Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 146259 Details for
Bug 204211
Attached file name in Japanese is mis-decoded in save sub window on Windows OS
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
diff of mime.php from 1.4.8-1 to 1.4.8-3 fc5
mime.php.diff (text/plain), 15.65 KB, created by
Zing
on 2007-01-22 23:56:43 UTC
(
hide
)
Description:
diff of mime.php from 1.4.8-1 to 1.4.8-3 fc5
Filename:
MIME Type:
Creator:
Zing
Created:
2007-01-22 23:56:43 UTC
Size:
15.65 KB
patch
obsolete
>--- squirrelmail-1.4.8-1/functions/mime.php 2007-01-22 18:49:57.000000000 -0500 >+++ squirrelmail-1.4.8-3/functions/mime.php 2007-01-22 18:50:36.000000000 -0500 >@@ -248,6 +248,7 @@ > > require_once(SM_PATH . 'functions/url_parser.php'); > >+ $charset = strtolower($charset); > $body_ary = explode("\n", $body); > for ($i=0; $i < count($body_ary); $i++) { > $line = $body_ary[$i]; >@@ -312,6 +313,14 @@ > } > > $body = ''; >+ if (!$charset_converted) { >+ if ($charset == 'iso-2022-jp' || $charset == 'shift_jis' || $charset == 'euc-jp' || >+ ($squirrelmail_language == 'ja_JP' && >+ ($charset == 'utf-8' || $charset == '' || $charset == 'us-ascii'))) { >+ $body = $languages['ja_JP']['XTRA_CODE']('decode', $body); >+ $charset_converted = true; >+ } >+ } > $urlmailbox = urlencode($mailbox); > $body_message = getEntity($message, $ent_num); > if (($body_message->header->type0 == 'text') || >@@ -319,12 +328,15 @@ > $body = mime_fetch_body ($imap_stream, $id, $ent_num); > $body = decodeBody($body, $body_message->header->encoding); > >- if (isset($languages[$squirrelmail_language]['XTRA_CODE']) && >- function_exists($languages[$squirrelmail_language]['XTRA_CODE'])) { >- if (mb_detect_encoding($body) != 'ASCII') { >- $body = $languages[$squirrelmail_language]['XTRA_CODE']('decode', $body); >- } >+ $charset_converted = false; >+ if (strtolower($body_message->header->getParameter('charset')) == 'iso-2022-jp' && >+ isset($languages[$squirrelmail_language]['XTRA_CODE']) && >+ function_exists($languages[$squirrelmail_language]['XTRA_CODE'])) { >+ if (mb_detect_encoding($body) != 'ASCII') { >+ $body = $languages[$squirrelmail_language]['XTRA_CODE']('decode', $body); >+ } > } >+ > $hookResults = do_hook("message_body", $body); > $body = $hookResults[1]; > >@@ -489,7 +501,11 @@ > if ($where && $what) { > $defaultlink .= '&where='. urlencode($where).'&what='.urlencode($what); > } >- >+ // IE does make use of mime content sniffing. Forcing a download >+ // prohibit execution of XSS inside an application/octet-stream attachment >+ if ($type0 == 'application' && $type1 == 'octet-stream') { >+ $defaultlink .= '&absolute_dl=true'; >+ } > /* This executes the attachment hook with a specific MIME-type. > * If that doesn't have results, it tries if there's a rule > * for a more generic type. >@@ -585,6 +601,13 @@ > * str_replace("\r\n", "\n", $body); call. > */ > $body = quoted_printable_decode($body); >+ >+ if ($squirrelmail_language != 'ja_JP') { >+ while (ereg("=n", $body)) { >+ $body = ereg_replace ("=n", '', $body); >+ } >+ } >+ > } elseif ($encoding == 'base64') { > $body = base64_decode($body); > } >@@ -1031,6 +1054,75 @@ > } > > /** >+ * Translate all dangerous Unicode or Shift_JIS characters which are acepted by >+ * IE as regular characters. >+ * >+ * @param attvalue The attribute value before dangerous characters are translated. >+ * @return attvalue Nothing, modifies a reference value. >+ * @author Marc Groot Koerkamp. >+ */ >+function sq_fixIE_idiocy(&$attvalue) { >+ // remove NUL >+ $attvalue = str_replace("\0", "", $attvalue); >+ // remove comments >+ $attvalue = preg_replace("/(\/\*.*?\*\/)/","",$attvalue); >+ >+ // IE has the evil habit of excepting every possible value for the attribute expression >+ // The table below contain characters which are valid in IE if they are used in the "expression" >+ // attribute value. >+ $aDangerousCharsReplacementTable = array( >+ array('ʟ', 'ʟ' ,/* L UNICODE IPA Extension */ >+ 'ʀ', 'ʀ' ,/* R UNICODE IPA Extension */ >+ 'ɴ', 'ɴ' ,/* N UNICODE IPA Extension */ >+ 'E', 'E' ,/* Unicode FULLWIDTH LATIN CAPITAL LETTER E */ >+ 'e', 'e' ,/* Unicode FULLWIDTH LATIN SMALL LETTER E */ >+ 'X', 'X',/* Unicode FULLWIDTH LATIN CAPITAL LETTER X */ >+ 'x', 'x',/* Unicode FULLWIDTH LATIN SMALL LETTER X */ >+ 'P', 'P',/* Unicode FULLWIDTH LATIN CAPITAL LETTER P */ >+ 'p', 'p',/* Unicode FULLWIDTH LATIN SMALL LETTER P */ >+ 'R', 'R',/* Unicode FULLWIDTH LATIN CAPITAL LETTER R */ >+ 'r', 'r',/* Unicode FULLWIDTH LATIN SMALL LETTER R */ >+ 'S', 'S',/* Unicode FULLWIDTH LATIN CAPITAL LETTER S */ >+ 's', 's',/* Unicode FULLWIDTH LATIN SMALL LETTER S */ >+ 'I', 'I',/* Unicode FULLWIDTH LATIN CAPITAL LETTER I */ >+ 'i', 'i',/* Unicode FULLWIDTH LATIN SMALL LETTER I */ >+ 'O', 'O',/* Unicode FULLWIDTH LATIN CAPITAL LETTER O */ >+ 'o', 'o',/* Unicode FULLWIDTH LATIN SMALL LETTER O */ >+ 'N', 'N',/* Unicode FULLWIDTH LATIN CAPITAL LETTER N */ >+ 'n', 'n',/* Unicode FULLWIDTH LATIN SMALL LETTER N */ >+ 'L', 'L',/* Unicode FULLWIDTH LATIN CAPITAL LETTER L */ >+ 'l', 'l',/* Unicode FULLWIDTH LATIN SMALL LETTER L */ >+ 'U', 'U',/* Unicode FULLWIDTH LATIN CAPITAL LETTER U */ >+ 'u', 'u',/* Unicode FULLWIDTH LATIN SMALL LETTER U */ >+ 'ⁿ', 'ⁿ' ,/* Unicode SUPERSCRIPT LATIN SMALL LETTER N */ >+ '艤', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER E */ // in unicode this is some chinese char range >+ '芅', /* Shift JIS FULLWIDTH LATIN SMALL LETTER E */ >+ '艷', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER X */ >+ '芘', /* Shift JIS FULLWIDTH LATIN SMALL LETTER X */ >+ '良', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER P */ >+ '芐', /* Shift JIS FULLWIDTH LATIN SMALL LETTER P */ >+ '艱', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER R */ >+ '芒', /* Shift JIS FULLWIDTH LATIN SMALL LETTER R */ >+ '色', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER S */ >+ '芓', /* Shift JIS FULLWIDTH LATIN SMALL LETTER S */ >+ '艨', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER I */ >+ '芉', /* Shift JIS FULLWIDTH LATIN SMALL LETTER I */ >+ '艮', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER O */ >+ '芏', /* Shift JIS FULLWIDTH LATIN SMALL LETTER O */ >+ '艭', /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER N */ >+ '芎'), /* Shift JIS FULLWIDTH LATIN SMALL LETTER N */ >+ array('l', 'l', 'r','r','n','n', >+ 'E','E','e','e','X','X','x','x','P','P','p','p','S','S','s','s','I','I', >+ 'i','i','O','O','o','o','N','N','n','n','L','L','l','l','U','U','u','u','n', >+ 'E','e','X','x','P','p','S','s','I','i','O','o','N','n')); >+ $attvalue = str_replace($aDangerousCharsReplacementTable[0],$aDangerousCharsReplacementTable[1],$attvalue); >+ >+ // Escapes are usefull for special characters like "{}[]()'&. In other cases they are >+ // used for XSS >+ $attvalue = preg_replace("/(\\\\)([a-zA-Z]{1})/",'$2',$attvalue); >+} >+ >+/** > * This function returns the final tag out of the tag name, an array > * of attributes, and the type of the tag. This function is called by > * sq_sanitize internally. >@@ -1496,10 +1588,23 @@ > } > } > } >+ >+ /** >+ * Workaround for IE quirks >+ */ >+ sq_fixIE_idiocy($attvalue); >+ > /** > * Remove any backslashes, entities, and extraneous whitespace. > */ >+ $oldattvalue = $attvalue; > sq_defang($attvalue); >+ if ($attname == 'style' && $attvalue !== $oldattvalue) { >+ // entities are used in the attribute value. In 99% of the cases it's there as XSS >+ // i.e.<div style="{ left:expʀessioɴ( alert('XSS') ) }"> >+ $attvalue = "idiocy"; >+ $attary{$attname} = $attvalue; >+ } > sq_unspace($attvalue); > > /** >@@ -1579,12 +1684,69 @@ > function sq_fixstyle($body, $pos, $message, $id, $mailbox){ > global $view_unsafe_images; > $me = 'sq_fixstyle'; >- $ret = sq_findnxreg($body, $pos, '</\s*style\s*>'); >- if ($ret == FALSE){ >+ >+ // workaround for </style> in between comments >+ $iCurrentPos = $pos; >+ $content = ''; >+ $sToken = ''; >+ $bSucces = false; >+ $bEndTag = false; >+ for ($i=$pos,$iCount=strlen($body);$i<$iCount;++$i) { >+ $char = $body{$i}; >+ switch ($char) { >+ case '<': >+ $sToken .= $char; >+ break; >+ case '/': >+ if ($sToken == '<') { >+ $sToken .= $char; >+ $bEndTag = true; >+ } else { >+ $content .= $char; >+ } >+ break; >+ case '>': >+ if ($bEndTag) { >+ $sToken .= $char; >+ if (preg_match('/\<\/\s*style\s*\>/i',$sToken,$aMatch)) { >+ $newpos = $i + 1; >+ $bSucces = true; >+ break 2; >+ } else { >+ $content .= $sToken; >+ } >+ $bEndTag = false; >+ } else { >+ $content .= $char; >+ } >+ break; >+ case '!': >+ if ($sToken == '<') { >+ // possible comment >+ if (isset($body{$i+2}) && substr($body,$i,3) == '!--') { >+ $i = strpos($body,'-->',$i+3); >+ if ($i === false) { // no end comment >+ $i = strlen($body); >+ } >+ $sToken = ''; >+ } >+ } else { >+ $content .= $char; >+ } >+ break; >+ default: >+ if ($bEndTag) { >+ $sToken .= $char; >+ } else { >+ $content .= $char; >+ } >+ break; >+ } >+ } >+ if ($bSucces == FALSE){ > return array(FALSE, strlen($body)); > } >- $newpos = $ret[0] + strlen($ret[2]); >- $content = $ret[1]; >+ > /** > * First look for general BODY style declaration, which would be > * like so: >@@ -1593,12 +1755,18 @@ > */ > $content = preg_replace("|body(\s*\{.*?\})|si", ".bodyclass\\1", $content); > $secremoveimg = '../images/' . _("sec_remove_eng.png"); >+ >+ // IE Sucks hard. We have a special function for it. >+ sq_fixIE_idiocy($content); >+ >+ // remove @import line >+ $content = preg_replace("/^\s*(@import.*)$/mi","\n<!-- @import rules forbidden -->\n",$content); >+ > /** > * Fix url('blah') declarations. > */ >- // remove NUL >- $content = str_replace("\0", "", $content); > // translate ur\l and variations into url (IE parses that) >+ // TODO check if the sq_fixIE_idiocy function already handles this. > $content = preg_replace("/(\\\\)?u(\\\\)?r(\\\\)?l(\\\\)?/i",'url', $content); > // NB I insert NUL characters to keep to avoid an infinite loop. They are removed after the loop. > while (preg_match("/url\s*\(\s*[\'\"]?([^:]+):(.*)?[\'\"]?\s*\)/si", $content, $matches)) { >@@ -1657,11 +1825,13 @@ > * in IE. > */ > $match = Array('/\/\*.*\*\//', >- '/expression/i', >- '/behaviou*r/i', >- '/binding/i', >- '/include-source/i'); >- $replace = Array('', 'idiocy', 'idiocy', 'idiocy', 'idiocy'); >+ '/expression/i', >+ '/behaviou*r/i', >+ '/binding/i', >+ '/include-source/i', >+ '/javascript/i', >+ '/script/i'); >+ $replace = Array('','idiocy', 'idiocy', 'idiocy', 'idiocy', 'idiocy', 'idiocy'); > $contentNew = preg_replace($match, $replace, $contentTemp); > if ($contentNew !== $contentTemp) { > // insecure css declarations are used. From now on we don't care >@@ -2143,13 +2313,14 @@ > $isIE6plus = true; > } > >- if (isset($languages[$squirrelmail_language]['XTRA_CODE']) && >- function_exists($languages[$squirrelmail_language]['XTRA_CODE'])) { >- $filename = >- $languages[$squirrelmail_language]['XTRA_CODE']('downloadfilename', $filename, $HTTP_USER_AGENT); >- } else { >- $filename = ereg_replace('[\\/:\*\?"<>\|;]', '_', str_replace(' ', ' ', $filename)); >- } >+ if($squirrelmail_language != 'ja_JP') >+ if (isset($languages[$squirrelmail_language]['XTRA_CODE']) && >+ function_exists($languages[$squirrelmail_language]['XTRA_CODE'])) { >+ $filename = >+ $languages[$squirrelmail_language]['XTRA_CODE']('downloadfilename', $filename, $HTTP_USER_AGENT); >+ } else { >+ $filename = ereg_replace('[\\/:\*\?"<>\|;]', '_', str_replace(' ', ' ', $filename)); >+ } > > // A Pox on Microsoft and it's Internet Explorer! > // >@@ -2164,10 +2335,10 @@ > // version > //set all the Cache Control Headers for IE > if ($isIE) { >- if($squirrelmail_language != 'ja_JP' && >- $_SERVER['HTTP_ACCEPT_LANGUAGE'] != 'ja'){ >- $filename=rawurlencode($filename); >- } >+ if($squirrelmail_language != 'ja_JP') >+ $filename=rawurlencode($filename); >+ else >+ $filename = mb_convert_encoding($filename,"SJIS"); > header ("Pragma: public"); > header ("Cache-Control: no-store, max-age=0, no-cache, must-revalidate"); // HTTP/1.1 > header ("Cache-Control: post-check=0, pre-check=0", false); >@@ -2206,11 +2377,15 @@ > > // This works for most types, but doesn't work with Word files > header ("Content-Type: application/download; name=\"$filename\""); >- >+ // This is to prevent IE for MIME sniffing and auto open a file in IE >+ header ("Content-Type: application/force-download; name=\"$filename\""); > // These are spares, just in case. :-) > //header("Content-Type: $type0/$type1; name=\"$filename\""); > //header("Content-Type: application/x-msdownload; name=\"$filename\""); > //header("Content-Type: application/octet-stream; name=\"$filename\""); >+ } else if ($isIE) { >+ // This is to prevent IE for MIME sniffing and auto open a file in IE >+ header ("Content-Type: application/force-download; name=\"$filename\""); > } else { > // another application/octet-stream forces download for Netscape > header ("Content-Type: application/octet-stream; name=\"$filename\"");
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=146259">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 204211
:
134993
| 146259