From d340f18295246d49ce4e5e5f613638e10a5c793b Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Sat, 25 Jan 2020 08:44:46 +0100 Subject: [PATCH] Fix display issues with mail subject that contains line-breaks (#7191) --- CHANGELOG | 2 ++ program/lib/Roundcube/rcube.php | 13 +++++++++++++ program/lib/Roundcube/rcube_message.php | 2 +- program/steps/mail/func.inc | 14 +++++++------- program/steps/mail/show.inc | 6 +++--- 5 files changed, 26 insertions(+), 11 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 3d814b960..9bfb6d7e2 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -29,6 +29,8 @@ CHANGELOG Roundcube Webmail - Fix recipient duplicates in print-view when the recipient list has been expanded (#7169) - Fix bug where files in skins/ directory were listed on skins list (#7180) - Fix bug where message parts with no Content-Disposition header and no name were not listed on attachments list (#7117) +- Fix display issues with mail subject that contains line-breaks (#7191) +- Fix invalid Content-Transfer-Encoding on multipart messages - Mail_Mime fix (#7170) RELEASE 1.4.2 ------------- diff --git a/program/lib/Roundcube/rcube.php b/program/lib/Roundcube/rcube.php index 4bfe2d2bc..55340a6c1 100644 --- a/program/lib/Roundcube/rcube.php +++ b/program/lib/Roundcube/rcube.php @@ -1129,6 +1129,19 @@ class rcube return rcube_utils::rep_specialchars_output($str, 'js'); } + /** + * Quote a given string, remove new-line characters, use strict mode. + * Shortcut function for rcube_utils::rep_specialchars_output() + * + * @param string $str A string to quote + * + * @return string HTML-quoted string + */ + public static function SQ($str) + { + return rcube_utils::rep_specialchars_output($str, 'html', 'strict', false); + } + /** * Construct shell command, execute it and return output as string. * Keywords {keyword} are replaced with arguments diff --git a/program/lib/Roundcube/rcube_message.php b/program/lib/Roundcube/rcube_message.php index e28672a2d..73ca59580 100644 --- a/program/lib/Roundcube/rcube_message.php +++ b/program/lib/Roundcube/rcube_message.php @@ -124,7 +124,7 @@ class rcube_message } $this->mime = new rcube_mime($this->headers->charset); - $this->subject = $this->headers->get('subject'); + $this->subject = str_replace("\n", '', $this->headers->get('subject')); $from = $this->mime->decode_address_list($this->headers->from, 1); $this->sender = current($from); diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 4e2aa0799..799788135 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -510,7 +510,7 @@ function rcmail_js_message_list($a_headers, $insert_top=false, $a_show_cols=null else if ($col == 'subject') { $cont = trim(rcube_mime::decode_header($header->$col, $header->charset)); if (!$cont) $cont = $RCMAIL->gettext('nosubject'); - $cont = rcube::Q($cont); + $cont = rcube::SQ($cont); } else if ($col == 'size') $cont = $RCMAIL->show_bytes($header->$col); @@ -523,10 +523,10 @@ function rcmail_js_message_list($a_headers, $insert_top=false, $a_show_cols=null $last_folder_name = str_replace($delimiter, " \xC2\xBB ", $last_folder_name); } - $cont = rcube::Q($last_folder_name); + $cont = rcube::SQ($last_folder_name); } else - $cont = rcube::Q($header->$col); + $cont = rcube::SQ($header->$col); $a_msg_cols[$col] = $cont; } @@ -1308,7 +1308,7 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null, $mailto = rcube_utils::idn_to_utf8($mailto); if ($PRINT_MODE) { - $address = sprintf('%s <%s>', rcube::Q($name), rcube::Q($mailto)); + $address = sprintf('%s <%s>', rcube::SQ($name), rcube::Q($mailto)); } else if ($valid) { if ($linked) { @@ -1320,10 +1320,10 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null, ); if ($show_email && $name && $mailto) { - $content = rcube::Q($name ? sprintf('%s <%s>', $name, $mailto) : $mailto); + $content = rcube::SQ($name ? sprintf('%s <%s>', $name, $mailto) : $mailto); } else { - $content = rcube::Q($name ?: $mailto); + $content = rcube::SQ($name ?: $mailto); $attrs['title'] = $mailto; } @@ -1331,7 +1331,7 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null, } else { $address = html::span(array('title' => $mailto, 'class' => "rcmContactAddress"), - rcube::Q($name ?: $mailto)); + rcube::SQ($name ?: $mailto)); } if ($addicon && $_SESSION['writeable_abook']) { diff --git a/program/steps/mail/show.inc b/program/steps/mail/show.inc index 03a26585a..546758a00 100644 --- a/program/steps/mail/show.inc +++ b/program/steps/mail/show.inc @@ -494,16 +494,16 @@ function rcmail_message_headers($attrib, $headers=null) // single header value is requested if (!empty($attrib['valueof'])) { $row = $plugin['output'][$attrib['valueof']]; - return $row['html'] ? $row['value'] : rcube::Q($row['value']); + return $row['html'] ? $row['value'] : rcube::SQ($row['value']); } // compose html table $table = new html_table(array('cols' => 2)); foreach ($plugin['output'] as $hkey => $row) { - $val = $row['html'] ? $row['value'] : rcube::Q($row['value']); + $val = $row['html'] ? $row['value'] : rcube::SQ($row['value']); - $table->add(array('class' => 'header-title'), rcube::Q($row['title'])); + $table->add(array('class' => 'header-title'), rcube::SQ($row['title'])); $table->add(array('class' => 'header '.$hkey), $val); }