Fix handling of invalid email addresses in headers (#1489092)

Conflicts:

	CHANGELOG
	program/steps/mail/func.inc
pull/88/head
Aleksander Machniak 12 years ago
parent 71ec1b6063
commit bde85428d6

@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail CHANGELOG Roundcube Webmail
=========================== ===========================
- Fix handling of invalid email addresses in headers (#1489092)
- Fix IMAP connection issue with default_socket_timeout < 0 and imap_timeout < 0 (#1489090) - Fix IMAP connection issue with default_socket_timeout < 0 and imap_timeout < 0 (#1489090)
- Fix various PHP code bugs found using static analysis (#1489086) - Fix various PHP code bugs found using static analysis (#1489086)
- Fix backslash character handling on vCard import (#1489085) - Fix backslash character handling on vCard import (#1489085)

@ -361,6 +361,11 @@ class rcube_mime
$address = $m[1]; $address = $m[1];
$name = ''; $name = '';
} }
// special case (#1489092)
else if (preg_match('/(\s*<MAILER-DAEMON>)$/', $val, $m)) {
$address = 'MAILER-DAEMON';
$name = substr($val, 0, -strlen($m[1]));
}
else { else {
$name = $val; $name = $val;
} }

@ -1441,9 +1441,10 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null,
$name = $part['name']; $name = $part['name'];
$mailto = $part['mailto']; $mailto = $part['mailto'];
$string = $part['string']; $string = $part['string'];
$valid = check_email($mailto, false);
// phishing email prevention (#1488981), e.g. "valid@email.addr <phishing@email.addr>" // phishing email prevention (#1488981), e.g. "valid@email.addr <phishing@email.addr>"
if ($name && $name != $mailto && strpos($name, '@')) { if ($name && $valid && $name != $mailto && strpos($name, '@')) {
$name = ''; $name = '';
} }
@ -1459,7 +1460,7 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null,
// for printing we display all addresses // for printing we display all addresses
continue; continue;
} }
else if (check_email($part['mailto'], false)) { else if ($valid) {
if ($linked) { if ($linked) {
$address = html::a(array( $address = html::a(array(
'href' => 'mailto:'.$mailto, 'href' => 'mailto:'.$mailto,
@ -1492,7 +1493,7 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null,
if ($name) if ($name)
$address .= Q($name); $address .= Q($name);
if ($mailto) if ($mailto)
$address .= (strlen($address) ? ' ' : '') . sprintf('&lt;%s&gt;', Q($mailto)); $address = trim($address . ' ' . Q($name ? sprintf('<%s>', $mailto) : $mailto));
} }
$address = html::span('adr', $address); $address = html::span('adr', $address);

@ -39,6 +39,8 @@ class Framework_Mime extends PHPUnit_Framework_TestCase
19 => 'Test <"test test"@domain.tld>', 19 => 'Test <"test test"@domain.tld>',
20 => '<"test test"@domain.tld>', 20 => '<"test test"@domain.tld>',
21 => '"test test"@domain.tld', 21 => '"test test"@domain.tld',
// invalid (#1489092)
22 => '"John Doe @ SomeBusinessName" <MAILER-DAEMON>',
); );
$results = array( $results = array(
@ -64,6 +66,8 @@ class Framework_Mime extends PHPUnit_Framework_TestCase
19 => array(1, 'Test', '"test test"@domain.tld'), 19 => array(1, 'Test', '"test test"@domain.tld'),
20 => array(1, '', '"test test"@domain.tld'), 20 => array(1, '', '"test test"@domain.tld'),
21 => array(1, '', '"test test"@domain.tld'), 21 => array(1, '', '"test test"@domain.tld'),
// invalid (#1489092)
22 => array(1, 'John Doe @ SomeBusinessName', 'MAILER-DAEMON'),
); );
foreach ($headers as $idx => $header) { foreach ($headers as $idx => $header) {

Loading…
Cancel
Save