Opened 6 years ago

Closed 5 years ago

#1484313 closed Feature Patches (fixed)

Mailbox name not quoted when used in URL - patch available

Reported by: Emil Wojak Owned by: thomasb
Priority: 2 Milestone: 0.1.1
Component: Core functionality Version: git-master
Severity: major Keywords:
Cc:

Description

Whenever a mailbox's name has some non-ASCII characters encoded in UTF-7, it then
contains an ampersand, which should be encoded each time it's used in URL.
There are some variables both in PHP and JS code, that are used literally,
which causes some failures when dealing with such mailboxes.

In particular, you can't fetch attachments.

So here's the resolution:

Index: program/js/app.js
===================================================================
--- program/js/app.js   (wersja 536)
+++ program/js/app.js   (kopia robocza)
@@ -668,7 +668,7 @@
         break;

       case 'load-attachment':
-        var qstring = '_mbox='+this.env.mailbox+'&_uid='+this.env.uid+'&_part='+props.part;
+        var qstring = '_mbox='+urlencode(this.env.mailbox)+'&_uid='+this.env.uid+'&_part='+props.part;

         // open attachment in frame if it's of a supported mimetype
         if (this.env.uid && props.mimetype && find_in_array(props.mimetype, this.mimetypes)>=0)
@@ -1948,7 +1948,7 @@
       {
       this.message_list.clear();
       this.set_busy(true, 'searching');
-      this.http_request('search', '_search='+value+'&_mbox='+mbox, true);
+      this.http_request('search', '_search='+value+'&_mbox='+urlencode(mbox), true);
       }
     return true;
     };
Index: program/steps/mail/func.inc
===================================================================
--- program/steps/mail/func.inc (wersja 536)
+++ program/steps/mail/func.inc (kopia robocza)
@@ -59,7 +59,7 @@

 // define url for getting message parts
 if (strlen($_GET['_uid']))
-  $GET_URL = sprintf('%s&_action=get&_mbox=%s&_uid=%d', $COMM_PATH, $IMAP->get_mailbox_name(), get_input_value('_uid', RCUBE_INPUT_GET));
+  $GET_URL = sprintf('%s&_action=get&_mbox=%s&_uid=%d', $COMM_PATH, urlencode($IMAP->get_mailbox_name()), get_input_value('_uid', RCUBE_INPUT_GET));


 // set current mailbox in client environment

Attachments (3)

bugfix1484313.patch (1.5 KB) - added by Emil Wojak 6 years ago.
Solution
mboxnames.jpg (63.5 KB) - added by lancey 5 years ago.
E-mail with attachments, open from a folder with an & and non-ASCII chars in it
mboxnamesbug.diff (1.2 KB) - added by lancey 5 years ago.
Patch against current SVN (v1107)

Download all attachments as: .zip

Change History (9)

comment:1 Changed 6 years ago by Saiph

  • Priority changed from 8 to 2

Changed 6 years ago by Emil Wojak

Solution

comment:2 Changed 5 years ago by seansan

  • Milestone set to 0.1.1
  • Summary changed from Mailbox name not quoted when used in URL to Mailbox name not quoted when used in URL - patch available

review in 0.1.1 - patch available

Changed 5 years ago by lancey

E-mail with attachments, open from a folder with an & and non-ASCII chars in it

comment:3 follow-up: Changed 5 years ago by lancey

I can't replicate the problem with SVN v1107. Indeed, there are places where we don't URLencode the this.env.mailbox variable, so it's possible that problems appear. Patch added. (Seems like the second change to app.js was already done in SVN)

Changed 5 years ago by lancey

Patch against current SVN (v1107)

comment:4 in reply to: ↑ 3 Changed 5 years ago by memoryhole

Replying to lancey:

I can't replicate the problem with SVN v1107. Indeed, there are places where we don't URLencode the this.env.mailbox variable, so it's possible that problems appear. Patch added. (Seems like the second change to app.js was already done in SVN)

Agreed that there are lots of potential problems here. You left out one other instance where mbox needs to be urlencode'd---around line 2035 or so of program/js/app.js, the line that looks like this:

  this.http_request('search', '_q='+urlencode(value)+(this.env.mailbox ? '&_mbox='+this.env.mailbox : '')+(this.env.source ? urlencode(this.env.source) : ''), true);

...should look like this:

  this.http_request('search', '_q='+urlencode(value)+(this.env.mailbox ? '&_mbox='+urlencode(this.env.mailbox) : '')+(this.env.source ? urlencode(this.env.source) : ''), true);

comment:5 Changed 5 years ago by thomasb

  • Owner set to thomasb

comment:6 Changed 5 years ago by thomasb

  • Resolution set to fixed
  • Status changed from new to closed

Committed in [c5418bd8]

Note: See TracTickets for help on using tickets.