Minor bugfixes posted to the dev-mailing list

CHANGELOG

@@ -1,6 +1,16 @@
 CHANGELOG RoundCube Webmail
 ---------------------------
 
+2007/03/21 (thomasb)
+----------
+- Updated PEAR::Mail_mime package
+- Added Persian localization
+- Updated Catalan and Brazilian Portuguese translations
+- Updated INSTALL manual with a note about database passwords
+- Accept single quotes for HTML attributes when modifying message body (thanks Jason)
+- Sanitize input for new users/identities (thanks Colin Alston)
+
+
 2007/03/19 (thomasb)
 ----------
 - Don't download HTML message parts

INSTALL

@@ -60,6 +60,10 @@ RoundCube with utf-8 charset. Here's an example of the init procedure:
 
 # mysql roundcubemail < SQL/mysql5.initial.sql
 
+Note: 'password' is the master password for the roundcube user. It is strongly
+recommended you replace this with a more secure password. Please keep in
+mind: You need to specify this password later in 'config/db.inc.php'.
+
 
 * SQLite
 --------

program/include/main.inc

@@ -580,10 +580,10 @@ function rcmail_create_user($user, $host)
   $DB->query("INSERT INTO ".get_table_name('users')."
               (created, last_login, username, mail_host, alias, language)
               VALUES (".$DB->now().", ".$DB->now().", ?, ?, ?, ?)",
-              $user,
-              $host,
-              $user_email,
-		      $_SESSION['user_lang']);
+              strip_newlines($user),
+              strip_newlines($host),
+              strip_newlines($user_email),
+              $_SESSION['user_lang']);
 
   if ($user_id = $DB->insert_id(get_sequence_name('users')))
     {
@@ -595,7 +595,7 @@ function rcmail_create_user($user, $host)
     $user_name = $user!=$user_email ? $user : '';
 
     // try to resolve the e-mail address from the virtuser table
-	if (!empty($CONFIG['virtuser_query']) &&
+    if (!empty($CONFIG['virtuser_query']) &&
         ($sql_result = $DB->query(preg_replace('/%u/', $user, $CONFIG['virtuser_query']))) &&
         ($DB->num_rows()>0))
       while ($sql_arr = $DB->fetch_array($sql_result))
@@ -604,7 +604,7 @@ function rcmail_create_user($user, $host)
                    (user_id, del, standard, name, email)
                    VALUES (?, 0, 1, ?, ?)",
                    $user_id,
-                   $user_name,
+                   strip_newlines($user_name),
                    preg_replace('/^@/', $user . '@', $sql_arr[0]));
         }
     else
@@ -614,8 +614,8 @@ function rcmail_create_user($user, $host)
                   (user_id, del, standard, name, email)
                   VALUES (?, 0, 1, ?, ?)",
                   $user_id,
-                  $user_name,
-                  $user_email);
+                  strip_newlines($user_name),
+                  strip_newlines($user_email));
       }
                        
     // get existing mailboxes
@@ -1140,6 +1140,14 @@ function strip_quotes($str)
   return preg_replace('/[\'"]/', '', $str);
 }
 
+/**
+ * Remove new lines characters from given string
+ */
+function strip_newlines($str)
+{
+  return preg_replace('/[\r\n]/', '', $str);
+}
+
 
 // ************** template parsing and gui functions **************
 

program/include/rcube_imap.inc

@@ -2117,7 +2117,12 @@ class rcube_imap
       $j++;
       $address = $val['address'];
       $name = preg_replace(array('/^[\'"]/', '/[\'"]$/'), '', trim($val['name']));
-      $string = $name!==$address ? sprintf('%s <%s>', strpos($name, ',')!==FALSE ? '"'.$name.'"' : $name, $address) : $address;
+      if ($name && $address && $name != $address)
+        $string = sprintf('%s <%s>', strpos($name, ',')!==FALSE ? '"'.$name.'"' : $name, $address);
+      else if ($address)
+        $string = $address;
+      else if ($name)
+        $string = $name;
       
       $out[$j] = array('name' => $name,
                        'mailto' => $address,
@@ -2476,7 +2481,7 @@ class rcube_imap
 
       foreach ($sub_a as $k => $v)
         {
-        if ((strpos($v, '@') > 0) && (strpos($v, '.') > 0)) 
+        if (strpos($v, '@') > 0)
           $result[$key]['address'] = str_replace('<', '', str_replace('>', '', $v));
         else
           $result[$key]['name'] .= (empty($result[$key]['name'])?'':' ').str_replace("\"",'',stripslashes($v));

program/steps/mail/compose.inc

@@ -201,7 +201,7 @@ function rcmail_compose_headers($attrib)
       $fvalue = '';
       foreach ($to_addresses as $addr_part)
         {
-        if (!in_array($addr_part['mailto'], $sa_recipients) && (!$MESSAGE['FROM'] || !in_array($addr_part['mailto'], $MESSAGE['FROM'])))
+        if (!empty($addr_part['mailto']) && !in_array($addr_part['mailto'], $sa_recipients) && (!$MESSAGE['FROM'] || !in_array($addr_part['mailto'], $MESSAGE['FROM'])))
           {
           $fvalue .= (strlen($fvalue) ? ', ':'').$addr_part['string'];
           $sa_recipients[] = $addr_part['mailto'];
@@ -384,8 +384,8 @@ function rcmail_compose_body($attrib)
       $body = rcmail_first_text_part($MESSAGE);
       $isHtml = false;
       }
-    if (strlen($body))
-      $body = rcmail_create_reply_body($body, $isHtml);
+
+    $body = rcmail_create_reply_body($body, $isHtml);
     }
   // forward message body inline
   else if ($compose_mode == RCUBE_COMPOSE_FORWARD)
@@ -417,8 +417,8 @@ function rcmail_compose_body($attrib)
       $body = rcmail_first_text_part($MESSAGE);
       $isHtml = false;
       }
-    if (strlen($body))
-      $body = rcmail_create_draft_body($body, $isHtml);
+
+    $body = rcmail_create_draft_body($body, $isHtml);
     }
 
   $OUTPUT->include_script('tiny_mce/tiny_mce.js');

program/steps/mail/func.inc

@@ -1252,7 +1252,7 @@ function rcmail_sanitize_html($body, $container_id)
 // parse link attributes and set correct target
 function rcmail_alter_html_link($in)
   {
-  $in = preg_replace('/=([^("|\s)]+)(\s|$)/', '="\1"', $in);
+  $in = preg_replace('/=([^("|\'|\s)]+)(\s|$)/', '="\1"', $in);
   $attrib = parse_attrib_string($in);
 
   if (stristr((string)$attrib['href'], 'mailto:'))