Skip to content

Instantly share code, notes, and snippets.

@ShivnarenSrinivasan

ShivnarenSrinivasan/helpers.py

Last active May 7, 2022 13:27
Show Gist options
  • Save ShivnarenSrinivasan/58412c09d94153f74f20bf1d6973f606 to your computer and use it in GitHub Desktop.
Save ShivnarenSrinivasan/58412c09d94153f74f20bf1d6973f606 to your computer and use it in GitHub Desktop.
Download ZIP
Week 6: Software bug
Raw
helpers.py
from __future__ import annotations
import string
from typing import (
Callable,
Collection,
)
import numpy as np
import pandas as pd
import nltk
from sklearn import (
base,
pipeline,
preprocessing,
linear_model,
)
from sklearn.pipeline import (
Pipeline,
)
from sklearn.decomposition import (
PCA,
)
from sklearn.preprocessing import (
StandardScaler,
)
from sklearn.feature_extraction.text import (
CountVectorizer,
TfidfVectorizer,
)
import data_analysis as da
STOPWORDS = nltk.corpus.stopwords.words('english')
def load_data(
filename: str = 'https://gist.githubusercontent.com/ShivnarenSrinivasan/58412c09d94153f74f20bf1d6973f606/raw/3a8c5a97ae81648fef60b73222dea9ecca3a23f5/issues_data.csv',
) -> pd.DataFrame:
return pd.read_csv(filename)
def tp_title(text: str) -> str:
def is_valid_word(word: str) -> bool:
valid_patterns = {
'->',
'=>',
'?:',
}
return word in valid_patterns or (
word.isascii()
# * plenty of useful 3 letter phrases like JIT, CSS
# and len(word) > 3
)
def clean(word: str) -> str:
strip_chars = string.punctuation + ' '
return word.strip(strip_chars)
stop_words_eng = set(STOPWORDS)
return ' '.join(
clean(word)
for word in text.lower().split()
if is_valid_word(word) and word not in stop_words_eng
)
def tp_body(txt: str) -> str:
def not_metadata(txt: str) -> bool:
return not (txt.startswith('_') and txt.endswith('_'))
def clean(txt: str) -> str:
def not_url(txt: str) -> bool:
urls = {"www", "http", ".net", ".com"}
return not any(url in txt for url in urls)
return ' '.join(word for word in tp_title(txt).split() if not_url(word))
lines = txt.replace('\r', '').split('\n')
return ' '.join(clean(line) for line in lines if not_metadata(line)).strip()
def subset_rows(df: pd.DataFrame) -> pd.DataFrame:
return ~((df['Issue Title'].str.isspace()) & (df['Issue Body'].str.isspace()))
def get_binned_labels(ser: pd.Series, n: int = 3) -> Collection[str]:
return ser.value_counts().index[n:]
def label_counts(data: da.Data) -> pd.Series:
return pd.Series(data.y).value_counts()
def check_null(dataset: da.Dataset):
train = dataset.data.train
return pd.Series(train.y).isnull().sum(), train.X.isnull().sum()
# Data Utilities
def map_labels(labels: Collection[str], enc_label: str) -> Callable[[str], str]:
mapping = {label: enc_label for label in labels}
def map_label(label: str) -> str:
return mapping.get(label, label)
return map_label
def make_X(
df: pd.DataFrame,
cols: tuple[str, str] = ('Issue Title', 'Issue Body'),
label: str = 'Issues',
) -> pd.DataFrame:
return pd.DataFrame({label: df[cols[0]].str.cat(df[cols[1]], sep=' ')})
def make_y(df: pd.DataFrame, col: str) -> np.ndarray:
return df.filter(like=col).to_numpy().ravel()
def gen_dataset(df: pd.DataFrame, targ: str, bin: bool = False) -> da.Dataset:
X = make_X(df)
y = pd.Series(make_y(df, targ))
def binned(y: pd.Series):
bin_labels = get_binned_labels(y)
return y.map(map_labels(bin_labels, f'{targ}_other'))
return da.Dataset(da.TrainTestData.from_xy(X, binned(y) if bin else y), targ)
# Training
def bag_of_words(model: base.BaseEstimator, n_pca: int = 100) -> Pipeline:
return pipeline.make_pipeline(
preprocessing.FunctionTransformer(lambda df: df.to_numpy().ravel()),
CountVectorizer(),
preprocessing.FunctionTransformer(lambda x: x.toarray()),
StandardScaler(),
PCA(n_pca),
model,
)
def _transformer(trans, n_pca: int) -> Pipeline:
return pipeline.make_pipeline(
preprocessing.FunctionTransformer(lambda df: df.to_numpy().ravel()),
trans,
preprocessing.FunctionTransformer(lambda x: x.toarray()),
StandardScaler(),
PCA(n_pca),
)
def tfidf(model: base.BaseEstimator, n_pca: int = 100) -> Pipeline:
return pipeline.make_pipeline(
_transformer(TfidfVectorizer(), n_pca),
model,
)
def build_log_clf():
return linear_model.LogisticRegressionCV(
solver='liblinear', class_weight='balanced', n_jobs=-1
)
def gen_report(dataset: da.Dataset, model: Pipeline) -> da.Report:
return da.Report.from_estimator(dataset.data.test, model)
Raw
issues_data.csv
Defect-ID in Roundcube Github issues repository Issue Title Issue Body Defect Type Family using IEEE Defect Type Family using ODC
#4528 Wrong alert when uploading attachment over size _Reported by @alecpl on 17 Apr 2014 15:33 UTC as Trac ticket #1489817_ If I try to upload a file which is too big I see error message and alert (app.js:1078). If upload fails because of size, the alert should not be displayed. _Migrated-From: http://trac.roundcube.net/ticket/1489817_ ieee_logicData control_flow
#4529 Recovery lost draft message ? _Reported by L1Ntu on 17 Apr 2014 19:41 UTC as Trac ticket #1489818_ After updating from 0.9.4 to 1.0.0 when i click to compose i have popup : --- Recovering message Founded early composed but not sended message. Theme : ... Saved : ... Do u want to recover it ? --- After any option (recover/delete/ignore) after some period of time it appears again... _Migrated-From: http://trac.roundcube.net/ticket/1489818_ ieee_logicData control_flow
#4530 Switching from html to text when initially composing a message should not display a warning _Reported by arodier on 18 Apr 2014 16:09 UTC as Trac ticket #1489819_ When composing a new message, if the default format is HTML and I switch straight to text format, no warning should be displayed since the body is empty This is just annoying. _Migrated-From: http://trac.roundcube.net/ticket/1489819_ ieee_logicData control_flow
#4532 problem with raw message headers _Reported by Thunderstick on 19 Apr 2014 10:06 UTC as Trac ticket #1489821_ Hello, when i want to toggle the raw message headers in Roundcube 1.0.0 i get the error "Could not load message from server." This is the entry in the imap logfile: ``` [19:04:44 +0200](10-Apr-2014): [S: * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS](CB3D]) Courier-IMAP ready. Copyright 1998-2010 Double Precision, Inc. See COPYING for distribution information. [19:04:44 +0200](10-Apr-2014): [C: A0001 LOGIN XXXX XXXXX [10-Apr-2014 19:04:44 +0200](CB3D]): [S: A0001 OK LOGIN Ok. [10-Apr-2014 19:04:44 +0200](CB3D]): [C: A0002 SELECT junk [10-Apr-2014 19:04:44 +0200](CB3D]): [S: A0002 NO Mailbox does not exist, or must be subscribed to. [10-Apr-2014 19:04:44 +0200](CB3D]): [C: A0003 LOGOUT [10-Apr-2014 19:04:44 +0200](CB3D]): [S: * BYE Courier-IMAP server shutting down [10-Apr-2014 19:04:44 +0200](CB3D]): [CB3D] S: A0003 OK LOGOUT completed ``` _Migrated-From: http://trac.roundcube.net/ticket/1489821_ ieee_logicData control_flow
#4534 Followup-To always blank when sending mail _Reported by brendan on 23 Apr 2014 17:05 UTC as Trac ticket #1489829_ If when composing mail you choose to add a Followup-To address, the resulting message will have an empty Followup-To header. _Keywords: followup-to_ _Migrated-From: http://trac.roundcube.net/ticket/1489829_ ieee_logicData control_flow
#4535 email address blank when importing contacts from outlook csv _Reported by brendan on 23 Apr 2014 17:14 UTC as Trac ticket #1489830_ when importing a csv addressbook file from outlook, the email address fails to import. _Migrated-From: http://trac.roundcube.net/ticket/1489830_ ieee_logicData control_flow
#4536 spellchecker generate errormessage if no text exists _Reported by rocknob on 24 Apr 2014 11:04 UTC as Trac ticket #1489831_ if you compose a message, and without entering any text press the spellchecking button. roundcube will generate the message "An error was encountered on the server. Please try again later." _Migrated-From: http://trac.roundcube.net/ticket/1489831_ ieee_logicData control_flow
#4539 postgresql initialization not working properly with DB-Prefix _Reported by imlich on 28 Apr 2014 11:05 UTC as Trac ticket #1489839_ in the past I have separated data from different roundcube versions by using different schemas in postgresql and tweaking the code such that the search_path is set accordingly. Now upgrading to 1.0.0 I thought to give the installer a try and using a DB-Prefix instead of separate schema. fix_table_names in rcmail_installer.php is not working properly: A) INDEXES are not handled. So adding a similar code as for CREATE SEQUENCE will help. B) CONSTRAINTS/INDEXES are not handled properly if they have an explicit name, as the DB-Prefix would need to be added, e.g. in table "users", it should read: CONSTRAINT DBPREFIXusers_username_key UNIQUE (username, mail_host) as you get otherwise naming conflicts. The easiest to avoid this is NOT to use explicit names for constraints and indexes. Postgresql will then create unique names (which will be according to {tablename}{columnname(s)}{suffix} ). _Keywords: postgresql,initialization,schema,prefix_ _Migrated-From: http://trac.roundcube.net/ticket/1489839_ ieee_interface structural
#4542 Broken threading structure on messages list _Reported by @alecpl on 30 Apr 2014 07:22 UTC as Trac ticket #1489845_ This is only in git-master. No problem in release-1.0 branch. The threading structure displays only two levels of a thread. E.g. ``` one two three ``` in git-master is ``` one two three ``` _Migrated-From: http://trac.roundcube.net/ticket/1489845_ ieee_logicData control_flow
#4549 addressbook searching broken _Reported by corbosman on 8 May 2014 14:51 UTC as Trac ticket #1489869_ In current git addressbook searching is broken. It assumes a _headers which isnt passed, and s_mods isnt passed either. _Migrated-From: http://trac.roundcube.net/ticket/1489869_ ieee_logicData control_flow
#4550 Draft saved automatically even the "draft_autosave" is disabled _Reported by kevinlam on 12 May 2014 15:11 UTC as Trac ticket #1489882_ Update to 1.01 last night and a major bug found. When the compose button was clicked, the editor window shows up as usual. However, a message box appeared immediately and it said "Message save to Draft". I checked the env variables and the value of "draft_autosave" is 0. I haven't clicked any button except the "compose" during the whole process. I checked the network flows and I found that an extra "POST" request sent to the server with params "_task=mail&_action=send&_draft=1....". I think the bug may come from javascript part. Please fix it as soon as possible. _Migrated-From: http://trac.roundcube.net/ticket/1489882_ ieee_logicData control_flow
#4555 Google Maps URL broken when converting to link _Reported by spyjo on 16 May 2014 08:40 UTC as Trac ticket #1489898_ Hello, If I send a text email with this kind of url (new format of Google Maps URL), the generated link is broken: https://www.google.com/maps/place/New+York,+tat+de+New+York/@40.7056308,-73.9780035,11z/data=!3m1!4b1!4m2!3m1!1s0x89c24fa5d33f083b:0xc80b8f06e177fe62 The link displayed in the email view is https://www.google.com/maps/place/New+York,+tat+de+New+York/@40.7056308,-73.9780035,11z , and the other part of the url (starting at "/data...") is not included in the generated link. Thanks _Keywords: href, url_ _Migrated-From: http://trac.roundcube.net/ticket/1489898_ ieee_logicData control_flow
#4558 HTML rendering problems with HTML comments _Reported by r4l on 20 May 2014 14:54 UTC as Trac ticket #1489904_ The following HTML code breaks the rendering by showing part of the HTML comment's content ("HIDDEN HR TAG -->" is visible in the rendered message): <!DOCTYPE html PUBLIC "-_W3C_DTD XHTML 1.0 Transitional//EN"> <html><body> <center> <!-- <hr>HIDDEN HR TAG</hr> --> </center> <p>This is a simple <strong>HTML</strong> test message.</p> </body></html> _Keywords: html rendering comments_ _Migrated-From: http://trac.roundcube.net/ticket/1489904_ ieee_logicData control_flow
#4560 Message unselect issue after select-all _Reported by @alecpl on 21 May 2014 07:39 UTC as Trac ticket #1489906_ Steps: 1. Go to messages list 2. Select all messages using Select > All. 3. Unselect one message with mouse and Ctrl key. 4. Click out of messages list and observe that the unselected message becomes selected. And another case: 1-3. as above 4. Try to unselect another one with click + Ctrl, observe that previously unselected message becomes selected. Tested with git-master. _Migrated-From: http://trac.roundcube.net/ticket/1489906_ ieee_logicData control_flow
#4561 Switching between list and threads views doesn't reset range of shown threads _Reported by dkasak on 21 May 2014 11:52 UTC as Trac ticket #1489907_ As the summary says, switching between list and threads views doesn't reset range of shown threads. This can in certain cases lead to anomalous ranges and pages with no threads displayed. Steps to reproduce: 1. Have enough threads so you have at least two thread pages in a single mailbox. 2. Have the threads from step 1 be sufficiently "thready" so that, in list view, there are more pages than in threads view. 3. Switch to list view. 4. Go to the last page (note the displayed range at the bottom, i.e. N to M of M). 5. Switch to threads view (note the displayed range, which should now be N to P of P, where N > P and P < M). The displayed page should now be void of any threads and the displayed range erroneous. Switching between different views should probably reset the beginning of the displayed range to 0. _Migrated-From: http://trac.roundcube.net/ticket/1489907_ ieee_logicData control_flow
#4563 When try search with cyrillic symbols, receive A0005 NO [BADCHARSET (US-ASCII)] Character set not supported for search. _Reported by Andrei on 22 May 2014 09:58 UTC as Trac ticket #1489911_ Dear Support, When I try cyrillic search on roundcube, which connect to mailserver (Mailenable), I receive error "A0005 NO [(US-ASCII)](BADCHARSET) Character set not supported for search." In Attachment, you can see: 1) Roundcube IMAP Log 2) MailEnbale IMAP Log Could you help to resolve this problem? _Migrated-From: http://trac.roundcube.net/ticket/1489911_ ieee_standards control_flow
#4566 insert response window does not close after clicking _Reported by andipfaff on 23 May 2014 12:44 UTC as Trac ticket #1489915_ If you create a new message and open the pulldown with the predefined Responses, click on an entry to insert a response but the window does not close automatically and hides the message body. Best regards Andi _Migrated-From: http://trac.roundcube.net/ticket/1489915_ ieee_logicData control_flow
#4567 HTML message contains unreadable text _Reported by JObermann on 27 May 2014 11:49 UTC as Trac ticket #1489917_ The display of text lines in the html part of a multi-part message in MIME format is corrupt because several lines of text are written over each other. Somehow the correct line spacing is missing there, this could be an error in a cascading style sheet. The mail is attached. _Keywords: html_ _Migrated-From: http://trac.roundcube.net/ticket/1489917_ ieee_logicData control_flow
#4568 Broken rcube_utils::normalize_string method _Reported by @alecpl on 27 May 2014 12:55 UTC as Trac ticket #1489918_ Since https://github.com/roundcube/roundcubemail/commit/ceb5b56c3b8db37425338e9c2661c5c4bc4ac069 this method does not normalize latin-1 characters at all. _Migrated-From: http://trac.roundcube.net/ticket/1489918_ ieee_logicData control_flow
#4569 opening unread mails in new window does not update counter of unread mails and mail list _Reported by JObermann on 27 May 2014 13:20 UTC as Trac ticket #1489919_ If I set Preferences -> Interface -> "Open message in a new window" and then read new mails, the counter of unread mails beside the folder name in the folder list in the parent window is never decreased and counted to zero, like it is if I read new mails in the same window. After closing the new window the now wrong counter is still there and suggests that I would have more unread mails, and the mails I actually did read are also still marked as unread. The refresh button only updates the mail list and marks the mails I had read in the new window now as unread, but it does not update the folder list and the wrong counter there. I think reading mails in a new, separate window should also update the status information in the parent window. _Migrated-From: http://trac.roundcube.net/ticket/1489919_ ieee_logicData control_flow
#4574 Switching from the default editor to the HTML editor sends plain text _Reported by GieltjE on 5 Jun 2014 08:01 UTC as Trac ticket #1489928_ When composing an email while starting in the normal editor and switching to the HTML editor afterwards and sending an simple email with just an (numbered) list the email gets send as plain text (including HTML tags). _Migrated-From: http://trac.roundcube.net/ticket/1489928_ ieee_logicData control_flow
#4575 Accessibility issues _Reported by @alecpl on 6 Jun 2014 08:11 UTC as Trac ticket #1489929_ 1. Firefox: Pressing Tab in folders list moves focus to list footer which is fine, but also scrolls the list to bottom which is not good. 2. Firefox: Not possible to go out of TinyMCE editor area with Tab key. 3. Opera: Focused elements have blue outline/border which is redundant and unwanted for some elements. 4. Opera: some elements are not accessible with Tab key e.g. More actions button in toolbar. Also pressing Enter does not select first item in popup menu, so menus are not accessible with keyboard. 5. Opera: Message preview frame can't be accessed with Tab. 6. Firefox: Using arrow keys in folders list (with many folders) works but makes the list scroll too much, so selected element might become hidden. _Migrated-From: http://trac.roundcube.net/ticket/1489929_ ieee_interface control_flow
#4576 messages list refreshes after fwd/reply _Reported by dvl on 6 Jun 2014 13:21 UTC as Trac ticket #1489931_ re: http://lists.roundcube.net/pipermail/users/2014-June/010518.html I recently upgraded from Roundcube 0.9.x and I'm now using Roundcube 1.0.1 on FreeBSD with PHP 5.5 With the new release, I find that the messages list refreshes after replying or forwarding. Example: The messages list is scrolled down and I am reading the 15th message in my folder. It is selected. I reply. I hit send. The messages list refreshes. Now I'm scrolled to the top and no message is selected. Now I have to search for the message which I had previously selected. _Migrated-From: http://trac.roundcube.net/ticket/1489931_ ieee_logicData control_flow
#4577 classic skin regressions in popups handling _Reported by JohnDoh on 7 Jun 2014 09:21 UTC as Trac ticket #1489932_ in the classic skin the list options menu is displayed when you select "move too..." or "copy too..." from the message options menu. Also the gear icon at the left hand end of the list headers to tigger the list options menu is missing. all plugins disabled. _Migrated-From: http://trac.roundcube.net/ticket/1489932_ ieee_logicData control_flow
#4579 Wrong input fonts in Mozilla browsers _Reported by Jochen on 9 Jun 2014 15:39 UTC as Trac ticket #1489936_ The style sheets in all themes should have the following line: input, textarea, select, button{font-family:inherit;font-size:inherit;} Otherwise firefox browsers use the system font for all these elements, and that sometimes look really ugly (depending on system configuration). See also: http://stackoverflow.com/questions/6080413/why-doesnt-input-inherit-the-font-from-body _Migrated-From: http://trac.roundcube.net/ticket/1489936_ ieee_interface control_flow
#4580 Prevent memory exhaustion on image resizing (PHP GD) _Reported by rosali on 10 Jun 2014 06:15 UTC as Trac ticket #1489937_ http://lists.roundcube.net/pipermail/dev/2014-May/023336.html _Migrated-From: http://trac.roundcube.net/ticket/1489937_ ieee_logicData control_flow
#4581 default folders and dont_override _Reported by waster on 11 Jun 2014 08:21 UTC as Trac ticket #1489940_ If I use ``` $config['dont_override'] = array('default_folders') ``` then corresponding section is displayed on a settings page and hangs while clicking on it Logs contains: ``` PHP Fatal error: Call to a member function show() on a non-object in /var/www/roundcube-new/program/steps/settings/func.inc on line 1058 ``` I guess whole section should not displayed with such dont_override setting. _Migrated-From: http://trac.roundcube.net/ticket/1489940_ ieee_logicData control_flow
#4583 Address codepage _Reported by AnteC on 13 Jun 2014 10:44 UTC as Trac ticket #1489942_ When i want to reply at current message and click on From address then new email created with wrong codepage. But if i press Reply button new email created with correct cyrillic codepage. Roundcube is 1.0.1. I try different browser - last Chrome, IE 11, Opera. _Keywords: address codepage_ _Migrated-From: http://trac.roundcube.net/ticket/1489942_ ieee_logicData control_flow
#4587 message_cache config option requirements aren't explicit _Reported by Guillaume on 14 Jun 2014 21:32 UTC as Trac ticket #1489946_ The message_cache config option have a lot of requirements that are only explicit in the synchronize() function of program/lib/Roundcube/rcube_imap_cache.php. Those requirements aren't provided by any major open source imap clients (by that I mean courier, postfix and dovecot). I've provided a patch which clarify the help message. _Keywords: messages_cache_ _Migrated-From: http://trac.roundcube.net/ticket/1489946_ ieee_description non_functional
#4589 Add option to specify IMAP connection options _Reported by @alecpl on 16 Jun 2014 06:15 UTC as Trac ticket #1489948_ The same as we do for SMTP via smtp_conn_options we should allow the same attributes for IMAP. The reason for this is that PHP 5.6 does peer verfication on ssl connection by default. Users should have an option to disable that or change certs location. http:_www.php.net_manual/en/migration56.openssl.php _Migrated-From: http://trac.roundcube.net/ticket/1489948_ ieee_interface structural
#4591 Compose - TinyMCE - odd horizontal scrollbar _Reported by rosali on 16 Jun 2014 14:02 UTC as Trac ticket #1489950_ - Option HTML always - Compose in new window disabled - Reply to a message - TinyMCE loads with a horizontal scroll bar (even for a message which should fit the width) Browser: Recent Chrome (Version 35.0.1916.153 m) Possible fix: ./skins/larry/editor_content.css ``` body { background-color: #FFFFFF; margin-left: 4px; margin-right: 4px; margin-top: 2px; width: 98%; } ``` NOTE: editor_content.css is binded without cache breaker (another bug?) so you see the change only after a hard reload. _Migrated-From: http://trac.roundcube.net/ticket/1489950_ ieee_interface control_flow
#4592 Create/rename contact group in jQuery UI dialog _Reported by @alecpl on 17 Jun 2014 16:13 UTC as Trac ticket #1489951_ The inline input element on groups list is not perfect. There are some issues, e.g. its width is not aligned with box width, it can be hidden by Esc only when you're in the input, etc. I propose to replace this with something skin-independent i.e. a dialog window. _Migrated-From: http://trac.roundcube.net/ticket/1489951_ ieee_interface structural
#4593 UI issue when opening Settings with _extwin=1 _Reported by @alecpl on 17 Jun 2014 16:49 UTC as Trac ticket #1489952_ # mainscreen should not have "offset" class. It happens when you click "Edit responses" or "Edit identities" in compose window that is already an external window. This is in Larry. In classic skin _extwin argument is ignored. _Migrated-From: http://trac.roundcube.net/ticket/1489952_ ieee_interface control_flow
#4594 entering TO email address in compose gives error _Reported by litody on 17 Jun 2014 17:19 UTC as Trac ticket #1489954_ typing in an email address for TO: in compose pops up error incorrect email address before I've finished typing it. _Keywords: to address_ _Migrated-From: http://trac.roundcube.net/ticket/1489954_ ieee_logicData control_flow
#4598 Return Receipt (read) using incorrect translation _Reported by joydev on 25 Jun 2014 07:30 UTC as Trac ticket #1489963_ In English the receipt use the same word "Sent" as the default Sent folder for the sent date heading, however languages like Chinese do not share the same translation. It may be better to use "Sent date" for the receipt instead. _Migrated-From: http://trac.roundcube.net/ticket/1489963_ ieee_interface structural
#4602 No-email contact handling in compose addressbook widget _Reported by @alecpl on 2 Jul 2014 17:24 UTC as Trac ticket #1489970_ We support contacts with no email addresses. Such contacts are skipped on autocompletion. However, they are displayed on addressbook widget in compose screen. Clicking them is possible and inserts invalid entry into recipient field(s). We should either do not show them or make them virtual (disabled). _Migrated-From: http://trac.roundcube.net/ticket/1489970_ ieee_logicData control_flow
#4603 Deactivate Delete button/action after deleting a response _Reported by @alecpl on 4 Jul 2014 10:09 UTC as Trac ticket #1489972_ After a response is deleted in Settings > Responses Delete button should be deactivated. _Migrated-From: http://trac.roundcube.net/ticket/1489972_ ieee_interface control_flow
#4604 VCard import with images is broken _Reported by Eris on 7 Jul 2014 08:55 UTC as Trac ticket #1489977_ If you try to import a VCard 2.1 with an Image the Image is broken after upload. Thats because the base64 string get decoded and then unquoted. If you try a VCard 3.0 there its also broken because it seams that the vcard decoder doesn't set the content base64 encoded so it get not encoded on save. VCard 4.0 is untested. _Migrated-From: http://trac.roundcube.net/ticket/1489977_ ieee_logicData control_flow
#4607 Installto.sh script does not remove old .htaccess file _Reported by Dinacel on 9 Jul 2014 22:57 UTC as Trac ticket #1489980_ Hi, it seems there's some browser capabilities check in the javascript codebase (~/program/js/app.min.js), and it fails everytime because there's an error in the "~/program/.htaccess" file which prevent the "~/program/resources/blank.tif" image to be loaded by the browser (403 - Forbidden). I suggest this change: ``` <IfModule mod_rewrite.c> RewriteEngine On RewriteRule !^js|.*\.gif$ - [mod_rewrite.c> RewriteEngine On RewriteRule !^js|.*\.gif|.*\.tif$ - [F](F] </IfModule> ``` with ``` <IfModule) </IfModule> ``` _Migrated-From: http://trac.roundcube.net/ticket/1489980_ ieee_otherBuildConfigInstall non_functional
#4608 Sorting without IMAP SORT command not working _Reported by sisko1990 on 10 Jul 2014 18:44 UTC as Trac ticket #1489981_ Hi, I connect to a IMAP server that doesn't support the SORT command. I think that in that cases roundcube will sort the mails for me. But the sorting e.g. by size is wrong. Can we fix that bug with sorting on the roundcube size or if that isn't possible, can roundcube deactivate the sorting feature in the GUI? (So that I am not confused anymore?) _Keywords: sorting_ _Migrated-From: http://trac.roundcube.net/ticket/1489981_ ieee_logicData control_flow
#4610 Wrong mime type checks in Installer _Reported by @alecpl on 11 Jul 2014 07:41 UTC as Trac ticket #1489983_ 1. On Hiawatha server mime.types does not contain application/java-archive but application/x-java-archive. 2. rcube_mime::get_mime_extensions() returns hash array but we're checking first element by index 0 in line 501 of rcube_install.php file. Also on Hiawatha for application/x-tar the result is array('tgz', 'tar'). _Migrated-From: http://trac.roundcube.net/ticket/1489983_ ieee_otherBuildConfigInstall non_functional
#4611 Illegal offset type in /roundcube/program/lib/Roundcube/rcube_imap.php _Reported by JohnDoh on 13 Jul 2014 09:58 UTC as Trac ticket #1489985_ On login the message: ``` PHP Warning: Illegal offset type in /roundcube/program/lib/Roundcube/rcube_imap.php on line 3302 ``` appears in the Roundcube error log. The message only comes up immediatly after login. I think it is caued by something in 07893b3cdd. Tested with caching enabled and disabled. _Migrated-From: http://trac.roundcube.net/ticket/1489985_ ieee_logicData control_flow
#4616 Missing charset if plaintext and not flowed format _Reported by Chumba on 20 Jul 2014 14:32 UTC as Trac ticket #1489992_ Hi, When I have send_format_flowed set to false, and if I send out a plaintext message, the header won't contain the mail charset. It then looks like this: Content-Type: text/plain; charset= With send_format_flowed set to true, the charset is set: Content-Type: text/plain; charset=US-ASCII; format=flowed This bug was not present in 0.9x. Also, in 0.9x, the charset was UTF-8 rather than US-ASCII. Any reason why 1.0.1 would prefer the local charset over unicode here? _Migrated-From: http://trac.roundcube.net/ticket/1489992_ ieee_interface structural
#4617 Various iCloud vCard issues, add fallback for external photos _Reported by rosali on 21 Jul 2014 04:12 UTC as Trac ticket #1489993_ Apple iCloud vcards contain an URL as Photo data, f.e.: ``` VERSION:3.0 PHOTO;ENCODING=B:aHR0cHM6Ly9w ... masked ... MWVjYWU0ZTM1NjZiN2Q2MThkMjY= ``` In this case the photo display in preview pane and mail view fails. Possible fix: ./program/steps/addressbook/photo.inc ::: line 67ff. ``` // let plugins do fancy things with contact photos $plugin = $RCMAIL->plugins->exec_hook('contact_photo', array('record' => $record, 'email' => $email, 'data' => $data)); // check if data is an URL if (filter_var($data, FILTER_VALIDATE_URL)) { $plugin['url'] = $data; } ``` _Migrated-From: http://trac.roundcube.net/ticket/1489993_ ieee_logicData control_flow
#4620 Accessibility issues _Reported by @alecpl on 23 Jul 2014 11:24 UTC as Trac ticket #1489997_ 1. Arrow Up/Down key can not be used to move to/from saved-search entry on addressbook sources list. E.g. When I jump into first addressbook entry with Tab I can move down with Arrow-Down key, I can move on addressbooks and groups, but not saved-searches. I need to use Tab again. 2. If I click below messages or contacts list, the list receives focus, that's nice. However, the same is not possible with folders list or address book sources list. _Migrated-From: http://trac.roundcube.net/ticket/1489997_ ieee_interface control_flow
#4621 Message flag FORWARDED _Reported by rosali on 24 Jul 2014 14:59 UTC as Trac ticket #1490000_ Roundcube seems to expect that all server support FORWARDED flag. hMailserver does not. Nevertheless I see in the GUI the forwarded icon. After a while this icon disappears. I have not investigated the issue but I guess Roundcube injects the icon by Javascript into the GUI and it treats the message in the cache as having a FORWARDED flag. IMO, Roundcube should not assume server support for FORWARDED flag. _Migrated-From: http://trac.roundcube.net/ticket/1490000_ ieee_interface structural
#4628 Error when using back button after sending an email _Reported by mgrum on 30 Jul 2014 14:40 UTC as Trac ticket #1490009_ When you click on the browser's back button after sending an email, you get back to a URL that contains the `_id` of the message you have just sent. But since there is no `$_SESSION['compose_data_']` entry for this message any more, you get an error page in the browser and a log entry that says `PHP Error: Invalid compose ID`. Apparently, there are some users who do this (probably because they want to get back to the compose form to write another mail). The obvious solution to allow this without an error would be to create a new compose ID in these cases. But there is this a comment in program/steps/compose.inc that claims it is better to abort and show the error page, because otherwise we might create infinite redirect loops. The comment references bug #1487028. However, after reading both the code and the bug report I don't understand how these infinite redirects could happen. Even loosing the session data between the ID generation and the page reload does not cause an infinite loop, it just causes a second iteration. I think the only real possibility that could actually lead to infinite redirects would be a situation where roundcube cannot write session variables at all (but that would break a lot of things and would probably make normal usage impossible anyway). So am I missing something? Or is it safe to disable the error message? Maybe bug #1487028 is just not relevant any more? _Migrated-From: http://trac.roundcube.net/ticket/1490009_ ieee_logicData control_flow
#4630 Error displayed when adding a new contact. _Reported by jusbuc2k on 3 Aug 2014 02:49 UTC as Trac ticket #1490015_ When adding a new contact with a search filter applied to the address book, the error message "The requested contact was not found" is displayed. The contact is actually saved, the UI just fails to load the newly saved contact's details view. == Environment == - Roundcube 1.0.2 - PHP 5.4.4-14+deb7u12 - Apache on Debian 7 - Dovecot / Postfix - Chrome 36.0.1985.125, Firefox 31, IE11 Roundcube Plugins Enabled: - application_passwords 0.1.0 - Attachment Reminder 1.1 - markasjunk 1.2 - password 3.4 - vcard_attachments 3.2 == Steps to reproduce == 1. Enable only a single address book source, such as the default sql one. 2. Click the Address Book tab, and enter some search criteria in the search box. 3. Click the + (plus) to add a new contact, enter a first and last name, and e-mail address. 4. Click save, and the standard error popup appears with the message "The requested contact was not found". Here is a screenshot of the error and my Chrome network panel: [https://s3.amazonaws.com/img.jneti.net/rcube-abook-bug-ss1.png] Tested with v1.0.2 with both the build-in sql address book, and various address book plugins, same behavior. This problem does _not_ occur when you have more than one address book source enabled, or if you have no search criteria applied. From what I can tell, this has something to do with the "_source" form field not being defined on the edit form when you only have a single address book source enabled (since there is no source drop down). I dug through the source a bit, and it looks like the rcmail_js_contacts_list method in program / steps / addressbook / func.inc ends up with contact ID that does _not_ have the source ID appended to it, which appears to be the cause of the lookup failure, since the _source query string parameter is empty. Sorry I couldn't work out how to fix this, I may dig into a bit further when I have a bit more time. _Migrated-From: http://trac.roundcube.net/ticket/1490015_ ieee_logicData control_flow
#4634 stringify problem in rcube_message_header.php _Reported by brendan on 6 Aug 2014 00:38 UTC as Trac ticket #1490021_ some headers can be present multiple times (ie, Received - or other X-headers). calling rcube_mime::decode_header/rcube_charset::clean stringifies the return value to "Array" instead of returning the array itself. for a message with multiple Return-Path headers (which generally shouldn't happen, but it did): $message->get_header('Return-Path',true); would return an array, but $message->get_header('Return-Path',false); would just return the string "Array" they should both be returning an array value. _Keywords: get_header_ _Migrated-From: http://trac.roundcube.net/ticket/1490021_ ieee_logicData control_flow
#4635 Folder column is not removed after search scope change _Reported by @alecpl on 6 Aug 2014 10:05 UTC as Trac ticket #1490022_ Steps: 1. Search with "All folders" scope selected 2. Change scope to "Current folder" 3. See that "Folder" column is still on the list. _Migrated-From: http://trac.roundcube.net/ticket/1490022_ ieee_interface control_flow
#4636 Invalid page title when using search filter _Reported by @alecpl on 6 Aug 2014 10:22 UTC as Trac ticket #1490023_ When I use search filter, but keep search box empty, the page title is set to: Search for "". This does not look good. Something like "Search results" would be better. _Migrated-From: http://trac.roundcube.net/ticket/1490023_ ieee_interface control_flow
#4640 No list update when deleting last contact from last page _Reported by @alecpl on 10 Aug 2014 08:45 UTC as Trac ticket #1490028_ When last contact is deleted from the last list page previous page should be displayed. Currently it is not and the counter in list footer displays also wrong info. _Migrated-From: http://trac.roundcube.net/ticket/1490028_ ieee_interface control_flow
#4641 incorrect thumbnail rotation with GD and exif orientation data _Reported by brendan on 11 Aug 2014 23:31 UTC as Trac ticket #1490029_ IOS devices take pictures and save the orientation inside the EXIF data instead of simply rotating the image. when GD goes to create a thumbnail for displaying an image attachment it strips the EXIF data, leaving the thumbnail without the orientation data - the browser then displays it with incorrect orientation. GD is only used if imagemagick is not present; i suspect the issue doesn't exist with imagemagick (i don't have it installed to check). _Keywords: exif rotation thumbnail_ _Migrated-From: http://trac.roundcube.net/ticket/1490029_ ieee_logicData control_flow
#4644 Error when creating a contact and list is not on the first page _Reported by @alecpl on 17 Aug 2014 07:01 UTC as Trac ticket #1490033_ After the contact is created it is not added to the list because it can't be found in database - the query contains wrong OFFSET. There's javascript error and the contact frame remains blank. _Migrated-From: http://trac.roundcube.net/ticket/1490033_ ieee_logicData control_flow
#4646 fixed table headers wrong place on whole page scroll _Reported by JohnDoh on 19 Aug 2014 07:05 UTC as Trac ticket #1490035_ some one using one of my plugins reported an issue with the positioning of the fixed table headers in Chrome 36 and Opera 23. Please see https://github.com/JohnDoh/Roundcube-Plugin-SpamAssassin-User-Prefs-SQL/issues/22 I was able to reproduce in Opera 23 on small screens. For example if I have a small screen (small enough to have a vertical scroll bar on the whole screen) and I'm viewing my mailbox. If I scroll the whole page down a bit then when I scroll the message list the fixed header bar is renendered lower down that it should be, not taking accoting of the overall page scroll. _Migrated-From: http://trac.roundcube.net/ticket/1490035_ ieee_interface control_flow
#4647 Handling of email addresses with quoted domain part _Reported by skyice on 20 Aug 2014 20:27 UTC as Trac ticket #1490040_ Hello, Today I got a curious thing, I received a mail by a person who the email is probably "user"@domain.tld. In the headers view, I see : <"user"@domain.org > ( with the space and with the quotes). And, in <span class="adr">, I can see that : <"user"@domain.tld So, without the link and without the icon to add to contact. Thanks. _Migrated-From: http://trac.roundcube.net/ticket/1490040_ ieee_logicData control_flow
#4648 Missing "comm_path" change to js env variable _Reported by kevinlam on 22 Aug 2014 01:49 UTC as Trac ticket #1490041_ When the "$RCMAIL->set_task" was called in php side, it does not call the "output->set_env" to change the "comm_path" variable to js side. Then, the js side script uses the wrong url to make requests. Simple Fix: At rcmail.php::set_task ... if ($this->output) { $this->output->set_env('task', $this->task); @+++ $this->output->set_env('comm_path', $this->comm_path); } ... _Migrated-From: http://trac.roundcube.net/ticket/1490041_ ieee_logicData control_flow
#4650 Properly handle UNKNOWN-CTE response _Reported by Pavel M on 27 Aug 2014 08:54 UTC as Trac ticket #1490046_ Could not load message from server with text encoded in base64 and headers: Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: base64 _Migrated-From: http://trac.roundcube.net/ticket/1490046_ ieee_logicData control_flow
#4651 moduserprefs issue _Reported by corbosman on 29 Aug 2014 10:10 UTC as Trac ticket #1490051_ there are 2 minor problems with moduserprefs 1. you cant tell the tool to use a specific config environment (aka host based conf file). 2. you cant give binary true as a pref value. _Migrated-From: http://trac.roundcube.net/ticket/1490051_ ieee_otherBuildConfigInstall non_functional
#4654 Search reset and search filter inconsistent behaviour _Reported by @alecpl on 1 Sep 2014 17:55 UTC as Trac ticket #1490057_ When you search mail using only search filter (no other criterias) the search-reset command does not reset the filter. I'm not sure it should, however if not it should also not reload the list. _Migrated-From: http://trac.roundcube.net/ticket/1490057_ ieee_logicData control_flow
#4658 SQL error in MSSQL script 2013061000.sql _Reported by VirtualPages on 4 Sep 2014 08:47 UTC as Trac ticket #1490061_ While performing an update on a roundcube install with MSSQL 2014 I got an error while it was performing the queries in 213061000.sql. The error is in the following queries: ``` sql ALTER TABLE [ADD COLUMN [expires](dbo].[cache]) [NULL GO ALTER TABLE [dbo](datetime]).[ADD COLUMN [expires](cache_shared]) [NULL GO ALTER TABLE [dbo](datetime]).[ADD COLUMN [expires](cache_index]) [NULL GO ALTER TABLE [dbo](datetime]).[ADD COLUMN [expires](cache_thread]) [NULL GO ALTER TABLE [dbo](datetime]).[ADD COLUMN [expires](cache_messages]) [NULL GO ``` MSSQL does not like the keyword COLUMN and I had to change it to: ``` sql ALTER TABLE [dbo](datetime]).[ADD [expires](cache]) [NULL GO ALTER TABLE [dbo](datetime]).[ADD [expires](cache_shared]) [NULL GO ALTER TABLE [dbo](datetime]).[ADD [expires](cache_index]) [NULL GO ALTER TABLE [dbo](datetime]).[ADD [expires](cache_thread]) [NULL GO ALTER TABLE [dbo](datetime]).[ADD [expires](cache_messages]) [datetime] NULL GO ``` _Migrated-From: http://trac.roundcube.net/ticket/1490061_ ieee_interface structural
#4660 php error from downloaded github repository. _Reported by mic max on 10 Sep 2014 10:20 UTC as Trac ticket #1490066_ i've download a github master version of roundcube, but when i use them an error occour: [12:09:39 Europe/Rome](10-Sep-2014) PHP Fatal error: Class 'PEAR' not found in C:\inetpub\roundcubemail-master\program\lib\Roundcube\bootstrap.php on line 100 The stable version 1.0.2. have no problem. Thanks _Migrated-From: http://trac.roundcube.net/ticket/1490066_ ieee_otherBuildConfigInstall non_functional
#4661 MailTO to cyrillic/punycode domains _Reported by cyberfunk on 10 Sep 2014 13:40 UTC as Trac ticket #1490067_ Something went wrong with RCube 1.0.2, namely: it stopped supporting punycode and cyrillic charsets in MailTo: Previously I have been successfully using RCube 0.8.6 for sending both cyrillic and punycode messages. Then, after updating it from 0.8.6 to 1.0.2, the "Invalid e-mail address" error started being triggered by email sending attempts. Upon investigation a problem with the "check_email" function has been discovered inside the program/lib/Roundcube/rcube_utils.php file, in the "last domain part" statement (string #111). The following changes have been made: ``` ============================================================================== --- roundcubemail-1.0.2.org/program/lib/Roundcube/rcube_utils.php 2014-07-20 16:17:58.000000000 +0400 +++ roundcubemail-1.0.2.new/program/lib/Roundcube/rcube_utils.php 2014-09-10 15:35:13.000000000 +0400 @@ -110,7 +110,12 @@ // last domain part if (preg_match('/[$array_pop_tmp = array_pop($domain_array))) { - return false; + if (preg_match('/^xn--[A-Za-z0-9](^a-zA-Z]/',)+/', $array_pop_tmp)) { + return true; + } + else { + return false; + } + unset($array_pop_tmp); } $rcube = rcube::get_instance(); ============================================================================== ``` Afer applying the above adjustment the RCube started working correctly. _Keywords: IDN, punycode, cyrillic domains, mailTo_ _Migrated-From: http://trac.roundcube.net/ticket/1490067_ ieee_logicData control_flow
#4663 Can't insert signature in external compose window if opened from inline compose window _Reported by fup on 16 Sep 2014 14:19 UTC as Trac ticket #1490074_ If I open the external compose window from the "inline" compose window by clicking on the icon top-right, I can't manually insert my signature because the button is disabled. Only after reloading the page the button is activated. This problem doesn't exist if using an external window for composing is set in my preferences. The activation of the button happens in change_identity() (app.js:3862ff), which is apprently not being called (properly) when opening the window manually. Simply specifying the second parameter as true in app.js:3166 doesn't work. A fix is to insert the following into init_messageform() (app.js:3117ff): ``` // enable manual signature insert if (this.env.signatures) { this.enable_command('insert-sig', true); this.env.compose_commands.push('insert-sig') } ``` As far as I can see that might call the same functions twice during the same request, which is not desirable. But I didn't find a better solution. _Migrated-From: http://trac.roundcube.net/ticket/1490074_ ieee_logicData control_flow
#4667 IMAP PERMANENTFLAGS is optional _Reported by asc on 2 Oct 2014 11:09 UTC as Trac ticket #1490087_ In 1.0.3 I noticed that setting flags is not working anymore since my IMAP server does not send any PERMANENTFLAGS hints. This should not prevent setting flags though: [(<list of flags>)](PERMANENTFLAGS) A list of message flags that the client can change permanently. If this is missing, the client should assume that all flags can be changed permanently. Effects of this are: flags cannot be changed, messages cannot be moved etc. _Keywords: IMAP PERMANTENTFLAGS_ _Migrated-From: http://trac.roundcube.net/ticket/1490087_ ieee_logicData control_flow
#4668 Attachments inside winmail.dat are zero sized _Reported by llldannylll on 8 Oct 2014 11:24 UTC as Trac ticket #1490091_ Roundcube 1.0.3 _Migrated-From: http://trac.roundcube.net/ticket/1490091_ ieee_logicData control_flow
#4671 print font size error with underlines/spans _Reported by brendan on 16 Oct 2014 21:26 UTC as Trac ticket #1490101_ while composing an html message with tinymce, a line with a large font size and a section in the middle that is underlined will come out like: <p><span style="font-size: xx-large">this <span style="text-decoration: underline">whole line</span> should be a large font</span></p> when viewing the message after sending, it displays correctly. but if you go to print the message, the print.css stylesheet overrides the font size on the underlined portion of the line. this css rule is the culprit: body, td, th, span, div, p { font-size: 9pt; color: #000; } the span directive overrides the font-size attribute from the containing span. _Migrated-From: http://trac.roundcube.net/ticket/1490101_ ieee_interface control_flow
#4672 Email displays in small window _Reported by bsexton on 18 Oct 2014 02:59 UTC as Trac ticket #1490103_ The email in the attached file displays in a small window with a scroll bar. It displays fine in other email clients such as Microsoft Outlook. _Migrated-From: http://trac.roundcube.net/ticket/1490103_ ieee_interface control_flow
#4675 UUencoded messages and cache do not work _Reported by @alecpl on 22 Oct 2014 07:32 UTC as Trac ticket #1490108_ If messages_cache is enabled and such a message is cached it is not possible to see it's body nor attachments. There are two things in rcube_message::uu_decode() that need to be changed somehow: 1. message mimetype change 2. message ->body modification _Migrated-From: http://trac.roundcube.net/ticket/1490108_ ieee_logicData control_flow
#4679 PHP Fatal error: Cannot redeclare class PEAR _Reported by @alecpl on 23 Oct 2014 12:51 UTC as Trac ticket #1490112_ This happens sometimes when I have PEAR library in program/lib as in old days and also in vendor directory. This is the case e.g. when I work on git-master repository with classes installed by composer and I switch to release-1.0 branch. ``` PHP Fatal error: Cannot redeclare class PEAR in /home/alec/repos/roundcubemail/vendor/pear-pear.php .net/PEAR/PEAR.php on line 87 [13:46:28 Europe/Warsaw](23-Oct-2014) PHP Stack trace: [13:46:28 Europe/Warsaw](23-Oct-2014) PHP 1. {main}() /home/alec/repos/roundcubemail/index.php:0 [13:46:28 Europe/Warsaw](23-Oct-2014) PHP 2. include_once() /home/alec/repos/roundcubemail/index.php:303 [13:46:28 Europe/Warsaw](23-Oct-2014) PHP 3. spl_autoload_call() /home/alec/repos/roundcubemail/index.php:341 [13:46:28 Europe/Warsaw](23-Oct-2014) PHP 4. Composer\Autoload\ClassLoader->loadClass() /home/alec/repos/roundcubemail/index.php:0 [13:46:28 Europe/Warsaw](23-Oct-2014) PHP 5. Composer\Autoload\includeFile() /home/alec/repos/roundcubemail/vendor/composer/ClassLoader. php:274 [13:46:28 Europe/Warsaw](23-Oct-2014) PHP 6. include() /home/alec/repos/roundcubemail/vendor/composer/ClassLoader.php:382 ``` _Migrated-From: http://trac.roundcube.net/ticket/1490112_ ieee_interface structural
#4680 Public folder issues _Reported by sadris on 23 Oct 2014 14:11 UTC as Trac ticket #1490113_ Related to http://trac.roundcube.net/ticket/1488665 1) I am unable to create a sub-folder under a Public folder with Dovecot 2.2.14 (http://wiki2.dovecot.org/SharedMailboxes/Public) with Roundcube 1.0.3, but I can via Telnet 2) I am subscribed to the public folder, but I cannot set it to be "checked" in the Folders config panel in the settings (it is greyed-out). Only after I created GLOBAL manually was I able to utilize the Public folder in any capacity. After I created the GLOBAL sub-folder with Telnet, I could still drag/drop messages into it. **Telnet output of creating folder GLOBAL under Public/:** ``` Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * OK [IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN](CAPABILITY) Dovecot ready. a LOGIN yyyyyy xxxxxxx a OK [IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE SEARCH=FUZZY COMPRESS=DEFLATE](CAPABILITY) Logged in b LIST "" "*" * LIST (\HasNoChildren \Drafts) "/" Drafts * LIST (\HasNoChildren \Sent) "/" Sent * LIST (\HasNoChildren \Trash) "/" Trash * LIST (\HasChildren \Junk) "/" Junk * LIST (\HasNoChildren) "/" Junk/Ham * LIST (\Noselect \HasNoChildren) "/" Public * LIST (\HasNoChildren) "/" INBOX b OK List completed. c CREATE Public/GLOBAL c OK Create completed. b LIST "" "*" * LIST (\HasNoChildren \Drafts) "/" Drafts * LIST (\HasNoChildren \Sent) "/" Sent * LIST (\HasNoChildren \Trash) "/" Trash * LIST (\HasChildren \Junk) "/" Junk * LIST (\HasNoChildren) "/" Junk/Ham * LIST (\Noselect \HasChildren) "/" Public * LIST (\HasNoChildren) "/" Public/GLOBAL * LIST (\HasNoChildren) "/" INBOX ``` **Roundcube output of failure to create TestSubFolder inside Public/:** ``` roundcube: [S: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN](A086]) Dovecot ready. roundcube: [C: A0001 ID ("name" "Roundcube" "version" "1.0.3" "php" "5.3.3" "os" "Linux" "command" "/webmail/") roundcube: [A086](A086]) S: * ID ("name" "Dovecot") roundcube: [S: A0001 OK ID completed. roundcube: [A086](A086]) C: A0002 AUTHENTICATE PLAIN ****** [[A086](49] roundcube:) S: A0002 OK [IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE SEARCH=FUZZY COMPRESS=DEFLATE](CAPABILITY) Logged in roundcube: [C: A0003 LIST "" Public roundcube: [A086](A086]) S: * LIST (\Noselect \HasChildren) "/" Public roundcube: [S: A0003 OK List completed. roundcube: [A086](A086]) C: A0004 LIST "" "*" roundcube: [S: * LIST (\HasNoChildren \Drafts) "/" Drafts roundcube: [A086](A086]) S: * LIST (\HasNoChildren \Sent) "/" Sent roundcube: [S: * LIST (\HasNoChildren \Trash) "/" Trash roundcube: [A086](A086]) S: * LIST (\HasChildren \Junk) "/" Junk roundcube: [S: * LIST (\HasNoChildren) "/" Junk/Ham roundcube: [A086](A086]) S: * LIST (\Noselect \HasChildren) "/" Public roundcube: [S: * LIST (\HasNoChildren) "/" Public/GLOBAL roundcube: [A086](A086]) S: * LIST (\HasNoChildren) "/" INBOX roundcube: [S: A0004 OK List completed. roundcube: [A086](A086]) C: A0005 LOGOUT roundcube: [S: * BYE Logging out roundcube: [A086](A086]) S: A0005 OK Logout completed. ``` _Migrated-From: http://trac.roundcube.net/ticket/1490113_ ieee_logicData control_flow
#4681 reply scrolling issue with text mode and start message below the quote _Reported by brendan on 23 Oct 2014 21:44 UTC as Trac ticket #1490114_ if you are configured to use text mode to compose/reply along with the "start message below the quote" option, when replying to a long message the text cursor will correctly be at the bottom of the message, but the viewport will still be scrolled to the top of the message. _Migrated-From: http://trac.roundcube.net/ticket/1490114_ ieee_interface control_flow
#4682 Use of short ternary ?: breaks PHP 5.2 _Reported by elsand on 23 Oct 2014 22:35 UTC as Trac ticket #1490115_ In program/lib/Roundcube/rcube_imap_generic.php line 868 (also in git-master at time of writing) uses the teranry short form "?:", which is not available in 5.2. Fix is attached. _Migrated-From: http://trac.roundcube.net/ticket/1490115_ ieee_logicData control_flow
#4683 Performance: Unnecessary session update on mail preview _Reported by @alecpl on 24 Oct 2014 17:29 UTC as Trac ticket #1490116_ When previewing a mail I noticed unnecessary UPDATE queries to session table. This happens for new messages mostly and is caused by a addressbook/photo request. I found that session data differs only in 'task' variable which switches from 'mail' to 'addressbook'. Only this makes the session "dirty" and the UPDATE is executed. When you open another message (or do any action in mail task) the session is updated again, even if nothing except 'task' is changed in $_SESSION. Maybe we could get rid of these updates. One possibility I see is to create mail/photo action alias, another might be to set $_SESSION['task'] only when request 'action' parameter is empty. _Migrated-From: http://trac.roundcube.net/ticket/1490116_ ieee_logicData control_flow
#4685 Draft auto-save disables spellchecker _Reported by @alecpl on 27 Oct 2014 13:18 UTC as Trac ticket #1490120_ This is actually annoying a bit. When I'm in compose page and doing no changes just enter into spellcheck mode and (still with no changes) wait some time, the spellcheck layer will be removed (and spellcheck switched to off). This is in both plain text and html mode. _Migrated-From: http://trac.roundcube.net/ticket/1490120_ ieee_logicData control_flow
#4686 problem with iconv in some message after apgrade from 1.0 to 1.1-git _Reported by lefoyer on 27 Oct 2014 18:31 UTC as Trac ticket #1490121_ some mail not recognize charset, see screenshot and eml file. _Migrated-From: http://trac.roundcube.net/ticket/1490121_ ieee_logicData control_flow
#4690 Sorting by column date seems to use "sent date" and not "Arrival date" _Reported by jasb on 2 Nov 2014 19:31 UTC as Trac ticket #1490126_ Hi, In last git now, when I sort on the date field, it sort's by the sent date info. Why do I say this? when I go to list column/sort order options in the messages view, it selects that column. I can change it to arrival date, and works OK, but, if I click the date column again, it changes the column to "Sent date" again. In config.inc.php I have as always had (don't know if something changed meanwhile): $config['list_cols'] = array('from','subject','date','size','flag','attachment'); _Migrated-From: http://trac.roundcube.net/ticket/1490126_ ieee_logicData control_flow
#4694 Encoding Problem While Importing from a Russian Thunderbird CSV file to Addressbook _Reported by alexey dv on 6 Nov 2014 11:20 UTC as Trac ticket #1490135_ If I understand correctly, cvs-file has invalid header. _Migrated-From: http://trac.roundcube.net/ticket/1490135_ ieee_logicData structural
#4696 Canceling switch from html editor to plain text editor changes content type to text/plain _Reported by jnikula on 11 Nov 2014 06:52 UTC as Trac ticket #1490141_ Precondition: compose a new mail with roundcube html editor or reply to an existing mail with html editor. If I choose to change the editor to plain text, but then click on cancel in the confirmation dialog the editor correctly continues to edit the mail in html mode. However if I save the mail as draft or send it I can see that the content type has been changed to text/plain. This results the html mail being displayed plain text. _Migrated-From: http://trac.roundcube.net/ticket/1490141_ ieee_interface control_flow
#4697 Quote fails to format properly on reply or forward _Reported by cheshirrrrre on 11 Nov 2014 13:32 UTC as Trac ticket #1490142_ Hello! When I hit reply or forward on some of my email - sometimes the reply got broken. By broken i mean quotes that became all messed up: previous letter, signatures summed up to nonsense. I've attached a screenshot and .eml file to proide better explanation. _Migrated-From: http://trac.roundcube.net/ticket/1490142_ ieee_logicData control_flow
#4700 Installer does not copy /vendor directory _Reported by @alecpl on 12 Nov 2014 15:10 UTC as Trac ticket #1490145_ See http://www.roundcubeforum.net/index.php?topic=21843.msg58680#msg58680 _Migrated-From: http://trac.roundcube.net/ticket/1490145_ ieee_otherBuildConfigInstall non_functional
#4703 no delimiter in the log _Reported by AnteC on 14 Nov 2014 07:18 UTC as Trac ticket #1490150_ I send message to two recipients and the address of one of them is in copy CC. In sendmail log this addresses written together without delimiter. _Migrated-From: http://trac.roundcube.net/ticket/1490150_ ieee_otherBuildConfigInstall non_functional
#4705 compose page not honoring show_real_foldernames setting _Reported by brendan on 14 Nov 2014 18:04 UTC as Trac ticket #1490153_ if show_real_foldernames is enabled, the mailbox list views will show the real foldernames, but the "Save sent message in" dropdown on the compose page does not. _Migrated-From: http://trac.roundcube.net/ticket/1490153_ ieee_interface control_flow
#4708 Drag&Drop in Collapsed/Expanded folders doesnt work _Reported by backi on 17 Nov 2014 06:11 UTC as Trac ticket #1490157_ I found the following bug: Try to drag/drop a message into a collapsed folder -> the folder expands, but you cant drop the message into one of the (new expanded) subfolders. Only the parten folders are selectable. This worked in a previous version of roundcube. _Migrated-From: http://trac.roundcube.net/ticket/1490157_ ieee_logicData control_flow
#4709 Invalid folder selection if clicked while busy _Reported by @alecpl on 17 Nov 2014 10:03 UTC as Trac ticket #1490158_ Steps: Select some folder and while it is loading click on another folder. See that the new folder is now selected, but the previous one is listed. The problem is because treelist's select() is not aware of rcmail busy state. If interface is busy user should not be able to select another folder or previous request should be aborted. _Migrated-From: http://trac.roundcube.net/ticket/1490158_ ieee_logicData control_flow
#4710 some issues/experiences with group import from google _Reported by backi on 19 Nov 2014 07:04 UTC as Trac ticket #1490159_ I tried several contact-imports/exports from google and always choose the option in RC "create groups if neccessary) the following happened (I dont know if thats an issue for google or RC), just check (especially the vcard-import): Export from google as "outlook-CSV-format" -> Perfect Export from google as "google-CSV-format" -> Groups are imported, but if a contact is assigned to several groups, instead of importing different groups, one big group (including all the groupnames) is imported Export from google as "vCard" -> no groups are imported _Migrated-From: http://trac.roundcube.net/ticket/1490159_ ieee_logicData control_flow
#4712 rcube_utils::anytodatetime() problems _Reported by @alecpl on 22 Nov 2014 16:59 UTC as Trac ticket #1490163_ This is a follow up to https://issues.kolab.org/show_bug.cgi?id=3964. Using this method for dates (without time) may produce wrong results depending on timezone settings. If for some reason first DateTime constructor call throws exception another "if" block will return DateTime object with shifted time, which may result in a shifted day. Also the $timezone argument is not taken into account when "strtotime block" is used. _Migrated-From: http://trac.roundcube.net/ticket/1490163_ ieee_logicData control_flow
#4713 confusing icon-design "back-button" and "move to" button _Reported by backi on 26 Nov 2014 06:47 UTC as Trac ticket #1490166_ Maybe its supercritical, but I suggest an improvement for the icon-design of the "backbutton" in classic and larry, and of the "move-to" button only in classic skin: The back-button on the top left corner that appears when you open a message (arrow to the left) implies for me to go to the last/previous message. Thats the same visual that you you use on the top right corner to skip through the messages (arrow to the left). I would suggest to use instead of a simple arrow to the left an arrow directing to the top or maybe a symbolised list in the background with an arrow over it directing to the top, that better implies "go (back) to list-view of current folder" This is in larry and classic. In classic skin you also use a (slightly different) arrow to the right to move a opened messages to another folder. This collides somehow with the arrow to the right that you use for "go to the next message. In larry-skin you have a better visual for moving messages (folder with arrow in it). Please create a similar icon in classic skin. _Migrated-From: http://trac.roundcube.net/ticket/1490166_ ieee_interface control_flow
#4714 Import from outlook - only emailaddress1 is imported _Reported by backi on 27 Nov 2014 08:17 UTC as Trac ticket #1490169_ .. as discussed here: http://trac.roundcube.net/ticket/1490159#comment:10 Addressbook-Import struggles with csv-file from outlook. Sample attached. _Migrated-From: http://trac.roundcube.net/ticket/1490169_ ieee_logicData control_flow
#4715 Restore message: Restore / Delete / ignore _Reported by talexb on 27 Nov 2014 15:21 UTC as Trac ticket #1490170_ The three choices for user action when being asked to restore a previously created message are inconsistently capitalized -- the last choice, 'ignore', should be 'Ignore'. _Migrated-From: http://trac.roundcube.net/ticket/1490170_ ieee_interface control_flow
#4718 Allow to overwrite some images with skin inheritance _Reported by @alecpl on 1 Dec 2014 12:48 UTC as Trac ticket #1490174_ I have a skin which inherits from Larry. I want to overwrite addcontact.png image without template file modification. So, I put addcontact.png in images folder of my skin. However, this does not work, /images/addcontact.png path used in message.html template is resolved to larry skin folder. Attached patch fixes this for me. I'm not sure this is the way to go. If so, we'd like to do the same for other icons e.g. deleteicon in compose. ``` --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -1623,7 +1623,7 @@ function rcmail_address_string($input, $max=null, $linked=false, $addicon=null, rcmail_output::JS_OBJECT_NAME, rcube::JQ($string)), ), html::img(array( - 'src' => $RCMAIL->config->get('skin_path') . $addicon, + 'src' => $RCMAIL->output->abs_url($addicon, true), 'alt' => "Add contact", ))); } ``` _Migrated-From: http://trac.roundcube.net/ticket/1490174_ ieee_interface structural
#4720 Composer install does not include ldap libs _Reported by @alecpl on 8 Dec 2014 09:18 UTC as Trac ticket #1490183_ Using the simple command described in INSTALL file does not install libs required for LDAP operations. They are in "suggest" section. Now, recent composer version does not even support --install-suggest. So, I think the only way is to put these libs in "require" section. See also https://github.com/composer/composer/issues/662. _Migrated-From: http://trac.roundcube.net/ticket/1490183_ ieee_otherBuildConfigInstall non_functional
#4723 Installation plugin SieveRules Managesieve problem with pear _Reported by matrix on 11 Dec 2014 00:38 UTC as Trac ticket #1490189_ hello, I'm tried to install https://github.com/JohnDoh/Roundcube-Plugin-SieveRules-Managesieve plugin. I follow readme instructions: I copy https://github.com/roundcube/roundcubemail/blob/master/composer.json-dist composer.json. I tried "php composer.phar install" in my roundcube project, but I have the following error: ``` Loading composer repositories with package information Initializing PEAR repository http://pear.php.net [to execute git clone --mirror 'git://git.kolab.org/git/pear/Net_LDAP3' '/root/.compo ser/cache/vcs/git---git.kolab.org-git-pear-Net-LDAP3/' fatal: unable to connect to git.kolab.org: git.kolab.org[0: 95.128.36.4](RuntimeException] Failed): errno=Connection timed out ``` how should I proceed? _Keywords: plugin_ _Migrated-From: http://trac.roundcube.net/ticket/1490189_ ieee_otherBuildConfigInstall non_functional
#4724 attachment: open image use an absolute link instead of a relative one _Reported by bepi on 11 Dec 2014 13:13 UTC as Trac ticket #1490191_ Hi, I'm using roundcube through an http_proxy module of Apache 2. I noted a small problem when you press the link to view an attachment, it opens a new windows, inside the "iframe" there is the home page instead of the image (or PDF). If I choose to download the image or the pdf all is fine. If I use roundcube directly (via ip) all is fine as usual :). This is the iframe: ``` <roundcube:object name="messagePartFrame" id="messagepartframe" frameborder="0" /> ``` Inspecting the code and the apaches logs, for me what miss is a DOT in the URL. All others urls are relative (they start with a dot) except this one that start wita a / If possible can you fix the url? Thank you, best regards. _Migrated-From: http://trac.roundcube.net/ticket/1490191_ ieee_logicData control_flow
#4729 composing "dont save" dont work _Reported by Azo on 3 Jan 2015 12:53 UTC as Trac ticket #1490208_ Messages are stored in folder sent, although dont save is selected. Since Version 1.0.4. Version 1.0.3 is working. debian 7.7 php 5.4.4-14+deb7u14 _Migrated-From: http://trac.roundcube.net/ticket/1490208_ ieee_logicData control_flow
#4732 Fixed headers resize problems in IE (classic skin) _Reported by netesa on 6 Jan 2015 21:40 UTC as Trac ticket #1490213_ How to reproduce: 1. Open roundcube in normal (not maximized) IE window. 2. Click the "Maximize" button. 3. The fixed headers now remain small, they are not scaled to the new window width (see attachment). Interestingly, if you "manually" change the size of the window by dragging its border, the headers are scaled correctly. Larry skin is not affected, the problem is only observed in the classic skin. The problem occurs in IE10 and IE11. I haven't tested IE9. In IE8 (with legacy_browser plugin) everything works correctly. _Migrated-From: http://trac.roundcube.net/ticket/1490213_ ieee_interface control_flow
#4733 max_group_members is ignored when adding a new contact _Reported by @alecpl on 7 Jan 2015 15:20 UTC as Trac ticket #1490214_ When adding a new contact with group assignments max_group_members limit does not prevent from assigning the contact to a group. The code in save.inc is: ``` if (($maxnum = $RCMAIL->config->get('max_group_members', 0)) && ($counts->count + 1 > $maxnum)) $OUTPUT->show_message('maxgroupmembersreached', 'warning', array('max' => $maxnum)); $CONTACTS->add_to_group($plugin[$plugin['ids']('group_id'],)); ``` Looks like missing else clause. _Migrated-From: http://trac.roundcube.net/ticket/1490214_ ieee_logicData control_flow
#4735 Grey out DSN checkbox in compose window when DSN is disabled _Reported by TobiasGrave on 8 Jan 2015 21:29 UTC as Trac ticket #1490221_ Our SMTP server does not support Delivery Status Notification (DSN), so I have disabled it in the configuration: ``` $config[= 0; $config['dont_override']('dsn_default']) = array('dsn_default'); ``` Now DSN is not shown in the settings menu any more, but it can still be selected when composing a new Email (see attached screenshot). One would expect this checkbox to be hidden or greyed out when DSN is disabled in the main configuration file. _Migrated-From: http://trac.roundcube.net/ticket/1490221_ ieee_interface control_flow
#4737 Drafts list is not refreshed when draft composition window is opened by clicking "Edit" button in preview frame _Reported by netesa on 12 Jan 2015 10:28 UTC as Trac ticket #1490225_ How to reproduce: 1. Enable preview frame and composing messages in a new window. 2. Start composing a message, enter some text, save a draft and close the window. 3. Go to Drafts folder, click on the message, it is loaded to the preview frame. 4. In the preview frame click "Edit" button, message composition window is opened. 5. Change something, e.g. subject and save the draft. The message list should be refreshed. The list is refreshed only when draft composition window was opened by double-clicking on the message subject, but not when using the "Edit" button from the preview frame. _Migrated-From: http://trac.roundcube.net/ticket/1490225_ ieee_logicData control_flow
#4738 Restrict modification of "Set as default" option in identities settings _Reported by netesa on 12 Jan 2015 10:38 UTC as Trac ticket #1490226_ It should not be possible to change the state of the "Set as default" option in identities settings when `$config['identities_level']` is set to 2, 3 or 4. _Migrated-From: http://trac.roundcube.net/ticket/1490226_ ieee_logicData control_flow
#4739 XSS Vulnerability on the Body of the Email _Reported by phithon on 12 Jan 2015 17:03 UTC as Trac ticket #1490227_ Hi, guys I've found that someone send you an email include HTML code: ``` <img src="data:xxx1" style=aaa:'"/onerror=alert(1)//' > ``` The javascript code "alert(1)" will be executed . The vulnerability occured in "/program/lib/Roundcube/rcube_washtml.php" ``` else if ($key == 'style' && ($style = $this->wash_style($value))) { $quot = strpos($style, '"') !== false ? "'" : '"'; $t .= ' style=' . $quot . $style . $quot; } ``` When single quote and double quote both in $style the style attribute will be closed, and all the content after quote will get out. <img src="data:xxx1" style=aaa:'"/onerror=alert(1)_' > becomes <!-- html ignored --><!-- body ignored --><img src="data:xxx1" style='aaa: '"/onerror=alert(1)_'' /> btw. execute only in chrome. [[Image(http://www.leavesongs.com/content/plugins/kl_album/upload/201501/a6469005d34f6cf677510da16ab733ee201501130059391461631074.jpg)]] _Keywords: XSS_ _Migrated-From: http://trac.roundcube.net/ticket/1490227_ ieee_logicData control_flow
#4740 Broken message download submenu in classic skin _Reported by @alecpl on 13 Jan 2015 07:56 UTC as Trac ticket #1490228_ There's <h2> element in zipdownload menu which should be hidden in classic skin. _Migrated-From: http://trac.roundcube.net/ticket/1490228_ ieee_interface control_flow
#4741 Addressbook partially working _Reported by chcuser on 16 Jan 2015 08:42 UTC as Trac ticket #1490229_ We are facing a problem with the contact search feature on roundcube 1.0.4, but it seems to be the same with all 1.x releases. To be specific, this was working with the 0.4-stable, but we have not upgraded the product until now. We have attached 2 screenshots to let you see the problem by yourself. We use 2 addressbook (users & lists), one containing persons, and the other contains mainly aliases. The search seems to retrieve only the users but the two lists are provided in the configuration. And it is the same for the autocomplete feature: $config[= array('ch_users','ch_liste','sql'); --- Summary of the ldap configuration: $rcmail_config['ldap_public']('autocomplete_addressbooks'])[= array( 'name' => 'Utilisateurs XXX', 'hosts' => array('xxxxxx'), 'port' => 389, 'use_tls' => false, 'user_specific' => false, 'base_dn' => 'ou=Users,dc=xxxxxx', 'bind_dn' => '', 'bind_pass' => '', 'writable' => false, 'LDAP_Object_Classes' => array("top","inetOrgPerson"), 'required_fields' => array("cn","sn","mail"), 'LDAP_rdn' => 'mail', 'ldap_version' => 3, 'search_fields' => array('mail', 'cn', 'sn'), 'firstname_field' => 'sn', 'email_field' => 'mail', 'surname_field' => 'cn', 'name_field' => 'displayName', 'sort' => 'displayName', 'scope' => 'sub', 'filter' => '(&(o=xxxxxx)(displayName=*))', 'fuzzy_search' => true, 'sizelimit' => '0', 'timelimit' => '0' ); $rcmail_config['ldap_public']('ch_users'])['ch_liste'] = array( 'name' => 'Listes XXX', 'hosts' => array('xxxxxx'), 'port' => 389, 'use_tls' => false, 'user_specific' => false, 'base_dn' => 'ou=Listes,dc=xxx', 'bind_dn' => '', 'bind_pass' => '', 'writable' => false, 'LDAP_Object_Classes' => array("top","CourierMailAlias"), 'required_fields' => array("cn","mail"), 'LDAP_rdn' => 'mail', 'ldap_version' => 3, 'search_fields' => array('mail', 'cn'), 'firstname_field' => '', 'email_field' => 'mail', 'surname_field' => '', 'name_field' => 'cn', 'sort' => 'cn', 'scope' => 'sub', 'filter' => 'cn=*', 'fuzzy_search' => true, 'sizelimit' => '0', 'timelimit' => '0' ); Thank you for your help _Migrated-From: http://trac.roundcube.net/ticket/1490229_ ieee_logicData control_flow
#4742 Roundcube does not use reply-to address _Reported by FlyveHest on 17 Jan 2015 11:08 UTC as Trac ticket #1490233_ I am using a home-built mailing list, which is working fine, other people send mail using it, I press reply, and it uses the reply-to header as expected. But, when I reply to a mail I myself have sent to the mailing list, it uses the To: header as the reply-address. Header shown below (i've remove some headers, and changed domains) ``` Return-Path: <[email protected]> Delivered-To: [email protected] MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Date: Fri, 16 Jan 2015 09:02:14 +0100 From: Sending User <[email protected]> To: "Skiferie 2015" <[email protected]> Subject: [Ski2015] !!! X-Sender: [email protected] User-Agent: Roundcube Webmail/1.0.4 Content-Transfer-Encoding: quoted-printable List-ID: Skiferie 2015 <ski2015> Reply-to: <[email protected]> ``` If I reply to this mail, from an account in Roundcube that is set up to [email protected], the value in the To field in Roundcube is "Skiferie 2015 [email protected]", completely ignoring the Reply-to header. If I reply to a mail that another user has sent to the same list, it will use the Reply-to header, as would be expected. _Keywords: reply-to reply_ _Migrated-From: http://trac.roundcube.net/ticket/1490233_ ieee_logicData control_flow
#4748 False warning when opening attached text/plain files _Reported by netesa on 24 Jan 2015 15:15 UTC as Trac ticket #1490241_ How to reproduce: 1. Start composing a message, attach a text/plain file with a .txt extension. Send it to yourself. 2. Open the message, try to open the attachment. The warning is shown "Expected: text/plain (.txt); found: text/plain" Sample email message showing this problem is attached. _Migrated-From: http://trac.roundcube.net/ticket/1490241_ ieee_logicData control_flow
#4754 [1.0.5] Permission denied as of 'FollowSymLinks' not allowed _Reported by sct on 1 Feb 2015 19:39 UTC as Trac ticket #1490255_ After upgrading to the version above I have recognized that the access to the new version is denied. The reason ist that the 'FollowSymLinks' option was not set in the configuration of my Apache2 HTML server. The 'Rewrite' call in the '/.htaccess' file needs this. The solution was to enter the option 'Option FollowSymLinks' on the top of that section where the 'Rewrite' call is in '/.htaccess' file. May this could be done by default by the developer. Regards Tom _Keywords: Permission denied FollowSymLinks_ _Migrated-From: http://trac.roundcube.net/ticket/1490255_ ieee_otherBuildConfigInstall non_functional
#4757 Security Vulnerability in Password Plugin _Reported by noamr on 4 Feb 2015 18:18 UTC as Trac ticket #1490261_ ## Description Roundcube 1.0.4 is shipped with the Password plugin version 3.4. It is, as any other plugin, disabled by default. Once enabled, it allows an authenticated user to change his current password in the web interface. For this purpose, the plugin offers several drivers that can be used to perform the actual password change in the back end. The DBMail driver suffers from a critical Remote Command Execution vulnerability that enables an attacker to execute arbitrary system commands with root privileges. ## Configuration To enable the Password plugin, add the following line to Roundcube's config file roundcubemail-1.0.4/config/config.inc.php: ``` $config[= array('password'); ``` To use the DBMail driver, add the following line to the Password plugin config file roundcubemail-1.0.4/plugins/password/config.inc.php: ``` $config['password_driver']('plugins']) = 'dbmail'; ``` A list of activated plugins is shown in the "About" page in the web interface (/?_task=settings&_action=about). A new password can be configured under Settings -> Password. ## Affected Code Lines roundcubemail-1.0.4/plugins/password/password.php ``` 41 class password extends rcube_plugin { 95 public function password_save() { 116 $newpwd = rcube_utils::get_input_value('_newpasswd', rcube_utils::INPUT_POST, true); // user input 154 $this->_save($curpwd, $newpwd); 241 private function _save($curpass, $passwd) { 244 $driver = $config->get('password_driver', 'sql'); // get driver (dbmail) 245 $class = "rcube_{$driver}_password"; 270 $object = new $class; // new dbmail 271 $object->save($curpass, $passwd); ``` roundcubemail-1.0.4/plugins/password/drivers/dbmail.php ``` 18 class rcube_dbmail_password { 20 public function save($currpass, $newpass) { 26 exec("{$curdir}/chgdbmailusers -c {$username} -w {$newpass} {$args}", $output, $returnvalue); // VULN ``` ## Exploit In line 26 of the dbmail.php driver, the new password entered by the user is not sanitized against injecting shell meta characters. Thus, by providing the new password "`sleep 3`" or ";sleep 3;" (without ""), the system command "sleep 3" will be executed on the targeted web server. Moreover, the chgdbmailusers program shipped with the Password plugin is run with root privileges: roundcubemail-1.0.4/plugins/password/helpers/chgdbmailusers.c ``` 5 // set the UID this script will run as (root user) 6 #define UID 0 7 #define CMD "/usr/sbin/dbmail-users" 8 16 main(int argc, char *argv[ int cnt,rc,cc; 19 char cmnd[255](]) 17 { 18 ); 20 21 strcpy(cmnd, CMD); 22 23 if (argc > 1) 24 { 25 for (cnt = 1; cnt < argc; cnt++) 26 { 27 strcat(cmnd," "); 28 strcat(cmnd, argv[cnt]); 29 } 30 } 36 37 cc = setuid(UID); 38 rc = system(cmnd); ``` Note, that this program also has a buffer overflow vulnerability in line 28 when a password or username longer than 255 characters is used by an attacker. _Keywords: security vulnerability_ _Migrated-From: http://trac.roundcube.net/ticket/1490261_ ieee_logicData control_flow
#4760 Sometimes fail to display large amount search results. _Reported by just jai on 6 Feb 2015 22:17 UTC as Trac ticket #1490266_ Here is an example: Showing No Result but on another end showing 2146 results. Request: "HTTP GET: ./?_task=mail&_filter=ALL&_q=michelle&_headers=from&_mbox=INBOX&_action=search&_remote=1" app.min.js:26 Response: "this.display_message("Search returned no matches.","notice",0); this.set_rowcount("Messages 1 to 100 of 2146","INBOX"); " any idea ?? _Keywords: Search issue_ _Migrated-From: http://trac.roundcube.net/ticket/1490266_ ieee_logicData control_flow
#4766 Missing categories/groups in vCard export _Reported by @alecpl on 16 Feb 2015 08:14 UTC as Trac ticket #1490277_ When using the sql addressbook we assign a group to a contact the internal representation of vCard data is not updated. The same when the assignment is being deleted. This is the reason why contact export contains invalid CATEGORIES. A solution to this could be CATEGORIES entry update in export.inc (prepare_for_export() function). _Migrated-From: http://trac.roundcube.net/ticket/1490277_ ieee_logicData control_flow
#4768 Local storage prefix should not be calculated from substring of DES key _Reported by mgrum on 16 Feb 2015 10:47 UTC as Trac ticket #1490279_ The prefix string for local storage is generated from a variable called `rcmail.env.user_id`, which is a hash that uniquely identifies a user. This hash is calculated on the server side using the following function: ``` function get_hash() { $key = substr($this->rc->config->get('des_key'), 1, 4); return md5($this->data[. $key . $this->data['username']('user_id']) . '@' . $this->data['mail_host']); } ``` The problem is that this hash is visible to users (you can find it by using the javascript console in your browser or something like that). This means that an attacker who knows the mail host only has to iterate over all possible user ids and all possible four character ASCII strings (until the MD5 hash matches the one in `rcmail.env.user_id`) in order to find out the internal user_id in the database and _four characters of the DES key_. Four characters is not much, but still, it should never be possible for an attacker to find out any part of a secret key at all. This attack needs about `128^4 * number_of_users` hashes, so depending on how many users there are, it might take a few hours or a few days if you use a modern GPU that can do something in the range of `10^8` MD5 hashes per second. I am not even sure why it is necessary to use a secret salt for this hash in the first place. I think it would be sufficient to use only a hash of the username or something like that. Of course, that would be reproducible, so users could calculate these hashes on their own, but I don't see why this would be a problem, since it is only used as a local storage prefix anyway, which is nothing secret (and also, using a deterministic hash like this would allow server administrators to change the DES key without breaking the local storage). Or am I missing something here? _Migrated-From: http://trac.roundcube.net/ticket/1490279_ ieee_logicData control_flow
#4769 1.1.0 install issues _Reported by slsdoug on 16 Feb 2015 21:02 UTC as Trac ticket #1490280_ I had a few problems upgrading to 1.1.0. I have PHP 5.4. The first server does not have mbstring extension. This caused fatal duplicate function defs, mb_strlen, etc. They exist in bootstrap.php, around line 374, and mbstring.php. I had to put a conditional (if(!function_exists('mb_strlen'))) around the 5 functions (listed in bootstrap.php) in mbstring.php to eradicate the fatal dup error. vendor/patchwork/utf8/class/Patchwork/Utf8/Bootup/mbstring.php The other server I use has PHP 5.4 but does have mbstring extension but no mb_regex_encoding(). It crashed until I did this (around line 83 in bootstrap.php): if (extension_loaded('mbstring')) { mb_internal_encoding(RCUBE_CHARSET); if(function_exists("mb_regex_encoding")) mb_regex_encoding(RCUBE_CHARSET); } _Migrated-From: http://trac.roundcube.net/ticket/1490280_ ieee_logicData control_flow
#4770 Deprecated function in SMTP files _Reported by youngrp on 18 Feb 2015 02:16 UTC as Trac ticket #1490281_ It's my first ticket here so I don't know if I filled the form correctly. Follow the log lines: ``` [23:41:43](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 448 [23:41:43](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 465 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 472 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 515 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 263 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 519 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/program/lib/Roundcube/rcube_smtp.php on line 129 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/program/lib/Roundcube/rcube_smtp.php on line 243 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 945 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 263 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 948 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/program/lib/Roundcube/rcube_smtp.php on line 255 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/program/lib/Roundcube/rcube_smtp.php on line 263 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 975 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 263 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 978 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/program/lib/Roundcube/rcube_smtp.php on line 291 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 1054 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 263 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 1057 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 1117 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 263 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 1127 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 263 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 1132 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 489 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 263 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 492 [23:41:44](17-Feb-2015) PHP Deprecated: Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in /path/to/webmail/vendor/pear/net_smtp/Net/SMTP.php on line 495 ``` Thanks. _Keywords: Deprecated PEAR SMTP_ _Migrated-From: http://trac.roundcube.net/ticket/1490281_ ieee_syntax non_functional
#4771 BMP attachments display warnings _Reported by netesa on 19 Feb 2015 07:25 UTC as Trac ticket #1490282_ Roundcube assumes .bmp files to have MIME-type image/bmp. However, it is not officially registered at IANA and on many systems it is detected as image/x-ms-bmp. This triggers a warning in Roundcube while trying to open the attachment: "Expected: image/bmp (.bmp); found: image/x-ms-bmp". _Migrated-From: http://trac.roundcube.net/ticket/1490282_ ieee_logicData control_flow
#4772 Max packet size issue in rcube_cache (and rcube_cache_shared) _Reported by @alecpl on 19 Feb 2015 09:33 UTC as Trac ticket #1490283_ Since https://github.com/roundcube/roundcubemail/commit/5793309478b60b3f30aea191ec2f46b944584afa we limit queries according to defined packet size. It works for MySQL, however some database engines do not provide a way to detect the configured limit. In such cases default 2MB will be used. Because we use rcube_cache also e.g. for database_attachments the 2MB might be too small and people that use other DB engines has no way to change this default. I suppose this should become a configuration option. _Migrated-From: http://trac.roundcube.net/ticket/1490283_ ieee_interface structural
#4773 Answer to a blockquoted fragment might be shown incorrectly when "format=flowed" _Reported by netesa on 19 Feb 2015 09:33 UTC as Trac ticket #1490284_ Roundcube doesn't display correctly an answer to a blockquoted fragment when the last line of the quoted answer is empty (it contains just ">" and the in the next new line there is an answer). The problem occurs only with "format=flowed". It isn't also parsed correctly in message composition window (e.g. when you select "Edit as new", forward or reply to such a message). An example message is attached. _Migrated-From: http://trac.roundcube.net/ticket/1490284_ ieee_logicData control_flow
#4777 Remove BOM not only on start of the content _Reported by @alecpl on 27 Feb 2015 07:50 UTC as Trac ticket #1490291_ A newsletter sent from coindesk.com contains invalid HTML content (quoted-printable): ``` <!DOCTYPE html PUBLIC "-_W3C_DTD XHTML 1.0 Transitional_EN" "http:_www= =2Ew3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> =EF=BB=BF<html... ``` As you see it put BOM sequence not as the first characters. Roundcube will not remove it. This causes DOMDocument parser in rcube_washtml class to fail. The message will be empty. I propose to remove BOM sequences not only on start of the body but also in the whole body. _Migrated-From: http://trac.roundcube.net/ticket/1490291_ ieee_logicData control_flow
#4779 duplicate key in timezone _Reported by scornaky on 27 Feb 2015 11:31 UTC as Trac ticket #1490293_ Hello! duplicate key in timezone rcube_config.php timezone_name_from_abbr ... '300' => "Asia/Karachi", '270' => "Asia/Kabul", '300' => "Asia/Karachi", line 686, 688 _Migrated-From: http://trac.roundcube.net/ticket/1490293_ ieee_otherBuildConfigInstall non_functional
#4780 Subject line (data) not being respected _Reported by citechnical on 2 Mar 2015 05:03 UTC as Trac ticket #1490295_ I installed the latest version 1.1.0 on my company CentOS 7 server and I'm sending and receiving mail now. I am, however not able to set the Subject: on outgoing mail. My wife sent me a mail and it came through (No Subject) and I tested similarly to another email and that mail came through (No Subject). We are typing in the Subject textbox but after the mail goes, the subject is lost. I did not find this issue listed on this Trac site nor did I find anything via Google. Thanks, David L. Whitehurst _Migrated-From: http://trac.roundcube.net/ticket/1490295_ ieee_logicData control_flow
#4782 sent_mbox preference is always resetted after login _Reported by mufus on 3 Mar 2015 18:23 UTC as Trac ticket #1490300_ After upgrading to 1.1.0 i noticed that the "sent_mbox" preference for each user is always being resetted after each login. My dovecot config: ``` mailbox Sent { special_use = \Sent } ``` Every time I log in to roundcube webmail, my Settings > Preferences > Special Folders > Sent is always resetted back to "Sent" (defined by Dovecot), even if I manually change it to, for example "Sent Messages" folder. _Migrated-From: http://trac.roundcube.net/ticket/1490300_ ieee_logicData control_flow
#4785 Broken HTML signature image _Reported by twisterbr on 6 Mar 2015 16:57 UTC as Trac ticket #1490306_ If you set the config in 'identity_image_size' to > 64, you'll need to alter the database table identities and change the data type of the field signature to one that's bigger than 'text'. Otherwise you'll get an incomplete base64 code and a broken image. BLOB, TEXT L + 2 bytes, where L < 2^16 (64 Kilobytes) MEDIUMBLOB, MEDIUMTEXT L + 3 bytes, where L < 2^24 (16 Megabytes) _Keywords: html image broken_ _Migrated-From: http://trac.roundcube.net/ticket/1490306_ ieee_interface structural
#4787 Message size over limit without error message _Reported by falstaff on 8 Mar 2015 19:33 UTC as Trac ticket #1490309_ When sending which is larger than the SMTP's size limit (Postfix in my case), the "Sending message..." status keeps spinning but no error appears on the web interface. However, Those errors appear in the Apache log: ``` [Mar 08 20:20:00.651851 2015](Sun) [[pid 15781](:error]) [[CLIENTIP](client):56415] ERROR: Message size exceeds server limit (), referer: https://myserver.domain/?_task=mail&_action=compose&_id=193292301054fca0bc7bf4a [Mar 08 20:20:00.652258 2015](Sun) [[pid 15781](:error]) [[CLIENTIP](client):56415] PHP Fatal error: Call to a member function getMessage() on a non-object in /var/www/roundcube/program/lib/Roundcube/rcube_smtp.php on line 297, referer: https://myserver.domain/?_task=mail&_action=compose&_id=193292301054fca0bc7bf4a [Mar 08 20:20:00.670988 2015](Sun) [[pid 15781](:error]) [[[CLIENTIP](client):56415] ERROR: not connected (), referer: https://myserver.domain/?_task=mail&_action=compose&_id=193292301054fca0bc7bf4a ``` The Browsers console logs a POST error code 500: ``` POST https://myserver.domain/?_task=mail&_unlock=loading1425842889864&_lang=en_US&_framed=1 500 (Internal Server Error)app.min.js?s=14223403008:154 submit_messageformapp.min.js?s=14223403008:78 command?_task=mail&_action=compose&_id=193292301054fca0bc7bf4a:139 onclick ``` _Migrated-From: http://trac.roundcube.net/ticket/1490309_ ieee_logicData control_flow
#4790 Issue in backtick character handling by rcube_db _Reported by @alecpl on 11 Mar 2015 19:12 UTC as Trac ticket #1490312_ Steps to reproduce: 1. Go to Settings > Responses. 2. Edit a response or create a new one that contains backtick (`) character in body or name. Save. 3. Observe that the serialized string with user prefs (and responses) contains doubled backtick, which is this way stored in database. This makes such string not unserializable. This is new in Roundcube 1.1. _Migrated-From: http://trac.roundcube.net/ticket/1490312_ ieee_interface structural
#4792 Session timeouts after session handling code refactoring _Reported by netesa on 12 Mar 2015 08:47 UTC as Trac ticket #1490316_ In current git-master I observe session timeouts after some time of user inactivity (I suspect this issue was introduced with commit 2755471f335624ad64751dc101aa23787e436be4, before this commit everything works correctly). Steps to reproduce: 1. Log in, select a message, it is loaded into a preview frame. 2. Wait (in my case 30 minutes) and do not click anything in the window. The Roundcube will check for new messages (I have set the period to 1 minute), however, after 30 minutes of inactivity the session will finally timeout. _Migrated-From: http://trac.roundcube.net/ticket/1490316_ ieee_logicData control_flow
#4795 Attachment not displayed _Reported by Grump on 17 Mar 2015 22:20 UTC as Trac ticket #1490325_ The VCALENDAR attachment in the attached .eml is not displayed to the user as plain text or a downloadable attachment. Tried 1.1.0 stable and latest git-master. The attachment should be available as a downloadable .ics as per mimetypes.php, and seems to be available in other clients. Some sensitive information has been removed from the .eml. _Migrated-From: http://trac.roundcube.net/ticket/1490325_ ieee_logicData control_flow
#4796 rcube_db.php::list_tables not reliable _Reported by rosali on 21 Mar 2015 13:43 UTC as Trac ticket #1490337_ ``` /** * Returns list of tables in a database * * @return array List of all tables of the current database */ public function list_tables() { // get tables if not cached if ($this->tables === null) { $q = $this->query('SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES ORDER BY TABLE_NAME'); if ($q) { $this->tables = $q->fetchAll(PDO::FETCH_COLUMN, 0); } else { $this->tables = array(); } } return $this->tables; } ``` ... returns tables of all databases hosted on the MySQL server. F.e. In database "name1" exists a table "calendars" and on database "name2" is does not exist. I want to check if a table "calendars" exists in database "name2". I can't use the method because it returns also tables from database "name1". I have fixed this by ... ``` SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA='name2' ORDER BY TABLE_NAME ``` ... but I'm not sure if this works for other database backends than MySQL. _Migrated-From: http://trac.roundcube.net/ticket/1490337_ ieee_logicData control_flow
#4798 setErrorHandling Deprecated _Reported by Jam on 26 Mar 2015 17:34 UTC as Trac ticket #1490343_ Deprecated: Non-static method PEAR::setErrorHandling() should not be called statically, assuming $this from incompatible context in ...\program\lib\Roundcube\bootstrap.php on line 102 Found using PHP 5.6.3. A simple "@" in front up would be helpfull ;-) _Migrated-From: http://trac.roundcube.net/ticket/1490343_ ieee_syntax structural
#4799 Support encoded recipient in mailto: handler _Reported by @alecpl on 30 Mar 2015 14:53 UTC as Trac ticket #1490346_ Email address in mailto: url may be %-encoded, e.g. `<a href="mailto:%61lec%40alec%2e%70%6c"></a>`. We should handle such addresses correctly. _Migrated-From: http://trac.roundcube.net/ticket/1490346_ ieee_logicData control_flow
#4802 Signature separator not added when signature is plain text, but editor in html mode _Reported by @alecpl on 8 Apr 2015 10:30 UTC as Trac ticket #1490352_ I just noticed that signature separator is not automatically added when the signature was created in plain text mode, but the compose editor is in html mode. Would be good to make this consistent - the separator is added for html signatures. _Migrated-From: http://trac.roundcube.net/ticket/1490352_ ieee_logicData control_flow
#4803 Font artifacts in Google Chrome on Windows _Reported by Alexey Astashov on 8 Apr 2015 18:57 UTC as Trac ticket #1490353_ After updating to version RoundCube 1.1.1 on the symbols "-" and "/" artifacts appeared in Google Chrome if the letter is written as text. Under Mozilla Firefox - all well displayed. tried demo online roundcubeskins.net - the same thing. RoundCube 1.0.2 In all displayed correctly. _Migrated-From: http://trac.roundcube.net/ticket/1490353_ ieee_logicData control_flow
#4805 Attachment from MS Office Outlook 11 not displayed _Reported by martin sourada on 16 Apr 2015 15:48 UTC as Trac ticket #1490355_ A user using our mail system sent a message with attachment via client in summary. In desktop clients the attachment displays correctly, in roundcube the message appears as if the attachment was not present. I've slimmed down the message as much as possible, xyz'd private data and attach it. It's reproducible with this attachment. Some info: dovecot 2.1.12 php 5.4.8 apache 2.2.23 _Migrated-From: http://trac.roundcube.net/ticket/1490355_ ieee_logicData control_flow
#4809 Show preview pane option is not always remebered _Reported by netesa on 19 Apr 2015 04:53 UTC as Trac ticket #1490362_ 1. In the settings set "Show preview pane" and "Open message in a new window" to off. 2. Go to the mailbox screen. Double click on a subject to open a message. 3. Click "Back" button to return to message list. 4. Single click on another message. 5. Select "Show preview pane" - the preview area is opened. 6. Double click this message to open it in a larger area. 7. Click "Back" button to return to message list. The preview pane is not shown. _Migrated-From: http://trac.roundcube.net/ticket/1490362_ ieee_logicData control_flow
#4810 Message highlight regression _Reported by netesa on 19 Apr 2015 05:22 UTC as Trac ticket #1490363_ 1. In the settings set "Show preview pane" and "Open message in a new window" to off. 2. Go to the mailbox screen. Double click on a subject to open a message. 3. Click "Back" button to return to the message list. The message that was viewed recently shoud be highlighted as it was before the commit 28331d5ed23029753e0a8c5202e60b02716628cc It occurs only on some requests, e.g. you may need to try the above procedure 5-6 times or so to see this bug. Before this commit everything was working correctly everytime. _Migrated-From: http://trac.roundcube.net/ticket/1490363_ ieee_logicData control_flow
#4815 File upload to temp using thumbnail functionality _Reported by adprotas on 5 May 2015 17:49 UTC as Trac ticket #1490377_ The thumbnail functionality performs a temporary file write to the temp folder. This happens when an email is rendered with pictures, and the picture being rendered is identified by the '_part' identifier. If a user has more than one attachments in an email, they can change the '_part' field to another attachment, which will then write that file to the temp folder in it's original form. The extension of this file is the mime extension of the file (such as using the UNIX 'file' against the file). For instance, uploading a php file will name it md5 of file_ident, user->ID, and thumbnail_size with an extension of .x-php. Luckily mime on the test machines does not return '.php', otherwise it would allow for arbitrary code execution. Uploading an html file does result in an html exception. This would allow the Roundcube server to host up arbitrary html code within its temp directory, perhaps aiding other attacks against Roundcube users, or hosting arbitrary html on that webserver for other attacks against outside users. This vulnerability requires a user to have active email account access on the server. Server tested: Ubuntu 14.04.01 64-bit Roundcube Version: 1.1.1 _Migrated-From: http://trac.roundcube.net/ticket/1490377_ ieee_logicData control_flow
#4817 Potential arbitrary read through uploaded vcard _Reported by nrogers on 6 May 2015 16:37 UTC as Trac ticket #1490379_ There is a potential for an arbitrary read from an authenticated user who uploads a contact (vCard) with a specially crafted POST. Though I couldn't get the bug to trigger myself, this code still looks dangerous: \program\steps\addressbook\photo.inc @ line 67-96 If the $data value can be set to NULL (through vCard) and the _alt parameter is a valid file on the server an arbitrary read could occur: if (!$data && ($alt_img = rcube_utils::get_input_value('_alt', rcube_utils::INPUT_GPC)) && is_file($alt_img)) { $data = file_get_contents($alt_img); } This is returned via echo() a few lines down: if ($data) { header('Content-Type: ' . rcube_mime::image_content_type($data)); echo $data; } Though I was unable to find a way to have data=NULL the concerning part is the _alt field. There doesn't seem to be a corresponding feature for this in the GUI. Might be wise to remove if the functionality isn't used. Attached is an example POST command to trigger this _potential_ bug by supplying the "_alt" param in the POST. User must be authenticated _Migrated-From: http://trac.roundcube.net/ticket/1490379_ ieee_logicData control_flow
#4820 Ensure memcache/apc cache consistency _Reported by @alecpl on 12 May 2015 06:50 UTC as Trac ticket #1490390_ Due to the nature of memcache, entries (including our 'index' records) can disappear from the store without further notice. We therefore should check the index when we read data from the cache. It's because we also rely on it when we delete entries with a key prefix (or we delete all entries). More about the case where our current solution becomes a real issue in https://issues.kolab.org/show_bug.cgi?id=5036 _Migrated-From: http://trac.roundcube.net/ticket/1490390_ ieee_logicData control_flow
#4822 installer imap config test not working with PHP5.6 _Reported by andy p on 13 May 2015 15:52 UTC as Trac ticket #1490392_ Apparently, the imap_conn_options are not used when testing the imap connection in step 3 of the installer (didn't test smtps), so the test will always fail for SSL and TLS connections. After I ignored the failed test, Roundcube would work as expected with the socket context options as described in defaults.inc.php _Migrated-From: http://trac.roundcube.net/ticket/1490392_ ieee_otherBuildConfigInstall non_functional
#4826 $ckey variable in delete_record() in roundcube_cache_shared.php _Reported by netesa on 23 May 2015 07:15 UTC as Trac ticket #1490401_ In roundcube_cache_shared.php, in lines: 508, 511, 515 $ckey variable is referenced, which is undefined in this function. I think this should be changed to $key. That was somehow missed in commit b120d42f5b944a7b4ff801b82f048b71ec2bd288 _Migrated-From: http://trac.roundcube.net/ticket/1490401_ ieee_logicData control_flow
#4827 Make generated des_key value more secure _Reported by @alecpl on 23 May 2015 07:27 UTC as Trac ticket #1490402_ During the source code review of Roundcube we have identified, that cryptographically weak random number generators are used to generate encryption keys in standard installer. Using cryptographically weak random number generators may allow attackers to predict next generated values based on a sample of previous values. This attack is possible when user can receive samples of generated values or have access to the entropy pool used by the generator. As a result attackers can perform guessing attacks on encryption key and as a result impersonate authenticated users by predicting session identifiers. It is recommended that an analysis is performed to improve generating encryption keys using cryptographically secure random number generators. For PHP language the recommended function for this purpose is openssl_random_pseudo_bytes(). _Migrated-From: http://trac.roundcube.net/ticket/1490402_ ieee_logicData control_flow
#4829 Use des_key only for encryption purposes _Reported by @alecpl on 23 May 2015 09:45 UTC as Trac ticket #1490404_ The des_key should not be used for many purposes. Currently it's used to: 1. encrypt users IMAP passwords using 3DES algorithm, 2. generate session identifier using SHA-1 or MD5 algorithms, 3. generate anti-CSRF token using MD5 algorithms, 4. generate unique hash of user using MD5 algorithm. Usage of the same cryptographic key for multiple purposes increases risk of disclosure and unauthorized usage. Additionally, partial usage of the key allows to perform brute-force guessing. I think 2-4 could use the recently added rcube_utils::random_bytes() function which uses openssl_random_pseudo_bytes(). See https://github.com/roundcube/roundcubemail/commit/3994b3a26c252cba4070337b036e3a1c12c81369 _Migrated-From: http://trac.roundcube.net/ticket/1490404_ ieee_logicData control_flow
#4833 Blank image in html_signature when saving identity changes _Reported by v tomas on 28 May 2015 07:41 UTC as Trac ticket #1490412_ Hello, Editing an identity, if I try to attach an image (I've tried jpeg or png) with html_signature enabled and save the changes then the image that I've just attached is blank. If I inspect the image element there is no "src" attribute. Investingating a little I've found that modifying the variable "$regexp" (line 210) from the function "rcmail_attach_images" inside the file /var/www/roundcube/program/steps/settings/save_identity.inc it works fine. ``` old value: '/\s(poster|src)\s*=\s*[value: '/\s(poster|src)\s*=\s*[\'"](\'"]*\S+upload-display\S+file=rcmfile([0-9]+)[\s\'"]*/' new)*\S+upload-display\S+file=rcmfile(\w+)[\s\'"]*/' ``` NOTE: I'm not a PHP developer. I don't know if it's the best fix. Environment: OS: Debian 7.8 (with updates) php: 5.4.39 apache: 2.2.22 _Keywords: html_signature_ _Migrated-From: http://trac.roundcube.net/ticket/1490412_ ieee_logicData control_flow
#4834 "Compose mail to" in addressbook section doesn't work correctly with results from multiple addressbooks _Reported by netesa on 28 May 2015 08:19 UTC as Trac ticket #1490413_ Steps to reproduce: 1. Search for contacts in multiple addressbook. 2. Select some of the results that are from different addressbooks. 3. Click "Compose mail to". 4. Only contacts from one addressbook are added to the list. _Migrated-From: http://trac.roundcube.net/ticket/1490413_ ieee_logicData control_flow
#4836 PHP7 Compatibility _Reported by @alecpl on 29 May 2015 08:16 UTC as Trac ticket #1490416_ Our code need to be reviewed and tested, but I do not expect many issues. There's a problem with some PEAR classes and PEAR itself, that still support PHP4 which will give us warnings/errors on PHP7. Here's the list: - PEAR (planned 1.10 release is supposed to fix that) - Mail_mime (I'll work on that) - Mail_mimeDecode - Net_SMTP - Net_Sieve I created tickets for the last three in project's bugtrackers, but I suppose we'll need to wait for PEAR 1.10 to be done first. _Migrated-From: http://trac.roundcube.net/ticket/1490416_ ieee_syntax structural
#4837 XSS via _mbox-parameter in Roundcube v.1.1.1 _Reported by sroesemann on 30 May 2015 11:30 UTC as Trac ticket #1490417_ The XSS-vulnerability can be triggered by appending malicious script code to the _mbox-parameter. The following example will pop an alert box: https://{YOURSERVER}/?_task=mail&_mbox=INBOX%22%3E%3Cscript%3Ealert(%22Roundcube+v1.1.1+XSS%22)%3C%2Fscript%3E Attackers could use this vulnerability to steal cookies or extract email-content. Used browsers: Mozilla Firefox v. 38.0.1, Apple Safari 8.0.6 on Mac OSX 10.10. _Keywords: XSS, Vulnerability_ _Migrated-From: http://trac.roundcube.net/ticket/1490417_ ieee_logicData control_flow
#4839 SQL error when using $config['session_storage'] = 'php' _Reported by jirand on 4 Jun 2015 13:16 UTC as Trac ticket #1490421_ When using PHP session storage, roundcube logs SQL error when logging out. ``` (SQL Query: DELETE FROM WHERE `sess_id` = '7nkmaor7jmutbfqa90io0ji744') in /var/www/html/roundcubemail/program/lib/Roundcube/rcube_db.php on line 543 (POST /?_task=login?_task=login&_action=login) ``` This patch fixes the problem. (patch against 1.1.1) ``` --- a/program/lib/Roundcube/rcube_session.php 2015-03-16 21:54:18.000000000 +0100 +++ b/program/lib/Roundcube/rcube_session.php 2015-06-04 13:00:37.886873000 +0200 @@ -144,7 +144,11 @@ */ public function destroy($key) { - return $this->memcache ? $this->mc_destroy($key) : $this->db_destroy($key); + if ($this->storage == 'memcache' && $this->memcache) { + return $this->mc_destroy($key); + } elseif ($this->storage == 'db') { + return $this->db_destroy($key); + } else { + return true; + } ``` _Migrated-From: http://trac.roundcube.net/ticket/1490421_ ieee_logicData control_flow
#4842 Impossible to give a destination address _Reported by lspagnol on 8 Jun 2015 13:07 UTC as Trac ticket #1490424_ Just updated from 1.1.1 to 1.1.2, and i got the following error: PHP Fatal error: Using $this when not in object context in /var/www/program/lib/Roundcube/rcube_ldap.php on line 840 -> autocompletion don't work anymore, making it impossible to give a destination address _Keywords: address autocompletion ldap_ _Migrated-From: http://trac.roundcube.net/ticket/1490424_ ieee_logicData control_flow
#4843 Can't open a message returned by a subfolder search result _Reported by lucasmarin on 9 Jun 2015 15:06 UTC as Trac ticket #1490426_ When the subfolder has special chars like 'Teste de busca com acentuao' and the option of search in parent folder is 'This and subfolders', the message open action return an error and not is displayed. I check the url of get message and the param _uid is wrong formatted, and is necessary format his value with url format like _mbox is. Url: http://[webmail_url]/?_task=mail&_action=preview&_uid=6-INBOX.Teste%20de%20busca%20com%20acentua&AOcA4w-o&_mbox=INBOX.Teste%20de%20busca%20com%20acentua%26AOcA4w-o&_framed=1&_search=97571d970954ec9c949a818effc3a24b&_caps=pdf%3D1%2Cflash%3D1%2Ctif%3D0 &_uid=6-INBOX.Teste%20de%20busca%20com%20acentua**&**AOcA4w-o _Migrated-From: http://trac.roundcube.net/ticket/1490426_ ieee_logicData control_flow
#4844 Page number in mail list view switches when browsing the addressbook _Reported by medgen on 10 Jun 2015 14:31 UTC as Trac ticket #1490427_ Preconditions: - A folder containing many mails (multiple pages in list view) - An addressbook containing multiple pages of entries. Steps to reproduce: - Open a folder, that contains a lot of mail (more than one page) - Make sure, you are on the first page of that folder - Click "Compose" to start writing a new mail - Open an addressbook - Use the > icon to move to e. g. page 4 of the addressbook. - Send the mail or click "Cancel" to stop composing the new mail - You are back in the list view of the folder you started. But now you're on page 4, instead of 1 where you started. Last reproduced with git version from 10-Jul-2015. _Migrated-From: http://trac.roundcube.net/ticket/1490427_ ieee_logicData control_flow
#4845 Race-condition in saving user preferences vs. loading plugin config _Reported by @alecpl on 16 Jun 2015 09:38 UTC as Trac ticket #1490431_ After following code path 1. Call rcube_user::save_prefs() that changes any config option (e.g. 'search_mods' when executing messages search). 2. From a plugin call load_config(). 3. call config->get() for a user preference defined in the plugin. any user preferences defined in the plugin will be replaced by defaults stored in plugin's config.inc.php file. _Migrated-From: http://trac.roundcube.net/ticket/1490431_ ieee_logicData control_flow
#4847 Html2Text: Don't add a link to the list if content == href _Reported by @alecpl on 17 Jun 2015 06:35 UTC as Trac ticket #1490434_ Consider a link: <a href="http:_www.xxx.de">http:_www.xxx.de</a> When such HTML content is converted to text when a message is displayed it will generate: ``` http://www.xxx.de [1] Links: ------ [1] http://www.xxx.de ``` ... and both http://www.xxx.de are already clickable links. This is wrong/redundant. The same applies to text conversion in mail compose and signatures. _Migrated-From: http://trac.roundcube.net/ticket/1490434_ ieee_logicData control_flow
#4849 Html2Text: multi-&nbsp; is converted to one space _Reported by @alecpl on 17 Jun 2015 06:45 UTC as Trac ticket #1490436_ ``` <div class="pre">eye: &nbsp;&nbsp;test<br /> tes: &nbsp;&nbsp;test</div> ``` when this content is converted to text (tested in signature field) it will become: ``` eye: test tes: test ``` but it should have three spaces instead of one, i.e. ``` eye: test tes: test ``` _Migrated-From: http://trac.roundcube.net/ticket/1490436_ ieee_logicData control_flow
#4850 Html2Text: Disable links list in some cases _Reported by @alecpl on 17 Jun 2015 06:51 UTC as Trac ticket #1490437_ We should probably disable generation of links list when converting html to text in compose editor and signature editor. This is good when we display a message, but in editing mode this is less wanted, I suppose. _Migrated-From: http://trac.roundcube.net/ticket/1490437_ ieee_interface structural
#4852 Self-reply detection does not work in most cases _Reported by @alecpl on 18 Jun 2015 18:57 UTC as Trac ticket #1490439_ Because in compose.inc we have: ``` in_array($ident['ident'], array($fvalue, $MESSAGE->headers->from)) ``` detecting self-reply works only when the header content is precisely the same as identity string (name and address). It does not work for encoded names, different names or same addresses but with/without braces. The check should compare only the email address. _Migrated-From: http://trac.roundcube.net/ticket/1490439_ ieee_logicData control_flow
#4855 Microseconds in log_date_format _Reported by @alecpl on 25 Jun 2015 17:37 UTC as Trac ticket #1490446_ Current solution in rcube::write_log() does not support microseconds. I found it a little bit tricky. To have microseconds support we need to use DateTime class, but the trick is to create the object with microseconds and proper timezone. This code does this: ``` $date = date_create_from_format('U.u.e', microtime(true) . '.' . date_default_timezone_get()); $date = $date->format($date_format); ``` On error date_create_from_format() will return FALSE so we should check that and fallback to the old code. _Migrated-From: http://trac.roundcube.net/ticket/1490446_ ieee_interface structural
#4858 Multi-folder search result sorting by arrival date does not work _Reported by lucasmarin on 6 Jul 2015 17:35 UTC as Trac ticket #1490450_ When I search in All folders, the result list is out of order like the image attached. [[Image(http://s24.postimg.org/fmdrzn8w1/Capturar.jpg)]] _Keywords: search_ _Migrated-From: http://trac.roundcube.net/ticket/1490450_ ieee_logicData control_flow
#4867 "Edit as new" inserts a new line at the bottom of the message _Reported by netesa on 27 Jul 2015 16:09 UTC as Trac ticket #1490463_ Steps to reproduce: 1. Compose a plain text message and send it to yourself. 2. Select "Edit as new" for the received message in INBOX. A new empty line is inserted at the bottom of the message, even if the message already has an empty line (or several empty lines) at the end. A new line is added each time. _Migrated-From: http://trac.roundcube.net/ticket/1490463_ ieee_logicData control_flow
#4868 Case-sensitive NoInferriors attribute _Reported by geby on 29 Jul 2015 08:01 UTC as Trac ticket #1490466_ NoInferriors flag is case-insensitive by IMAP definition, but you are doing case-sensitive check only in rcmail.php fuction render_folder_tree_select. You are doing: ``` in_array('\\Noinferiors', $attrs) ``` But my server using "NoInferriors" and it does not match. Can you make coparsion as case-insensitive, please? Thank you! _Migrated-From: http://trac.roundcube.net/ticket/1490466_ ieee_logicData control_flow
#4869 Drafts are not removed after sending messages with disabled saving in "Sent" folder _Reported by netesa on 29 Jul 2015 08:31 UTC as Trac ticket #1490467_ Steps to reproduce: 1. Start composing a message. 2. Enter some data and save a draft. 3. Set "Save message in:" to "- don't save -" (or completely disable Sent folder in "Special Folders" settings) 4. Send the message. The composed draft still stays in Drafts mailbox. _Migrated-From: http://trac.roundcube.net/ticket/1490467_ ieee_logicData control_flow
#4871 Addressbook search error on message composing _Reported by geby on 31 Jul 2015 07:49 UTC as Trac ticket #1490469_ When I try to search addressbook on "message composer", I got an "Internal server error". log says: [09:35:53 Europe/Prague](31-Jul-2015) PHP Fatal error: Using $this when not in object context in E:\data\web\intranet\roundcube\program\lib\Roundcube\rcube_ldap.php on line 840 Probably LDAP search request is incomplete by this, and LDAP server return error. Addressbook search on other place working fine. We are using LDAP addressbook connected to the Active Directory. This is new bug in 1.1.2, working fine on 1.1.1. Thank you! _Migrated-From: http://trac.roundcube.net/ticket/1490469_ ieee_logicData control_flow
#4877 net::ERR_CONTENT_LENGTH_MISMATCH error on load inline message part image _Reported by lucasmarin on 12 Aug 2015 16:36 UTC as Trac ticket #1490482_ When I read/reply/forward the attached eml message, the net::ERR_CONTENT_LENGTH_MISMATCH error is printed on the console browser. This error occours when the Content-Length of the message is not equal of the real size. On the program\steps\mail\get.inc, 364 line... the size part attribute is setted in the Content-Length of Request Header, but I don't know that is most security way to set the real size of body request. If I change the code to: ``` 363 else if ($part->size) { 364 $body = $MESSAGE->get_part_body($part->mime_id, false, 0); 365 header("Content-Length: ". strlen($body)); 366 echo $body; 367 $sent = false; 368 } ``` The error hot occurs and the request is closed correctly. _Migrated-From: http://trac.roundcube.net/ticket/1490482_ ieee_logicData control_flow
#4884 No input validation of username at login _Reported by vegar on 21 Aug 2015 14:17 UTC as Trac ticket #1490500_ There seems to be no input validation of the user name field at login. One reason for this may be to accomodate for various username convensions out there, but there does not even seem to be an upper limit in terms of allowed number of characters for a username, nor validation of special characters that should never be part of an email address or account username. The only way to control username validation from config seems to be the login_lc variable. This has no effect on special characters, whitespace or entire paragraphs input as usernames however. Lack of whitelist based input validation remains one of OWASP's Top 10 web application security threats, and may enable injection attacks and exploitation of vulnerabilities like Shellshock. Attempting to use the following as username (login_lc enabled): "This is an impossibly long username containing lots and lots of This is a !"#$%&/() \s {}; REALLY long username! Leads to the following reply from the IMAP server: Aug 21 16:01:31 myhost dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<this is a !"#$%&/() \s {}; really long username!>, method=PLAIN, rip=178.79.xxx.xxx, lip=178.79.xxx.xxx, TLS, session=<ycZXtNIdMgCyT4nx> Using international characters implies some unicode conversion taking place: Username: username IMAP-log: Aug 21 16:03:05 myhost dovecot: imap-login: Disconnected (auth failed, 1 attempts in 5 secs): user=<xn--username-h0aajb6uc>, method=PLAIN, rip=178.79.xxx.xxx, lip=178.79.xxx.xxx, TLS, session=<v/7GudIdzQCyT4nx> Input of entire paragraph: Username: <Auto-generated Lorem Ipsum, 100 words, 6443 characters> Log: Seems to be dismissed by Dovecot. Roundcube outputs 2007 characters to its log. _Migrated-From: http://trac.roundcube.net/ticket/1490500_ ieee_logicData control_flow
#4886 Saved setting to always "View all images from X" is not saved but lost _Reported by michael heuberger on 24 Aug 2015 02:04 UTC as Trac ticket #1490504_ Everytime Roundcube asks me whether to "Always show images from X" I hit that button but this confirmation of mine seems to be lost. Next time I get another email from X, Roundcube is asking me again the same question. Looks like a bug. _Migrated-From: http://trac.roundcube.net/ticket/1490504_ ieee_logicData control_flow
#4887 Separate css styles of html parts in a message _Reported by @alecpl on 24 Aug 2015 08:06 UTC as Trac ticket #1490505_ When we display a message which contains more than one text part (at least one html part) the css styles set for div.rcmBody element of the html part will be applied also for other parts, which may make them unreadable. _Migrated-From: http://trac.roundcube.net/ticket/1490505_ ieee_logicData control_flow
#4889 s/inculding/including/ @ installer/config.php _Reported by killerbees19 on 25 Aug 2015 15:11 UTC as Trac ticket #1490507_ Minor typo ;-) _Migrated-From: http://trac.roundcube.net/ticket/1490507_ ieee_otherBuildConfigInstall non_functional
#4893 gc.sh should remove also old sessions _Reported by @alecpl on 30 Aug 2015 06:42 UTC as Trac ticket #1490512_ The script already cleans caches and temp directory. However, user that use it would likely want to have session table cleaned too. E.g. on Debian where session GC is disabled and sessions are supposed to be cleaned by cron script we need to do this. _Migrated-From: http://trac.roundcube.net/ticket/1490512_ ieee_logicData control_flow
#4896 Encoding problem in multipart/alternative mails _Reported by bimrc on 1 Sep 2015 20:45 UTC as Trac ticket #1490519_ After upgrading our mail server to debian jessie, we have encoding problems in Roundcube especially sent mails from Outlook with content language Turkish. We disable BINARY extension in Roundcube, with imap_disabled_caps option in configuration but we still have encoding problems. You can find the sample e-mail and imap log file in the attached documents. We use dovecot in imap server. _Keywords: Encoding problem_ _Migrated-From: http://trac.roundcube.net/ticket/1490519_ ieee_standards structural
#4897 message/delivery-status relayed not showing in-reply-to header _Reported by lukosm on 4 Sep 2015 18:09 UTC as Trac ticket #1490523_ I have a small question. Why in DSN the header in-reply-to not apear? _Migrated-From: http://trac.roundcube.net/ticket/1490523_ ieee_logicData control_flow
#4900 XSS via drag and drop file upload _Reported by lightsey on 8 Sep 2015 20:57 UTC as Trac ticket #1490530_ Somewhat trivial, but the webapp scanners picked this up in RoundCube 1.0.6 while we were scanning cPanel & WHM. To reproduce: 1. Log into RoundCube using Firefox. 2. Compose new mail message 3. Drag and drop a file named the following: '><img src=x onerror=alert(1);> _Migrated-From: http://trac.roundcube.net/ticket/1490530_ ieee_logicData control_flow
#4902 Get rid of bc.php _Reported by @alecpl on 14 Sep 2015 13:27 UTC as Trac ticket #1490534_ This file contains deprecated functions/constants from pre-0.9 and some from pre-1.0 version. We should get rid of it. I checked that Roundcube code does not use these deprecated items. Options: 1. Just get rid of it. 2. Leave the file but comment out the require clause in iniset.php. 3. Move it to a new plugin. When in troubles with some old code users could just enable this plugin. _Migrated-From: http://trac.roundcube.net/ticket/1490534_ ieee_syntax non_functional
#4905 roundcube does not show the body in some cases _Reported by Zephom on 18 Sep 2015 20:38 UTC as Trac ticket #1490539_ Hi, in some cases the roundcube does not show the body message. Roundcube Webmail 0.9.5 See an example: https://mega.nz/#!fIxRySiA!vWDWfThyK-pTbrOBfrOA0QpzYKw2E8szjbMP2XjaxNw _Migrated-From: http://trac.roundcube.net/ticket/1490539_ ieee_logicData control_flow
#4908 Make installer aware we do not support PHP7 (yet) _Reported by fhdk on 21 Sep 2015 16:46 UTC as Trac ticket #1490544_ Default installation returns this this error after login. ``` Warning: Declaration of rcmail::get_instance($env = _) should be compatible with rcube::get_instance($mode = 0, $env = _) in mail/program/include/rcmail.php on line 30 ``` Fix ``` get_instance($mode = 0, $env = '') ``` _Migrated-From: http://trac.roundcube.net/ticket/1490544_ ieee_otherBuildConfigInstall non_functional
#4911 Problem with configuring SQLite on Windows _Reported by nullrequest on 22 Sep 2015 15:39 UTC as Trac ticket #1490547_ SQLite won't return query results, but appears to connect and will return current date (now). I'm running the latest Roundcube version (1.1.3). I created the SQLite DB using SQLiteman, and ran the intial setup SQL script. Also tried letting the installer create the DB, but that doesn't work, even though installer says it does (error that can't find DB that doesn't exist). I tried to make some of the calls manually by hacking up the installer page, and there are clearly issues. Several test queries return empty arrays, but selecting now() works fine and returns a result, which suggests to me that RoundCube/PHP can connect to the DB OK. I can provide my config.inc.php file if needed. [Error in X:\xxxxxxxxxxxxxx\xxxxxxxxxxx\roundcubemail\program\lib\Roundcube\rcube_db.php (546): [1]([Image(http://i.imgur.com/IjQ5efj.jpg)]] ``` DB) no such table: session (SQL Query: SELECT "vars","ip","changed", datetime('now') AS ts FROM "session" WHERE "sess_id" = 'l33jumas4qfmi7s2i3aoe60o21') Warning: session_start(): Cannot send session cache limiter - headers already sent in X:\xxxxxxxxxxxxxx\xxxxxxxxxxx\roundcubemail\program\lib\Roundcube\rcube_session.php on line 117 DB Error: [no such table: session DB Error in X:\xxxxxxxxxxxxxx\xxxxxxxxxxx\roundcubemail\program\lib\Roundcube\rcube_db.php (546): [1](1]) no such table: identities (SQL Query: SELECT * FROM "identities" WHERE "del" <> 1 AND "user_id" = NULL ORDER BY "standard" DESC,"name" ASC,"email" ASC,"identity_id" ASC) Window control About Logout Application tasks Mail Address Book Settings Logo DATABASE ERROR: CONNECTION FAILED! Unable to connect to the database! Please contact your server-administrator. DB Error in X:\xxxxxxxxxxxxxx\xxxxxxxxxxx\roundcubemail\program\lib\Roundcube\rcube_db.php (546): [no such table: session (SQL Query: INSERT INTO "session" ("sess_id","vars","ip","created","changed") VALUES ('l33jumas4qfmi7s2i3aoe60o21', 'dGVtcHxiOjE7bGFuZ3VhZ2V8czo1OiJlbl9VUyI7', '127.0.0.1', datetime('now'), datetime('now'))) ``` Here's the ouput of a the test page I created showing most DB calls return empty sets: [[Image(http://i.imgur.com/ceKc1TM.jpg)](1])] ``` <?php echo 'Current PHP version: ' . phpversion() . '<br />'; $DB = rcube_db::factory($RCI->config['', false); //$DB->set_debug((bool)$RCI->config['sql_debug']('db_dsnw'],)); $DB->set_debug(true); $DB->db_connect('r',true); if (!($db_error_msg = $DB->is_error())) { $RCI->pass('DSN (write)'); echo '<br />'; echo 'DB connect OK<br />'; $db_working = true; } else { echo 'DB NOT OK<br />'; $RCI->fail('DSN (write)', $db_error_msg); echo '<br />'; echo '<p class="hint">Make sure that the configured database exists and that the user has write privileges<br />'; echo 'DSN: ' . $RCI->config['db_dsnw'] . '</p>'; } print_r("DB->is_connected())="); print_r($DB->is_connected()); echo '<BR>'; print_r("DB->list_cols('session')="); print_r($DB->list_cols('session')); echo '<BR>'; print_r("DB->list_tables()="); print_r($DB->list_tables()); echo '<HR>'; print_r("SELECT count(*)+1 as cnt FROM session;="); print_r($DB->fetch_array($DB->query("SELECT count(*)+1 as cnt FROM session;"))); echo '<HR>'; print_r("SELECT name FROM sqlite_temp_master WHERE type='table';"); print_r($DB->fetch_array($DB->query("SELECT name FROM sqlite_temp_master WHERE type='table';"))); echo '<HR>'; print_r("select date('now');"); print_r($DB->fetch_array($DB->query("select date('now');"))); echo '<HR>'; print_r("insert Test ="); print_r($DB->fetch_array($DB->query('INSERT INTO session (sess_id, vars, ip, created, changed) VALUES (\'14baf178b3101dc57f86574afbe8fb56\', \'dGVtcHxiOjE7bGFuZ3VhZ2V8czo1OiJlbl9VUyI7dGFza3xzOjU6ImxvZ2luIjs=\', \'127.0.0.1\', datetime(\'now\'), datetime(\'now\'))' ))); ?> ``` _Keywords: sqlite, database, apache, windows_ _Migrated-From: http://trac.roundcube.net/ticket/1490547_ ieee_interface structural
#4913 Basic prevention from brute-force attacks _Reported by @alecpl on 25 Sep 2015 06:55 UTC as Trac ticket #1490549_ We have several plugins to aid in preventing such attacks from being successful, as well as OTP plugins, and typical deployments allow the user to be locked out in centralized infrastructure not just Roundcube itself (i.e. LDAP). To protect roundcube core better against such attacks we could/should: 1. make sure the session/token is regenerated after failed login. 2. perhaps temporarily block the user account. _Migrated-From: http://trac.roundcube.net/ticket/1490549_ ieee_logicData control_flow
#4925 Duplicate messages in list and wrong count _Reported by lv01jsi on 20 Oct 2015 11:37 UTC as Trac ticket #1490572_ Roundcube 1.1.3 Firefox 41.0.2 After deletion of messages from Inbox some lines in message list are duplicated and wrong total message count displayed. See attached printscreen. Similar observed multiple times on different PC. _Migrated-From: http://trac.roundcube.net/ticket/1490572_ ieee_logicData control_flow
#4927 Redundant blank lines when using HTML and top posting _Reported by @alecpl on 28 Oct 2015 08:22 UTC as Trac ticket #1490576_ There are two issues with enabled HTML composing and following settings in Preferences > Composing Messages: - When replying - start new message above the quote, - Place signature below the quoted message - off, 1. When replying it's not possible to put cursor before the signature. 2. When composing a new message the cursor is put after the signature and empty lines are added before the text (if you have no signature defined). Precissely it is <p>&nbsp;</p><div>&nbsp;</div>. _Migrated-From: http://trac.roundcube.net/ticket/1490576_ ieee_logicData control_flow
#4928 blank lines on top of plain/text multipart message when writting in HTML mode _Reported by arekm on 30 Oct 2015 14:17 UTC as Trac ticket #1490577_ When creating new mail in HTML mode multiplart alternative mail is being send. text/plain part of that mail contains excessive blank linkes on top of message. How to reproduce: - click create new message - switch to HTML (before writting anything!) - write text "first line" in first line - send it to recipient View source of the message on recipient account - you will see (two) blank lines in plain/text part before "first line". I guess that editor tries to convert <p> into new lines (uh!). What's more interesting is that if you do: - click create new message - write text "first line" (in text format; first line) - switch to HTML mode - send it to recipient then there is no <p> in html part of message but <div>. text/plain part of message will contain 1 blank line in such case before "first line" text. _Migrated-From: http://trac.roundcube.net/ticket/1490577_ ieee_logicData control_flow
#4931 Session keeps breaking on any POST request _Reported by Ashus on 4 Nov 2015 01:04 UTC as Trac ticket #1490582_ In my current environment (HTTPS, HTTP/2, Apache 2.4.17, PHP 5.6.14 via fastcgi) Roundcube does not work. Anytime I submit any form, it logs out with the message "invalid auth cookie sent". I debugged it and found the problem in the core file program/lib/Roundcube/rcube.php on line 528: ``` $this->session->set_secret($this->config->get('des_key') . dirname($_SERVER[to be changed to either ``` ``` $this->session->set_secret($this->config->get('des_key') . dirname($_SERVER['SCRIPT_FILENAME']('SCRIPT_NAME'])); ``` ``` needed))); ``` or ``` $this->session->set_secret($this->config->get('des_key') . __DIR__); ``` I presume the variable $_SERVER[SCRIPT_NAME] was used to check for specific instance of RC on the same server where cookies might collide. My debug has resulted in these: ``` 'SCRIPT_FILENAME' => '/var/www/mail/index.php', 'SCRIPT_NAME' => 'https://mail.ashus.net/?_task=settings&_action=edit-prefs&_section=mailview&_framed=1', ``` Post requests were without Get queries so dirname extracted something else. So you can see that didn't work for me. Please take this patch to the core before more HTTP/2 speed hungry users start reporting this. _Migrated-From: http://trac.roundcube.net/ticket/1490582_ ieee_logicData control_flow
#4932 Fix HTML sanitizer to skip <!-- node type X --> in output _Reported by arekm on 4 Nov 2015 14:56 UTC as Trac ticket #1490583_ Roundcube seems to add bunch of "node type 8" comments in sent mails sometimes. Are these needed for anything? Untested: ``` diff --git a/program/lib/Roundcube/rcube_washtml.php b/program/lib/Roundcube/rcube_washtml.php index c3f73fa..e4faaa7 100644 --- a/program/lib/Roundcube/rcube_washtml.php +++ b/program/lib/Roundcube/rcube_washtml.php @@ -347,6 +347,7 @@ class rcube_washtml break; case XML_DOCUMENT_TYPE_NODE: + case XML_COMMENT_NODE: break; default: ``` ``` Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=UTF-8 <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; charset= =3DUTF-8" /></head><body style=3D'font-size: 12pt; font-family: Arial,Helve= tica,sans-serif'> <p>&nbsp;</p> <!-- html ignored --><!-- head ignored --><!-- meta ignored --> <p>&nbsp;</p> <div> <div style=3D"font-size: 12pt; font-family: Arial,Helvetica,sans-serif;"> <div><!-- node type 8 --><!-- node type 8 --> <!-- node type 8 --><!-- node= type 8 --> <!-- node type 8 --> <div><!-- node type 8 --><!-- node type 8 --><!-- node type 8 --><!-- node = type 8 --><!-- node type 8 --><!-- node type 8 --> <p class=3D"MsoNormal"><span style=3D"font-family: Arial; color: #2596b8; m= so-ansi-language: PL;"><!-- node type 8 --><!-- node type 8 --><!-- node ty= pe 8 --><!-- node type 8 --><!-- node type 8 --><!-- node type 8 --><!-- no= de type 8 --><!-- node type 8 --></span><!-- node type 8 --></p> <!-- node type 8 --><!-- node type 8 --><!-- node type 8 --><!-- node type = 8 --><!-- node type 8 --><!-- node type 8 --><!-- node type 8 --> ``` _Migrated-From: http://trac.roundcube.net/ticket/1490583_ ieee_logicData control_flow
#4937 regression in showing eml attachments (in 1.1.3) _Reported by combr on 14 Dec 2015 06:50 UTC as Trac ticket #1490606_ I upgrade 0.9.2 to 1.1.3, and found a regression in showing rfc822 attachments inline. In a "undelivered message" standard letter I see in 0.9.2 two attachments: "delivery report" and original message in it. Original message (base64-encoded) shown correctly in preview pane. In 1.1.3 a letter of same type with same attachments (delivery report with original message) NOT shown correctly: in preview pane i see a plain source text of original message (base64 coding) instead decoded message. 1.1.3 ignores headers when show "original message" attachment, it is: Content-Type: text/html; charset=windows-1251 Content-Transfer-Encoding: base64 But this headers From: rs_support@... To: byk.bykov2016@... Subject: =?Windows-1251?B?y+j37fvpIOrg4ejt5fI=?= not ignored and show correctly in messahe header. rc 1.1.3 uses php ver 5.4.45 , 0.9.2 uses php 5.4.4, other are same. I attach two screenshots. _Migrated-From: http://trac.roundcube.net/ticket/1490606_ ieee_logicData control_flow
#4938 regression in forwarding eml(rfc822) attach with original message in 1.1.3 _Reported by combr on 16 Dec 2015 05:34 UTC as Trac ticket #1490607_ I upgrade 0.9.2 to 1.1.3, and found a regression in forwarding rfc822 (eml) attachments. In a "undelivered message" standard letter I see in 0.9.2 two attachments: "delivery report" and original message in it. If I forward such letter (inline as default, not as attach) BOTH attaches are in forwarded letter. If I do the same in 1.1.3, only first attach (delivery report) are in forwarded letter, and "original" part is LOST. It looks like the effect of same refactoring as in #1490606 , but for forward instead show. I attach three screensots. _Keywords: mime, forward, eml_ _Migrated-From: http://trac.roundcube.net/ticket/1490607_ ieee_logicData control_flow
#4939 On forward only one attachment of forwarded message is visible _Reported by @alecpl on 16 Dec 2015 12:19 UTC as Trac ticket #1490608_ Steps: 1. Find a message with at least two attachments 2. Click Forward in inline mode 3. See only one attachment on the list This has something to do with rcube_session->append() which we use in rcmail_save_attachment(), the rcube_session::reload() method called from the append() and maybe the fact we use $COMPOSE var as a reference to $_SESSION array element. This bug is new in 1.2. _Migrated-From: http://trac.roundcube.net/ticket/1490608_ ieee_logicData control_flow
#4943 Please exclude .well-known/acme-challenge directory from rewrite protection _Reported by mbiebl on 18 Dec 2015 22:54 UTC as Trac ticket #1490615_ Let's encrypt provides a plugin called webroot, which places a token file at .well-known/acme-challenge/$token The rewrite rule shipped by roundcube in .htaccess breaks that. I suggest excluding the .well-known/acme-challenge/ folder from the access protection: ``` RewriteRule ^(?!installer|.well-known/acme-challenge/|[- [F](a-f0-9]{16})(\.?[^\.]+)$) ``` Related to that, it would be great if trac.roundcube.net would use https. _Migrated-From: http://trac.roundcube.net/ticket/1490615_ ieee_logicData control_flow
#4945 Roundcube Security Vulnerability Notification _Reported by htbridge on 21 Dec 2015 23:03 UTC as Trac ticket #1490620_ Hello, High-Tech Bridge Security Research Lab has discovered security vulnerability in Roundcube. Preview available here: https://www.htbridge.com/advisory/HTB23283 Developers can contact us by email for details: advisory (at) htbridge.com For any questions related to this notification message - please visit our General Information & Disclosure Policy page: https://www.htbridge.com/advisory/disclosure_policy.html Best regards, High-Tech Bridge Security Research Lab _Keywords: security_ _Migrated-From: http://trac.roundcube.net/ticket/1490620_ ieee_logicData control_flow
#4946 No way to specify no authentication for SMTP connection. _Reported by PreZ on 24 Dec 2015 05:49 UTC as Trac ticket #1490621_ If I am writing (or in this case, modifying) a plugin that has to send an email. And that email is going to go out with a different user (in this case, the email is coming from webmaster@domain not myuser@domain). When making the SMTP connection to send this email, I have to NOT specify a user or password, ie. I don't want to authenticate. However, if by default (ie. when sending an email as myuser@domain) I WOULD authenticate, the SMTP code for Roundcube will not let me NOT authenticate. So for example, if I have the following code: ``` $smtp = new rcube_smtp(); $smtp->connect($rcmail->config->get('default_smtp_server'), $rcmail->config->get('default_smtp_port'), $rcmail->config->get('default_smtp_user'), $rcmail->config->get('default_smtp_pass')); $rc = $smtp->send_mail($from, $to, $headers, $msg_body); $smtp->disconnect(); ``` And in this case, default_smtp_user and default_smtp_pass are set to "" (empty strings, NOT null), they would be treated equivalent to null, and the default SMTP user/pass (ie. the user/pass for myuser@domain) would be used. Even if, for example, I was talking to a different SMTP server on a different port. I have patched around this issue with the following code: ``` --- a/program/lib/Roundcube/rcube_smtp.php 2015-12-23 21:36:17.666286254 -0800 +++ b/program/lib/Roundcube/rcube_smtp.php 2015-12-23 21:14:28.680457109 -0800 @@ -61,8 +61,8 @@ $CONFIG = $rcube->plugins->exec_hook('smtp_connect', array( 'smtp_server' => $host ? $host : $rcube->config->get('smtp_server'), 'smtp_port' => $port ? $port : $rcube->config->get('smtp_port', 25), - 'smtp_user' => $user ? $user : $rcube->config->get('smtp_user'), - 'smtp_pass' => $pass ? $pass : $rcube->config->get('smtp_pass'), + 'smtp_user' => !is_null($user) ? $user : $rcube->config->get('smtp_user'), + 'smtp_pass' => !is_null($pass) ? $pass : $rcube->config->get('smtp_pass'), 'smtp_auth_cid' => $rcube->config->get('smtp_auth_cid'), 'smtp_auth_pw' => $rcube->config->get('smtp_auth_pw'), 'smtp_auth_type' => $rcube->config->get('smtp_auth_type'), ``` Since the default value of $user and $pass (as passed into the function) are null, then this code will differentiate null from an empty string. Which will allow me to explicitly NOT authenticate vs. using the default authentication mechanism. _Migrated-From: http://trac.roundcube.net/ticket/1490621_ ieee_logicData control_flow
#4948 session_start(): Session callback expects true/false return value _Reported by implodedok on 28 Dec 2015 12:14 UTC as Trac ticket #1490624_ Using version 1.2-beta (which is not in the version dropdown list here on trac), I get the following warnings in my PHP error log: PHP Warning: session_start(): Session callback expects true/false return value in /var/www/roundcubemail/program/lib/Roundcube/rcube_session.php on line 129 I am running php7 with php-fpm. Roundcube itself seems to work fine. This could be a compatibility issue with php7. _Keywords: php warning session callback_ _Migrated-From: http://trac.roundcube.net/ticket/1490624_ ieee_syntax control_flow
#4949 SVG- Persistent Cross site Scripting _Reported by akhilreni on 29 Dec 2015 11:46 UTC as Trac ticket #1490625_ Hello, Svg images generally contain css, but more importantly javascript. The fact that you can execute JavaScript from inside an image file presents an unexpected vector for XSS attacks. After uploading the following svg file as attachment to an email will execute javascript. <?xml version="1.0" standalone="no"?> <!DOCTYPE svg PUBLIC "-_W3C_DTD SVG 1.1_EN" "http:_www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> <svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg"> <polygon id="triangle" points="0,0 0,50 50,0" fill="#009900" stroke="#004400"/> <script type="text/javascript"> alert(document.cookie); </script> </svg> Steps to reproduce: -Compose email -save the above code as xss.svg -attach the svg file -Check the email -open attachment in new tab -Xss will be triggered. _Migrated-From: http://trac.roundcube.net/ticket/1490625_ ieee_logicData control_flow
#4951 "Add to Dictionary" issue in HTML mode _Reported by @alecpl on 5 Jan 2016 13:54 UTC as Trac ticket #1490634_ The request in which a word is added to spellcheck dictionary in HTML mode does not set the language. This causes that words are stored with language = en, which spellchecking usualy uses different language (e.g. en_US). Looks like TinyMCE issue, but we could also store the last-used language in a session and use it when not provided in a request. _Migrated-From: http://trac.roundcube.net/ticket/1490634_ ieee_interface structural
#4955 IMAP STARTTLS failing with TLSv1.2 only server _Reported by mbeichorn on 14 Jan 2016 05:24 UTC as Trac ticket #1490640_ IMAP server is Dovecot 2.2.21 Roundcube is 1.1.3 PHP is 5.6.17 While performing the IMAP test using the installer, step 3 installer test reports: ``` IMAP connect: NOT OK(Login failed for ike from 10.0.1.0(X-Real-IP: 192.168.2.2,X-Forwarded-For: 192.168.2.2). Unable to negotiate TLS) ``` roundcube imap log: ``` [22:56:38 -0500](13-Jan-2016): <lsdh5ojl> [S: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED](0A9A]) Dovecot ready. [22:56:38 -0500](13-Jan-2016): <lsdh5ojl> [C: A0001 STARTTLS [13-Jan-2016 22:56:38 -0500](0A9A]): <lsdh5ojl> [0A9A] S: A0001 OK Begin TLS negotiation now. ``` imap server log: ``` Jan 13 22:56:38 imap dovecot: imap-login: Error: SSL: Stacked error: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol Jan 13 22:56:38 imap dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=10.0.1.11, lip=10.0.1.9, TLS handshaking: SSL_accept() failed: Unknown error, session=<KiERRkMp6PYKAAEL> ``` IMAP server (Dovecot) is configured for TLSv1.2 only. I was able to force TLSv1.2 with the following diff: ``` diff --- program/lib/Roundcube/rcube_imap_generic.php.bak 2016-01-13 23:04:48.258176423 -0500 +++ program/lib/Roundcube/rcube_imap_generic.php 2016-01-13 23:05:21.498171055 -0500 @@ -910,7 +910,7 @@ return false; } - if (!stream_socket_enable_crypto($this->fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT)) { + if (!stream_socket_enable_crypto($this->fp, true, STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT)) { $this->setError(self::ERROR_BAD,"Unable to negotiate TLS"); $this->closeConnection(); return false; ``` However http://php.net/manual/en/migration56.openssl.php indicates that STREAM_CRYPTO_METHOD_TLS_CLIENT should work for any version of TLS. Unfortunately it is not working in this case. _Migrated-From: http://trac.roundcube.net/ticket/1490640_ ieee_interface structural
#4956 random "access to this resource is secured against CSRF" message at logout _Reported by telnetsrl on 15 Jan 2016 14:26 UTC as Trac ticket #1490641_ After upgrading my PHP (and forgetting to load the openssl module) very often instead of logging out correctly I get the CSRF warning message. It's pretty gross how I nailed it, but adding ``` echo ("ST $sess_tok<br>TK $token"); ``` just before ``` if (empty($sess_id) || $token != $sess_tok) { ``` in program/lib/Roundcube/rcube.php I was able to quickly understand why the comparison was failing: ``` ST Bla$=BlahBlahBlahBlahBla+=BlahBl TK Bla$=BlahBlahBlahBlahBla =BlahBl ST Bla_$Bla_BlahB*Blah&%Blah&BlahBl TK Bla_$Bla_BlahB*Blah ``` Instead of auditing lots of lines of code seeking for a perfect encode/decode path, the most immediate fix is to generate random bytes that encode to themselves (or to load mod_openssl.so in php :) Here is my proposed patch, regards _Keywords: csrf token urldecode openssl_ _Migrated-From: http://trac.roundcube.net/ticket/1490641_ ieee_logicData control_flow
#4957 Protect attachment downloads against CSRF _Reported by @thomascube on 16 Jan 2016 16:36 UTC as Trac ticket #1490642_ Message attachments are downloaded via GET requests (with `_download=1`) and therefore can be triggered by a 3rd party site with guessed URLs and an active session in the victims browser. While this doesn't disclose any data to the attacker site, it triggers unwanted file downloads and puts load on the server as well as fills the victims disk if executed repeatedly. We already have CSRF protection means with session-based request tokens. Requiring such tokens on download urls would add the necessary protection against these unwanted downloads. _Migrated-From: http://trac.roundcube.net/ticket/1490642_ ieee_logicData control_flow
#4958 CVE-2015-2181 not fixed! _Reported by malwared on 20 Jan 2016 17:17 UTC as Trac ticket #1490643_ Hi guys, i really hope that was just mistake, misunderstanding... Issue still effects the product. http://trac.roundcube.net/changeset/7c96646de0efda16cded8491138bfefe31aca940/github/plugins/password/helpers/chgdbmailusers.c _Keywords: buffer,overflow, badfix_ _Migrated-From: http://trac.roundcube.net/ticket/1490643_ ieee_logicData control_flow
#4964 Reply All: doesn't work when To: or Cc: line is folded by Outlook/Exchange _Reported by dpc22 on 1 Feb 2016 11:58 UTC as Trac ticket #1490653_ https://tools.ietf.org/html/rfc5322 2.2.3.Long Header Fields says: ``` Note: Though structured field bodies are defined in such a way that folding can take place between many of the lexical tokens (and even within some of the lexical tokens), folding SHOULD be limited to placing the CRLF at higher-level syntactic breaks. ``` Sadly it looks like Outlook/Exchange ignores this SHOULD requirement, and can generate a To: header which looks like: ``` To: "David Carter @ CAM" <[email protected]>,"David Carter @ CAM" <[email protected]> ``` with a CRLF+TAB sequence before the first "<". All very well until I try to reply to such a message using Roundcube 1.0.8. While it looks okay in the editor, Exim complains: ``` unqualified recipient rejected: <"David Carter @=CAM"> ``` when I click "send". My suspicion would be that the CRLF has leaked somehow into the SMTP line recipient list, but I'm not quite sure where to look. I will attach a raw RFC 5322 message as a test case. We are using Cyrus 2.4(.17) as the mailstore: I don't know if that is significant. _Migrated-From: http://trac.roundcube.net/ticket/1490653_ ieee_logicData control_flow
#4967 Hide DSN and MDN options in settings if not supported _Reported by @thomascube on 22 Feb 2016 20:11 UTC as Trac ticket #1490666_ As requested in ticket #1490221 the checkboxes for requesting MDN and DSN are hidden fro the compose screen but one can still set the global options for "Always request a return receipt" and "Always request a delivery status notification". This leads to confusion amongst users. For consistency reasons, these options should be hidden with the same rule as in the compose template: `config:smtp_server != ''` _Migrated-From: http://trac.roundcube.net/ticket/1490666_ ieee_logicData control_flow
#5106 timezone detection not working without login form _Reported by tomsommer on 17 May 2014 16:35 UTC as Trac ticket #1489900_ Timezone detection will not work when set to 'auto', if login is done by a plugin without displaying the default login form. This is because detection is currently only done during the login - so the call to jstz never happens. To fix this, timezone detection should be done in the app itself and not only during login. It would also be nice if a fallback was put in place to PHP's default timezone, if timezone detection fails for any reason. _Keywords: timezone,jstz_ _Migrated-From: http://trac.roundcube.net/ticket/1489900_ ieee_logicData control_flow
#5115 Skin extending only works for templates, not for assets _Reported by mgrum on 1 Aug 2014 10:03 UTC as Trac ticket #1490013_ The documentation at [says that using the skin extending mechanism "basically adds the base skin folder to the search path for templates and assets". However, in reality this only seems to work for templates, not for assets like CSS files and images. I think this really limits the usefulness of the extending mechanism. Fortunately, this is really easy to fix: ``` @@ -658,7 +658,8 @@ class rcmail_output_html extends rcmail_output // correct absolute paths if ($file[0](http://trac.roundcube.net/wiki/Doc_Skins#Extendingskins]) == '/') { - $file = $this->base_path . $file; + $this->get_skin_file($file, $skin_path); + $file = $skin_path . $file; } // add file modification timestamp ``` _Migrated-From: http://trac.roundcube.net/ticket/1490013_ ieee_logicData control_flow
#5148 Plugin install process still completely broken _Reported by DigiAngel on 30 Dec 2015 19:31 UTC as Trac ticket #1490628_ The plugin process for Roundcube is still completely broken. Per the install at [every change to composer.json run php composer.phar install to download and install all dependencies. Out of the box (so to speak) I see this: [12:05:21 gateway64:/var/www/html/roundcubemail$](plugins.roundcube[.]net/]: After) php composer.phar install All settings correct for using Composer Downloading... Composer successfully installed to: /var/www/html/roundcubemail/composer.phar Use it: php composer.phar [gateway64:/var/www/html/roundcubemail$](12:05:34) php composer.phar install Loading composer repositories with package information Initializing PEAR repository pear.php[ [RuntimeException](.]net ) Failed to execute git clone --mirror 'git.kolab['/home/jlay/.composer/cache/vcs/https---git.kolab.org-diffusion-PNL-php-net-ldap[.](.]org/diffusion/PNL/php-net_ldap.git')git/' Cloning into bare repository '/home/jlay/.composer/cache/vcs/https---git.kolab.org-diffusion-PNL-php-net-ldap.git'... fatal: unable to access 'git.kolab[server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none install [--prefer-source](.]org/diffusion/PNL/php-net_ldap.git/':) [[--dry-run](--prefer-dist]) [[--no-dev](--dev]) [[--no-custom-installers](--no-plugins]) [[--no-scripts](--no-autoloader]) [[-v|vv|vvv|--verbose](--no-progress]) [[-a|--classmap-authoritative](-o|--optimize-autoloader]) [[--](--ignore-platform-reqs]) [have to delete out: ``` { "type": "vcs", "url": "git.kolab[.](<packages>]... ``` I)org/diffusion/PNL/php-net_ldap.git" } to get this to work. Interestingly enough, wgetting the file works fine: [gateway:~$](12:16:53) wget git.kolab[12:16:57-- git.kolab[.](.]org/diffusion/PNL/php-net_ldap.git --2015-12-30)org/diffusion/PNL/php-net_ldap.git Resolving git.kolab.org (git.kolab[95.128.36.55 Connecting to git.kolab.org (git.kolab[.](.]org)...)org)|95.128.36.55|:443... connected. HTTP request sent, awaiting response... 200 OK Length: unspecified [to: php-net_ldap.git ``` [ ](text/html] ``` Saving) 11,812 --.-K/s in 0.005s 2015-12-30 12:16:58 (2.32 MB/s) - php-net_ldap.git saved [11812] _Migrated-From: http://trac.roundcube.net/ticket/1490628_ ieee_otherBuildConfigInstall non_functional
#5192 Roundcube does not create or subscribe to the Trash folder Following #2900, Roundcube should "create Sent/Draft/Trash folders when it needs them". I tested this and it is only true for Sent and Draft. It does not create the Trash folder and also fails to subscribe to it. ieee_logicData control_flow
#5197 str_replacement display error Not really sure, if this is a roundcube error. 1. Add a string `[email protected]` to the body of a mail. 2. Send mail. 3. Text ist displayed as `ttt@##str_replacement_0##`. This does not happen with `[email protected]`. ieee_logicData control_flow
#5218 RC internals question - contacts->get_record() and stale results If I call rcmail_contacts->get_record() with ID that is either non-existent, or deleted, I get stale results from previous query (if any). Workaround: Using rcmail_contacts->reset() before that restores expected behaviour. Is this by design for some reason, or is the design just bad (not necessarily by itself, but not matching what one would expect from it by looking at class method names)? Tnx for clarification, b. ieee_logicData control_flow
#5235 Mailvelope encryp button appears when switching editor type On hosts where the Mailvelope plugin API is not available/activated, the "Encrypt" toolbar button wrongly appears when switching editor type. Steps to reproduce: 1. Compose a new plaintext message - button is not visible 2. Switch editor to HTML - button appears inactive 3. Switch editor to plain again - button becomes active Clicking on the button results in a JS error (mailvelope is not defined) and asks to reload the compose page. ieee_interface structural
#5240 Map Area- Persistent XSS Vulnerability in mail content page,please confirm. Steps to reproduce: -Compose email content via HTML mode.You can use email sending tool or other webmail to send it.The HTML content is below: `<img src=# usemap=#foo width=100%><map name="foo"><area href=javascript:alert(document.domain) shape=default>` -Send the mail to roundcube mail system -Log in to roundcube mail system and open the mail received -Click the area near the image in the content.The xss will be triggered The vulnerability can be triggered in Chrome,Firefox,Safari. The testing roundcube webmail version is 1.1.5.Link is below: https://github.com/roundcube/roundcubemail/releases/download/1.1.5/roundcubemail-1.1.5-complete.tar.gz The test screenshot link:http://pan.baidu.com/s/1nvQt9Eh ieee_logicData control_flow
#5245 Sent messages are lost if they cannot be stored immediately Today I've sent a message through RoundCube mail. The message could be sent out through SMTP (according to the mail logs on the server) but the IMAP server had a problem, dropping client connections. RC did show error messages, but it lost the message I wrote. I didn't have a chance to fix the server and have the message stored again. Thunderbird does this, for example. If a message could not be stored to the IMAP server Sent folder, it asks me to try again. RC should do the same. ieee_logicData control_flow
#5253 'application/x-tar' => 'tar' not in default nginx mime.types file #### Version: Roundcube 1.2-rc This causes the check in installer.php to fail with "Mimetype to file extension mapping: NOT OK" (Using stock config otherwise - it picked up the file fine) If I added this file below the check passed: ``` application/x-tar tar; ``` This was nginx version: openresty/1.9.7.4 (which is nginx 1.9.7) compiled from source. ieee_otherBuildConfigInstall non_functional
#5259 Multi-folder search does not work properly for INBOX Hello When using the quicksearchbar in the mail view, there is an option to search in "this and subfolders". This works perfectly for normal folders, but (at least in my case) does not work for the INBOX folder. It only returns results from subfolders, but not from the INBOX folder itself. I have not yet found out if this is a general problem that always happens or if there is anything special needed to trigger it (maybe someone can try to reproduce it?). I will do some more testing next week. I am using Roundcube 1.1.5. ieee_logicData control_flow
#5264 XSS vuln in body, position:fixed style escapes message element Possible to escape message element by setting style `position:fixed`. The end results range from annoyance from blocked navigation elements, to possible click jacking. Simple POC; send email with content `<p style="position: fixed; margin: 0px; top: 0px; left: 0px;">XSS</p>` Works on Classic and Lenny themes, and on the print page, as seen on the attached screenshots. Tested on Roundcube versions 1.1.4 and 1.2.0, on Firefox and Chrome. ![xss](https://cloud.githubusercontent.com/assets/1518025/15470912/7e2c7a5c-20f3-11e6-9d03-51a06307ba7c.png) Above you may see the text `XSS` in the top left corner. ieee_logicData control_flow
#5269 Copyright 2015 I just update to Roundcube 1.2.0, after login to webmail I click About > Roundcube Webmail 1.2.0 > Copyright © 2005-2015, The Roundcube Dev Team Don't we need to change these Copyright to 2005-2016? ieee_description non_functional
#5282 Multi-folder search can choose a wrong folder in "this and subfolders" scope Consider you have folders of name "test","test2","test3", etc. If you select folder "test" and search in "this and subfolders" the searching will be in all folders starting with "test", i.e. "test2 and test3 in this case. We have to modify list_folders_subscribed() arguments in mail/search.inc. ieee_logicData control_flow
#5287 Upgrade: Make sure lib directory contains only Roundcube dir People upgrading from 1.0 are having issues because some older libraries are used instead of these installed in /vendor directory. Installer script should remove everything except Roundcube directory from inside the lib directory. ieee_otherBuildConfigInstall non_functional
#5289 Syslog ID problem When using syslog as log driver, the application is not calling the function closelog() at the end of the script. This is causing the problem that the same apache thread used to execute the script will continue using the same Syslog ID set by the appication ("roundcube" by default) instead of the standard one ("apache2"). Calling closelog() before the end of the script should fix the problem. ieee_logicData control_flow
#5291 Contact entries with multiple e-mail addresses not recognized as "known senders" Since upgrading to Roundcube 1.2.0, contact entries with multiple e-mail addresses don't seem to be recognized as "known senders". Although I have the "Display remote inline images" configuration parameter set to "from known senders", I'm always getting the warning message bar (To protect your privacy, remote images are blocked in this message.) when viewing their e-mail content. Clicking the "Always show images from..." button will add them as a separate contact entry in the address book although that particular e-mail address is already listed in a separate (previous) contact object. ieee_logicData control_flow
#5309 Copy-pasted text (from Word) converted to an image in TinyMCE Hi there, i am focusing with the following issue: I am using a mac with office word (15.22). When opening the roundcube mail editor in chrome and want to copy a formatted text from word to the editor, the text will get converted into Image/png eg. Word: Hello This is a test will get converted to <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAcUAAAA7CAYAAAAKLpFZAAAFwklEQVR4Ae3dO6xtQxwH4B+uR4hXQUFDcxWCwqvRqjwaGomEECSiE2p6rQjRSSSUHhFRSVQoJCoiHgkFCq94P/OLmZuVc/be9+SSc8/mm2TfPXtm1jqzvlv8M7PWmkkkAgQIECBAgAABAgQIECDwbwlcl+TUcbKb/q2TOg8BAgQIEDieAick+TPJiYtO3J/kocXvVdkec3gct/P4Ve2VESBAgACBAy2wDITLjp6RpJ9N6eskv4yAuqmdOgIECBAgsBUCy6D4x6LH3y/y543A19HgRztGlItmR7IvLtofbbR55CAZAgQIECBwEATm9OnrSRrQZlCbAa3BcN4zfHLUt99fJbkoyTy+AfaxERB7r7F1Pfayg3CR+kCAAAECBI4mcGjRoAHtxyQ/JTlrlM8HaW5McmWSC5I0vy49mOTyJD8n+TjJS0luSfLuugOUEyBAgACBgyKwDIodIc70XJLzk5wyCp5J8k2SZ5PcNRut+O59xgbEZVpOxS7L5QkQIECAwIESWN5TXObnQzbfjd6eO0Z7Hyb5bcMVvJHk1TGl2nuRHVU2kEoECBAgQODACywD4brOdjr0hXF/8Nck169rmOTWJOck6UM7XyR5OMlnG9qrIkCAAAECWymwlwA6L6wP30gECBAgQIAAAQIECBAgQIAAAQIECBAgQIAAAQIECBAgQIAAAQIE/hcCF45VaVZd7F4futlru1V/QxkBAgQIENhXgQatLsXWT5dt66f5rnF6T5IHVvSmy7f9voc1UPfabsWfUESAAAECBPZfoEGxS7r1Zf3nk7wy8pcm6Uo0n6/o0idJLh7vIq6oPlK013ZHDpAhQIAAAQLHU6BBsavW/JDkgyTvj3x/Nyh2X8U5emx+po4k+y7iXPS7o8s7Z+Xie7Zr23cWo9Kd7zHOhcR7ni46LhEgQIAAgX0XONo9vwa9a8ci34/vmDJtYGvQu3kEyJfX9L7t7khy9mjXUebO1OXjTkpyWpJ7k/R+pkSAAAECBPZVYFNQ7JTqo2P0uG6Xi6fGEnDdWurLDT1/bYwqOyL8dIwYl82fSHJDkrtH4cnLSnkCBAgQILAfApuC4vLv75zunHX3Jbl6BMZOj65LXf+09y4vSdL1U09fNOy5u1bqbUneXJTLEiBAgACBfRXYa1Bc16mrkrw9AuMV6xqNUWL3apybFXfXjZm6gHjT7UneG3lfBAgQIEBg3wX+aVB8ekyFvjXuLa67gGvGCLEP0nTj4eXOGX2Qp2V9zePbdSdQToAAAQIEtkFg3dTqqr5varupbtW5lBEgQIAAAQIECBAgQIAAAQIECBAgQIAAAQIECBAgQIAAAQIECBAgQIAAAQIECBAgQIAAAQIEjrPAsa412vccj/XY43zJ/jwBAgQIENgt0PcD+1L9sbzIP3fJ2H1WJQQIECBAYAsFutNFg2I/r4/+dxuoWfbIKJsBsOWtP2/RpmWtlwgQIECAwFYLdB3SBrUGuUNjOrS/zxxbPTXfKdJ+z7VL27bpulHeBb6tSDNQfBEgQIDA9grM6dMZ1LqZcANgR4j9NP/Q2Px3GRh7xTNYbu/V6zkBAgQIEFgI9F5ig928p9gA2N+Hk1w2vjuCbOquGK2b20Q1KHZBb4kAAQIECPxnBBroGvAaGBsI+7vTp02dXm1QbH3TDIzNz/uMrZ8jzb9b+ZcAAQIECGypwBwdvjj6/9gIjA2O/TQwdnQ4f897iw2EHSm23IM2W/qfr9sECBAgsFtg50ivv1eV7T5yd7tVbZQRIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAAAECBAgQIECAwFqBvwAHn7EHx1HH1AAAAABJRU5ErkJggg==" alt="" /> Actually, in this editor the same thing is happening :( Can anyone help me? Thanks Cheers Arthur ieee_interface structural
#5319 Plugin installation via composer removes pear The default install of roundcube comes with pear/pear-core-minimal. This is however missing from composer.json, meaning, once compser runs to install plugins, PEAR is removed, which obviously breaks roundcube. Could this be added to default composer.json file? ieee_otherBuildConfigInstall non_functional
#5357 Cannot download attachment-only message I received a DMARC report from Google, in an e-mail that only contains a zip file, no other content whatsoever: ``` Content-Type: application/zip; name="google.com!tubul.net!1468281600!1468367999.zip" Content-Disposition: attachment; filename="google.com!tubul.net!1468281600!1468367999.zip" ``` Roundcube doesn't let me download the zip file: the message panel shows the header, but no content or list of files, so no way to download the attachment. Disabling all plugins, using another theme, or opening the message in a new window doesn't help. Forwarding the message works: it includes the attachment and adds some text content, and I can download the attachment from the forwarded message. Steps to reproduce: 1) Receive a message that consists solely of a single attached zip file (I don't know how to send one of these, and forwarding it adds content, so doesn't reproduce the issue) 2) View the message Actual result: -> See an empty panel, with no way to download the attachment Expected result: -> See an empty panel and the list of attached files or -> See a message indicating that there was no text content, and the list of attached files Software versions: Roundcube Webmail 1.3-git [GIT 20160701.1012] revision 3d9e170d8b2aed545749a86028d4e17758f562c1 Apache/2.4.10 PHP 7.0.8-1~dotdeb+8.1 PostgreSQL 9.4.8 Message: [message.eml.txt](https://github.com/roundcube/roundcubemail/files/362191/message.eml.txt) ![screenshot](https://cloud.githubusercontent.com/assets/2941436/16815338/ba75c978-4939-11e6-8c74-6e7d8e30a545.png) ieee_logicData control_flow
#5360 localization error (de_DE, de_CH) $labels['open'] = 'Offen'; has to be $labels['open'] = 'Öffnen'; in the meaning of "to open an attachment"; maybe you have to add an additional label, if 'Offen' is used elsewhere. ieee_interface structural
#5363 html2text doesn't work when blockquote tag includes upper case letter such as <BlockQuote> I just saw _convert_blockquotes(&$text) function in rcube_html2text class. ``` php while (($start = strpos($text, '<blockquote', $offset)) !== false) { $offset = $start + 12; do { $end = strpos($text, '</blockquote>', $offset); $next = strpos($text, '<blockquote', $offset); ``` Should use `stripos` ? https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube_html2text.php ieee_logicData control_flow
#5376 Regression in resizing JPEG images with Imagick Since #5351 generating thumbnails for JPEG images does not work. `$image->setImageAlphaChannel(11);` throws exception when working on images without alpha channel support. ieee_interface structural
#5385 message-id domain part tied to username instead of current identity Currently function gen_message_id() is using $domain_part = $this->user->get_username('domain'), which in setup with usernames in form [email protected] is always yielding example.com as message-id domain part. If user has multiple identities with different domains she is disclosing her primary domain name in every e-mail. Emails sent from identity [email protected] has message-id [email protected] if username is [email protected]. Message-id should be taking domain part from selected identity. ieee_logicData control_flow
#5401 calling Auth_SASL::factory() w/ Auth_SASL 1.0.6 Hi, I'm getting deprecation warnings for Auth_SASL::factory(): ``` PHP Deprecated: Non-static method Auth_SASL::factory() should not be called statically in /usr/share/roundcubemail/program/lib/Roundcube/rcube_imap_generic.php on line 578 ``` this should fix it: ``` diff --- roundcubemail-1.2.1/program/lib/Roundcube/rcube_imap_generic.php.nonstatic +++ roundcubemail-1.2.1/program/lib/Roundcube/rcube_imap_generic.php @@ -575,7 +575,7 @@ class rcube_imap_generic $user = ''; } - $auth_sasl = Auth_SASL::factory('digestmd5'); + $auth_sasl = (new Auth_SASL)->factory('digestmd5'); $reply = base64_encode($auth_sasl->getResponse($authc, $pass, base64_decode($challenge), $this->host, 'imap', $user)); ``` Kind regards Philippe ieee_syntax control_flow
#5403 Can't create folder in root After upgrading to 1.2.1, I can't create mail folders unless I specify a parent folder. Steps to recreate: 1. Settings 2. Folders 3. \+ (Create new folder) 4. Type in a folder name 5. Leave parent folder as "---" 6. Click "Save" Result is an error message: "An error occurred while saving." If you follow the same steps, but specify a parent folder, e.g., INBOX, it works. But, this causes a problem if, for example, you want to create a folder called "spam" in the root for SpamAssassin. ieee_logicData control_flow
#5413 Messages selection is not reset on messages list reload Steps: 1. Search any messages in INBOX. 2. Select all messages in the folder (search result). 3. Click the INBOX folder on folders list. This will reset search and display all messages in INBOX. Current result: All messages are selected. Expected result: All messages are NOT selected. ieee_logicData control_flow
#5420 Warning: strpos(): Empty needle folders.inc on line 333 when the IMAP server response to NAMESPACE is e.g.: ``` * NAMESPACE (("INBOX." ".")) (("user." ".")) (("" ".")) ``` The empty prefix of shared namespace looks invalid, but I saw this a couple of times already. ieee_syntax control_flow
#5424 app.js should select treelist.js mailbox after navigation 1) problem: when a plugin does `redirect` , for example: ``` // plugin php: function select_folder($name) { $rcmail = rcube::get_instance(); $output = $rcmail->output; $location = '?' . '_task=mail' . '&' . '_mbox=' . urlencode($name); $output->command('redirect', $location); $output->send(); } ``` or, when testing mailbox navigation manually: ``` from some current folder: http://roundcube/?_task=mail&_mbox=path-1/to/mailbox-1 to some other location: http://roundcube/?_task=mail&_mbox=path-2/to/mailbox-2 ``` the target mailbox does become active in the ui, and message list does reflects the changed content, however the folder widget `treelist.js` does not show/scroll to the new folder in the view 2) work around: ``` // plugin js: rcmail.addEventListener('init', function(param) { function select_folder() { if (rcmail.busy) { window.setTimeout(select_folder, 100); } else { var target = rcmail.env.mailbox; if (target) { rcmail.select_folder(target); } } } switch (param.task) { case 'mail': select_folder(); break; } }); ``` 3) proper solution this functionality should be in the core ieee_logicData control_flow
#5426 div id="topline" should not flicker on page reload 1) problem: `includes/header.html` + `ui.js` produces the following behavior of the ui top line element: when user activates `class="minmodetoggle"` then `div id="topline"` becomes hidden, however on any page navigation or page reload, the `div id="topline"` element will briefly be shown again, before it gets hidden, i.e. it is "flickering" 2) solution: `ui.js` logic should be more flexible ieee_interface control_flow
#5439 Primary Keys missing for some tables When using roundcube with a galera cluster, all tables need to have a primary key, see for example here: https://mariadb.com/kb/en/mariadb/mariadb-galera-cluster-known-limitations/ The following tables have no primary key: cache cache_shared dictionary If there is no possibiltiy to use one of the existing fields as primary key, an AUTO_INCREMENT column could be added easily. ieee_interface structural
#5440 MIsleading error message when accessing disabled action When a user accesses one of disabled_actions he's presented with the same error page that we use for CSRF prevention error. While it's a rare situation we should display a better error. ieee_logicData control_flow
#5447 Folders list scrolls to top when clicking subscription checkbox Looks like some regression. ieee_logicData control_flow
#5448 GB2312 encoding is not properly supported Messages that use GB2312 encoding are not properly converted to UTF-8. This is the case when iconv module is not installed (we do not require it) and caused by the fact that this encoding name is not returned by mb_list_encodings(), but supported by mb_convert_encoding(). Fix has been already commited in 42ddfe5ec9f0 and need to be backported to 1.2. ieee_standards control_flow
#5452 max_packet prevents >2MB cache data In [rcube_cache.php](https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube_cache.php#L637) there is a function called max_packet_size. With a variable max_packet set to 2MB as default/max. This function prevents saving attachments bigger than 2MB into the caching mechanism when using the database_attachments plugin. This plugin uses the rcube_cache, which (in my setup) is set to use memcache with max item size of 5MB. Apparently the holy grail to define what $this->max_packet should be for memcache, is dividing the remaining amount of free memory by 5 and see if it's smaller than 2MB? Looks arbitrary to me. The same applies on the 'apc' mechanism. The 'db' mechanism is setup correctly. ieee_logicData control_flow
#5460 create_default_folders not functioning without prefix in 1.2.2, works in 1.2.1. We have this set in our config.inc.php ``` $config['default_folders'] = array('INBOX', 'Drafts', 'Sent', 'Spam', 'Trash'); $config['create_default_folders'] = true; ``` In version 1.2.1 these folders were automatically created during first login, but this does not work in 1.2.2 any longer. This is what I get in the logs with imap-logging enabled: Version 1.2.1: ``` 9 [05-Oct-2016 11:41:42 +0200]: <5qnqf6fd> [BA41] S: A0002 OK Logged in 10 [05-Oct-2016 11:41:42 +0200]: <5qnqf6fd> [BA41] C: A0003 NAMESPACE 11 [05-Oct-2016 11:41:42 +0200]: <5qnqf6fd> [BA41] S: * NAMESPACE (("INBOX." ".")) NIL NIL 12 [05-Oct-2016 11:41:42 +0200]: <5qnqf6fd> [BA41] S: A0003 OK Namespace completed. 13 [05-Oct-2016 11:41:42 +0200]: <5qnqf6fd> [BA41] C: A0004 LIST "" INBOX.Drafts 14 [05-Oct-2016 11:41:42 +0200]: <5qnqf6fd> [BA41] S: A0004 OK List completed. 15 [05-Oct-2016 11:41:42 +0200]: <5qnqf6fd> [BA41] C: A0005 CREATE INBOX.Drafts 16 [05-Oct-2016 11:41:42 +0200]: <5qnqf6fd> [BA41] S: A0005 OK Create completed. 17 [05-Oct-2016 11:41:43 +0200]: <5qnqf6fd> [BA41] C: A0006 SUBSCRIBE INBOX.Drafts 18 [05-Oct-2016 11:41:43 +0200]: <5qnqf6fd> [BA41] S: A0006 OK Subscribe completed. 19 [05-Oct-2016 11:41:43 +0200]: <5qnqf6fd> [BA41] C: A0007 LIST "" INBOX.Sent 20 [05-Oct-2016 11:41:43 +0200]: <5qnqf6fd> [BA41] S: A0007 OK List completed. 21 [05-Oct-2016 11:41:43 +0200]: <5qnqf6fd> [BA41] C: A0008 CREATE INBOX.Sent 22 [05-Oct-2016 11:41:43 +0200]: <5qnqf6fd> [BA41] S: A0008 OK Create completed. 23 [05-Oct-2016 11:41:43 +0200]: <5qnqf6fd> [BA41] C: A0009 SUBSCRIBE INBOX.Sent 24 [05-Oct-2016 11:41:43 +0200]: <5qnqf6fd> [BA41] S: A0009 OK Subscribe completed. 25 [05-Oct-2016 11:41:43 +0200]: <5qnqf6fd> [BA41] C: A0010 LIST "" INBOX.Spam 26 [05-Oct-2016 11:41:43 +0200]: <5qnqf6fd> [BA41] S: A0010 OK List completed. 27 [05-Oct-2016 11:41:43 +0200]: <5qnqf6fd> [BA41] C: A0011 CREATE INBOX.Spam 28 [05-Oct-2016 11:41:43 +0200]: <5qnqf6fd> [BA41] S: A0011 OK Create completed. 29 [05-Oct-2016 11:41:43 +0200]: <5qnqf6fd> [BA41] C: A0012 SUBSCRIBE INBOX.Spam 30 [05-Oct-2016 11:41:43 +0200]: <5qnqf6fd> [BA41] S: A0012 OK Subscribe completed. 31 [05-Oct-2016 11:41:43 +0200]: <5qnqf6fd> [BA41] C: A0013 LIST "" INBOX.Trash 32 [05-Oct-2016 11:41:43 +0200]: <5qnqf6fd> [BA41] S: A0013 OK List completed. 33 [05-Oct-2016 11:41:43 +0200]: <5qnqf6fd> [BA41] C: A0014 CREATE INBOX.Trash 34 [05-Oct-2016 11:41:43 +0200]: <5qnqf6fd> [BA41] S: A0014 OK Create completed. 35 [05-Oct-2016 11:41:43 +0200]: <5qnqf6fd> [BA41] C: A0015 SUBSCRIBE INBOX.Trash 36 [05-Oct-2016 11:41:43 +0200]: <5qnqf6fd> [BA41] S: A0015 OK Subscribe completed. 37 [05-Oct-2016 11:41:43 +0200]: <pek4l7i6> [BA41] C: A0016 LOGOUT 38 [05-Oct-2016 11:41:43 +0200]: <pek4l7i6> [BA41] S: * BYE Logging out 39 [05-Oct-2016 11:41:43 +0200]: <pek4l7i6> [BA41] S: A0016 OK Logout completed. ``` Version 1.2.2: ``` 9 [05-Oct-2016 11:34:25 +0200]: <t1rlfvhg> [2ADF] S: A0002 OK Logged in 10 [05-Oct-2016 11:34:25 +0200]: <t1rlfvhg> [2ADF] C: A0003 NAMESPACE 11 [05-Oct-2016 11:34:25 +0200]: <t1rlfvhg> [2ADF] S: * NAMESPACE (("INBOX." ".")) NIL NIL 12 [05-Oct-2016 11:34:25 +0200]: <t1rlfvhg> [2ADF] S: A0003 OK Namespace completed. 13 [05-Oct-2016 11:34:25 +0200]: <t1rlfvhg> [2ADF] C: A0004 LIST "" Drafts 14 [05-Oct-2016 11:34:25 +0200]: <t1rlfvhg> [2ADF] S: A0004 OK List completed. 15 [05-Oct-2016 11:34:25 +0200]: <t1rlfvhg> [2ADF] C: A0005 CREATE Drafts 16 [05-Oct-2016 11:34:25 +0200]: <t1rlfvhg> [2ADF] S: A0005 NO Client tried to access nonexistent namespace. (Mailbox name should probably be prefixed with: INBOX.) 17 [05-Oct-2016 11:34:25 +0200]: <t1rlfvhg> [2ADF] C: A0006 LIST "" Sent 18 [05-Oct-2016 11:34:25 +0200]: <t1rlfvhg> [2ADF] S: A0006 OK List completed. 19 [05-Oct-2016 11:34:25 +0200]: <t1rlfvhg> [2ADF] C: A0007 CREATE Sent 20 [05-Oct-2016 11:34:25 +0200]: <t1rlfvhg> [2ADF] S: A0007 NO Client tried to access nonexistent namespace. (Mailbox name should probably be prefixed with: INBOX.) 21 [05-Oct-2016 11:34:25 +0200]: <t1rlfvhg> [2ADF] C: A0008 LIST "" Spam 22 [05-Oct-2016 11:34:25 +0200]: <t1rlfvhg> [2ADF] S: A0008 OK List completed. 23 [05-Oct-2016 11:34:25 +0200]: <t1rlfvhg> [2ADF] C: A0009 CREATE Spam 24 [05-Oct-2016 11:34:25 +0200]: <t1rlfvhg> [2ADF] S: A0009 NO Client tried to access nonexistent namespace. (Mailbox name should probably be prefixed with: INBOX.) 25 [05-Oct-2016 11:34:25 +0200]: <t1rlfvhg> [2ADF] C: A0010 LIST "" Trash 26 [05-Oct-2016 11:34:25 +0200]: <t1rlfvhg> [2ADF] S: A0010 OK List completed. 27 [05-Oct-2016 11:34:25 +0200]: <t1rlfvhg> [2ADF] C: A0011 CREATE Trash 28 [05-Oct-2016 11:34:25 +0200]: <t1rlfvhg> [2ADF] S: A0011 NO Client tried to access nonexistent namespace. (Mailbox name should probably be prefixed with: INBOX.) 29 [05-Oct-2016 11:34:25 +0200]: <5qnqf6fd> [2ADF] C: A0012 LOGOUT 30 [05-Oct-2016 11:34:25 +0200]: <5qnqf6fd> [2ADF] S: * BYE Logging out 31 [05-Oct-2016 11:34:25 +0200]: <5qnqf6fd> [2ADF] S: A0012 OK Logout completed. ``` ieee_logicData control_flow
#5466 rcube_imap.delete_folder(): proper sequence currently `rcube_imap.delete_folder()`: https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube_imap.php#L3295 when used for deleting in the middle of the branch, produces errors with dovecot v 2.2.25, and leaves empty 'lost' directories in server file system hierarchy, due to `leaf` delete happening after `stem` delete; proper sequence is "recursive delete tree bottom up" or `leaf` before `stem`, i.e.: https://github.com/random-cuber/contextmenu_folder/blob/master/contextmenu_folder.php#L595 ieee_logicData control_flow
#5467 Content overlaps We have problems with our Roundcube webmail: On some mails the content overlaps, whereby the content is no longer displayed legibly. ![mailprobleme](https://cloud.githubusercontent.com/assets/16290662/19260867/74f67718-8f8d-11e6-8c05-8d1af7b7a7eb.jpg) Is the problem already known? Is there a fix available? Thanks! ieee_logicData control_flow
#5472 IMAP password exposed via error dialog box Error conditions at IMAP server side (such as failure to response because of extremely high machine load) could expose a user's password when the LOGIN command fails and the `"Unable to send command: $request")` string is displayed. https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube_imap_generic.php#L2031 ieee_logicData control_flow
#5474 Changing subscribtion from folder scrolls to beginning of folder list When checking or unchecking a folder from "Settings > Folders" list, the folder list scroll bar is reset to the top. This is annoying when unsubscribing from several folders in a row in a long folder list. This issue happens only the first time the folder list is displayed, then the next selections correctly keep the folder list where it was before changing subscription. Version is 1.2.1, skin is Larry. ieee_logicData control_flow
#5475 Recipient header (To:) is not properly encoded If recipient header contains some diacritics UTF-8 characters they are not sanitized - not converted to quoted string: =?UTF-8?Q?= From and Subject is properly sanitized. I think it is related to some $mailto / $headers['To'] changes in recent version. It results in this error and message is undeliverable: ``` Diagnostic-Code: X-Postfix; SMTPUTF8 is required, but was not offered by host mx1.seznam.cz[77.75.76.42] ``` Works in Roundcube 1.2.0. does not work in 1.2.2. ieee_logicData control_flow
#5479 unknown column created anyone know why column created is missing on table session? this is the warn that i get from roundcube installer. DB Write: NOT OK([1054] Unknown column 'created' in 'field list' (SQL Query: INSERT INTO `session` (`sess_id`, `created`, `ip`, `vars`) VALUES ('7064d8839677ef7381b047d68a1fb082', now(), '127.0.0.1', 'foo'))) ieee_interface structural
#5484 attachment pane permanently showing in message preview since ea816a0 since ea816a0 the attachment pane (small grey box on the right hand side) is always shown during message preview not matter if there are attachments or not. it looks like messagepreview.html does not include header.html and so the UI is never init'd ieee_logicData control_flow
#5485 Thumbnail generator should also make sure that the file is an image As suggested in https://github.com/roundcube/roundcubemail/issues/4151#issuecomment-255319205 it is possible to bypass security checks by using e.g. swf-file with jpg extension and image/jpeg mimetype. If the image resize fails we should make sure the file is an image before sending it to the browser as we do for inline images. ieee_logicData control_flow
#5499 _write modifies email content So when the email contains the following: ``` whatever src=/whatever.js whatever ``` This is displayed as: ``` whatever src=skins/SKINNAME/whatever.js whatever ``` If the user replies to an email containing that, the reply box also contains this change. The same thing happens with globals, for instance if the email contains `$__comm_path`, this will also get replaced. This is done via this line in `rcmail_output_html.php`, in the function `_write` ``` $output = $this->parse_with_globals($this->fix_paths($output)); ``` Tested on 1.2.2 ieee_logicData control_flow
#5500 Redundant keep-alive/refresh after session error If session is broken/expired we call rcmail.session_error() to redirect to logon page. However, when the user is in compose screen we do not redirect. A reason for this is that we want to give the user a chance to save the message content locally or sth like that. However, after the session error keep-alive/refresh requests are still being sent in defined intervals causing unwanted server load. We should avoid that. ieee_logicData control_flow
#5508 String should be an array /program/lib/Roundcube/rcube.php line 1325 (since 21 Sep) **$post_query = '';** should probably be **$post_query = array();** It causes the following error in 1.2.2: > Warning: Illegal string offset '_action' in /var/www/html/roundcubemail-1.2.2/program/lib/Roundcube/rcube.php on line 1330 Warning: http_build_query(): Parameter 1 expected to be Array or Object. Incorrect value given in /var/www/html/roundcubemail-1.2.2/program/lib/Roundcube/rcube.php on line 1336 PHP 7.1.0RC5 Apache/2.2.15 (Unix) ieee_syntax control_flow
#5519 Error when store 0 in roundcube cache If I store 0 in the database cache as packed = false, when I use the get function it is always returned null program/lib/Roundcube/rcube_cache.php in line 306 $md5sum = $sql_arr['data'] ? md5($sql_arr['data']) : null; if ($sql_arr['data']) { $data = $this->unserialize($sql_arr['data']); } if ($sql_arr['data']) when $sql_arr['data'] = 0 is false ieee_interface structural
#5523 Multiple undefined indexes in rcube_imap_generic This may be an example of working out of my depth, but... A call (in v1.2.2) to `rcube_imap_generic->connect($host, $user, $password)` results in multiple indexes not found. The method signature is `connect($host, $user, $password, $options = null)` and its first line is `$this->set_prefs($options);` Thus when no options are provided the class property `prefs` is null. So when the protected method `_connect()` is called, and that method does things like: ```` if (!$this->prefs['port']) { $this->prefs['port'] = 143; } ```` there is no `prefs` array element for port. One could correct the resulting error with `array_key_exists(...)` I suppose. Or one could pass an options array that contains all of the expected keys, in which case it should not default to `null`. ieee_logicData control_flow
#5527 Relax content security checks for valid images I looks like IBM Notes client can send mail with inline PNG images that are described with `Content-Type: image/gif`. In such a case pink rectangle images are used instead of real images. I think we should display the attached images in such a case. I.e. if we know it's an image by content check we should ignore wrong Content-Type header and replace it with real image/* value. ieee_logicData control_flow
#5562 Upgrading from 1.2.0 to 1.2.3 doesn't work Hi, I have roundcube 1.2.0 installed, i'm not really sure in which directory. I have **/opt/www/roundcubemail/** and **/opt/www/roundcubemail-1.2.0/** so I updated both with bin/installto.sh, this is the console output: ``` ./installto.sh /opt/www/roundcubemail-1.2.0/ Upgrading from 1.2.0. Do you want to continue? (y/N) y Copying files to target location...done. ``` But when I repeat this step, it still shows "Upgrading from 1.2.0", so I guess the update failed? In the Roundcube Panel its also listed as 1.2.0 (even after reboot) ieee_otherBuildConfigInstall non_functional
#5563 AUTHENTICATE LOGIN not supported for IMAP Cheers, the Sieve management has support for using "AUTHENTICATE LOGIN" integrated, but the generic IMAP handler does not. A standard Dovecot with SASL-IR and LOGIN as the only auth method will not allow successful connections from Roundcube as it only tries "LOGIN", not "AUTHENTICATE LOGIN". ieee_interface structural
#5572 Advanced search is broken with several address books I have roundcube 1.2.3 installed. After updating from previous version (I don't remember exactly which one), advanced search seems to be broken. I have ldap address book configured and default sql address book for personal addresses. When working with address book I run 'Advanced Search' without selecting anything in 'Groups', contact is found in ldap catalog, but when I select it, in 'Contact properties' I see: Address Book: Personal Addresses (not ldap catalog) and error 'The requested contact was not found'. In error log I can see: ``` <k0oc94s5> DB Error: [7] ERROR: invalid input syntax for integer: "Q049TWVyemxpYWtvdiBWYXNpbGlpIEFuYXRvbCdldmljaCxPVT1TRkVEVSxEQz1hZCxEQz1zZmVkdSxEQz1ydQ-SFEDU" LINE 1: SELECT * FROM "contacts" WHERE "contact_id" = 'Q049TWVyemxpY... ^ (SQL Query: SELECT * FROM "contacts" WHERE "contact_id" = 'Q049TWVyemxpYWtvdiBWYXNpbGlpIEFuYXRvbCdldmljaCxPVT1TRkVEVSxEQz1hZCxEQz1zZmVkdSxEQz1ydQ-SFEDU' AND "user_id" = '421' AND "del" <> 1) in /http/roundcube/program/lib/Roundcube/rcube_db.php on line 539 (GET /?_task=addressbook&_framed=1&_action=show&_source=0&_cid=Q049TWVyemxpYWtvdiBWYXNpbGlpIEFuYXRvbCdldmljaCxPVT1TRkVEVSxEQz1hZCxEQz1zZmVkdSxEQz1ydQ-SFEDU) ``` But when I select global address book in 'Groups' field, advanced search works as expected. It seems after finding contact, advanced search doesn't remember where it came from and tries to search for detailed information in wrong address book. ieee_logicData control_flow
#5580 Roundcube treats images defined as data URIs in CSS as evil I have the following email notification message: [test.zip](https://github.com/roundcube/roundcubemail/files/684468/test.zip) I observe two issues in the way Roundcube renders it. First, it is detected as referencing remote images, which is not true: ![rc-1](https://cloud.githubusercontent.com/assets/6199148/21641130/2a40f308-d27a-11e6-894c-6582fe5657f7.png) Then, after confirming (clicking "Display images") it also not rendered correctly because png images defined as data URIs in CSS are treated as evil and the whole class definitions are removed: ![rc-2](https://cloud.githubusercontent.com/assets/6199148/21641200/a2b63fdc-d27a-11e6-912c-a2e007f4eae6.png) Desktop mail clients diplay this message correctly immediately and without any warnings, for instance Thunderbird: ![thunderbird](https://cloud.githubusercontent.com/assets/6199148/21641231/cfb112fa-d27a-11e6-9a0d-ed1902becaf8.png) ieee_logicData control_flow
#5583 Privacy Leak Bug When viewing an email in Roundcube as HTML, remote content is blocked and there is a message saying: > To protect your privacy, remote images are blocked in this message. Display images However, remote content loaded from input tags of type "image" *is* loaded, without even clicking "Display images". I.e: ```html <input type="image" src="http://TRACKING_URL/"> ``` I discovered this issue when testing two unrelated Roundcube installations using https://www.emailprivacytester.com (a website I built and run myself) One of the installations also loads autoplay video tag content under the same circumstances. I am not sure why the other doesn't. I.e: ```html <video autoplay="true" src="http://TRACKING_URL/"></video> ``` Typically I would report an issue like this using non-public channels, however you don't seem to have a published mechanism for reporting security issues privately. I signed up for your dev mailing list and sent an email there to ask how to report it, but the message bounced. I would suggest you set up a dedicated address for reporting security issues, and have a dedicated webpage on your website detailing how to report them, preferably with a PGP key. ieee_logicData control_flow
#5598 Installer doesn't copy jsdeps.json Testing an upgrade from 1.2.3 to 1.3-beta, I noticed that bin/installto.sh doesn't copy jsdeps.json to the target. Since this was a new migration, I followed the instructions [here](https://roundcube.net/news/2017/01/05/roundcube-webmail-1.3-beta-out-now) and the first time running that it told me it couldn't find that file. Only took a moment to realize it wasn't copied by the script and I had to copy it manually. installto.sh:64 `foreach (array('index.php','.htaccess','config/defaults.inc.php','composer.json-dist','CHANGELOG','README.md','UPGRADING','LICENSE','INSTALL') as $file) {` Oh yeah, and also, when doing an install on a VM, I got an error running that, something along the lines of "sh: -o does not exist". Turned out it was because unzip was not installed. So install-jsdeps.sh might want to have a check relating to `$UNZIP = trim(`which unzip`);` to make sure it actually found something. EDIT: Otherwise, very awesome work so far. 1.3 looks great! ieee_otherBuildConfigInstall non_functional
#5604 group-expand limited to 1000 in code Hi, I detected a issue using groups of addresses bigger than 1000 members. When I compose a new message and click in the button BCC+ only around 1000 addresses are added to BCC field. I tested with groups of 1600 and 3000 addresses. Looking for the cause I found in the code a value hardcoded is causing the issue. File: program/steps/mail/autocomplete.inc Line number 27: $abook->set_pagesize(1000); // TODO: limit number of group members by config The issue is solved when I increasing the value. Could you change the hardcored value to a config option to avoid the change will be overwrited on next RC update? I'm using RC 1.2.3. In my config/config.inc.php I have $config['max_pagesize'] = 2500; I'm using the default values for max recipients and max group members: $config['max_recipients'] = 0; $config['max_group_members'] = 0; Thanks in advance. ieee_logicData control_flow
#5606 Cannot close address auto-completion popup with group matches For instance, typing a To-address shows a popup of the suggested addresses (which is expected). For me the popup always stays open, and it cannot be closed by clicking outside of the popup (there is also no obvious key to close it; is there such a key?). The real problem is however, the final list remains with only contact groups in it (group names are perhaps matched due to one member of that group matching?). In any case, using the Tab-key fills out the To-address with the e-mails of all members of the (unwanted) group match. This is very annoying and dangerous as it might send a message to a huge number of recipients. How to disable auto-completion as a workaround for the above behavior? How to cancel the result of the auto-completion popup (i.e., close it)? Is there a way to avoid matching groups? ieee_interface control_flow
#5608 Content frame not reset when deleting a message The content frame should be reset to watermark page when deleting a message. This happens properly always but not when: - the list contains only one message (the one being deleted) - and display_next=true - and read_when_deleted=true - and skip_deleted=true ieee_logicData control_flow
#5613 widescreen view + search + threads issue Hi. I use 1.3-beta without plugins. Widescreen view and threads. When I search for messages in the inbox there is only first message from thread displayed on the results list. This small button to expand thread is missing. Issue only occurs in widescreen layout. ![rc](https://cloud.githubusercontent.com/assets/24810145/22065727/ccf4990a-dd89-11e6-87fc-3f5708eafbbd.jpg) ieee_logicData control_flow
#5614 Skin image files with incorrect extention are not shown in IE11 and Edge Some PNG files in classic theme has ".gif" extension, so that IE11 and Edge does not show these images. - pagenav.gif - searchfield.gif - tabs-left.gif - tabs-right.gif - taskicons.gif - watermark.gif ieee_interface control_flow
#5616 Dragging messages list row forces message preview When in widescreen or desktop mode you start dragging an unselected message, it will be loaded to the preview frame. This is a regression caused by 28741ed0322. The issue is minor and the fix probably not simple, but maybe we can fix it. ieee_logicData control_flow
#5628 Signature below the quoted message Hi In last firefox 51 when i reply email, signature is below the quoted message Although checkbox is not selected. In Chrome is it ok. ieee_logicData control_flow
#5632 Emails Forwarded As Attachments, Winmail.dat and Zero Byte Files I'm seeing an issue where email(s) forwarded as attachments aren't understood correctly. The content of the attached email(s) cannot be viewed within Roundcube. I think it relates to TNEF encoding Outlook uses as I don't see the issue when email(s) are sent in HTML format. For each "forwarded as attachment" email Roundcube lists an item in the attachment list, however the icon considers this to be an unknown item (document with 3 question marks). URL to the item is similar to this: https://xxx.xxx.com/mail/?_task=mail&_action=get&_uid=118&_mbox=INBOX&_part=winmail.2.0 When the link is clicked the browser attempts to save the file, which is seen as "application/octet-stream", and results in a 0 byte file. I've tested this on 3 different versions, and see the same behaviour in: Version 0.8.2 Version 1.1.7 Version 1.2.3 Getting the email in text format from the message store and opening with Outlook allows the attached email(s) to be viewed. ieee_logicData structural
#5642 Signature placed incorrectly Configuration: - Firefox 51 - `top_posting: true`, - `sig_below: false`, - plaintext editing When replying to an e-mail, the signature is inserted **below** the cited text. I believe that the culprit is https://github.com/roundcube/roundcubemail/blob/master/program/js/editor.js#L539, as the `get_caret_pos` function returns a large number that corresponds to the end of the message. Both `setlectionStart` and `selectionEnd` DOM properties of the `<textarea>` node are the same (equal to `.value.length`), meaning the caret is collapsed to the end of the text area. Why does this code path even respect caret position? I would expect the settings above to result in sig being **always** inserted at the top... ieee_logicData control_flow
#5646 TNEF decoder works wrong with attachments' long filenames I've commented on the [similar issue](https://github.com/roundcube/roundcubemail/issues/2894), but it is closed already and I am not sure somebody would see it, so I better open a new one. I am copy-pasting my comment here: Well, this solution [currently, it is a line 257 in _roundcubemail/program/lib/Roundcube/rcube_tnef_decoder.php_ which looks like _$value = str_replace("\0", '', $value);_] is a bad solution, because it doesn't work in some cases. It works well with "English" filenames, so all you English-speaking guys usually don't notice anything wrong, but when an attachment has a Russian or Arabic or some Japanese name, I am pretty sure it would look broken. At least, this was the case with Hebrew attachments I dealt with recently, and I don't particularly see there would be different behavior with other non-Latin cases. What you do here is just strip zero bytes (which are the "excess" bytes in case of Latin alphabet) and pretend that now you got the UTF-8 encoded string, which is simply not true (more than that, in rcube_message.php there is a _fix_attachment_name_ function which actually tries to undo what is being broken here!). As far as I understand [Transport Neutral Encapsulation Format (TNEF) Data Algorithm](https://msdn.microsoft.com/en-us/library/cc425498(v=exchg.80).aspx), long filenames are UTF-16LE encoded. It means that instead of zero-bytes that are used in Latin, there would be 0x05-bytes in Hebrew, for example. And stripping zeros from Hebrew string means that you strip nothing but the null terminator. When you try to read it as a UTF-8 string, all you got is gibberish. I think, what really needs to be done here is simple string converting from UTF-16LE to UTF-8, but **not** with the help of Roundcube _utf16_to_utf8_ function(!), since in UTF-16**LE** two-byte pairs are in reverse order. Standard _iconv_ should work. You may also pre-check if the string is UTF-16 encoded (in TNEF such strings have two-byte null terminators, while UTF-8 strings get only one zero byte in the end). ieee_logicData control_flow
#5648 UI updates on contact group rename When you rename a contact group the name is updated in the groups list on the left hand side of the page but the name displayed at the top of the list of contents in the second column stays as the old one. I thought I could make a PR to improve this but the code for this is a little fractured and, possibly, out of date. It looks like there are 2 JS functions rcmail.set_group_prop and rcmail.update_contact_group. update_contact_group is called when a group is renamed but only updates the groups list (and triggers JS event `group_update`). While set_group_prop is used when the groups contents is listed and sets the title in the second column (and triggers JS event `groupupdate`). I think that second JS event is wrong, I'm guessing it should be group_update, the same format as group_insert and group_delete. But also I'm wondering if these 2 JS functions shouldn't be combined into 1 that updates both the list and the title (if the group is open). EDIT: On reflection I think that rcmail.set_group_prop should not trigger the update event at all since its only called on list and not update. ieee_logicData control_flow
#5649 rcmail::get_instance() signature compatibility We should fix the method signatures to match in order to avoid these warnings: > Warning: Declaration of rcmail::get_instance($env = '') should be compatible with rcube::get_instance($mode = 0, $env = '') in roundcube/program/include/rcmail.php on line 30 ieee_interface structural
#5655 Too easy to accidentally move folders when subscribing/unsubscribing several folders at once In Settings -> Folders, it is far too easy to accidentally move folders when subscribing/unsubscribing several folders at once. If the mouse happens to be released slightly too late the folder suddenly ends up being moved to the grandparent folder. It doesn't help that the first click to subscribe/unsubscribe a folder makes the folder frame scroll back to the top. ieee_logicData control_flow
#5661 problems with pear/composer with packages, net_idna2 and auth_sasl Greetings, I've been trying to figure out how this works for a few hours now; I apologize for any un-educated comments I might make. I've been trying to get roundcube on a Centos7 with rh-php56 working but I'm still stuck at "composer install --no-dev" or "composer install" It reports: The requested package pear-pear.php.net/auth_sasl could not be found in any version, there may be a typo in the package name. same "problem" with all 6 pear packages defined with "pear-pear.php.net/" I also get the following, which might be the reason: PEAR repository from https://pear.php.net could not be loaded. Undefined index: channel Removing the -pear.php.net reduces them to 2 ... but unless composer is broken or pear.php.net is down (which does not seem to be the case) ... I'm unable to figure out what the problem with the other 4 packages is ... when removing -pear.php.net, I get : Problem 1 - The requested package pear/auth_sasl ~1.0.6 exists as pear/auth_sasl[dev-master] but these are rejected by your constraint. Problem 2 - The requested package pear/net_idna2 could not be found in any version, there may be a typo in the package name. I'm getting this both with HEAD and tag 1.2.3 ieee_otherBuildConfigInstall non_functional
#5695 Settings > Folders shows folder prefix When $config['show_real_foldernames'] = true, the folder prefix is displayed in Settings > Folders. This is not the case when the show_real_foldernames = false. The folder names are shown correctly without the prefix in the left folders list on the main Roundcube Mail page, but in Settings > Folders the prefix is shown. Is there any way to change it so that the folder prefix is NOT shown when show_real_foldernames = true? Many Thanks ieee_logicData control_flow
#5708 login rate limiting sends local time to database (postgres) which causes undesired effects My postgres db is set to use UTC as default timezone. My system (and PHP) is set to use Europe/Bratislava as default timezone (currently it's UTC +01:00). Column definition for users.failed_login is "timestamp with time zone", but roundcube omits timezone when setting it's value, which results in incorrect calculations in rate limiting function in rcube_user->failed_login(). Proposed (and tested) solution is simple patch: ``` --- roundcubemail/program/lib/Roundcube/rcube_db_pgsql.php.orig 2017-03-25 17:43:01.713984686 +0100 +++ roundcubemail/program/lib/Roundcube/rcube_db_pgsql.php 2017-03-25 17:43:39.654363537 +0100 @@ -231,4 +231,12 @@ return $sql; } + /** + * Use ISO 8601 date (includes timezone info) + */ + public function fromunixtime($timestamp) + { + return date("'c'", $timestamp); + } + } ``` ieee_logicData control_flow
#5711 Double table header appears with Larry skin in folder listing after expanding toolbar ![screenshot from 2017-03-29 23-01-47](https://cloud.githubusercontent.com/assets/1149069/24476556/ffaee248-14d3-11e7-920c-06842a3cd4f7.png) As shown in the screenshot, after expanding the top toolbar, clicking on "About" link, then closing the About popup by clicking on the cross, then, shrinking the toolbar, the header of the folder mail listing appears twice. Then expanding/shrinking the toolbar makes the two headers staying above it, until either the refresh timer elapses or the page is reloaded. ieee_logicData control_flow
#5720 base_dn setting ignored inside group_filters after upgrade to 1.1.8 Updated Roundcube from 1.1.5 to 1.1.8 and found that the LDAP address book began working incorrectly. After making some debug I found that base_dn parameter inside any array included in group filters is ignored. For example, I have: $config['ldap_public']['Private'] = array( 'name' => 'GLOBAL BOOK' , 'use_tls' => false, 'hosts' => array('myaddress'), 'port' => 663, 'ldap_version' => 3, 'use_tls' => false, 'network_timeout' => 30, 'user_specific' => true, 'base_dn' => 'DC=some,DC=domain', //First dn ........ 'group_filters' => array( 'users' => array( 'name' => 'somebook', 'scope' => 'sub', 'base_dn' => 'OU=Users,DC=some,DC=domain', //Second dn 'filter' => '(objectClass=inetOrgPerson)', 'name_attr' => 'sn', ), 'customers' => array( 'name' => 'somebook2', 'scope' => 'sub', 'base_dn' => 'ou=Clients,DC=some,DC=domain', //Third dn 'filter' => '(objectClass=inetOrgPerson)', 'name_attr' => 'sn', ), ), ....... After update "Second dn" and "Third dn" are always ignored and roundecube stubbornly use "First dn" for ANY LDAP search. All other options inside 'group_filters' work perfectly. As a result LDAP search is incorrect and I see the same search result in 'GLOBAL BOOK', 'somebook' and 'somebook2' (they should be different because of base_dn). I temporary solved the problem by replacing the file "rcube_ldap.php" in roundcube 1.1.8 by the same file from previous version 1.1.5. The php script from version 1.1.5 still works fine. Could you give us some patch to solve this problem? ieee_logicData control_flow
#5730 Database schema check fails with all engines except mysql Since a1f679adca mysql database schema is different than other databases. Table `dictionary` contains additional `id` column which is not used by other engines. This is a problem for database schema check in rcmail_install::db_schema_check() which uses mysql.initial.sql file as a reference for all database engines. This causes the chack to fail with `Missing columns in table 'dictionary': id` for all engines except mysql. ieee_interface structural
#5732 Folder sorting incorrect on Windows Version 1.2.4 European countries usually do not sort case sensitive. The line of code in \webmail\program\lib\Roundcube\rcube_imap.php is // sort folders // asort($folders, SORT_LOCALE_STRING) is not properly sorting case sensitive names uasort($folders, array($this, 'sort_folder_comparator')); I have changed it to //uasort($folders, array($this, 'sort_folder_comparator')); array_multisort(array_map('strtolower', $folders), $folders); and this works. ieee_logicData control_flow
#5739 Roundcube silently discards invalid recipients Email addresses on our systems are typically accountname@domain One of my users noticed that if they forgot the domain and enter the following into the To: dialogue on the compose screen: dpc99, dpc22@domain and then click "Send", Roundcube silently drops the invalid "dpc99" part and transforms this into: dpc22@domain Some testing reveals that this true of all versions of Roundcube from 1.0.2 to 1.3-rc. The culprit appears to be: program/steps/mail/sendmail.inc function rcmail_email_input_format($mailto, $count=false, $check=true) ... foreach ($items as $item) { ... else if (trim($item)) { continue; } I'm curious about the "continue". If I comment out that single line, Roundcube sticks up an error dialogue: Incorrect e-mail address: dpc99 which seems like more correct behaviour to me. What I am missing? ieee_logicData control_flow
#5747 Roundcube 1.2.5 - Comment notations within style tag issues Hi, I've noticed a strange behaviour after upgrading from RC 1.2.3 to 1.2.5. HTML e-mails seems to be a little broken when dealing with "comment notations" in style tag. Removing comments from the style tag, obviously, fix the issue. This is how a test massage looks in RC 1.2.3: ![preview_1 2 3](https://cloud.githubusercontent.com/assets/6747447/25620592/371b6220-2f4f-11e7-85d5-ef4e19234223.png) And this is how same message looks in RC 1.2.5 and 1.2.4 too (note the missing formatting, colors, ...): ![preview_1 2 5](https://cloud.githubusercontent.com/assets/6747447/25620614/4535d232-2f4f-11e7-9edb-6bd20469736c.png) To reproduce this, I've used same configuration on both testing environments. Attached below, the e-mail template used in this example. [email-template.html.zip](https://github.com/roundcube/roundcubemail/files/970659/email-template.html.zip) Anyone else is facing the same issue or have an idea on how to fix this? Thanks ieee_logicData control_flow
#5751 Style tag in HTML message ignored on reply Issue still remains when trying to reply a message containing comments within style tag. [Go to original issue](https://github.com/roundcube/roundcubemail/issues/5747) Reading message: ![reading](https://cloud.githubusercontent.com/assets/6747447/25742477/f7f6a0d0-318f-11e7-9746-2af43449641e.png) Replying to: ![replying](https://cloud.githubusercontent.com/assets/6747447/25742484/0126eb6a-3190-11e7-95ae-1bef910d9d42.png) ieee_logicData control_flow
#5757 Address Book Advanced Search - bug on gender If I do an advanced search in the address book for anyone marked "female" it works fine but if I search for anyone who is marked "male" I get also females. ieee_logicData control_flow
#5772 Roundcube break attachment with special characters Hi guys, I have some issue with Roundcube 1.2.4 over OpenBSD 6.1. Users can't download properly attachments with special characters like accents, e.g **Canción.docx** or stuff like that. At the moment of download the file, the name is cut off to **Canci** and even if I rename the file, is still broken, if I forward the mail to gmail or something, I can open it just fine. Any idea? Is a know issue? Thanks. ieee_standards structural
#5774 mariadb 10.2 syntax error Roundcube 1.2.5 MariaDB 10.2 MariaDB does not like when 'rows' is used as column name. The query is in rcube_contacts.php in "private function _count()" Error log: 26-May-2017 19:59:33 +0300]: <f66r76ge> DB Error: [1064] You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'rows FROM `contacts` AS c WHERE c.`del` <> 1 AND c.`user_id` = '2' AND ((((`emai' at line 1 (SQL Query: SELECT COUNT(c.`contact_id`) AS rows FROM `contacts` AS c WHERE c.`del` <> 1 AND c.`user_id` = '2' AND ((((`email` LIKE '[email protected]' OR `email` LIKE '[email protected],%' OR `email` LIKE '%,[email protected],%' OR `email` LIKE '%,[email protected]'))))) in /var/www/roundcube/program/lib/Roundcube/rcube_db.php ieee_syntax control_flow
#5780 [wiki] Install information confusing / out-of-date regarding Mcrypt (I think) I'm not sure, but some searching seems to suggest that Mcrypt is no longer used by current roundcube (1.2.5). The install requirements don't mention it: https://github.com/roundcube/roundcubemail/wiki/Install-Requirements but the wiki install instructions do: https://github.com/roundcube/roundcubemail/wiki/Installation They say to install php5-mcrypt. Mcrypt is of course obsolete, unmaintained, and deprecated: http://php.net/manual/en/intro.mcrypt.php So hopefully roundcube doesn't actually use it, and if so there's a few lingering places to un-document it. ieee_otherBuildConfigInstall non_functional
#5781 list object, touch events and IE11/Edge When using IE11 or Edge if you touch and hold on a message in the message list then the drag widget appears for a moment or two but then the message you touched on loads in the preview pane and the drag event is canceled. It seems that in IE11 or Edge any time you touch a message in the message list it is loaded into the preview pane regardless of how long you touched it for or anything. Even if you are just scrolling up and down the list. In Firefox it does not load the message into the preview pane so quickly you need to touch it and let go, if you are just scolling it ignores the touch. Similar behaviour can be seen with the Contextmenu plugin. In Firefox if you touch and hold on a message then the menu is displayed and the preview pane remains blank but in IE11/Edge the menu is displayed and the message loaded into the preview pane. ieee_interface structural
#5782 Saving timezone setting does not work sometimes Steps: 1. Configure timezone=auto in the config 2. Login with a user that has no entry in database yet. 3. Go to Preferences and change timezone selection to your timezone (make sure it is the same as auto-detected timezone). 4. See that the timezone setting is not saved to user record. The reason for this is this code in rcube_user::save_prefs(): ``` // don't save prefs with default values if they haven't been changed yet foreach ($a_user_prefs as $key => $value) { if ($value === null || (!isset($old_prefs[$key]) && ($value == $config->get($key)))) { unset($save_prefs[$key]); } } ``` I tend to remove the code that does not store default values. ieee_logicData control_flow
#5788 rcube_utils::bin2ascii Uninitialized string offset `$char & $mask` can have larger values than the length of `$hextab` See for example: https://3v4l.org/0RLI6 ieee_logicData control_flow
#5798 Message selection issue on unfocused message that is part of a thread On messages list in Larry, steps: 1. Select a message that is part of a thread (the root or any of children) 2. Click out of the list to unfocus the message. Result is that the background on the message record is now gray but should be blue(ish). ieee_interface control_flow
#5799 Viewing email attachment from TNEF format causes Apache Internal Error 500 In file `/program/steps/mail/get.inc` line ` 328` may rise apache internal error 500 `header("Content-Disposition: $disposition; filename=\"$filename\"");` reason beeing a bad file name containing illegal characters. In my debug example the attachement file name should look like "Pavadzīme (lv) EL7877 .pdf" but from winmail.dat it gets decoded with some non-ascii chars in it "Pavadz+me (lv) EL7877 .pdf". It looks like in file `/program/lib/Roundcube/rcube_message.php` the function `function fix_attachment_name(..)` is not fixing the file name properly. Attached is original email causing this issue. [email.txt](https://github.com/roundcube/roundcubemail/files/1081396/email.txt) [winmail.zip](https://github.com/roundcube/roundcubemail/files/1081398/winmail.zip) My setup: roundcube 1.2.5; PHP 5.4.16; Apache/2.4.6 (CentOS 7) ieee_logicData control_flow
#5808 Fatal error when using DMY- or MDY-based date format in PostgreSQL If you use a postgresql existing database with a different date style of ISO, there may be problems and a blank page... the solution : alter database roundcube set datestyle = 'ISO'; ieee_interface structural
#5809 Duplicated signature when using Back button in Chrome I'm using roundcube-1.2.5. Sometimes, the signature gets duplicated: 1. Start entering a new message 2. Select "Change Sender" ("Absender ändern") 3. Somehow, I'm stuck on this. There is no easy way to get back to the message :( Maybe this is worth another ticket? 4. So: I click on "browser - back" 5. Now the message shows up again, but the signature is in there twice ![image](https://user-images.githubusercontent.com/1677414/27376180-ae2886b0-5671-11e7-9c46-1c43aaab0d93.png) ieee_logicData control_flow
#5811 Google emails makes top toolbar to collapse This is happening only with mails coming from Google in Roundcube Webmail 1.1.5, any browser (tested on Safari 10.1.1, Google Chrome 58.0.3029.110, Firefox 54.0) I guess it's a problem of the inline css of the message because it only happens on html view. Better an image than 1000 words.. ![captura de pantalla 2017-06-23 a las 10 37 23](https://user-images.githubusercontent.com/1733884/27474448-90342924-5802-11e7-87a2-197d6c767ee3.png) ieee_interface structural
#5830 jsdeps check in installto.sh fails on complete packages The complete package doesn't contain `jsdeps.json` nor `bin/install-jsdeps.sh`. Thus the `installto.sh` script should not attempt to check and install javascript dependencies. http://lists.roundcube.net/pipermail/users/2017-June/011556.html ieee_otherBuildConfigInstall non_functional
#5831 crypt-gpg-pinentry error on upgrade Reporting of this issue is caveated by my admission that the issue is somewhat over my head in terms of my knowledge surrounding it and so I am reporting it at face value. I am upgrading from v1.2.5 to v1.3.0 using the 'complete' package [here](https://roundcube.net/download/). When I update composer's dependencies with php composer.phar update --no-dev I get the following error and composer aborts (leaving Roundcube inaccessible): ``` - Installing pear/crypt_gpg (v1.6.0) Downloading: 100% [ErrorException] file_put_contents(<path to my roundcube installation>/vendor/bin/crypt -gpg-pinentry): failed to open stream: No such file or directory` ``` Looking in the vendor/bin/ directory, crypt-gpg-pinentry is a symlink to ../pear-pear.php.net/Crypt_GPG/bin/crypt-gpg-pinentry but I am missing the pear-pear.php.net directory from vendor/. Removing the "pear/crypt_gpg": "~1.6.0" dependency from composer's composer.json file allows the upgrade to complete (and Roundcube to function) however I am not sure if this really is the best solution - perhaps I just don't need the functionality that crypt-gpg-pinentry is providing or I just haven't (yet) discovered the fact that I actually do? ieee_otherBuildConfigInstall non_functional
#5834 bin/update.sh doesn't print SQL errors See #5833 for complete details. When bin/update.sh fails, it doesn't show the underlying SQL error: ``` What version are you upgrading from? Type '?' if you don't know. ? Executing database schema update. Updating database schema (2015111100)... [FAILED] NOTE: Update dependencies by running `php composer.phar update --no-dev` ``` In my case, the error was: ``` ERROR 1067 (42000): Invalid default value for 'created' ``` ieee_otherBuildConfigInstall non_functional
#5845 PHP 7.2: count(): Parameter must be an array or an object that implements Countable in program/lib/Roundcube/rcube_plugin_api.php on line 438 I get the following error: [09-Jul-2017 00:00:02 Europe/Berlin] PHP Warning: count(): Parameter must be an array or an object that implements Countable in program/lib/Roundcube/rcube_plugin_api.php on line 438 PHP 7.1 All dependencies installed Latest master-branch of Roundcube ieee_syntax control_flow
#5854 Chrome attach file button didnt work Chrome 57.0.2987.133 (64-bit) 1. Add any file (click attach button) 2. Delete this file (click trash button) 3. Try to add this file again (click attach button and select the same file) - file didnt add to attach files. PS Roundcube Webmail 1.3.0 (contextmenu filesystem_attachments html5_notifier jqueryui managesieve markasjunk2 password persistent_login) ieee_logicData control_flow
#5862 Folder view incorrect after removing mails When a folder contains more than 1 page worth of emails and you then delete multiple emails so the list is less than 1 page. The list of emails shown is incorrect. example: Page-size is set to 50 and a folder contains 60 emails. Lets call the top email on the first page mail#1 and the bottom one on the second page mail#60. select mail#11 through mail#29 and delete them The listing now shows mail#30 through to mail#50 and mail#41 through to mail#60. mail#41 through to mail#50 are shown twice. Clicking on the first instance of one of the duplicate entries selects the second instance. I've seen this behavior with 1.2.5 and with 1.3.0. ieee_logicData control_flow
#5872 Messages count is not updated after delete when imap_cache is set and both options "Flag the message for deletion instead of delete" and "Do not show deleted messages" are enabled. ieee_logicData control_flow
#5880 Sanitize attachment names Need add some replacements in https://github.com/roundcube/roundcubemail/blob/master/program/steps/mail/func.inc#L1957 `$filename = str_replace(array("\r","\n"), '', $filename);` I have some incoming e-mails with invalid attachment's names. When i download them i see Apache 500 errror with following messages in log > AH02430: Response header 'Content-Disposition' value of 'attachment; filename="!:@8= \x109EM4.png"' contains invalid characters, aborting request > AH02430: Response header 'Content-Disposition' value of 'inline; filename="\x1d>20O 0=:5B0 \x18\x1f.PDF"' contains invalid characters, aborting request If i replace that line with $filename = str_replace(array("\r","\n","\x10","\x18","\x1f","\x1d"), '', $filename); files are downloaded correctly. Probably there are other characters (all lower than 32 code of ASCII?) that will raise the problem. Please fix it. + https://stackoverflow.com/questions/1176904/php-how-to-remove-all-non-printable-characters-in-a-string ieee_logicData control_flow
#5885 Diacritic issue on EDGE Hi there is issue with diacritics (CZ or DE for example) in Roundcube. We tried versions 1.2.1 and even the new 1.3.0. The issues is in EDGE browser, when you choose new mail message and HTML editor and try to paste some text from a website in the HTML message, all the characters with diacritic are broken (see attached image - correct encoding is below). ![diacritic](https://user-images.githubusercontent.com/4435945/28822915-75a3a404-76bb-11e7-9032-ca2f6241d127.jpg) THE CORRECT DIACRITIC (encoding): Zdravím Vás všechny, kterým se podařilo ke mně zabloudit – ať už náhodou anebo cíleně. Jsem turistka ve vlastnictví dvou psů se sklony zapomenout úplně všechno, co si nevyfotí, takže fotím pro jistotu úplně všechno. Můžete si vybrat: Fotky a zážitky z výletů Psí fotky a články ze života vlčích špiců Fotografie z jiných akcí, třeba hudebních nebo psích Původní web s fotkami mezi roky 2008 – 2015 a fotkami z akcí Hnutí Brontosaurus Tento nový kabátek má web od léta 2016, takže doufám, že se Vám tu bude líbit a že najdete zajímavou turistickou inspiraci pro Vaše vlastní výlety, nebo se pokocháte místy, která jste viděli v jiné roční době. Nebo Vás spíš zajímají starosti a radosti ze života se psem? Určitě i pro Vás se tu najdou nějaké střípky, které dotvoří skládačku. Doufám, že se Vám tu bude líbit. ieee_interface structural
#5891 CSS conflicts in user interface and e-mail previews. We have been experiencing issues with e-mails being rendered in the classic skin that happen to contain elements with the ID `compose-container`. Because the CSS of the skin contains the following rule, any block elements with the attribute `id="compose-container"` in a previewed e-mail will overlap: ```css #compose-container { position: absolute; top: 0; left: 205px; right: 0; bottom: 0; margin: 0; } ``` Ideally, e-mails shouldn't be containing multiple tags with the same ID. However, this is not within the recipient's control. Therefore, perhaps efforts should be made to ensure that the styling of a Roundcube skin will not conflict with the IDs and classes of elements within HTML e-mails. ieee_interface structural
#5897 Wrong behavior of the savetarget frame when check spelling is on Since commit 46c96bf0, if the option `Check spelling before sending a message` is `on` and the message has spelling errors, the compose window after sending an email does not close. A blank page is opened like it was a new tab/window (i suppose it is the `savetarget iframe`), the email is sent, but the blank page remains open and the loading gear "Sending message..." stays forever spinning. The user can't click anything (does nothing), until he/she reloads the page. If `Check spelling before sending a message` is `off`, everything works ok. Steps to reproduce: 1. Roundcube updated to a commit after 46c96bf0. 2. Settings -> Preferences -> Composing Messages -> Check spelling before sending a message (TRUE) 3. Mail -> Compose 4. Write something with spelling errors. 5. Click send. 6. A window opens alerting for the spelling errors. Close it. 7. Click send. ieee_logicData control_flow
#5905 Inline images shown as attachments I just received a mail from an online shop with inline images but the images don't appear in the mail. I see them as attachment PartXX.bin. There's some information from the mail source: The e-mail is a multipart/mixed mail: ``` Content-Type: multipart/mixed; boundary="----=_Part_9_958628515.1502433972518" ``` The first part is a quoted-printable encoded html message: ``` ------=_Part_9_958628515.1502433972518 Content-Type: text/html; charset="ISO8859-2" Content-Transfer-Encoding: quoted-printable ``` This is the reference to an inline image: ``` <img src=3D"cid:logo_jmhu.jpg" alt=3D"=" title=3D""/> ``` And this is the inline image itself: ``` ------=_Part_9_958628515.1502433972518 Content-Type: image/jpeg Content-Transfer-Encoding: base64 Content-Disposition: inline Content-ID: <logo_jmhu.jpg> ``` What's the problem with this e-mail? ieee_logicData control_flow
#5924 Too many public recipients warning: "Send now" does not work. Roundcube 1.3.0. When trying to send email to e.g. 7 "To:" addresses and 1 "Cc:" address, roundcube displays a warning that I should consider using "Bcc:" field instead. There is an option to send the message anyway. However, clicking on "Send now" does not send the message - only the warning window disappears and the user has to click on standard "Send" icon again. ![screenshot from 2017-08-27 18-18-06](https://user-images.githubusercontent.com/937861/29751905-89e0c0ca-8b54-11e7-8229-012c25570c46.png) Expected behaviour: the message should be sent immediately if the user wishes so. ieee_logicData control_flow
#5933 RC 1.3.0 does not write image thumbnails but tries to read them With rc 1.3.0 I get pink rectangles instead of picture thumbnails, with this error in the log: ``` PHP Warning: file_get_contents(/srv/roundcubemail-1.3.0/temp/95b2b487745247921bfbd4779004322e.tmp): failed to open stream: No such file or directory in /srv/roundcubemail-1.3.0/program/steps/mail/get.inc on line 536 ``` With rc 1.2.5 it works fine so this might be a bug. ieee_logicData control_flow
#5941 Race condition when deleting all messages from a mailbox folder After upgrading Roundcube to version 1.3.1, I started noticing an issue when users click the 'delete' button in quick succession to remove all messages from a folder one by one (a popular way to empty the trash folder apparently). After the last email is removed, the preview frame will display a re-render of the entire window content (along with clickable links and all) instead of an empty space. This only happens -- from what I can tell -- if the last 'delete' click comes in before the button gets disabled in the UI. It is hard to reproduce on a fast connection, but it becomes very reproducible on a slower link. Also worth mentioning that I can trigger this with both the new 3-column layout and the traditional desktop layout so it is not layout specific. Older versions did not have this problem. Below is an image which highlights the problem: _(when the mailbox is empty, the right side should be blank)_ ![image](https://user-images.githubusercontent.com/10953134/30146570-0f098698-9356-11e7-841b-e117e80b334c.png) ieee_logicData control_flow
#5950 Error: rewind(): stream does not support seeking rcube_message::get_part_body performs a rewind() on the stream. In the file https://github.com/roundcube/roundcubemail/blob/1.2.6/program/steps/mail/get.inc#L503 a 'php://output' is created, which not supports rewinding. This will trigger an error. Possible solution could be: https://github.com/thephpleague/glide/pull/137/files This part was removed in 1.3 and we are safe. ieee_logicData control_flow
#5957 html not rendering in roundcube system - ubuntu 16.04 php - 7.0.22-0ubuntu0.16.04.1 it's a very straightforward install, no real fancy stuff, but it is not working out of the box, i get basically the 'code' not a rendering of the html. the release indicated by the CHANGELOG is 1.3.1 *plain text works fine ieee_interface structural
#5969 Release 1.3.1 / no cursor in reply window (HTML mode) Hi, In the release 1.2, i had the cursor in the reply window into the HTML editor area but it does'nt work anymore in 1.3.1. The cursor is visible in Text mode reply only. Any suggestion ? Best regards. ieee_logicData control_flow
#5982 COPYUID response can be untagged According to RFC6851, COPYUID can be in an untagged response. However rcube_imap_generic.php parseResult() only parses tagged responses. This is a problem with Cyrus-imapd 3.0.x and Kolab. Example: ```` C: a UID MOVE 42:69 foo S: * OK [COPYUID 432432 42:69 1202:1229] S: * 22 EXPUNGE S: (more expunges) S: a OK Done ```` This COPYUID is not caught by Roundcube, so data['COPYUID'] won't filled in. ieee_logicData control_flow
#5994 External css is ignored When an HTML message contains `<link>` to an external stylesheet, and the message does not contain external images, the link element will be removed. No warning message appears with button to allow external content. It's because only images can be recognized as remote objects in rcube_washtml class. We need the same logic for linked stylesheets. ieee_logicData control_flow
#6004 BUG: Full path to email in global search results RC cutting of path names & not showing full path even in title hint. ![2017-10-19_15-40-32](https://user-images.githubusercontent.com/5313478/31771236-02e528e0-b4e4-11e7-8746-f79d6cc79cac.png) ieee_logicData control_flow
#6007 Removing last subfolder does not hide toggle button ... and the `ul.group` element. ieee_logicData control_flow
#6020 Mailto: links containig "+" sign do not work correctly in html messages Please look at the attached test message: [test.zip](https://github.com/roundcube/roundcubemail/files/1433078/test.zip) It containes the followning link `mailto:[email protected]`, however Roundcube renders it as `mailto:[email protected]`. It's a html message, in case of a plain text message everything works correctly. ieee_logicData control_flow
#6026 File Disclosure Vulnerability There is a zero-day file disclosure vulnerability in the latest version of roundcube webmail which currently is being exploited by hackers to read roundcube's configuration files and steal its database credentials. It requires a valid username/password to login to a roundcube installation. I don't know how exactly should I report the details of this bug. Is there a proper way to privately send the details to roundcube's developers? Can I send the details to hello(at)roundcube(dot)net? ieee_logicData control_flow
#6028 Roundcube mangles non-ASCII characters in HTML links when displaying messages When displaying HTML links in e-mail messages Roundcube incorrectly mangles any non-ASCII characters. Specifically, in our case, we have URLs with cyrillic alphabet paths. For example, http://www.example.com/somepath/ = works ok http://www.example.com/някакъвпът/ = is mangled <img width="827" alt="screenshot" src="https://user-images.githubusercontent.com/16590673/32544870-802d932a-c482-11e7-9743-e428c4ba03ca.png"> We've seen this issue on Roundcube 1.3.1 and 1.3.2. The messages are using UTF8 encoding. We tested this with quoted-printable and base64 encoding, and the issue is the same. Here's a complete sample message: [Test.txt](https://github.com/roundcube/roundcubemail/files/1453520/Test.txt) ieee_logicData control_flow
#6033 Filename to long; Attachment size doesn't show Hello developers, When i try to send some files via email attachment and the filename is to long, it doesnt show what the actual size of the attachment is neither does it show me, what the full filename is. (gets cut off) Example: ![dateiname](https://user-images.githubusercontent.com/33520270/32610996-adae6bfc-c564-11e7-8ca1-e4c2ba62c707.png) Is there a possibility to implement a fix, that shows the size no matter how long the filename is? Thanks in advance il3ctro ieee_logicData control_flow
#6047 Installer DB schema check bug Hello, I am trying to update from 1.2.7 to 1.3.3 nad I have found a strange situation - installer does not check db schema correctly: Steps to reproduce: 1. make a copy of current db used by my prod 1.2.7, database user has rights for **both source and copy database** 2. connect my dev RC 1.2.7 installation to copy db, perform manual files update etc., run installer to check db schema, update to 1.3.3 db => no problem 3. Ok, everything worked, now let's update my production database: create another copy of my prod1.2.7. db. Now I have 3 dbs: original 1.2.7, copy of 1.2.7 as a backup and recently upgraded 1.3.3. used for testing. My db user has rights for each of these dbs. 4. My prod installation config is pointing to original 1.2.7. When I try to check & update db structure using installer (I mean PHP installer application in web broswer), installer do not find any differences in DB. But my prod 1.2.7. does not match 1.3.3. db schema The problem is that my database user can read to more than one databases which contains tables with same names. I have gone thru application, the problematic check is in **rcube_db**, method **list_cols**. Method uses this select: ``` SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 'some_rc_table_name' ``` But this returns columns names of all tables of with provided name from all databases my user has rights for. Installer then compares array of needed columns in table and present columns. using rcube_utils::db_schema_check ``` $diff = array_diff(array_keys($cols), $db_cols); if (!empty($diff)) { $errors[] = "Missing columns in table '$table': " . join(',', $diff); } ``` array $db_cols here contains columns names from not_updated_db.some_rc_table_name backup_db.some_rc_table_name already_updated_db.some_rc_table_name and because of this, the diff condition is not met. If I patch the select to ``` SELECT COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 'some_rc_table_name' AND TABLE_SCHEMA = 'my_roundcube_database_name' ``` everything works as desired - $db_cols contains only columns names from my_roundcube_database_name.some_rc_table_name I have checked installation "how to" - yes there is a sentence saying _create a database with any name you want and grant privileges to a separate database user._ But I thing it is quite ussual to create copy of database for quick recovery in case of failure. I think it would be useful to fetch the used database name to private property in rcube_db and then update the select asi I mentioned above. Sorry for not providing pull request with fix for this, I am not aware of the whole situation in rcube_db that good. ieee_interface structural
#6048 attachment name is broken if it is in utf8 and longer than 24 characters ## attachment name is broken if it is utf8 and longer than 24 characters ### resources > RC v.1.3.1, v.1.3.3 > PHP v.5.6.30 > imap4d (GNU Mailutils) 3.4 ### attached file name expected `абвгдеёжзиклмнопрстуф хцчшщъыьэюя.docx` ### attached file name provided by RC `Ð°Ð±Ð²Ð³Ð´ÐµÑ Ð¶Ð·Ð¸ÐºÐ»Ð¼Ð½Ð¾Ð¿Ñ Ñ Ñ Ñ Ñ Ñ Ñ ÑF#F'F+F_F3F7F;F_¹ ½ .docx` ### RC config `$config['mime_param_folding'] = 1;` ### original message fragment: ``` X-Envelope-Date: Tue Nov 14 09:16:53 2017 X-Envelope-Sender: [email protected] This is a multi-part message in MIME format. --------------5BCCBC62D02AE2E4D591BEA1 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit --------------5BCCBC62D02AE2E4D591BEA1 Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document; name="=?UTF-8?B?0LDQsdCy0LPQtNC10ZHQttC30LjQutC70LzQvdC+0L/RgNGB0YLRg9GE?= =?UTF-8?B?0YXRhtGH0YjRidGK0YvRjNGN0Y7Rjy5kb2N4?=" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename*0*=utf-8''%D0%B0%D0%B1%D0%B2%D0%B3%D0%B4%D0%B5%D1%91%D0%B6%D0%B7; filename*1*=%D0%B8%D0%BA%D0%BB%D0%BC%D0%BD%D0%BE%D0%BF%D1%80%D1%81%D1%82; filename*2*=%D1%83%D1%84%D1%85%D1%86%D1%87%D1%88%D1%89%D1%8A%D1%8B%D1%8C; filename*3*=%D1%8D%D1%8E%D1%8F%2E%64%6F%63%78 UEsDBBQABgAIAAAAIQDfpNJsWgEAACAFAAATAAgCW0NvbnRlbnRfVHlwZXNdLnhtbCCiBAIo oAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ``` ### telnet session fragment ``` A0007 UID FETCH 6 (BODY.PEEK[2.MIME]) * 6 FETCH (UID 6 BODY[2.MIME] {565} Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document; name="=?UTF-8?B?0LDQsdCy0LPQtNC10ZHQttC30LjQutC70LzQvdC+0L/RgNGB0YLRg9GE?= =?UTF-8?B?0YXRhtGH0YjRidGK0YvRjNGN0Y7Rjy5kb2N4?=" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename*0*=utf-8''%D0%B0%D0%B1%D0%B2%D0%B3%D0%B4%D0%B5%D1%91%D0%B6%D0%B7; filename*1*=%D0%B8%D0%BA%D0%BB%D0%BC%D0%BD%D0%BE%D0%BF%D1%80%D1%81%D1%82; filename*2*=%D1%83%D1%84%D1%85%D1%86%D1%87%D1%88%D1%89%D1%8A%D1%8B%D1%8C; filename*3*=%D1%8D%D1%8E%D1%8F%2E%64%6F%63%78 ) A0007 OK UID FETCH Completed A0008 UID FETCH 6 (BODY.PEEK[2]) * 6 FETCH (UID 6 BODY[2] {16196} UEsDBBQABgAIAAAAIQDfpNJsWgEAACAFAAATAAgCW0NvbnRlbnRfVHlwZXNdLnhtbCCiBAIo oAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ``` ### RC debug fragment ``` Nov 15 23:14:58 rc roundcube: <qekqslgo> [2BAC] S: * 6 FETCH (UID 6 BODY[2.MIME] {565} Nov 15 23:14:58 rc roundcube: <qekqslgo> [2BAC] S: Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document;^M name="=?UTF-8?B?0LDQsdCy0LPQtNC10ZHQttC30LjQutC70LzQvdC+0L/RgNGB0YLRg9GE?=^M =?UTF-8?B?0YXRhtGH0YjRidGK0YvRjNGN0Y7Rjy5kb2N4?="^M Content-Transfer-Encoding: base64^M Content-Disposition: attachment;^M filename*0*=utf-8''%D0%B0%D0%B1%D0%B2%D0%B3%D0%B4%D0%B5%D1%91%D0%B6%D0%B7;^M filename*1*=%D0%B8%D0%BA%D0%BB%D0%BC%D0%BD%D0%BE%D0%BF%D1%80%D1%81%D1%82;^M filename*2*=%D1%83%D1%84%D1%85%D1%86%D1%87%D1%88%D1%89%D1%8A%D1%8B%D1%8C;^M filename*3*=%D1%8D%D1%8E%D1%8F%2E%64%6F%63%78^M ^M Nov 15 23:14:58 rc roundcube: <qekqslgo> [2BAC] S: ) Nov 15 23:14:58 rc roundcube: <qekqslgo> [2BAC] S: A0008 OK UID FETCH Completed Nov 15 23:14:58 rc roundcube: <qekqslgo> [2BAC] C: A0009 UID FETCH 6 (BODY.PEEK[2]) Nov 15 23:14:58 rc roundcube: <qekqslgo> [2BAC] S: * 6 FETCH (UID 6 BODY[2] {16196} Nov 15 23:14:58 rc roundcube: <qekqslgo> [2BAC] S: UEsDBBQABgAIAAAAIQDfpNJsWgEAACAFAAATAAgCW0NvbnRlbnRfVHlwZXNdLnhtbCCiBAIo ``` ### miscelaneous uudeview decodes correctly ``` uudeview 1510651013.M946286P86037Q0.relay.xx\:2,RS Loaded from 1510651013.M946286P86037Q0.relay.xx:2,RS: 'test' (test): абвгдеёжзиклмнопрстуф хцчшщъыьэюя.docx part 1 Base64 Found 'абвгдеёжзиклмнопрстуф хцчшщъыьэюя.docx' State 16 Base64 Parts 1 OK -rw-r--r-- абвгдеёжзиклмнопрстуф хцчшщъыьэюя.docx is OK [d] (?=help) ``` ieee_logicData control_flow
#6058 PHP-LDAP binding missing in Docker image? Hi, when including a LDAP address book in Roundcube in latest Docker image with version 1.3.2 I get this error in the log: `[Fri Nov 24 13:55:10.631467 2017] [php7:error] [pid 22] [client 172.17.0.1:57562] PHP Fatal error: Uncaught Error: Call to undefined function ldap_set_option() in /var/www/html/vendor/kolab/net_ldap3/lib/Net/LDAP3.php:1934\nStack trace:\n#0 /var/www/html/vendor/kolab/net_ldap3/lib/Net/LDAP3.php(570): Net_LDAP3->config_set_debug(false)\n#1 /var/www/html/vendor/kolab/net_ldap3/lib/Net/LDAP3.php(561): Net_LDAP3->config_set('debug', false)\n#2 /var/www/html/program/lib/Roundcube/rcube_ldap.php(251): Net_LDAP3->config_set(Array)\n#3 /var/www/html/program/include/rcmail.php(218): rcube_ldap->__construct(Array, false, 'ifw-dresden.de')\n#4 /var/www/html/program/steps/mail/autocomplete.inc(69): rcmail->get_address_book('IFW')\n#5 /var/www/html/index.php(303): include_once('/var/www/html/p...')\n#6 {main}\n thrown in /var/www/html/vendor/kolab/net_ldap3/lib/Net/LDAP3.php on line 1934, referer: https://webmail2.ifw-dresden.de/?_task=mail&_action=compose&_id=5455091075a1824b57d6b4` Looks like some PHP-LDAP binding is missing there? ieee_otherBuildConfigInstall non_functional
#6084 Any value of address field in advanced contact search return all contacts from ldap Hi. In Address book go to advanced search. Fill only address field with any value and click search. Return all contacts from all user address books. Roundcube version: 1.3.1 ieee_logicData control_flow
#6097 Error in Initialization script for MSSQL In mssql.initial.sql, on line 225 there is a comma at the end of the line that causes an error. This is with RoundCube version 1.3.3. ieee_syntax control_flow
#6098 PHP 7.2: count(): Parameter must be an array or an object that implements Countable Hello! RELEASE 1.3.3. I have the following warnings in the log: Dec 19 16:04:38 mail roundcube[2174]: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /srv/www/mydomain.tld/roundcubemail/vendor/pear/mail_mime/Mail/mimePart.php on line 314 Dec 19 17:21:17 mail roundcube[2188]: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /srv/www/mydomain.tld/roundcubemail/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php on line 1435 Dec 19 17:21:17 mail roundcube[2188]: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /srv/www/mydomain.tld/roundcubemail/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php on line 1534 Dec 19 17:21:17 mail roundcube[2188]: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /srv/www/mydomain.tld/roundcubemail/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php on line 1938 Dec 19 17:24:43 mail roundcube[2185]: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /srv/www/mydomain.tld/roundcubemail/program/steps/mail/move_del.inc on line 47 Dec 19 17:25:02 mail roundcube[2184]: PHP Warning: count(): Parameter must be an array or an object that implements Countable in /srv/www/mydomain.tld/roundcubemail/program/steps/mail/move_del.inc on line 78 One issue I've already fixed with #5845 fix. ieee_logicData control_flow
#6103 Export selected contact only exports the first 10 Hello, In 1.2.4, the export selected contacts feature of the address book only exports the first ten selected contacts. Screencast available here : https://vimeo.com/248124644 ieee_logicData control_flow
#6125 identities leak Today I came accross issue, when there were problem in postgres database: Newly created user on roundcube should have same ID as allready created one (my own problem with wrongly configured sequence). Since no new user record can be created, error was logged, but I was unable to send email (failed authentication agains mail server). So far so good. But in Settings->Profiles (/?_task=settings&_action=identities) they`re were visible identities of other users, not only mine created. `DETAIL: Key (user_id)=(1476) already exists. (SQL Query: INSERT INTO "users" (" created","last_login","username","mail_host","language") VALUES (now(), now( ), '[email protected]', 'mailboy.xxx.cz', 'cs_CZ')) in /opt/roundcube /program/lib/Roundcube/rcube_db.php on line 543 (POST /?_task=login&_action=logi n)` Issue was resolved by manually altering sequence number. But Roundcube should not allow user to log-in if no user data can be correctly inserted into database. ieee_interface structural
#6130 Contact search can skip some records Create two contacts "John Doe" and "Jane Doe" with no email addresses. Then search for "Doe". See that the result contains only one record. Problem is in rcube_addressbook::compose_contact_key(), which does not produce unique keys. ieee_logicData control_flow
#6147 Docker ROUNDCUBEMAIL_DB_TYPE not properly managed The Docker environment parameter `ROUNDCUBEMAIL_DB_TYPE` does not work as described. The value of `ROUNDCUBEMAIL_DB_TYPE` is actually never read to define the content of `db_dsnw`. For instance, consider the following docker-compose: ```yml version: '2' services: roundcubedb: image: postgres:10-alpine container_name: roundcubedb environment: - POSTGRES_DB=roundcubedb - POSTGRES_USER=roundcube - POSTGRES_PASSWORD=roundcube roundcube: image: roundcube/roundcubemail:elastic container_name: roundcube links: - roundcubedb environment: - ROUNDCUBEMAIL_DB_TYPE=pgsql - ROUNDCUBEMAIL_DB_HOST=roundcubedb - ROUNDCUBEMAIL_DB_NAME=roundcubedb - ROUNDCUBEMAIL_DB_USER=roundcube - ROUNDCUBEMAIL_DB_PASSWORD=roundcube #... ``` Here is the extract of `config.inc.php` generated on first startup: ```php <?php $config['db_dsnw'] = 'pgsql:////var/www/html/db/roundcubedb.db?mode=0646'; $config['db_dsnr'] = ''; ``` So not what I would expect... For those who might encounter this issue, note that there is a workaround. It is possible to trigger the appropriate database connection string generation by adding a `POSTGRES_ENV_POSTGRES_SOMETHING`. For instance, the following actually generates a valid config: ```yml version: '2' services: roundcubedb: image: postgres:10-alpine container_name: roundcubedb environment: - POSTGRES_DB=roundcubedb - POSTGRES_USER=roundcube - POSTGRES_PASSWORD=roundcube roundcube: image: roundcube/roundcubemail:elastic container_name: roundcube links: - roundcubedb environment: - ROUNDCUBEMAIL_DB_TYPE=pgsql - ROUNDCUBEMAIL_DB_HOST=roundcubedb - ROUNDCUBEMAIL_DB_NAME=roundcubedb - ROUNDCUBEMAIL_DB_USER=roundcube - ROUNDCUBEMAIL_DB_PASSWORD=roundcube # Here is the trick - POSTGRES_ENV_POSTGRES_ENABLED=TRUE #... ``` Result: ```php <?php $config['db_dsnw'] = 'pgsql://roundcube:roundcube@roundcubedb/roundcubedb'; $config['db_dsnr'] = ''; ``` The error comes from https://github.com/roundcube/roundcubemail/blob/master/docker/docker-entrypoint.sh#L18 I'm guessing it must _work_ with a link to MySQL container because the roundcube container can somehow see some `MYSQL_ENV_MYSQL_*` variables inside the MySQL container, am I right ? I would prefer if the `ROUNDCUBEMAIL_DB_TYPE` value was the trigger instead of using some external environment variables. This would allow the container to work with an existing database on a different server and makes much more sense to me. @thomascube, @J0WI: your thoughts ? I do not mind helping to fix this if you guys do not have the time. ieee_otherBuildConfigInstall non_functional
#6148 Permission denied on sql log file with Docker image After running docker image with Postgre (and `debug_level`= 4), I got the following error after login: ``` Warning: file_put_contents(/var/log/roundcubemail/sql.log): failed to open stream: Permission denied in /var/www/html/program/lib/Roundcube/rcube.php on line 1267 ``` ieee_otherBuildConfigInstall non_functional
#6166 RCM 1.3.4 Installer: Duplicated labels in Test SMTP Config section I face minor problem with installer 1.3.4. On Test config page, under 'Test SMTP Config', there's Sender, Recipient,Sender & Recipient. For the previous version, it's Username, password, sender & recipient. Thanks. ieee_otherBuildConfigInstall non_functional
#6169 PHP Warning: exif_read_data(...): Illegal IFD size Hi, I have several errors in the logs, with the information below. I have RC 1.3.4. It's running in PHP 7.1.13 === Feb 9 10:52:03 fastweb roundcube: PHP Warning: exif_read_data(2056e7578723a659a35fbc5ee171b0e8.tmp): Illegal IFD size in /home/hosting/dhosting/webmail/program/lib/Roundcube/rcube_image.php on line 261 Feb 9 10:52:03 fastweb roundcube: PHP Stack trace: Feb 9 10:52:03 fastweb roundcube: PHP 1. {main}() /home/hosting/dhosting/webmail/index.php:0 Feb 9 10:52:03 fastweb roundcube: PHP 2. include_once() /home/hosting/dhosting/webmail/index.php:303 Feb 9 10:52:03 fastweb roundcube: PHP 3. rcube_image->resize() /home/hosting/dhosting/webmail/program/steps/mail/get.inc:88 Feb 9 10:52:03 fastweb roundcube: PHP 4. exif_read_data() /home/hosting/dhosting/webmail/program/lib/Roundcube/rcube_image.php:261 ieee_syntax control_flow
#6177 Upload progress + PHP 7.2 Hello. What is the current way to enable upload progress in RC+PHP 7.2; uploadprogress pecl extension does not compile anymore. Found one that claims it works (https://github.com/Jan-E/uploadprogress), it compiles fine but RC does not attach files, it produces an error. RC = 1.3.2 Thanks ieee_interface structural
#6178 HTML Backchannels in Roundcube Bypass Remote Content Blocking In the scope of academic research within the efail project, in cooperation with Ruhr-University Bochum and FH Münster, Germany we systematically analyzed Roundcube for `web bugs' and other backchannels which have an impact on the user's privacy. The results are as follows. *Introduction* It is well known that spammers abuse `web bugs' -- 1x1 pixel images in HTML emails -- to track if their mails to a certain address are actually read. To respect the privacy of their customers most email clients, by default, block external content. However, we found bypasses for remote content blocking in Roundcube. *The Impact* The issue allows the sender of an email to leak information such as: - if and when the mail has been read - user's mail client and OS (via HTTP headers) - the number of users on a non-public mailing list *The Bypasses* The following bypasses to remote content blocking have been found: ``` <image src="http://attacker.com"> ``` ``` <style>body {background-image: \75 \72 \6C ('http://attacker.com');}</style> ``` (Credits for this one go to https://github.com/cure53/HTTPLeaks/) ieee_logicData control_flow
#6186 Composer dependencies: endroid/qrcode is abandoned As per title: > - Installing endroid/qrcode (1.6.6): Loading from cache > Package endroid/qrcode is abandoned, you should avoid using it. Use endroid/qr-code instead. ieee_otherBuildConfigInstall non_functional
#6200 mysql Foreign key constraint is incorrectly formed in 2018021600 update running MariaDB 10.1 trying to apply the latest mysql update file generates error 'Foreign key constraint is incorrectly formed'. Changing the line `` `user_id` int(10) NOT NULL,`` to `` `user_id` int(10) UNSIGNED NOT NULL,`` solves it. ieee_interface structural
#6207 whу _mbox no strip_tags? https://github.com/roundcube/roundcubemail/blob/981cd8726d296e941a6a1e913ea7abf2594ada48/program/steps/mail/func.inc#L166 Hello, why not strip_tags get param '_mbox' ? if sent `/?_task=mail&_fra"med=2&_action=get&_mbox=<!--%20xxx><script>` it's commenting all page. ieee_logicData control_flow
#6212 unix timestamp format not handled correctly by rcube_utils::anytodatetime() For example 1520587800 is converted to 7800-03-09 15:20. ieee_logicData control_flow
#6216 Handle dates with RFC comments Sometimes Date header of incoming messages contains RFC 2821 comment at the end. For example Date header may look: "Date: Sun, 4 Mar 2018 03:32:08 +0300 (MSK)" The string "(MSK)" is comment here, and must be ignored by parser. But actually it is not ignored, and lead to wrong timezone detection. The function clean_datestr removes parenheses from comment, and then PHP function strtotime wrongly interpret this string. I prepared patch which fixes it: [rc_datehandle.zip](https://github.com/roundcube/roundcubemail/files/1822347/rc_datehandle.zip) Additionally this patch fixes two more issues: - date string can contain dots in some locales, so I added dot to valid characters list, - clean_datestr removed weekdays from date string without comma after them, I fixed this. Not sure, is it necessary to remove weekdays from date string, PHP (at least 7.1) can interpret strings with and without weekdays... ieee_logicData control_flow
#6224 Problem with login for users with special usernames Hello, since our upgrade from RC 1.3.3. to RC 1.3.5. some users can't login to Roundcube anymore. The issue affects only users with a username with an combination like ".-". For example usernames like "d.-h.lastname". I tried it also with all plugins disabled. There is **no notification** in error or imap log like "IMAP Error: Login failed for xxx". Maybe you can reproduce the issue or give me a hint on how to generate a log message. ieee_logicData control_flow
#6229 MX injection and type juggling vulnerabilities Hello, I'm here to report two vulnerabilities I have found while doing research on Roundcube 1.3.4, which are also present in your last release [1.3.5](https://github.com/roundcube/roundcubemail/releases/download/1.3.5/roundcubemail-1.3.5-complete.tar.gz). This two bugs are **not** exploitable in the wild, at least to my current knowledge; nonetheless fixing them should be a priority of yours because they could be chained with other minor stuff and then become exploitable in a realistic, attacker-pov efficient way. Plus, with the ongoing grow of this project you may introduce features that could be used to leverage this stuff. Since the bugs are not so easy to spot, especially the mx injection, I'll now try to explain myself in the clearest way possible, the code I'll refer to it's the 1.3.5. I'll conclude with a brief summary. **MX Injection** On function **archive.php:move_messages()** we have: <img width="817" alt="schermata 2018-03-28 alle 05 13 23" src="https://user-images.githubusercontent.com/8234144/38006857-12628354-3247-11e8-8cb6-8c1f2ef503ec.png"> A little bit of context: - rcmail::get_uids inside the foreach cycle it's responsible to get $mbox from $uids which is passed via POST (line 132) (but anyway passing them by GET will work too); if provided with a format like ID-MBOX it will split the thing and have $uids =array(ID) and $mbox ="MBOX"; Fine. - The first IF and ELSE IF (line 153 and 157) set our prerequisite to exploit the bug: the archive folder has to be set, and the archive_type must be set and be different from "folder" that's because the function move_messages_worker() (line 168) do his job right: will call archive.php:move_messages_worker() which will call rcube_imap.php:move_message() which will call rcube_storage.php:parse_uids() which sanitize $uids. The problem lies in that else branch (archive.php line 170): - **line 176** _archive.php:move_messages()_ calls fetch_headers($mbox, $uids); - **line 1235** _rcube_imap.php:fetch_headers()_ calls fetchHeaders($folder,$msgs) where $folder is $mbox and $msgs is $uids - **line 2600** _rcube_imap_generic.php:fetchHeaders()_ calls fetch($mailbox, $message_set, $is_uid, $query_items); - rcube_imap_generic.php:fetch() it's a core function used everywhere for doing is job: fetching things. <img width="893" alt="schermata 2018-03-28 alle 05 36 21" src="https://user-images.githubusercontent.com/8234144/38007501-0125cdfa-324a-11e8-9bca-b8447d74679e.png"> On **line 2360** $mailbox it's checked and the function returns false, so the attacker can't exploit that but, no check are done on $message_set which, still, is our user-controlled input which will end in - **line 2369** - the command to the MX server causing an MX injection. **PHP Type Juggling** This is far more easy to spot and straightforward, few words: on _rcube.php:check_request()_ we have <img width="950" alt="schermata 2018-03-28 alle 05 50 54" src="https://user-images.githubusercontent.com/8234144/38007921-2ee2d57e-324c-11e8-81f2-ef83d888583e.png"> as you can see every check it's performed just with the == operator which is a loose not strict operator. This is not exploitable right now, and it's just a theorical bug, because you just use HTTP Paramaters which are strings, not typed but if you'll introduce JSON then this will become easily exploitable and will cause a CSRF bypass. `php > var_dump("84829randomstring-csrfs9499" == TRUE); bool(true) php > var_dump("84829randomstring-csrfs9499" === TRUE); bool(false) ` Nonetheless as I said in my introduction you should fix this: what if I opened a "JSON for post parameters" request as a feature request? I hope I made myself enough clear, if you need more explanation: I am willing to help. When you fix this I'd like to write and publish a technical blog post about my findings ( the mx injection it's quite hided and nice, I think) - if that's okay with you. PS: I think this issue should be private, not familiar with github if that's possible maybe we should do that. ieee_logicData control_flow
#6234 PHP 7.2: count(): Parameter must be an array or an object that implements Countable in program/lib/Roundcube/rcube_spellcheck_enchant.php on line 104 Getting the following error: `[Tue Apr 03 13:39:36.280767 2018] PHP Warning: count(): Parameter must be an array or an object that implements Countable in program/lib/Roundcube/rcube_spellcheck_enchant.php on line 104` PHP 7.2 All dependencies installed Roundcube 1.3.5 ieee_logicData control_flow
#6235 Problem with <mark all as read> menu 1. when try to mark all messages in folder as read by <Mark all as read> in drop down menu, i've got an error: C: A0004 UID STORE INVALID +FLAGS.SILENT (\Seen) S: A0004 BAD Error in IMAP command UID STORE: Invalid uidset (0.001 + 0.000 secs). appears after commit "Fix possible IMAP command injection and type juggling vulnerabilities (#6229)" 2. if we have unread messages in more than one folder, pressing <Mark> in drop down menu has no effect. ieee_logicData control_flow
#6238 check_request() bypass in archive plugin As explained in my last comment on #6229 (which I'm going to quote): > in archive.php:135 "_uids" it's taken via POST so it seems that you cannot exploit this since you'll end with check_request() checking for a token. But it's not like this. In archive.php:156 there's a call to rcmail::get_uids() which get "_uids" again BUT with INPUT_GPC. So after line 156 our _uids passed from GET it's injected. This by passes check_request: cause a request to ?_task=mail&_mbox=INBOX&_action=plugin.move2archive&_uid=exploit it's considered a post, with empty $_POST. Which means that in versions previous to the archive.php:move_messages() first check for ajax requests this it's exploitable by just tricking the victim with clicking and/or a simple html page. Posterior version may be more difficult to exploit due to same origin policy. I tested this on roundcube 1.2.0 and a simple `?_task=mail&_mbox=INBOX&_action=plugin.move2archive&_uid=255%20BODY[HEADER]%0d%0aA0006%20CREATE%20%22hacked5%22%0d%0aA0007%20UID%20FETCH%20255` works flawless. On more recent versions like 1.3.4-5 SOP kick-in but if it's somehow respected or bypassed then the same exploit works (will return a File not Found template, nonetheless code'll be executed). PS: I'd like to publish an advisory on packetstorm about the whole thing, are you going to push out 1.3.6 anytime soon? It's okay for you if I go public prior to 1.3.6? ieee_logicData control_flow
#6244 PHP Warning: Use of undefined constant IDNA_DEFAULT My configuration: PHP-7.2.4 Roundcube-1.3.6 After updating Roundcube 1.3.5 -> 1.3.6 in mailog the message appears: > Apr 12 09:58:14 mail roundcube: PHP Warning: Use of undefined constant IDNA_DEFAULT - assumed 'IDNA_DEFAULT' (this will throw an Error in a future version of PHP) in /var/www/htdocs/roundcube/program/lib/Roundcube/rcube_utils.php on line 908 ieee_logicData control_flow
#6283 Elastic: Interface "jump" after folder rename The folder manager interface becomes moved/broken after renaming a folder. ieee_interface structural
#6291 Regression: Some non-inline attachments could be ignored After #5905 real attachments with Content-ID or Content-Location specified will not be listed on the attachments list. We should give more prio to `Content-Disposition: attachment` if specified too. Example: ``` Content-Type: image/png; name="0c79af92.png" Content-Disposition: attachment; filename="0c79af92.png"; size=6956; creation-date="Wed, 16 May 2018 15:28:54 GMT"; modification-date="Wed, 16 May 2018 15:28:54 GMT" Content-ID: <[email protected]> Content-Transfer-Encoding: base64 ``` ieee_logicData control_flow
#6299 Cyrillic names in addressbook after windows update (RC 1.3.6) Hello, my installation is: > Apache/2.4.33 (Win64) OpenSSL/1.0.2o PHP/7.2.5 > libmysql - mysqlnd 5.0.12-dev - 20150407 > mysqli,curl, mbstring,intl After last update windows 10 to 1803 (biuld 17134.48) i have problem with addressbook. All contacts in list shown as empty lines (red line). ![image](https://user-images.githubusercontent.com/20423457/40296199-aba11b4e-5ce4-11e8-9213-780685594dc2.png) If i'll try to add new contact with cyrillic letters - in error log i getting DB Error(( ![image](https://user-images.githubusercontent.com/20423457/40296224-b564c914-5ce4-11e8-870c-f72af79d2a08.png) In MySQL DB `contacts`everything is fine - cyrillic is cyrillic. ![image](https://user-images.githubusercontent.com/20423457/40296236-bbe023b0-5ce4-11e8-8b07-000dfca80385.png) I've tried to rollback apache to 2.4.20, php to 7.0, rouncube to 1.30 and everywhere i have same problem. Any ideas? Temporary resolve for this problem: /program/include/rcmail.php replace line 181 > setlocale(LC_ALL, $lang . '.utf8', $lang . '.UTF-8', 'en_US.utf8', 'en_US.UTF-8'); to > setlocale(LC_ALL, 'ru_RU.CP1251', 'rus_RUS.CP1251'); But i think it's no good( ieee_logicData control_flow
#6307 global "mark all folders as read" does not update folder unread messages count label #6270 described in #6270 Seems this happens for any folder except INBOX. Can be reproduced in that way: mark some messages as unread in any other folder (tmp), log out, log in, select another folder (arch), mark all messages as read, and for (tmp) folder count label is not updated. RCM git, only contextmenu plugin is enabled. ieee_logicData control_flow
#6308 rcube_imap_generic::authenticate incorrect SASL GSSAPI negotiation I was setting up Roundcube to proxy Kerberos credentials to a Cyrus IMAP server and noticed that the `authenticate` method in `rcube_imap_generic` has a bug in the SASL GSSAPI negotiation. In the second part of the negotiation, the current code receives a token from the server (`$challenge`) and sends the content of that token back as-is. However, this token is not (only) a challenge but indicates the server's supported SASL security layers. Instead of echoing back the payload, the client must construct its own proposal and send that. The current code works if the server doesn't support SASL security layers, in which case the proposals will be identical. However, Cyrus products support SASL encryption and integrity layers and get confused when the client tells them that it wants both encryption and no-encryption. The attached patch against 1.3.6 fixes this. It should follow RFC 4752, but I don't have anything besides Cyrus to test this with. Looks like the recent managasieve support in `master` contains the same issue. I can probably put together a PR against `master` later if this fix looks reasonable, though I'm running release code myself. I also added error checking of `krb5` function call results, since they don't raise exceptions in most cases. ``` --- roundcubemail-1.3.6/program/lib/Roundcube/rcube_imap_generic.php 2018-04-11 14:13:47.000000000 +0300 +++ rcube_imap_generic.php 2018-05-26 23:57:01.024375880 +0300 @@ -636,6 +636,9 @@ $token = ''; $success = $gssapicontext->initSecContext($this->prefs['gssapi_context'], null, null, null, $token); + if (!$success) + throw new Exception("GSSAPI security context init failed"); + $token = base64_encode($token); } catch (Exception $e) { @@ -652,9 +655,26 @@ } try { - $challenge = base64_decode(substr($line, 2)); - $gssapicontext->unwrap($challenge, $challenge); - $gssapicontext->wrap($challenge, $challenge, true); + // Input token is the SASL layers supported by the server. + // See RFC 4752 section 3.1. + $itoken = base64_decode(substr($line, 2)); + if (!$gssapicontext->unwrap($itoken, $itoken)) + throw new Exception('GSSAPI SASL input token unwrap failed'); + + if (strlen($itoken) < 4) + throw new Exception('GSSAPI SASL input token invalid'); + $server_layers = ord($itoken[0]); + // Integrity/encryption layers are not supported. The first bit + // indicates that the server supports "no security layers". + // 0x00 should not occur, but support broken implementations. + if ($server_layers != 0 && ($server_layers & 0x1) != 0x1) + throw new Exception('Server requires GSSAPI SASL integrity/encryption'); + + // Construct output token. 0x01 in the first octet = SASL layer "none", + // zero in the following three octets = no data follows. + // See https://github.com/cyrusimap/cyrus-sasl/blob/e41cfb986c1b1935770de554872247453fdbb079/plugins/gssapi.c#L1284 + if (!$gssapicontext->wrap(pack("CCCC", 0x1, 0, 0, 0), $otoken, true)) + throw new Exception('GSSAPI SASL output token wrap failed'); } catch (Exception $e) { trigger_error($e->getMessage(), E_USER_WARNING); @@ -662,7 +682,7 @@ return self::ERROR_BAD; } - $this->putLine(base64_encode($challenge)); + $this->putLine(base64_encode($otoken)); $line = $this->readReply(); $result = $this->parseResult($line); ``` ieee_logicData control_flow
#6321 Improper line break when showing attachment size RoundCube v1.3.6 Improper line break when showing attachment size on message preview pane. ![file_size_text_wrap](https://user-images.githubusercontent.com/18398998/41195352-3e7587d0-6c34-11e8-908f-48d5ead71c7e.png) ieee_logicData control_flow
#6333 Roundcoube (1.3.6) displaying "=>" when in comment line within HTML mail When there's a "=>" included in a comment within an HTML mail, roundcube is displaying "=>" and some more text after that in the normal view. ![bug_roundcube_mm_02](https://user-images.githubusercontent.com/10323208/41772394-c7099468-7618-11e8-9713-cf8ba956b221.png) ![bug_roundcube_mm_01](https://user-images.githubusercontent.com/10323208/41772395-c72c26d6-7618-11e8-8423-c8e97f1f35d5.png) ieee_logicData control_flow
#6345 Elastic: search dialog is not always closed after search If search dialog is opened, it's closed only if start search clicking on Search button If messages are found, it's still opened and hide message list. If selecting another folder or clicking on the screen it's still opened. RCM git, only contextmenu plugin. ieee_logicData control_flow
#6346 Elastic: search sope selection is not working. If select 'this and subfolders' or 'all' for search, search is still done in current folder. RCM git, only contextmenu plugin, firefox for win ieee_logicData control_flow
#6349 Elastic: collapsed folder does not indicate unread messages inside Collapsed folder does not became bold (as larry or classic), or dos not show unread count label if sub-folders have unread messages. RCM git, only contextmenu plugin. ieee_logicData control_flow
#6362 Cosmetic: Database error shows in wrong layout If the database is not available or wrongly configured it shows the error message as part of the default userinterface instead of the login script (opening the page the first time) ![image](https://user-images.githubusercontent.com/1497730/43258658-d0bc0ff6-90d3-11e8-98f5-e0aa36d75bed.png) ieee_interface structural
#6374 1.3.7 rcube_imap_generic::getQuota array_chunk() expects parameter 1 to be array, null given RC 1.3.7 improvement Warning messages: PHP message: PHP Warning: array_chunk() expects parameter 1 to be array, null given in /var/www/(REMOVED)/program/lib/Roundcube/rcube_imap_generic.php on line 3129 PHP message: PHP Warning: Invalid argument supplied for foreach() in /var/www/(REMOVED)/program/lib/Roundcube/rcube_imap_generic.php on line 3129 thrown when "no" quotas set: ``` C: a3 GETQUOTAROOT INBOX S: * QUOTAROOT "INBOX" "ROOT" S: * QUOTA "ROOT" S: a3 OK GETQUOTAROOT Ok. ``` quick fix check if $quotas is empty: ``` --- roundcubemail-1.3.7/program/lib/Roundcube/rcube_imap_generic.php 2018-07-29 22:04:48.000000000 +0200 +++ program/lib/Roundcube/rcube_imap_generic.php 2018-08-04 13:06:22.138743417 +0200 @@ -3126,6 +3126,9 @@ list(, , $quota_root) = $this->tokenizeResponse($line, 3); $quotas = $this->tokenizeResponse($line, 1); + if(empty($quotas)) { + continue; + } foreach (array_chunk($quotas, 3) as $quota) { list($type, $used, $total) = $quota; $type = strtolower($type); ``` ieee_syntax control_flow
#6376 Elastic: Menu options "Settings" and "About" are overlapping Menu options "Settings" and "About" (German: "Einstellungen" and "Über") are overlapping, especially when doing a "on mouse over" with the mouse pointer: ![image](https://user-images.githubusercontent.com/10982488/43679487-273b77be-9826-11e8-9063-c4b2e30c2c17.png) Used version(s): roundcubemail-plugin-kolab_activesync-skin-elastic-3.4-39.4.el7.kolab_wf.noarch roundcubemail-plugin-acl-skin-elastic-1.4-47.4.el7.kolab_wf.noarch roundcubemail-plugin-libkolab-skin-elastic-assets-3.4-39.4.el7.kolab_wf.noarch roundcubemail-plugin-jqueryui-skin-elastic-1.4-47.4.el7.kolab_wf.noarch roundcubemail-plugin-kolab_tags-skin-elastic-3.4-39.4.el7.kolab_wf.noarch roundcubemail-plugin-calendar-skin-elastic-assets-3.4-39.4.el7.kolab_wf.noarch roundcubemail-plugin-kolab_activesync-skin-elastic-assets-3.4-39.4.el7.kolab_wf.noarch roundcubemail-plugin-kolab_files-skin-elastic-assets-3.4-39.4.el7.kolab_wf.noarch roundcubemail-plugin-managesieve-skin-elastic-assets-1.4-47.4.el7.kolab_wf.noarch roundcubemail-plugin-kolab_notes-skin-elastic-assets-3.4-39.4.el7.kolab_wf.noarch roundcubemail-plugin-tasklist-skin-elastic-3.4-39.4.el7.kolab_wf.noarch roundcubemail-plugin-kolab_tags-skin-elastic-assets-3.4-39.4.el7.kolab_wf.noarch roundcubemail-plugin-kolab_delegation-skin-elastic-assets-3.4-39.4.el7.kolab_wf.noarch roundcubemail-plugin-acl-skin-elastic-assets-1.4-47.4.el7.kolab_wf.noarch roundcubemail-plugin-kolab_delegation-skin-elastic-3.4-39.4.el7.kolab_wf.noarch roundcubemail-plugin-kolab_addressbook-skin-elastic-3.4-39.4.el7.kolab_wf.noarch roundcubemail-plugin-managesieve-skin-elastic-1.4-47.4.el7.kolab_wf.noarch roundcubemail-plugin-kolab_files-skin-elastic-3.4-39.4.el7.kolab_wf.noarch roundcubemail-skin-elastic-assets-1.4-47.4.el7.kolab_wf.noarch roundcubemail-skin-elastic-1.4-47.4.el7.kolab_wf.noarch roundcubemail-plugin-libkolab-skin-elastic-3.4-39.4.el7.kolab_wf.noarch roundcubemail-plugin-calendar-skin-elastic-3.4-39.4.el7.kolab_wf.noarch roundcubemail-plugin-kolab_notes-skin-elastic-3.4-39.4.el7.kolab_wf.noarch roundcubemail-plugin-kolab_addressbook-skin-elastic-assets-3.4-39.4.el7.kolab_wf.noarch roundcubemail-plugin-tasklist-skin-elastic-assets-3.4-39.4.el7.kolab_wf.noarch roundcubemail-plugin-jqueryui-skin-elastic-assets-1.4-47.4.el7.kolab_wf.noarch ieee_logicData control_flow
#6383 BINARY vs BODY and "invalid" messages Roundcube uses `BINARY.PEEK` whenever possible, however this prevents the display of broken mails, that usually work with `BODY.PEEK` `BINARY.PEEK` returns `UID NO [PARSE] Invalid data in MIME part (0.012 + 0.000 + 0.011 secs)` whereas `BODY.PEEK` returns the mail body. Perhaps add a fallback to `BODY.PEEK` if `BINARY.PEEK` fails? ieee_logicData control_flow
#6398 invalid range in character class at offset 74 Hi All, I use latest roundcube, php73 on LEMP stack. When I started to write destination email address I saw in logs next message: 2018/08/19 00:09:59 [error] 8288#0: *111 FastCGI sent in stderr: "racter class at offset 71 in /usr/share/roundcubemail/program/lib/Roundcube/rcube_vcard.php on line 547PHP message: PHP Warning: preg_replace_callback(): Compilation failed: invalid range in character class at offset 74 in /usr/share/roundcubemail/program/lib/Roundcube/rcube_vcard.php on line 530PHP message: PHP Warning: preg_replace(): Compilation failed: invalid range in character class at offset 71 in /usr/share/roundcubemail/program/lib/Roundcube/rcube_vcard.php on line 547PHP message: PHP Warning: preg_replace_callback(): Compilation failed: invalid range in character class at offset 74 in /usr/share/roundcubemail/program/lib/Roundcube/rcube_vcard.php on line 530PHP message: PHP Warning: preg_replace(): Compilation failed: invalid range in character class at offset 71 in /usr/share/roundcubemail/program/lib/Roundcube/rcube_vcard.php on line 547PHP message: PHP Warning: preg_replace_callback(): Compilation failed: in2018/08/19 00:18:51 [error] 8290#0: *129 FastCGI sent in stderr: "PHP message: PHP Warning: preg_replace_callback(): Compilation failed: invalid range in character class at offset 74 in /usr/share/roundcubemail/program/lib/Roundcube/rcube_vcard.php on line 530PHP message: PHP Warning: preg_replace(): Compilation failed: invalid range in character class at offset 71 in /usr/share/roundcubemail/program/lib/Roundcube/rcube_vcard.php on line 547PHP message: PHP Warning: preg_replace_callback(): Compilation failed: invalid range in character class at offset 74 in /usr/share/roundcubemail/program/lib/Roundcube/rcube_vcard.php on line 530PHP message: PHP Warning: preg_replace(): Compilation failed: invalid range in character class at offset 71 in /usr/share/roundcubemail/program/lib/Roundcube/rcube_vcard.php on line 547PHP message: PHP Warning: preg_replace_callback(): Compilation failed: invalid range in character class at offset 74 in /usr/share/roundcubemail/program/lib/Roundcube/rcube_vcard.php on line 530PHP message: PHP Warning: preg_replace(): Compilation failed: invalid range in character class at offset 71 in /usr/share/roundcubemail/program/lib/Roundcube/rcube_vcard.php on line 547PHP message: PHP Warning: preg_replace_callback(): Compilation failed: invalid range in character class at offset 74 in /usr/share/roundcubemail/program/lib/Roundcube/rcube_vcard.php on line 530PHP message: PHP Warning: preg_replace(): Compilation failed: invalid range in character class at offset 71 in /usr/share/roundcubemail/program/lib/Roundcube/rcube_vcard.php on line 547PHP message: PHP Warning: preg_replace_callback(): Compilation failed: invalid range in character class at offset 74 in /usr/share/roundcubemail/program/lib/Roundcube/rcube_vcard.php on line 530PHP message: PHP Warning: preg_replace(): Compilation failed: invalid range in character class at offset 71 in /usr/share/roundcubemail/program/lib/Roundcube/rcube_vcard.php on line 547PHP message: PHP Warning: preg_replace_callback(): Compilation failed: inva ieee_logicData control_flow
#6410 Cross-site Scripting issue in email attachments The following code (when added as a HTML email attachment and opened) triggers an alert box. `<html><svg><style><//><body onload=alert(1)>` A more sinister example: `<html><svg><style><//><body onload=top.location='http://localhost'>` Tested with: 1. Roundcube Webmail 1.3.7 2. Firefox 3. Chromium ieee_interface control_flow
#6415 Elastic: folder select menu is not closed after selection (iPad) If no message is selected and we try to select another folder, it's selected (message Loading), but folders list is not closed and to see messages list we have to close it manually. It only happens if no message is selected before new folder select. RCM git, contextmenu plugin. iPad, ios 11.4.1, safari or firefox. ieee_logicData control_flow
#6424 Elastic: bad logo appearance on login screen I have just set up Elastic with 1.4 beta and it looks great, thanks for this! Only problem found so far: when accessing the login screen, my company logo is stretched to fill the page width, while height is fixed; mobile view is fine, instead. ieee_logicData control_flow
#6433 Small pcre.backtrack_limit setting can cause email body reset on send/save We are seeing a issue when using a image (7.3kb seems to be fine, 9.3kb triggered this) is used in a html signature, and you save it to drafts (or send it), it results in a email with a blank body. To reproduce: * Add the large image into a html signature * Create a new email * Add a inline image * Hit save, and check Drafts But, using just the Normal Image instead, seems to work fine. Environment: * OS: Centos 7.5.1804 * PHP: PHP 5.4 (Default php version in Centos 7.5) * Roundcube: Tested on 1.3.7, as well as 1.4 beta Tested with plugins disabled, adding $config['debug_level'] = 1; to config.inc.php, but nothing in /var/log/roundcubemail/errors.log. (Normal Image) ![bravenetlogo](https://user-images.githubusercontent.com/2858011/45247255-5b963800-b2bb-11e8-8b04-cf3b73f78fc1.png) (Large Image) ![bravenetlogo_large](https://user-images.githubusercontent.com/2858011/45247252-589b4780-b2bb-11e8-9ccd-cd25254597f6.png) ieee_logicData control_flow
#6440 Get rid of referer_check With enabled referer_check: 1. In Edge and IE the error is thrown when refreshing the page on Mail and Contacts UI. This is caused by our history.replaceState() use, which in these browsers unsets document referrer. 2. In Firefox the error is thrown when previewing an image attachment. Probably the referrer is unset when doing the frame refresh (in steps/mail/get.inc). 3. I don't see more issues right now, but I can easily imagine more issues as browsers these days tend to remove referrer information for privacy reasons in many cases. I also remember some issues from the past where IE could change the referrer when switching HTML render mode. So, I think it brings more problems than benefits. As the Referrer header can be easily spoofed, such protection does not sound very useful these days. I propose to get rid of the option. @thomascube what do you think? ieee_logicData control_flow
#6444 Make menu button inactive if all subactions are inactive E.g. Threads button, but also arrows on Forward and Reply All. Some common logic for such buttons would be nice. ieee_logicData control_flow
#6445 Elastic: Unwanted thread expanding when selecting a collapsed thread (regression) Selecting (click or keyboard) a closed thread opens the thread that's a bit annoying because dealing the thread is much harder (should only open if clicked on the arrow or pressing the right arrow key) I see that in 1.3 we did not expand the thread. ieee_logicData control_flow
#6464 Washing html mails Hi! After upgrading from 1.3.5 to 1.3.7 I got issue with washing html emails in web interface. It has remove some words: ``` $ diff roundcube1.3.*_html.txt 24,37d23 < zzz < <span class="values vm2-first_name">zzzzzzzz</span> < zz. zzzzz < <span class="values vm2-email">1</span> < <br class="clear" /> < zzzzzzz < <span class="values vm2-phone_1">X-XXX-XXX-XX-XX</span> < <br class="clear" /> < zzzzz zzzzzzzz < <span class="values vm2-address">zzzzzzzzz 25 zz 22 zzz 2 zz 1</span> < <br class="clear" /> < </td> < <td valign="top" width="50%"> < zzz 39d24 < zzzzz zzzzzzzz ``` there is an example mail: [roundcube_example_mail.txt](https://github.com/roundcube/roundcubemail/files/2420134/roundcube_example_mail.txt) interface view 1.3.5 compare to 1.3.7: ![roundcube1 3 5_html](https://user-images.githubusercontent.com/21895986/46086075-107f8e80-c1b0-11e8-9a65-96be4d681cc5.png) ![roundcube1 3 7_html](https://user-images.githubusercontent.com/21895986/46086079-11182500-c1b0-11e8-8c6b-f59d714ba66c.png) and "rcmBody" part: [roundcube1.3.5_html.txt](https://github.com/roundcube/roundcubemail/files/2420108/roundcube1.3.5_html.txt) [roundcube1.3.7_html.txt](https://github.com/roundcube/roundcubemail/files/2420109/roundcube1.3.7_html.txt) Thank you. ieee_logicData control_flow
#6469 Elastic mobile/Autocomplete: Long names exceed display width Latest master How to Reproduce - Create 2 contacts, one with a long display name, one normal. ie. 1. This is a really long display name \<[email protected]\> 2. ShortName \<[email protected]\> - Enable elastic skin - Use elastic mobile in portrait mode and landscape mode - Compose email - In the To: field, begin typing characters from your created contacts and wait for autocomplete results Results - When in portrait, the display name (and each subsequent display name) is cut off on the left hand side] ![portrait](https://user-images.githubusercontent.com/43651180/46166449-35800a00-c261-11e8-8fe9-cb68026ee7e7.PNG) - When in landscape, the email address is cut off on the right side, and the screen becomes scroll-able horizontally ![landscape](https://user-images.githubusercontent.com/43651180/46166448-35800a00-c261-11e8-901a-cc63e7c3b9c0.png) Expected results - Autocomplete results should not exceed the display width ieee_logicData control_flow
#6470 Start new mail while sending is in progress There is problem in roundcube to start new mail or reply while mail sending in progress. There is no problem to start new mail before and after sending, only if sending is in progress. I get every time an error and we think there is some problems with session handling in roundcube. When sending is in progress and you try to start new mail, roundcube doesn't start new session like it would be if you start new mail not while sending is in progress. So the session doesn't exist any more when the mail is sent and you can't send or save a new mail. ieee_logicData control_flow
#6494 Message/rfc822 part not listed on the attachments list Messages forwarded by Outlook do no have filename specified: ``` Content-Type: message/rfc822 Content-Disposition: attachment; creation-date="Thu, 25 Oct 2018 18:05:05 GMT"; modification-date="Thu, 25 Oct 2018 18:05:05 GMT" ``` but we should display them on the attachments list anyway. ieee_logicData control_flow
#6498 Malformed message saved into Sent folder when using big attachments and low memory limit The message is sent properly, but the copy saved into imap is malformed. https://www.roundcubeforum.net/index.php?topic=25110 I confirmed the issue with git-master and following: - memory_limit=64M - attachment size = 10MB - plain text message, I couldn't reproduce with HTML message The problem is with wrong `Content-Type: text/plain` in the message headers even if the message body really contains proper `multipart/mixed` structure. There's no issue in Roundcube 1.3. ieee_logicData control_flow
#6511 web.config gets deleted in temp folder Hi! I'm running roundcube on IIS. For disabling access to the temp folder I need to create a web.config in this folder. But it gets deleted after `temp_dir_ttl`. I've two ideas: 1. Add a config item for setting filenames which get ignored. 2. Add common settingfilenames [here](https://github.com/roundcube/roundcubemail/blob/5542e91b21ba6267202f89ef9464f7ef8ce93dd7/program/lib/Roundcube/rcube.php#L526). ieee_otherBuildConfigInstall non_functional
#6518 Elastic skin: can't see full subject In the Elastic skin (1.4beta) long subject lines are truncated with elipsis ... This is fine in the list view, but when reading an email it's also applied there and there's no way to actually see the full subject line. Subject lines are really important, there's often a lot of key information delivered in the subject. The only way to see them is (a) open the message in its own window and possibly buy a wider screen, or (b) see the View All Headers button -eugh! So I would suggest removing `white-space: pre` from the `h2.subject span` so that the full subject is visible. (generally loving the elastic skin though, thanks!) ieee_logicData control_flow
#6523 elastic: "Select" grayed out on smaller width The "Select" option is grayed out on smaller width which is not the case on wider width. This makes it impossible to activate the checkboxes for selecting emails which again makes it impossible to select emails on mobile phones because the email will be loaded ![mobile](https://user-images.githubusercontent.com/293612/48551277-5d8d0080-e8d5-11e8-84c8-66c646425ead.PNG) ieee_logicData control_flow
#6530 Elastic: plus button without function (small width, mobile) There is a "plus" button at the bottom right on contacts which is without any function. After going back to Mails it's still there. This only happens with small width (mobile devices). ![1](https://user-images.githubusercontent.com/293612/48899710-9a667380-ee50-11e8-9c46-0188608dda67.PNG) And after going back to mails from contacts: ![2](https://user-images.githubusercontent.com/293612/48899722-a3574500-ee50-11e8-91cb-1a616cf6bd3d.PNG) ieee_interface structural
#6531 Inconsistent offset for various time zones Hi, I was wondering if there is any specific reason why the time zone is calculated on a fixed date (December 21) and not using the current date... https://github.com/roundcube/roundcubemail/blob/6d19d1466e9bafc0de0ef19e6ed661f5a119fa56/program/steps/settings/func.inc#L212 **For example:** Here on Brazil (America/Sao_Paulo) on this date (21/12/2018) we have daylight saving time enabled. Then `GMT -03:00` becomes `GMT -02:00`. I was looking at the time zone list a few months ago and could not find my TZ on the list, this is very confusing (at least for me). I made a patch and I'm manually applying it to every release since v1.3.5. ```patch --- a/program/steps/settings/func.inc +++ b/program/steps/settings/func.inc @@ -222,7 +222,7 @@ foreach (DateTimeZone::listIdentifiers() as $i => $tzs) { try { $tz = new DateTimeZone($tzs); - $date = new DateTime(date('Y') . '-12-21', $tz); + $date = new DateTime('now', $tz); $offset = $date->format('Z') + 45000; $sortkey = sprintf('%06d.%s', $offset, $tzs); $zones[$sortkey] = array($tzs, $date->format('P')); ``` Thanks. ieee_logicData control_flow
#6548 Funny Message-Id when resuming a Draft How to reproduce: 1. start composing an email with some MUA != Roundcube 2. save the draft, make sure the Message-Id header is not generated at this time 3. resume the draft from Roundcube, send the email At this point, the email gets sent with a Message-Id of `mid:1`. ieee_logicData control_flow
#6564 Import of phone numbers fails if there is an empty phone number while importing an vcard that has multiple phone number entries and one of them has no value all other phone numbers before are discarded. vcard: BEGIN:VCARD VERSION:3.0 FN:Foo Bar N:Foo Bar;;;; TEL;TYPE=work:12354612 TEL;TYPE=home:67890 TEL;TYPE=CELL: TEL;TYPE=FAX:123 END:VCARD importing this vcard, the entry will end up with just the fax number. This is because processing of the empty cell phone number resets the array of phone numbers. This is done in program/lib/Roundcube/rcube_vcard.php:392. The simplest solution would be just to remove the "unset". At least for my use case it worked fine. ieee_logicData control_flow
#6565 login form inputs too wide in IE11 using latest git-master the input boxes on the login form when using IE11 are too wide: ![login](https://user-images.githubusercontent.com/88682/50330451-27a1f400-04f3-11e9-8a70-98ac6b97ed91.png) BTW not sure if its intentional but in FF64, Edge and IE11 both login boxes have the red "invalid" marking around them on page load. It happened after 328c324 ieee_interface control_flow
#6577 Some IMAP commands fail on unsolicited responses In testing with our alert enabled nginx mail proxy we inject imap-alerts post-login. When our roundcube connects to the nginx proxy and a alert is send to the client roundcube ui reports there are no messages available. I have the logged imap convo below, ``` [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] S: * OK IMAP4 ready [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] C: A0001 CAPABILITY [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] S: * CAPABILITY IMAP4rev1 UIDPLUS IDLE AUTH=PLAIN AUTH=LOGIN STARTTLS [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] S: A0001 OK completed [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] C: A0002 CAPABILITY [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] S: * CAPABILITY IMAP4rev1 UIDPLUS IDLE AUTH=PLAIN AUTH=LOGIN STARTTLS [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] S: A0002 OK completed [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] C: A0003 AUTHENTICATE PLAIN [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] S: + [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] C: ****** [38] [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] S: A0003 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE NOTIFY QUOTA] Logged in [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] C: A0004 LIST (SUBSCRIBED) "" "*" [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] S: * OK [ALERT] https://www.youtube.com/watch?v=dQw4w9WgXcQ [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] S: * LIST (\Subscribed) "/" INBOX [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] S: * LIST (\Subscribed) "/" INBOX/To-Do SNIP SNIP SNIP [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] S: * LIST (\Subscribed) "/" "Sent Messages" [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] S: * LIST (\Subscribed) "/" Spam [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] S: * LIST (\Subscribed) "/" Templates [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] S: A0004 OK List completed. [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] C: A0005 GETQUOTAROOT INBOX [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] S: A0005 OK No quota. [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] C: A0006 LOGOUT [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] S: * BYE Logging out [03-Jan-2019 14:23:37 +0100]: <m8bccice> [2C45] S: A0006 OK Logout completed. ``` ieee_interface structural
#6580 max_message_size is ignored when forwarding mail One of our users tried to forward all mails in his inbox as one mail with each mail as an attachment and failed, because it was too big for our smtp server. But he tried it more than once until the temp directory was full. This way we learned max_message_size doesn't help if someone forwards mails. I also tested this with roundcube-1.4-beta. Would be nice if max_message_size is checked in every case during composing a new mail. To reproduce this behavior: 1. set max_message_size to 1M for easy testing 2. Select one or more mails with total size more than 1M (or just use "select all") 3. Klick "forward as attachment" 4. Enter recipient address and click send ieee_logicData control_flow
#6581 Domain DNS check fails when DNS servers don't support ANY as a query type Hi, After moving from DNS servers from bind to knot, roundcube started to fail validating e-mail addresses of some random, but valid domains. The reason is that `checkdnsrr($domain_part, 'ANY')` fails when asking to the knot dns server. There are reasons for DNS services to not support the ANY query type, and Cloudflare details their reasons they deprecated it [1], and also there is also work at IETF about this [2]. The effect of this failing is that the user cannot send an e-mail, as the check fails. The way to solve currently is to disable the dns_check, but would it be possible to use the check A and AAAA records directly instead of ANY and keep the function working as expected instead of breaking compatibility with the DNS Servers that will not implement that query type? A quick way to test this is to set "1.1.1.1" as the dns server (as that's provided by cloudflare). Thanks in advance. [1]: https://blog.cloudflare.com/deprecating-dns-any-meta-query-type/ [2]: https://tools.ietf.org/html/draft-ietf-dnsop-refuse-any-07 ieee_interface structural
#6599 rcmail_install.php - "README" file is not an obvious file to check the config at the 3rd step of the installation Hi! I spent a few hours to find the real reason of such error (3rd step of the Roundcubemail-1.3.8-complete installation) :-( **Test filetype detection Fileinfo/mime_content_type configuration: NOT OK Check the Fileinfo functions of your PHP installation. The path to the magic.mime file can be set using the mime_magic config option in Roundcube.** The reason is the missing "README" file (skins/larry/README) which was specially deleted by me since this is unnecessary info-garbage on the my server, just like all other similar info-files in other dirs/subdirs (README, INSTALL, CHANGELOG etc...). Yes, I love to be safe even if someone thinks it's strange :-| "README" file is not an obvious file to check the config at the 3rd step of the installation in some cases... https://github.com/roundcube/roundcubemail/blob/796e5a17e6389ac0edae53eb8249e6fdf446a0d9/program/include/rcmail_install.php#L516 ` public function check_mime_detection() { $errors = array(); $files = array( 'skins/larry/images/roundcube_logo.png' => 'image/png', 'program/resources/blank.tiff' => 'image/tiff', 'program/resources/blocked.gif' => 'image/gif', 'skins/larry/README' => 'text/plain', ); foreach ($files as $path => $expected) { $mimetype = rcube_mime::file_content_type(INSTALL_PATH . $path, basename($path)); if ($mimetype != $expected) { $errors[] = array($path, $mimetype, $expected); } } return $errors; } ` So, it would be better to replace the "README" file with something else in this function. I think it should be some kind of "system" file, which is 100% available in the directory in all cases. Or create a special "service file" (text/plain) if you want to check strictly "text/plain". **Or the best option**, the notification of the missing "README" (skins/larry/README) file during the test (or before the start of installation). ieee_otherBuildConfigInstall non_functional
#6600 Elastic: Invalid message window height with mailvelope When using mailvelope together with the new elastic theme, the height of the message box is not resized to the full available height when reading an encrypted email. The message gets decoded correctly, but the textbox height is only around 3 rows. Using the default theme everything is fine and mailvelope is using the available height. ieee_logicData control_flow
#6610 Logo(s) and favicon does not get cache buster added I didn't check this is a regression or it was always like that. ieee_logicData control_flow
#6613 Elastic skin resets layout view for email previews I recently installed 1.4-beta to try out the mobile rendering capabilities, along with the elastic4mobile plug-in for automatically changing the skin. Like some others, I noticed the email preview layout gets reset to "Widescreen" once you load the mobile version, so when you go back to the desktop version without the elastic skin, it stays as "Widescreen". I saw the report on the elastic4mobile plug-in issue tracker about this, but after a little digging, it really seems more like an elastic skin issue (or possibly a limitation of Roundcube). Let's assume you start out with the larry skin and the layout set to "Desktop". When you change to the elastic skin, the elastic skin changes the layout to "Widescreen" according to the meta.json file. When you then change the skin back to larry, it leaves it set to "Widescreen". Since the elastic skin doesn't allow you to even set the layout (it always uses "Widescreen"), it's a little weird for the user if they happened to be trying out different skins and it's inadvertently changing other settings. A possible solution I see would be for Roundcube to allow a skin to override a config option, like the layout setting, but not actually save it to the preferences in the database. If it's always overriding the config option and not letting the user change it, it really doesn't need to save it anyway. That way, when you change the skin back, it automagically reverts back to the previous layout selection, thus giving a more seamless experience (and also fixing the issue when you enable the elastic4mobile plug-in). ieee_interface structural
#6621 Message download is missing CSRF token When large(er) mail is received, it can't be shown and a download link is presented instead: `The message part is too big to process it. Download` When you click at the download link the following message is displayed: ``` REQUEST CHECK FAILED For your protection, access to this resource is secured against CSRF. If you see this, you probably didn't log out before leaving the web application. Human interaction is now required to continue. Please contact your server-administrator. ``` Download link example: ``` http://10.170.42.192/roundcubemail-1.4-beta/?_task=mail&_action=get&_download=1&_uid=335723&_part=0&_mbox=INBOX ``` Problem: download request is missing CSRF token. ieee_logicData control_flow
#6623 Drag and drop then escape Hi, One time I was dragging an email to another folder on a web browser, I accidentally pressed the ESC key. The email then disappeared. I am not sure if this is a bug or a feature that I didn't know? Thank you. ieee_interface control_flow
#6640 Plain text mail display problem There is a problem displaying plain text mails containing certain key words. Steps to reproduce with Roundcube Webmail 1.3.8: 1. compose a new plain text message which contains the following lines: src='/' href='/' background='/' 2. save the message as draft 3. open the draft message. Message body is displayed like this: src='skins/larry/' href='skins/larry/' background='skins/larry/' This is only a display problem. The "show source" function displays the expected content. Also if viewed by another program the correct content is displayed. The problem is related to the fix_paths method in program/include/rcmail_output_html.php. fix_paths is applied to all HTML output including the already formatted message body. This replaced '/' with 'skins/larry/'. ieee_logicData control_flow
#6648 [elastic] No prev/next button for loading messages on message view On larry skin after loading message were two buttons for loading next/prev messages. They are missing on elastic skin. ieee_interface control_flow
#6655 Deleting a collapsed thread doesn't select next row If you select a thread in the collapsed state and delete it, nothing is selected. If you press cursor down you select the first entry but not fully only the marker at the left is changing to blue and the mail is not loaded. if you press a second time the cursor down key the next message (2nd message) is correctly selected and displayed in the preview. ieee_interface structural
#6659 "Open message in new window" issue When I open a message in new window by clicking option no. 1 shown on below image - it works correctly. When I use option no. 2 - message is opened with side menu, which shouldn't be visible. ![obraz](https://user-images.githubusercontent.com/24810145/53745825-16d10f80-3ea0-11e9-83cf-278ad94e3e83.png) ieee_interface control_flow
#6677 Elastic: Menu disappears if i download an attachment in the normal elastic layout you have an menü ![image](https://user-images.githubusercontent.com/19638140/54225454-ffc39a80-44fb-11e9-9fbb-d84c71ac8c9d.png) if you open a message with an attachement and download the attachement the menu disappears. Changing to another message will not show the menu again. you have to create a new mail and then go back to your mails. Tested with php 7.0 and php 7.2. (Roundcube 1.4-RC1) ieee_interface control_flow
#6688 Unable to preview attachments with x_frame_options=deny When the option is set to 'deny' displaying text or image attachments does not work. ieee_logicData control_flow
#6694 install-jsdeps.sh fails to get TinyMCE It shows error when trying to update tinymce Installing jQuery... Wrote file /var/lib/roundcube/program/js/jquery.min.js Done. Installing jsTimezoneDetect... Wrote file /var/lib/roundcube/program/js/jstz.min.js Done. Installing PublicKey.js... Wrote file /var/lib/roundcube/program/js/publickey.js Done. Installing tinymce... Fetching http://download.ephox.com/tinymce/community/tinymce_4.5.8.zip ERROR: Incorrect sha1 sum of /var/lib/roundcube/temp/js_cache/tinymce-4.5.8.zip. Expected: 08b0757264adb86066940bbafb7aa9ec0c7c6685, got: ieee_otherBuildConfigInstall non_functional
#4264 Unable to set Sent folder to "INBOX" _Reported by dpc22 on 2 Jul 2013 12:44 UTC as Trac ticket #1489219_ One of my users noticed that while "INBOX" appears in the list of mailboxes listed under: Settings => Preferences => Special Folders => Sent it is not possible to select that folder for sent messages. Any attempt to do do ends up with the empty value "---". A bit of digging uncovered program/steps/settings/func.inc: ``` $select = rcmail_mailbox_select(array( 'noselection' => '---', 'realnames' => true, 'maxlength' => 30, 'folder_filter' => 'mail', 'folder_rights' => 'w', // #1486114, #1488279 'onchange' => "if ($(this).val() == 'INBOX') $(this).val('')", # ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ )); ``` #1486114 explains the problem with Drafts, which makes sense. I have pointed the user in question at Settings => Composing Messages => Place replies in the folder of the message being replied to but that isn't quite what they are looking for. They want incoming and outgoing email in a single mailbox (this is a shared account). _Migrated-From: http://trac.roundcube.net/ticket/1489219_ ieee_logicData control_flow
#4210 undefined method rcube_mime::content_type _Reported by javierwilson on 22 May 2013 18:07 UTC as Trac ticket #1489119_ I just installed RC 0.9.1 but I have problems when opening emails I get a blank page, the log files show: PHP Fatal error: Call to undefined method rcube_mime::content_type() in program/lib/Roundcube/rcube_message.php on line 759 php version 5.3.18 _Migrated-From: http://trac.roundcube.net/ticket/1489119_ ieee_interface structural
#4238 Attachement upload by drag&drop timeout after 180s _Reported by waski on 13 Jun 2013 11:44 UTC as Trac ticket #1489170_ Attachement uploading by drag&drop times out after 180 seconds. This is probably specified on .js side. Because of that large files upload wont suceed. Upload by button "attach" works fine. _Keywords: attachement drag&drop_ _Migrated-From: http://trac.roundcube.net/ticket/1489170_ ieee_logicData control_flow
#4105 CSRF prevention code seems to block regular requests _Reported by ado on 15 Feb 2013 08:19 UTC as Trac ticket #1488960_ In rare cases, the CSRF prevention code seems to block regular requests. To verify the problem reported by one of our users we added two write_log statements to index.php (see below). In cases of error we get output like this: ``` [09:36:10](14-Feb-2013) add_identity logon_user=userabc [09:36:10](14-Feb-2013) add_identity user=userabc [09:36:15 +0100](14-Feb-2013): CSRF OK for userabc: X-Roundcube-Request = 1e0de99fa4f0b8555f717faaa4c8d029, Token = 1e0de99fa4f0b8555f717faaa4c8d029 ... [10:52:28](14-Feb-2013) add_identity logon_user=userabc [10:52:28](14-Feb-2013) add_identity user=userabc [10:52:28 +0100](14-Feb-2013): CSRF OK for userabc: X-Roundcube-Request = fb3d25dfde8a81e0fb25ff0849df0735, Token = fb3d25dfde8a81e0fb25ff0849df0735 [10:52:28 +0100](14-Feb-2013): CSRF OK for userabc: X-Roundcube-Request = fb3d25dfde8a81e0fb25ff0849df0735, Token = fb3d25dfde8a81e0fb25ff0849df0735 [10:52:36 +0100](14-Feb-2013): CSRF OK for userabc: X-Roundcube-Request = fb3d25dfde8a81e0fb25ff0849df0735, Token = fb3d25dfde8a81e0fb25ff0849df0735 [10:52:37 +0100](14-Feb-2013): CSRF OK for userabc: X-Roundcube-Request = fb3d25dfde8a81e0fb25ff0849df0735, Token = fb3d25dfde8a81e0fb25ff0849df0735 [10:52:39 +0100](14-Feb-2013): CSRF OK for userabc: X-Roundcube-Request = fb3d25dfde8a81e0fb25ff0849df0735, Token = fb3d25dfde8a81e0fb25ff0849df0735 [10:52:39 +0100](14-Feb-2013): CSRF OK for userabc: X-Roundcube-Request = fb3d25dfde8a81e0fb25ff0849df0735, Token = fb3d25dfde8a81e0fb25ff0849df0735 [10:53:15 +0100](14-Feb-2013): CSRF Error for userabc: X-Roundcube-Request = 1e0de99fa4f0b8555f717faaa4c8d029, Token = fb3d25dfde8a81e0fb25ff0849df0735 [10:53:39 +0100](14-Feb-2013): CSRF OK for userabc: X-Roundcube-Request = fb3d25dfde8a81e0fb25ff0849df0735, Token = fb3d25dfde8a81e0fb25ff0849df0735 [10:53:45 +0100](14-Feb-2013): CSRF Error for userabc: X-Roundcube-Request = 1e0de99fa4f0b8555f717faaa4c8d029, Token = fb3d25dfde8a81e0fb25ff0849df0735 ... ``` Please note that the wrong tokens in cases of error are identical to the correct token of the session before (1e0de99fa4f0b8555f717faaa4c8d029). The problem arises only in rare cases, but it arises with various browsers (at least with IE and Firefox), and so we think it is a problem in Roundcube (perhaps in killing old sessions?). And here are the two write_log statements we added to index.php (lines 225 and following): ``` // check client X-header to verify request origin if ($OUTPUT->ajax_call) { if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) { write_log('errors', sprintf('CSRF Error for %s: X-Roundcube-Request = %s, Token = %s', $RCMAIL->user->get_username(), rc_request_header('X-Roundcube-Request'), $RCMAIL->get_request_token())); header('HTTP/1.1 403 Forbidden'); die("Invalid Request"); } else write_log('errors', sprintf('CSRF OK for %s: X-Roundcube-Request = %s, Token = %s', $RCMAIL->user->get_username(), rc_request_header('X-Roundcube-Request'), $RCMAIL->get_request_token())); } ``` _Keywords: CSRF_ _Migrated-From: http://trac.roundcube.net/ticket/1488960_ ieee_logicData control_flow
#4160 Bug - bin/updatedb.sh script - wrong exit code on error _Reported by nuxwin on 16 Apr 2013 15:41 UTC as Trac ticket #1489044_ On error, any cli script should never return 0 ``` root@debian32:/usr/local/src/imscp# php /var/www/imscp/gui/public/tools/webmail/bin/updatedb.sh --dir=/var/www/imscp/gui/public/tools/webmail/SQL --package=roundcube ERROR: Wrong 'suhosin.session.encrypt' option value and it wasn't possible to set it to required value (0). Check your PHP configuration (including php_admin_flag). root@debian32:/usr/local/src/imscp# echo $? 0 ``` Elementary my dear watson :D _Migrated-From: http://trac.roundcube.net/ticket/1489044_ ieee_logicData control_flow
#4166 Missing config options _Reported by newfield86 on 19 Apr 2013 03:53 UTC as Trac ticket #1489055_ When I install Roundcube 0.9 using the installer. I get a message: Missing config options The following config options are not present in the current configuration. Please check the default config files and add the missing properties to your local config files. support_url So i've checked the main config file but the variable ($rcmail_config['support_url']) is there. _Keywords: missing config options support url_ _Migrated-From: http://trac.roundcube.net/ticket/1489055_ ieee_otherBuildConfigInstall non_functional
#4157 Reply-To header handling in Reply-All action _Reported by @alecpl on 8 Apr 2013 12:28 UTC as Trac ticket #1489037_ In Reply-All (but not Reply-List) if To: and Reply-To: are the same and From: is different we should add From: address to Cc field. It looks that it's a most prefererred behaviour by our users, according to the poll on our mailing list. _Migrated-From: http://trac.roundcube.net/ticket/1489037_ ieee_logicData control_flow
#4230 Attachment(s) not included in forward function (multipart/mixed) _Reported by tachec on 7 Jun 2013 09:23 UTC as Trac ticket #1489150_ When forwarding mail with attachment(s) (multipart/mixed), Roundcube do not copy the attachment(s) to forward message. In the previous version (0.8.5) it works normally. In the development version 76f4f79 it works as expected only when message is displayed in HTML format. _Migrated-From: http://trac.roundcube.net/ticket/1489150_ ieee_logicData control_flow
#4196 Problem with mime_magic and image/jpg vs. images/jpeg _Reported by flack on 13 May 2013 16:32 UTC as Trac ticket #1489097_ Since updating to RC 0.9 one of my users has a problem with displaying inline images. After a long debugging session, I traced this down to the fact that the mail itself seems to have "image/jpg" specified as the mime type while the finfo detection returns "image/jpeg", so RC refuses to display the image. I can ask the user for the email in question and upload it here if that helps _Migrated-From: http://trac.roundcube.net/ticket/1489097_ ieee_logicData control_flow
#4084 Don't execute (all) http redirects on ajax requests _Reported by @thomascube on 24 Jan 2013 07:42 UTC as Trac ticket #1488926_ Since 7fac4dc8(https://github.com/roundcube/roundcubemail/commit/7fac4dc8) all HTTP Location: redirects are executed in the browser when they happen on ajax requests. While this is a good thing for systems using SSO, it can have fatal side-effects when other redirects (e.g. from a wlan hotspot) occur. Especially during message composition where the current page with the editor just vanishes without further notice. I see different solutions to avoid that: A. only allow redirects to (configurable) locations B. generally ignore redirects in compose mode C. aks/warn user before redirecting during compose and let him/her copy the current message to the clipboard _Migrated-From: http://trac.roundcube.net/ticket/1488926_ ieee_interface structural
#4515 Composer setup (tweaks) needed for plugin installation _Reported by bsi on 9 Apr 2014 12:21 UTC as Trac ticket #1489785_ The composer used for plugin installation needs some tweaks as it doesn't handle correctly dependencies which are already shipped with Roundcube. I've ran into this problem while I've installed the SieveRules plugin which depends on pear-pear.php.net/Net_Sieve. While composer resolves and installs this dependency, it also installs pear-pear.php.net/PEAR, which is already shipped with Roundcube but it seems composer isn't aware of this. Therefore when I try to use the SieveRules plugin, it tries to load the installed 'vendor' dependency (pear-pear.php.net/Net_Sieve) which also tries to loads it's dependency 'pear-pear.php.net/PHAR', but this time PHAR has been already loaded from 'program/lib/PHAR.php'. I don't know where should this case handled so sorry if I report it on the wrong forum. I've started on the SieveRules issue tracker, but there my case has been closed stating that this problem should be handled by composer. _Migrated-From: http://trac.roundcube.net/ticket/1489785_ ieee_otherBuildConfigInstall non_functional
#4308 "From:" must be handled manually on reply _Reported by cheshirrrrre on 23 Aug 2013 09:27 UTC as Trac ticket #1489291_ Hello! After upgrade from 0.9.2 to 0.9.3 strange thing occured: on 0.4.2 and 0.9.1/0.9.2 (versions i've tested) corresponding profile was used automatically when one was trying to reply on emails in defferent distribution groups. F.e.: i've got an reply email to admin@some_domain in my some_domain.admin distributed imap folder. As i hit reply, i've got a new_mail window with admin@some_domain in the "From:" field (i have matching profile in rcube so i can send emails from that address). The default profile is another one, which is used mainly for local in-office emails, so corresponding profile was choosed based on "To:" or "Received:..... for...." header or whatever else. Such thing worked till 0.9.3. Now one have to change "From:" when replying on emails every time. And i can't say that it's a very handy thing. _Migrated-From: http://trac.roundcube.net/ticket/1489291_ ieee_logicData control_flow
#4391 Create default folders _Reported by rosali on 9 Nov 2013 11:34 UTC as Trac ticket #1489423_ Default folders ... ./config/main.inc.php ``` // automatically create the above listed default folders on login $rcmail_config['create_default_folders'] = true; ``` ... are only created on first time login. This is bad if you want to add additonal default folders for existing Roundcube users. F.e. add 'Archive' folder after installing 'archive' plugin. _Migrated-From: http://trac.roundcube.net/ticket/1489423_ ieee_otherBuildConfigInstall non_functional
#4325 MySQL error [2006] storing images in cache_messages table _Reported by agustin on 3 Sep 2013 10:58 UTC as Trac ticket #1489316_ It seems that the content of the "data" field is bigger than my max_allowed_packet, since that it looks like Webmail was trying to save an image in the cache_message. I think this could be avoided using the "b" type for the mysql_bind_param and then using the function mysqli_stmt_send_long_data() for sending the data. I think not all the users can modify the MySQL variable max_allowed_packet and it could be avoided from PHP programming, so it would be great if you could change it. I attach a file where you can show the log output. I had to truncate it up to 31K since that it is not allowed to upload more than 32K, but the original file is 2.5M only for one query. My max_allowed_packet in MySQL is 128K. Thank you in advance. _Keywords: mysql, database, max_allowed_packet_ _Migrated-From: http://trac.roundcube.net/ticket/1489316_ ieee_interface structural
#4211 If contact_id divisible by 100, contact cannot be displayed _Reported by vitek on 23 May 2013 15:33 UTC as Trac ticket #1489121_ When the contact has contact_id divisible by 100 in contacts table, it is not possible to display the contact (you will receive an error about nonexistent contact or different contact is displayed). When you go to addressbook and you choose the group, you can see the contact (in the column Contacts), but when you click on it, you will receive the error message or different contact. In program/steps/addressbook/func.inc there is a definition of a function rcmail_get_cids(). It contains these lines: ``` if (substr($id, -($got_source+1)) == "-$source") { $id = substr($id, 0, -($got_source+1)); } ``` In my case variable $source contains 0, variable $got_source contains 1 and when $id is divisible by 100, then you have "00" on the left side of the comparission. On the right side you have "-0". I dont exactly understand why those strings are equal ("00" and "-0"), they are probably for some reason converted to integer and then they are equal. After the condition succeeds, $id looses too digits from right (divided by 100) and the resulting cid is different so you will receive information about different contact (whose contact_id is original contact_id divided by 100) or you get an error message that contact doesnt exist. _Migrated-From: http://trac.roundcube.net/ticket/1489121_ ieee_logicData control_flow
#4111 Skin path handling vs. plugins _Reported by @alecpl on 19 Feb 2013 13:07 UTC as Trac ticket #1488967_ In one plugin I wanted to add some content to compose page with: ``` $rcmail->output->add_footer( $rcmail->output->parse('myplugin.compose', false, false)); ``` Yes, I have a template file in plugins/myplugin/skins/larry/templates/compose.html. This is currently not possible because template with the same name exists in core skins/larry/templates folder. The core compose.html template content will be "overwritten" by plugin's template. rcmail_output_html class (and its parse() method, but maybe other too) should be aware of the context. BTW, template_exists() has similar problem. Doesn't work with plugin templates. BTW, there's still a reference to skins/default in parse() method. _Migrated-From: http://trac.roundcube.net/ticket/1488967_ ieee_interface structural
#4281 Incorrect imap_timeout option description _Reported by d4fseeker on 17 Jul 2013 12:41 UTC as Trac ticket #1489247_ Prenote: The antispam here is a joke... Blocking all contents and attachements containing "MES_SAGE". Seriously??? I am aware that similar tickets have been opened in the past but all have either received fixes or were closed with "Server-side error" notice. Server is a Courier-IMAP on Debian 6 "Squeeze", Roundcube 0.9.2 runs locally on the same machine. The error has only been reported with the current Roundcube version, older versions worked fine. On some accounts (customer in question has over 4000 e-mails) Roundcube throws the following error MES_SAGE: ``` Unable to send command: A0006 FETCH 1:* (UID INTERNALDATE BODY.PEEK[(DATE)](HEADER.FIELDS)) ``` When analyzing the IMAP Debug log, it seems that already the "C: A0003 STATUS INBOX (MES_SAGES UNSEEN)" command does not receive any reply and the above.mentioned A0006 command is not even listed. See attached log for details. However, when replaying the logged commands on a terminal connection to the server and including the command that was reported to have an error, **no problem can be seen**. In fact, Courier throws out the 4000-and-some emails within a few seconds including the body peek and everything. So I'm pretty sure it's not a server-side problem but an intercompatibility issue. On a side note, is it really necessary to download all 4000-some emails into Roundcube on every login when there are only like 40 emails per page and the server can already pre-sort them? _Migrated-From: http://trac.roundcube.net/ticket/1489247_ ieee_interface structural
#4300 Clear folder not possible _Reported by dennis1993 on 12 Aug 2013 15:37 UTC as Trac ticket #1489280_ Hey guys, I tested your demo.roundcube.net. In the INBOX are ~10 mails. If I click on the gear below, I can't clear the Folder. I can only clear the TRASH. But if I go to settings => folders I can clear **every** folder. If I click in settings on clear in INBOX, nothing happens. If I select another Folder, nothing happens. The function does not work. _Migrated-From: http://trac.roundcube.net/ticket/1489280_ ieee_logicData control_flow
#4286 X-Priority: header set to "Lowest" after "Open in new window" _Reported by dpc22 on 22 Jul 2013 11:40 UTC as Trac ticket #1489257_ If I start to compose a new message in Roundcube 0.9.2 and then click the "Open in new window" icon the Priority of the message is set to "Lowest", regardless of the state of the original compose window. While this can be corrected using the priority selector, that is hidden from view until you click on the icon at the top left. It normally isn't obvious that something has gone wrong until someone receives the message. _Keywords: compose x-priority_ _Migrated-From: http://trac.roundcube.net/ticket/1489257_ ieee_logicData control_flow
#4173 $rcmail_config['referer_check'] missing in action in 0.9.0 _Reported by dpc22 on 24 Apr 2013 11:24 UTC as Trac ticket #1489065_ If I try to enable the following in main.inc.php: ``` // check referer of incoming requests $rcmail_config[= true; ``` I get the following error: [24-Apr-2013 10:07:48 UTC]('referer_check']) PHP Fatal error: Call to undefined method rcmail::check_referer() in /var/www/roundcube-0.9.0/index.php on line 239 _Migrated-From: http://trac.roundcube.net/ticket/1489065_ ieee_otherBuildConfigInstall non_functional
#4262 forwarding an email with attachments in attached .eml file _Reported by cheshirrrrre on 1 Jul 2013 09:22 UTC as Trac ticket #1489214_ I am testing 0.9.2 as our current-in-production 0.4.2 is 'slightly' outdated. And a problem with forwarding emails with attachments in eml file aroused. When i click 'forward' on an email with attachments (1.jpg, 2.jpg and 1.eml, in which jpgs are stored) in our 0.4.2 roundcube, i get a new compose window with jpgs already there, and i can delete all unnecessary quotation. But in 0.9.2 i get a new compose window with just a 1.eml file. So I have to download all attached files, compose a new email and attach them there. As there's a lot of email, our test subjects are complaining a lot about it. PS: 0.9.2 is a fresh install. _Migrated-From: http://trac.roundcube.net/ticket/1489214_ ieee_logicData control_flow
#4424 X-Forwarded-For fieled may return multiple addresses and generate a warning in sendmail.inc _Reported by netesa on 16 Dec 2013 18:09 UTC as Trac ticket #1489481_ X-Forwarded-For may return more than 1 IP address (multiple values are comma separated). When this string is passed as an argument for gethostbyaddr() PHP gives the following error: Warning: Address is not a valid IPv4 or IPv6 address... This might happen in sendmail.inc, line 350. The following patch extracts only the first IP (the client address) from the string. ``` diff diff -ruN a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc --- a/program/steps/mail/sendmail.inc 2013-12-16 09:01:14.000000000 +0100 +++ b/program/steps/mail/sendmail.inc 2013-12-16 18:52:40.423137602 +0100 @@ -347,6 +347,10 @@ $http_header = 'from '; if (isset($_SERVER[{ $host = $_SERVER['HTTP_X_FORWARDED_FOR']('HTTP_X_FORWARDED_FOR']))); + if (strstr($host, ', ')) { + $ips = explode(', ', $host); + $host = $ips[ } $hostname = gethostbyaddr($host); if ($CONFIG['http_received_header_encrypt'](0]; +)) { $http_header .= rcmail_encrypt_header($hostname); ``` Sorry for posting a patch again here, next time I will make a pull-request. _Migrated-From: http://trac.roundcube.net/ticket/1489481_ ieee_logicData control_flow
#4171 Wrong regexp in rcube_string_replacer _Reported by urusha on 22 Apr 2013 10:47 UTC as Trac ticket #1489060_ There is a bug in program/lib/Roundcube/rcube_string_replacer.php - $utf_domain regexp is wrong, so link highlighting is broken in some cases. How to reproduce: Try to compose message: ``` [email protected] www.example.com ``` Save it and then view, you'll see this: ``` [email protected]##str_replacement[$utf_domain regexp fixes this issue (this new regexp is simplified, but matched every unicode/punycode domain I tested): ``` // $utf_domain = '[^?&@"\'\/()<>\s\r\t\n](0]## ``` Changing)+\\.?([= '[^\\s\\r\\t\\n\\x00-\\x2f\\x3b-\\x40\\x5b-\\x60\\x7b-\\x7f](^\\x00-\\x2f\\x3b-\\x40\\x5b-\\x60\\x7b-\\x7f]{2,}|xn--[a-zA-Z0-9]{2,})'; $utf_domain_part)'; $utf_domain = "($utf_domain_part(-*$utf_domain_part)*)(\\.$utf_domain_part(-*$utf_domain_part)*)*"; ``` _Migrated-From: http://trac.roundcube.net/ticket/1489060_ ieee_logicData control_flow
#4088 Version selection in update.sh script _Reported by @alecpl on 28 Jan 2013 10:12 UTC as Trac ticket #1488933_ When version is not provided as an argument the script will ask: ``` What version are you upgrading from? Type '?' if you don't know. ``` Typing ? or just Enter does nothing. The script is executed without a version number. There should be a list of versions presented for selection. Maybe the script should be stopped in case of no version. Running the script without version goes to at least: 1. possible wrong DB schema upgrade. 2. unneeded contacts indexing. _Migrated-From: http://trac.roundcube.net/ticket/1488933_ ieee_otherBuildConfigInstall non_functional
#4147 Enabling smtp-tls results in "network unreachable" w/ IPv6 _Reported by karasu on 27 Mar 2013 20:01 UTC as Trac ticket #1489024_ On a host without a global IPv4 address, roundcube cannot connect to an IPv6 smtp-server if the server is specified with tls:_ (+tls port). Roundcube has no problems connecting to the very same server using smtp with ssl:_ (+ssl port). The system on which roundcube is running has a global IPv6 address as well as a local IPv4 (for resolving DNS names). Interestingly, roundcube is able to connect to the same mailserver with imap+tls. A similar problem exists in the managesieve plugin. The following entries can be found in roundcube's error-log: ``` [10:58:19](18-Mar-2013) Network is unreachable (101): [10:58:19](18-Mar-2013) Failed to connect socket: Network is unreachable (): [10:58:19 +0000](18-Mar-2013): SMTP Error: SMTP error: Connection failed: Failed to connect socket: Network is unreachable in /srv/roundcube/program/include/main.inc on line 1485 (POST /?_unlock=loading1363604383576&_lang=en?_task=mail&_action=send) ``` _Keywords: smtp, tls, ipv6_ _Migrated-From: http://trac.roundcube.net/ticket/1489024_ ieee_interface structural
#4242 Installer still complains about date.timezone even though it shouldn't _Reported by cepheid on 18 Jun 2013 00:32 UTC as Trac ticket #1489180_ It looks like the old date.timezone complaint by the installer is still present. I thought this was fixed years ago, in [(per #1485989), but it looks like those changes have been reversed. In installer/check.php, the checks in lines 188-195 should work even if date.timezone is empty, as long as the system timezone is properly set... but line 45 requires a non-empty date.timezone. Were the changes in 11e670da(11e670da]) supposed to be backed out, or is this a bug due to improper regression, or something else? _Migrated-From: http://trac.roundcube.net/ticket/1489180_ ieee_otherBuildConfigInstall non_functional
#4274 setmetadata fails in rcube_imap_generic.php _Reported by ork on 7 Jul 2013 17:35 UTC as Trac ticket #1489231_ cyrus imap server responds with "BAD Missing metadata value" to "SETMETADATA", because value apparently has to be escaped like this in rcube_imap_generic.php function setMetadata($mailbox, $entries) { ... foreach ($entries as $name => $value) { $entries[$name] = $this->escape($name) . ' ' . $this->escape($value, true); } ... } I've added "true" as a second parameter to the escape function to make things work. centos 6.4 php: php.x86_64 5.3 roundcube: roundcubemail.noarch 1.0-0.5.gitb6c37b.el6.kolab_3.1 (kolab nightlybuilds) symptoms: Cannot change type of a folder to calendar, cannot create new calendar folders, all new folders are mail folders _Migrated-From: http://trac.roundcube.net/ticket/1489231_ ieee_logicData control_flow
#4395 moving of mail via drag and drop not working on mobile device _Reported by rainforest1155 on 13 Nov 2013 23:05 UTC as Trac ticket #1489431_ While you can drag a message around on the screen and moving it over a folder, it does indicate that the message can be dropped into the folder, the message isn't actually getting moved. It just remains where it was before you attempted to move it. This happens on the default and Larry theme in Safari on my iPad1 (iOS 5.1.1 - latest version available for device) and iPhone4 (using iOS 6.1.2). I've also tried an alternative browser (Atomic Web), but the issue is still the same. So right now a message needs to be opened with a double click and then one can use the move drop down menu to move it to another folder. _Keywords: Move,message,mobile_ _Migrated-From: http://trac.roundcube.net/ticket/1489431_ ieee_interface control_flow
#4245 Message list too short after delete/move, old messages missing _Reported by cepheid on 18 Jun 2013 05:37 UTC as Trac ticket #1489184_ I have RC set to display 50 rows per screen, i.e. 50 messages at a time in the message list. On the very first page, I've then moved/deleted a bunch of messages, so there are fewer than 50 messages in the list. When I refresh the list, there are STILL fewer than 50 messages... in fact, the list is the same sequence of messages it was before (minus the deleted ones). Even if I compact the mailbox, logout, and log back in, the list for page 1 claims to be showing messages 1-50, but is actually showing far fewer messages. See attached screenshot #1. The TOTAL message count is correct; the number it claims to be displaying is totally wrong. Also, a (very probably) related problem: messages on later screens are also now misnumbered. For example, on the "final" page (see second screenshot), only one message is displayed even though it claims to be displaying 13 of them. Moreover, the message displayed is _NOT_ #7801... it is actually #6951. On the "next to final" page, only 4 messages are displayed... they are correct in sequence (#6946-6950), but definitely NOT the messages #7751-7800 that RC claims to be showing. Logging in with pine or Thunderbird confirms the above -- the messages are displayed in proper sequence but the message list is misbehaving. Likely due to the second bug, any messages older than the one displayed on the last page are also absolutely invisible to RC... pine/Thunderbird show that there are 863 older messages in the mailbox, but RC can't seem to pull them up. The first error (message list too short) is mostly an interface issue... confusing and wrong, but no data loss. The second error is critical -- I can't access old mail that clearly exists in the mailbox, is visible to other IMAP clients, but is not visible to RC. Please let me know what kind of IMAP logs you need to diagnose this (as in, after enabling the log, what sequence of steps/clicks you want to see in the log). _Migrated-From: http://trac.roundcube.net/ticket/1489184_ ieee_logicData control_flow
#4369 Duplicate languages on spellchecker langs list _Reported by @alecpl on 25 Oct 2013 17:52 UTC as Trac ticket #1489395_ With pspell engine I see one "English (GB)" and three "English (US)" in languages menu. This is for `aspell dump dicts` result as follows: ``` en en-variant_0 en-variant_1 en-variant_2 en-w_accents en-wo_accents en_CA en_CA-w_accents en_CA-wo_accents en_GB en_GB-ise en_GB-ise-w_accents en_GB-ise-wo_accents en_GB-ize en_GB-ize-w_accents en_GB-ize-wo_accents en_GB-w_accents en_GB-wo_accents en_US en_US-w_accents en_US-wo_accents ``` _Migrated-From: http://trac.roundcube.net/ticket/1489395_ ieee_interface structural
#4185 Removal of a contact from a group for LDAP fails _Reported by cypline on 30 Apr 2013 17:10 UTC as Trac ticket #1489081_ When removing a contact from a group in the addressbook, by removing the check from the checkbox from the group, it fails with the error: An error occured while saving. By having a look at the debug log, it differs from the adding record entry: [18:37:39 +0200](30-Apr-2013): C: Add [cn=Test Group,cn=anybody,ou=private,ou=rcabook,dc=anything](dn:): Array ( [=> Array ( [0](member]) => cn=Display Name,cn=anybody,ou=private,ou=rcabook,dc=anything ) ) [18:37:58 +0200](30-Apr-2013): C: Delete [cn=Test Group,cn=anybody,ou=private,ou=rcabook,dc=anything](dn:): Array ( ) As you can see, the array is empty. I checked the code, and it is still in head. Please find attached a suggestion for a patch. It addopts the same behaviour as it is in the function add_to_group applied to the failing function remove_from_group. Cheers Cyp _Keywords: ldap, addressbook, groups_ _Migrated-From: http://trac.roundcube.net/ticket/1489081_ ieee_logicData control_flow
#4298 Wrong handling of links with '|' character _Reported by @alecpl on 7 Aug 2013 06:36 UTC as Trac ticket #1489276_ Example link ``` https://rapidshare.com/#!download|856p1|2938527513|EngNewsBlinkfeedPatch.zip|1482|0|0|1|referer-30EBB03C02269D930D47D27D3DD442EF ``` _Migrated-From: http://trac.roundcube.net/ticket/1489276_ ieee_logicData control_flow
#4263 Editing a message as new strip the reply information _Reported by vincentxavier on 1 Jul 2013 10:11 UTC as Trac ticket #1489216_ When editing a message as new, ROundcube removes In-Reply-To: and References:. Therefore, the message won't be proprerly linked to an existing thread. Steps to reproduce : 1. Reply to a message 2. Go in the Sent folders 3. Edit your message as new 4. Send it _Keywords: thread_ _Migrated-From: http://trac.roundcube.net/ticket/1489216_ ieee_logicData control_flow
#4462 Check if directories are writable always false on windows server _Reported by dennis1993 on 6 Feb 2014 17:18 UTC as Trac ticket #1489576_ In the last step of the Installation on a windows Server, the check for directories is always false. I've submitted a pull request here: https://github.com/roundcube/roundcubemail/pull/165 Now it's working on windows Server. _Migrated-From: http://trac.roundcube.net/ticket/1489576_ ieee_otherBuildConfigInstall non_functional
#4218 Postgresql with unix socket does not work. _Reported by bobleponge on 29 May 2013 13:50 UTC as Trac ticket #1489132_ In RC 0.9, you've changed the way the DSN string is used and now connecting to postgresql with a unix socket does not work anymore ('socket' option is dropped when creating PDO). Also, you forget to set any other options for the DSN option field. The following changes fixes this in rcube_db.php (line 995): ``` protected function dsn_string($dsn) { $params = array(); $result = $dsn[. ':'; if ($dsn['hostspec']('phptype'])) { $params[= 'host=' . $dsn['hostspec'](]); } else if ($dsn[{ // PDO for PostgreSQL does not accept a socket argument in the options // The location can be set via the "host" argument instead. $params[]('socket'])) = 'host=' . $dsn[ } if ($dsn['port']('socket']; )) { $params[= 'port=' . $dsn['port'](]); } if ($dsn[{ $params[]('database'])) = 'dbname=' . $dsn[ } if (!empty($params)) { $result .= implode(';', $params); } return $result; } /** * Returns driver-specific connection options * * @param array $dsn DSN parameters * * @return array Connection options */ protected function dsn_options($dsn) { $result = array(); $baseKeys = array('hostspec', 'port', 'database', 'username', 'password'); foreach($dsn as $key => $val) { if (!in_array($key, $baseKeys)) { $result[$key]('database']; ) = $val; } } return $result; } ``` _Keywords: postgresql pgsql unix_ _Migrated-From: http://trac.roundcube.net/ticket/1489132_ ieee_interface structural
#4296 Contact-Picture and not required fields _Reported by dennis1993 on 6 Aug 2013 12:54 UTC as Trac ticket #1489274_ If I create a new contact in the addressbook and fill in the firstname and lastname. After that I upload an image. Now I saw two bugs: 1. If I upload a high image look like this: http://demo.roundcube.net/mail/skins/larry/images/buttons.png the image is not scaled. A max-height and max-width would not be bad. :) 1. If I click on save after the upload and forgot the email, the image is gone. You can fix it with HTML5 and "required" attribute for email Input and all other required fields. Thanks a lot! _Migrated-From: http://trac.roundcube.net/ticket/1489274_ ieee_logicData control_flow
#4353 "occurred" consistently misspelt as "occured". _Reported by dpc22 on 4 Oct 2013 08:22 UTC as Trac ticket #1489366_ One of our users reported: When I send an email and the spell-check is on, it frequently shows an error message telling me that a spelling error has occurred. Unfortunately it mis-spells 'occurred'. In a way this is quite amusing. Is it intentionally ironic, or should a second 'r' be inserted? A quick grep through the source code finds lots of "occured" which should be "occurred": http://en.wiktionary.org/wiki/occured as far as I know this isn't a case where the word is spelt differently in British English and American English. _Keywords: spelling_ _Migrated-From: http://trac.roundcube.net/ticket/1489366_ ieee_interface structural
#4141 "Save this draft" doesn't (always) save _Reported by myfreexp on 24 Mar 2013 19:32 UTC as Trac ticket #1489012_ - Select a message in the Sent folder - Choose "Edit as new" - Click on "Save this draft" - Exit/close the message - Look in the Drafts folder: Surprisingly, the message is not there Solution: Dirty flag shoudn't be checked in this case. _Keywords: Save draft_ _Migrated-From: http://trac.roundcube.net/ticket/1489012_ ieee_logicData control_flow
#4510 Style lost in HTML email _Reported by joydev on 8 Apr 2014 09:07 UTC as Trac ticket #1489777_ Example content: ``` <b><span = style=3D'font-family:"=E6=96=B0=E7=B4=B0=E6=98=8E=E9=AB=94","serif";color= :red'>=E4=BB=A4=E5=85=A8=E5=A0=B4=E7=88=86=E6=BB=BF<span = lang=3DEN-US>!</span></span></b> ``` Correct decoded text: ``` <b><span style='font-family:"","serif";color:red'><span lang=EN-US>!</span></span></b> ``` Result in roundcube (copied from chrome dev tools): ``` <b><span style="font-family: &quot;; color: red;"><span lang="EN-US">!</span></span></b> ``` The color is not changed because of the wrong syntax. Tested v1.0-beta only. Email sent using Outlook, with Word as editor (HTML). _Migrated-From: http://trac.roundcube.net/ticket/1489777_ ieee_interface structural
#4400 Set Content-Type correct if download files _Reported by mlq on 20 Nov 2013 09:09 UTC as Trac ticket #1489439_ If you are trying to download a file, the Content-Type is always set to 'application/octet-stream' instead of the actual mime type. Since Content-Disposition is set correctly, the browser is 'forced' to show the save-as dialog. This behaviour is a bit annoying since the browser can't suggest a default application to open the file. I've attached a patch that sets the determined mimetype instead of 'application/octet-stream' and the Content-Disposition is set later on anyways. _Migrated-From: http://trac.roundcube.net/ticket/1489439_ ieee_logicData control_flow
#4450 Multiple attachment _Reported by fbsd on 30 Jan 2014 13:24 UTC as Trac ticket #1489546_ Hi all, I noticed a problem when sending multiple files in attachment. I've tried several versions and each occurs the same problem. I noticed that when sending files rc assigns a file name rcmfile 51391082767092387700 etc but files that have same number dont sent (disapear). Plylst10.wpl rcmfile 51391082767092387700 sent Plylst11.wpl rcmfile 51391082767092387700 not sent Plylst12.vpl rcmfile 51391082767093947700 sent Plylst13.vpl rcmfile 51391082767095507800 not sent Plylst14.vpl rcmfile 51391082767095507800 not sent Plylst15.vpl rcmfile 51391082767095507800 sent I couldnt find any error in debug logs. Apache : 2.4.7 PHP : 5.5.8 RC: 1.0 beta, 0.9.5 _Migrated-From: http://trac.roundcube.net/ticket/1489546_ ieee_logicData control_flow
#4517 Optimize framed HTML responses _Reported by @alecpl on 10 Apr 2014 15:17 UTC as Trac ticket #1489792_ Sometimes when we submit form, the resulting page has no text content only some javascript commands for parent window E.g. save-draft action response is: ``` <html> <head><title></title><meta http-equiv="content-type" content="text/html; charset=UTF-8" /> <script src="program/js/jquery.min.js?s=1396164787" type="text/javascript"></script> <script src="program/js/common.js?s=1396164787" type="text/javascript"></script> <script src="program/js/app.js?s=1397142019" type="text/javascript"></script> <script type="text/javascript"> /* <![*/ var rcmail = new rcube_webmail(); if (window.parent) { if(window.parent && parent.rcmail) parent.rcmail.iframe_loaded("loading1397142474621"); if(window.parent && parent.rcmail) parent.rcmail.display_message("Message saved to Drafts.","confirmation",0); if(window.parent && parent.rcmail) parent.rcmail.set_draft_id("5316"); if(window.parent && parent.rcmail) parent.rcmail.compose_field_hash(true); if(window.parent && parent.rcmail) parent.rcmail.auto_save_start(); } /* ](CDATA[)]> */ </script> </head> <body><script type="text/javascript"> /* <![*/ $(document).ready(function(){ rcmail.init(); }); /* ](CDATA[)]> */ </script> </body> </html> ``` Questions: 1. Do we really need to load these javascript files? 2. Do we need to create rcmail object and call rcmail.init()? 3. There's too many "if (window.parent)". _Migrated-From: http://trac.roundcube.net/ticket/1489792_ ieee_logicData control_flow
#4388 Remove groups on contacts import with "Replace entire addressbook" option enabled _Reported by @alecpl on 7 Nov 2013 18:54 UTC as Trac ticket #1489420_ Such import action should also remove all groups in addressbook. New rcube_contacts class need to be created or delete_all() extended. Additionally, I think,"Import group assignments: Only for existing groups" should be disabled. _Migrated-From: http://trac.roundcube.net/ticket/1489420_ ieee_logicData control_flow
#4152 Blockquote in HTML messages _Reported by rosali on 2 Apr 2013 04:40 UTC as Trac ticket #1489031_ In sendmail.inc line 496 Roundcube inserts inline blockquote styles. The 'with: 100%' causes a vertical scrollbar if a lot of blockquote cascades are present. 'width: auto' works great for me. _Migrated-From: http://trac.roundcube.net/ticket/1489031_ ieee_logicData control_flow
#4193 From headers not properly displayed in some cases. _Reported by arodier on 9 May 2013 21:46 UTC as Trac ticket #1489092_ I found a bug that can be reproduce only on certains circumstances, but I think it may be useful to mention it anyway. 1) Some old versions of Outlook remove the email address when "Archiving" messages in PST files. When importing these messages back into an IMAP server, the default email address is used, e.g. <MAILER-DAEMON>. So, the email look like from: From: "John Doe" <MAILER-DAEMON> 2) The company I am working in has a strange policy of using a '@' character in the display name. The resulting from field look like this: `"John Doe @ SomeBusinessName" <[email protected]>` Now, if the two conditions are met, in theory, the email should be displayed like that: ``` From: "John Doe @ SomeBusinessName" <MAILER-DAEMON> ``` However, when this kind of emails is displayed in Roundcube, it seems that the parser has some difficulty to separate the email address and the display name. The result is something like this: `"John Doe @ SomeBusinessName" <MAILER-DAEMON> <"John Doe @ SomeBusinessName" <MAILER-DAEMON>>` _Migrated-From: http://trac.roundcube.net/ticket/1489092_ ieee_logicData control_flow
#4248 php bug 54511 workaround and/or documentation _Reported by mrten on 19 Jun 2013 09:52 UTC as Trac ticket #1489187_ If you set `$rcmail_config[to non-zero and have` $rcmail_config['smtp_server']('smtp_timeout']```)`start with`'ssl://'`and have`$rcmail_config[on 465, and then try to send mail you run into this bug: `````` fsockopen() [<a href='function.fsockopen'>function.fsockopen</a>]('smtp_port']```): unable to connect to ssl://192.168.84.30:465 (Unknown error) (0) `````` which is quite old and documented here: https://bugs.php.net/bug.php?id=54511 can this please be documented somewhere, preferably above the `['smtp_timeout']` setting? There is a workaround mentioned in the bug as well, if that could be factored in somehow it would be great! _Migrated-From: http://trac.roundcube.net/ticket/1489187_ ieee_description non_functional
#4458 Infinite loop when converting HTML with invalid <blockquote> structure _Reported by @thomascube on 4 Feb 2014 09:20 UTC as Trac ticket #1489566_ Converting a HTML block with invalid `<blockquote>` tags (e.g. no closing tag) into plaintext gets stuck in an infinite while loop. There's no proper abort criteria in `rcube_html2text::_convert_blockquotes()` for cases like this: ``` <blockquote>QUOTED <blockquote> NO END TAG FOUND ``` _Migrated-From: http://trac.roundcube.net/ticket/1489566_ ieee_logicData control_flow
#4240 Install fails when MySQL "NOT OK" even if other DB present _Reported by cepheid on 18 Jun 2013 00:30 UTC as Trac ticket #1489178_ On a system with PHP v5.2.x, the installer's MySQL check will always return "NOT OK" since PHP v5.3.x is required. However, if another DB is available (e.g. sqlite), the installation should be able to proceed. It does not -- the installer will claim that the error must be fixed before proceeding. This occurs because installer/check.php (line 142) registers a failure ($RCI->fail) for MySQL. Then, installation is blocked if ANY failures exist (check.php, lines 237-242). However, the installer itself specifically says only ONE of the DB methods must be available... it should not fail simply because MySQL isn't available, if another DB method (e.g. sqlite) is available. A workaround is to edit installer/rc_install.php and comment out the pdo_mysql check (line 54). This will allow the installer to proceed. This is, of course, not the correct solution. The optimal solution is to modify check.php so that it will error out only if MySQL fails _AND_ no other DB solution is available. That is, if ANY DB solution is available, there should not be a failure. I can provide a screenshot if necessary. (Note: I have verified on my own system that installation and operation proceed just fine with the workaround above. I am using sqlite3 with php v5.2.x.) _Migrated-From: http://trac.roundcube.net/ticket/1489178_ ieee_otherBuildConfigInstall non_functional
#4223 Washtml doesn't fix incorrect textarea tags _Reported by mgrum on 31 May 2013 11:50 UTC as Trac ticket #1489137_ Empty textarea tags should, according to the XHTML standard, always be closed with a separate closing tag, i.e. they should look like `<textarea></textarea>` and not like `<textarea />`. The problem is that the washtml class in roundcube doesn't fix this, so when a user recieves an HTML e-mail that contains an incorrectly formatted textarea-tag, it gets sent to the browser unmodified. Most (probalby all?) browsers will then view the textarea as unclosed and will display the entire rest of the HTML markup inside the textarea. This also prevents the script tag at the end from being executed, so that some of the Javascript things in roundcubes interface won't work. Fortunately, it seems to be very easy to fix this problem: just add `'textarea'` to the `$block_elements` array in the rcube_washtml class and everything works as expected. _Migrated-From: http://trac.roundcube.net/ticket/1489137_ ieee_logicData control_flow
#4311 Wrong date is saved when non-standard date format is used _Reported by @alecpl on 24 Aug 2013 12:00 UTC as Trac ticket #1489294_ When using date_format="j.n.Y' wrong date is saved. It's e.g. contact birthday date. I didn't tested with other formats, so there might be other. _Migrated-From: http://trac.roundcube.net/ticket/1489294_ ieee_otherBuildConfigInstall non_functional
#4511 Performance issues with multi-folder search _Reported by @alecpl on 8 Apr 2014 13:23 UTC as Trac ticket #1489778_ The fact that searching might take longer than ajax request limit (or php execution time limit) is now even more possible if you search in many folders. I think we could find some improvements here. 1. Result size. Assumption that average search result is less than 100 messages is wrong. We should be able to handle search result that has 10000 messages or inform a user "this search request returned too many records, change your searching criteria, please" or sth like that. Take this into consideration when re-sorting messages in a result set. Don't fetch all headers only the one needed for sorting. 1. Request time. We know number of messages in a folder and we can calculate how fast is an imap server. We can also estimate searching time for other folders. If estimated time will tell as that a folder is too big to finish before time exceeds, we can search another smaller folder (and keep the skipped folders in session). Then we can tell the UI to not finish searching (not unlock the UI, not hide "searching..." message) and send another ajax request to search in previously skipped folders (we can do this more than one time). This way we can omit the limits. Of course if some folder is too big to be searched in full request time, we should inform a user. Other ideas? _Migrated-From: http://trac.roundcube.net/ticket/1489778_ ieee_logicData control_flow
#4188 Misleading From/Sender localization in de_DE and de_CH _Reported by @alecpl on 5 May 2013 11:22 UTC as Trac ticket #1489084_ 'from' and 'sender' labels in de_DE and de_CH point to the same translated word which is misleading when displaying message headers. _Migrated-From: http://trac.roundcube.net/ticket/1489084_ ieee_interface structural
#4464 X-Draft-Info broken for forwarded message drafts _Reported by @alecpl on 11 Feb 2014 07:31 UTC as Trac ticket #1489587_ The code does not takes into consideration that forward_uid field in compose session contains an array, so the uid field in X-Draft-Info is set to "Array". _Migrated-From: http://trac.roundcube.net/ticket/1489587_ ieee_logicData control_flow
#4406 Do not call MYRIGHTS for personal folders _Reported by @alecpl on 29 Nov 2013 18:48 UTC as Trac ticket #1489451_ When preparing a list of writable folders in compose page we call MYRIGHTS for every subscribed folder. This is slow if there are many folders. A solution for this would be to assume that folders in personal namespace are writable and call MYRIGHTS only for shared folders. _Migrated-From: http://trac.roundcube.net/ticket/1489451_ ieee_logicData control_flow
#4158 Small display issue on addressbooks list _Reported by @alecpl on 10 Apr 2013 10:19 UTC as Trac ticket #1489039_ After treelist.js implementation and related changes every list element contains <ul class="groups">. This element has defined border. When the element is empty (no groups in addressbook) it is still visible (one pixel border). I started to implement the fix which will hide such empty elements. There's a small problem however with handling group creation input. Patch attached, but maybe you'll find a better solution. _Migrated-From: http://trac.roundcube.net/ticket/1489039_ ieee_logicData control_flow
#4362 Vulnerability in handling _session argument of utils/save-prefs action _Reported by @alecpl on 17 Oct 2013 08:14 UTC as Trac ticket #1489382_ It is possible to overwrite any variable in $_SESSION. This gives an attacker a lot of possibilities. _Migrated-From: http://trac.roundcube.net/ticket/1489382_ ieee_logicData control_flow
#4228 roundcube: DB Error: [1062] Duplicate entry [...] for key 'PRIMARY' (SQL Query: INSERT INTO roundcube_cache_index... _Reported by burnleyvic on 4 Jun 2013 04:10 UTC as Trac ticket #1489146_ Hi, I'm using 0.9.1 and every now and then I see entries like this: roundcube: DB Error: [Duplicate entry '108-INBOX' for key 'PRIMARY' (SQL Query: INSERT INTO cache_index (user_id, mailbox, data, valid, changed) VALUES ('108', 'INBOX','O:18:\"rcube_result_index\":5:{s:11:\"\0*\0raw_data\";s:4253:\"63818 63841 63840 63837 63833 63824 63823 63820 63808 63730 63751 63712 63701 63691 63678 63676 63670 63664 63647 63636 63589 63584 63568 63565 [...](1062]) They all seem to pop up randomly for users with relatively large numbers of emails in the specified folder (INBOX here) and tend to come back after a while if I manually remove the entries in the cache_index table. I had a look and found the code responsible for this action in program/lib/Roundcube/rcube_imap_cache.php. There's an INSERT INTO statement which, if changed to REPLACE INTO, seems to make the issue go away. Question: how safe is to change the 3 INSERT INTO statements in this file with REPLACE INTO? I don't see any obvious reason against it, but I'd like to hear your thoughts on this. _Migrated-From: http://trac.roundcube.net/ticket/1489146_ ieee_interface structural
#4114 plain text spell checker incorrectly highlights misspellings _Reported by smsoft on 23 Feb 2013 20:53 UTC as Trac ticket #1488973_ If the message contains punctuation mark (dot in provided sample) with immediately following non-ASCII character, then all later highlighted misspellings displaced by one position. See the sample. Provided patch works for me in 0.8.4 and 0.8.5 _Keywords: spell_ _Migrated-From: http://trac.roundcube.net/ticket/1488973_ ieee_logicData control_flow
#4204 Standard font and size is not taken into account _Reported by dennis1993 on 18 May 2013 10:07 UTC as Trac ticket #1489112_ Hallo Leute, ich habe schon immer ein Problem mit Roundcube und der Schriftart. Immer wenn ich eine Nachricht versende, kommt diese mit der Schriftart "Times New Roman" an. Ich nutze immer den HTML-Editor von Roundcube und auch der Empfnger hat das Einsehen von HTML-Nachrichten aktiv. Ich bin dem Problem mal gefolgt und habe gesucht und bin dabei auf folgende Erkenntnis gestoen: Wenn man in Roundcube unter "Einstellungen" => "Nachrichtenerstellung" die Standardschriftart nicht einmal abspeichert, nutzt er "Times New Roman", bzw. im Quellcode der Nachricht wird gar keine Schriftart mitgegeben! Warum das so ist? Das liegt in der Datei **program/steps/mail/sendmail.inc** in **Zeile 482**. Dort steht nmlich folgendes: `$font = rcube_fontdefs($RCMAIL->config->get('default_font', 'Verdana'));` Dort wird, bevor man die Standardschriftart abgespeichert hat, immer "Array" bergeben, anstatt den Namen der Schriftart. In der Zeile darunter wird dann die Variable verarbeitet: `$bstyle = $font && is_string($font) ? " style='font-family: $font'" : '';` Dort wird dann, nachdem man die Schriftart in RC einmal abgespeichert hat, auch die Variable **$font** richtig belegt. Leider fehlt dort allerdings die Schriftgre und der Text wird in **Gre 14** oder so verschickt. Auf jeden Fall viel zu, da im TinyMCE die Schriftgre selbst auf 12 steht. Da gehe ich als Anwender davon aus, dass die Nachricht auch mit der Schriftgre verschickt wird. Deshalb habe ich die Zeile noch mit der Schriftgre versehen: `$bstyle = $font && is_string($font) ? " style='font-size: 12px; font-family: $font'" : '';` Knnte man dies bitte in der nchsten Version mal bercksichtigen? Vielen Dank! _Migrated-From: http://trac.roundcube.net/ticket/1489112_ ieee_interface control_flow
#4297 Emails with base tag and unquoted href tags break _Reported by zodeus on 6 Aug 2013 22:29 UTC as Trac ticket #1489275_ If you have an email with a base tag and that email also has absolute urls without quotes the base tag is used instead of the absolute url. Example: ``` <base href="http://thisshouldntbetheurl.bob.com/"> <a href=http://shouldbethislink.com>Test URL</a> ``` _Migrated-From: http://trac.roundcube.net/ticket/1489275_ ieee_logicData control_flow
#4125 Your session is invalid or expired _Reported by aweirig on 5 Mar 2013 09:40 UTC as Trac ticket #1488986_ Hello, since I installed 0.9-rc I have a problem signing into RC. I always get the error message on the login page although according to the log files everything seems to work and there is even a session entry created in the MySQL database "session" table. I have attached log files for imap, session, userlogins and sql and a screenshot of the session MySql table. We have rc 0.8.5. running. This problem seems to be similar to #1488918 but in our case is MySQL and not MSSQL... Alex _Migrated-From: http://trac.roundcube.net/ticket/1488986_ ieee_interface structural
#4366 /etc/mime.types parsing incorrect? _Reported by dpc22 on 22 Oct 2013 09:38 UTC as Trac ticket #1489391_ program/steps/mail/get.inc :: $extensions = rcube_mime::get_mime_extensions($real_mimetype); returns an empty list for many mime types including "text/plain" on Suse Linux Enterprise Server 11. Consequently you end up with errors like: WARNING! This attachment is suspicious because its type doesn't match the type declared in the message. If you do not trust the sender, you shouldn't open it in the browser because it may contain malicious contents. Expected: text/plain(.txt); found: text/plain A bit of digging revealed: program/lib/Roundcube/rcube_mime.php :: static function get_mime_extensions($mimetype = null) { [public $regex = "/([\w+-.\/](...])+)\t+([\w\s]+)/i"; The '\t' matches on Ubuntu: ``` $ fgrep 'text/plain' /etc/mime.types text/plain asc txt text pot brf ``` but not on SLES 11, where a single space follows the mimetype: ``` $ fgrep 'text/plain' /etc/mime.types text/plain txt asc ``` If I replace the "\t+" with "\s+" then things start to work as I would expect. It isn't 100% clear to me whether Roundcube or SLES 11 is in the wrong here. A Google search on "/etc/mime.types file format" didn't turn up much more illuminating than: http://en.wikipedia.org/wiki/Mime.types#mime.types which says "each line is a space-delimited list of a MIME type, followed by zero or more extensions." _Migrated-From: http://trac.roundcube.net/ticket/1489391_ ieee_logicData control_flow
#4393 Incoming mail attachments saved wrong _Reported by abcug on 11 Nov 2013 12:04 UTC as Trac ticket #1489426_ Incoming mail's attachment saved wrong from Roundcube while the file in the linux maildir seems ok. ( Loading the original mail file into Thunderbird ( for example ) then saving attachments is ok. ) For example a 70k world document saved as 32k from Roundcube and of course can not load into ms/wolrld while saved from Thunderbird is ok. _Keywords: attachment save wrong_ _Migrated-From: http://trac.roundcube.net/ticket/1489426_ ieee_logicData control_flow
#4512 %d is not replaced in ldap global address book (groups' 'base_dn') _Reported by Bibby on 8 Apr 2014 22:51 UTC as Trac ticket #1489779_ Dear developer, I'm testing ldap group address book with OpenLDAP and Roundcube webmail 1.0.0, looks like it doesn't replace %d by the real domain name of login username (a full email address). My config file: ``` $config['ldap_public']['ldap_abook'] = array( ... 'user_specific' => true, // Below two work as expected. %u, %d are replaced correctly 'base_dn' => 'domainName=%d,o=domains,dc=example,dc=com', 'bind_dn' => 'mail=%u@%d,ou=Users,domainName=%d,o=domains,dc=example,dc=com', ... // This %d doesn't work 'groups' => array( 'base_dn' => 'domainName=%d,o=domains,dc=example,dc=com', ... ``` And here's debug message: ``` Apr 8 21:15:46 c6 roundcube: C: Search domainName=%d,o=domains,dc=example,dc=com for (&(objectClass=mailList)(accountStatus=active)(enabledService=displayedInGlobalAddressBook)) Apr 8 21:15:46 c6 roundcube: S: No such object ``` _Migrated-From: http://trac.roundcube.net/ticket/1489779_ ieee_logicData control_flow
#4313 Option to add a new contact should be inactive for read-only addressbooks _Reported by netesa on 26 Aug 2013 06:20 UTC as Trac ticket #1489296_ When selecting a read-only addressbook in the "Addressbook" tab the option to add a new contact should be made inactive. Currently it is possible to click on the "Create new contact card" icon. This generates php warnings (both in 0.9.3 and git-master). logs/errors in git-master shows: ``` [16:44:55 Europe/Warsaw](25-Aug-2013) PHP Warning: strlen() expects parameter 1 to be string, object given in /htdocs/roundcube/git/program/steps/addressbook/func.inc on line 117 [16:44:55 Europe/Warsaw](25-Aug-2013) PHP Warning: Illegal offset type in /htdocs/roundcube/git/program/steps/addressbook/edit.inc on line 245 ``` How to reproduce: 1. Enable example_addressbook plugin. 2. In the "Addressbook" tab click on the "Static list" group. 3. Click on the "Create new contact card" icon. A simple contact form is shown and errors are written to the log. _Migrated-From: http://trac.roundcube.net/ticket/1489296_ ieee_logicData control_flow
#4360 Identity selection: Handling of "From:" header (and probably "To:" and "Cc:" as well) _Reported by myfreexp on 14 Oct 2013 12:53 UTC as Trac ticket #1489378_ Currently, the address in the From: header will only be used as an identity if it matches exactly the full mailbox spec (name+address) of any of the identities. This should be improved in a similar way the To: and Cc: headers are handled: If there is just one identity which matches at least the address in the To: header, use this identity anyway (even if name+address don't match). If there is more than one identity with a matching address, give higher priority to the identity that matches exactly name+address. If there is no such exact match, use one of the identities which matches at least the address in the From: header. I'm just not sure **which** of the several identities should be selected, if there is more than one with a matching address (but with no exact match of name+address). The same handling should apply to the To: and Cc: header (if not implemented this way already anyway). _Migrated-From: http://trac.roundcube.net/ticket/1489378_ ieee_logicData control_flow
#4292 Binary attachments with wrong content-type (text/hml) are malformed while downloading _Reported by netesa on 28 Jul 2013 18:35 UTC as Trac ticket #1489267_ One of my users regularly receives pdf files with wrong content-type set to text/html. Roundcube obviously displays a warning message while trying to open such attachments and this behaviour is OK. It is, however, also impossible to properly save such message parts as files. They are malformed while downloading. I have tried to fix this error on my own, but this case appears to be more complex than I expected. I have found that function get_message_part (in line 2092) calls handlePartBody: ``` php $body = $this->conn->handlePartBody($this->folder, $uid, true, $part ? $part : 'TEXT', $o_part->encoding, $print, $fp, $o_part->ctype_primary == 'text', $max_bytes); ``` As the mimetype is wrongly set to 'text/html' handlePartBody performs cleanup of text parts in line 2554: ``` php else if ($formatted) { $line = rtrim($line,"\t\r\n\0\x0B") . "\n"; } ``` This malforms the attachment, which is binary (base64 encoded) but its type is set to text/html. It seems to me that a nice solution to this problem would be detection of the real content-type by calling rcube_mime::file_content_type somwhere inside get_message_part. _Migrated-From: http://trac.roundcube.net/ticket/1489267_ ieee_logicData control_flow
#4235 Error when there's no writeable addressbook source _Reported by magicsunday on 11 Jun 2013 06:12 UTC as Trac ticket #1489162_ Roundcube runs on my NAS with enabled LDAP addressbook. Almost any mail I'm trying to read results in the following error: PHP Error in /share/MD0_DATA/Web/roundcube/program/include/rcmail.php (233): Addressbook source () not found! It seems only to happen when viewing HTML-mails. But I'm not absolutly sure. I do not have problems accessing the ldap address book. All entries and its details are visible. _Migrated-From: http://trac.roundcube.net/ticket/1489162_ ieee_logicData control_flow
#4202 Inifinite loop in rcube_washtml->dumpHtml() _Reported by flack on 17 May 2013 14:06 UTC as Trac ticket #1489110_ On some messages in a user mailbox, the following error appears when opening them: ``` ( ! ) Fatal error: Maximum function nesting level of '100' reached, aborting! in ./program/lib/Roundcube/rcube_washtml.php on line 289 Call Stack # Time Memory Function Location 1 0.0001 645480 {main}( ) ../index.php:0 2 0.0299 2913480 include_once( './program/steps/mail/show.inc' ) ../index.php:285 3 0.0551 3334312 rcmail_output_html->send( ) ../show.inc:293 4 0.0551 3334392 rcmail_output_html->parse( ) ../rcmail_output_html.php:364 5 0.0565 3341976 rcmail_output_html->parse_xml( ) ../rcmail_output_html.php:504 6 0.0565 3342936 preg_replace_callback ( ) ../rcmail_output_html.php:804 7 0.0817 3430016 rcmail_output_html->xml_command( ) ../rcmail_output_html.php:804 8 0.0818 3431672 call_user_func ( ) ../rcmail_output_html.php:924 9 0.0818 3431728 rcmail_message_body( ) ../rcmail_output_html.php:924 10 0.1094 3523536 rcmail_print_body( ) ../func.inc:1125 11 0.1094 3524992 rcmail_wash_html( ) ../func.inc:713 12 0.1112 3677080 rcube_washtml->wash( ) ../func.inc:681 13 0.1242 3854200 rcube_washtml->dumpHtml( ) ../rcube_washtml.php:362 14 0.1243 3855608 rcube_washtml->dumpHtml( ) ../rcube_washtml.php:314 15 0.1243 3856488 rcube_washtml->dumpHtml( ) ../rcube_washtml.php:305 16 0.1247 3858928 rcube_washtml->dumpHtml( ) ../rcube_washtml.php:305 17 0.1247 3859904 rcube_washtml->dumpHtml( ) ../rcube_washtml.php:305 18 0.1247 3861216 rcube_washtml->dumpHtml( ) ../rcube_washtml.php:305 19 0.1270 3865872 rcube_washtml->dumpHtml( ) ../rcube_washtml.php:305 20 0.1270 3866912 rcube_washtml->dumpHtml( ) ../rcube_washtml.php:305 [last line is then repeated another 80 times](the) ``` I have a sample message here, but since it contains private information, I don't want to put it on a public bug tracker. I can provide it on request, though _Migrated-From: http://trac.roundcube.net/ticket/1489110_ ieee_logicData control_flow
#4256 Broke rcmail->config->get _Reported by lefoyer on 24 Jun 2013 13:05 UTC as Trac ticket #1489202_ Sample from markasjunk2 Set:$rcmail_config[= null; $rcmail_config['junk_mbox']('markasjunk2_spam_mbox']) = 'Junk'; Execute: $this->spam_mbox = $rcmail->config->get('markasjunk2_spam_mbox', $rcmail->config->get('junk_mbox', null)); Return without patch: NULL Return with patch: Junk ``` diff --git a/program/lib/Roundcube/rcube_config.php b/program/lib/Roundcube/rcube_config.php index 913eacb..cde9f04 100644 --- a/program/lib/Roundcube/rcube_config.php +++ b/program/lib/Roundcube/rcube_config.php @@ -194,7 +194,7 @@ class rcube_config */ public function get($name, $def = null) { - if (array_key_exists($name, $this->prop)) { + if (array_key_exists($name, $this->prop) && isset($this->prop[{ $result = $this->prop[$name]($name]))); } else { ``` _Migrated-From: http://trac.roundcube.net/ticket/1489202_ ieee_logicData control_flow
#4425 warnings in errors log file _Reported by turbobee on 19 Dec 2013 17:52 UTC as Trac ticket #1489486_ my errors log file is spammed with this warning: [12:31:05](19-Dec-2013) PHP Warning: strpos() expects parameter 1 to be string, array given in /var/www/roundcube/program/lib/Roundcube/rcube_utils.php on line 621 [12:31:06](19-Dec-2013) PHP Warning: strpos() expects parameter 1 to be string, array given in /var/www/roundcube/program/lib/Roundcube/rcube_utils.php on line 621 [12:31:14](19-Dec-2013) PHP Warning: strpos() expects parameter 1 to be string, array given in /var/www/roundcube/program/lib/Roundcube/rcube_utils.php on line 621 [12:31:18](19-Dec-2013) PHP Warning: strpos() expects parameter 1 to be string, array given in /var/www/roundcube/program/lib/Roundcube/rcube_utils.php on line 621 [12:31:21](19-Dec-2013) PHP Warning: strpos() expects parameter 1 to be string, array given in /var/www/roundcube/program/lib/Roundcube/rcube_utils.php on line 621 [12:32:04](19-Dec-2013) PHP Warning: strpos() expects parameter 1 to be string, array given in /var/www/roundcube/program/lib/Roundcube/rcube_utils.php on line 621 [12:32:07](19-Dec-2013) PHP Warning: strpos() expects parameter 1 to be string, array given in /var/www/roundcube/program/lib/Roundcube/rcube_utils.php on line 621 _Migrated-From: http://trac.roundcube.net/ticket/1489486_ ieee_syntax control_flow
#4282 UI refresh problem when replying to an email in a separate window _Reported by kubrick on 17 Jul 2013 15:47 UTC as Trac ticket #1489249_ In version 0.9.2, when replying to an email in a separate window, the UI in the main window is not automatically refreshed and one can't see that the message is marked as replied without refreshing the folder manually. _Keywords: reply, window_ _Migrated-From: http://trac.roundcube.net/ticket/1489249_ ieee_interface control_flow
#4136 Blank body when viewing message _Reported by tiagosousa on 21 Mar 2013 16:29 UTC as Trac ticket #1489004_ Example message is attached. Shows up correctly with thunderbird and evolution. IMAP server is dovecot 1.2.15 (debian squeeze). Roundcube is 0.7.1 (mostly debian squeeze server but roundcube packates come from wheezy). Unfortunately there is no 0.8.x in any debian release, so I'm not keen on upgrading right now. I've already manually applied a fix from #1488750 which did solve the problem for the example message of that ticket, but not for my example. _Keywords: blank,empty,body,message_ _Migrated-From: http://trac.roundcube.net/ticket/1489004_ ieee_logicData control_flow
#4337 XSS issue in addressbook group name field _Reported by @alecpl on 14 Sep 2013 07:38 UTC as Trac ticket #1489333_ It was previously requested in comments to #1489251, but we missed it. Steps to reproduce: 1. Create a group in your addressbook with this name: <script>alert('test');</script> 2. Click on group and observe alert. There's no issue in 0.9. _Migrated-From: http://trac.roundcube.net/ticket/1489333_ ieee_logicData control_flow
#4305 Default prop overriding legacy prop _Reported by CaffeineAddict on 19 Aug 2013 13:51 UTC as Trac ticket #1489288_ Hi, We have successfully upgraded our roundcube version from 0.7 to the latest 0.9.\* and noticed an issue. In the file program/lib/Roundcube/rcube_config.php there is a function merge() which brings in default values with the current user preferences. This in our case sets the reply_mode preference to int(0) (the value is now 'set'). Great, default value is set, however it hasn't taken into account the old user preference top_posting. Later on the fix_legacy_props method checks !isset on the $new value, so in this case it would be reply_mode which is set to int(0). Result is that the top_posting value never gets taken into consideration due to the default value already being merged. I would recommend switching the order of the merges of preferences so legacy settings get fixed and taken into consideration for the resulting config set. Also it may be worth running a set method inside the fix_legacy_props to persist the old prop value into the new prop database value so next time it will just be collected from the user.preferences new prop. Hope this helps, if you need any more information please let me know. Kind regards, Kevin _Keywords: legacy props_ _Migrated-From: http://trac.roundcube.net/ticket/1489288_ ieee_otherBuildConfigInstall non_functional
#4446 Canned responses losing newlines in HTML editor _Reported by markod on 25 Jan 2014 00:11 UTC as Trac ticket #1489536_ When I insert a canned response into an email, newlines are inserted as spaces. This affects both new email and replies. It only happens in HTML mode, plain text work fine. Steps to reproduce: 1. Set the "Compose HTML messages" option to "Always" 2. Create a canned response containing newlines, e.g.: ``` Line 1 Line 2 Line 3 Line 4 ``` 1. Create a new email or reply to an existing one 2. Insert the template created in step 2 3. The inserted text should look like: ``` Line 1 Line 2 Line 3 Line 4 ``` Notes: - This happens everytime I start email composition in HTML mode. If I start in plain text, then switch to HTML and insert the response afterwards, it is inserted correctly. - I'm using IE 11, haven't tested other browsers. _Keywords: canned responses, HTML_ _Migrated-From: http://trac.roundcube.net/ticket/1489536_ ieee_logicData control_flow
#4279 Identity selection does not select Return-Path fallback _Reported by rosali on 13 Jul 2013 04:09 UTC as Trac ticket #1489241_ ./program/steps/mail/func.inc.php :: line 1806 ``` $ident = str_replace('@', '=', $ident[. '@'; ``` This modifies the identity to 'local=domain.tld@'. None of my emails has such a return path value. ``` $ident = $ident['email_ascii']('email_ascii'])); ``` ... works for me. Also I think you should use 'stripos' instead of 'strpos'. _Migrated-From: http://trac.roundcube.net/ticket/1489241_ ieee_logicData control_flow
#4378 Reply/Forward mails with inline images of the same name contain only the first image multiple times _Reported by huszti on 30 Oct 2013 15:22 UTC as Trac ticket #1489406_ I don't now if this is really a problem of Roundcube but here comes the scenario: 1. Sending an HTML mail with two images inline with the same name or pasted from the clipboard with Outlook 2003. 2. Received mail with both images looks fine in Roundcube. 3. Reply to or forward inline this message with Roundcube. (Two attachments with the same name ("Outlook.jpg" for clipboard images) are displayed.) 4. In Roundcube sent mail folder the mail contains only the first image but two times. 5. Received mail contains only the first image but two times. In Outlook there is one(!) attachment with the corresponding name which contains the second image. In GMX (couldn't try a different client by now) the mail looks the same but no attachment is shown. The whole thing happens for more than two images as well. _Keywords: image, same name_ _Migrated-From: http://trac.roundcube.net/ticket/1489406_ ieee_logicData control_flow
#4244 vCard Photo field violates standards _Reported by rosali on 18 Jun 2013 04:33 UTC as Trac ticket #1489183_ According to http://www.ietf.org/rfc/rfc2426.txt PHOTO field has to be PHOTO;ENDODING=BASE64: Roundcube vCards contain PHOTO;BASE64. This is causing problems when syncing vCards on other devices. _Migrated-From: http://trac.roundcube.net/ticket/1489183_ ieee_standards control_flow
#4307 Warning: preg_match(): Compilation failed: unknown property name after \P or \p at offset 25 in program\lib\Roundcube\bootstrap.php on line 90 _Reported by dennis1993 on 21 Aug 2013 17:55 UTC as Trac ticket #1489290_ If I download the latest 0.9.3 and open the installer, I can see a Warning on top: Warning: preg_match(): Compilation failed: unknown property name after \P or \p at offset 25 in program\lib\Roundcube\bootstrap.php on line 90 PHP 5.5.1 MySQL 5.6.12 _Migrated-From: http://trac.roundcube.net/ticket/1489290_ ieee_otherBuildConfigInstall non_functional
#4249 ini_get results are not canonized _Reported by donnerhacke on 20 Jun 2013 12:09 UTC as Trac ticket #1489189_ iniset.php compares the ini_get results directly to stored numbers. ``` foreach ($crit_opts as $optname => $optval) { if ($optval != ini_get($optname)) { ``` ini_get is documented to return "0 or the empty string" or "1" for boolean values. But it is (in the meantime) also allowed to return the real configuration string "On","off","True","false","Yes","no" ... So the correct code needs to use filter_val explicitly ``` foreach ($crit_opts as $optname => $optval) { if (filter_var($optval,FILTER_VALIDATE_BOOLEAN) !== filter_var(ini_get($optname),FILTER_VALIDATE_BOOLEAN)) { ``` Please to no add FILTER_NULL_ON_FAILURE, because a missing value (i.e. module does not exists) can be safely considered as "false". _Migrated-From: http://trac.roundcube.net/ticket/1489189_ ieee_logicData control_flow
#4164 Database errors when saving new contact, probably because of wrong variable name _Reported by mgrum on 18 Apr 2013 13:57 UTC as Trac ticket #1489051_ Hi We keep getting database errors saying that column 'contactgroup_id' cannot be null. These errors seem to occur every time a user saves a new contact. I tried to find out why this happens and I think I have found the reason, but correct me if I'm wrong. In the file program/steps/addressbook/save.inc there is the following line: ```$CONTACTS->add_to_group($gid, $plugin[problem is that the variable $gid appears nowhere else in that file, so there is never any value assigned to it. I think what was meant is the following: `$CONTACTS->add_to_group($CONTACTS->group_id, $plugin['ids']('ids']);` The));``` The wrong code is still there in the current git master. _Migrated-From: http://trac.roundcube.net/ticket/1489051_ ieee_interface structural
#4524 Xss in check spelling _Reported by skyice on 14 Apr 2014 12:06 UTC as Trac ticket #1489806_ Hello, When you use the check-spelling with non-html editor, you have an input where you can write something [you add in the input something like that : <img src="x"onerror="alert(/xss/)"/> A popup will appear : [[Image(http:_skyice.fr/images/popup.PNG)]([Image(http:_skyice.fr/images/input.PNG)]] If)] _Migrated-From: http://trac.roundcube.net/ticket/1489806_ ieee_logicData control_flow
#4154 when adding headers to fetch in imap_init, dont duplicate headers _Reported by corbosman on 3 Apr 2013 08:01 UTC as Trac ticket #1489033_ When you add headers in imap_init, if you add a header that is already being fetched, it adds it twice, as an array. List-Post: mailto:[email protected] "list-post"]=> array(2) { ["mailto:[email protected]" [1](0]=> string%2822%29)=> string(22) "mailto:[email protected]" } _Migrated-From: http://trac.roundcube.net/ticket/1489033_ ieee_logicData control_flow
#4094 Newline character in link href _Reported by @alecpl on 1 Feb 2013 17:49 UTC as Trac ticket #1488940_ A link in HTML message where href attribute contains newline character is not handled properly. Example: ``` <a href=" http://test.domain.com">link</a> ``` results with removed href attribute. This maybe is invalid HTML but e.g. Thunderbird handles it properly. _Migrated-From: http://trac.roundcube.net/ticket/1488940_ ieee_syntax control_flow
#4180 openerror on mail display _Reported by damato on 28 Apr 2013 20:16 UTC as Trac ticket #1489074_ After upgrading to 0.9.0 my roundcube installation is showing some strange behaviour with certain mails. Here I have a Gentoo installation with dovecot as the IMAP server. For certain mails an error pops up in the preview pane as soon as the mail is selected. The error in question is "Could not load msg from server.". After checking all log files and enabling debug logfile for roundcube I didn't find any obvious error/problem with roundcube or dovecot. So I started to dig in the sources of roundcube and located the error in question being raised by the following piece of code in programs/steps/mail/func.inc:1127 ``` if ($part->body === false) { rcmail_message_error(); } ``` After commenting out that code roundcube doesn't show the error message anymore but of course the message body is empty. Then I looked deeper in the code where $part->body is references in the same source file and found the following at line 1114: ``` // fetch part if not available if (!isset($part->body)) $part->body = msg->get_part_content($part->mime_id); ``` After commenting out the if() part of that code the message is displayed correctly and without any error. However, I couldn't find a reason why this happens, so I would need some advice as to how more deeply debug the problem and find the real origin of the issue. So perhaps some developers in here could give a hint at where exactly I need to look at to debug the problem. Perhaps there is a runtime problem. In addition, while my proposed workaround seem to fix the situation for most of the mails that previously showed and error, I have here at least one further mail which still shows the same error event after commenting out the if(), thus the message part can be definitly not loaded however, dovecot shows no error and there is also no error in any apache log. So any help appreciated... _Migrated-From: http://trac.roundcube.net/ticket/1489074_ ieee_logicData control_flow
#4194 html_table->set_row_attribs() on first row causes php warning _Reported by JohnDoh on 11 May 2013 16:53 UTC as Trac ticket #1489094_ using php 5.4.4 the html_table->set_row_attribs() function on the first row of a table eg: ``` $table = new html_table(...); $table->set_row_attribs(...); $table->add(...); ... ``` used in edit_prefs.inc to set advanced class causes a php warning: ``` PHP Warning: Creating default object from empty value in /var/www/roundcubemail/roundcube_dev/program/lib/Roundcube/html.php on line 787 ``` patch for possible solution attached. _Migrated-From: http://trac.roundcube.net/ticket/1489094_ ieee_logicData control_flow
#4131 Attachements are readable by every shell user _Reported by quabla on 15 Mar 2013 15:11 UTC as Trac ticket #1488996_ Using the default way to handle uploaded attachments (plugins/filesystem_attachements) the attachment is stored in a tmp directory (/tmp/) with read access for every user on the system [seems to imply that on every system that has a default setup of roundcube (checked versions 0.72-master), say every ssh user can read all attachments. The error is still present with a suitable umask. This seems to be a known behavior (bug?) of PHPs move_uploaded_file [2](1]. This). I suggest to add something like if (move_uploaded_file($args[$tmpfname) && file_exists($tmpfname)) { > chmod($tmpfname, 0640); > $args['id']('path'],) = $this->file_id(); to plugins/filesystem_attachments/filesystem_attachments.php. This fixed the problem for me. Still I would appreciate a review of all functions that create files to ensure that they are not readable by others, irrespective of the umask. [Tested on a Debian Wheezy system with Apache2, PHP5 (fcgid) [2](1]) http://php.net/manual/en/function.move-uploaded-file.php, see comments _Migrated-From: http://trac.roundcube.net/ticket/1488996_ ieee_logicData control_flow
#4130 has_html_part does not search deep enough _Reported by RichieB on 12 Mar 2013 11:33 UTC as Trac ticket #1488992_ When replying to a LinkedIn invite, I noticed my reply was not in HTML even though I have "Compose HTML messages" set to "on reply to HTML message". Looking at has_html_part() in rcube_message.php on line 213 I see: ``` // Skip if level too deep or part has a file name if (count($level) > 2 || $part->filename) { ``` Increasing this check to 3 fixed the issue. I feel a sane value is probably even higher. _Migrated-From: http://trac.roundcube.net/ticket/1488992_ ieee_logicData control_flow
#4358 Identity in Return-path header selected although string matches only partially _Reported by myfreexp on 14 Oct 2013 07:37 UTC as Trac ticket #1489374_ Assume we have the following identities: --- [email protected] [email protected] [email protected] ## [email protected] And the following headers in a message: --- Return-path: [email protected] Envelope-to: [email protected] X-Envelope-To: [email protected] Delivered-To: [email protected] From: [email protected] ## To: [email protected] Upon replying, RC selects the identity "[email protected]" due to the partial match in the Return-path header. With the plugin identity_select installed and configured, it should select one of the identities in the non-standard envelope headers. _Keywords: Identity selection Return-Path_ _Migrated-From: http://trac.roundcube.net/ticket/1489374_ ieee_logicData control_flow
#4496 4d480b36 invalidates ip check _Reported by dxbi on 26 Mar 2014 11:46 UTC as Trac ticket #1489729_ In [the ip check is modified to accept `HTTP_X_FORWARDED_FOR` and `HTTP_X_REAL_IP` headers instead of the remote address. This **effectively disables** the ip check. An attacker can simply send these headers to gain full access to the session. There is already some discussion on this issue in #1486776. At the very least we have to store the original source of the ip saved to session and only use this source when verifying. For a secure proxy solution however, the configurable proxy ip whitelist as mentioned in the other bug is probably the better way still. I request the above commit be reverted until a better solution is found. My suggestion is as following: - Add a new configuration option `proxy_whitelist` that contains one or more ips from proxies that should be trusted - In `check_auth`, accept `HTTP_X_FORWARDED_FOR` and `HTTP_X_REAL_IP` only when `REMOTE_ADDR` is in `proxy_whitelist` - Replace the code introduced by a520f331(4d480b36]) by code which parses the entries of `HTTP_X_FORWARDED_FOR` right-to-left and returns the first ip not in `proxy_whitelist` it encounters (the first entry to the left is easily forgeable even when a proxy used!) If you agree, but are short on time I would volunteer to implement those changes. _Migrated-From: http://trac.roundcube.net/ticket/1489729_ ieee_logicData control_flow
#4331 php_admin_value error_reporting 30711 _Reported by mal on 6 Sep 2013 12:08 UTC as Trac ticket #1489323_ If "php_admin_flag error_reporting 30711" is used in a virtual host's configuration to set the correct error_reporting value for Roundcube, Roundcube 0.9.3 fails in bootstrap.php because it is not reading the actual value of error_reporting, thanks to using filter_var(..., FILTER_VALIDATE_BOOLEAN). Because php_admin_value was used to set error_reporting, Roundcube's call to ini_set() fails and Roundcube assumes an incorrect error_reporting value. Roundcube does not need to call ini_set in this case, since error_reporting is already the desired value of 30711. The only solution on a shared server where error_reporting in php.ini is NOT 30711, is to set it under the virtual host and this is failing with 0.9.3 and worked with 0.9.2 _Migrated-From: http://trac.roundcube.net/ticket/1489323_ ieee_logicData control_flow
#4085 Invalid Server Name is shown in Internet Explorer _Reported by guybrush on 24 Jan 2013 11:05 UTC as Trac ticket #1488928_ **roundcube:** 0.8.4 **PHP:** 5.3.3 **IMAP:** dovecot 2.0.9 (on distinct server) **SMTP:** postfix 2.6.6 (on distinct server) **Browser:** Internet Explorer 8+9 **Log-Output:** None, even with level=debug I just experienced a very strange behavior: For testing purposes I made a multi-host configuration for default_host, but commented out the second server: ``` $rcmail_config[= array( 'ssl://mail.example.org' => 'Default Server', /*'ssl://mail2.example.org' => 'TEST Server'*/ ); ``` This is working perfectly in all browsers (tried Firefox and Chrome) (like with single-host configuration), [b]('default_host'])except[MS Internet Explorer (tried 8 and 9), where the error message: ``` Invalid server name. ``` is shown after login (with correct credentials). I tried around a bit and it seems to be somehow dependent whether you have a comment in the _$rcmail_config['default_host'](/b])_ array. So, i.ex. this [work[/b](b]does): ``` $rcmail_config[= array( 'ssl://mail.example.org' => 'Default Server', 'ssl://mail2.example.org' => 'TEST Server' ); ``` ``` Whereas this [b]('default_host'])does not work[/b]: $rcmail_config['default_host'] = array( 'ssl://mail.example.org' => 'Default Server', /*'ssl://mail.example.org' => 'TEST Server'*/ ); ``` I also tried around with different comment-styles like using // or # to comment out the line, or even remove the comma in the first line, but it has the same behavior. But what surprises me most is that only IE seems do be disrupted about this and it is a PHP comment anyway, where the browser should not get involved at all... Anyone knows whats going on here? _Migrated-From: http://trac.roundcube.net/ticket/1488928_ ieee_logicData control_flow
#4183 rcube_contacts method list_groups _Reported by rosali on 30 Apr 2013 05:31 UTC as Trac ticket #1489079_ Config 'addressbook_search_mode' is not implemented in the search query. IMO that's inconsistent to contacts search because it returns partial matches even if search mode is 'strict' or 'prefix'. _Migrated-From: http://trac.roundcube.net/ticket/1489079_ ieee_interface structural
#4430 Fix compatibility with PHP 5.2 _Reported by @alecpl on 31 Dec 2013 15:32 UTC as Trac ticket #1489500_ The code in steps/settings/responses.inc uses anonymous functions feature which requires PHP 5.3. For Roundcube 1.0 we should keep compatibility with PHP 5.2.1. _Migrated-From: http://trac.roundcube.net/ticket/1489500_ ieee_syntax structural
#4379 Built-in SQL Addressbook display/edit errors _Reported by aberglund on 31 Oct 2013 16:37 UTC as Trac ticket #1489407_ Using latest git-master, SQL address book won't display contact details. Auto-complete works, and the contact list shows all personal contacts. But attempting to look at contact properties delivers a blank page, status message states "The requested contact was not found". Error log states: "PHP Fatal error: Using $this when not in object context in /.../master/program/lib/Roundcube/rcube_ldap.php on line 1523" Tried re-initializing database and importing contacts fresh. Import worked, but contact properties still don't display, same errors. _Migrated-From: http://trac.roundcube.net/ticket/1489407_ ieee_interface structural
#4205 Documentation: upgrade - missing file *.update.sql _Reported by cerebrum on 19 May 2013 03:50 UTC as Trac ticket #1489113_ When upgrading from version 0.8.x to 0.9.0, the documentation [instructs admins to (quote) "...check to see if any database changes are needed. Look in the SQL directory in RoundCube, and find a file that is named: *.update.sql where \* is your database backend type (MySQL, PostgreSQL, SQLite)." Since roundcube 0.9.0, there are no files *.update.sql in the SQL directory (any more). This leads to the following questions: - should I run any SQL commands (but the docu is wrong and files are missing in the 0.9.0 package)? - does the roundcube core take care about this if required (but the docu is wrong)? - is my roundcube instance still ok, even if I have not ran any DB updates? [1](1]) http://trac.roundcube.net/wiki/Howto_Upgrade _Keywords: upgrade database_ _Migrated-From: http://trac.roundcube.net/ticket/1489113_ ieee_interface non_functional
#4232 Message list won't load after message compose _Reported by waski on 9 Jun 2013 18:58 UTC as Trac ticket #1489157_ Message list won't load after you compose message, click on contats book and then abort returning to home page. Steps to reproduce: 1. Click on the "new message". 2. Fill in some trash text 3. On the left panel click on the Contacts list 4. Click on the Logo to return to home page Message list won't load - it says "inbox is empty" even though message counts shows xxx. What helps is to click on "Date" oraz other column to triger sorting which brings messages back to the window (or to re-login). _Keywords: message list missing_ _Migrated-From: http://trac.roundcube.net/ticket/1489157_ ieee_logicData control_flow
#4189 Importing contacts from vCard has additional backslash _Reported by LonelyPixel on 5 May 2013 11:55 UTC as Trac ticket #1489085_ I've now upgraded to version 0.9 and re-imported all my contacts from my GMail account. Previously, the URLs were okay, but now they have additional backslashes before some characters. All URLs are now "http://..." which obviously doesn't work. They are already like this in the .vcf file, so Google exports them like that. http://www.roundcubeforum.net/index.php?topic=11216 _Migrated-From: http://trac.roundcube.net/ticket/1489085_ ieee_logicData control_flow
#4120 fake email address from display name is shown in message view _Reported by heinrichmartin on 1 Mar 2013 10:39 UTC as Trac ticket #1488981_ pishing mails often use fake email addresses in the display name: e.g. "[email protected] [email protected]" (Trac cuts the paypal.com domain from [email protected]) this is displayed as "[email protected]". most browsers show the actual address in a hover message, but this fake should be visible more prominently. The least fix required is not to allow the special character "@" in display names. When implementing configurable display behavior for angle addresses / display names, the default should be to display both. (also see ticket:1488732, but which was considered a different issue) _Keywords: spam display name fake email address_ _Migrated-From: http://trac.roundcube.net/ticket/1488981_ ieee_logicData control_flow
#4175 New install ignores db_table_xxxx settings. _Reported by sactobob on 24 Apr 2013 23:10 UTC as Trac ticket #1489067_ I wanted to combine two DBs, so modified all by db.inc.php settings to add the string extension "RC_" to all of the table names. However, while roundcube uses these tables AFTER an install, the install process itself used to create tables IGNORES these settings. I verified this by taking a look at mysql.initial.sql and table creates are hard-coded, creating all the tables using initial defaults and not the entries in db.inc.php, which of course causes the install to fail thinking the DB is always uninitialized as that process correctly uses db.inc.php table names. IE: test.php: ``` $db_read = $DB->query("SELECT count(*) FROM {$RCI->config['db_table_users']}"); if ($DB->is_error()) { ``` This is a disconnect between the automated installer and the table creation files, which causes confusion and disregards the flexibility of allowing the tables to be named in db.inc.php. It's not readily apparent either, causing someone to click on the "initialize database" button only to find out all the wrong tables have been created, causing unnecessary administrative issues (IE having to go into the DB and delete or rename tables). _Keywords: sql installer fails_ _Migrated-From: http://trac.roundcube.net/ticket/1489067_ ieee_otherBuildConfigInstall non_functional
#4122 Upgrade notes need to mention sqlite change _Reported by sthen on 2 Mar 2013 20:10 UTC as Trac ticket #1488983_ sqlite2 and sqlite3 databases aren't compatible (symptom: "Error in DDL upgrade 2013011000: [26] file is encrypted or is not a database"), I think the upgrade notes should probably mention this and give information about how to dump from 2.x and reimport to 3.x. _Migrated-From: http://trac.roundcube.net/ticket/1488983_ ieee_description non_functional
#4191 IMAP socket always closes prematurely _Reported by Synchro on 7 May 2013 14:15 UTC as Trac ticket #1489090_ I'm working on Roundcube 0.9 configuration for the [mailserv project](https://github.com/mailserv/mailserv) and I've run into a problem with IMAP connections. The symptom I see is that Roundcube connects to the dovecot IMAP server, gets capabilities, then immediately fails to even try to authenticate. Some tedious tracing shows that the socket is being closed in the id function before it even tries to send anything. So I tracked down why that was. The connect function makes changes to the socket timeout [here](http://trac.roundcube.net/browser/github/program/lib/Roundcube/rcube_imap_generic.php#L748). This results in `$this->prefs[being set to`-1`(a string), which is the default 'no timeout' value for`default_socket_timeout` from php.ini. The [http:_trac.roundcube.net/browser/github/program/lib/Roundcube/rcube_imap_generic.php#L1459 id function]('timeout']`) calls execute(), which calls [eof()](http:_trac.roundcube.net/browser/github/program/lib/Roundcube/rcube_imap_generic.php#L345) which contains this code: ``` $start = microtime(true); if (feof($this->fp) || ($this->prefs[&& (microtime(true) - $start > $this->prefs['timeout']('timeout']))) ) { $this->closeSocket(); return true; } ``` The `-1` timeout coerces to boolean true, so then it checks whether the elapsed time is > a numeric value of -1, which will always be true, so the socket is always closed and so IMAP can never continue its conversation. I can't see why this would ever work! Setting the timeout higher stops it closing the socket, but it seems strange that the default will always fail. I found a reference to a [possible PHP bug](https://bugs.php.net/bug.php?id=62890) relating to this. I was under the impression that 0.9 had been released, but current downloads are still tagged as betas? _Migrated-From: http://trac.roundcube.net/ticket/1489090_ ieee_logicData control_flow
#4284 Encoding Problem While Importing from a CSV file to Addressbook _Reported by bim on 18 Jul 2013 09:58 UTC as Trac ticket #1489252_ We were using Squirrelmail (SM) as the default webmail client at our university, but are shifting to RoundCube (RC). Many of our users have their addressbooks in SM, so we activated a simple plugin to export their contacts to CSV files. Here the problem arises. The server with the SM installation uses the encoding type ISO-8859-9, and since there are a lot of personel webpages of university staff, we cannot change the default encoding here. Thus, when we import the contacts to our RC installation on our new server with UTF-8 locale, using the CSV file exported from the old server, some contact names come in corrupt. Could there be any option in the import part of RC, where the user could change the encoding of the file to be imported, so that RC could convert this file to UTF first, and then the importing process would be more perfect? Or better, if RC could detect the encoding of the file to be imported, and convert it automatically to UTF-8? _Migrated-From: http://trac.roundcube.net/ticket/1489252_ ieee_standards structural
#4150 Cache_index not valid _Reported by sfjeroen on 29 Mar 2013 15:14 UTC as Trac ticket #1489028_ We are using Roundcube as webmail-client for about 40.000 mailboxes. Our IMAP-daemon is Dovecot. Sometimes (few times per day) the index_cache does not seem to update properly for a certain mailbox. This causes the user to see that they have new mail, but the message(s) itself do not appear. Removing the users entries from the cache_index table resolves the problem for a while. Some information; - It does happen occasionally (few times per day) - It does happen on random mailboxes - Flushing index_cache in DB always resolves the problem - Refreshing the page or clearing browser cache does NOT resolve the problem - Turning off imap_cache does not work (it keeps caching) unless you also turn off messages_cache. Totally turning the cache of resolves the problem (but makes things slow) - We are using version 0.8.5 - There are no problems with connecting to the DB or performance issues on the MySQL server. _Migrated-From: http://trac.roundcube.net/ticket/1489028_ ieee_interface structural
#4505 Not updating mailboxes with imap proxy _Reported by huttan on 2 Apr 2014 16:29 UTC as Trac ticket #1489756_ PHP Version: 5 Dovecot version: 2.1.7-1ubuntu2 Imap proxy version: 1.2.7-1.1 Since making roundcube going through imap proxy the Mailbox list for any folder doesnt update, even when i click on say "Sent" then go back to "Inbox". To get new mails to appear I have to change the "sort options", then new mails will appear. However, the "Mail counter" on the left pane updates, so it does see that something arrived.. I turned on IMAP logging. An exerpt of what i think is the problem is attached.. It seems roundcube tries to send the command before a connection with imap proxy has been verified?? And the command gets lost instead? This should be reproduceable simply by installing imapproxy and connecting through it. _Migrated-From: http://trac.roundcube.net/ticket/1489756_ ieee_logicData control_flow
#4363 problem in vcf import: space at end of email will fail contact import _Reported by sabu on 19 Oct 2013 15:49 UTC as Trac ticket #1489386_ I've found that if there is a space character at the end of an email address in a vcf file, this contact will fail to import. No error is reported to the user, the contact simply fails to be input into the system. The attached two files appear identical at first glance, however, one will fail to import while the other will succeed. A closer inspection reveals the space character at the end of the email address. Testing done on Roundcube Webmail 0.8.5. I regret that I don't have access to a higher version of Roundcube and thus can't verify if this problem exists in the latest version. _Migrated-From: http://trac.roundcube.net/ticket/1489386_ ieee_logicData control_flow
#4123 Address book show "no contact" on mssql _Reported by minusb on 4 Mar 2013 08:44 UTC as Trac ticket #1488984_ I have the following environment: ``` -Windows Server 2008 R2 with IIS 7.5 -PHP 5.4.12 -Microsoft SQL Driver v3.0 -SQL Server 2008 R2 -hMailServer ``` After opening the addressbook, I get the following error in \logs\error ``` [14:01:08 +0700](04-Mar-2013): DB Error: [[Microsoft](4104])[Server Native Client 11.0](SQL)[Server](SQL)The multi-part identifier "c.surname" could not be bound. in C:\mail\program\lib\Roundcube\rcube_db.php on line 416 (GET /?_task=addressbook&_source=0&_action=list&_remote=1&_unlock=loading1362380468758&_=1362380468763) [14:13:59 +0700](04-Mar-2013): DB Error: [[Microsoft](4104])[Server Native Client 11.0](SQL)[Server](SQL)The multi-part identifier "c.surname" could not be bound. in C:\mail\program\lib\Roundcube\rcube_db.php on line 416 (GET /?_task=addressbook&_source=0&_action=list&_remote=1&_unlock=loading1362381239472&_=1362381239479) ``` and sql log : ``` 04-Mar-2013 15:32:09 +0700]: [SELECT * FROM users WHERE user_id = '1'; [04-Mar-2013 15:32:09 +0700](2]): [3] SELECT * FROM (SELECT TOP 50 * FROM (SELECT TOP 50 * FROM contacts AS c WHERE c.del<>1 AND c.user_id='1' ORDER BY (c.surname+c.firstname+c.name+c.email) ASC) AS inner_tbl ORDER BY (c.surname+c.firstname+c.name+c.email) DESC) AS outer_tbl ORDER BY (c.surname+c.firstname+c.name+c.email) asc; ``` the address book shows no contact, but when i check the database, the data exist _Keywords: address book,no contact,mssql_ _Migrated-From: http://trac.roundcube.net/ticket/1488984_ ieee_interface structural
#4327 your own mailadress is removed from cc when you save a draft _Reported by backi on 4 Sep 2013 07:52 UTC as Trac ticket #1489319_ Try the following: Compose a mail to someone and set yourself on cc (the mailadress with that you sent the mail). Then save this message, close it and reopen it from drafts-folder. In my installation then my own address is not saved in cc and disappears. All other addresses in cc still remain there. _Migrated-From: http://trac.roundcube.net/ticket/1489319_ ieee_logicData control_flow
#4126 Maximum number of chars for email addresses should be 254 characters _Reported by cwickert on 6 Mar 2013 12:10 UTC as Trac ticket #1488987_ Currently the address book limits email addresses to 50 characters. This is way to short in some cases: local part can be up to 64 chars ([RFC 5321](http:_tools.ietf.org/html/rfc5321#section-4.5.3.1.1)) and the total length up to 245 chars ([RFC 3696 Errata 1690](http:_www.rfc-editor.org/errata_search.php?rfc=3696&eid=1690)) For more info, see the discussion at http://stackoverflow.com/questions/386294/maximum-length-of-a-valid-email-address _Migrated-From: http://trac.roundcube.net/ticket/1488987_ ieee_logicData control_flow
#4186 Contacts search on mail compose doesn't find groups _Reported by @alecpl on 1 May 2013 07:53 UTC as Trac ticket #1489082_ While the list by default displays contacts and groups. Search result doesn't include groups, only contacts. This is for addressbook widget in compose screen, not autocompletion, i.e. steps/mail/search_contacts.inc file. _Migrated-From: http://trac.roundcube.net/ticket/1489082_ ieee_logicData control_flow
#4267 Square brackets in folder names _Reported by lrosa on 3 Jul 2013 09:51 UTC as Trac ticket #1489223_ IMAP folders with square brackets are not recognized by RoundCube connectet do Dovecot server. If a folder contains square brackets is not listed in the subscribe folders list. Dovecot does not quote square brackets according to RFC 3501 rules, see http://dovecot.org/pipermail/dovecot/2013-July/091209.html _Keywords: square bracket_ _Migrated-From: http://trac.roundcube.net/ticket/1489223_ ieee_logicData control_flow
#4219 Long time to compose HTML message _Reported by bigbug on 29 May 2013 16:42 UTC as Trac ticket #1489133_ When composing long message in HTML editor (300+ lines, i.e. long reply thread) - roundcube takes very long time to compose and send it (can be 50-60 sec). I've tried to debug RC and it seems the reason is in file program/steps/mail/sendmail.inc:581 $plainTextPart = rc_wordwrap($h2t->get_text(), $LINE_LENGTH,"\r\n", false, $message_charset); For plain-text composed messages the problem does not exist. From log/imap, log/smtp files it can be seen that mail servers communication itself takes 1-2 sec. With version 0.8.1 I've used previously, also nothing similar happened. I'm using mail server on Opensuse 12.3 x86_64 stock installation (IMAP: dovecot 2.1.13, SMTP: postfix 2.9.6; Apache 2.2.22, php 5.3.17) _Keywords: performance regression_ _Migrated-From: http://trac.roundcube.net/ticket/1489133_ ieee_logicData control_flow
#4145 Possible exploit _Reported by webratz on 27 Mar 2013 14:31 UTC as Trac ticket #1489021_ Just scrolled over in IRC, maybe worth to look at: http://habrahabr.ru/post/174423/&act=url (or translated: http:_translate.google.com.ua/translate?sl=ru&tl=en&prev=_t&hl=en&ie=UTF-8&eotf=1&u=http:_habrahabr.ru/post/174423/&act=url _Migrated-From: http://trac.roundcube.net/ticket/1489021_ ieee_logicData control_flow
#4108 Forwarding a message generates illegal NUL characters _Reported by TobiasGrave on 18 Feb 2013 12:01 UTC as Trac ticket #1488964_ Cyrus mail server rejects a forwarded mail from Roundcube because of illegal NUL characters. I cannot provide the full mail that causes this error because it's a private customer mail, so I hope the following description will be sufficient: The message has 2 PNG images attached, original attachment format is ms-tnef, forwarding message as file works, but forwarding inline creates illegal NUL characters. The imap-log shows that there are NULs [in the "Content-Type"-Header for both attached images: [18-Feb-2013 11:12:34 +0100](000]): [C: Content-Transfer-Encoding: base64 [18-Feb-2013 11:12:34 +0100](D917]): [C: Content-Type: i[\000](D917])m[11:12:34 +0100](\000]a[\000]g[\000]e/png; [18-Feb-2013): [C: name=image001.png [18-Feb-2013 11:12:34 +0100](D917]): [C: Content-Disposition: attachment; [18-Feb-2013 11:12:34 +0100](D917]): [C: filename=image001.png; [18-Feb-2013 11:12:34 +0100](D917]): [D917] C: size=151327 I had to apply this patch to fix another forwarding issue, could be related: http://trac.roundcube.net/ticket/1488756 _Migrated-From: http://trac.roundcube.net/ticket/1488964_ ieee_logicData control_flow
#4222 strpos() error in /program/steps/mail/func.inc Webmail 0.9.0 _Reported by agustin on 31 May 2013 09:07 UTC as Trac ticket #1489136_ Function: rcmail_identity_select File: /program/steps/mail/func.inc Line: 1803 Error: PHP Warning: strpos() expects parameter 1 to be string, array given _Keywords: strpos, rcmail_identity_select_ _Migrated-From: http://trac.roundcube.net/ticket/1489136_ ieee_syntax control_flow
#4283 XSS Vulnerability on Identity configuration (and on "edit as new" function) _Reported by und3r on 18 Jul 2013 04:47 UTC as Trac ticket #1489251_ Hi, i've found a XSS Vulnerability inside the "identity" configuration page. Into the "Sign" textarea, enabling HTML Sign, i've click on "HTML" button on the editor and i've write this HTML code: test<b onmouseover="alert(document.cookie)">asd</b> once you save it, when you move your mouse on the word "asd", the JavaScript "alert(document.cookie)" will be executed by the client. Every time you visit the "identity configuration page" the XSS is active. hope this can help, thank you. ## Andrea Menin [email protected] _Keywords: XSS_ _Migrated-From: http://trac.roundcube.net/ticket/1489251_ ieee_logicData control_flow
#4333 writing of german translation of word 'about' is not correct _Reported by jed on 9 Sep 2013 07:09 UTC as Trac ticket #1489325_ I've found a small error in the german translation of the word 'about' in /plugins/help/localization/de_DE.inc. The translator has used the HTML code for a german umlaut which is not displayed properly (raw text is shown). This should be changed to the relevant UTF-8 character. original text: 'about' current writing: '&Uuml;ber' correct writing: 'ber' _Migrated-From: http://trac.roundcube.net/ticket/1489325_ ieee_interface structural
#4403 wrong HTML syntax not washed correctly _Reported by svenhartge on 27 Nov 2013 11:47 UTC as Trac ticket #1489446_ I noticed the following mis-render/incorrect washing with defective HTML code in mails. Note the incorrect " href" at the closing part of the hyperlink: ``` Click <a href="https://server/start">here</a href>. ``` This is rendered as: Click __here__href>. The "here"-part is a correct link and the "href>" comes from the rest of the </a href>. While this HTML syntax is obviously wrong, all other mail programs I tested (Thunderbird, Outlook, Squirrelmail) just ignore the additional content of the closing tag and just render the text as "Click here." I also tested the current git-version of rcube_wash.php, the display problem stays the same. _Keywords: wash html error_ _Migrated-From: http://trac.roundcube.net/ticket/1489446_ ieee_logicData control_flow
#4251 Links not correctly parsed _Reported by ddeimeke on 21 Jun 2013 03:45 UTC as Trac ticket #1489192_ Example: The URL http://www.deimeke.net/dirk/blog/index.php?/archives/3260-Prism-....html is parsed as [http:_www.deimeke.net/dirk/blog/index.php?/archives/3260-Prism-](http:_www.deimeke.net/dirk/blog/index.php?/archives/3260-Prism-)....html If you klick the link, it does not work. _Migrated-From: http://trac.roundcube.net/ticket/1489192_ ieee_logicData control_flow
#4408 Issues in filetype detection tests _Reported by @alecpl on 30 Nov 2013 09:30 UTC as Trac ticket #1489453_ 1. check_mime_extensions() on my system (Ubuntu 12.04 LTS) returns error for image/bmp type. I confirm, it's not defined in mime.types file. Other mimetype extensions are correctly detected. 2. check_mime_detection() returns error for login.html file, which is detected as plain/text on my system. Other checks work. I've found that testing mail.html template returns correct text/html type. A solution would be to modify the tests or print better message for the user if only some of the tests fail. _Migrated-From: http://trac.roundcube.net/ticket/1489453_ ieee_otherBuildConfigInstall non_functional
#4104 Bugs in LDAP address book (Active Directory). _Reported by wisekaa03 on 14 Feb 2013 09:28 UTC as Trac ticket #1488959_ Bugs in LDAP address book (Active Directory). Some people in address book produces "SERVICE CURRENTLY NOT AVAILABLE! Error No. [went in /program/steps/addressbook/func.inc and found that it is func.inc:rcmail_get_cids. ``` // create per-source contact IDs array foreach ($cid as $id) { // get source from decoded ID /* if ($sep = strrpos($id, '-')) { $contact_id = substr($id, 0, $sep); $source_id = substr($id, $sep+1); if (strlen($source_id)) { $result[(string)$source_id](700]". ``` I)[= $contact_id; } } else { _/ $result[$source](])[] = $id; /_ } */ } This help me, but I know that it is wrong :) _Migrated-From: http://trac.roundcube.net/ticket/1488959_ ieee_logicData control_flow
#4316 HTML sanitisation loses content? _Reported by dpc22 on 27 Aug 2013 13:19 UTC as Trac ticket #1489302_ The attached .eml file is an anonymized version of an actual email that one of my users received a few weeks back. The HTML is an utter mess, but our old Webmail system (a homegrown application I had written in C, which uses libtidy to clean up HTML) correctly displays this as: ``` Hi David Text. First Paragraph. Second Paragraph Third paragraph Kind Regards Direct Dial: Number ``` Roundcube 0.9.3 loses everything after "Second Paragraph": this doesn't even appear in the HTML output. I suspect that the Roundcube maintainers will view this as a case of Garbage In, Garbage Out, but I though that I ought to at least report it as a potential issue with the HTML sanitisation. _Migrated-From: http://trac.roundcube.net/ticket/1489302_ ieee_interface structural
#4272 Signature not updated upon editing a draft and changing identity _Reported by myfreexp on 6 Jul 2013 12:11 UTC as Trac ticket #1489229_ This great feature that the signature gets updated when an identity is being changed during composing, does not work when a draft message is being edited and the identity is changed. "From:","Reply-To:","Bcc:" etc. get updated, but just not the signature. Any chance to get that fixed? _Keywords: Identity signature update edit draft_ _Migrated-From: http://trac.roundcube.net/ticket/1489229_ ieee_logicData control_flow
#4422 wrong rule in .htaccess: deny access to all files not containing a "." _Reported by jeanm on 12 Dec 2013 10:15 UTC as Trac ticket #1489477_ ``` <FilesMatch "^[rule deny access for www.domain.com/roundcube without slash Solution: ``` <FilesMatch "^[\.](^\.]+$"> ``` This)+$"> ``` _Migrated-From: http://trac.roundcube.net/ticket/1489477_ ieee_logicData control_flow
#4351 RoundCube does not parse mailto URL arguments. _Reported by kaz on 30 Sep 2013 19:25 UTC as Trac ticket #1489363_ A mailto URL can be "rich" in the sense that it can capture an entire e-mail message with a subject, and quoted body. When an e-mail client processes such a mailto link, it allows you to compose a reply. The mailing list archiver Lurker generates such mailto links, which allow you to reply to archived list messages. This feature works properly with, for instance, Outlook, but not with Roundcube. Here is an example archive message you can reply to (using the pencil-on-clipboard icon on the far right): http://terpstra.ca/lurker/message/20130913.183714.16d7c31f.en.html I'm attaching a screenshot of what it looks like when you handle the mailto through Outlook, which represents "expected behavior". _Migrated-From: http://trac.roundcube.net/ticket/1489363_ ieee_logicData control_flow
#4241 Installer-created config files omit ?> closing tag _Reported by cepheid on 18 Jun 2013 00:31 UTC as Trac ticket #1489179_ On Step 2 of the installer, which says the "copy or download the following configurations ... " the installer provides two PHP files for the user to use. Both of these files OMIT the closing ?> PHP tag. While this is commonly-accepted practice these days (it prevents errors due to whitespace, etc.), this is also in direct contradiction to the warning that the installer provides: "Make sure that there are no characters outside the <?php ?> brackets" ... The installer should either remove this warning, since it's just confusing and there is no closing tag, or the closing tag should be provided. Otherwise, it's rather confusing to people who have some PHP knowledge but are not familiar with the ability (and often preference) of omitting the closing tag. _Migrated-From: http://trac.roundcube.net/ticket/1489179_ ieee_otherBuildConfigInstall non_functional
#4330 Update script assumes scripts can be executed (execute access) _Reported by daggett on 6 Sep 2013 08:52 UTC as Trac ticket #1489322_ Hi My provider has banned direct execution of scripts in the RCM's installation directory. So when I try to execute the update script "intallto.sh /my/rcm/directory" it fails at the end saying : -su: bin/update.sh: permission denied The script itself can not be executed, I must execute the interpreter that will execute the script. So I had to add the interpreter's name "php " to line 74 : system("cd $target_dir && php bin/update.sh --version=$oldversion"); Then I had to add the same interpreter's name "php " to /my/rcm/directory/bin/update.sh on lines 149 and 157 : 149: system("php " . INSTALL_PATH . "bin/updatedb.sh --package=roundcube --version=" . $opts['version'] 157: system("php " . INSTALL_PATH . 'bin/indexcontacts.sh'); I think this should work on every systems, even the ones with execution restrictions. Bye for now, Daggett _Migrated-From: http://trac.roundcube.net/ticket/1489322_ ieee_otherBuildConfigInstall non_functional
#4502 PLAIN authentication not working _Reported by pacodille on 29 Mar 2014 17:24 UTC as Trac ticket #1489746_ Hello, I was installing roundcube (v0.9.5) against a courier-imap server and the IMAP test did not work . config: ``` $rcmail_config[= 'ssl://mydomain.fr'; $rcmail_config['default_port']('default_host']) = 993; $rcmail_config[= 'PLAIN'; ``` IMAP server logs: ``` Mar 29 17:47:24 idefix imapd-ssl: Connection, ip=[::ffff:94.23.198.70]('imap_auth_type']) Mar 29 17:47:24 idefix imapd-ssl: LOGIN FAILED, method=CRAM-MD5, ip=[29 17:47:29 idefix imapd-ssl: Disconnected, ip=[::ffff:94.23.198.70](::ffff:94.23.198.70] Mar), time=5, starttls=1 ``` context: SMTP test with pretty much the same configuration worked. When I do a grep on roundcub home folder, the only occurences of imap_auth_type are the configuration files. I therefore deduce that this configuration parameter is nor used. When I hardcode PLAIN authentication in program/lib/Roundcube/rcube_imap_generic.php it works: ``` ... function authenticate($user, $pass, $type='PLAIN') { $type='PLAIN'; if ($type == 'CRAM-MD5' || $type == 'DIGEST-MD5') { ... ``` I never contributed to the project so I might be wrong. If not, I'll be happy to help correct this. Cheers, Cyrille _Keywords: imap ssl plain connection_ _Migrated-From: http://trac.roundcube.net/ticket/1489746_ ieee_otherBuildConfigInstall non_functional
#4153 Handling of invalid characters in HTML output (html::quote()) _Reported by @alecpl on 3 Apr 2013 07:41 UTC as Trac ticket #1489032_ When argument of html::quote() contains invalid (non-utf-8) characters the method returns empty string. This may happen for headers of a message with wrong/none charset specified. this is how htmlspecialchars() function works by default. We've got a few possibilities: - Use ENT_SUBSTITUTE option when PHP 5.4 is detected. - Use rcube_charset::clean(). The second option looks expensive if we use it for every html::quote() input. However, we could use it only for message headers. _Migrated-From: http://trac.roundcube.net/ticket/1489032_ ieee_logicData control_flow
#4214 French translation for activate/deactivate filter inverted _Reported by lechieux on 24 May 2013 13:29 UTC as Trac ticket #1489124_ In managesieve plugin, when you activate/deactivate a filter, we can read a bad translantion ("filter activated" when you deactivate a filter,"filter deactivated" when you activate one). Easy patch: File: plugins/managesieve/localization/fr_FR.inc ```div style="font-size: 80%" (Line 168) ``` python $messages[= 'Filtre(s) desactiv(s) avec succs'; $messages['deactivated']('activated']) = 'Filtre(s) activ(s) avec succs'; ``` `````` ```div style="font-size: 80%" Here is the good translation :) ```python $messages[= 'Filtre(s) activ(s) avec succs'; $messages['deactivated']('activated']) = 'Filtre(s) desactiv(s) avec succs'; `````` `````` Bug also exist in 0.8.2 (and most probably between 0.8.2 and 0.9.1). I didn't check in older versions. File: plugins/managesieve/localization/fr_FR.inc ```div style="font-size: 80%" (Line 142) ```python $labels[= 'Filtre(s) desactiv(s) avec succs'; $labels['deactivated']('activated']) = 'Filtre(s) activ(s) avec succs'; `````` `````` ```div style="font-size: 80%" Here is the good translation :) ```python $labels[= 'Filtre(s) activ(s) avec succs'; $labels['deactivated']('activated']) = 'Filtre(s) desactiv(s) avec succs'; `````` ``` _Keywords: plugin managesieve localisation french fr filter activated deactivated_ _Migrated-From: http://trac.roundcube.net/ticket/1489124_ ``` ieee_interface structural
#4357 HTML/Text toggle not available with multipart/alternative inside multipart/signed _Reported by myfreexp on 13 Oct 2013 15:41 UTC as Trac ticket #1489372_ The HTML/Text toggle is not available if a multipart/alternative message is embedded in a multipart/signed message. Sample attached. _Migrated-From: http://trac.roundcube.net/ticket/1489372_ ieee_logicData control_flow
#4078 Your session is invalid or expired on login (MSSQL) _Reported by vlastaw on 21 Jan 2013 08:39 UTC as Trac ticket #1488918_ No users are able to log in. Login attempt causes log in page to reload and display "Your session is invalid or expired." error. Error log: ``` [02:30:49 +0100](21-Jan-2013): DB Error: [[Microsoft](242])[Server Native Client 11.0](SQL)[Server](SQL)Pevod datovho typu varchar na datov typ datetime vrtil hodnotu mimo rozsah. in D:\www\_roundcube\program\lib\Roundcube\rcube_db.php on line 415 (POST /?_task=login&_action=login) [02:30:49 +0100](21-Jan-2013): DB Error: [[Microsoft](242])[Server Native Client 11.0](SQL)[Server](SQL)Pevod datovho typu varchar na datov typ datetime vrtil hodnotu mimo rozsah. in D:\www\_roundcube\program\lib\Roundcube\rcube_db.php on line 415 (GET /?_task=mail) ``` Pevod datovho typu varchar na datov typ datetime vrtil hodnotu mimo rozsah = Conversion of varchar datatype to datetime datatype was out of range. SQL log: ``` [09:24:16 +0100](21-Jan-2013): [SELECT vars, ip, changed FROM session WHERE sess_id = 'sgmst8a4ukdfteopnib4lgo2f0'; [21-Jan-2013 09:24:16 +0100](1]): [INSERT INTO session (sess_id, vars, ip, created, changed) VALUES ('sgmst8a4ukdfteopnib4lgo2f0', 'dGVtcHxiOjE7bGFuZ3VhZ2V8czo1OiJlbl9VUyI7dGFza3xzOjU6ImxvZ2luIjs=', 'IP', '2013-01-21 09:24:16', '2013-01-21 09:24:16'); [21-Jan-2013 09:24:28 +0100](2]): [SELECT vars, ip, changed FROM session WHERE sess_id = 'sgmst8a4ukdfteopnib4lgo2f0'; [21-Jan-2013 09:24:28 +0100](1]): [DELETE FROM session WHERE sess_id = 'sgmst8a4ukdfteopnib4lgo2f0'; [21-Jan-2013 09:24:28 +0100](2]): [SELECT * FROM users WHERE mail_host = 'host' AND username = 'vlasta@host'; [21-Jan-2013 09:24:29 +0100](3]): [UPDATE users SET last_login = getdate() WHERE user_id = '2'; [21-Jan-2013 09:24:29 +0100](4]): [INSERT INTO session (sess_id, vars, ip, created, changed) VALUES ('08iglgvg6dbvf0n72hr5q6h196', 'bGFuZ3VhZ2V8czo1OiJlbl9VUyI7c2tpbnxzOjU6ImxhcnJ5IjtpbWFwX25hbWVzcGFjZXxhOjQ6e3M6ODoicGVyc29uYWwiO2E6MTp7aTowO2E6Mjp7aTowO3M6MDoiIjtpOjE7czoxOiIuIjt9fXM6NToib3RoZXIiO047czo2OiJzaGFyZWQiO2E6MTp7aTowO2E6Mjp7aTowO3M6NzoiI1B1YmxpYyI7aToxO3M6MToiLiI7fX1zOjY6InByZWZpeCI7czowOiIiO31pbWFwX2RlbGltaXRlcnxzOjE6Ii4iO3VzZXJfaWR8czoxOiIyIjt1c2VybmFtZXxzOjE4OiJ2bGFzdGFAamFvc29ibmUuY3oiO3N0b3JhZ2VfaG9zdHxzOjExOiJqYW9zb2JuZS5jeiI7c3RvcmFnZV9wb3J0fGk6MTQzO3N0b3JhZ2Vfc3NsfE47cGFzc3dvcmR8czozMjoiOFpmUW1vTG1oanZiWitTWWhCNkh6aW4vWWdWeFRhamQiO2xvZ2luX3RpbWV8aToxMzU4NzU2NjY5O3RpbWV6b25lfHM6MTM6IkV1cm9wZS9CZXJsaW4iOw==', 'IP', '2013-01-21 09:24:29', '2013-01-21 09:24:29'); [21-Jan-2013 09:24:29 +0100](5]): [SELECT vars, ip, changed FROM session WHERE sess_id = '08iglgvg6dbvf0n72hr5q6h196'; [21-Jan-2013 09:24:29 +0100](1]): [2] INSERT INTO session (sess_id, vars, ip, created, changed) VALUES ('08iglgvg6dbvf0n72hr5q6h196', 'dGVtcHxiOjE7bGFuZ3VhZ2V8czo1OiJlbl9VUyI7dGFza3xzOjU6ImxvZ2luIjs=', 'IP', '2013-01-21 09:24:29', '2013-01-21 09:24:29'); ``` Config: Windows Server 2012 / IIS 8 (PHP 5.4.11) + MS SQL 2012 (php_pdo_sqlsrv) _Migrated-From: http://trac.roundcube.net/ticket/1488918_ ieee_interface structural
#4438 Updating Syntax Error _Reported by snalye on 15 Jan 2014 20:37 UTC as Trac ticket #1489514_ Hello. I am trying to update my webmail to 1.0. When I try to use the installer, it says, Parse error: syntax error, unexpected ':' in /home1/vpabooke/public_html/mail_beta/program/lib/Roundcube/html.php on line 883. How do I fix that? _Migrated-From: http://trac.roundcube.net/ticket/1489514_ ieee_syntax control_flow
#4170 Can't import contact csv from thunderbird 17.0.5 _Reported by bagu on 21 Apr 2013 17:40 UTC as Trac ticket #1489059_ When trying to import contact in csv format, nothing happen. No error message, just nothing. _Migrated-From: http://trac.roundcube.net/ticket/1489059_ ieee_interface structural
#4381 Don't alter Message-ID of a draft when sending _Reported by falstaff on 2 Nov 2013 20:15 UTC as Trac ticket #1489409_ Roundcube should not generate a new Message-ID if not necessary. As RFC 2822 states: ``` ... In all cases, it is the meaning that the sender of the message wishes to convey (i.e., whether this is the same message or a different message) that determines whether or not the "Message-ID:" field changes, not any particular syntactic difference that appears (or does not appear) in the message. ``` While the RFC mainly speaks about changes in the header by the transport system, its still stated that the Message-ID should not be altered if its the same message for the user. Here is my usecase: I use Roundcube to send patches using git and imap: ``` git format-patch --signoff --stdout --thread origin/master | git imap-send ``` This generates several messages in my draft folder, of which the first message is a cover letter. The following messages are a reply to this first message and represent the patches. The Message-ID's and the proper In-Reply-To/References fields are generated by git. The goal is that the recipient(s) see(s) this messages as a single thread. However, because Roundcube alters the Message-ID on send, the patches following the cover letter don't reference the correct message anymore (In-Reply-To/References field). _Keywords: Message-ID_ _Migrated-From: http://trac.roundcube.net/ticket/1489409_ ieee_logicData control_flow
#4356 Two possible minor bugs in rcube_mime::wordwrap() _Reported by encomiast on 11 Oct 2013 22:16 UTC as Trac ticket #1489371_ Hi there, As far as I can tell, there may be two glitches in rcube_mime::wordwrap(). 1st: A message consisting of only one very long line (i.e. with no linebreaks) will not be wrapped at all if there are no blank spaces before the $width limit, but only behind it. E.g.: > this-is-just-some-blabla-to-make-this-more-than-seventy-five-characters-in-a-row -- this message has no line breaks and will not be wrapped. [[BR]] 2nd: https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube_mime.php#L640 The result from mb_substr() is compared to false, but contrary to substr(), mb_substr() never returns false. Because of this, a trailing whitespace or linebreak at the end of the last line might get dropped inadvertently. Cheers, Florian _Migrated-From: http://trac.roundcube.net/ticket/1489371_ ieee_logicData control_flow
#4271 Could not load message from server Error after upgrading to 0.9.2 _Reported by kmpanilla on 5 Jul 2013 14:53 UTC as Trac ticket #1489228_ I'm having an issue viewing some messages with .html attachments all from the same sender. This was working in 0.8.4. When pulling up the messages in 0.9.2 I get the "Could not load message from server." error. Nothing useful in the error log, although I did get a imap debug and attach the "good" from 0.8.4 and the "bad" from 0.9.2. _Migrated-From: http://trac.roundcube.net/ticket/1489228_ ieee_logicData control_flow
#4226 PDO::quote() bugs on postgres/sqlite/mssql _Reported by @alecpl on 2 Jun 2013 09:44 UTC as Trac ticket #1489142_ https://bugs.php.net/bug.php?id=63419 https://bugs.php.net/bug.php?id=44433 Which makes Roundcube caching not working, because serialized strings are truncated on null characters. Null characters are used by PHP to serialize objects inside objects. _Migrated-From: http://trac.roundcube.net/ticket/1489142_ ieee_interface structural
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment