diff --git a/CHANGELOG b/CHANGELOG index 30479b352..78537ec0b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,8 @@ CHANGELOG Roundcube Webmail =========================== +- Fix locked folder rename option on servers supporting RFC2086 only (#1488089) +- Fix encoding of LDAP contacts identifiers (#1488079) - Fix session race conditions when composing new messages - jQuery 1.6.4 - Fix handling of binary attachments encoded with quoted-printable (#1488065) diff --git a/INSTALL b/INSTALL index 14bf27b94..7fe3a76cc 100644 --- a/INSTALL +++ b/INSTALL @@ -29,6 +29,7 @@ REQUIREMENTS - zend.ze1_compatibility_mode disabled - suhosin.session.encrypt disabled - mbstring.func_overload disabled + - magic_quotes_runtime disabled * PHP compiled with OpenSSL to connect to IMAPS and to use the spell checker * A MySQL (4.0.8 or newer), PostgreSQL, MSSQL database engine or the SQLite extension for PHP diff --git a/program/include/iniset.php b/program/include/iniset.php index 63f04c850..5b1b7f7c0 100755 --- a/program/include/iniset.php +++ b/program/include/iniset.php @@ -28,6 +28,7 @@ $crit_opts = array( 'suhosin.session.encrypt' => 0, 'session.auto_start' => 0, 'file_uploads' => 1, + 'magic_quotes_runtime' => 0, ); foreach ($crit_opts as $optname => $optval) { if ($optval != ini_get($optname)) { diff --git a/program/include/rcmail.php b/program/include/rcmail.php index 03b536b3e..48c709e9f 100644 --- a/program/include/rcmail.php +++ b/program/include/rcmail.php @@ -855,6 +855,10 @@ class rcmail else if ($config['auto_create_user']) { if ($created = rcube_user::create($username, $host)) { $user = $created; + + // fix default settings according to namespace prefix + $this->fix_namespace_settings($user); + // create default folders on first login if ($config['create_default_folders']) $this->imap->create_default_folders(); diff --git a/program/include/rcube_imap.php b/program/include/rcube_imap.php index 1d258f1e1..7147c14d5 100644 --- a/program/include/rcube_imap.php +++ b/program/include/rcube_imap.php @@ -3575,7 +3575,8 @@ class rcube_imap } if (!empty($options['rights'])) { - $options['norename'] = !in_array('x', $options['rights']); + $options['norename'] = !in_array('x', $options['rights']) && !in_array('d', $options['rights']); + if (!$options['noselect']) { $options['noselect'] = !in_array('r', $options['rights']); } diff --git a/program/include/rcube_ldap.php b/program/include/rcube_ldap.php index 373670ab0..48920d9fa 100644 --- a/program/include/rcube_ldap.php +++ b/program/include/rcube_ldap.php @@ -5,6 +5,7 @@ | | | This file is part of the Roundcube Webmail client | | Copyright (C) 2006-2011, The Roundcube Dev Team | + | Copyright (C) 2011, Kolab Systems AG | | Licensed under the GNU GPL | | | | PURPOSE: | @@ -13,6 +14,7 @@ +-----------------------------------------------------------------------+ | Author: Thomas Bruederli | | Andreas Dick | + | Aleksander Machniak | +-----------------------------------------------------------------------+ $Id$ @@ -185,7 +187,7 @@ class rcube_ldap extends rcube_addressbook list($u, $d) = explode('@', $fu); else $d = $this->mail_domain; - + $dc = 'dc='.strtr($d, array('.' => ',dc=')); // hierarchal domain string $replaces = array('%dc' => $dc, '%d' => $d, '%fu' => $fu, '%u' => $u); @@ -454,7 +456,7 @@ class rcube_ldap extends rcube_addressbook $members = array(); foreach ($entries as $entry) { - if ($this->group_members[base64_encode($entry['dn'])]) + if ($this->group_members[self::dn_encode($entry['dn'])]) { $members[] = $entry; $count++; @@ -614,7 +616,7 @@ class rcube_ldap extends rcube_addressbook $res = null; if ($this->conn && $dn) { - $dn = base64_decode($dn); + $dn = self::dn_decode($dn); $this->_debug("C: Read [dn: $dn] [(objectclass=*)]"); @@ -713,11 +715,13 @@ class rcube_ldap extends rcube_addressbook $this->_debug("S: OK"); + $dn = self::dn_encode($dn); + // add new contact to the selected group if ($this->groups) - $this->add_to_group($this->group_id, base64_encode($dn)); + $this->add_to_group($this->group_id, $dn); - return base64_encode($dn); + return $dn; } @@ -738,7 +742,7 @@ class rcube_ldap extends rcube_addressbook $newdata = array(); $replacedata = array(); $deletedata = array(); - + // flatten composite fields in $record if (is_array($record['address'])) { foreach ($record['address'] as $i => $struct) { @@ -776,7 +780,7 @@ class rcube_ldap extends rcube_addressbook } // end if } // end foreach - $dn = base64_decode($id); + $dn = self::dn_decode($id); // Update the entry as required. if (!empty($deletedata)) { @@ -833,17 +837,21 @@ class rcube_ldap extends rcube_addressbook } $this->_debug("S: OK"); + $dn = self::dn_encode($dn); + $newdn = self::dn_encode($newdn); + // change the group membership of the contact if ($this->groups) { - $group_ids = $this->get_record_groups(base64_encode($dn)); + $group_ids = $this->get_record_groups($dn); foreach ($group_ids as $group_id) { - $this->remove_from_group($group_id, base64_encode($dn)); - $this->add_to_group($group_id, base64_encode($newdn)); + $this->remove_from_group($group_id, $dn); + $this->add_to_group($group_id, $newdn); } } - return base64_encode($newdn); + + return $newdn; } return true; @@ -866,7 +874,7 @@ class rcube_ldap extends rcube_addressbook } // end if foreach ($ids as $id) { - $dn = base64_decode($id); + $dn = self::dn_decode($id); $this->_debug("C: Delete [dn: $dn]"); // Delete the record. $res = ldap_delete($this->conn, $dn); @@ -878,12 +886,11 @@ class rcube_ldap extends rcube_addressbook $this->_debug("S: OK"); // remove contact from all groups where he was member - if ($this->groups) - { - $group_ids = $this->get_record_groups(base64_encode($dn)); - foreach ($group_ids as $group_id) - { - $this->remove_from_group($group_id, base64_encode($dn)); + if ($this->groups) { + $dn = self::dn_encode($dn); + $group_ids = $this->get_record_groups($dn); + foreach ($group_ids as $group_id) { + $this->remove_from_group($group_id, $dn); } } } // end foreach @@ -967,7 +974,7 @@ class rcube_ldap extends rcube_addressbook $out = array(); if ($rec['dn']) - $out[$this->primary_key] = base64_encode($rec['dn']); + $out[$this->primary_key] = self::dn_encode($rec['dn']); foreach ($this->fieldmap as $rf => $lf) { @@ -1067,7 +1074,7 @@ class rcube_ldap extends rcube_addressbook for ($i=0; $i<$cache_members["count"]; $i++) { if (!empty($cache_members[$i])) - $members[base64_encode($cache_members[$i])] = 1; + $members[self::dn_encode($cache_members[$i])] = 1; } $this->group_members = $members; $this->group_id = $group_id; @@ -1126,7 +1133,7 @@ class rcube_ldap extends rcube_addressbook $group_name = $ldap_data[$i]['cn'][0]; if (!$search || strstr(strtolower($group_name), strtolower($search))) { - $group_id = base64_encode($group_name); + $group_id = self::dn_encode($group_name); $groups[$group_id]['ID'] = $group_id; $groups[$group_id]['name'] = $group_name; $groups[$group_id]['members'] = $ldap_data[$i]['member']; @@ -1152,7 +1159,7 @@ class rcube_ldap extends rcube_addressbook $base_dn = $this->groups_base_dn; $new_dn = "cn=$group_name,$base_dn"; - $new_gid = base64_encode($group_name); + $new_gid = self::dn_encode($group_name); $new_entry = array( 'objectClass' => $this->prop['groups']['object_classes'], @@ -1222,7 +1229,7 @@ class rcube_ldap extends rcube_addressbook $group_name = $this->group_cache[$group_id]['name']; $old_dn = "cn=$group_name,$base_dn"; $new_rdn = "cn=$new_name"; - $new_gid = base64_encode($new_name); + $new_gid = self::dn_encode($new_name); $this->_debug("C: Rename [dn: $old_dn] [dn: $new_rdn]"); @@ -1257,7 +1264,7 @@ class rcube_ldap extends rcube_addressbook $new_attrs = array(); foreach (explode(",", $contact_ids) as $id) - $new_attrs['member'][] = base64_decode($id); + $new_attrs['member'][] = self::dn_decode($id); $this->_debug("C: Add [dn: $group_dn]: ".print_r($new_attrs, true)); @@ -1292,7 +1299,7 @@ class rcube_ldap extends rcube_addressbook $del_attrs = array(); foreach (explode(",", $contact_ids) as $id) - $del_attrs['member'][] = base64_decode($id); + $del_attrs['member'][] = self::dn_decode($id); $this->_debug("C: Delete [dn: $group_dn]: ".print_r($del_attrs, true)); @@ -1323,7 +1330,7 @@ class rcube_ldap extends rcube_addressbook return array(); $base_dn = $this->groups_base_dn; - $contact_dn = base64_decode($contact_id); + $contact_dn = self::dn_decode($contact_id); $filter = strtr("(member=$contact_dn)", array('\\' => '\\\\')); $this->_debug("C: Search [$filter][dn: $base_dn]"); @@ -1342,7 +1349,7 @@ class rcube_ldap extends rcube_addressbook for ($i=0; $i<$ldap_data["count"]; $i++) { $group_name = $ldap_data[$i]['cn'][0]; - $group_id = base64_encode($group_name); + $group_id = self::dn_encode($group_name); $groups[$group_id] = $group_id; } return $groups; @@ -1401,7 +1408,7 @@ class rcube_ldap extends rcube_addressbook /** * create ber encoding for sort control * - * @pararm array List of cols to sort by + * @param array List of cols to sort by * @return string BER encoded option value */ private function _sort_ber_encode($sortcols) @@ -1455,11 +1462,38 @@ class rcube_ldap extends rcube_addressbook /** * Returns ascii string encoded in hex */ - private static function _string2hex($str) { + private static function _string2hex($str) + { $hex = ''; for ($i=0; $i < strlen($str); $i++) $hex .= dechex(ord($str[$i])); return $hex; } + /** + * HTML-safe DN string encoding + * + * @param string $str DN string + * + * @return string Encoded HTML identifier string + */ + static function dn_encode($str) + { + // @TODO: to make output string shorter we could probably + // remove dc=* items from it + return rtrim(strtr(base64_encode($str), '+/', '-_'), '='); + } + + /** + * Decodes DN string encoded with _dn_encode() + * + * @param string $str Encoded HTML identifier string + * + * @return string DN string + */ + static function dn_decode($str) + { + $str = str_pad(strtr($str, '-_', '+/'), strlen($str) % 4, '=', STR_PAD_RIGHT); + return base64_decode($str); + } } diff --git a/program/include/rcube_session.php b/program/include/rcube_session.php index dbb9a9e7d..1a83a7db1 100644 --- a/program/include/rcube_session.php +++ b/program/include/rcube_session.php @@ -193,8 +193,6 @@ class rcube_session */ private function _fixvars($vars, $oldvars) { - $ts = microtime(true); - if ($oldvars !== false) { $a_oldvars = $this->unserialize($oldvars); if (is_array($a_oldvars)) { diff --git a/program/js/googiespell.js b/program/js/googiespell.js index 18ed6a2b2..de8890f5f 100644 --- a/program/js/googiespell.js +++ b/program/js/googiespell.js @@ -155,8 +155,8 @@ this.appendNewMenuItem = function(name, call_back_fn, checker) { this.extra_menu_items.push([name, call_back_fn, checker]); }; -this.appendCustomMenuBuilder = function(eval, builder) { - this.custom_menu_builder.push([eval, builder]); +this.appendCustomMenuBuilder = function(eval_fn, builder) { + this.custom_menu_builder.push([eval_fn, builder]); }; this.setFocus = function() { @@ -409,7 +409,7 @@ this.showErrorWindow = function(elm, id) { var changed = false; for (var k=0; kfunction) && is_a($db->function, 'MDB2_Driver_Function_Common')) { + if (isset($db->function) && is_object($db->function) && is_a($db->function, 'MDB2_Driver_Function_Common')) { return $db->function->now('date'); } return 'CURRENT_DATE'; @@ -1408,7 +1408,7 @@ class MDB2_Driver_Datatype_Common extends MDB2_Module_Common if (PEAR::isError($db)) { return $db; } - if (isset($db->function) && is_a($db->function, 'MDB2_Driver_Function_Common')) { + if (isset($db->function) && is_object($db->function) && is_a($db->function, 'MDB2_Driver_Function_Common')) { return $db->function->now('timestamp'); } return 'CURRENT_TIMESTAMP'; @@ -1437,7 +1437,7 @@ class MDB2_Driver_Datatype_Common extends MDB2_Module_Common if (PEAR::isError($db)) { return $db; } - if (isset($db->function) && is_a($db->function, 'MDB2_Driver_Function_Common')) { + if (isset($db->function) && is_object($db->function) && is_a($db->function, 'MDB2_Driver_Function_Common')) { return $db->function->now('time'); } return 'CURRENT_TIME'; diff --git a/program/lib/PEAR.php b/program/lib/PEAR.php index a792d9f57..8cc715204 100644 --- a/program/lib/PEAR.php +++ b/program/lib/PEAR.php @@ -265,7 +265,7 @@ class PEAR */ function isError($data, $code = null) { - if (!is_a($data, 'PEAR_Error')) { + if (!is_object($data) || !is_a($data, 'PEAR_Error')) { return false; } diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 8b57c9e11..53c04780d 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -1448,7 +1448,7 @@ function rcmail_send_mdn($message, &$smtp_error) { global $RCMAIL, $IMAP; - if (!is_object($message) || !is_a($message, rcube_message)) + if (!is_object($message) || !is_a($message, 'rcube_message')) $message = new rcube_message($message); if ($message->headers->mdn_to && !$message->headers->mdn_sent &&