Do a better job catching some bad header input.

diff --git a/imp/lib/Block/newmail.php b/imp/lib/Block/newmail.php
index 8e45dd8..9c2d166 100644 (file)
--- a/imp/lib/Block/newmail.php
+++ b/imp/lib/Block/newmail.php
@@ -52,11 +52,11 @@ class Horde_Block_imp_newmail extends Horde_Block
 
             while (list($uid, $ob) = each($fetch_ret)) {
                 $date = $imp_ui->getDate($ob['envelope']['date']);
-                $from = $imp_ui->getFrom($ob, false);
-                $subject = $imp_ui->getSubject($ob['envelope']['subject']);
+                $from = $imp_ui->getFrom($ob, array('specialchars' => $charset));
+                $subject = $imp_ui->getSubject($ob['envelope']['subject'], true);
 
                 $html .= '<tr style="cursor:pointer" class="text" onclick="DimpBase.go(\'msg:INBOX:' . $uid . '\');return false;"><td>' .
-                    '<strong>' . htmlspecialchars($from['from'], ENT_QUOTES, $charset) . '</strong><br />' .
+                    '<strong>' . $from['from'] . '</strong><br />' .
                     $subject . '</td>' .
                     '<td>' . htmlspecialchars($date, ENT_QUOTES, $charset) . '</td></tr>';
             }

diff --git a/imp/lib/UI/Mailbox.php b/imp/lib/UI/Mailbox.php
index 2c46670..15f5893 100644 (file)
--- a/imp/lib/UI/Mailbox.php
+++ b/imp/lib/UI/Mailbox.php
@@ -40,8 +40,14 @@ class IMP_UI_Mailbox
     /**
      * Get From address information for display on mailbox page.
      *
-     * @param array $ob      An array of envelope information.
-     * @param boolean $full  If true, returns 'fullfrom' information.
+     * @param array $ob       An array of envelope information.
+     * @param array $options  Additional options:
+     * <pre>
+     * 'fullfrom' - (boolean) If true, returns 'fullfrom' information.
+     *              DEFAULT: false
+     * 'specialchars' - (string) If set, run 'from' return through
+     *                  htmlspecialchars() using the given charset.
+     * </pre>
      *
      * @return array  An array of information:
      * <pre>
@@ -51,7 +57,7 @@ class IMP_UI_Mailbox
      * 'to' - (boolean)
      * </pre>
      */
-    public function getFrom($ob, $full = true)
+    public function getFrom($ob, $options = array())
     {
         $ret = array('error' => false, 'to' => false);
 
@@ -89,7 +95,7 @@ class IMP_UI_Mailbox
                         $ret['from'] = empty($first_to['personal'])
                             ? $first_to['inner']
                             : $first_to['personal'];
-                        if ($full) {
+                        if (!empty($options['fullfrom'])) {
                             $ret['fullfrom'] = $first_to['display'];
                         }
                     }
@@ -105,7 +111,7 @@ class IMP_UI_Mailbox
                 if ($this->_cache['drafts_sm_folder']) {
                     $ret['from'] = _("From") . ': ' . $ret['from'];
                 }
-                if ($full) {
+                if (!empty($options['fullfrom'])) {
                     $ret['fullfrom'] = $from['display'];
                 }
             }
@@ -115,6 +121,16 @@ class IMP_UI_Mailbox
             $ret['fullfrom'] = $ret['from'];
         }
 
+        if (!empty($ret['from']) && !empty($options['specialchars'])) {
+            $old_error = error_reporting(0);
+            $res = htmlspecialchars($ret['from'], ENT_QUOTES, $options['specialchars']);
+            if (empty($res)) {
+                $res = htmlspecialchars($ret['from']);
+            }
+            $ret['from'] = $res;
+            error_reporting($old_error);
+        }
+
         return $ret;
     }
 
@@ -234,12 +250,13 @@ class IMP_UI_Mailbox
         }
 
         $new_subject = $subject = IMP::filterText(preg_replace("/\s+/", ' ', $subject));
-        if ($_SESSION['imp']['view'] == 'dimp') {
-            require_once 'Horde/Text.php';
-            $new_subject = str_replace('&nbsp;', '&#160;', Text::htmlSpaces($subject));
-        } elseif ($htmlspaces) {
+
+        if ($htmlspaces) {
             require_once 'Horde/Text.php';
             $new_subject = Text::htmlSpaces($subject);
+            if (empty($new_subject)) {
+                $new_subject = htmlspecialchars($subject);
+            }
         }
 
         return empty($new_subject) ? $subject : $new_subject;

diff --git a/imp/lib/Views/ListMessages.php b/imp/lib/Views/ListMessages.php
index e54794f..6977144 100644 (file)
--- a/imp/lib/Views/ListMessages.php
+++ b/imp/lib/Views/ListMessages.php
@@ -326,11 +326,11 @@ class IMP_Views_ListMessages
             $msg['date'] = htmlspecialchars($imp_ui->getDate($ob['envelope']['date']), ENT_QUOTES, $charset);
 
             /* Format the From: Header. */
-            $getfrom = $imp_ui->getFrom($ob['envelope'], false);
-            $msg['from'] = htmlspecialchars($getfrom['from'], ENT_QUOTES, $charset);
+            $getfrom = $imp_ui->getFrom($ob['envelope'], array('specialchars' => $charset));
+            $msg['from'] = $getfrom['from'];
 
             /* Format the Subject: Header. */
-            $msg['subject'] = $imp_ui->getSubject($ob['envelope']['subject']);
+            $msg['subject'] = $imp_ui->getSubject($ob['envelope']['subject'], true);
 
             /* Check to see if this is a list message. Namely, we want to
              * check for 'List-Post' information because that is the header

diff --git a/imp/mailbox-mimp.php b/imp/mailbox-mimp.php
index 5d1ff25..dc26471 100644 (file)
--- a/imp/mailbox-mimp.php
+++ b/imp/mailbox-mimp.php
@@ -102,7 +102,7 @@ while (list(,$ob) = each($mbox_info['overview'])) {
     );
 
     /* Format the from header. */
-    $getfrom = $imp_ui->getFrom($ob['envelope'], false);
+    $getfrom = $imp_ui->getFrom($ob['envelope']);
     $msg['from'] = $getfrom['from'];
     if (String::length($msg['from']) > $conf['mimp']['mailbox']['max_from_chars']) {
         $msg['from'] = String::substr($msg['from'], 0, $conf['mimp']['mailbox']['max_from_chars']) . '...';

diff --git a/imp/mailbox.php b/imp/mailbox.php
index 1776984..239e516 100644 (file)
--- a/imp/mailbox.php
+++ b/imp/mailbox.php
@@ -800,8 +800,8 @@ while (list($seq, $ob) = each($mbox_info['overview'])) {
     }
 
     /* Format the From: Header. */
-    $getfrom = $imp_ui->getFrom($ob['envelope']);
-    $msg['from'] = htmlspecialchars($getfrom['from']);
+    $getfrom = $imp_ui->getFrom($ob['envelope'], array('fullfrom' => true, 'specialchars' => NLS::getCharset()));
+    $msg['from'] = $getfrom['from'];
     $msg['fullfrom'] = $getfrom['fullfrom'];
     switch ($fromlinkstyle) {
     case 0:

diff --git a/imp/rss.php b/imp/rss.php
index 917b85e..ae415b6 100644 (file)
--- a/imp/rss.php
+++ b/imp/rss.php
@@ -64,7 +64,7 @@ if (!empty($ids)) {
     $overview = $imp_mailbox->getMailboxArray(array_slice($ids, 0, 20), $conf['mailbox']['show_preview'] && $prefs->getValue('preview_enabled'));
 
     foreach ($overview['overview'] as $ob) {
-        $from_addr = $imp_ui->getFrom($ob['envelope']);
+        $from_addr = $imp_ui->getFrom($ob['envelope'], array('fullfrom' => true));
         $items[] = array_map('htmlspecialchars', array(
             'title' => $imp_ui->getSubject($ob['envelope']['subject']),
             'pubDate' => date('r', strtotime($ob['envelope']['date'])),