← Back to branch summary

~siretart/+junk/bug.306536

~siretart/+junk/bug.306536

« back to all changes in this revision

Viewing changes to src/read_body.php

Committer: Bazaar Package Importer
Author(s): Thijs Kinkhorst
Date: 2008-11-01 06:26:55 UTC
mfrom: (1.1.7 squirrelmail-gutsy-upstream)
Revision ID: jamesw@ubuntu.com-20081101062655-yaax9buhme4ukmrp

Tags: ubuntu-2:1.4.10a-1

* New upstream security release.
  - Fixes cross site scripting in the HTML filter [CVE-2007-1262]
  - Tweaks SMTP error message display (Closes: #403705).
  - Fixes address duplication on reply-all (Closes: #408242).

files added:
doc/ReleaseNotes/1.4/Notes-1.4.10.txt

doc/ReleaseNotes/1.4/Notes-1.4.9a.txt

files removed:
doc/db-backend.txt

doc/themes.txt

files modified:
ChangeLog

INSTALL

ReleaseNotes

class/deliver/Deliver.class.php

class/deliver/Deliver_IMAP.class.php

class/deliver/Deliver_SMTP.class.php

class/deliver/Deliver_SendMail.class.php

class/deliver/index.php

class/helper/VCard.class.php

class/helper/index.php

class/html.class.php

class/index.php

class/mime.class.php

class/mime/AddressStructure.class.php

class/mime/ContentType.class.php

class/mime/Disposition.class.php

class/mime/Language.class.php

class/mime/Message.class.php

class/mime/MessageHeader.class.php

class/mime/Rfc822Header.class.php

class/mime/SMimeMessage.class.php

class/mime/index.php

config/conf.pl

config/config_default.php

config/config_local.php

config/index.php

contrib/RPM/squirrelmail.conf

contrib/RPM/squirrelmail.cron

contrib/RPM/squirrelmail.spec

contrib/decrypt_headers.php

data/default_pref

data/index.php

debian/changelog

debian/control

debian/squirrelmail.docs

doc/authentication.txt

doc/index.html

doc/presets.txt

doc/security.txt

doc/translating.txt

functions/abook_database.php

functions/abook_ldap_server.php

functions/abook_local_file.php

functions/addressbook.php

functions/attachment_common.php

functions/auth.php

functions/constants.php

functions/date.php

functions/db_prefs.php

functions/decode/cp1250.php

functions/decode/cp1251.php

functions/decode/cp1252.php

functions/decode/cp1253.php

functions/decode/cp1254.php

functions/decode/cp1255.php

functions/decode/cp1256.php

functions/decode/cp1257.php

functions/decode/cp1258.php

functions/decode/cp855.php

functions/decode/cp866.php

functions/decode/index.php

functions/decode/iso_8859_1.php

functions/decode/iso_8859_10.php

functions/decode/iso_8859_11.php

functions/decode/iso_8859_13.php

functions/decode/iso_8859_14.php

functions/decode/iso_8859_15.php

functions/decode/iso_8859_16.php

functions/decode/iso_8859_2.php

functions/decode/iso_8859_3.php

functions/decode/iso_8859_4.php

functions/decode/iso_8859_5.php

functions/decode/iso_8859_6.php

functions/decode/iso_8859_7.php

functions/decode/iso_8859_8.php

functions/decode/iso_8859_9.php

functions/decode/iso_ir_111.php

functions/decode/koi8_r.php

functions/decode/koi8_u.php

functions/decode/ns_4551_1.php

functions/decode/tis_620.php

functions/decode/us_ascii.php

functions/decode/utf_8.php

functions/display_messages.php

functions/encode/cp1251.php

functions/encode/cp1255.php

functions/encode/cp1256.php

functions/encode/index.php

functions/encode/iso_8859_1.php

functions/encode/iso_8859_15.php

functions/encode/iso_8859_2.php

functions/encode/iso_8859_7.php

functions/encode/iso_8859_9.php

functions/encode/koi8_r.php

functions/encode/koi8_u.php

functions/encode/tis_620.php

functions/encode/us_ascii.php

functions/encode/utf_8.php

functions/file_prefs.php

functions/forms.php

functions/gettext.php

functions/global.php

functions/html.php

functions/i18n.php

functions/identity.php

functions/imap.php

functions/imap_general.php

functions/imap_mailbox.php

functions/imap_messages.php

functions/imap_search.php

functions/imap_utf7_local.php

functions/index.php

functions/mailbox_display.php

functions/mime.php

functions/options.php

functions/page_header.php

functions/plugin.php

functions/prefs.php

functions/strings.php

functions/tree.php

functions/url_parser.php

help/index.php

images/index.php

include/index.php

include/load_prefs.php

include/options/display.php

include/options/folder.php

include/options/index.php

include/options/personal.php

include/validate.php

index.php

locale/README.locales

locale/index.php

plugins/abook_take/index.php

plugins/abook_take/setup.php

plugins/abook_take/take.php

plugins/administrator/auth.php

plugins/administrator/defines.php

plugins/administrator/index.php

plugins/administrator/options.php

plugins/administrator/setup.php

plugins/bug_report/bug_report.php

plugins/bug_report/index.php

plugins/bug_report/setup.php

plugins/calendar/README

plugins/calendar/calendar.php

plugins/calendar/calendar_data.php

plugins/calendar/day.php

plugins/calendar/event_create.php

plugins/calendar/event_delete.php

plugins/calendar/event_edit.php

plugins/calendar/functions.php

plugins/calendar/index.php

plugins/calendar/setup.php

plugins/delete_move_next/index.php

plugins/delete_move_next/setup.php

plugins/filters/bulkquery/index.php

plugins/filters/filters.php

plugins/filters/index.php

plugins/filters/options.php

plugins/filters/setup.php

plugins/filters/spamoptions.php

plugins/fortune/index.php

plugins/fortune/setup.php

plugins/index.php

plugins/info/functions.php

plugins/info/index.php

plugins/info/options.php

plugins/info/setup.php

plugins/listcommands/index.php

plugins/listcommands/mailout.php

plugins/listcommands/setup.php

plugins/mail_fetch/class.POP3.php

plugins/mail_fetch/fetch.php

plugins/mail_fetch/functions.php

plugins/mail_fetch/index.php

plugins/mail_fetch/options.php

plugins/mail_fetch/setup.php

plugins/message_details/index.php

plugins/message_details/message_details_bottom.php

plugins/message_details/message_details_main.php

plugins/message_details/message_details_top.php

plugins/message_details/setup.php

plugins/newmail/index.php

plugins/newmail/newmail.php

plugins/newmail/newmail_opt.php

plugins/newmail/setup.php

plugins/newmail/sounds/index.php

plugins/newmail/testsound.php

plugins/sent_subfolders/index.php

plugins/sent_subfolders/setup.php

plugins/spamcop/index.php

plugins/spamcop/options.php

plugins/spamcop/setup.php

plugins/spamcop/spamcop.php

plugins/squirrelspell/INSTALL

plugins/squirrelspell/doc/index.php

plugins/squirrelspell/index.php

plugins/squirrelspell/js/check_me.js

plugins/squirrelspell/js/crypto_settings.js

plugins/squirrelspell/js/decrypt_error.js

plugins/squirrelspell/js/index.php

plugins/squirrelspell/js/init.js

plugins/squirrelspell/modules/check_me.mod

plugins/squirrelspell/modules/crypto.mod

plugins/squirrelspell/modules/crypto_badkey.mod

plugins/squirrelspell/modules/edit_dic.mod

plugins/squirrelspell/modules/enc_setup.mod

plugins/squirrelspell/modules/forget_me.mod

plugins/squirrelspell/modules/forget_me_not.mod

plugins/squirrelspell/modules/index.php

plugins/squirrelspell/modules/init.mod

plugins/squirrelspell/modules/lang_change.mod

plugins/squirrelspell/modules/lang_setup.mod

plugins/squirrelspell/modules/options_main.mod

plugins/squirrelspell/setup.php

plugins/squirrelspell/sqspell_config.php

plugins/squirrelspell/sqspell_functions.php

plugins/squirrelspell/sqspell_interface.php

plugins/squirrelspell/sqspell_options.php

plugins/translate/index.php

plugins/translate/options.php

plugins/translate/setup.php

po/compilepo

po/independent_strings.txt

po/index.php

po/mergepo

po/squirrelmail.pot

po/xgetpo

src/addrbook_popup.php

src/addrbook_search.php

src/addrbook_search_html.php

src/addressbook.php

src/compose.php

src/configtest.php

src/delete_message.php

src/download.php

src/empty_trash.php

src/folders.php

src/folders_create.php

src/folders_delete.php

src/folders_rename_do.php

src/folders_rename_getname.php

src/folders_subscribe.php

src/help.php

src/image.php

src/index.php

src/left_main.php

src/login.php

src/mailto.php

src/move_messages.php

src/options.php

src/options_highlight.php

src/options_identities.php

src/options_order.php

src/printer_friendly_bottom.php

src/printer_friendly_main.php

src/printer_friendly_top.php

src/read_body.php

src/redirect.php

src/right_main.php

src/search.php

src/signout.php

src/vcard.php

src/view_header.php

src/view_text.php

src/webmail.php

themes/README.themes

themes/alien_glow.php

themes/autumn.php

themes/autumn2.php

themes/black_bean_burrito_theme.php

themes/blue_grey_theme.php

themes/blue_on_blue.php

themes/bluesnews_theme.php

themes/bluesome.php

themes/bluesteel_theme.php

themes/christmas.php

themes/classic_blue.php

themes/classic_blue2.php

themes/css/index.php

themes/dark_green.php

themes/dark_grey_theme.php

themes/darkness.php

themes/deepocean2_theme.php

themes/deepocean_theme.php

themes/default_theme.php

themes/dompie_theme.php

themes/forest_theme.php

themes/greenhouse_effect.php

themes/high_contrast_theme.php

themes/ice_theme.php

themes/in_the_pink.php

themes/index.php

themes/kind_of_blue.php

themes/maize_theme.php

themes/methodical_theme.php

themes/midnight.php

themes/minimal_bw.php

themes/monostochastic.php

themes/netstyle_theme.php

themes/penguin.php

themes/plain_blue_theme.php

themes/powder_blue.php

themes/purple_theme.php

themes/random.php

themes/redmond.php

themes/sandstorm_theme.php

themes/seaspray_theme.php

themes/servery_theme.php

themes/shades_of_grey.php

themes/silver_steel_theme.php

themes/simple_green2.php

themes/simple_green_theme.php

themes/simple_purple.php

themes/slashdot_theme.php

themes/spice_of_life.php

themes/spice_of_life_dark.php

themes/spice_of_life_lite.php

themes/techno_blue.php

themes/turquoise.php

themes/wood_theme.php

Show diffs side-by-side

added added

removed removed

src/read_body.php

6

6

* This file is used for reading the msgs array and displaying

7

7

* the resulting emails in the right frame.

8

8

*

9

* @copyright © 1999-2006 The SquirrelMail Project Team

9

* @copyright © 1999-2007 The SquirrelMail Project Team

10

10

* @license http://opensource.org/licenses/gpl-license.php GNU Public License

11

* @version $Id: read_body.php,v 1.283.2.31 2006/08/01 05:47:32 tokul Exp $

11

* @version $Id: read_body.php 12285 2007-02-27 19:07:02Z kink $

12

12

* @package squirrelmail

13

13

*/

14

14

218

218

}

219

219

220

220

// part 1 (RFC2298)

221

$senton = getLongDateString( $header->date );

221

$senton = getLongDateString( $header->date, $header->date_unparsed );

222

222

$to_array = $header->to;

223

223

$to = '';

224

224

foreach ($to_array as $line) {

326

326

$success = $deliver->finalizeStream($stream);

327

327

}

328

328

if (!$success) {

329

$msg = $deliver->dlv_msg . '<br />' .

330

_("Server replied:") . ' ' . $deliver->dlv_ret_nr . ' '.

331

$deliver->dlv_server_msg;

329

$msg = _("Message not sent.") .' '. _("Server replied:") .

330

"\n<blockquote>\n" . $deliver->dlv_msg . '<br />' .

331

$deliver->dlv_ret_nr . ' ' .

332

$deliver->dlv_server_msg . "</blockquote>\n\n";

332

333

require_once(SM_PATH . 'functions/display_messages.php');

333

334

plain_error_message($msg, $color);

334

335

} else {

422

423

}

423

424

}

424

425

$env[_("From")] = decodeHeader($from_name);

425

$env[_("Date")] = getLongDateString($header->date);

426

$env[_("Date")] = getLongDateString($header->date, $header->date_unparsed);

426

427

$env[_("To")] = formatRecipientString($header->to, "to");

427

428

$env[_("Cc")] = formatRecipientString($header->cc, "cc");

428

429

$env[_("Bcc")] = formatRecipientString($header->bcc, "bcc");

443

444

$message->is_deleted ||

444

445

$passed_ent_id)) {

445

446

$mdn_url = $PHP_SELF;

446

$mdn_url = set_url_var($PHP_SELF, 'mailbox', urlencode($mailbox));

447

$mdn_url = set_url_var($PHP_SELF, 'passed_id', $passed_id);

448

$mdn_url = set_url_var($PHP_SELF, 'passed_ent_id', $passed_ent_id);

449

$mdn_url = set_url_var($PHP_SELF, 'sendreceipt', 1);

447

$mdn_url = set_url_var($mdn_url, 'mailbox', urlencode($mailbox));

448

$mdn_url = set_url_var($mdn_url, 'passed_id', $passed_id);

449

$mdn_url = set_url_var($mdn_url, 'passed_ent_id', $passed_ent_id);

450

$mdn_url = set_url_var($mdn_url, 'sendreceipt', 1);

450

451

if ($FirstTimeSee && $javascript_on) {

451

452

$script = '<script language="JavaScript" type="text/javascript">' . "\n";

452

453

$script .= '<!--'. "\n";

Older »