From: Michael M Slusarz Date: Fri, 12 Dec 2008 00:03:37 +0000 (-0700) Subject: Do a better job catching some bad header input. X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=2bfcb48ac4046875fee8dfa10ed2c850150dec51;p=horde.git Do a better job catching some bad header input. --- diff --git a/imp/lib/Block/newmail.php b/imp/lib/Block/newmail.php index 8e45dd814..9c2d166dd 100644 --- a/imp/lib/Block/newmail.php +++ b/imp/lib/Block/newmail.php @@ -52,11 +52,11 @@ class Horde_Block_imp_newmail extends Horde_Block while (list($uid, $ob) = each($fetch_ret)) { $date = $imp_ui->getDate($ob['envelope']['date']); - $from = $imp_ui->getFrom($ob, false); - $subject = $imp_ui->getSubject($ob['envelope']['subject']); + $from = $imp_ui->getFrom($ob, array('specialchars' => $charset)); + $subject = $imp_ui->getSubject($ob['envelope']['subject'], true); $html .= '' . - '' . htmlspecialchars($from['from'], ENT_QUOTES, $charset) . '
' . + '' . $from['from'] . '
' . $subject . '' . '' . htmlspecialchars($date, ENT_QUOTES, $charset) . ''; } diff --git a/imp/lib/UI/Mailbox.php b/imp/lib/UI/Mailbox.php index 2c46670d4..15f58930e 100644 --- a/imp/lib/UI/Mailbox.php +++ b/imp/lib/UI/Mailbox.php @@ -40,8 +40,14 @@ class IMP_UI_Mailbox /** * Get From address information for display on mailbox page. * - * @param array $ob An array of envelope information. - * @param boolean $full If true, returns 'fullfrom' information. + * @param array $ob An array of envelope information. + * @param array $options Additional options: + * 
+     * 'fullfrom' - (boolean) If true, returns 'fullfrom' information.
+     *              DEFAULT: false
+     * 'specialchars' - (string) If set, run 'from' return through
+     *                  htmlspecialchars() using the given charset.
+     *
* * @return array An array of information: * 
@@ -51,7 +57,7 @@ class IMP_UI_Mailbox
      * 'to' - (boolean)
      *
*/ - public function getFrom($ob, $full = true) + public function getFrom($ob, $options = array()) { $ret = array('error' => false, 'to' => false); @@ -89,7 +95,7 @@ class IMP_UI_Mailbox $ret['from'] = empty($first_to['personal']) ? $first_to['inner'] : $first_to['personal']; - if ($full) { + if (!empty($options['fullfrom'])) { $ret['fullfrom'] = $first_to['display']; } } @@ -105,7 +111,7 @@ class IMP_UI_Mailbox if ($this->_cache['drafts_sm_folder']) { $ret['from'] = _("From") . ': ' . $ret['from']; } - if ($full) { + if (!empty($options['fullfrom'])) { $ret['fullfrom'] = $from['display']; } } @@ -115,6 +121,16 @@ class IMP_UI_Mailbox $ret['fullfrom'] = $ret['from']; } + if (!empty($ret['from']) && !empty($options['specialchars'])) { + $old_error = error_reporting(0); + $res = htmlspecialchars($ret['from'], ENT_QUOTES, $options['specialchars']); + if (empty($res)) { + $res = htmlspecialchars($ret['from']); + } + $ret['from'] = $res; + error_reporting($old_error); + } + return $ret; } @@ -234,12 +250,13 @@ class IMP_UI_Mailbox } $new_subject = $subject = IMP::filterText(preg_replace("/\s+/", ' ', $subject)); - if ($_SESSION['imp']['view'] == 'dimp') { - require_once 'Horde/Text.php'; - $new_subject = str_replace(' ', ' ', Text::htmlSpaces($subject)); - } elseif ($htmlspaces) { + + if ($htmlspaces) { require_once 'Horde/Text.php'; $new_subject = Text::htmlSpaces($subject); + if (empty($new_subject)) { + $new_subject = htmlspecialchars($subject); + } } return empty($new_subject) ? $subject : $new_subject; diff --git a/imp/lib/Views/ListMessages.php b/imp/lib/Views/ListMessages.php index e54794f62..697714448 100644 --- a/imp/lib/Views/ListMessages.php +++ b/imp/lib/Views/ListMessages.php @@ -326,11 +326,11 @@ class IMP_Views_ListMessages $msg['date'] = htmlspecialchars($imp_ui->getDate($ob['envelope']['date']), ENT_QUOTES, $charset); /* Format the From: Header. */ - $getfrom = $imp_ui->getFrom($ob['envelope'], false); - $msg['from'] = htmlspecialchars($getfrom['from'], ENT_QUOTES, $charset); + $getfrom = $imp_ui->getFrom($ob['envelope'], array('specialchars' => $charset)); + $msg['from'] = $getfrom['from']; /* Format the Subject: Header. */ - $msg['subject'] = $imp_ui->getSubject($ob['envelope']['subject']); + $msg['subject'] = $imp_ui->getSubject($ob['envelope']['subject'], true); /* Check to see if this is a list message. Namely, we want to * check for 'List-Post' information because that is the header diff --git a/imp/mailbox-mimp.php b/imp/mailbox-mimp.php index 5d1ff2579..dc26471b5 100644 --- a/imp/mailbox-mimp.php +++ b/imp/mailbox-mimp.php @@ -102,7 +102,7 @@ while (list(,$ob) = each($mbox_info['overview'])) { ); /* Format the from header. */ - $getfrom = $imp_ui->getFrom($ob['envelope'], false); + $getfrom = $imp_ui->getFrom($ob['envelope']); $msg['from'] = $getfrom['from']; if (String::length($msg['from']) > $conf['mimp']['mailbox']['max_from_chars']) { $msg['from'] = String::substr($msg['from'], 0, $conf['mimp']['mailbox']['max_from_chars']) . '...'; diff --git a/imp/mailbox.php b/imp/mailbox.php index 1776984d4..239e516a1 100644 --- a/imp/mailbox.php +++ b/imp/mailbox.php @@ -800,8 +800,8 @@ while (list($seq, $ob) = each($mbox_info['overview'])) { } /* Format the From: Header. */ - $getfrom = $imp_ui->getFrom($ob['envelope']); - $msg['from'] = htmlspecialchars($getfrom['from']); + $getfrom = $imp_ui->getFrom($ob['envelope'], array('fullfrom' => true, 'specialchars' => NLS::getCharset())); + $msg['from'] = $getfrom['from']; $msg['fullfrom'] = $getfrom['fullfrom']; switch ($fromlinkstyle) { case 0: diff --git a/imp/rss.php b/imp/rss.php index 917b85e72..ae415b6b0 100644 --- a/imp/rss.php +++ b/imp/rss.php @@ -64,7 +64,7 @@ if (!empty($ids)) { $overview = $imp_mailbox->getMailboxArray(array_slice($ids, 0, 20), $conf['mailbox']['show_preview'] && $prefs->getValue('preview_enabled')); foreach ($overview['overview'] as $ob) { - $from_addr = $imp_ui->getFrom($ob['envelope']); + $from_addr = $imp_ui->getFrom($ob['envelope'], array('fullfrom' => true)); $items[] = array_map('htmlspecialchars', array( 'title' => $imp_ui->getSubject($ob['envelope']['subject']), 'pubDate' => date('r', strtotime($ob['envelope']['date'])),