Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names

6 years ago · 1247a8dd7d
parent 0716d499bc
commit 1247a8dd7d
5 changed files with 73 additions and 16 deletions
--- a/1
+++ b/1
@ -84,6 +84,7 @@ CHANGELOG Roundcube Webmail
 - Fix PHP Warning: Use of undefined constant IDNA_DEFAULT on systems without php-intl (#6244)
 - Fix bug where some parts of quota information could have been ignored (#6280)
 - Fix bug where some escape sequences in html styles could bypass security checks
+- Fix bug where some forbidden characters on Cyrus-IMAP were not prevented from use in folder names

 RELEASE 1.3.6
 -------------
--- a/plugins/archive/archive.php
+++ b/plugins/archive/archive.php
@ -466,6 +466,7 @@ class archive extends rcube_plugin
    {
        static $delim;
        static $vendor;
+        static $skip_hidden;

        preg_match('/[\b<](.+@.+)[\b>]/i', $from, $m);

@ -474,24 +475,36 @@ class archive extends rcube_plugin
        }

        if ($delim === null) {
-            $storage = rcmail::get_instance()->get_storage();
-            $delim   = $storage->get_hierarchy_delimiter();
-            $vendor  = $storage->get_vendor();
+            $rcmail      = rcmail::get_instance();
+            $storage     = $rcmail->get_storage();
+            $delim       = $storage->get_hierarchy_delimiter();
+            $vendor      = $storage->get_vendor();
+            $skip_hidden = $rcmail->config->get('imap_skip_hidden_folders');
+        }
+
+        // Remove some forbidden characters
+        $regexp = '\\x00-\\x1F\\x7F%*';
+
+        if ($vendor == 'cyrus') {
+            // List based on testing Kolab's Cyrus-IMAP 2.5
+            $regexp .= '!`(){}|\\?<;"';
+        }
+
+        $folder_name = preg_replace("/[$regexp]/", '', $m[1]);
+
+        if ($skip_hidden && $folder_name[0] == '.') {
+            $folder_name = substr($folder_name, 1);
        }

        $replace = $delim == '-' ? '_' : '-';
        $replacements[$delim] = $replace;

-        // some IMAP servers do not allow . characters
-        // @FIXME: really? which ones?
-        $replacements['.'] = $replace;
-
        // Cyrus-IMAP does not allow @ character in folder name
        if ($vendor == 'cyrus') {
            $replacements['@'] = $replace;
        }

        // replace reserved characters in folder name
-        return strtr($m[1], $replacements);
+        return strtr($folder_name, $replacements);
    }
 }
--- a/program/lib/Roundcube/rcube_imap.php
+++ b/program/lib/Roundcube/rcube_imap.php
@ -3739,6 +3739,35 @@ class rcube_imap extends rcube_storage
        }
    }

+    /**
+     * Check if the folder name is valid
+     *
+     * @param string $folder Folder name (UTF-8)
+     * @param string &$char  First forbidden character found
+     *
+     * @return bool True if the name is valid, False otherwise
+     */
+    public function folder_validate($folder, &$char = null)
+    {
+        if (parent::folder_validate($folder, $char)) {
+            $vendor = $this->get_vendor();
+            $regexp = '\\x00-\\x1F\\x7F%*';
+
+            if ($vendor == 'cyrus') {
+                // List based on testing Kolab's Cyrus-IMAP 2.5
+                $regexp .= '!`@(){}|\\?<;"';
+            }
+
+            if (!preg_match("/[$regexp]/", $folder, $m)) {
+                return true;
+            }
+
+            $char = $m[0];
+        }
+
+        return false;
+    }
+
    /**
     * Get message header names for rcube_imap_generic::fetchHeader(s)
     *
--- a/program/lib/Roundcube/rcube_storage.php
+++ b/program/lib/Roundcube/rcube_storage.php
@ -802,6 +802,26 @@ abstract class rcube_storage
     */
    abstract function mod_folder($folder, $mode = 'out');

+    /**
+     * Check if the folder name is valid
+     *
+     * @param string $folder Folder name (UTF-8)
+     * @param string &$char  First forbidden character found
+     *
+     * @return bool True if the name is valid, False otherwise
+     */
+    public function folder_validate($folder, &$char = null)
+    {
+        $delim = $this->get_hierarchy_delimiter();
+
+        if (strpos($folder, $delim) !== false) {
+            $char = $delim;
+            return false;
+        }
+
+        return true;
+    }
+
    /**
     * Create all folders specified as default
     */
--- a/program/steps/settings/save_folder.inc
+++ b/program/steps/settings/save_folder.inc
@ -46,14 +46,8 @@ else if (mb_strlen($name) > 128) {
 else if ($name[0] == '.' && $RCMAIL->config->get('imap_skip_hidden_folders')) {
    $error = $RCMAIL->gettext('namedotforbidden');
 }
-else {
-    // these characters are problematic e.g. when used in LIST/LSUB
-    foreach (array($delimiter, '%', '*') as $char) {
-        if (strpos($name, $char) !== false) {
-            $error = $RCMAIL->gettext('forbiddencharacter') . " ($char)";
-            break;
-        }
-    }
+else if (!$STORAGE->folder_validate($name, $char)) {
+    $error = $RCMAIL->gettext('forbiddencharacter') . " ($char)";
 }

 if ($error) {