Attachment #184070 for bug #219801




# $FreeBSD$

PORTNAME=	squirrelmail
PORTVERSION=	20170705
CATEGORIES=	mail www
MASTER_SITES=	http://snapshots.squirrelmail.org/ \
	http://freebsd.uzsolt.hu/src/
DISTNAME=	${PORTNAME}-${PORTVERSION}_0200-SVN.stable
DIST_SUBDIR=	${PORTNAME}

MAINTAINER=	uzsolt@uzsolt.hu
COMMENT=	Webmail system which accesses mail over IMAP

LICENSE=	GPLv2+

Lines 1-3 Link Here

(-)distinfo (-3 / +3 lines)
1	TIMESTAMP = 1477843339	1	TIMESTAMP = 1499253804
2	SHA256 (squirrelmail/squirrelmail-20161030_0200-SVN.stable.tar.bz2) = 5a187955b048e557276b73c74bc38dfa78e2f63e4d3273163ef1e5283f2874e6	2	SHA256 (squirrelmail/squirrelmail-20170705_0200-SVN.stable.tar.bz2) = 53ff6540eb46f737bb631f6d5e0fb80c19b42ab33b1e28a38b4bc469e26a63a8
3	SIZE (squirrelmail/squirrelmail-20161030_0200-SVN.stable.tar.bz2) = 560672	3	SIZE (squirrelmail/squirrelmail-20170705_0200-SVN.stable.tar.bz2) = 563043




--- functions/i18n.php.orig	2017-07-05 11:28:23 UTC
+++ functions/i18n.php
@@ -159,15 +159,17 @@ function sq_setlocale($category,$locale)
             $useragent = func_get_arg(2);
             if (strstr($useragent, 'Windows') !== false ||
                 strstr($useragent, 'Mac_') !== false) {
-                $ret = mb_convert_encoding($ret, 'SJIS', 'AUTO');
+                $ret = mb_convert_encoding($ret, 'UTF-8', 'AUTO');
+
             } else {
                 $ret = mb_convert_encoding($ret, 'EUC-JP', 'AUTO');
 }
 
 /**
- * Converts string from given charset to charset, that can be displayed by user translation.
+ * Converts a string from the given $charset to a character set that
+ * can be displayed by the current user interface language (translation)
  *
- * Function by default returns html encoded strings, if translation uses different encoding.
+ * Function by default returns html encoded strings if translation uses
+ * different encoding.
  * If Japanese translation is used - function returns string converted to euc-jp
  * If $charset is not supported - function returns unconverted string.
  *
  * sanitizing of html tags is also done by this function.
  *
- * @param string $charset
+ * @param string $charset The charset of the incoming string
  * @param string $string Text to be decoded
  * @param boolean $force_decode converts string to html without $charset!=$default_charset check.
  * Argument is available since 1.4.5 and 1.5.1.
@@ -184,7 +186,7 @@ function charset_decode ($charset, $stri
     }
 
     /* All HTML special characters are 7 bit and can be replaced first */
-    if (! $save_html) $string = sm_encode_html_special_chars ($string);
+    if (! $save_html) $string = sm_encode_html_special_chars($string, ENT_COMPAT, $charset);
     $charset = strtolower($charset);
 
     set_my_charset();




--- functions/strings.php.orig	2017-01-27 20:31:33 UTC
+++ functions/strings.php
@@ -1489,7 +1489,13 @@ function sm_validate_security_token($tok
   *                   (See http://php.net/manual/function.htmlspecialchars.php )
   *                   (OPTIONAL; default ENT_COMPAT, ENT_COMPAT | ENT_SUBSTITUTE for PHP >=5.4)
   * @param string $encoding The character encoding to use in the conversion
-  *                         (OPTIONAL; default automatic detection)
+  *                         (if not one of the character sets supported
+  *                         by PHP's htmlspecialchars(), then $encoding
+  *                         will be ignored and iso-8859-1 will be used,
+  *                         unless a default has been specified in
+  *                         $default_htmlspecialchars_encoding in
+  *                         config_local.php) (OPTIONAL; default automatic
+  *                         detection)
   * @param boolean $double_encode Whether or not to convert entities that are
   *                               already in the string (only supported in
   *                               PHP 5.2.3+) (OPTIONAL; default TRUE)
@@ -1500,6 +1506,31 @@ function sm_validate_security_token($tok
 function sm_encode_html_special_chars($string, $flags=ENT_COMPAT,
                                       $encoding=NULL, $double_encode=TRUE)
 {
+
+   // charsets supported by PHP's htmlspecialchars
+   // (move this elsewhere if needed)
+   //
+   static $htmlspecialchars_charsets = array(
+      'iso-8859-1', 'iso8859-1',
+      'iso-8859-5', 'iso8859-5',
+      'iso-8859-15', 'iso8859-15',
+      'utf-8',
+      'cp866', 'ibm866', '866',
+      'cp1251', 'windows-1251', 'win-1251', '1251',
+      'cp1252', 'windows-1252', '1252',
+      'koi8-R', 'koi8-ru', 'koi8r',
+      'big5', '950',
+      'gb2312', '936',
+      'big5-hkscs',
+      'shift_jis', 'sjis', 'sjis-win', 'cp932', '932',
+      'euc-jp', 'eucjp', 'eucjp-win',
+      'macroman',
+   );
+
+
+   // if not given, set encoding to the charset being
+   // used by the current user interface language
+   //
    if (!$encoding)
    {
       global $default_charset;
@@ -1508,6 +1539,21 @@ function sm_encode_html_special_chars($s
       $encoding = $default_charset;
    }
 
+
+   // make sure htmlspecialchars() supports the needed encoding
+   //
+   if (!in_array(strtolower($encoding), $htmlspecialchars_charsets))
+   {
+      // use default from configuration if provided or hard-coded fallback
+      //
+      global $default_htmlspecialchars_encoding;
+      if (!empty($default_htmlspecialchars_encoding))
+         $encoding = $default_htmlspecialchars_encoding;
+      else
+         $encoding = 'iso-8859-1';
+   }
+
+
    if (check_php_version(5, 2, 3)) {
       // Replace invalid characters with a symbol instead of returning
       // empty string for the entire to be encoded string.

Lines 235-240 Link Here

(-)pkg-plist (+1 lines)
235	%%SQUIRRELDIR%%/plugins/squirrelspell/js/init.js	235	%%SQUIRRELDIR%%/plugins/squirrelspell/js/init.js
236	%%SQUIRRELDIR%%/plugins/squirrelspell/modules/.htaccess	236	%%SQUIRRELDIR%%/plugins/squirrelspell/modules/.htaccess
237	%%SQUIRRELDIR%%/plugins/squirrelspell/modules/WHATISTHIS	237	%%SQUIRRELDIR%%/plugins/squirrelspell/modules/WHATISTHIS
		238	%%SQUIRRELDIR%%/plugins/squirrelspell/modules/change_main_options.mod
238	%%SQUIRRELDIR%%/plugins/squirrelspell/modules/check_me.mod	239	%%SQUIRRELDIR%%/plugins/squirrelspell/modules/check_me.mod
239	%%SQUIRRELDIR%%/plugins/squirrelspell/modules/crypto.mod	240	%%SQUIRRELDIR%%/plugins/squirrelspell/modules/crypto.mod
240	%%SQUIRRELDIR%%/plugins/squirrelspell/modules/crypto_badkey.mod	241	%%SQUIRRELDIR%%/plugins/squirrelspell/modules/crypto_badkey.mod

Return to bug 219801

Lines 2-14 Link Here

(-)Makefile (-3 / +4 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= squirrelmail	4	PORTNAME= squirrelmail
5	PORTVERSION= 20161030	5	PORTVERSION= 20170705
6	CATEGORIES= mail www	6	CATEGORIES= mail www
7	MASTER_SITES= LOCAL/adamw/squirrelmail	7	MASTER_SITES= http://snapshots.squirrelmail.org/ \
		8	http://freebsd.uzsolt.hu/src/
8	DISTNAME= ${PORTNAME}-${PORTVERSION}_0200-SVN.stable	9	DISTNAME= ${PORTNAME}-${PORTVERSION}_0200-SVN.stable
9	DIST_SUBDIR= ${PORTNAME}	10	DIST_SUBDIR= ${PORTNAME}
10		11
11	MAINTAINER= ports@FreeBSD.org	12	MAINTAINER= uzsolt@uzsolt.hu
12	COMMENT= Webmail system which accesses mail over IMAP	13	COMMENT= Webmail system which accesses mail over IMAP
13		14
14	LICENSE= GPLv2+	15	LICENSE= GPLv2+

Lines 1-12 Link Here

(-)files/patch-functions__i18n.php (-10 / +30 lines)
1	--- functions/i18n.php.orig 2015-01-03 03:56:32 UTC	1	--- functions/i18n.php.orig 2017-07-05 11:28:23 UTC
2	+++ functions/i18n.php	2	+++ functions/i18n.php
3	@@ -683,7 +683,8 @@ function japanese_charset_xtra() {	3	@@ -159,15 +159,17 @@ function sq_setlocale($category,$locale)
4	$useragent = func_get_arg(2);
5	if (strstr($useragent, 'Windows') !== false \|\|
6	strstr($useragent, 'Mac_') !== false) {
7	- $ret = mb_convert_encoding($ret, 'SJIS', 'AUTO');
8	+ $ret = mb_convert_encoding($ret, 'UTF-8', 'AUTO');
9	+
10	} else {
11	$ret = mb_convert_encoding($ret, 'EUC-JP', 'AUTO');
12	}	4	}
		5
		6	/**
		7	- * Converts string from given charset to charset, that can be displayed by user translation.
		8	+ * Converts a string from the given $charset to a character set that
		9	+ * can be displayed by the current user interface language (translation)
		10	*
		11	- * Function by default returns html encoded strings, if translation uses different encoding.
		12	+ * Function by default returns html encoded strings if translation uses
		13	+ * different encoding.
		14	* If Japanese translation is used - function returns string converted to euc-jp
		15	* If $charset is not supported - function returns unconverted string.
		16	*
		17	* sanitizing of html tags is also done by this function.
		18	*
		19	- * @param string $charset
		20	+ * @param string $charset The charset of the incoming string
		21	* @param string $string Text to be decoded
		22	* @param boolean $force_decode converts string to html without $charset!=$default_charset check.
		23	* Argument is available since 1.4.5 and 1.5.1.
		24	@@ -184,7 +186,7 @@ function charset_decode ($charset, $stri
		25	}
		26
		27	/* All HTML special characters are 7 bit and can be replaced first */
		28	- if (! $save_html) $string = sm_encode_html_special_chars ($string);
		29	+ if (! $save_html) $string = sm_encode_html_special_chars($string, ENT_COMPAT, $charset);
		30	$charset = strtolower($charset);
		31
		32	set_my_charset();

Line 0 Link Here

(-)files/patch-functions_strings.php (+71 lines)
		1	--- functions/strings.php.orig 2017-01-27 20:31:33 UTC
		2	+++ functions/strings.php
		3	@@ -1489,7 +1489,13 @@ function sm_validate_security_token($tok
		4	* (See http://php.net/manual/function.htmlspecialchars.php )
		5	* (OPTIONAL; default ENT_COMPAT, ENT_COMPAT \| ENT_SUBSTITUTE for PHP >=5.4)
		6	* @param string $encoding The character encoding to use in the conversion
		7	- * (OPTIONAL; default automatic detection)
		8	+ * (if not one of the character sets supported
		9	+ * by PHP's htmlspecialchars(), then $encoding
		10	+ * will be ignored and iso-8859-1 will be used,
		11	+ * unless a default has been specified in
		12	+ * $default_htmlspecialchars_encoding in
		13	+ * config_local.php) (OPTIONAL; default automatic
		14	+ * detection)
		15	* @param boolean $double_encode Whether or not to convert entities that are
		16	* already in the string (only supported in
		17	* PHP 5.2.3+) (OPTIONAL; default TRUE)
		18	@@ -1500,6 +1506,31 @@ function sm_validate_security_token($tok
		19	function sm_encode_html_special_chars($string, $flags=ENT_COMPAT,
		20	$encoding=NULL, $double_encode=TRUE)
		21	{
		22	+
		23	+ // charsets supported by PHP's htmlspecialchars
		24	+ // (move this elsewhere if needed)
		25	+ //
		26	+ static $htmlspecialchars_charsets = array(
		27	+ 'iso-8859-1', 'iso8859-1',
		28	+ 'iso-8859-5', 'iso8859-5',
		29	+ 'iso-8859-15', 'iso8859-15',
		30	+ 'utf-8',
		31	+ 'cp866', 'ibm866', '866',
		32	+ 'cp1251', 'windows-1251', 'win-1251', '1251',
		33	+ 'cp1252', 'windows-1252', '1252',
		34	+ 'koi8-R', 'koi8-ru', 'koi8r',
		35	+ 'big5', '950',
		36	+ 'gb2312', '936',
		37	+ 'big5-hkscs',
		38	+ 'shift_jis', 'sjis', 'sjis-win', 'cp932', '932',
		39	+ 'euc-jp', 'eucjp', 'eucjp-win',
		40	+ 'macroman',
		41	+ );
		42	+
		43	+
		44	+ // if not given, set encoding to the charset being
		45	+ // used by the current user interface language
		46	+ //
		47	if (!$encoding)
		48	{
		49	global $default_charset;
		50	@@ -1508,6 +1539,21 @@ function sm_encode_html_special_chars($s
		51	$encoding = $default_charset;
		52	}
		53
		54	+
		55	+ // make sure htmlspecialchars() supports the needed encoding
		56	+ //
		57	+ if (!in_array(strtolower($encoding), $htmlspecialchars_charsets))
		58	+ {
		59	+ // use default from configuration if provided or hard-coded fallback
		60	+ //
		61	+ global $default_htmlspecialchars_encoding;
		62	+ if (!empty($default_htmlspecialchars_encoding))
		63	+ $encoding = $default_htmlspecialchars_encoding;
		64	+ else
65	+ $encoding = 'iso-8859-1';
66	+ }
67	+
68	+
69	if (check_php_version(5, 2, 3)) {
70	// Replace invalid characters with a symbol instead of returning
71	// empty string for the entire to be encoded string.