase() != 'input' || $(this.text_area).val() == '') {
-        $(this.edit_layer).css('overflow', 'auto').height(height-4);
+        $(this.edit_layer).css('overflow', 'auto');
     } else {
         $(this.edit_layer).css('overflow', 'hidden');
     }

roundcubemail-1.1.tar.gz/program/js/list.js Changed

roundcubemail-1.1.tar.gz/program/js/tinymce/roundcube/content.css Changed

roundcubemail-1.1.tar.gz/program/lib/Roundcube/bootstrap.php Changed

roundcubemail-1.1.tar.gz/program/lib/Roundcube/rcube.php Changed

@@ -842,6 +842,7 @@
          * upon decryption; see http://php.net/mcrypt_generic#68082
          */
         $clear = pack("a*H2", $clear, "80");
+        $ckey  = $this->config->get_crypto_key($key);
 
         if (function_exists('openssl_encrypt')) {
             $method = 'DES-EDE3-CBC';
@@ -853,7 +854,7 @@
             ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, ""))
         ) {
             $iv = $this->create_iv(mcrypt_enc_get_iv_size($td));
-            mcrypt_generic_init($td, $this->config->get_crypto_key($key), $iv);
+            mcrypt_generic_init($td, $ckey, $iv);
             $cipher = $iv . mcrypt_generic($td, $clear);
             mcrypt_generic_deinit($td);
             mcrypt_module_close($td);
@@ -864,7 +865,7 @@
             if (function_exists('des')) {
                 $des_iv_size = 8;
                 $iv = $this->create_iv($des_iv_size);
-                $cipher = $iv . des($this->config->get_crypto_key($key), $clear, 1, 1, $iv);
+                $cipher = $iv . des($ckey, $clear, 1, 1, $iv);
             }
             else {
                 self::raise_error(array(
@@ -895,6 +896,7 @@
         }
 
         $cipher = $base64 ? base64_decode($cipher) : $cipher;
+        $ckey   = $this->config->get_crypto_key($key);
 
         if (function_exists('openssl_decrypt')) {
             $method  = 'DES-EDE3-CBC';
@@ -914,7 +916,7 @@
             ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_CBC, ""))
         ) {
             $iv_size = mcrypt_enc_get_iv_size($td);
-            $iv = substr($cipher, 0, $iv_size);
+            $iv      = substr($cipher, 0, $iv_size);
 
             // session corruption? (#1485970)
             if (strlen($iv) < $iv_size) {
@@ -922,7 +924,7 @@
             }
 
             $cipher = substr($cipher, $iv_size);
-            mcrypt_generic_init($td, $this->config->get_crypto_key($key), $iv);
+            mcrypt_generic_init($td, $ckey, $iv);
             $clear = mdecrypt_generic($td, $cipher);
             mcrypt_generic_deinit($td);
             mcrypt_module_close($td);
@@ -932,15 +934,15 @@
 
             if (function_exists('des')) {
                 $des_iv_size = 8;
-                $iv = substr($cipher, 0, $des_iv_size);
+                $iv     = substr($cipher, 0, $des_iv_size);
                 $cipher = substr($cipher, $des_iv_size);
-                $clear = des($this->config->get_crypto_key($key), $cipher, 0, 1, $iv);
+                $clear  = des($ckey, $cipher, 0, 1, $iv);
             }
             else {
                 self::raise_error(array(
                     'code' => 500, 'type' => 'php',
                     'file' => __FILE__, 'line' => __LINE__,
-                    'message' => "Could not perform decryption; make sure Mcrypt is installed or lib/des.inc is available"
+                    'message' => "Could not perform decryption; make sure OpenSSL or Mcrypt or lib/des.inc is available"
                     ), true, true);
             }
         }

roundcubemail-1.1.tar.gz/program/lib/Roundcube/rcube_db.php Changed

roundcubemail-1.1.tar.gz/program/lib/Roundcube/rcube_db_oracle.php Changed

roundcubemail-1.1.tar.gz/program/lib/Roundcube/rcube_image.php Changed

@@ -59,11 +59,13 @@
             $height  = $imsize[1];
             $gd_type = $imsize['2'];
             $type    = image_type_to_extension($imsize['2'], false);
+            $channels = $imsize['channels'];
         }
 
         // use ImageMagick
         if (!$type && ($data = $this->identify())) {
             list($type, $width, $height) = $data;
+            $channels = null;
         }
 
         if ($type) {
@@ -72,8 +74,11 @@
                 'gd_type' => $gd_type,
                 'width'   => $width,
                 'height'  => $height,
+                'channels' => $channels,
             );
         }
+
+        return null;
     }
 
     /**
@@ -181,6 +186,11 @@
             }
         }
 
+        // do we have enough memory? (#1489937)
+        if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN' && !$this->mem_check($props)) {
+            return false;
+        }
+
         // use GD extension
         if ($props['gd_type']) {
             if ($props['gd_type'] == IMAGETYPE_JPEG && function_exists('imagecreatefromjpeg')) {
@@ -229,7 +239,7 @@
                 $image = $new_image;
 
                 // fix rotation of image if EXIF data exists and specifies rotation (GD strips the EXIF data)
-                if ($this->image_file && function_exists('exif_read_data')) {
+                if ($this->image_file && $type == 'jpg' && function_exists('exif_read_data')) {
                     $exif = exif_read_data($this->image_file);
                     if ($exif && $exif['Orientation']) {
                         switch ($exif['Orientation']) {
@@ -327,6 +337,12 @@
         // use GD extension (TIFF isn't supported)
         $props = $this->props();
 
+        // do we have enough memory? (#1489937)
+        if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN' && !$this->mem_check($props)) {
+            return false;
+        }
+
+
         if ($props['gd_type']) {
             if ($props['gd_type'] == IMAGETYPE_JPEG && function_exists('imagecreatefromjpeg')) {
                 $image = imagecreatefromjpeg($this->image_file);
@@ -406,4 +422,22 @@
             catch (Exception $e) {}
         }
     }
+
+    /**
+     * Check if we have enough memory to load specified image
+     */
+    private function mem_check($props)
+    {
+        // image size is unknown, we can't calculate required memory
+        if (!$props['width']) {
+            return true;
+        }
+
+        // channels: CMYK - 4, RGB - 3
+        $multip = ($props['channels'] ?: 3) + 1;
+
+        // calculate image size in memory (in bytes)
+        $size = $props['width'] * $props['height'] * $multip;
+        return rcube_utils::mem_check($size);
+    }
 }

roundcubemail-1.1.tar.gz/program/lib/Roundcube/rcube_imap_cache.php Changed

roundcubemail-1.1.tar.gz/program/lib/Roundcube/rcube_imap_generic.php Changed

@@ -2569,52 +2569,63 @@
             return false;
         }
 
-        switch ($encoding) {
-        case 'base64':
-            $mode = 1;
-            break;
-        case 'quoted-printable':
-            $mode = 2;
-            break;
-        case 'x-uuencode':
-        case 'x-uue':
-        case 'uue':
-        case 'uuencode':
-            $mode = 3;
-            break;
-        default:
-            $mode = 0;
-        }
+        $binary    = true;
 
-        // Use BINARY extension when possible (and safe)
-        $binary     = $mode && preg_match('/^[0-9.]+$/', $part) && $this->hasCapability('BINARY');
-        $fetch_mode = $binary ? 'BINARY' : 'BODY';
-        $partial    = $max_bytes ? sprintf('<0.%d>', $max_bytes) : '';
-
-        // format request
-        $key     = $this->nextTag();
-        $request = $key . ($is_uid ? ' UID' : '') . " FETCH $id ($fetch_mode.PEEK[$part]$partial)";
-        $result  = false;
-        $found   = false;
-
-        // send request
-        if (!$this->putLine($request)) {
-            $this->setError(self::ERROR_COMMAND, "Unable to send command: $request");
-            return false;
-        }
+        do {
+            if (!$initiated) {
+                switch ($encoding) {
+                case 'base64':
+                    $mode = 1;
+                    break;
+                case 'quoted-printable':
+                    $mode = 2;
+                    break;
+                case 'x-uuencode':
+                case 'x-uue':
+                case 'uue':
+                case 'uuencode':
+                    $mode = 3;
+                    break;
+                default:
+                    $mode = 0;
+                }
 
-        if ($binary) {
-            // WARNING: Use $formatted argument with care, this may break binary data stream
-            $mode = -1;
-        }
+                // Use BINARY extension when possible (and safe)
+                $binary     = $binary && $mode && preg_match('/^[0-9.]+$/', $part) && $this->hasCapability('BINARY');
+                $fetch_mode = $binary ? 'BINARY' : 'BODY';
+                $partial    = $max_bytes ? sprintf('<0.%d>', $max_bytes) : '';
+
+                // format request
+                $key       = $this->nextTag();
+                $request   = $key . ($is_uid ? ' UID' : '') . " FETCH $id ($fetch_mode.PEEK[$part]$partial)";
+                $result    = false;
+                $found     = false;
+                $initiated = true;
+
+                // send request
+                if (!$this->putLine($request)) {
+                    $this->setError(self::ERROR_COMMAND, "Unable to send command: $request");
+                    return false;
+                }
+
+                if ($binary) {
+                    // WARNING: Use $formatted argument with care, this may break binary data stream
+                    $mode = -1;
+                }
+            }
 
-        do {
             $line = trim($this->readLine(1024));
 
             if (!$line) {
                 break;
             }
 
+            // handle UNKNOWN-CTE response - RFC 3516, try again with standard BODY request
+            if ($binary && !$found && preg_match('/^' . $key . ' NO \[UNKNOWN-CTE\]/i', $line)) {
+                $binary = $initiated = false;
+                continue;
+            }
+
             // skip irrelevant untagged responses (we have a result already)
             if ($found || !preg_match('/^\* ([0-9]+) FETCH (.*)$/', $line, $m)) {
                 continue;
@@ -2675,7 +2686,7 @@
 
                     // BASE64
                     if ($mode == 1) {
-                        $line = rtrim($line, "\t\r\n\0\x0B");
+                        $line = preg_replace('|[^a-zA-Z0-9+=/]|', '', $line);
                         // create chunks with proper length for base64 decoding
                         $line = $prev.$line;
                         $length = strlen($line);
@@ -2720,7 +2731,7 @@
                     }
                 }
             }
-        } while (!$this->startsWith($line, $key, true));
+        } while (!$this->startsWith($line, $key, true) || !$initiated);
 
         if ($result !== false) {
             if ($file) {

roundcubemail-1.1.tar.gz/program/lib/Roundcube/rcube_message.php Changed

@@ -3,7 +3,7 @@
 /*
  +-----------------------------------------------------------------------+
  | This file is part of the Roundcube Webmail client                     |
- | Copyright (C) 2008-2010, The Roundcube Dev Team                       |
+ | Copyright (C) 2008-2014, The Roundcube Dev Team                       |
  |                                                                       |
  | Licensed under the GNU General Public License version 3 or            |
  | any later version with exceptions for skins & plugins.                |
@@ -61,6 +61,8 @@
     public $sender = null;
     public $is_safe = false;
 
+    const BODY_MAX_SIZE = 1048576; // 1MB
+
 
     /**
      * __construct
@@ -176,6 +178,7 @@
      * @param boolean  $formatted         Enables formatting of text/* parts bodies
      *
      * @return string Part content
+     * @deprecated
      */
     public function get_part_content($mime_id, $fp = null, $skip_charset_conv = false, $max_bytes = 0, $formatted = true)
     {
@@ -198,6 +201,127 @@
 
 
     /**
+     * Get content of a specific part of this message
+     *
+     * @param string  $mime_id   Part ID
+     * @param boolean $formatted Enables formatting of text/* parts bodies
+     * @param int     $max_bytes Only return/read this number of bytes
+     * @param mixed   $mode      NULL to return a string, -1 to print body
+     *                           or file pointer to save the body into
+     *
+     * @return string|bool Part content or operation status
+     */
+    public function get_part_body($mime_id, $formatted = false, $max_bytes = 0, $mode = null)
+    {
+        if (!($part = $this->mime_parts[$mime_id])) {
+            return;
+        }
+
+        // only text parts can be formatted
+        $formatted = $formatted && $part->ctype_primary == 'text';
+
+        // part body not fetched yet... save in memory if it's small enough
+        if ($part->body === null && is_numeric($mime_id) && $part->size < self::BODY_MAX_SIZE) {
+            $this->storage->set_folder($this->folder);
+            // Warning: body here should be always unformatted
+            $part->body = $this->storage->get_message_part($this->uid, $mime_id, $part,
+                null, null, true, 0, false);
+        }
+
+        // body stored in message structure (winmail/inline-uuencode)
+        if ($part->body !== null || $part->encoding == 'stream') {
+            $body = $part->body;
+
+            if ($formatted && $body) {
+                $body = self::format_part_body($body, $part, $this->headers->charset);
+            }
+
+            if ($max_bytes && strlen($body) > $max_bytes) {
+                $body = substr($body, 0, $max_bytes);
+            }
+
+            if (is_resource($mode)) {
+                if ($body !== false) {
+                    fwrite($mode, $body);
+                    rewind($mode);
+                }
+
+                return $body !== false;
+            }
+
+            if ($mode === -1) {
+                if ($body !== false) {
+                    print($body);
+                }
+
+                return $body !== false;
+            }
+
+            return $body;
+        }
+
+        // get the body from IMAP
+        $this->storage->set_folder($this->folder);
+
+        $body = $this->storage->get_message_part($this->uid, $mime_id, $part,
+            $mode === -1, is_resource($mode) ? $mode : null,
+            !($mode && $formatted), $max_bytes, $mode && $formatted);
+
+        if (is_resource($mode)) {
+            rewind($mode);
+            return $body !== false;
+        }
+
+        if (!$mode && $body && $formatted) {
+            $body = self::format_part_body($body, $part, $this->headers->charset);
+        }
+
+        return $body;
+    }
+
+
+    /**
+     * Format text message part for display
+     *
+     * @param string             $body            Part body
+     * @param rcube_message_part $part            Part object
+     * @param string             $default_charset Fallback charset if part charset is not specified
+     *
+     * @return string Formatted body
+     */
+    public static function format_part_body($body, $part, $default_charset = null)
+    {
+        // remove useless characters
+        $body = preg_replace('/[\t\r\0\x0B]+\n/', "\n", $body);
+
+        // remove NULL characters if any (#1486189)
+        if (strpos($body, "\x00") !== false) {
+            $body = str_replace("\x00", '', $body);
+        }
+
+        // detect charset...
+        if (!$part->charset || strtoupper($part->charset) == 'US-ASCII') {
+            // try to extract charset information from HTML meta tag (#1488125)
+            if ($part->ctype_secondary == 'html' && preg_match('/<meta[^>]+charset=([a-z0-9-_]+)/i', $body, $m)) {
+                $part->charset = strtoupper($m[1]);
+            }
+            else if ($default_charset) {
+                $part->charset = $default_charset;
+            }
+            else {
+                $rcube         = rcube::get_instance();
+                $part->charset = $rcube->config->get('default_charset', RCUBE_CHARSET);
+            }
+        }
+
+        // ..convert charset encoding
+        $body = rcube_charset::convert($body, $part->charset);
+
+        return $body;
+    }
+
+
+    /**
      * Determine if the message contains a HTML part. This must to be
      * a real part not an attachment (or its part)
      *
@@ -293,7 +417,7 @@
         // check all message parts
         foreach ($this->mime_parts as $pid => $part) {
             if ($part->mimetype == 'text/html') {
-                return $this->get_part_content($pid);
+                return $this->get_part_body($pid, true);
             }
         }
     }
@@ -314,10 +438,10 @@
         // check all message parts
         foreach ($this->mime_parts as $mime_id => $part) {
             if ($part->mimetype == 'text/plain') {
-                return $this->get_part_content($mime_id);
+                return $this->get_part_body($mime_id, true);
             }
             else if ($part->mimetype == 'text/html') {
-                $out = $this->get_part_content($mime_id);
+                $out = $this->get_part_body($mime_id, true);
 
                 // create instance of html2text class
                 $txt = new rcube_html2text($out);
@@ -371,7 +495,7 @@
 
             // parse headers from message/rfc822 part
             if (!isset($structure->headers['subject']) && !isset($structure->headers['from'])) {
-                list($headers, ) = explode("\r\n\r\n", $this->get_part_content($structure->mime_id, null, true, 32768));
+                list($headers, ) = explode("\r\n\r\n", $this->get_part_body($structure->mime_id, false, 32768));
                 $structure->headers = rcube_mime::parse_headers($headers);
             }
         }
@@ -725,20 +849,18 @@
      */
     function tnef_decode(&$part)
     {
-        // @TODO: attachment may be huge, hadle it via file
-        if (!isset($part->body)) {
-            $this->storage->set_folder($this->folder);
-            $part->body = $this->storage->get_message_part($this->uid, $part->mime_id, $part);
-        }
+        // @TODO: attachment may be huge, handle body via file
+        $body     = $this->get_part_body($part->mime_id);
+        $tnef     = new rcube_tnef_decoder;
+        $tnef_arr = $tnef->decompress($body);
+        $parts    = array();

roundcubemail-1.1.tar.gz/program/lib/Roundcube/rcube_mime.php Changed

@@ -3,8 +3,8 @@
 /*
  +-----------------------------------------------------------------------+
  | This file is part of the Roundcube Webmail client                     |
- | Copyright (C) 2005-2012, The Roundcube Dev Team                       |
- | Copyright (C) 2011-2012, Kolab Systems AG                             |
+ | Copyright (C) 2005-2014, The Roundcube Dev Team                       |
+ | Copyright (C) 2011-2014, Kolab Systems AG                             |
  |                                                                       |
  | Licensed under the GNU General Public License version 3 or            |
  | any later version with exceptions for skins & plugins.                |
@@ -39,7 +39,6 @@
         self::$default_charset = $default_charset;
     }
 
-
     /**
      * Returns message/object character set name
      *
@@ -58,7 +57,6 @@
         return RCUBE_CHARSET;
     }
 
-
     /**
      * Parse the given raw message source and return a structure
      * of rcube_message_part objects.
@@ -75,7 +73,6 @@
         return self::structure_part($struct);
     }
 
-
     /**
      * Recursive method to convert a Mail_mimeDecode part into a rcube_message_part object
      *
@@ -88,28 +85,30 @@
     private static function structure_part($part, $count=0, $parent='')
     {
         $struct = new rcube_message_part;
-        $struct->mime_id = $part->mime_id ? $part->mime_id : (empty($parent) ? (string)$count : "$parent.$count");
-        $struct->headers = $part->headers;
-        $struct->ctype_primary = $part->ctype_primary;
-        $struct->ctype_secondary = $part->ctype_secondary;
-        $struct->mimetype = $part->ctype_primary . '/' . $part->ctype_secondary;
+        $struct->mime_id          = $part->mime_id ?: (empty($parent) ? (string)$count : "$parent.$count");
+        $struct->headers          = $part->headers;
+        $struct->mimetype         = $part->ctype_primary . '/' . $part->ctype_secondary;
+        $struct->ctype_primary    = $part->ctype_primary;
+        $struct->ctype_secondary  = $part->ctype_secondary;
         $struct->ctype_parameters = $part->ctype_parameters;
 
-        if ($part->headers['content-transfer-encoding'])
+        if ($part->headers['content-transfer-encoding']) {
             $struct->encoding = $part->headers['content-transfer-encoding'];
-        if ($part->ctype_parameters['charset'])
+        }
+
+        if ($part->ctype_parameters['charset']) {
             $struct->charset = $part->ctype_parameters['charset'];
+        }
 
-        $part_charset = $struct->charset ? $struct->charset : self::get_charset();
+        $part_charset = $struct->charset ?: self::get_charset();
 
         // determine filename
         if (($filename = $part->d_parameters['filename']) || ($filename = $part->ctype_parameters['name'])) {
             $struct->filename = rcube_mime::decode_mime_string($filename, $part_charset);
         }
 
-        // copy part body and convert it to UTF-8 if necessary
-        $struct->body = $part->ctype_primary == 'text' || !$part->ctype_parameters['charset'] ? rcube_charset::convert($part->body, $part_charset) : $part->body;
-        $struct->size = strlen($part->body);
+        $struct->body        = $part->body;
+        $struct->size        = strlen($part->body);
         $struct->disposition = $part->disposition;
 
         foreach ((array)$part->parts as $child_part) {
@@ -119,7 +118,6 @@
         return $struct;
     }
 
-
     /**
      * Split an address list into a structured array list
      *
@@ -169,7 +167,6 @@
         return $out;
     }
 
-
     /**
      * Decode a message header value
      *
@@ -185,7 +182,6 @@
         return $str;
     }
 
-
     /**
      * Decode a mime-encoded string to internal charset
      *
@@ -282,12 +278,12 @@
         return rcube_charset::convert($input, $default_charset);
     }
 
-
     /**
      * Decode a mime part
      *
      * @param string $input    Input string
      * @param string $encoding Part encoding
+     *
      * @return string Decoded string
      */
     public static function decode($input, $encoding = '7bit')
@@ -308,10 +304,8 @@
         }
     }
 
-
     /**
      * Split RFC822 header string into an associative array
-     * @access private
      */
     public static function parse_headers($headers)
     {
@@ -332,7 +326,6 @@
         return $a_headers;
     }
 
-
     /**
      * @access private
      */
@@ -402,7 +395,6 @@
         return $result;
     }
 
-
     /**
      * Explodes header (e.g. address-list) string into array of strings
      * using specified separator characters with proper handling
@@ -477,7 +469,6 @@
         return $result;
     }
 
-
     /**
      * Interpret a format=flowed message body according to RFC 2646
      *
@@ -488,10 +479,10 @@
      */
     public static function unfold_flowed($text, $mark = null)
     {
-        $text = preg_split('/\r?\n/', $text);
-        $last = -1;
+        $text    = preg_split('/\r?\n/', $text);
+        $last    = -1;
         $q_level = 0;
-        $marks = array();
+        $marks   = array();
 
         foreach ($text as $idx => $line) {
             if (preg_match('/^(>+)/', $line, $m)) {
@@ -558,12 +549,11 @@
         return implode("\r\n", $text);
     }
 
-
     /**
      * Wrap the given text to comply with RFC 2646
      *
-     * @param string $text Text to wrap
-     * @param int $length Length
+     * @param string $text    Text to wrap
+     * @param int    $length  Length
      * @param string $charset Character encoding of $text
      *
      * @return string Wrapped text
@@ -596,7 +586,6 @@
         return implode("\r\n", $text);
     }
 
-
     /**
      * Improved wordwrap function with multibyte support.
      * The code is based on Zend_Text_MultiByte::wordWrap().
@@ -716,7 +705,6 @@
         return implode($break, $result);
     }
 
-
     /**
      * A method to guess the mime_type of an attachment.
      *
@@ -735,8 +723,8 @@
     {
         static $mime_ext = array();
 
-        $mime_type = null;

roundcubemail-1.1.tar.gz/program/lib/Roundcube/rcube_plugin.php Changed

roundcubemail-1.1.tar.gz/program/lib/Roundcube/rcube_tnef_decoder.php Added

@@ -0,0 +1,341 @@
+<?php
+
+/*
+ +-----------------------------------------------------------------------+
+ | This file is part of the Roundcube Webmail client                     |
+ | Copyright (C) 2008-2014, The Roundcube Dev Team                       |
+ | Copyright (C) 2002-2010, The Horde Project (http://www.horde.org/)    |
+ |                                                                       |
+ | Licensed under the GNU General Public License version 3 or            |
+ | any later version with exceptions for skins & plugins.                |
+ | See the README file for a full license statement.                     |
+ |                                                                       |
+ | PURPOSE:                                                              |
+ |   MS-TNEF format decoder                                              |
+ +-----------------------------------------------------------------------+
+ | Author: Jan Schneider <jan@horde.org>                                 |
+ | Author: Michael Slusarz <slusarz@horde.org>                           |
+ +-----------------------------------------------------------------------+
+*/
+
+/**
+ * MS-TNEF format decoder based on code by:
+ *   Graham Norbury <gnorbury@bondcar.com>
+ * Original design by:
+ *   Thomas Boll <tb@boll.ch>, Mark Simpson <damned@world.std.com>
+ *
+ * @package    Framework
+ * @subpackage Storage
+ */
+class rcube_tnef_decoder
+{
+    const SIGNATURE = 0x223e9f78;
+    const LVL_MESSAGE = 0x01;
+    const LVL_ATTACHMENT = 0x02;
+
+    const ASUBJECT = 0x88004;
+    const AMCLASS = 0x78008;
+    const ATTACHDATA = 0x6800f;
+    const AFILENAME = 0x18010;
+    const ARENDDATA = 0x69002;
+    const AMAPIATTRS = 0x69005;
+    const AVERSION = 0x89006;
+
+    const MAPI_NULL = 0x0001;
+    const MAPI_SHORT = 0x0002;
+    const MAPI_INT = 0x0003;
+    const MAPI_FLOAT = 0x0004;
+    const MAPI_DOUBLE = 0x0005;
+    const MAPI_CURRENCY = 0x0006;
+    const MAPI_APPTIME = 0x0007;
+    const MAPI_ERROR = 0x000a;
+    const MAPI_BOOLEAN = 0x000b;
+    const MAPI_OBJECT = 0x000d;
+    const MAPI_INT8BYTE = 0x0014;
+    const MAPI_STRING = 0x001e;
+    const MAPI_UNICODE_STRING = 0x001f;
+    const MAPI_SYSTIME = 0x0040;
+    const MAPI_CLSID = 0x0048;
+    const MAPI_BINARY = 0x0102;
+
+    const MAPI_ATTACH_LONG_FILENAME = 0x3707;
+    const MAPI_ATTACH_MIME_TAG = 0x370E;
+
+    const MAPI_NAMED_TYPE_ID = 0x0000;
+    const MAPI_NAMED_TYPE_STRING = 0x0001;
+    const MAPI_MV_FLAG = 0x1000;
+
+    /**
+     * Decompress the data.
+     *
+     * @param string $data   The data to decompress.
+     * @param array $params  An array of arguments needed to decompress the
+     *                       data.
+     *
+     * @return mixed  The decompressed data.
+     */
+    public function decompress($data, $params = array())
+    {
+        $out = array();
+
+        if ($this->_geti($data, 32) == self::SIGNATURE) {
+            $this->_geti($data, 16);
+
+            while (strlen($data) > 0) {
+                switch ($this->_geti($data, 8)) {
+                case self::LVL_MESSAGE:
+                    $this->_decodeMessage($data);
+                    break;
+
+                case self::LVL_ATTACHMENT:
+                    $this->_decodeAttachment($data, $out);
+                    break;
+                }
+            }
+        }
+
+        return array_reverse($out);
+    }
+
+    /**
+     * TODO
+     *
+     * @param string &$data  The data string.
+     * @param integer $bits  How many bits to retrieve.
+     *
+     * @return TODO
+     */
+    protected function _getx(&$data, $bits)
+    {
+        $value = null;
+
+        if (strlen($data) >= $bits) {
+            $value = substr($data, 0, $bits);
+            $data = substr_replace($data, '', 0, $bits);
+        }
+
+        return $value;
+    }
+
+    /**
+     * TODO
+     *
+     * @param string &$data  The data string.
+     * @param integer $bits  How many bits to retrieve.
+     *
+     * @return TODO
+     */
+    protected function _geti(&$data, $bits)
+    {
+        $bytes = $bits / 8;
+        $value = null;
+
+        if (strlen($data) >= $bytes) {
+            $value = ord($data[0]);
+            if ($bytes >= 2) {
+                $value += (ord($data[1]) << 8);
+            }
+            if ($bytes >= 4) {
+                $value += (ord($data[2]) << 16) + (ord($data[3]) << 24);
+            }
+            $data = substr_replace($data, '', 0, $bytes);
+        }
+
+        return $value;
+    }
+
+    /**
+     * TODO
+     *
+     * @param string &$data      The data string.
+     * @param string $attribute  TODO
+     */
+    protected function _decodeAttribute(&$data, $attribute)
+    {
+        /* Data. */
+        $this->_getx($data, $this->_geti($data, 32));
+
+        /* Checksum. */
+        $this->_geti($data, 16);
+    }
+
+    /**
+     * TODO
+     *
+     * @param string $data             The data string.
+     * @param array &$attachment_data  TODO
+     */
+    protected function _extractMapiAttributes($data, &$attachment_data)
+    {
+        /* Number of attributes. */
+        $number = $this->_geti($data, 32);
+
+        while ((strlen($data) > 0) && $number--) {
+            $have_mval = false;
+            $num_mval = 1;
+            $named_id = $value = null;
+            $attr_type = $this->_geti($data, 16);
+            $attr_name = $this->_geti($data, 16);
+
+            if (($attr_type & self::MAPI_MV_FLAG) != 0) {
+                $have_mval = true;
+                $attr_type = $attr_type & ~self::MAPI_MV_FLAG;
+            }
+
+            if (($attr_name >= 0x8000) && ($attr_name < 0xFFFE)) {
+                $this->_getx($data, 16);
+                $named_type = $this->_geti($data, 32);
+
+                switch ($named_type) {
+                case self::MAPI_NAMED_TYPE_ID:
+                    $named_id = $this->_geti($data, 32);
+                    $attr_name = $named_id;
+                    break;
+
+                case self::MAPI_NAMED_TYPE_STRING:
+                    $attr_name = 0x9999;
+                    $idlen = $this->_geti($data, 32);
+                    $datalen = $idlen + ((4 - ($idlen % 4)) % 4);
+                    $named_id = substr($this->_getx($data, $datalen), 0, $idlen);

roundcubemail-1.1.tar.gz/program/lib/tnef_decoder.php Deleted

@@ -1,331 +0,0 @@
-<?php
-/**
- * The Horde's class allows MS-TNEF data to be displayed.
- *
- * The TNEF rendering is based on code by:
- *   Graham Norbury <gnorbury@bondcar.com>
- * Original design by:
- *   Thomas Boll <tb@boll.ch>, Mark Simpson <damned@world.std.com>
- *
- * Copyright 2002-2010 The Horde Project (http://www.horde.org/)
- *
- * See the enclosed file COPYING for license information (LGPL). If you
- * did not receive this file, see http://www.fsf.org/copyleft/lgpl.html.
- *
- * @author  Jan Schneider <jan@horde.org>
- * @author  Michael Slusarz <slusarz@horde.org>
- * @package Horde_Compress
- */
-class tnef_decoder
-{
-    const SIGNATURE = 0x223e9f78;
-    const LVL_MESSAGE = 0x01;
-    const LVL_ATTACHMENT = 0x02;
-
-    const ASUBJECT = 0x88004;
-    const AMCLASS = 0x78008;
-    const ATTACHDATA = 0x6800f;
-    const AFILENAME = 0x18010;
-    const ARENDDATA = 0x69002;
-    const AMAPIATTRS = 0x69005;
-    const AVERSION = 0x89006;
-
-    const MAPI_NULL = 0x0001;
-    const MAPI_SHORT = 0x0002;
-    const MAPI_INT = 0x0003;
-    const MAPI_FLOAT = 0x0004;
-    const MAPI_DOUBLE = 0x0005;
-    const MAPI_CURRENCY = 0x0006;
-    const MAPI_APPTIME = 0x0007;
-    const MAPI_ERROR = 0x000a;
-    const MAPI_BOOLEAN = 0x000b;
-    const MAPI_OBJECT = 0x000d;
-    const MAPI_INT8BYTE = 0x0014;
-    const MAPI_STRING = 0x001e;
-    const MAPI_UNICODE_STRING = 0x001f;
-    const MAPI_SYSTIME = 0x0040;
-    const MAPI_CLSID = 0x0048;
-    const MAPI_BINARY = 0x0102;
-
-    const MAPI_ATTACH_LONG_FILENAME = 0x3707;
-    const MAPI_ATTACH_MIME_TAG = 0x370E;
-
-    const MAPI_NAMED_TYPE_ID = 0x0000;
-    const MAPI_NAMED_TYPE_STRING = 0x0001;
-    const MAPI_MV_FLAG = 0x1000;
-
-    /**
-     * Decompress the data.
-     *
-     * @param string $data   The data to decompress.
-     * @param array $params  An array of arguments needed to decompress the
-     *                       data.
-     *
-     * @return mixed  The decompressed data.
-     */
-    public function decompress($data, $params = array())
-    {
-        $out = array();
-
-        if ($this->_geti($data, 32) == self::SIGNATURE) {
-            $this->_geti($data, 16);
-
-            while (strlen($data) > 0) {
-                switch ($this->_geti($data, 8)) {
-                case self::LVL_MESSAGE:
-                    $this->_decodeMessage($data);
-                    break;
-
-                case self::LVL_ATTACHMENT:
-                    $this->_decodeAttachment($data, $out);
-                    break;
-                }
-            }
-        }
-
-        return array_reverse($out);
-    }
-
-    /**
-     * TODO
-     *
-     * @param string &$data  The data string.
-     * @param integer $bits  How many bits to retrieve.
-     *
-     * @return TODO
-     */
-    protected function _getx(&$data, $bits)
-    {
-        $value = null;
-
-        if (strlen($data) >= $bits) {
-            $value = substr($data, 0, $bits);
-            $data = substr_replace($data, '', 0, $bits);
-        }
-
-        return $value;
-    }
-
-    /**
-     * TODO
-     *
-     * @param string &$data  The data string.
-     * @param integer $bits  How many bits to retrieve.
-     *
-     * @return TODO
-     */
-    protected function _geti(&$data, $bits)
-    {
-        $bytes = $bits / 8;
-        $value = null;
-
-        if (strlen($data) >= $bytes) {
-            $value = ord($data[0]);
-            if ($bytes >= 2) {
-                $value += (ord($data[1]) << 8);
-            }
-            if ($bytes >= 4) {
-                $value += (ord($data[2]) << 16) + (ord($data[3]) << 24);
-            }
-            $data = substr_replace($data, '', 0, $bytes);
-        }
-
-        return $value;
-    }
-
-    /**
-     * TODO
-     *
-     * @param string &$data      The data string.
-     * @param string $attribute  TODO
-     */
-    protected function _decodeAttribute(&$data, $attribute)
-    {
-        /* Data. */
-        $this->_getx($data, $this->_geti($data, 32));
-
-        /* Checksum. */
-        $this->_geti($data, 16);
-    }
-
-    /**
-     * TODO
-     *
-     * @param string $data             The data string.
-     * @param array &$attachment_data  TODO
-     */
-    protected function _extractMapiAttributes($data, &$attachment_data)
-    {
-        /* Number of attributes. */
-        $number = $this->_geti($data, 32);
-
-        while ((strlen($data) > 0) && $number--) {
-            $have_mval = false;
-            $num_mval = 1;
-            $named_id = $value = null;
-            $attr_type = $this->_geti($data, 16);
-            $attr_name = $this->_geti($data, 16);
-
-            if (($attr_type & self::MAPI_MV_FLAG) != 0) {
-                $have_mval = true;
-                $attr_type = $attr_type & ~self::MAPI_MV_FLAG;
-            }
-
-            if (($attr_name >= 0x8000) && ($attr_name < 0xFFFE)) {
-                $this->_getx($data, 16);
-                $named_type = $this->_geti($data, 32);
-
-                switch ($named_type) {
-                case self::MAPI_NAMED_TYPE_ID:
-                    $named_id = $this->_geti($data, 32);
-                    $attr_name = $named_id;
-                    break;
-
-                case self::MAPI_NAMED_TYPE_STRING:
-                    $attr_name = 0x9999;
-                    $idlen = $this->_geti($data, 32);
-                    $datalen = $idlen + ((4 - ($idlen % 4)) % 4);
-                    $named_id = substr($this->_getx($data, $datalen), 0, $idlen);
-                    break;
-                }
-            }
-
-            if ($have_mval) {
-                $num_mval = $this->_geti($data, 32);
-            }
-
-            switch ($attr_type) {
-            case self::MAPI_SHORT:
-                $value = $this->_geti($data, 16);

roundcubemail-1.1.tar.gz/program/steps/mail/compose.inc Changed

@@ -802,22 +802,14 @@
         return '';
     }
 
-    if (empty($part->ctype_parameters) || empty($part->ctype_parameters['charset'])) {
-        $part->ctype_parameters['charset'] = $MESSAGE->headers->charset;
-    }
-
     // fetch part if not available
-    if (!isset($part->body)) {
-        $part->body = $MESSAGE->get_part_content($part->mime_id);
-    }
+    $body = $MESSAGE->get_part_body($part->mime_id, true);
 
     // message is cached but not exists (#1485443), or other error
-    if ($part->body === false) {
+    if ($body === false) {
         return '';
     }
 
-    $body = $part->body;
-
     if ($isHtml) {
         if ($part->ctype_secondary == 'html') {
         }
@@ -994,6 +986,8 @@
         )
     ));
 
+    $reply_mode = intval($RCMAIL->config->get('reply_mode'));
+
     if (!$bodyIsHtml) {
         $body = preg_replace('/\r?\n/', "\n", $body);
         $body = trim($body, "\n");
@@ -1002,10 +996,13 @@
         $body = rcmail_wrap_and_quote($body, $LINE_LENGTH);
 
         $prefix .= "\n";
-        $suffix = '';
 
-        if (intval($RCMAIL->config->get('reply_mode')) > 0) { // top-posting
+        if ($reply_mode > 0) { // top-posting
             $prefix = "\n\n\n" . $prefix;
+            $suffix = '';
+        }
+        else {
+            $suffix = "\n";
         }
     }
     else {
@@ -1020,7 +1017,7 @@
         $prefix = '<p>' . rcube::Q($prefix) . "</p>\n";
         $prefix .= '<blockquote>';
 
-        if (intval($RCMAIL->config->get('reply_mode')) > 0) { // top-posting
+        if ($reply_mode > 0) { // top-posting
             $prefix = '<br>' . $prefix;
             $suffix = '</blockquote>';
         }
@@ -1363,7 +1360,7 @@
         $path     = tempnam($temp_dir, 'rcmAttmnt');
 
         if ($fp = fopen($path, 'w')) {
-            $message->get_part_content($pid, $fp, true, 0, false);
+            $message->get_part_body($pid, false, 0, $fp);
             fclose($fp);
         }
         else {
@@ -1371,7 +1368,7 @@
         }
     }
     else {
-        $data = $message->get_part_content($pid, null, true, 0, false);
+        $data = $message->get_part_body($pid);
     }
 
     $mimetype = $part->ctype_primary . '/' . $part->ctype_secondary;
@@ -1385,6 +1382,7 @@
         'data'       => $data,
         'path'       => $path,
         'size'       => $path ? filesize($path) : strlen($data),
+        'charset'    => $part->charset,
     );
 
     $attachment = $rcmail->plugins->exec_hook('attachment_save', $attachment);
@@ -1454,6 +1452,9 @@
     if (isset($_POST['_subject'])) {
         $subject = rcube_utils::get_input_value('_subject', rcube_utils::INPUT_POST, TRUE);
     }
+    else if (!empty($COMPOSE['param']['subject'])) {
+        $subject = $COMPOSE['param']['subject'];
+    }
     // create a reply-subject
     else if ($compose_mode == RCUBE_COMPOSE_REPLY) {
         if (preg_match('/^re:/i', $MESSAGE->subject))
@@ -1475,9 +1476,6 @@
     else if ($compose_mode == RCUBE_COMPOSE_DRAFT || $compose_mode == RCUBE_COMPOSE_EDIT) {
         $subject = $MESSAGE->subject;
     }
-    else if (!empty($COMPOSE['param']['subject'])) {
-        $subject = $COMPOSE['param']['subject'];
-    }
 
     $out = $form_start ? "$form_start\n" : '';
     $out .= $textfield->show($subject);

roundcubemail-1.1.tar.gz/program/steps/mail/func.inc Changed

@@ -225,7 +225,7 @@
         $pagetitle = $RCMAIL->gettext('searchresult');
     }
     else {
-        $mbox_name = $RCMAIL->storage->get_folder();
+        $mbox_name = $RCMAIL->output->get_env('mailbox') ?: $RCMAIL->storage->get_folder();
         $delimiter = $RCMAIL->storage->get_hierarchy_delimiter();
         $pagetitle = $RCMAIL->localize_foldername($mbox_name, true);
         $pagetitle = str_replace($delimiter, " \xC2\xBB ", $pagetitle);
@@ -267,7 +267,7 @@
     global $RCMAIL;
 
     $delim       = $RCMAIL->storage->get_hierarchy_delimiter();
-    $mbox        = $RCMAIL->storage->get_folder();
+    $mbox        = $RCMAIL->output->get_env('mailbox') ?: $RCMAIL->storage->get_folder();
     $sent_mbox   = $RCMAIL->config->get('sent_mbox');
     $drafts_mbox = $RCMAIL->config->get('drafts_mbox');
 
@@ -414,7 +414,7 @@
         $head_replace = true;
     }
 
-    $mbox = $RCMAIL->storage->get_folder();
+    $mbox = $RCMAIL->output->get_env('mailbox') ?: $RCMAIL->storage->get_folder();
 
     // make sure 'threads' and 'subject' columns are present
     if (!in_array('subject', $a_show_cols))
@@ -711,7 +711,7 @@
 function rcmail_get_mailbox_name_text()
 {
     global $RCMAIL;
-    return $RCMAIL->localize_foldername($RCMAIL->storage->get_folder());
+    return $RCMAIL->localize_foldername($RCMAIL->output->get_env('mailbox') ?: $RCMAIL->storage->get_folder());
 }
 
 function rcmail_send_unread_count($mbox_name, $force=false, $count=null, $mark='')
@@ -864,17 +864,19 @@
  * Convert the given message part to proper HTML
  * which can be displayed the message view
  *
- * @param object rcube_message_part Message part
- * @param array  Display parameters array 
+ * @param string             Message part body
+ * @param rcube_message_part Message part
+ * @param array              Display parameters array
+ *
  * @return string Formatted HTML string
  */
-function rcmail_print_body($part, $p = array())
+function rcmail_print_body($body, $part, $p = array())
 {
     global $RCMAIL;
 
     // trigger plugin hook
     $data = $RCMAIL->plugins->exec_hook('message_part_before',
-        array('type' => $part->ctype_secondary, 'body' => $part->body, 'id' => $part->mime_id)
+        array('type' => $part->ctype_secondary, 'body' => $body, 'id' => $part->mime_id)
             + $p + array('safe' => false, 'plain' => false, 'inline_html' => true));
 
     // convert html to text/plain
@@ -900,7 +902,7 @@
     }
     else {
         // assert plaintext
-        $body = $part->body;
+        $body = $data['body'];
         $part->ctype_secondary = $data['type'] = 'plain';
     }
 
@@ -1072,8 +1074,10 @@
         }
         else if ($hkey == 'subject' && empty($value))
             $header_value = $RCMAIL->gettext('nosubject');
-        else
+        else {
+            $value        = is_array($value) ? implode(' ', $value) : $value;
             $header_value = trim(rcube_mime::decode_header($value, $headers['charset']));
+        }
 
         $output_headers[$hkey] = array(
             'title' => $header_title,
@@ -1200,22 +1204,16 @@
                 else if (!rcube_utils::mem_check($part->size * 10)) {
                     $out .= html::span('part-notice', $RCMAIL->gettext('messagetoobig'). ' '
                         . html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part='.$part->mime_id
-                            .'&_mbox='. urlencode($RCMAIL->storage->get_folder()), $RCMAIL->gettext('download')));
+                            .'&_mbox='. urlencode($MESSAGE->folder), $RCMAIL->gettext('download')));
                     continue;
                 }
 
-                if (empty($part->ctype_parameters) || empty($part->ctype_parameters['charset'])) {
-                    $part->ctype_parameters['charset'] = $MESSAGE->headers->charset;
-                }
-
-                // fetch part if not available
-                if (!isset($part->body)) {
-                    $part->body = $MESSAGE->get_part_content($part->mime_id);
-                }
+                // fetch part body
+                $body = $MESSAGE->get_part_body($part->mime_id, true);
 
                 // extract headers from message/rfc822 parts
                 if ($part->mimetype == 'message/rfc822') {
-                    $msgpart = rcube_mime::parse_message($part->body);
+                    $msgpart = rcube_mime::parse_message($body);
                     if (!empty($msgpart->headers)) {
                         $part = $msgpart;
                         $out .= html::div('message-partheaders', rcmail_message_headers(sizeof($header_attrib) ? $header_attrib : null, $part->headers));
@@ -1223,14 +1221,14 @@
                 }
 
                 // message is cached but not exists (#1485443), or other error
-                if ($part->body === false) {
+                if ($body === false) {
                     rcmail_message_error($MESSAGE->uid);
                 }
 
                 $plugin = $RCMAIL->plugins->exec_hook('message_body_prefix',
                     array('part' => $part, 'prefix' => ''));
 
-                $body = rcmail_print_body($part, array('safe' => $safe_mode, 'plain' => !$RCMAIL->config->get('prefer_html')));
+                $body = rcmail_print_body($body, $part, array('safe' => $safe_mode, 'plain' => !$RCMAIL->config->get('prefer_html')));
 
                 if ($part->ctype_secondary == 'html') {
                     $body     = rcmail_html4inline($body, $attrib['id'], 'rcmBody', $attrs, $safe_mode);
@@ -1257,7 +1255,7 @@
         if (!rcube_utils::mem_check(strlen($MESSAGE->body) * 10)) {
             $out .= html::span('part-notice', $RCMAIL->gettext('messagetoobig'). ' '
                 . html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part=0'
-                    .'&_mbox='. urlencode($RCMAIL->storage->get_folder()), $RCMAIL->gettext('download')));
+                    .'&_mbox='. urlencode($MESSAGE->folder), $RCMAIL->gettext('download')));
         }
         else {
             $plugin = $RCMAIL->plugins->exec_hook('message_body_prefix',

roundcubemail-1.1.tar.gz/program/steps/mail/get.inc Changed

@@ -130,7 +130,7 @@
         $extensions = rcube_mime::get_mime_extensions($mimetype);
 
         if ($plugin['body']) {
-            $part->body = $plugin['body'];
+            $body = $plugin['body'];
         }
 
         // compare file mimetype with the stated content-type headers and file extension to avoid malicious operations
@@ -142,15 +142,10 @@
 
             // 2. detect the real mimetype of the attachment part and compare it with the stated mimetype and filename extension
             if ($valid || !$file_extension || $mimetype == 'application/octet-stream' || stripos($mimetype, 'text/') === 0) {
-                if ($part->body)  // part body is already loaded
-                    $body = $part->body;
-                else if ($part->size && $part->size < 1024*1024)   // load the entire part if it's small enough
-                    $body = $part->body = $MESSAGE->get_part_content($part->mime_id);
-                else  // fetch the first 2K of the message part
-                    $body = $MESSAGE->get_part_content($part->mime_id, null, true, 2048);
+                $tmp_body = $body ?: $MESSAGE->get_part_body($part->mime_id, false, 2048);
 
                 // detect message part mimetype
-                $real_mimetype = rcube_mime::file_content_type($body, $part->filename, $mimetype, true, true);
+                $real_mimetype = rcube_mime::file_content_type($tmp_body, $part->filename, $mimetype, true, true);
                 list($real_ctype_primary, $real_ctype_secondary) = explode('/', $real_mimetype);
 
                 // accept text/plain with any extension
@@ -247,19 +242,19 @@
             if (!rcube_utils::mem_check($part->size * 10)) {
                 $out = '<body>' . $RCMAIL->gettext('messagetoobig'). ' '
                     . html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part='.$part->mime_id
-                        .'&_mbox='. urlencode($RCMAIL->storage->get_folder()), $RCMAIL->gettext('download')) . '</body></html>';
+                        .'&_mbox='. urlencode($MESSAGE->folder), $RCMAIL->gettext('download')) . '</body></html>';
             }
             else {
                 // get part body if not available
-                if (!$part->body) {
-                    $part->body = $MESSAGE->get_part_content($part->mime_id);
+                if (!isset($body)) {
+                    $body = $MESSAGE->get_part_body($part->mime_id, true);
                 }
 
                 // show images?
                 rcmail_check_safe($MESSAGE);
 
                 // render HTML body
-                $out = rcmail_print_body($part, array('safe' => $MESSAGE->is_safe, 'inline_html' => false));
+                $out = rcmail_print_body($body, $part, array('safe' => $MESSAGE->is_safe, 'inline_html' => false));
 
                 // insert remote objects warning into HTML body
                 if ($REMOTE_OBJECTS) {
@@ -280,7 +275,7 @@
             }
 
             // check connection status
-            if ($part->size && empty($part->body)) {
+            if ($part->size && empty($body)) {
                 check_storage_status();
             }
 
@@ -320,12 +315,12 @@
                 $file_path = tempnam($temp_dir, 'rcmAttmnt');
 
                 // write content to temp file
-                if ($part->body) {
-                    $saved = file_put_contents($file_path, $part->body);
+                if ($body) {
+                    $saved = file_put_contents($file_path, $body);
                 }
                 else if ($part->size) {
                     $fd    = fopen($file_path, 'w');
-                    $saved = $RCMAIL->storage->get_message_part($MESSAGE->uid, $part->mime_id, $part, false, $fd);
+                    $saved = $MESSAGE->get_part_body($part->mime_id, false, 0, $fd);
                     fclose($fd);
                 }
 
@@ -341,22 +336,22 @@
             }
             // do content filtering to avoid XSS through fake images
             else if (!empty($_REQUEST['_embed']) && $browser->ie && $browser->ver <= 8) {
-                if ($part->body) {
-                    echo preg_match('/<(script|iframe|object)/i', $part->body) ? '' : $part->body;
+                if ($body) {
+                    echo preg_match('/<(script|iframe|object)/i', $body) ? '' : $body;
                     $sent = true;
                 }
                 else if ($part->size) {
                     $stdout = fopen('php://output', 'w');
                     stream_filter_register('rcube_content', 'rcube_content_filter') or die('Failed to register content filter');
                     stream_filter_append($stdout, 'rcube_content');
-                    $sent = $RCMAIL->storage->get_message_part($MESSAGE->uid, $part->mime_id, $part, false, $stdout);
+                    $sent = $MESSAGE->get_part_body($part->mime_id, true, 0, $stdout);
                 }
             }
             // send part as-it-is
             else {
-                if ($part->body && empty($plugin['download'])) {
-                    header("Content-Length: " . strlen($part->body));
-                    echo $part->body;
+                if ($body && empty($plugin['download'])) {
+                    header("Content-Length: " . strlen($body));
+                    echo $body;
                     $sent = true;
                 }
                 else if ($part->size) {
@@ -364,8 +359,7 @@
                         header("Content-Length: $size");
                     }
 
-                    // 8th argument disables re-formatting of text/* parts (#1489267)
-                    $sent = $RCMAIL->storage->get_message_part($MESSAGE->uid, $part->mime_id, $part, true, null, false, 0, false);
+                    $sent = $MESSAGE->get_part_body($part->mime_id, false, 0, -1);
                 }
             }

roundcubemail-1.1.tar.gz/program/steps/mail/sendmail.inc Changed

roundcubemail-1.1.tar.gz/program/steps/mail/show.inc Changed

roundcubemail-1.1.tar.gz/program/steps/settings/save_folder.inc Changed

roundcubemail-1.1.tar.gz/skins/classic/functions.js Changed

roundcubemail-1.1.tar.gz/skins/classic/googiespell.css Changed

roundcubemail-1.1.tar.gz/skins/classic/print.css Changed

roundcubemail-1.1.tar.gz/skins/larry/googiespell.css Changed

roundcubemail-1.1.tar.gz/skins/larry/mail.css Changed

roundcubemail-1.1.tar.gz/skins/larry/print.css Changed

roundcubemail-1.1.tar.gz/skins/larry/ui.js Changed

roundcubemail-1.1.tar.gz/tests/Framework/VCard.php Changed

roundcubemail-1.1.tar.gz/tests/MailFunc.php Changed

@@ -42,7 +42,7 @@
         $part->replaces = array('ex1.jpg' => 'part_1.2.jpg', 'ex2.jpg' => 'part_1.2.jpg');
 
         // render HTML in normal mode
-        $html = rcmail_html4inline(rcmail_print_body($part, array('safe' => false)), 'foo');
+        $html = rcmail_html4inline(rcmail_print_body($part->body, $part, array('safe' => false)), 'foo');
 
         $this->assertRegExp('/src="'.$part->replaces['ex1.jpg'].'"/', $html, "Replace reference to inline image");
         $this->assertRegExp('#background="./program/resources/blocked.gif"#', $html, "Replace external background image");
@@ -56,7 +56,7 @@
         $this->assertTrue($GLOBALS['REMOTE_OBJECTS'], "Remote object detected");
 
         // render HTML in safe mode
-        $html2 = rcmail_html4inline(rcmail_print_body($part, array('safe' => true)), 'foo');
+        $html2 = rcmail_html4inline(rcmail_print_body($part->body, $part, array('safe' => true)), 'foo');
 
         $this->assertRegExp('/<style [^>]+>/', $html2, "Allow styles in safe mode");
         $this->assertRegExp('#src="http://evilsite.net/mailings/ex3.jpg"#', $html2, "Allow external images in HTML (safe mode)");
@@ -71,7 +71,7 @@
     function test_html_xss()
     {
         $part = $this->get_html_part('src/htmlxss.txt');
-        $washed = rcmail_print_body($part, array('safe' => true));
+        $washed = rcmail_print_body($part->body, $part, array('safe' => true));
 
         $this->assertNotRegExp('/src="skins/', $washed, "Remove local references");
         $this->assertNotRegExp('/\son[a-z]+/', $washed, "Remove on* attributes");
@@ -88,7 +88,7 @@
     function test_html_xss2()
     {
         $part = $this->get_html_part('src/BID-26800.txt');
-        $washed = rcmail_html4inline(rcmail_print_body($part, array('safe' => true)), 'dabody', '', $attr, true);
+        $washed = rcmail_html4inline(rcmail_print_body($part->body, $part, array('safe' => true)), 'dabody', '', $attr, true);
 
         $this->assertNotRegExp('/alert|expression|javascript|xss/', $washed, "Remove evil style blocks");
         $this->assertNotRegExp('/font-style:italic/', $washed, "Allow valid styles");
@@ -114,7 +114,7 @@
     function test_washtml_utf8()
     {
         $part = $this->get_html_part('src/invalidchars.html');
-        $washed = rcmail_print_body($part);
+        $washed = rcmail_print_body($part->body, $part);
 
         $this->assertRegExp('/<p>символ<\/p>/', $washed, "Remove non-unicode characters from HTML message body");
     }
@@ -128,7 +128,7 @@
         $part->ctype_primary = 'text';
         $part->ctype_secondary = 'plain';
         $part->body = quoted_printable_decode(file_get_contents(TESTS_DIR . 'src/plainbody.txt'));
-        $html = rcmail_print_body($part, array('safe' => true));
+        $html = rcmail_print_body($part->body, $part, array('safe' => true));
 
         $this->assertRegExp('/<a href="mailto:nobody@roundcube.net" onclick="return rcmail.command$\'compose\',\'nobody@roundcube.net\',this$">nobody@roundcube.net<\/a>/', $html, "Mailto links with onclick");
         $this->assertRegExp('#<a rel="noreferrer" target="_blank" href="http://www.apple.com/legal/privacy">http://www.apple.com/legal/privacy</a>#', $html, "Links with target=_blank");
@@ -143,7 +143,7 @@
         $part = $this->get_html_part('src/mailto.txt');
 
         // render HTML in normal mode
-        $html = rcmail_html4inline(rcmail_print_body($part, array('safe' => false)), 'foo');
+        $html = rcmail_html4inline(rcmail_print_body($part->body, $part, array('safe' => false)), 'foo');
 
         $mailto = '<a href="mailto:me@me.com"'
             .' onclick="return rcmail.command(\'compose\',\'me@me.com?subject=this is the subject&amp;body=this is the body\',this)" rel="noreferrer">e-mail</a>';
@@ -157,7 +157,7 @@
     function test_html_comments()
     {
         $part = $this->get_html_part('src/htmlcom.txt');
-        $washed = rcmail_print_body($part, array('safe' => true));
+        $washed = rcmail_print_body($part->body, $part, array('safe' => true));
 
         // #1487759
         $this->assertRegExp('|<p>test1</p>|', $washed, "Buggy HTML comments");

roundcubemail-1.1.tar.gz/tests/Selenium/bootstrap.php Changed

roundcubemail-1.1.tar.gz/tests/bootstrap.php Changed

Changes of Revision 50