banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge 9d39c0a05f into 279ae66120

Browse Source
pull/7348/merge
Christopher Gurnee 4 years ago committed by GitHub
parent 279ae66120 9d39c0a05f
commit bd9732c671
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 68 additions and 24 deletions
Show Stats Download Patch File Download Diff File

5
CHANGELOG
Unescape Escape View File

@ -88,6 +88,11 @@ RELEASE 1.4.4
- Security: Fix remote code execution via crafted 'im_convert_path' or 'im_identify_path' settings [CVE-2020-12641]
- Security: Fix local file inclusion (and code execution) via crafted 'plugins' option [CVE-2020-12640]
- Security: Fix CSRF bypass that could be used to log out an authenticated user [CVE-2020-12626] (#7302)
- Mailvelope: Fix size of iframe for PGP-inlined mail (#7348)
- Mailvelope: Add config option to use Main Keyring (#7348)
- Mailvelope: Add config option to set the size for new keys (#7348)
- Mailvelope: Always ask before discarding email currently being composed (#7348)
- Mailvelope: Fix unnecessary warning to re-add attachments when restoring a draft (#7348)
RELEASE 1.4.3
-------------

4
config/config.inc.php.sample
Unescape Escape View File

@ -86,3 +86,7 @@ $config['plugins'] = array(
// skin name: folder from skins/
$config['skin'] = 'elastic';
// Use the Main Keyring in Mailvelope? If not, use (creating if required)
// a per-site keyring. Most sites use the Main Keyring, so set this to true.
$config['mailvelope_main_keyring'] = true;

8
config/defaults.inc.php
Unescape Escape View File

@ -854,6 +854,14 @@ $config['compose_responses_static'] = array(
// Note: Lookup is client-side, so the server must support Cross-Origin Resource Sharing
$config['keyservers'] = array('keys.openpgp.org');
// Use the Main Keyring in Mailvelope? If not, use (creating if required)
// a per-site keyring. This is set to false for backwards compatibility.
$config['mailvelope_main_keyring'] = false;
// Mailvelope RSA bit size for newly generated keys, either 2048 or 4096.
// It maybe desirable to use 2048 for sites with many mobile users.
$config['mailvelope_keysize'] = 4096;
// ----------------------------------
// ADDRESSBOOK SETTINGS
// ----------------------------------

70
program/js/app.js
Unescape Escape View File

@ -347,6 +347,8 @@ function rcube_webmail()
dt.setData('roundcube-name', n.text().trim());
}
});
this.check_mailvelope(this.env.action);
}
else if (this.env.action == 'compose') {
this.env.address_group_stack = [];
@ -395,6 +397,8 @@ function rcube_webmail()
// init message compose form
this.init_messageform();
this.check_mailvelope(this.env.action);
}
else if (this.env.action == 'bounce') {
this.init_messageform_inputs();
@ -431,11 +435,12 @@ function rcube_webmail()
);
});
}
// show printing dialog
else if (this.env.action == 'print' && this.env.uid
&& !this.env.is_pgp_content && !this.env.pgp_mime_part
) {
this.print_dialog();
// show printing dialog unless decryption must be done first
else if (this.env.action == 'print' && this.env.uid) {
this.check_mailvelope(this.env.action);
if (!this.env.is_pgp_content && !this.env.pgp_mime_part) {
this.print_dialog();
}
}
// get unread count for each mailbox
@ -485,8 +490,6 @@ function rcube_webmail()
this.http_post(postact, postdata);
}
this.check_mailvelope(this.env.action);
// detect browser capabilities
if (!this.is_framed() && !this.env.extwin)
this.browser_capabilities_check();
@ -567,7 +570,9 @@ function rcube_webmail()
// initialize HTML editor
this.editor_init(this.env.editor_config, 'rcmfd_signature');
this.check_mailvelope(this.env.action);
if (this.env.action == 'edit-identity') {
this.check_mailvelope(this.env.action);
}
}
else if (this.env.action == 'folders') {
this.enable_command('subscribe', 'unsubscribe', 'create-folder', 'rename-folder', true);
@ -755,7 +760,8 @@ function rcube_webmail()
// check input before leaving compose step
if (this.task == 'mail' && this.env.action == 'compose' && !this.env.server_error && command != 'save-pref'
&& $.inArray(command, this.env.compose_commands) < 0 && !this.compose_skip_unsavedcheck
&& ($.inArray(command, this.env.compose_commands) < 0 || command.startsWith('compose-encrypted') && ref.mailvelope_editor)
&& !this.compose_skip_unsavedcheck
) {
if (!this.env.is_sent && this.cmp_hash != this.compose_field_hash()) {
this.confirm_dialog(this.get_label('notsentwarning'), 'discard', function() {
@ -3713,10 +3719,7 @@ function rcube_webmail()
// Load Mailvelope functionality (and initialize keyring if needed)
this.mailvelope_load = function(action)
{
if (this.env.browser_capabilities)
this.env.browser_capabilities['pgpmime'] = 1;
var keyring = this.env.user_id,
var keyring = this.env.mailvelope_main_keyring ? undefined : this.env.user_id,
fn = function(kr) {
ref.mailvelope_keyring = kr;
ref.mailvelope_init(action, kr);
@ -3727,10 +3730,14 @@ function rcube_webmail()
mailvelope.VERSION_MAJOR = Math.floor(parseFloat(v));
return mailvelope.getKeyring(keyring);
}).then(fn, function(err) {
// attempt to create a new keyring for this app/user
mailvelope.createKeyring(keyring).then(fn, function(err) {
if (keyring) {
// attempt to create a new keyring for this app/user
mailvelope.createKeyring(keyring).then(fn, function(err) {
console.error(err);
});
} else {
console.error(err);
});
}
});
};
@ -3835,7 +3842,6 @@ function rcube_webmail()
// remove Mailvelope editor if active
if (ref.mailvelope_editor) {
ref.mailvelope_editor = null;
ref.compose_skip_unsavedcheck = false;
ref.set_button('compose-encrypted', 'act');
container.removeClass('mailvelope')
@ -3873,7 +3879,6 @@ function rcube_webmail()
mailvelope.createEditorContainer('#' + container.attr('id'), ref.mailvelope_keyring, options).then(function(editor) {
ref.mailvelope_editor = editor;
ref.compose_skip_unsavedcheck = true;
ref.set_button('compose-encrypted', 'sel');
container.addClass('mailvelope');
@ -3883,9 +3888,14 @@ function rcube_webmail()
ref.enable_command('spellcheck', 'insert-sig', 'toggle-editor', 'insert-response', 'save-response', false);
ref.triggerEvent('compose-encrypted', { active:true });
// notify user about loosing attachments
if (ref.env.attachments && !$.isEmptyObject(ref.env.attachments)) {
ref.alert_dialog(ref.get_label('encryptnoattachments'));
// notify user if losing attachments
if (ref.env.compose_mode != 'draft'
|| Object.keys(ref.env.attachments).length != 1
|| ref.env.attachments[Object.keys(ref.env.attachments)[0]].name != 'encrypted.asc'
) {
ref.alert_dialog(ref.get_label('encryptnoattachments'));
}
$.each(ref.env.attachments, function(name, attach) {
ref.remove_from_attachment_list(name);
@ -4028,7 +4038,8 @@ function rcube_webmail()
}
ref.hide_message(msgid);
$(selector).addClass('mailvelope').children().not('iframe').hide();
$(selector).children().not('iframe').hide();
$('#messagebody').addClass('mailvelope');
// on success we can remove encrypted part from the attachments list
if (ref.env.pgp_mime_part)
@ -4268,7 +4279,7 @@ function rcube_webmail()
{
var cid = new Date().getTime();
var user_id = {email: identity_email, fullName: $(ref.gui_objects.editform).find('.ff_name').val().trim()};
var options = {userIds: [user_id], keySize: 4096};
var options = {userIds: [user_id], keySize: this.env.mailvelope_keysize};
$('<div>').attr('id', 'mailvelope-keygen-container-' + cid)
.css({height: '245px', marginBottom: '10px'})
@ -9915,7 +9926,7 @@ function rcube_webmail()
if (!this.env.browser_capabilities)
this.env.browser_capabilities = {};
$.each(['pdf', 'flash', 'tiff', 'webp'], function() {
$.each(['pdf', 'flash', 'tiff', 'webp', 'pgpmime'], function() {
if (ref.env.browser_capabilities[this] === undefined)
ref.env.browser_capabilities[this] = ref[this + '_support_check']();
});
@ -10024,6 +10035,19 @@ function rcube_webmail()
return 0;
};
// check for mailvelope API
this.pgpmime_support_check = function(action)
{
if (typeof window.mailvelope !== 'undefined')
return 1;
$(window).on('mailvelope', function() {
ref.env.browser_capabilities['pgpmime'] = 1;
});
return 0;
};
this.assets_path = function(path)
{
if (this.env.assets_path && !path.startsWith(this.env.assets_path)) {

1
program/steps/mail/compose.inc
Unescape Escape View File

@ -93,6 +93,7 @@ $OUTPUT->set_env('save_localstorage', (bool)$RCMAIL->config->get('compose_save_l
$OUTPUT->set_env('is_sent', false);
$OUTPUT->set_env('mimetypes', rcmail_supported_mimetypes());
$OUTPUT->set_env('keyservers', $RCMAIL->config->keyservers());
$OUTPUT->set_env('mailvelope_main_keyring', $RCMAIL->config->get('mailvelope_main_keyring'));
$drafts_mbox = $RCMAIL->config->get('drafts_mbox');
$config_show_sig = $RCMAIL->config->get('show_sig', 1);

2
program/steps/mail/show.inc
Unescape Escape View File

@ -85,7 +85,7 @@ if ($uid) {
// set configuration
$RCMAIL->set_env_config(array('delete_junk', 'flag_for_deletion', 'read_when_deleted',
'skip_deleted', 'display_next', 'forward_attachment'));
'skip_deleted', 'display_next', 'forward_attachment', 'mailvelope_main_keyring'));
// set special folders
foreach (array('drafts', 'trash', 'junk') as $mbox) {

2
program/steps/settings/edit_identity.inc
Unescape Escape View File

@ -33,6 +33,8 @@ if (($_GET['_iid'] || $_POST['_iid']) && $RCMAIL->action=='edit-identity') {
$RCMAIL->overwrite_action('identities');
return;
}
$OUTPUT->set_env('mailvelope_main_keyring', $RCMAIL->config->get('mailvelope_main_keyring'));
$OUTPUT->set_env('mailvelope_keysize', $RCMAIL->config->get('mailvelope_keysize'));
}
// add-identity
else {

Write Preview
Loading…
Cancel
Save