Projects
Kolab:Winterfell
roundcubemail
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 206
View file
roundcubemail.spec
Changed
@@ -48,7 +48,7 @@ %global logdir /var/log/roundcubemail %global tmpdir /var/lib/roundcubemail -%global rc_version 1.4.4.14 +%global rc_version 1.4.7 #%%global rc_rel_suffix rc2.12 %global dot_rel_suffix %{?rc_rel_suffix:.%{rc_rel_suffix}} %global dash_rel_suffix %{?rc_rel_suffix:-%{rc_rel_suffix}} @@ -3448,6 +3448,9 @@ %defattr(-,root,root,-) %changelog +* Mon Jul 6 2020 Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> - 1.4.7-1 +- Check in release 1.4.7 + * Mon May 11 2020 Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> - 1.4.4.14-1 - Check in 14 revisions ahead of upstream 1.4.4 release
View file
debian.changelog
Changed
@@ -1,3 +1,9 @@ +roundcubemail (1.4.7-0~kolab1) unstable; urgency=low + + * Check in 1.4.7 + + -- Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> Mon, 6 Jul 2020 11:11:11 +0200 + roundcubemail (1.4.4.14-0~kolab2) unstable; urgency=low * Check in 14 revisions ahead of upstream 1.4.4 release
View file
roundcubemail-1.4.4.14.tar.gz/CHANGELOG -> roundcubemail-1.4.7.tar.gz/CHANGELOG
Changed
@@ -1,6 +1,22 @@ CHANGELOG Roundcube Webmail =========================== +RELEASE 1.4.7 +------------- +- Fix bug where subfolders of special folders could have been duplicated on folder list +- Increase maximum size of contact jobtitle and department fields to 128 characters +- Fix missing newline after the logged line when writing to stdout (#7418) +- Elastic: Fix context menu (paste) on the recipient input (#7431) +- Fix problem with forwarding inline images attached to messages with no HTML part (#7414) +- Fix problem with handling attached images with same name when using database_attachments/redundant_attachments (#7455) +- Security: Fix cross-site scripting (XSS) via HTML messages with malicious svg/namespace + +RELEASE 1.4.6 +------------- +- Installer: Fix regression in SMTP test section (#7417) + +RELEASE 1.4.5 +------------- - Fix bug in extracting required plugins from composer.json that led to spurious error in log (#7364) - Fix so the database setup description is compatible with MySQL 8 (#7340) - Markasjunk: Fix regression in jsevent driver (#7361) @@ -9,6 +25,14 @@ - Password: Fix issue with Modoboa driver (#7372) - Mailvelope: Use sender's address to find pubkeys to check signatures (#7348) - Mailvelope: Fix Encrypt button hidden in Elastic (#7353) +- Fix PHP warning: count(): Parameter must be an array or an object... in ID command handler (#7392) +- Fix error when user-configured skin does not exist anymore (#7271) +- Elastic: Fix aspect ratio of a contact photo in mail preview (#7339) +- Fix bug where PDF attachments marked as inline could have not been attached on mail forward (#7382) +- Security: Fix a couple of XSS issues in Installer (#7406) +- Security: Fix XSS issue in template object 'username' (#7406) +- Security: Better fix for CVE-2020-12641 +- Security: Fix cross-site scripting (XSS) via malicious XML attachment RELEASE 1.4.4 ------------- @@ -36,10 +60,10 @@ - Make install-jsdeps.sh script working without the 'file' program installed (#7325) - Fix performance issue of parsing big HTML messages by disabling HTML5 parser for these (#7331) - Fix so Print button for PDF attachments works on Firefox >= 75 (#5125) -- Security: Fix XSS issue in handling of CDATA in HTML messages -- Security: Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings -- Security: Fix local file inclusion (and code execution) via crafted 'plugins' option -- Security: Fix CSRF bypass that could be used to log out an authenticated user (#7302) +- Security: Fix XSS issue in handling of CDATA in HTML messages [CVE-2020-12625] +- Security: Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings [CVE-2020-12641] +- Security: Fix local file inclusion (and code execution) via crafted 'plugins' option [CVE-2020-12640] +- Security: Fix CSRF bypass that could be used to log out an authenticated user [CVE-2020-12626] (#7302) RELEASE 1.4.3 -------------
View file
roundcubemail-1.4.4.14.tar.gz/INSTALL -> roundcubemail-1.4.7.tar.gz/INSTALL
Changed
@@ -65,6 +65,9 @@ 5. Point your browser to http://url-to-roundcube/installer/ 6. Follow the instructions of the install script (or see MANUAL CONFIGURATION) 7. After creating and testing the configuration, remove the installer directory + ------------------------------------------ + IMPORTANT: REMOVE THE INSTALLER DIRECTORY! + ------------------------------------------ 8. If you use git sources compile css files for the Elastic skin (required lessc >= 1.5.0): $ cd skins/elastic
View file
roundcubemail-1.4.4.14.tar.gz/config/defaults.inc.php -> roundcubemail-1.4.7.tar.gz/config/defaults.inc.php
Changed
@@ -648,9 +648,12 @@ $config['identity_image_size'] = 64; // Mimetypes supported by the browser. -// attachments of these types will open in a preview window -// either a comma-separated list or an array: 'text/plain,text/html,text/xml,image/jpeg,image/gif,image/png,application/pdf' -$config['client_mimetypes'] = null; # null == default +// Attachments of these types will open in a preview window. +// Either a comma-separated list or an array. Default list includes: +// text/plain,text/html, +// image/jpeg,image/gif,image/png,image/bmp,image/tiff,image/webp, +// application/x-javascript,application/pdf,application/x-shockwave-flash +$config['client_mimetypes'] = null; // Path to a local mime magic database file for PHPs finfo extension. // Set to null if the default path should be used.
View file
roundcubemail-1.4.4.14.tar.gz/index.php -> roundcubemail-1.4.7.tar.gz/index.php
Changed
@@ -2,7 +2,7 @@ /** +-------------------------------------------------------------------------+ | Roundcube Webmail IMAP Client | - | Version 1.4.4 | + | Version 1.4.7 | | | | Copyright (C) The Roundcube Dev Team | | |
View file
roundcubemail-1.4.4.14.tar.gz/installer/index.php -> roundcubemail-1.4.7.tar.gz/installer/index.php
Changed
@@ -3,7 +3,7 @@ /** +-------------------------------------------------------------------------+ | Roundcube Webmail setup tool | - | Version 1.4.4 | + | Version 1.4.7 | | | | Copyright (C) The Roundcube Dev Team | | |
View file
roundcubemail-1.4.4.14.tar.gz/installer/test.php -> roundcubemail-1.4.7.tar.gz/installer/test.php
Changed
@@ -139,7 +139,7 @@ else { $RCI->fail('DSN (write)', $db_error_msg); echo '<p class="hint">Make sure that the configured database exists and that the user has write privileges<br />'; - echo 'DSN: ' . $RCI->config['db_dsnw'] . '</p>'; + echo 'DSN: ' . rcube::Q($RCI->config['db_dsnw']) . '</p>'; } } else { @@ -270,10 +270,16 @@ $user_field = new html_inputfield(array('name' => '_smtp_user', 'id' => 'smtp_user')); $user = $user_field->show($_POST['_smtp_user']); } +else { + $user = html::quote($user); +} if ($pass == '%p') { $pass_field = new html_passwordfield(array('name' => '_smtp_pass', 'id' => 'smtp_pass')); $pass = $pass_field->show(); } +else { + $pass = html::quote($pass); +} ?> @@ -284,11 +290,11 @@ <tbody> <tr> <td><label for="smtp_server">Server</label></td> - <td><?php echo rcube_utils::parse_host($RCI->getprop('smtp_server', 'localhost')); ?></td> + <td><?php echo rcube::Q(rcube_utils::parse_host($RCI->getprop('smtp_server', 'localhost'))); ?></td> </tr> <tr> <td><label for="smtp_port">Port</label></td> - <td><?php echo $RCI->getprop('smtp_port'); ?></td> + <td><?php echo rcube::Q($RCI->getprop('smtp_port')); ?></td> </tr> <tr> <td><label for="smtp_user">Username</label></td>
View file
roundcubemail-1.4.4.14.tar.gz/plugins/database_attachments/database_attachments.php -> roundcubemail-1.4.7.tar.gz/plugins/database_attachments/database_attachments.php
Changed
@@ -158,7 +158,7 @@ protected function _key($args) { $uname = $args['path'] ?: $args['name']; - return $args['group'] . md5(time() . $uname . $_SESSION['user_id']); + return $args['group'] . md5(microtime() . $uname . $_SESSION['user_id']); } /**
View file
roundcubemail-1.4.4.14.tar.gz/plugins/redundant_attachments/redundant_attachments.php -> roundcubemail-1.4.7.tar.gz/plugins/redundant_attachments/redundant_attachments.php
Changed
@@ -92,7 +92,7 @@ private function _key($args) { $uname = $args['path'] ?: $args['name']; - return $args['group'] . md5(time() . $uname . $_SESSION['user_id']); + return $args['group'] . md5(microtime() . $uname . $_SESSION['user_id']); } /**
View file
roundcubemail-1.4.4.14.tar.gz/program/include/iniset.php -> roundcubemail-1.4.7.tar.gz/program/include/iniset.php
Changed
@@ -20,7 +20,7 @@ */ // application constants -define('RCMAIL_VERSION', '1.4.4'); +define('RCMAIL_VERSION', '1.4.7'); define('RCMAIL_START', microtime(true)); if (!defined('INSTALL_PATH')) {
View file
roundcubemail-1.4.4.14.tar.gz/program/include/rcmail_output_html.php -> roundcubemail-1.4.7.tar.gz/program/include/rcmail_output_html.php
Changed
@@ -275,7 +275,9 @@ public function set_skin($skin) { if (!$this->check_skin($skin)) { - $skin = rcube_config::DEFAULT_SKIN; + // If the skin does not exist (could be removed or invalid), + // fallback to the skin set in the system configuration (#7271) + $skin = $this->config->system_skin; } $skin_path = 'skins/' . $skin; @@ -2108,7 +2110,9 @@ $username = $this->app->user->get_username(); } - return rcube_utils::idn_to_utf8($username); + $username = rcube_utils::idn_to_utf8($username); + + return html::quote($username); } /**
View file
roundcubemail-1.4.4.14.tar.gz/program/lib/Roundcube/bootstrap.php -> roundcubemail-1.4.7.tar.gz/program/lib/Roundcube/bootstrap.php
Changed
@@ -58,7 +58,7 @@ } // framework constants -define('RCUBE_VERSION', '1.4.4'); +define('RCUBE_VERSION', '1.4.7'); define('RCUBE_CHARSET', 'UTF-8'); define('RCUBE_TEMP_FILE_PREFIX', 'RCMTEMP');
View file
roundcubemail-1.4.4.14.tar.gz/program/lib/Roundcube/rcube.php -> roundcubemail-1.4.7.tar.gz/program/lib/Roundcube/rcube.php
Changed
@@ -1266,7 +1266,7 @@ // write message with file name when configured to log to STDOUT if ($log_driver == 'stdout') { $stdout = "php://stdout"; - $line = "$name: $line"; + $line = "$name: $line\n"; return file_put_contents($stdout, $line, FILE_APPEND) !== false; }
View file
roundcubemail-1.4.4.14.tar.gz/program/lib/Roundcube/rcube_config.php -> roundcubemail-1.4.7.tar.gz/program/lib/Roundcube/rcube_config.php
Changed
@@ -27,6 +27,8 @@ { const DEFAULT_SKIN = 'elastic'; + public $system_skin = 'elastic'; + private $env = ''; private $paths = array(); private $prop = array(); @@ -231,6 +233,8 @@ $this->prop['skin'] = self::DEFAULT_SKIN; } + $this->system_skin = $this->prop['skin']; + // fix paths foreach (array('log_dir' => 'logs', 'temp_dir' => 'temp') as $key => $dir) { foreach (array($this->prop[$key], '../' . $this->prop[$key], RCUBE_INSTALL_PATH . $dir) as $path) { @@ -391,7 +395,7 @@ } else if ($name == 'client_mimetypes') { if (!$result && !$def) { - $result = 'text/plain,text/html,text/xml' + $result = 'text/plain,text/html' . ',image/jpeg,image/gif,image/png,image/bmp,image/tiff,image/webp' . ',application/x-javascript,application/pdf,application/x-shockwave-flash'; } @@ -452,7 +456,7 @@ } if ($prefs['skin'] == 'default') { - $prefs['skin'] = self::DEFAULT_SKIN; + $prefs['skin'] = $this->system_skin; } $skins_allowed = $this->get('skins_allowed');
View file
roundcubemail-1.4.4.14.tar.gz/program/lib/Roundcube/rcube_image.php -> roundcubemail-1.4.7.tar.gz/program/lib/Roundcube/rcube_image.php
Changed
@@ -99,7 +99,7 @@ { $result = false; $rcube = rcube::get_instance(); - $convert = $rcube->config->get('im_convert_path', false); + $convert = self::getCommand('im_convert_path'); $props = $this->props(); if (empty($props)) { @@ -158,7 +158,7 @@ 'size' => $width . 'x' . $height, ); - $result = rcube::exec(escapeshellcmd($convert) + $result = rcube::exec($convert . ' 2>&1 -flatten -auto-orient -colorspace sRGB -strip' . ' -quality {quality} -resize {size} {intype}:{in} {type}:{out}', $p); } @@ -307,7 +307,7 @@ public function convert($type, $filename = null) { $rcube = rcube::get_instance(); - $convert = $rcube->config->get('im_convert_path', false); + $convert = self::getCommand('im_convert_path'); if (!$filename) { $filename = $this->image_file; @@ -324,8 +324,7 @@ $p['out'] = $filename; $p['type'] = self::$extensions[$type]; - $result = rcube::exec(escapeshellcmd($convert) - . ' 2>&1 -colorspace sRGB -strip -flatten -quality 75 {in} {type}:{out}', $p); + $result = rcube::exec($convert . ' 2>&1 -colorspace sRGB -strip -flatten -quality 75 {in} {type}:{out}', $p); if ($result === '') { chmod($filename, 0600); @@ -408,7 +407,7 @@ $rcube = rcube::get_instance(); // @TODO: check if specified mimetype is really supported - return class_exists('Imagick', false) || $rcube->config->get('im_convert_path'); + return class_exists('Imagick', false) || self::getCommand('im_convert_path'); } /** @@ -419,9 +418,9 @@ $rcube = rcube::get_instance(); // use ImageMagick in command line - if ($cmd = $rcube->config->get('im_identify_path')) { + if ($cmd = self::getCommand('im_identify_path')) { $args = array('in' => $this->image_file, 'format' => "%m %[fx:w] %[fx:h]"); - $id = rcube::exec(escapeshellcmd($cmd) . ' 2>/dev/null -format {format} {in}', $args); + $id = rcube::exec($cmd . ' 2>/dev/null -format {format} {in}', $args); if ($id) { return explode(' ', strtolower($id)); @@ -464,4 +463,39 @@ $size = $props['width'] * $props['height'] * $multip; return rcube_utils::mem_check($size); } + + /** + * Get the configured command and make sure it is safe to use. + * We cannot trust configuration, and escapeshellcmd() is useless. + * + * @param string $opt_name Configuration option name + * + * @return bool|string The command or False if not set or invalid + */ + private static function getCommand($opt_name) + { + static $error = []; + + $cmd = rcube::get_instance()->config->get($opt_name); + + if (empty($cmd)) { + return false; + } + + if (preg_match('/^(convert|identify)(\.exe)?$/i', $cmd)) { + return $cmd; + } + + // Executable must exist, also disallow network shares on Windows + if ($cmd[0] != "\\" && file_exists($cmd)) { + return $cmd; + } + + if (empty($error[$opt_name])) { + rcube::raise_error("Invalid $opt_name: $cmd", true, false); + $error[$opt_name] = true; + } + + return false; + } }
View file
roundcubemail-1.4.4.14.tar.gz/program/lib/Roundcube/rcube_imap.php -> roundcubemail-1.4.7.tar.gz/program/lib/Roundcube/rcube_imap.php
Changed
@@ -4390,10 +4390,17 @@ */ protected function sort_folder_specials($folder, &$list, &$specials, &$out) { - foreach ($list as $key => $name) { + $count = count($list); + + for ($i = 0; $i < $count; $i++) { + $name = $list[$i]; + if ($name === null) { + continue; + } + if ($folder === null || strpos($name, $folder.$this->delimiter) === 0) { $out[] = $name; - unset($list[$key]); + $list[$i] = null; if (!empty($specials) && ($found = array_search($name, $specials)) !== false) { unset($specials[$found]); @@ -4401,8 +4408,6 @@ } } } - - reset($list); } /**
View file
roundcubemail-1.4.4.14.tar.gz/program/lib/Roundcube/rcube_imap_generic.php -> roundcubemail-1.4.7.tar.gz/program/lib/Roundcube/rcube_imap_generic.php
Changed
@@ -1742,7 +1742,7 @@ * * @param array $items Client identification information key/value hash * - * @return array Server identification information key/value hash + * @return array|false Server identification information key/value hash, False on error * @since 0.6 */ public function id($items = array()) @@ -1761,10 +1761,12 @@ if ($code == self::ERROR_OK && $response) { $response = substr($response, 5); // remove prefix "* ID " $items = $this->tokenizeResponse($response, 1); - $result = null; + $result = array(); - for ($i=0, $len=count($items); $i<$len; $i += 2) { - $result[$items[$i]] = $items[$i+1]; + if (is_array($items)) { + for ($i=0, $len=count($items); $i<$len; $i += 2) { + $result[$items[$i]] = $items[$i+1]; + } } return $result;
View file
roundcubemail-1.4.4.14.tar.gz/program/lib/Roundcube/rcube_washtml.php -> roundcubemail-1.4.7.tar.gz/program/lib/Roundcube/rcube_washtml.php
Changed
@@ -521,7 +521,10 @@ $xpath = new DOMXPath($node->ownerDocument); foreach ($xpath->query('namespace::*') as $ns) { if ($ns->nodeName != 'xmlns:xml') { - $dump .= ' ' . $ns->nodeName . '="' . $ns->nodeValue . '"'; + $dump .= sprintf(' %s="%s"', + $ns->nodeName, + htmlspecialchars($ns->nodeValue, ENT_QUOTES, $this->config['charset']) + ); } } } @@ -588,7 +591,7 @@ $this->max_nesting_level = (int) @ini_get('xdebug.max_nesting_level'); // SVG need to be parsed as XML - $this->is_xml = stripos($html, '<html') === false && stripos($html, '<svg') !== false; + $this->is_xml = !preg_match('/<(html|head|body)/i', $html) && stripos($html, '<svg') !== false; $method = $this->is_xml ? 'loadXML' : 'loadHTML'; // DOMDocument does not support HTML5, try Masterminds parser if available
View file
roundcubemail-1.4.4.14.tar.gz/program/steps/addressbook/func.inc -> roundcubemail-1.4.7.tar.gz/program/steps/addressbook/func.inc
Changed
@@ -29,9 +29,9 @@ 'prefix' => array('type' => 'text', 'size' => 8, 'maxlength' => 20, 'limit' => 1, 'label' => $RCMAIL->gettext('nameprefix'), 'category' => 'main'), 'suffix' => array('type' => 'text', 'size' => 8, 'maxlength' => 20, 'limit' => 1, 'label' => $RCMAIL->gettext('namesuffix'), 'category' => 'main'), 'nickname' => array('type' => 'text', 'size' => 40, 'maxlength' => 50, 'limit' => 1, 'label' => $RCMAIL->gettext('nickname'), 'category' => 'main'), - 'jobtitle' => array('type' => 'text', 'size' => 40, 'maxlength' => 50, 'limit' => 1, 'label' => $RCMAIL->gettext('jobtitle'), 'category' => 'main'), + 'jobtitle' => array('type' => 'text', 'size' => 40, 'maxlength' => 128, 'limit' => 1, 'label' => $RCMAIL->gettext('jobtitle'), 'category' => 'main'), 'organization' => array('type' => 'text', 'size' => 40, 'maxlength' => 128, 'limit' => 1, 'label' => $RCMAIL->gettext('organization'), 'category' => 'main'), - 'department' => array('type' => 'text', 'size' => 40, 'maxlength' => 50, 'limit' => 1, 'label' => $RCMAIL->gettext('department'), 'category' => 'main'), + 'department' => array('type' => 'text', 'size' => 40, 'maxlength' => 128, 'limit' => 1, 'label' => $RCMAIL->gettext('department'), 'category' => 'main'), 'gender' => array('type' => 'select', 'limit' => 1, 'label' => $RCMAIL->gettext('gender'), 'options' => array('male' => $RCMAIL->gettext('male'), 'female' => $RCMAIL->gettext('female')), 'category' => 'personal'), 'maidenname' => array('type' => 'text', 'size' => 40, 'maxlength' => 50, 'limit' => 1, 'label' => $RCMAIL->gettext('maidenname'), 'category' => 'personal'), 'phone' => array('type' => 'text', 'size' => 40, 'maxlength' => 20, 'label' => $RCMAIL->gettext('phone'), 'subtypes' => array('home','home2','work','work2','mobile','main','homefax','workfax','car','pager','video','assistant','other'), 'category' => 'main'),
View file
roundcubemail-1.4.4.14.tar.gz/program/steps/mail/compose.inc -> roundcubemail-1.4.7.tar.gz/program/steps/mail/compose.inc
Changed
@@ -953,13 +953,15 @@ $loaded_attachments[$attachment['name'] . $attachment['mimetype']] = $attachment; } + $has_html = $message->has_html_part(); + foreach ((array) $message->mime_parts() as $pid => $part) { if ($part->mimetype == 'message/rfc822') { $messages[] = $part->mime_id; } if ( - $part->disposition == 'attachments' + $part->disposition == 'attachment' || ($part->disposition == 'inline' && $bodyIsHtml) || $part->filename || $part->mimetype == 'message/rfc822' @@ -988,8 +990,10 @@ $replace = null; - // skip inline images when not used in the body - if ($part->disposition == 'inline') { + // Skip inline images when not used in the body + // Note: Apple Mail sends PDF files marked as inline (#7382) + // Note: Apple clients send inline images even if there's no HTML body (#7414) + if ($has_html && $part->disposition == 'inline' && $part->mimetype != 'application/pdf') { if (!$bodyIsHtml) { continue; }
View file
roundcubemail-1.4.4.14.tar.gz/program/steps/mail/func.inc -> roundcubemail-1.4.7.tar.gz/program/steps/mail/func.inc
Changed
@@ -1891,6 +1891,11 @@ unset($mimetypes[$key]); } + // We cannot securely preview XML files as we do not have a proper parser + if (($key = array_search('text/xml', $mimetypes)) !== false) { + unset($mimetypes[$key]); + } + foreach (array('tiff', 'webp') as $type) { if (empty($_SESSION['browser_caps'][$type]) && ($key = array_search('image/' . $type, $mimetypes)) !== false) { // can we convert it to jpeg?
View file
roundcubemail-1.4.4.14.tar.gz/program/steps/mail/show.inc -> roundcubemail-1.4.7.tar.gz/program/steps/mail/show.inc
Changed
@@ -77,7 +77,7 @@ $OUTPUT->set_env('permaurl', $RCMAIL->url(array('_action' => 'show', '_uid' => $msg_id, '_mbox' => $mbox_name))); $OUTPUT->set_env('has_writeable_addressbook', $_SESSION['writeable_abook']); $OUTPUT->set_env('delimiter', $RCMAIL->storage->get_hierarchy_delimiter()); - $OUTPUT->set_env('mimetypes', rcmail_supported_mimetypes()); + $OUTPUT->set_env('mimetypes', $CLIENT_MIMETYPES = rcmail_supported_mimetypes()); if ($MESSAGE->headers->get('list-post', false)) { $OUTPUT->set_env('list_post', true); @@ -596,7 +596,7 @@ */ function rcmail_message_body($attrib) { - global $OUTPUT, $MESSAGE, $RCMAIL, $REMOTE_OBJECTS; + global $OUTPUT, $MESSAGE, $RCMAIL, $REMOTE_OBJECTS, $CLIENT_MIMETYPES; if (!is_array($MESSAGE->parts) && empty($MESSAGE->body)) { return ''; @@ -707,10 +707,8 @@ // list images after mail body if ($RCMAIL->config->get('inline_images', true) && !empty($MESSAGE->attachments)) { $thumbnail_size = $RCMAIL->config->get('image_thumbnail_size', 240); - $client_mimetypes = (array)$RCMAIL->config->get('client_mimetypes'); - - $show_label = rcube::Q($RCMAIL->gettext('showattachment')); - $download_label = rcube::Q($RCMAIL->gettext('download')); + $show_label = rcube::Q($RCMAIL->gettext('showattachment')); + $download_label = rcube::Q($RCMAIL->gettext('download')); foreach ($MESSAGE->attachments as $attach_prop) { // skip inline images @@ -722,7 +720,7 @@ if ($mimetype = rcmail_part_image_type($attach_prop)) { // display thumbnails if ($thumbnail_size) { - $supported = in_array($mimetype, $client_mimetypes); + $supported = in_array($mimetype, $CLIENT_MIMETYPES); $show_link_attr = array( 'href' => $MESSAGE->get_part_url($attach_prop->mime_id, false), 'onclick' => sprintf(
View file
roundcubemail-1.4.4.14.tar.gz/public_html/index.php -> roundcubemail-1.4.7.tar.gz/public_html/index.php
Changed
@@ -3,7 +3,7 @@ /* +-----------------------------------------------------------------------+ | Roundcube Webmail IMAP Client | - | Version 1.4.4 | + | Version 1.4.7 | | | | Copyright (C) The Roundcube Dev Team | | |
View file
roundcubemail-1.4.4.14.tar.gz/skins/elastic/styles/styles.less -> roundcubemail-1.4.7.tar.gz/skins/elastic/styles/styles.less
Changed
@@ -181,6 +181,7 @@ border-radius: 50%; width: @mail-header-photo-height; height: @mail-header-photo-height; + object-fit: cover; } div.header-content {
View file
roundcubemail-1.4.4.14.tar.gz/skins/elastic/styles/widgets/forms.less -> roundcubemail-1.4.7.tar.gz/skins/elastic/styles/widgets/forms.less
Changed
@@ -939,7 +939,7 @@ .recipient { display: flex; position: relative; - max-width: 50%; + max-width: ~"calc(50% - 3px)"; border: 1px solid @color-recipient-input-border; background-color: @color-recipient-input-background; border-radius: .25em; @@ -994,11 +994,15 @@ &:not(.recipient) { user-select: text; } + + &.input { + flex: 1; + min-width: 100px; + } } input { - width: 40px; - max-width: 100%; + width: 100%; background: transparent !important; border: 0 !important; margin-top: @recipient-input-margin-fix;
View file
roundcubemail-1.4.4.14.tar.gz/skins/elastic/ui.js -> roundcubemail-1.4.7.tar.gz/skins/elastic/ui.js
Changed
@@ -3119,9 +3119,6 @@ function recipient_input(obj) { var list, input, selection = '', - input_len_update = function() { - input.css('width', Math.max(5, input.val().length * 15 + 10)); - }, apply_func = function() { // update the original input $(obj).val(list.text() + input.val()); @@ -3167,7 +3164,6 @@ input.val(result.text); apply_func(); - input_len_update(); return result.recipients.length > 0; }, @@ -3209,20 +3205,17 @@ return false; } } - - input_len_update(); }; // Create the input element and "editable" area input = $('<input>').attr({type: 'text', tabindex: $(obj).attr('tabindex')}) .on('paste change', parse_func) - .on('input', input_len_update) // only to fix input length after paste .on('keydown', keydown_func) .on('blur', function() { list.removeClass('focus'); }) .on('focus mousedown', function() { list.addClass('focus'); }); list = $('<ul>').addClass('form-control recipient-input ac-input rounded-left') - .append($('<li>').append(input)) + .append($('<li class="input">').append(input)) // "selection" hack to allow text selection in the recipient box or multiple boxes (#7129) .on('mouseup', function () { selection = window.getSelection().toString(); }) .on('click', function() { if (!selection.length) input.focus(); });
View file
roundcubemail-1.4.4.14.tar.gz/tests/Framework/Imap.php -> roundcubemail-1.4.7.tar.gz/tests/Framework/Imap.php
Changed
@@ -17,4 +17,65 @@ $this->assertInstanceOf('rcube_imap', $object, "Class constructor"); } + + /** + * Folder sorting + */ + function test_sort_folder_list() + { + $_SESSION['imap_delimiter'] = '.'; + $_SESSION['imap_namespace'] = [ + 'personal' => null, + 'other' => [['Other Users.', '.']], + 'shared' => [['Shared.', '.']], + ]; + + foreach (array('drafts', 'sent', 'junk', 'trash') as $mbox) { + rcube::get_instance()->config->set("$mbox_mbox", ucfirst($mbox)); + } + + $object = new rcube_imap; + + $result = $object->sort_folder_list([]); + $this->assertSame([], $result); + + $result = $object->sort_folder_list(['B', 'A']); + $this->assertSame(['A', 'B'], $result); + + $folders = [ + 'Trash', + 'Sent', + 'ABC', + 'Drafts', + 'INBOX.Trash', + 'INBOX.Junk', + 'INBOX.Sent', + 'INBOX.Drafts', + 'Shared.Test1', + 'Other Users.Test2', + 'Junk', + 'INBOX', + 'DEF', + ]; + + $expected = [ + 'INBOX', + 'INBOX.Drafts', + 'INBOX.Junk', + 'INBOX.Sent', + 'INBOX.Trash', + 'Drafts', + 'Sent', + 'Junk', + 'Trash', + 'ABC', + 'DEF', + 'Other Users.Test2', + 'Shared.Test1', + ]; + + $result = $object->sort_folder_list($folders); + + $this->assertSame($expected, $result); + } }
View file
roundcubemail-1.4.4.14.tar.gz/tests/Framework/Washtml.php -> roundcubemail-1.4.7.tar.gz/tests/Framework/Washtml.php
Changed
@@ -316,6 +316,44 @@ } /** + * Test SVG cleanup + */ + function test_wash_svg2() + { + $svg = '<head xmlns=""><script>alert(document.domain)</script>"><svg></svg></head>'; + $exp = '<!-- html ignored --><!-- head ignored --><svg xmlns="http://www.w3.org/1999/xhtml"></svg>'; + + $washer = new rcube_washtml; + $washed = $washer->wash($svg); + + $this->assertSame($washed, $exp, "SVG content"); + + $svg = '<head xmlns="" onload="alert(document.domain)">Hello victim!<svg></svg></head>'; + $exp = '<!-- html ignored --><!-- head ignored -->Hello victim!<svg xmlns="http://www.w3.org/1999/xhtml"></svg>'; + + $washer = new rcube_washtml; + $washed = $washer->wash($svg); + + $this->assertSame($washed, $exp, "SVG content"); + + $svg = '<p>Hello victim!<svg xmlns="" onload="alert(document.domain)"></svg></p>'; + $exp = '<p>Hello victim!<svg /></p>'; + + $washer = new rcube_washtml; + $washed = $washer->wash($svg); + + $this->assertSame($washed, $exp, "SVG content"); + + $svg = '<svg xmlns="" onload="alert(document.domain)" />'; + $exp = '<svg xmlns="" onload="alert(document.domain)" />'; + + $washer = new rcube_washtml; + $washed = $washer->wash($svg); + + $this->assertSame($washed, $exp, "SVG content"); + } + + /** * Test position:fixed cleanup - (#5264) */ function test_style_wash_position_fixed()
View file
roundcubemail.dsc
Changed
@@ -2,7 +2,7 @@ Source: roundcubemail Binary: roundcubemail Architecture: all -Version: 1:1.4.4.14-0~kolab2 +Version: 1:1.4.7-0~kolab1 Maintainer: Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> Uploaders: Jeroen van Meeuwen <vanmeeuwen@kolabsys.com> Homepage: http://www.roundcube.net/ @@ -14,5 +14,5 @@ roundcubemail deb web extra roundcubemail-core deb web extra Files: - 00000000000000000000000000000000 0 roundcubemail-1.4.4.14.tar.gz + 00000000000000000000000000000000 0 roundcubemail-1.4.7.tar.gz 00000000000000000000000000000000 0 debian.tar.gz
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.