X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=class%2Fdeliver%2FDeliver.class.php;h=9a9bce0596f9d6bde60f83d514851576dace36ac;hb=593d083d62db29ea010204fbadaf0a35de3f8889;hp=60ba79658820e9a97da892984487c352ed6f7c08;hpb=741d74d391f7d8130f7f7e2bd8de6b02654d7ec6;p=squirrelmail.git diff --git a/class/deliver/Deliver.class.php b/class/deliver/Deliver.class.php index 60ba7965..9a9bce05 100644 --- a/class/deliver/Deliver.class.php +++ b/class/deliver/Deliver.class.php @@ -76,8 +76,17 @@ class Deliver { if ($boundary && $message->entity_id && count($message->entities)) { if (strpos($boundary,'_part_')) { $boundary = substr($boundary,0,strpos($boundary,'_part_')); + + // the next four lines use strrev to reverse any nested boundaries + // because RFC 2046 (5.1.1) says that if a line starts with the outer + // boundary string (doesn't matter what the line ends with), that + // can be considered a match for the outer boundary; thus the nested + // boundary needs to be unique from the outer one + // + } else if (strpos($boundary,'_trap_')) { + $boundary = substr(strrev($boundary),0,strpos(strrev($boundary),'_part_')); } - $boundary_new = $boundary . '_part_'.$message->entity_id; + $boundary_new = strrev($boundary . '_part_'.$message->entity_id); } else { $boundary_new = $boundary; } @@ -133,6 +142,8 @@ class Deliver { case 'message': if ($message->body_part) { $body_part = $message->body_part; + // remove NUL characters + $body_part = str_replace("\0",'',$body_part); $length += $this->clean_crlf($body_part); if ($stream) { $this->preWriteToStream($body_part); @@ -290,7 +301,7 @@ class Deliver { $contenttype = 'Content-Type: '. $mime_header->type0 .'/'. $mime_header->type1; if (count($message->entities)) { - $contenttype .= ";\r\n " . 'boundary="'.$boundary.'"'; + $contenttype .= ';' . 'boundary="'.$boundary.'"'; } if (isset($mime_header->parameters['name'])) { $contenttype .= '; name="'.