Changeset 6a35c82 in github

Timestamp:

Nov 2, 2005 5:43:55 PM (8 years ago)

Author:

thomascube <thomas@…>

Branches:

master, HEAD, courier-fix, dev-browser-capabilities, pdo, release-0.6, release-0.7, release-0.8

Children:

317219d

Parents:

fd660ac

Message:

Added more XSS protection (Bug #1308236) and some visual enhancements

Files:

• program/js/app.js (modified) (1 diff)
• program/steps/mail/func.inc (modified) (7 diffs)
• program/steps/mail/sendmail.inc (modified) (2 diffs)
• skins/default/mail.css (modified) (8 diffs)
• skins/default/templates/compose.html (modified) (1 diff)
• skins/default/templates/message.html (modified) (2 diffs)

program/js/app.js

@@ -2047 +2047 @@
       {
       var item, reg, text_obj;
+      var s_current = this.env.mailbox.toLowerCase().replace(this.mbox_expression, '');
       var s_mbox = String(mbox).toLowerCase().replace(this.mbox_expression, '');
       var s_current = this.env.mailbox.toLowerCase().replace(this.mbox_expression, '');
-      var nodes = this.gui_objects.mailboxlist.getElementsByTagName('LI');
-      
-      for (var n=0; n<nodes.length; n++)
-        {
-        item = nodes[n];
-        if (item.className && item.className.indexOf('mailbox '+s_mbox+' ')>=0)
-          this.set_classname(item, 'selected', true);
-        else if (item.className && item.className.indexOf('mailbox '+s_current)>=0)
-          this.set_classname(item, 'selected', false);          
-        }
+      
+      var current_li = document.getElementById('rcmbx'+s_current);
+      var mbox_li = document.getElementById('rcmbx'+s_mbox);
+      
+      if (current_li)
+        this.set_classname(current_li, 'selected', false);
+      if (mbox_li)
+        this.set_classname(mbox_li, 'selected', true);
       }
     

program/steps/mail/func.inc

@@ -42 +42 @@
 
 
+// set default sort col/order to session
+if (!isset($_SESSION['sort_col']))
+  $_SESSION['sort_col'] = $CONFIG['message_sort_col'];
+if (!isset($_SESSION['sort_order']))
+  $_SESSION['sort_order'] = $CONFIG['message_sort_order'];
+  
+
 // define url for getting message parts
 if (strlen($_GET['_uid']))
@@ -148 +155 @@
 function rcmail_render_folder_tree_html(&$arrFolders, &$special, &$mbox, $maxlength, $nestLevel=0)
   {
-  global $JS_OBJECT_NAME, $IMAP;
+  global $JS_OBJECT_NAME, $IMAP, $CONFIG;
 
   $idx = 0;
@@ -171 +178 @@
     if ($unread_count = $IMAP->messagecount($folder['id'], 'UNSEEN', ($folder['id']==$mbox)))
       $foldername .= sprintf(' (%d)', $unread_count);
-
-    $out .= sprintf('<li class="mailbox %s %s%s%s"><a href="#%s" onclick="return %s.command(\'list\',\'%s\')" onmouseup="return %s.mbox_mouse_up(\'%s\')">%s</a>'."\n",
-                    preg_replace('/[^a-z0-9\-_]/', '', $folder_lc),
+      
+    // make folder name safe for ids and class names
+    $folder_css = $class_name = preg_replace('/[^a-z0-9\-_]/', '', $folder_lc);
+
+    // set special class for Sent, Drafts, Trash and Junk
+    if ($folder['id']==$CONFIG['sent_mbox'])
+      $class_name = 'sent';
+    else if ($folder['id']==$CONFIG['drafts_mbox'])
+      $class_name = 'drafts';
+    else if ($folder['id']==$CONFIG['trash_mbox'])
+      $class_name = 'trash';
+    else if ($folder['id']==$CONFIG['junk_mbox'])
+      $class_name = 'junk';
+
+    $out .= sprintf('<li id="rcmbx%s" class="mailbox %s %s%s%s"><a href="./#%s" onclick="return %s.command(\'list\',\'%s\')" onmouseup="return %s.mbox_mouse_up(\'%s\')">%s</a>',
+                    $folder_css,
+                    $class_name,
                     $zebra_class,
                     $unread_count ? ' unread' : '',
@@ -185 +206 @@
 
     if (!empty($folder['folders']))
-      $out .= '<ul>' . rcmail_render_folder_tree_html($folder['folders'], $special, $mbox, $maxlength, $nestLevel+1) . "</ul>\n";
+      $out .= "\n<ul>\n" . rcmail_render_folder_tree_html($folder['folders'], $special, $mbox, $maxlength, $nestLevel+1) . "</ul>\n";
 
     $out .= "</li>\n";
@@ -240 +261 @@
 
   // check to see if we have some settings for sorting
-  $sort_col   = isset($_SESSION['sort_col'])   ? $_SESSION['sort_col']   : $CONFIG['message_sort_col'];
-  $sort_order = isset($_SESSION['sort_order']) ? $_SESSION['sort_order'] : $CONFIG['message_sort_order'];
+  $sort_col   = $_SESSION['sort_col'];
+  $sort_order = $_SESSION['sort_order'];
 
   // get message headers
@@ -983 +1004 @@
 
   // remove SCRIPT tags
-  while (($pos = strpos($body_lc, '<script')) && ($pos2 = strpos($body_lc, '</script>', $pos)))
-    {
-    $pos2 += 8;
-    $body = substr($body, 0, $pos) . substr($body, $pos2, strlen($body)-$pos2);
-    $body_lc = strtolower($body);
-    }
-  
+  foreach (array('script', 'applet', 'object', 'embed', 'iframe') as $tag)
+    {
+    while (($pos = strpos($body_lc, '<'.$tag)) && ($pos2 = strpos($body_lc, '</'.$tag.'>', $pos)))
+      {
+      $pos2 += 8;
+      $body = substr($body, 0, $pos) . substr($body, $pos2, strlen($body)-$pos2);
+      $body_lc = strtolower($body);
+      }
+    }
+
+  // replace event handlers on any object
+  $body = preg_replace('/\s(on[a-z]+)=/im', ' __removed=', $body);  
 
   // resolve <base href>
@@ -1000 +1026 @@
     $body = preg_replace($base_reg, '', $body);
     }
-
 
   // add comments arround html and other tags

program/steps/mail/sendmail.inc

@@ -66 +66 @@
 
 
-$mailto_regexp = '/,\s*$/';
-
-// trip ending ', ' from 
-$mailto = preg_replace($mailto_regexp, '', $_POST['_to']);
+$mailto_regexp = array('/,\s*[\r\n]+/', '/[\r\n]+/', '/,\s*$/m');
+$mailto_replace = array(' ', ', ', '');
+
+// repalce new lines and strip ending ', '
+$mailto = preg_replace($mailto_regexp, $mailto_replace, stripslashes($_POST['_to']));
 
 // decode address strings
@@ -91 +92 @@
 // additional recipients
 if ($_POST['_cc'])
-  $headers['Cc'] = preg_replace($mailto_regexp, '', $_POST['_cc']);
+  $headers['Cc'] = preg_replace($mailto_regexp, $mailto_replace, stripslashes($_POST['_cc']));
 
 if ($_POST['_bcc'])
-  $headers['Bcc'] = preg_replace($mailto_regexp, '', $_POST['_bcc']);
+  $headers['Bcc'] = preg_replace($mailto_regexp, $mailto_replace, stripslashes($_POST['_bcc']));
   
 if (strlen($identity_arr['bcc']))

skins/default/mail.css

@@ -76 +76 @@
   top: 60px;
   right: 40px;
-  width: 250px;
+  width: 200px;
   height: 20px;
   text-align: right;
@@ -413 +413 @@
   left: 200px;
   right: 40px;
+  bottom: 40px;
+  border: 1px solid #cccccc;
+  background-color: #FFFFFF;
+  overflow: auto;
   /* css hack for IE */
-  margin-bottom: 10px;
-  width: expression(document.body.clientWidth-240);
+  /* margin-bottom: 10px; */
+  width: expression((parseInt(document.documentElement.clientWidth)-240)+'px');
+  height: expression((parseInt(document.documentElement.clientHeight)-125)+'px');
 }
 
@@ -434 +439 @@
 table.headers-table td.header-title
 {
-  width: 70px;  
+  width: 80px;
   color: #666666;
   font-weight: bold;
   text-align: right;
+  white-space: nowrap;
   padding-right: 4px;
 }
@@ -482 +488 @@
 {
   min-height: 300px;
-  margin-top: 10px;
-  margin-bottom: 10px;
+  padding-top: 10px;
+  padding-bottom: 10px;
   background-color: #FFFFFF;
-  border: 1px solid #cccccc;
-  border-top: none;
 }
 
@@ -493 +497 @@
   padding: 8px;
   padding-top: 10px;
-  border-top: 1px solid #cccccc;
   overflow: hidden;
 }
@@ -514 +517 @@
   height: 20px;
   min-height: 20px;
+  margin: 8px 8px 0px 8px;
   padding: 10px 10px 6px 46px;  
-  margin-top: 8px;
 }
 
@@ -545 +548 @@
   left: 200px;
   right: 40px;
-  bottom: 20px;
+  bottom: 40px;
   padding: 0px;
   margin: 0px;
   /* css hack for IE */
   width: expression(document.documentElement.clientWidth-240);
-  /* height: expression((parseInt(document.documentElement.clientHeight)-130)+'px'); */
+  height: expression((parseInt(document.documentElement.clientHeight)-130)+'px');
 }
 
@@ -636 +639 @@
 {
   margin-top: 10px;
-  width: 100% !important;
+  width: 99% !important;
   width: 95%;
   height: 95%;
-  min-height: 400px;
+  min-height: 300px;
   font-size: 9pt;
   font-family: "Courier New", Courier, monospace;

skins/default/templates/compose.html

@@ -88 +88 @@
 </tr><tr>
 
-<td style="width:100%; height:100%;">
+<td style="width:100%; height:100%; vertical-align:top;">
 <roundcube:object name="composeBody" id="compose-body" form="form" cols="80" rows="20" warp="virtual" />
 </td>

skins/default/templates/message.html

@@ -11 +11 @@
 <roundcube:include file="/includes/header.html" />
 
+<div id="messagecountbar">
+<roundcube:button command="previousmessage" imageAct="/images/buttons/previous_act.png" imagePas="/images/buttons/previous_pas.png" width="11" height="11" title="previousmessages" />
+&nbsp;<roundcube:object name="messageCountDisplay" />&nbsp;
+<roundcube:button command="nextmessage" imageAct="/images/buttons/next_act.png" imagePas="/images/buttons/next_pas.png" width="11" height="11" title="nextmessages" />
+</div>
+
 <div id="messagetoolbar">
 <roundcube:button command="list" image="/images/buttons/back_act.png" width="32" height="32" title="backtolist" />
@@ -19 +25 @@
 <roundcube:button command="viewsource" imageAct="/images/buttons/source_act.png" imagePas="/images/buttons/source_pas.png" width="32" height="32" title="viewsource" />
 <roundcube:object name="mailboxlist" type="select" noSelection="moveto" maxlength="25" onchange="rcmail.command('moveto', this.options[this.selectedIndex].value)" class="mboxlist" />
-</div>
-
-<div id="messagecountbar">
-<roundcube:button command="previousmessage" imageAct="/images/buttons/previous_act.png" imagePas="/images/buttons/previous_pas.png" width="11" height="11" title="previousmessages" />
-&nbsp;<roundcube:object name="messageCountDisplay" />&nbsp;
-<roundcube:button command="nextmessage" imageAct="/images/buttons/next_act.png" imagePas="/images/buttons/next_pas.png" width="11" height="11" title="nextmessages" />
 </div>