[Svn] r4562 - in trunk/plugins/managesieve: . lib/Net

trac at roundcube.net trac at roundcube.net
Fri Feb 18 12:00:48 CET 2011


Author: alec
Date: 2011-02-18 05:00:48 -0600 (Fri, 18 Feb 2011)
New Revision: 4562

Modified:
   trunk/plugins/managesieve/Changelog
   trunk/plugins/managesieve/lib/Net/Sieve.php
Log:
- Fix handling of non-safe characters (double-quote, backslash)                                                                                
  or UTF-8 characters (dovecot's implementation bug workaround)                                                                                
  in script names


Modified: trunk/plugins/managesieve/Changelog
===================================================================
--- trunk/plugins/managesieve/Changelog	2011-02-18 09:54:19 UTC (rev 4561)
+++ trunk/plugins/managesieve/Changelog	2011-02-18 11:00:48 UTC (rev 4562)
@@ -1,5 +1,8 @@
 - Fix fileinto target is always INBOX (#1487776)
 - Fix escaping of backslash character in quoted strings (#1487780)
+- Fix handling of non-safe characters (double-quote, backslash)
+  or UTF-8 characters (dovecot's implementation bug workaround)
+  in script names
 
 * version 4.0 [2011-02-10]
 -----------------------------------------------------------

Modified: trunk/plugins/managesieve/lib/Net/Sieve.php
===================================================================
--- trunk/plugins/managesieve/lib/Net/Sieve.php	2011-02-18 09:54:19 UTC (rev 4561)
+++ trunk/plugins/managesieve/lib/Net/Sieve.php	2011-02-18 11:00:48 UTC (rev 4562)
@@ -475,7 +475,9 @@
         if (NET_SIEVE_STATE_TRANSACTION != $this->_state) {
             return PEAR::raiseError('Not currently in TRANSACTION state', 1);
         }
-        if (PEAR::isError($res = $this->_doCmd(sprintf('HAVESPACE "%s" %d', $scriptname, $size)))) {
+
+        $command = sprintf('HAVESPACE %s %d', $this->_escape($scriptname), $size);
+        if (PEAR::isError($res = $this->_doCmd($command))) {
             return $res;
         }
         return true;
@@ -740,7 +742,9 @@
         if (NET_SIEVE_STATE_TRANSACTION != $this->_state) {
             return PEAR::raiseError('Not currently in AUTHORISATION state', 1);
         }
-        if (PEAR::isError($res = $this->_doCmd(sprintf('DELETESCRIPT "%s"', $scriptname)))) {
+
+        $command = sprintf('DELETESCRIPT %s', $this->_escape($scriptname));
+        if (PEAR::isError($res = $this->_doCmd($command))) {
             return $res;
         }
         return true;
@@ -759,7 +763,8 @@
             return PEAR::raiseError('Not currently in AUTHORISATION state', 1);
         }
 
-        if (PEAR::isError($res = $this->_doCmd(sprintf('GETSCRIPT "%s"', $scriptname)))) {
+        $command = sprintf('GETSCRIPT %s', $this->_escape($scriptname));
+        if (PEAR::isError($res = $this->_doCmd($command))) {
             return $res;
         }
 
@@ -779,9 +784,12 @@
         if (NET_SIEVE_STATE_TRANSACTION != $this->_state) {
             return PEAR::raiseError('Not currently in AUTHORISATION state', 1);
         }
-        if (PEAR::isError($res = $this->_doCmd(sprintf('SETACTIVE "%s"', $scriptname)))) {
+
+        $command = sprintf('SETACTIVE "%s"', $this->_escape($scriptname));
+        if (PEAR::isError($res = $this->_doCmd($command))) {
             return $res;
         }
+
         $this->_activeScript = $scriptname;
         return true;
     }
@@ -808,9 +816,10 @@
         $res = explode("\r\n", $res);
         foreach ($res as $value) {
             if (preg_match('/^"(.*)"( ACTIVE)?$/i', $value, $matches)) {
-                $scripts[] = $matches[1];
+                $script_name = stripslashes($matches[1]);
+                $scripts[] = $script_name;
                 if (!empty($matches[2])) {
-                    $activescript = $matches[1];
+                    $activescript = $script_name;
                 }
             }
         }
@@ -833,8 +842,10 @@
         }
 
         $stringLength = $this->_getLineLength($scriptdata);
+        $command      = sprintf("PUTSCRIPT %s {%d+}\r\n%s",
+            $this->_escape($scriptname), $stringLength, $scriptdata);
 
-        if (PEAR::isError($res = $this->_doCmd(sprintf("PUTSCRIPT \"%s\" {%d+}\r\n%s", $scriptname, $stringLength, $scriptdata)))) {
+        if (PEAR::isError($res = $this->_doCmd($command))) {
             return $res;
         }
 
@@ -1213,6 +1224,24 @@
     }
 
     /**
+     * Convert string into RFC's quoted-string or literal-c2s form
+     *
+     * @param string $string The string to convert.
+     *
+     * @return string Result string
+     */
+    function _escape($string)
+    {
+        // Some implementations doesn't allow UTF-8 characters in quoted-string
+        // It's safe to use literal-c2s
+        if (preg_match('/[^\x01-\x09\x0B-\x0C\x0E-\x7F]/', $string)) {
+            return sprintf("{%d+}\r\n%s", $this->_getLineLength($string), $string);
+        }
+
+        return '"' . addcslashes($string, '\\"') . '"';
+    }
+
+    /**
      * Write debug text to the current debug output handler.
      *
      * @param string $message Debug message text.

_______________________________________________
http://lists.roundcube.net/mailman/listinfo/svn



More information about the Svn mailing list