banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Better patch to correctly quote email recipient strings (from #1484191)

Browse Source
release-0.6
thomascube 17 years ago
parent 46bc52b56a
commit 0c6f4b8864
3 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File

5
program/include/main.inc
Unescape Escape View File

@ -1567,7 +1567,10 @@ function format_date($date, $format=NULL)
function format_email_recipient($email, $name='') function format_email_recipient($email, $name='')
{ {
if ($name && $name != $email) if ($name && $name != $email)
return sprintf('%s <%s>', strpos($name, ",") ? '"'.$name.'"' : $name, $email); {
// Special chars as defined by RFC 822 need to in quoted string (or escaped).
return sprintf('%s <%s>', preg_match('/[\(\)\<\>\\\.\[\]@,;:"]/', $name) ? '"'.addcslashes($name, '"').'"' : $name, $email);
}
else else
return $email; return $email;
} }

4
program/include/rcube_imap.inc
Unescape Escape View File

@ -2272,6 +2272,8 @@ class rcube_imap
{ {
$a = $this->_parse_address_list($input, $decode); $a = $this->_parse_address_list($input, $decode);
$out = array(); $out = array();
// Special chars as defined by RFC 822 need to in quoted string (or escaped).
$special_chars = '[\(\)\<\>\\\.\[\]@,;:"]';
if (!is_array($a)) if (!is_array($a))
return $out; return $out;
@ -2285,7 +2287,7 @@ class rcube_imap
$address = $val['address']; $address = $val['address'];
$name = preg_replace(array('/^[\'"]/', '/[\'"]$/'), '', trim($val['name'])); $name = preg_replace(array('/^[\'"]/', '/[\'"]$/'), '', trim($val['name']));
if ($name && $address && $name != $address) if ($name && $address && $name != $address)
$string = sprintf('%s <%s>', preg_match('/[,;<>]/', $name) ? '"'.addcslashes($name, '"').'"' : $name, $address); $string = sprintf('%s <%s>', preg_match("/$special_chars/", $name) ? '"'.addcslashes($name, '"').'"' : $name, $address);
else if ($address) else if ($address)
$string = $address; $string = $address;
else if ($name) else if ($name)

4
program/steps/mail/compose.inc
Unescape Escape View File

@ -893,7 +893,7 @@ if ($result = $CONTACTS->list_records())
{ {
while ($sql_arr = $result->iterate()) while ($sql_arr = $result->iterate())
if ($sql_arr['email']) if ($sql_arr['email'])
$a_contacts[] = format_email_recipient($sql_arr['email'], JQ($sql_arr['name'])); $a_contacts[] = format_email_recipient($sql_arr['email'], $sql_arr['name']);
} }
if (isset($CONFIG['ldap_public'])) if (isset($CONFIG['ldap_public']))
{ {
@ -918,7 +918,7 @@ if (isset($CONFIG['ldap_public']))
$email = $results->records[$i]['email']; $email = $results->records[$i]['email'];
$name = $results->records[$i]['name']; $name = $results->records[$i]['name'];
$a_contacts[] = format_email_recipient($email, JQ($name)); $a_contacts[] = format_email_recipient($email, $name);
} }
} }
$LDAP->close(); $LDAP->close();

Write Preview
Loading…
Cancel
Save