Projects
Kolab:3.4:Updates
roundcubemail
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 11
View file
roundcubemail.spec
Changed
@@ -41,9 +41,9 @@ %global tmpdir /var/lib/roundcubemail Name: roundcubemail -Version: 1.1.5 +Version: 1.1.6 -Release: 2%{?dist} +Release: 1%{?dist} Summary: Round Cube Webmail is a browser-based multilingual IMAP client @@ -51,18 +51,14 @@ License: GPLv2 URL: http://www.roundcube.net -# From 357cd5103d1c27f8416ef316c4a4c31588db45b8 Source0: roundcubemail-%{version}.tar.gz Source1: comm.py Source20: roundcubemail.conf Source21: roundcubemail.logrotate -Patch201: ticket-466-changes.patch Patch202: default-configuration.patch -Patch203: CVE-2016-5103.patch - BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root%(%{__id_u} -n) @@ -1246,9 +1242,7 @@ pushd %{name}-%{version} -%patch201 -p1 %patch202 -p1 -%patch203 -p1 # Remove the results of patching when there's an incidental offset find . -type f -name "*.orig" -delete @@ -3003,6 +2997,9 @@ %defattr(-,root,root,-) %changelog +* Thu Sep 29 2016 Timotheus Pokorra <tp@tbits.net> - 1.1.6-1 +- Check in maintenance upstream 1.1.6 release + * Fri May 27 2016 Timotheus Pokorra <tp@tbits.net> - 1.1.5-2 - apply security patch for XSS vulnerability CVE-2016-5103
View file
CVE-2016-5103.patch
Deleted
@@ -1,67 +0,0 @@ -From 7d14065baa6c51346e0ec0253c06ac822f082278 Mon Sep 17 00:00:00 2001 -From: Aleksander Machniak <alec@alec.pl> -Date: Fri, 6 May 2016 08:28:15 +0200 -Subject: [PATCH] Fix XSS issue in href attribute on area tag (#5240, #5241) - ---- - CHANGELOG | 1 + - program/lib/Roundcube/rcube_washtml.php | 2 +- - tests/Framework/Washtml.php | 17 +++++++++++++++++ - 3 files changed, 19 insertions(+), 1 deletion(-) - -diff --git a/CHANGELOG b/CHANGELOG -index 4d7719a..7420e7c 100644 ---- a/CHANGELOG -+++ b/CHANGELOG -@@ -1,6 +1,10 @@ - CHANGELOG Roundcube Webmail - =========================== - -+Security Update -+--------------- -+- Fix XSS issue in href attribute on area tag (#5240) -+ - RELEASE 1.1.5 - ------------- - - Plugin API: Add html2text hook -diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php -index 54c1cd8..6535e3b 100644 ---- a/program/lib/Roundcube/rcube_washtml.php -+++ b/program/lib/Roundcube/rcube_washtml.php -@@ -370,7 +370,7 @@ private function wash_uri($uri, $blocked_source = false) - */ - private function is_link_attribute($tag, $attr) - { -- return $tag == 'a' && $attr == 'href'; -+ return ($tag == 'a' || $tag == 'area') && $attr == 'href'; - } - - /** -diff --git a/tests/Framework/Washtml.php b/tests/Framework/Washtml.php -index 9515f0d..2e68179 100644 ---- a/tests/Framework/Washtml.php -+++ b/tests/Framework/Washtml.php -@@ -38,6 +38,23 @@ function test_href() - } - - /** -+ * Test XSS in area's href (#5240) -+ */ -+ function test_href_area() -+ { -+ $html = '<p><area href="data:text/html,<script>alert(document.cookie)</script>">' -+ . '<area href="vbscript:alert(document.cookie)">Internet Explorer</p>' -+ . '<area href="javascript:alert(document.domain)" shape=default>'; -+ -+ $washer = new rcube_washtml; -+ $washed = $washer->wash($html); -+ -+ $this->assertNotRegExp('/data:text/', $washed, "data:text/html in area href"); -+ $this->assertNotRegExp('/vbscript:/', $washed, "vbscript: in area href"); -+ $this->assertNotRegExp('/javascript:/', $washed, "javascript: in area href"); -+ } -+ -+ /** - * Test handling HTML comments - */ - function test_comments()
View file
ticket-466-changes.patch
Deleted
@@ -1,11 +0,0 @@ ---- roundcubemail-1.0.orig/program/lib/Roundcube/rcube_ldap.php 2013-08-09 09:15:51.000000000 +0100 -+++ roundcubemail-1.0/program/lib/Roundcube/rcube_ldap.php 2013-09-09 17:04:20.115646526 +0100 -@@ -811,7 +811,7 @@ - - // add general filter to query - if (!empty($this->prop['filter'])) -- $filter = '(&(' . preg_replace('/^\(|\)$/', '', $this->prop['filter']) . ')' . $filter . ')'; -+ $filter = '(&(' . preg_replace('/^\(|\)$/', '', array_key_exists('adv_filter', $this->prop) ? $this->prop['adv_filter'] : $this->prop['filter']) . ')' . $filter . ')'; - - // set filter string and execute search - $this->set_search_set($filter);
View file
debian.changelog
Changed
@@ -1,3 +1,9 @@ +roundcubemail (1:1.1.6.0-0~kolab1) unstable; urgency=low + + * Check in maintenance upstream 1.1.6 release + + -- Timotheus Pokorra <tp@tbits.net> Thu, 29 Sep 2016 08:42:00 +0200 + roundcubemail (1:1.1.5.0-0~kolab2) unstable; urgency=low * apply security patch for XSS vulnerability CVE-2016-5103
View file
debian.series
Changed
@@ -1,3 +1,1 @@ default-configuration.patch -p1 -ticket-466-changes.patch -p1 -CVE-2016-5103.patch -p1
View file
roundcubemail-1.1.5.tar.gz/CHANGELOG -> roundcubemail-1.1.6.tar.gz/CHANGELOG
Changed
@@ -1,6 +1,20 @@ CHANGELOG Roundcube Webmail =========================== +RELEASE 1.1.6 +------------- +- Searching in both contacts and groups when LDAP addressbook with group_filters option is used +- Use contact_search_name format in popup on results in compose contacts search +- Fix missing localization of HTML editor when assets_dir != INSTALL_PATH +- Fix handling of blockquote tags with mixed case on html2text conversion (#5363) +- Fix message list multi-select/deselect issue (#5219) +- Fix bug where contact search menu fields where always unchecked in Larry skin +- Fix XSS issue in href attribute on area tag (#5240) +- Fix bug where message list columns could be in wrong order after column drag-n-drop and list sorting +- Don't create multipart/alternative messages with empty text/plain part (#5283) +- Wash position:fixed style in HTML mail for better security (#5264) +- Fix error causing empty INBOX listing in Firefox when using an URL with user:password specified (#5400) + RELEASE 1.1.5 ------------- - Plugin API: Add html2text hook
View file
roundcubemail-1.1.5.tar.gz/index.php -> roundcubemail-1.1.6.tar.gz/index.php
Changed
@@ -2,9 +2,9 @@ /* +-------------------------------------------------------------------------+ | Roundcube Webmail IMAP Client | - | Version 1.1.5 | + | Version 1.1.6 | | | - | Copyright (C) 2005-2015, The Roundcube Dev Team | + | Copyright (C) 2005-2016, The Roundcube Dev Team | | | | This program is free software: you can redistribute it and/or modify | | it under the terms of the GNU General Public License (with exceptions |
View file
roundcubemail-1.1.5.tar.gz/installer/index.php -> roundcubemail-1.1.6.tar.gz/installer/index.php
Changed
@@ -3,9 +3,9 @@ /* +-------------------------------------------------------------------------+ | Roundcube Webmail setup tool | - | Version 1.1.5 | + | Version 1.1.6 | | | - | Copyright (C) 2009-2015, The Roundcube Dev Team | + | Copyright (C) 2009-2016, The Roundcube Dev Team | | | | This program is free software: you can redistribute it and/or modify | | it under the terms of the GNU General Public License (with exceptions |
View file
roundcubemail-1.1.6.tar.gz/plugins/managesieve/helpdocs
Added
+(directory)
View file
roundcubemail-1.1.6.tar.gz/plugins/managesieve/helpdocs/en_US
Added
+(directory)
View file
roundcubemail-1.1.6.tar.gz/plugins/managesieve/helpdocs/en_US/settings-filters.rst
Added
@@ -0,0 +1,55 @@ +.. index:: Filters +.. _settings-managesieve-filters: + +******* +Filters +******* + +Incoming mail is automatically processed by the server and handled/organized +according to defined criteria. For example you can tell the server to move the message to +specified folder, redirect it to another account, send a reply, discard, delete, etc. + +Filtering is based on `Sieve <https://www.rfc-editor.org/info/rfc5228>`_ language, which means that under the hood +all filters are stored as a Sieve script on the server. This interface allows you to +define rules in easy way without the need to know the language. + +Each filter definition has a name and set of rules and actions. Usually +the number of definitions is unlimited and they can be grouped into sets +(scripts) for convenience. + + +Filter sets +----------- + +Filter definitions can be grouped into sets. These can be activated or disactivated. +Depending on server configuration there can be none, one or more active sets +at the same time. They need to have a unique name. + +New sets can be created as empty or as a copy of an existing set. It is also possible +to import them from a text file containing Sieve script. Sets in form of a script +can be also downloaded e.g. for backup or migration purposes. + + +Filter definition +----------------- + +Every filter can be active or inactive, which is convenient if you want to +disable some actions temporarily. + +Because filters are executed in specified order (from top to bottom as you see them on the list) +you can use drag-and-drop technique to rearange filters on the list. + +Every filter definition contains at least one rule and one action. Depending on server +capabilities a rule can be based e.g. on message headers, body, date or size. + +A set of actions also depends on server capabilities. Most servers support: + +* moving/copying messages to specified folder +* redirecting/copying messages to another account +* discarding messages with specified error message +* replying (vacation) +* deleting (ignoring) messages +* setting flags (e.g. marking as Read) + +Note: Some actions stop filtering process, some do not. Use *Stop evaluating rules* +and *Keep message in Inbox* actions to have more control on this.
View file
roundcubemail-1.1.6.tar.gz/plugins/managesieve/helpdocs/en_US/settings-vacation.rst
Added
@@ -0,0 +1,58 @@ +.. index:: Vacation +.. _settings-managesieve-vacation: + +******** +Vacation +******** + +The vacation autoresponder's purpose is to provide correspondents with +notification that the user is away for an extended period of time and that +they should not expect quick responses. + +**Vacation** is used to respond to an incoming message with another message. + +This interface is part of :ref:`settings-managesieve-filters` functionality +and provides a simple way to manage vacation responses. + + +Vacation message +---------------- + +To enable the autoresponder you have to set at least the response body and change +the status to *On*. + +**Subject** + Response subject is optional. By default the reply subject will be set + to *Auto: <original subject>* + +**Body** + Response body. Here you put the reason of your absence or any other text + that will be send to sender. + +**Vacation start/end** + These fields define when the vacation rule is active and are optional. + +**Status** + This field activates the rule. If you always use the same response body it is + convenient to disable the vacation rule when it's not needed and enable again + another time. + +Advanced settings +----------------- + +**Reply sender address** + This is an email address that will be used as sender of the vacation reply. + +**My email addresses** + Normally the vacation response is send if recipient address of the incoming + message is one of your addresses known to the server. Here you can add + more addresses. + +**Reply interval** + This parameter defines how often the reply to the same sender is generated. + When you receive a lot of messages from the same sender in short time, + usually you don't want to reply to all of them. By default reply is send once a day. + +**Incoming message action** + This field defines an action taken on the incoming message. You can discard or keep + it or redirect/copy to another account (so it can be handled by another person).
View file
roundcubemail-1.1.6.tar.gz/plugins/managesieve/helpdocs/po
Added
+(directory)
View file
roundcubemail-1.1.6.tar.gz/plugins/managesieve/helpdocs/po/settings-filters.pot
Added
@@ -0,0 +1,113 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) 2015, roundcube.net +# This file is distributed under the same license as the Roundcube Webmail Help package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: Roundcube Webmail Help 1.1\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2016-06-07 16:59\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#: ../../en_US/_plugins/managesieve/settings-filters.rst:9 +# cdb4a7c71e5343edb8015510da83a0b8 +msgid "Filters" +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-filters.rst:11 +# 94cde05fc3f049e8911dffacfb9af0e5 +msgid "Incoming mail is automatically processed by the server and handled/organized according to defined criteria. For example you can tell the server to move the message to specified folder, redirect it to another account, send a reply, discard, delete, etc." +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-filters.rst:15 +# c33e9a7b05f24fe59464ff2f1c9e10a5 +msgid "Filtering is based on `Sieve <https://www.rfc-editor.org/info/rfc5228>`_ language, which means that under the hood all filters are stored as a Sieve script on the server. This interface allows you to define rules in easy way without the need to know the language." +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-filters.rst:19 +# 95eb7e571ec44698a474407092b6b79c +msgid "Each filter definition has a name and set of rules and actions. Usually the number of definitions is unlimited and they can be grouped into sets (scripts) for convenience." +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-filters.rst:25 +# aa2da905741247b9971687cd4fdb6a21 +msgid "Filter sets" +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-filters.rst:27 +# dc9dbc4144034676a720caaf4379e4e3 +msgid "Filter definitions can be grouped into sets. These can be activated or disactivated. Depending on server configuration there can be none, one or more active sets at the same time. They need to have a unique name." +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-filters.rst:31 +# 03f58cdba04c4282b867c792572a55e6 +msgid "New sets can be created as empty or as a copy of an existing set. It is also possible to import them from a text file containing Sieve script. Sets in form of a script can be also downloaded e.g. for backup or migration purposes." +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-filters.rst:37 +# 9144e63ba44b476dadfcc84e33e72b86 +msgid "Filter definition" +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-filters.rst:39 +# 602e3696b4bd4db5960351b5af0e72fd +msgid "Every filter can be active or inactive, which is convenient if you want to disable some actions temporarily." +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-filters.rst:42 +# 0f01b114450f4439b210f3831d66c534 +msgid "Because filters are executed in specified order (from top to bottom as you see them on the list) you can use drag-and-drop technique to rearange filters on the list." +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-filters.rst:45 +# 0a30f2aa835e430c9f9de2e446f4c311 +msgid "Every filter definition contains at least one rule and one action. Depending on server capabilities a rule can be based e.g. on message headers, body, date or size." +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-filters.rst:48 +# d3b9c2df232c4cd891ec6ba4751e02cf +msgid "A set of actions also depends on server capabilities. Most servers support:" +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-filters.rst:50 +# 1ee77f36a88746e0809e903838314e5a +msgid "moving/copying messages to specified folder" +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-filters.rst:51 +# c2669d203d104753830a170af2ceffde +msgid "redirecting/copying messages to another account" +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-filters.rst:52 +# b04abf50eb1948518caff0c9f6d32ad4 +msgid "discarding messages with specified error message" +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-filters.rst:53 +# 439873796de6457985088a206b449c5b +msgid "replying (vacation)" +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-filters.rst:54 +# 5b7bce17840647bdba48ffa944b30ec5 +msgid "deleting (ignoring) messages" +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-filters.rst:55 +# a12f2f2bebe74c668b637be66352ddb7 +msgid "setting flags (e.g. marking as Read)" +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-filters.rst:57 +# a19231cf44e64eeca67da4cd31b0303a +msgid "Note: Some actions stop filtering process, some do not. Use *Stop evaluating rules* and *Keep message in Inbox* actions to have more control on this." +msgstr "" +
View file
roundcubemail-1.1.6.tar.gz/plugins/managesieve/helpdocs/po/settings-vacation.pot
Added
@@ -0,0 +1,93 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) 2015, roundcube.net +# This file is distributed under the same license as the Roundcube Webmail Help package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: Roundcube Webmail Help 1.1\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2016-06-07 16:59\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#: ../../en_US/_plugins/managesieve/settings-vacation.rst:9 +# 6f1988e3ca10490f8b46fdf11ce3553a +msgid "Vacation" +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-vacation.rst:11 +# 628c07bf4b424a039800ef834f891841 +msgid "The vacation autoresponder's purpose is to provide correspondents with notification that the user is away for an extended period of time and that they should not expect quick responses." +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-vacation.rst:15 +# 57607d8b841b42859d3bb4e6abc4d653 +msgid "**Vacation** is used to respond to an incoming message with another message." +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-vacation.rst:17 +# 34f46a208d324588906b0d3d10a6176c +msgid "This interface is part of :ref:`settings-managesieve-filters` functionality and provides a simple way to manage vacation responses." +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-vacation.rst:22 +# 895cd4752ec649bc87850eb4bd149853 +msgid "Vacation message" +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-vacation.rst:24 +# 5de6ddf9931a481e9d1c9953183b28d8 +msgid "To enable the autoresponder you have to set at least the response body and change the status to *On*." +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-vacation.rst:28 +# c4790be6b0454aa190190c1e77087414 +msgid "Response subject is optional. By default the reply subject will be set to *Auto: <original subject>*" +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-vacation.rst:32 +# 65eb9d5c2f8d4a8cb3077c824ecf597f +msgid "Response body. Here you put the reason of your absence or any other text that will be send to sender." +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-vacation.rst:36 +# 2b05975ad2ee40e9b64356eb39308a92 +msgid "These fields define when the vacation rule is active and are optional." +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-vacation.rst:39 +# 575bd1430cdf4ea4bbcfb9d8556393bc +msgid "This field activates the rule. If you always use the same response body it is convenient to disable the vacation rule when it's not needed and enable again another time." +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-vacation.rst:44 +# 22d533b9cffd47d39c04cbca07d9513d +msgid "Advanced settings" +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-vacation.rst:47 +# d56d3eac661f41799e4538be4d2806cd +msgid "This is an email address that will be used as sender of the vacation reply." +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-vacation.rst:50 +# f2c3d5d2e05c4147bdca65d3b12acdf4 +msgid "Normally the vacation response is send if recipient address of the incoming message is one of your addresses known to the server. Here you can add more addresses." +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-vacation.rst:55 +# 9b1ee71a799d43ebb8cef4a2555a7b83 +msgid "This parameter defines how often the reply to the same sender is generated. When you receive a lot of messages from the same sender in short time, usually you don't want to reply to all of them. By default reply is send once a day." +msgstr "" + +#: ../../en_US/_plugins/managesieve/settings-vacation.rst:60 +# 8ce4de76e26543f1be25dedb372ce296 +msgid "This field defines an action taken on the incoming message. You can discard or keep it or redirect/copy to another account (so it can be handled by another person)." +msgstr "" +
View file
roundcubemail-1.1.5.tar.gz/plugins/managesieve/localization/de_DE.inc -> roundcubemail-1.1.6.tar.gz/plugins/managesieve/localization/de_DE.inc
Changed
@@ -179,7 +179,7 @@ $labels['vacation.discard'] = 'Verwerfen'; $labels['vacation.redirect'] = 'Weiterleiten an'; $labels['vacation.copy'] = 'Kopie senden an'; -$labels['filladdresses'] = 'Mit allen meiner Adressen ausfüllen'; +$labels['filladdresses'] = 'Mit allen meinen Adressen ausfüllen'; $labels['arialabelfiltersetactions'] = 'Aktionen für Filtersätze'; $labels['arialabelfilteractions'] = 'Aktionen für Filter'; $labels['arialabelfilterform'] = 'Filtereigenschaften';
View file
roundcubemail-1.1.5.tar.gz/program/include/iniset.php -> roundcubemail-1.1.6.tar.gz/program/include/iniset.php
Changed
@@ -5,7 +5,7 @@ | program/include/iniset.php | | | | This file is part of the Roundcube Webmail client | - | Copyright (C) 2008-2015, The Roundcube Dev Team | + | Copyright (C) 2008-2016, The Roundcube Dev Team | | | | Licensed under the GNU General Public License version 3 or | | any later version with exceptions for skins & plugins. | @@ -21,7 +21,7 @@ */ // application constants -define('RCMAIL_VERSION', '1.1.5'); +define('RCMAIL_VERSION', '1.1.6'); define('RCMAIL_START', microtime(true)); if (!defined('INSTALL_PATH')) {
View file
roundcubemail-1.1.5.tar.gz/program/include/rcmail.php -> roundcubemail-1.1.6.tar.gz/program/include/rcmail.php
Changed
@@ -1867,13 +1867,14 @@ } $lang_codes = array($_SESSION['language']); + $assets_dir = $this->config->get('assets_dir') ?: INSTALL_PATH; if ($pos = strpos($_SESSION['language'], '_')) { $lang_codes[] = substr($_SESSION['language'], 0, $pos); } foreach ($lang_codes as $code) { - if (file_exists(INSTALL_PATH . 'program/js/tinymce/langs/'.$code.'.js')) { + if (file_exists("$assets_dir/program/js/tinymce/langs/$code.js")) { $lang = $code; break; }
View file
roundcubemail-1.1.5.tar.gz/program/js/app.js -> roundcubemail-1.1.6.tar.gz/program/js/app.js
Changed
@@ -1246,21 +1246,37 @@ break; case 'pushgroup': - // add group ID to stack - this.env.address_group_stack.push(props.id); + // add group ID and current search to stack + var group = { + id: props.id, + search_request: this.env.search_request, + page: this.env.current_page, + search: this.env.search_request && this.gui_objects.qsearchbox ? this.gui_objects.qsearchbox.value : null + }; + + this.env.address_group_stack.push(group); if (obj && event) rcube_event.cancel(event); case 'listgroup': this.reset_qsearch(); - this.list_contacts(props.source, props.id); + this.list_contacts(props.source, props.id, 1, group); break; case 'popgroup': - if (this.env.address_group_stack.length > 1) { - this.env.address_group_stack.pop(); + if (this.env.address_group_stack.length) { + var old = this.env.address_group_stack.pop(); this.reset_qsearch(); - this.list_contacts(props.source, this.env.address_group_stack[this.env.address_group_stack.length-1]); + + if (old.search_request) { + // this code is executed when going back to the search result + if (old.search && this.gui_objects.qsearchbox) + $(this.gui_objects.qsearchbox).val(old.search); + this.env.search_request = old.search_request; + this.list_contacts_remote(null, null, this.env.current_page = old.page); + } + else + this.list_contacts(props.source, this.env.address_group_stack[this.env.address_group_stack.length-1].id); } break; @@ -4846,9 +4862,9 @@ return false; }; - this.list_contacts = function(src, group, page) + this.list_contacts = function(src, group, page, search) { - var win, folder, url = {}, + var win, folder, index = -1, url = {}, refresh = src === undefined && group === undefined && page === undefined, target = window; @@ -4858,9 +4874,6 @@ if (refresh) group = this.env.group; - if (page && this.current_page == page && src == this.env.source && group == this.env.group) - return false; - if (src != this.env.source) { page = this.env.current_page = 1; this.reset_qsearch(); @@ -4877,21 +4890,26 @@ this.env.group = group; // truncate groups listing stack - var index = $.inArray(this.env.group, this.env.address_group_stack); - if (index < 0) - this.env.address_group_stack = []; - else - this.env.address_group_stack = this.env.address_group_stack.slice(0,index); + $.each(this.env.address_group_stack, function(i, v) { + if (ref.env.group == v.id) { + index = i; + return false; + } + }); + + this.env.address_group_stack = index < 0 ? [] : this.env.address_group_stack.slice(0, index); // make sure the current group is on top of the stack if (this.env.group) { - this.env.address_group_stack.push(this.env.group); + if (!search) search = {}; + search.id = this.env.group; + this.env.address_group_stack.push(search); // mark the first group on the stack as selected in the directory list - folder = 'G'+src+this.env.address_group_stack[0]; + folder = 'G'+src+this.env.address_group_stack[0].id; } else if (this.gui_objects.addresslist_title) { - $(this.gui_objects.addresslist_title).html(this.get_label('contacts')); + $(this.gui_objects.addresslist_title).text(this.get_label('contacts')); } if (!this.env.search_id) @@ -4964,7 +4982,9 @@ var boxtitle = $(this.gui_objects.addresslist_title).html(''); // clear contents // add link to pop back to parent group - if (this.env.address_group_stack.length > 1) { + if (this.env.address_group_stack.length > 1 + || (this.env.address_group_stack.length == 1 && this.env.address_group_stack[0].search_request) + ) { $('<a href="#list">...</a>') .attr('title', this.gettext('uponelevel')) .addClass('poplink') @@ -4973,10 +4993,11 @@ boxtitle.append(' » '); } - boxtitle.append($('<span>').text(prop.name)); + boxtitle.append($('<span>').text(prop ? prop.name : this.get_label('contacts'))); } - this.triggerEvent('groupupdate', prop); + if (prop) + this.triggerEvent('groupupdate', prop); }; // load contact record @@ -7317,7 +7338,11 @@ this.update_state = function(query) { if (window.history.replaceState) - window.history.replaceState({}, document.title, rcmail.url('', query)); + try { + // This may throw security exception in Firefox (#5400) + window.history.replaceState({}, document.title, rcmail.url('', query)); + } + catch(e) { /* ignore */ }; }; // send a http request to the server
View file
roundcubemail-1.1.5.tar.gz/program/js/list.js -> roundcubemail-1.1.6.tar.gz/program/js/list.js
Changed
@@ -1108,7 +1108,7 @@ { for (var n in this.selection) if (this.selection[n] == id) - return index ? n : true; + return index ? parseInt(n) : true; return false; }, @@ -1688,33 +1688,34 @@ this.col_draglayer = null; } - if (this.col_drag_active) - this.focus(); - this.col_drag_active = false; - rcube_event.remove_listener({event:'mousemove', object:this, method:'column_drag_mouse_move'}); rcube_event.remove_listener({event:'mouseup', object:this, method:'column_drag_mouse_up'}); + // remove temp divs this.del_dragfix(); - if (this.selected_column !== null && this.cols && this.cols.length) { - var i, cpos = 0, pos = rcube_event.get_mouse_pos(e); + if (this.col_drag_active) { + this.col_drag_active = false; + this.focus(); + this.triggerEvent('column_dragend', e); - // find destination position - for (i=0; i<this.cols.length; i++) { - if (pos.x >= this.cols[i]/2 + this.list_pos + cpos) - cpos += this.cols[i]; - else - break; - } + if (this.selected_column !== null && this.cols && this.cols.length) { + var i, cpos = 0, pos = rcube_event.get_mouse_pos(e); - if (i != this.selected_column && i != this.selected_column+1) { - this.column_replace(this.selected_column, i); + // find destination position + for (i=0; i<this.cols.length; i++) { + if (pos.x >= this.cols[i]/2 + this.list_pos + cpos) + cpos += this.cols[i]; + else + break; + } + + if (i != this.selected_column && i != this.selected_column+1) { + this.column_replace(this.selected_column, i); + } } } - this.triggerEvent('column_dragend', e); - return rcube_event.cancel(e); },
View file
roundcubemail-1.1.5.tar.gz/program/lib/Roundcube/bootstrap.php -> roundcubemail-1.1.6.tar.gz/program/lib/Roundcube/bootstrap.php
Changed
@@ -54,7 +54,7 @@ } // framework constants -define('RCUBE_VERSION', '1.1.5'); +define('RCUBE_VERSION', '1.1.6'); define('RCUBE_CHARSET', 'UTF-8'); if (!defined('RCUBE_LIB_DIR')) { @@ -99,7 +99,7 @@ spl_autoload_register('rcube_autoload'); // set PEAR error handling (will also load the PEAR main class) -@PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'rcube_pear_error'); +PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'rcube_pear_error');
View file
roundcubemail-1.1.5.tar.gz/program/lib/Roundcube/rcube_addressbook.php -> roundcubemail-1.1.6.tar.gz/program/lib/Roundcube/rcube_addressbook.php
Changed
@@ -25,14 +25,20 @@ */ abstract class rcube_addressbook { - /** constants for error reporting **/ - const ERROR_READ_ONLY = 1; + // constants for error reporting + const ERROR_READ_ONLY = 1; const ERROR_NO_CONNECTION = 2; const ERROR_VALIDATE = 3; const ERROR_SAVING = 4; const ERROR_SEARCH = 5; - /** public properties (mandatory) */ + // search modes + const SEARCH_ALL = 0; + const SEARCH_STRICT = 1; + const SEARCH_PREFIX = 2; + const SEARCH_GROUPS = 4; + + // public properties (mandatory) public $primary_key; public $groups = false; public $export_groups = true; @@ -98,13 +104,11 @@ * * @param array List of fields to search in * @param string Search value - * @param int Matching mode: - * 0 - partial (*abc*), - * 1 - strict (=), - * 2 - prefix (abc*) + * @param int Search mode. Sum of self::SEARCH_*. * @param boolean True if results are requested, False if count only * @param boolean True to skip the count query (select only) * @param array List of fields that cannot be empty + * * @return object rcube_result_set List of contact records and 'count' value */ abstract function search($fields, $value, $mode=0, $select=true, $nocount=false, $required=array()); @@ -330,10 +334,7 @@ * List all active contact groups of this source * * @param string Optional search string to match group name - * @param int Matching mode: - * 0 - partial (*abc*), - * 1 - strict (=), - * 2 - prefix (abc*) + * @param int Search mode. Sum of self::SEARCH_* * * @return array Indexed list of contact groups, each a hash array */ @@ -665,16 +666,14 @@ // composite field, e.g. address foreach ((array)$value as $val) { $val = mb_strtolower($val); - switch ($mode) { - case 1: - $got = ($val == $search); - break; - case 2: + if ($mode & self::SEARCH_STRICT) { + $got = ($val == $search); + } + else if ($mode & self::SEARCH_PREFIX) { $got = ($search == substr($val, 0, strlen($search))); - break; - - default: + } + else { $got = (strpos($val, $search) !== false); }
View file
roundcubemail-1.1.5.tar.gz/program/lib/Roundcube/rcube_contacts.php -> roundcubemail-1.1.6.tar.gz/program/lib/Roundcube/rcube_contacts.php
Changed
@@ -136,11 +136,8 @@ /** * List all active contact groups of this source * - * @param string Search string to match group name - * @param int Matching mode: - * 0 - partial (*abc*), - * 1 - strict (=), - * 2 - prefix (abc*) + * @param string $search Search string to match group name + * @param int $mode Matching mode. Sum of rcube_addressbook::SEARCH_* * * @return array Indexed list of contact groups, each a hash array */ @@ -148,18 +145,18 @@ { $results = array(); - if (!$this->groups) + if (!$this->groups) { return $results; + } if ($search) { - switch (intval($mode)) { - case 1: + if ($mode & rcube_addressbook::SEARCH_STRICT) { $sql_filter = $this->db->ilike('name', $search); - break; - case 2: + } + else if ($mode & rcube_addressbook::SEARCH_PREFIX) { $sql_filter = $this->db->ilike('name', $search . '%'); - break; - default: + } + else { $sql_filter = $this->db->ilike('name', '%' . $search . '%'); } @@ -290,10 +287,7 @@ * * @param mixed $fields The field name of array of field names to search in * @param mixed $value Search value (or array of values when $fields is array) - * @param int $mode Matching mode: - * 0 - partial (*abc*), - * 1 - strict (=), - * 2 - prefix (abc*) + * @param int $mode Search mode. Sum of rcube_addressbook::SEARCH_* * @param boolean $select True if results are requested, False if count only * @param boolean $nocount True to skip the count query (select only) * @param array $required List of fields that cannot be empty
View file
roundcubemail-1.1.5.tar.gz/program/lib/Roundcube/rcube_html2text.php -> roundcubemail-1.1.6.tar.gz/program/lib/Roundcube/rcube_html2text.php
Changed
@@ -587,11 +587,11 @@ { $level = 0; $offset = 0; - while (($start = strpos($text, '<blockquote', $offset)) !== false) { + while (($start = stripos($text, '<blockquote', $offset)) !== false) { $offset = $start + 12; do { - $end = strpos($text, '</blockquote>', $offset); - $next = strpos($text, '<blockquote', $offset); + $end = stripos($text, '</blockquote>', $offset); + $next = stripos($text, '<blockquote', $offset); // nested <blockquote>, skip if ($next !== false && $next < $end) {
View file
roundcubemail-1.1.5.tar.gz/program/lib/Roundcube/rcube_ldap.php -> roundcubemail-1.1.6.tar.gz/program/lib/Roundcube/rcube_ldap.php
Changed
@@ -554,30 +554,15 @@ $this->result = new rcube_result_set($entries['count'], ($this->list_page-1) * $this->page_size); } else { - $prop = $this->group_id ? $this->group_data : $this->prop; - $base_dn = $this->group_id ? $prop['base_dn'] : $this->base_dn; - - // use global search filter - if (!empty($this->filter)) - $prop['filter'] = $this->filter; - // exec LDAP search if no result resource is stored - if ($this->ready && !$this->ldap_result) - $this->ldap_result = $this->ldap->search($base_dn, $prop['filter'], $prop['scope'], $this->prop['attributes'], $prop); + if ($this->ready && $this->ldap_result === null) { + $this->ldap_result = $this->extended_search(); + } // count contacts for this user $this->result = $this->count(); - // we have a search result resource - if ($this->ldap_result && $this->result->count > 0) { - // sorting still on the ldap server - if ($this->sort_col && $prop['scope'] !== 'base' && !$this->ldap->vlv_active) - $this->ldap_result->sort($this->sort_col); - - // get all entries from the ldap server - $entries = $this->ldap_result->entries(); - } - + $entries = $this->ldap_result; } // end else // start and end of the page @@ -588,7 +573,8 @@ // filter entries for this page for ($i = $start_row; $i < min($entries['count'], $last_row); $i++) - $this->result->add($this->_ldap2result($entries[$i])); + if ($entries[$i]) + $this->result->add($this->_ldap2result($entries[$i])); return $this->result; } @@ -733,15 +719,12 @@ * * @param mixed $fields The field name of array of field names to search in * @param mixed $value Search value (or array of values when $fields is array) - * @param int $mode Matching mode: - * 0 - partial (*abc*), - * 1 - strict (=), - * 2 - prefix (abc*) + * @param int $mode Matching mode. Sum of rcube_addressbook::SEARCH_* * @param boolean $select True if results are requested, False if count only * @param boolean $nocount (Not used) * @param array $required List of fields that cannot be empty * - * @return array Indexed list of contact records and 'count' value + * @return rcube_result_set List of contact records */ function search($fields, $value, $mode=0, $select=true, $nocount=false, $required=array()) { @@ -767,7 +750,7 @@ if ($this->prop['vlv_search'] && $this->ready && join(',', (array)$fields) == join(',', $list_fields)) { $this->result = new rcube_result_set(0); - $this->ldap->config_set('fuzzy_search', intval($this->prop['fuzzy_search'] && $mode != 1)); + $this->ldap->config_set('fuzzy_search', intval($this->prop['fuzzy_search'] && !($mode & rcube_addressbook::SEARCH_STRICT))); $ldap_data = $this->ldap->search($this->base_dn, $this->prop['filter'], $this->prop['scope'], $this->prop['attributes'], array('search' => $value /*, 'sort' => $this->prop['sort'] */)); if ($ldap_data === false) { @@ -799,9 +782,9 @@ // set wildcards $wp = $ws = ''; - if (!empty($this->prop['fuzzy_search']) && $mode != 1) { + if (!empty($this->prop['fuzzy_search']) && !($mode & rcube_addressbook::SEARCH_STRICT)) { $ws = '*'; - if (!$mode) { + if (!($mode & rcube_addressbook::SEARCH_PREFIX)) { $wp = '*'; } } @@ -867,9 +850,9 @@ // avoid double-wildcard if $value is empty $filter = preg_replace('/\*+/', '*', $filter); - // add general filter to query - if (!empty($this->prop['filter'])) - $filter = '(&(' . preg_replace('/^\(|\)$/', '', $this->prop['filter']) . ')' . $filter . ')'; + if ($mode & rcube_addressbook::SEARCH_GROUPS) { + $filter = 'e:' . $filter; + } // set filter string and execute search $this->set_search_set($filter); @@ -891,24 +874,99 @@ function count() { $count = 0; - if ($this->ldap_result) { - $count = $this->ldap_result->count(); + if (!empty($this->ldap_result)) { + $count = $this->ldap_result['count']; } else if ($this->group_id && $this->group_data['dn']) { $count = count($this->list_group_members($this->group_data['dn'], true)); } // We have a connection but no result set, attempt to get one. else if ($this->ready) { - $prop = $this->group_id ? $this->group_data : $this->prop; - $base_dn = $this->group_id ? $this->group_base_dn : $this->base_dn; + $count = $this->extended_search(true); + } + + return new rcube_result_set($count, ($this->list_page-1) * $this->page_size); + } + + /** + * Wrapper on LDAP searches with group_filters support, which + * allows searching for contacts AND groups. + * + * @param bool $count Return count instead of the records + * + * @return int|array Count of records or the result array (with 'count' item) + */ + protected function extended_search($count = false) + { + $prop = $this->group_id ? $this->group_data : $this->prop; + $base_dn = $this->group_id ? $this->groups_base_dn : $this->base_dn; + $attrs = $count ? array('dn') : $this->prop['attributes']; + $entries = array(); + + // Use global search filter + if ($filter = $this->filter) { + if ($filter[0] == 'e' && $filter[1] == ':') { + $filter = substr($filter, 2); + $is_extended_search = !$this->group_id; + } + + $prop['filter'] = $filter; - if (!empty($this->filter)) { // Use global search filter - $prop['filter'] = $this->filter; + // add general filter to query + if (!empty($this->prop['filter'])) { + $prop['filter'] = '(&(' . preg_replace('/^\(|\)$/', '', $this->prop['filter']) . ')' . $prop['filter'] . ')'; } - $count = $this->ldap->search($base_dn, $prop['filter'], $prop['scope'], array('dn'), $prop, true); } - return new rcube_result_set($count, ($this->list_page-1) * $this->page_size); + $result = $this->ldap->search($base_dn, $prop['filter'], $prop['scope'], $attrs, $prop, $count); + + // we have a search result resource, get all entries + if (!$count && $result) { + $result_count = $result->count(); + $result = $result->entries(); + unset($result['count']); + } + + // search for groups + if ($is_extended_search + && is_array($this->prop['group_filters']) + && !empty($this->prop['groups']['filter']) + ) { + $filter = '(&(' . preg_replace('/^\(|\)$/', '', $this->prop['groups']['filter']) . ')' . $filter . ')'; + + // for groups we may use cn instead of displayname... + if ($this->prop['fieldmap']['name'] != $this->prop['groups']['name_attr']) { + $filter = str_replace(strtolower($this->prop['fieldmap']['name']) . '=', $this->prop['groups']['name_attr'] . '=', $filter); + } + + $name_attr = $this->prop['groups']['name_attr']; + $email_attr = $this->prop['groups']['email_attr'] ?: 'mail'; + $attrs = array_unique(array('dn', 'objectClass', $name_attr, $email_attr)); + + $res = $this->ldap->search($this->groups_base_dn, $filter, $this->prop['groups']['scope'], $attrs, $prop, $count); + + if ($count && $res) { + $result += $res; + } + else if (!$count && $res && ($res_count = $res->count())) { + $res = $res->entries(); + unset($res['count']); + $result = array_merge($result, $res); + $result_count += $res_count; + } + } + + if (!$count && $result) { + // sorting + if ($this->sort_col && $prop['scope'] !== 'base' && !$this->ldap->vlv_active) { + usort($result, array($this, '_entry_sort_cmp')); + } + + $result['count'] = $result_count; + $this->result_entries = $result; + } + + return $result; } @@ -1610,10 +1668,7 @@ * List all active contact groups of this source * * @param string Optional search string to match group name - * @param int Matching mode: - * 0 - partial (*abc*), - * 1 - strict (=), - * 2 - prefix (abc*) + * @param int Matching mode. Sum of rcube_addressbook::SEARCH_* * * @return array Indexed list of contact groups, each a hash array */ @@ -1705,9 +1760,11 @@ if ($search !== null) { // set wildcards $wp = $ws = ''; - if (!empty($this->prop['fuzzy_search']) && $mode != 1) { + if (!empty($this->prop['fuzzy_search']) && !($mode & rcube_addressbook::SEARCH_STRICT)) { $ws = '*'; - $wp = !$mode ? '*' : ''; + if (!($mode & rcube_addressbook::SEARCH_PREFIX)) { + $wp = '*'; + } } $filter = "(&$filter($name_attr=$wp" . rcube_ldap_generic::quote_string($search) . "$ws))"; $props['search'] = $wp . $search . $ws;
View file
roundcubemail-1.1.5.tar.gz/program/lib/Roundcube/rcube_utils.php -> roundcubemail-1.1.6.tar.gz/program/lib/Roundcube/rcube_utils.php
Changed
@@ -419,10 +419,11 @@ /** * Replace all css definitions with #container [def] - * and remove css-inlined scripting + * and remove css-inlined scripting, make position style safe * * @param string CSS source code * @param string Container ID to use as prefix + * @param bool Allow remote content * * @return string Modified CSS source */ @@ -450,6 +451,9 @@ $length = $pos2 - $pos - 1; $styles = substr($source, $pos+1, $length); + // Convert position:fixed to position:absolute (#5264) + $styles = preg_replace('/position:[\s\r\n]*fixed/i', 'position: absolute', $styles); + // check every line of a style block... if ($allow_remote) { $a_styles = preg_split('/;[\r\n]*/', $styles, -1, PREG_SPLIT_NO_EMPTY);
View file
roundcubemail-1.1.5.tar.gz/program/lib/Roundcube/rcube_washtml.php -> roundcubemail-1.1.6.tar.gz/program/lib/Roundcube/rcube_washtml.php
Changed
@@ -235,6 +235,11 @@ } } else if (!preg_match('/^(behavior|expression)/i', $val)) { + // Set position:fixed to position:absolute for security (#5264) + if (!strcasecmp($cssid, 'position') && !strcasecmp($val, 'fixed')) { + $val = 'absolute'; + } + // whitelist ? $value .= ' ' . $val; @@ -370,7 +375,7 @@ */ private function is_link_attribute($tag, $attr) { - return $tag == 'a' && $attr == 'href'; + return ($tag == 'a' || $tag == 'area') && $attr == 'href'; } /** @@ -727,10 +732,9 @@ */ protected function explode_style($style) { - $style = trim($style); + $pos = 0; // first remove comments - $pos = 0; while (($pos = strpos($style, '/*', $pos)) !== false) { $end = strpos($style, '*/', $pos+2); @@ -742,6 +746,7 @@ } } + $style = trim($style); $strlen = strlen($style); $result = array();
View file
roundcubemail-1.1.5.tar.gz/program/localization/de_CH/labels.inc -> roundcubemail-1.1.6.tar.gz/program/localization/de_CH/labels.inc
Changed
@@ -579,4 +579,5 @@ Eingabe: Ausgewählte/fokussierte Nachricht öffnen. Löschen: Ausgewählte Nachricht in den Papierkorb verschieben resp. löschen."; $labels['helplistkeyboardnavcontacts'] = "Eingabe: Ausgewählten Kontakt öffnen."; +$labels['sigbelow'] = 'Signatur unter der zitierten Nachricht platzieren'; ?>
View file
roundcubemail-1.1.5.tar.gz/program/localization/de_DE/labels.inc -> roundcubemail-1.1.6.tar.gz/program/localization/de_DE/labels.inc
Changed
@@ -54,7 +54,7 @@ $labels['moveto'] = 'Verschieben nach …'; $labels['copyto'] = 'Kopieren nach …'; $labels['download'] = 'Herunterladen'; -$labels['open'] = 'Offen'; +$labels['open'] = 'Öffnen'; $labels['showattachment'] = 'Anzeigen'; $labels['showanyway'] = 'Trotzdem anzeigen'; $labels['filename'] = 'Dateiname'; @@ -303,7 +303,7 @@ $labels['typework'] = 'Dienstlich'; $labels['typeother'] = 'Andere'; $labels['typemobile'] = 'Mobil'; -$labels['typemain'] = 'Hauptnummer'; +$labels['typemain'] = 'Primär'; $labels['typehomefax'] = 'Fax Privat'; $labels['typeworkfax'] = 'Fax Dienst'; $labels['typecar'] = 'Auto'; @@ -579,4 +579,5 @@ Enter: Öffne die ausgewählte/fokussierte Nachricht Rücktaste: Verschiebe gewählte Nachricht in den Mülleimer"; $labels['helplistkeyboardnavcontacts'] = "Enter: Ausgewählten Kontakt öffnen."; +$labels['sigbelow'] = 'Unterschrift unter der zitierten Nachricht platzieren'; ?>
View file
roundcubemail-1.1.5.tar.gz/program/localization/de_DE/messages.inc -> roundcubemail-1.1.6.tar.gz/program/localization/de_DE/messages.inc
Changed
@@ -74,7 +74,7 @@ $messages['groupdeleting'] = 'Gruppe wird gelöscht …'; $messages['folderdeleting'] = 'Ordner wird gelöscht …'; $messages['foldermoving'] = 'Ordner wird verschoben …'; -$messages['foldersubscribing'] = 'Ordner wird abboniert …'; +$messages['foldersubscribing'] = 'Ordner wird abonniert …'; $messages['folderunsubscribing'] = 'Ordner wird abbestellt …'; $messages['formincomplete'] = 'Das Formular wurde nicht vollständig ausgefüllt.'; $messages['noemailwarning'] = 'Bitte geben Sie eine gültige E-Mail-Adresse ein.';
View file
roundcubemail-1.1.5.tar.gz/program/steps/addressbook/list.inc -> roundcubemail-1.1.6.tar.gz/program/steps/addressbook/list.inc
Changed
@@ -57,11 +57,13 @@ } if ($CONTACTS->group_id) { - $OUTPUT->command('set_group_prop', array('ID' => $CONTACTS->group_id) - + array_intersect_key((array)$CONTACTS->get_group($CONTACTS->group_id), array('name'=>1,'email'=>1))); + $group_data = array('ID' => $CONTACTS->group_id) + + array_intersect_key((array)$CONTACTS->get_group($CONTACTS->group_id), array('name'=>1,'email'=>1)); } } +$OUTPUT->command('set_group_prop', $group_data); + // update message count display $OUTPUT->set_env('pagecount', ceil($result->count / $PAGE_SIZE)); $OUTPUT->command('set_rowcount', rcmail_get_rowcount_text($result));
View file
roundcubemail-1.1.5.tar.gz/program/steps/addressbook/search.inc -> roundcubemail-1.1.6.tar.gz/program/steps/addressbook/search.inc
Changed
@@ -139,6 +139,7 @@ // Values matching mode $mode = (int) $RCMAIL->config->get('addressbook_search_mode'); + $mode |= rcube_addressbook::SEARCH_GROUPS; // get sources list $sources = $RCMAIL->get_address_sources(); @@ -229,13 +230,15 @@ } // update message count display - $OUTPUT->command('set_env', 'search_request', $search_request); - $OUTPUT->command('set_env', 'pagecount', ceil($result->count / $PAGE_SIZE)); + $OUTPUT->set_env('search_request', $search_request); + $OUTPUT->set_env('pagecount', ceil($result->count / $PAGE_SIZE)); $OUTPUT->command('set_rowcount', rcmail_get_rowcount_text($result)); // Re-set current source - $OUTPUT->command('set_env', 'search_id', $sid); - $OUTPUT->command('set_env', 'source', ''); - $OUTPUT->command('set_env', 'group', ''); + $OUTPUT->set_env('search_id', $sid); + $OUTPUT->set_env('source', ''); + $OUTPUT->set_env('group', ''); + // Re-set list header + $OUTPUT->command('set_group_prop', null); if (!$sid) { // unselect currently selected directory/group
View file
roundcubemail-1.1.5.tar.gz/program/steps/mail/autocomplete.inc -> roundcubemail-1.1.6.tar.gz/program/steps/mail/autocomplete.inc
Changed
@@ -63,6 +63,7 @@ $sort_keys = array(); $books_num = count($book_types); $search_lc = mb_strtolower($search); + $mode |= rcube_addressbook::SEARCH_GROUPS; foreach ($book_types as $id) { $abook = $RCMAIL->get_address_book($id);
View file
roundcubemail-1.1.5.tar.gz/program/steps/mail/list_contacts.inc -> roundcubemail-1.1.6.tar.gz/program/steps/mail/list_contacts.inc
Changed
@@ -117,7 +117,6 @@ } } - // update env $OUTPUT->set_env('contactdata', $jsresult); $OUTPUT->set_env('pagecount', ceil($result->count / $page_size));
View file
roundcubemail-1.1.5.tar.gz/program/steps/mail/search_contacts.inc -> roundcubemail-1.1.6.tar.gz/program/steps/mail/search_contacts.inc
Changed
@@ -28,6 +28,7 @@ $records = array(); $search_set = array(); $jsresult = array(); +$search_mode |= rcube_addressbook::SEARCH_GROUPS; foreach ($sources as $s) { $source = $RCMAIL->get_address_book($s['id']); @@ -46,9 +47,6 @@ continue; } - // get records - $result = $source->list_records($afields); - while ($row = $result->next()) { $row['sourceid'] = $s['id']; $key = rcube_addressbook::compose_contact_key($row, $addr_sort_col); @@ -78,7 +76,9 @@ if (!empty($result) && $result->count > 0) { // create javascript list while ($row = $result->next()) { - $name = rcube_addressbook::compose_list_name($row); + $name = rcube_addressbook::compose_list_name($row); + $classname = $row['_type'] == 'group' ? 'group' : 'person'; + $keyname = $row['_type'] == 'group' ? 'contactgroup' : 'contact'; // add record for every email address of the contact // (same as in list_contacts.inc) @@ -86,10 +86,12 @@ foreach ($emails as $i => $email) { $row_id = $row['ID'].'-'.$i; $jsresult[$row_id] = format_email_recipient($email, $name); + $title = rcube_addressbook::compose_search_name($row, $email, $name); + $OUTPUT->command('add_contact_row', $row_id, array( - 'contact' => html::a(array('title' => $email), rcube::Q($name ? $name : $email) . + $keyname => html::a(array('title' => $title), rcube::Q($name ? $name : $email) . ($name && count($emails) > 1 ? ' ' . html::span('email', rcube::Q($email)) : '') - )), 'person'); + )), $classname); } }
View file
roundcubemail-1.1.5.tar.gz/program/steps/mail/sendmail.inc -> roundcubemail-1.1.6.tar.gz/program/steps/mail/sendmail.inc
Changed
@@ -363,13 +363,19 @@ $plainTextPart = rcube_mime::wordwrap($plainTextPart, $LINE_LENGTH, "\r\n", false, $message_charset); $plainTextPart = wordwrap($plainTextPart, 998, "\r\n", true); - // make sure all line endings are CRLF (#1486712) - $plainTextPart = preg_replace('/\r?\n/', "\r\n", $plainTextPart); + // There's no sense to use multipart/alternative if the text/plain + // part would be blank. Completely blank text/plain part may confuse + // some mail clients (#5283) + if (strlen(trim($plainTextPart)) > 0) { + // make sure all line endings are CRLF (#1486712) + $plainTextPart = preg_replace('/\r?\n/', "\r\n", $plainTextPart); - $plugin = $RCMAIL->plugins->exec_hook('message_outgoing_body', - array('body' => $plainTextPart, 'type' => 'alternative', 'message' => $MAIL_MIME)); + $plugin = $RCMAIL->plugins->exec_hook('message_outgoing_body', + array('body' => $plainTextPart, 'type' => 'alternative', 'message' => $MAIL_MIME)); - $MAIL_MIME->setTXTBody($plugin['body']); + // add a plain text version of the e-mail as an alternative part. + $MAIL_MIME->setTXTBody($plugin['body']); + } // look for "emoticon" images from TinyMCE and change their src paths to // be file paths on the server instead of URL paths.
View file
roundcubemail-1.1.5.tar.gz/skins/larry/styles.css -> roundcubemail-1.1.6.tar.gz/skins/larry/styles.css
Changed
@@ -745,6 +745,12 @@ background: linear-gradient(to bottom, #eee 0%, #dcdcdc 100%); } +.ui-autocomplete { + max-height: 160px; + overflow-x: hidden; + overflow-y: auto; +} + /*** basic page layout ***/ @@ -3089,4 +3095,4 @@ _:not(), _:-moz-handler-blocked, .mozilla .mce-btn-small i { line-height: 20px !important; -} \ No newline at end of file +}
View file
roundcubemail-1.1.5.tar.gz/skins/larry/ui.js -> roundcubemail-1.1.6.tar.gz/skins/larry/ui.js
Changed
@@ -298,7 +298,9 @@ else if (rcmail.env.task == 'addressbook') { rcmail.addEventListener('afterupload-photo', show_uploadform) .addEventListener('beforepushgroup', push_contactgroup) - .addEventListener('beforepopgroup', pop_contactgroup); + .addEventListener('beforepopgroup', pop_contactgroup) + .addEventListener('menu-open', menu_toggle) + .addEventListener('menu-close', menu_toggle); if (rcmail.env.action == '') { new rcube_splitter({ id:'addressviewsplitterd', p1:'#addressview-left', p2:'#addressview-right',
View file
roundcubemail-1.1.5.tar.gz/tests/Framework/Html2text.php -> roundcubemail-1.1.6.tar.gz/tests/Framework/Html2text.php
Changed
@@ -79,7 +79,7 @@ { $html = <<<EOF <br>Begin<br><blockquote>OUTER BEGIN<blockquote>INNER 1<br></blockquote><div><br></div><div>Par 1</div> -<blockquote>INNER 2</blockquote><div><br></div><div>Par 2</div> +<blockQuote>INNER 2</blockquote><div><br></div><div>Par 2</div> <div><br></div><div>Par 3</div><div><br></div> <blockquote>INNER 3</blockquote>OUTER END</blockquote> EOF;
View file
roundcubemail-1.1.5.tar.gz/tests/Framework/Utils.php -> roundcubemail-1.1.6.tar.gz/tests/Framework/Utils.php
Changed
@@ -199,6 +199,16 @@ $mod = rcube_utils::mod_css_styles("background:\\0075\\0072\\006c( javascript:alert('xss') )", 'rcmbody'); $this->assertEquals("/* evil! */", $mod, "Don't allow encoding quirks (2)"); + + // position: fixed (#5264) + $mod = rcube_utils::mod_css_styles(".test { position: fixed; }", 'rcmbody'); + $this->assertEquals("#rcmbody .test { position: absolute; }", $mod, "Replace position:fixed with position:absolute (0)"); + + $mod = rcube_utils::mod_css_styles(".test { position:\nfixed; }", 'rcmbody'); + $this->assertEquals("#rcmbody .test { position: absolute; }", $mod, "Replace position:fixed with position:absolute (1)"); + + $mod = rcube_utils::mod_css_styles(".test { position:/**/fixed; }", 'rcmbody'); + $this->assertEquals("#rcmbody .test { position: absolute; }", $mod, "Replace position:fixed with position:absolute (2)"); } /**
View file
roundcubemail-1.1.5.tar.gz/tests/Framework/Washtml.php -> roundcubemail-1.1.6.tar.gz/tests/Framework/Washtml.php
Changed
@@ -38,6 +38,23 @@ } /** + * Test XSS in area's href (#5240) + */ + function test_href_area() + { + $html = '<p><area href="data:text/html,<script>alert(document.cookie)</script>">' + . '<area href="vbscript:alert(document.cookie)">Internet Explorer</p>' + . '<area href="javascript:alert(document.domain)" shape=default>'; + + $washer = new rcube_washtml; + $washed = $washer->wash($html); + + $this->assertNotRegExp('/data:text/', $washed, "data:text/html in area href"); + $this->assertNotRegExp('/vbscript:/', $washed, "vbscript: in area href"); + $this->assertNotRegExp('/javascript:/', $washed, "javascript: in area href"); + } + + /** * Test handling HTML comments */ function test_comments() @@ -252,4 +269,18 @@ $this->assertSame($washed, $exp, "SVG content"); } + + /** + * Test position:fixed cleanup - (#5264) + */ + function test_style_wash_position_fixed() + { + $html = "<img style='position:fixed' /><img style=\"position:/**/ fixed; top:10px\" />"; + $exp = "<img style=\"position: absolute\" /><img style=\"position: absolute; top: 10px\" />"; + + $washer = new rcube_washtml; + $washed = $washer->wash($html); + + $this->assertTrue(strpos($washed, $exp) !== false, "Position:fixed (#5264)"); + } }
View file
roundcubemail.dsc
Changed
@@ -2,7 +2,7 @@ Source: roundcubemail Binary: roundcubemail Architecture: all -Version: 1:1.1.5-0~kolab2 +Version: 1:1.1.6-0~kolab1 Maintainer: Debian Roundcube Maintainers <pkg-roundcube-maintainers@lists.alioth.debian.org> Uploaders: Vincent Bernat <bernat@debian.org>, Romain Beauxis <toots@rastageeks.org>, Jeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>, Paul Klos <kolab@klos2day.nl> Homepage: http://www.roundcube.net/ @@ -13,5 +13,5 @@ Package-List: roundcubemail deb web extra Files: - 00000000000000000000000000000000 0 roundcubemail-1.1.5.tar.gz + 00000000000000000000000000000000 0 roundcubemail-1.1.6.tar.gz 00000000000000000000000000000000 0 debian.tar.gz
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.