I've been using Roundcube as my main web mail applicaition now for a few months. A couple of days ago I sent an email out to a list of recipients (about 20 friends), all in the BCC field, in order to prevent people from replying to everyone on the list. One reply I received was from someone asking why they could see everyone's email address in the BCC field.
I've just upgraded to the latest CVS version (about 10 minutes ago), and tested again. It seems that RoundCube is including the BCC header as a regular header in the email and thus it's being sent to everyone. Fortunately I was just using the BCC header to control replies and it didn't really matter that others could see each others info. But this has the potential to cause some serious problems. Imagine emailing your girlfriend explaining how she's not being rational, and bccing a buddy cause it's so funny, and then she see's you'd bcced him! Not going to be a fun time! lol.
My Config: Using PHP 4.3.10, on Apache 1.3. qmail is the smtp server, and RoundCube is configured to use smtp, not mail().
-- Dave
Try this.
David
Dave Wood a écrit :
I've been using Roundcube as my main web mail applicaition now for a few months. A couple of days ago I sent an email out to a list of recipients (about 20 friends), all in the BCC field, in order to prevent people from replying to everyone on the list. One reply I received was from someone asking why they could see everyone's email address in the BCC field.
I've just upgraded to the latest CVS version (about 10 minutes ago), and tested again. It seems that RoundCube is including the BCC header as a regular header in the email and thus it's being sent to everyone. Fortunately I was just using the BCC header to control replies and it didn't really matter that others could see each others info. But this has the potential to cause some serious problems.
Imagine emailing your girlfriend explaining how she's not being rational, and bccing a buddy cause it's so funny, and then she see's you'd bcced him! Not going to be a fun time! lol.My Config: Using PHP 4.3.10, on Apache 1.3. qmail is the smtp server, and RoundCube is configured to use smtp, not mail().
-- Dave
--- tmp/roundcubemail/program/steps/mail/sendmail.inc 2006-02-04 20:08:10.000000000 +0100 +++ roundcubemail/program/steps/mail/sendmail.inc 2006-02-05 12:24:20.000000000 +0100 @@ -204,8 +204,12 @@ if (strlen($headers['Bcc'])) $a_recipients[] = $headers['Bcc'];
- // generate message headers
- $header_str = $MAIL_MIME->txtHeaders($headers);
//Clean Bcc from header for recipients
$headers_for_recipients=$headers;
unset($headers_for_recipients['Bcc']);
// generate message headers for recipient
$header_str = $MAIL_MIME->txtHeaders($headers_for_recipients);
// send message $sent = smtp_mail($from, $a_recipients, $header_str, $msg_body);
@@ -229,6 +233,9 @@ $headers_enc = $MAIL_MIME->headers($headers); unset($headers_php['To'], $headers_php['Subject']);
- //Clean Bcc from header for recipients
- unset($headers_php['Bcc']);
- // reset stored headers and overwrite $MAIL_MIME->_headers = array(); $header_str = $MAIL_MIME->txtHeaders($headers_php);
An other problem related to bcc is that bcc are not displayed on sent folder, here are the patchs to display it.
dc.ml@oxys.net a écrit :
Try this.
David
Dave Wood a écrit :
I've been using Roundcube as my main web mail applicaition now for a few months. A couple of days ago I sent an email out to a list of recipients (about 20 friends), all in the BCC field, in order to prevent people from replying to everyone on the list. One reply I received was from someone asking why they could see everyone's email address in the BCC field.
I've just upgraded to the latest CVS version (about 10 minutes ago), and tested again. It seems that RoundCube is including the BCC header as a regular header in the email and thus it's being sent to everyone. Fortunately I was just using the BCC header to control replies and it didn't really matter that others could see each others info. But this has the potential to cause some serious problems.
Imagine emailing your girlfriend explaining how she's not being rational, and bccing a buddy cause it's so funny, and then she see's you'd bcced him! Not going to be a fun time! lol.My Config: Using PHP 4.3.10, on Apache 1.3. qmail is the smtp server, and RoundCube is configured to use smtp, not mail().
-- Dave
--- cvs/program/steps/mail/func.inc 2006-02-04 20:08:10.000000000 +0100 +++ roundcubemail/program/steps/mail/func.inc 2006-02-05 14:15:28.000000000 +0100 @@ -940,7 +940,7 @@ $out = '<table' . $attrib_str . ">\n";
// show these headers
- $standard_headers = array('subject', 'from', 'organization', 'to', 'cc', 'reply-to', 'date');
$standard_headers = array('subject', 'from', 'organization', 'to', 'cc', 'bcc', 'reply-to', 'date');
foreach ($standard_headers as $hkey) {
@@ -949,7 +949,7 @@
if ($hkey=='date' && !empty($headers[$hkey]))
$header_value = format_date(strtotime($headers[$hkey]));
- else if (in_array($hkey, array('from', 'to', 'cc', 'reply-to')))
- else if (in_array($hkey, array('from', 'to', 'cc', 'bcc', 'reply-to'))) $header_value = rep_specialchars_output(rcmail_address_string($IMAP->decode_header($headers[$hkey]), NULL, $attrib['addicon'])); else $header_value = rep_specialchars_output($IMAP->decode_header($headers[$hkey]), '', 'all');
--- cvs/program/lib/imap.inc 2006-01-20 18:58:55.000000000 +0100 +++ roundcubemail/program/lib/imap.inc 2006-02-05 14:12:42.000000000 +0100 @@ -1207,7 +1207,7 @@
/* FETCH date,from,subject headers */
$key="fh".($c++);
- $request=$key." FETCH $message_set (BODY.PEEK[HEADER.FIELDS (DATE FROM TO SUBJECT REPLY-TO IN-REPLY-TO CC CONTENT-TRANSFER-ENCODING CONTENT-TYPE MESSAGE-ID)])\r\n";
$request=$key." FETCH $message_set (BODY.PEEK[HEADER.FIELDS (DATE FROM TO SUBJECT REPLY-TO IN-REPLY-TO CC BCC CONTENT-TRANSFER-ENCODING CONTENT-TYPE MESSAGE-ID)])\r\n";
if (!fputs($fp, $request)) return false; do{
@@ -1258,6 +1258,7 @@ $result[$id]->subject = str_replace("\n", "", $headers["subject"]); $result[$id]->replyto = str_replace("\n", " ", $headers["reply-to"]); $result[$id]->cc = str_replace("\n", " ", $headers["cc"]);
$result[$id]->bcc = str_replace("\n", " ", $headers["bcc"]); $result[$id]->encoding = str_replace("\n", " ", $headers["content-transfer-encoding"]); $result[$id]->ctype = str_replace("\n", " ", $headers["content-type"]); $result[$id]->in_reply_to = ereg_replace("[\n<>]",'', $headers['in-reply-to']);
I cannot confirm this. Seems that the SMTP-server I'm using strips off the BCC headers.
I just applied your patches. Thanks!
Regards, Thomas
dc.ml@oxys.net wrote:
An other problem related to bcc is that bcc are not displayed on sent folder, here are the patchs to display it.
dc.ml@oxys.net a écrit :
Try this.
David
Dave Wood a écrit :
I've been using Roundcube as my main web mail applicaition now for a few months. A couple of days ago I sent an email out to a list of recipients (about 20 friends), all in the BCC field, in order to prevent people from replying to everyone on the list. One reply I received was from someone asking why they could see everyone's email address in the BCC field.
I've just upgraded to the latest CVS version (about 10 minutes ago), and tested again. It seems that RoundCube is including the BCC header as a regular header in the email and thus it's being sent to everyone. Fortunately I was just using the BCC header to control replies and it didn't really matter that others could see each others info. But this has the potential to cause some serious problems. Imagine emailing your girlfriend explaining how she's not being rational, and bccing a buddy cause it's so funny, and then she see's you'd bcced him! Not going to be a fun time! lol.
My Config: Using PHP 4.3.10, on Apache 1.3. qmail is the smtp server, and RoundCube is configured to use smtp, not mail().
-- Dave
-
Dave Wood -
dc.ml@oxys.net -
Thomas Bruederli