roundcube · jb4z · Jan 19, 2025 · Jan 19, 2025 · Jan 19, 2025 · Feb 16, 2025
diff --git a/config/config.inc.php.sample b/config/config.inc.php.sample
@@ -62,5 +62,24 @@ $config['plugins'] = [
     'zipdownload',
 ];
 
-// skin name: folder from skins/
+// Specify Roundcube's Default Skin, equal to the folder name beneath skins/
 $config['skin'] = 'elastic';
+
+// Optional config of the additional_message_headers plugin (Issue #9755; Feb 2025)
+// Uncomment to remove the X-Sender header from outgoing messages:
+// $config['additional_message_headers']['X-Sender'] = null;
+//
+// You can also specify a callback function like this, which would be called when
+// the user clicks the "Send" button, giving you access to the rcube object.
+// This example adds an X-RC-USR header with a base64-encoded JSON string.
+// Kindly take care not to expose personally identifiable information.
+// Do not use below example in production without adjustments and testing.
+// $config['additional_message_headers']['X-RC-USR'] = (function() {
+//                $d = json_encode([
+//                    'u' => rcube::get_instance()->get_user_name(),
+//                    'r' => $_SERVER['REMOTE_ADDR'],
+//                    'a' => empty($_SERVER['HTTP_USER_AGENT']) ? '-' : $_SERVER['HTTP_USER_AGENT'],
+//                    't' => $_SERVER['REQUEST_TIME']
+//                ]);
+//                return base64_encode($d); # should be encrypted!
+//        });
diff --git a/plugins/additional_message_headers/additional_message_headers.php b/plugins/additional_message_headers/additional_message_headers.php
@@ -42,22 +42,24 @@ public function message_headers($args)
 
         if (!empty($additional_headers)) {
             // Expand the % config variables
-            $search = [
-                    '/(^|[^%])%u/',
-                    '/(^|[^%])%l/',
-                    '/(^|[^%])%d/',
+            $map = [
+                '/(^|[^%])%u/' => '${1}' . $rcube->get_user_name(),
+                '/(^|[^%])%l/' => '${1}' . $rcube->user->get_username('local'),
+                '/(^|[^%])%d/' => '${1}' . $rcube->user->get_username('domain'),
             ];
+            $search = array_keys($map);
+            $replace = array_values($map);
 
-            $replace = [
-                    '${1}' . $rcube->get_user_name(),
-                    '${1}' . $rcube->user->get_username('local'),
-                    '${1}' . $rcube->user->get_username('domain'),
-            ];
-
-            $additional_headers = preg_replace($search, $replace, $additional_headers);
-
-            // replace %%<variable> with %<variable>
-            $additional_headers = preg_replace('/%(%[uld])/', '\1', $additional_headers);
+            // Loop the array and see whether we're dealing with a CALLABLE or implying a STRING
+            foreach ($additional_headers as $key => $val) {
+                if (is_callable($val)) {
+                    $additional_headers[$key] = $val();
+                } else {
+                    $additional_headers[$key] = preg_replace($search, $replace, $val);
+                    // replace %%<variable> with %<variable>
+                    $additional_headers[$key] = preg_replace('/%(%[uld])/', '\1', $val);
+                }
+            }
 
             $args['message']->headers($additional_headers, true);
         }