X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=program%2Finclude%2Fmain.inc;h=30d90993e7b36af08313cd170699da061dee33b7;hb=a2dd2e41259a5e90016efcd7d083020b95e25527;hp=446780cdc798ef59165733642af00974654b34fb;hpb=c55c762910acc6b77b1aab2b6e28d5bbf522b920;p=roundcube.git diff --git a/program/include/main.inc b/program/include/main.inc index 446780c..30d9099 100644 --- a/program/include/main.inc +++ b/program/include/main.inc @@ -4,8 +4,8 @@ +-----------------------------------------------------------------------+ | program/include/main.inc | | | - | This file is part of the RoundCube Webmail client | - | Copyright (C) 2005-2008, RoundCube Dev, - Switzerland | + | This file is part of the Roundcube Webmail client | + | Copyright (C) 2005-2011, The Roundcube Dev Team | | Licensed under the GNU GPL | | | | PURPOSE: | @@ -15,21 +15,19 @@ | Author: Thomas Bruederli | +-----------------------------------------------------------------------+ - $Id: main.inc 1255 2008-04-05 12:49:21Z thomasb $ + $Id: main.inc 5151 2011-08-31 12:49:44Z alec $ */ /** - * RoundCube Webmail common functions + * Roundcube Webmail common functions * * @package Core * @author Thomas Bruederli */ -require_once('lib/utf7.inc'); -require_once('include/rcube_user.inc'); -require_once('include/rcube_shared.inc'); -require_once('include/rcmail_template.inc'); +require_once 'utf7.inc'; +require_once INSTALL_PATH . 'program/include/rcube_shared.inc'; // define constannts for input reading define('RCUBE_INPUT_GET', 0x0101); @@ -37,990 +35,479 @@ define('RCUBE_INPUT_POST', 0x0102); define('RCUBE_INPUT_GPC', 0x0103); + /** - * Initial startup function - * to register session, create database and imap connections + * Return correct name for a specific database table * - * @param string Current task + * @param string Table name + * @return string Translated table name */ -function rcmail_startup($task='mail') +function get_table_name($table) { - global $sess_id, $sess_user_lang; - global $CONFIG, $INSTALL_PATH, $BROWSER, $OUTPUT, $_SESSION, $IMAP, $DB, $USER; - - // check client - $BROWSER = rcube_browser(); - - // load configuration - $CONFIG = rcmail_load_config(); - - // set session domain - if (isset($CONFIG['session_domain']) && !empty($CONFIG['session_domain'])) { - ini_set('session.cookie_domain', $CONFIG['session_domain']); - } - - // set session garbage collecting time according to session_lifetime - if (!empty($CONFIG['session_lifetime'])) - ini_set('session.gc_maxlifetime', ($CONFIG['session_lifetime']) * 120); - - // prepare DB connection - $dbwrapper = empty($CONFIG['db_backend']) ? 'db' : $CONFIG['db_backend']; - $dbclass = "rcube_" . $dbwrapper; - require_once("include/$dbclass.inc"); - - $DB = new $dbclass($CONFIG['db_dsnw'], $CONFIG['db_dsnr'], $CONFIG['db_persistent']); - $DB->sqlite_initials = $INSTALL_PATH.'SQL/sqlite.initial.sql'; - $DB->set_debug((bool)$CONFIG['sql_debug']); - $DB->db_connect('w'); - - // use database for storing session data - include_once('include/session.inc'); - - // init session - session_start(); - $sess_id = session_id(); - - // create session and set session vars - if (!isset($_SESSION['auth_time'])) - { - $_SESSION['user_lang'] = rcube_language_prop($CONFIG['locale_string']); - $_SESSION['auth_time'] = time(); - $_SESSION['temp'] = true; - } - - // set session vars global - $sess_user_lang = rcube_language_prop($_SESSION['user_lang']); - - // create user object - $USER = new rcube_user($_SESSION['user_id']); - - // overwrite config with user preferences - $CONFIG = array_merge($CONFIG, (array)$USER->get_prefs()); - - - // reset some session parameters when changing task - if ($_SESSION['task'] != $task) - unset($_SESSION['page']); - - // set current task to session - $_SESSION['task'] = $task; - - // create IMAP object - if ($task=='mail') - rcmail_imap_init(); - + global $CONFIG; - // set localization - if ($CONFIG['locale_string']) - setlocale(LC_ALL, $CONFIG['locale_string']); - else if ($sess_user_lang) - setlocale(LC_ALL, $sess_user_lang); + // return table name if configured + $config_key = 'db_table_'.$table; + if (strlen($CONFIG[$config_key])) + return $CONFIG[$config_key]; - register_shutdown_function('rcmail_shutdown'); + return $table; } /** - * Load roundcube configuration array + * Return correct name for a specific database sequence + * (used for Postgres only) * - * @return array Named configuration parameters + * @param string Secuence name + * @return string Translated sequence name */ -function rcmail_load_config() +function get_sequence_name($sequence) { - global $INSTALL_PATH; - - // load config file - include_once('config/main.inc.php'); - $conf = is_array($rcmail_config) ? $rcmail_config : array(); - - // load host-specific configuration - rcmail_load_host_config($conf); - - $conf['skin_path'] = $conf['skin_path'] ? unslashify($conf['skin_path']) : 'skins/default'; - - // load db conf - include_once('config/db.inc.php'); - $conf = array_merge($conf, $rcmail_config); - - if (empty($conf['log_dir'])) - $conf['log_dir'] = $INSTALL_PATH.'logs'; - else - $conf['log_dir'] = unslashify($conf['log_dir']); - - // set PHP error logging according to config - if ($conf['debug_level'] & 1) - { - ini_set('log_errors', 1); - ini_set('error_log', $conf['log_dir'].'/errors'); - } - if ($conf['debug_level'] & 4) - ini_set('display_errors', 1); - else - ini_set('display_errors', 0); + // return sequence name if configured + $config_key = 'db_sequence_'.$sequence; + $opt = rcmail::get_instance()->config->get($config_key); - return $conf; + if (!empty($opt)) + return $opt; + + return $sequence; } /** - * Load a host-specific config file if configured - * This will merge the host specific configuration with the given one + * Get localized text in the desired language + * It's a global wrapper for rcmail::gettext() * - * @param array Global configuration parameters + * @param mixed Named parameters array or label name + * @param string Domain to search in (e.g. plugin name) + * @return string Localized text + * @see rcmail::gettext() */ -function rcmail_load_host_config(&$config) - { - $fname = NULL; - - if (is_array($config['include_host_config'])) - $fname = $config['include_host_config'][$_SERVER['HTTP_HOST']]; - else if (!empty($config['include_host_config'])) - $fname = preg_replace('/[^a-z0-9\.\-_]/i', '', $_SERVER['HTTP_HOST']) . '.inc.php'; - - if ($fname && is_file('config/'.$fname)) - { - include('config/'.$fname); - $config = array_merge($config, $rcmail_config); - } - } +function rcube_label($p, $domain=null) +{ + return rcmail::get_instance()->gettext($p, $domain); +} /** - * Create unique authorization hash + * Global wrapper of rcmail::text_exists() + * to check whether a text label is defined * - * @param string Session ID - * @param int Timestamp - * @return string The generated auth hash + * @see rcmail::text_exists() */ -function rcmail_auth_hash($sess_id, $ts) - { - global $CONFIG; - - $auth_string = sprintf('rcmail*sess%sR%s*Chk:%s;%s', - $sess_id, - $ts, - $CONFIG['ip_check'] ? $_SERVER['REMOTE_ADDR'] : '***.***.***.***', - $_SERVER['HTTP_USER_AGENT']); - - if (function_exists('sha1')) - return sha1($auth_string); - else - return md5($auth_string); - } +function rcube_label_exists($name, $domain=null) +{ + return rcmail::get_instance()->text_exists($name, $domain); +} /** - * Check the auth hash sent by the client against the local session credentials + * Overwrite action variable * - * @return boolean True if valid, False if not + * @param string New action value */ -function rcmail_authenticate_session() - { - global $CONFIG, $SESS_CLIENT_IP, $SESS_CHANGED; - - // advanced session authentication - if ($CONFIG['double_auth']) +function rcmail_overwrite_action($action) { - $now = time(); - $valid = ($_COOKIE['sessauth'] == rcmail_auth_hash(session_id(), $_SESSION['auth_time']) || - $_COOKIE['sessauth'] == rcmail_auth_hash(session_id(), $_SESSION['last_auth'])); - - // renew auth cookie every 5 minutes (only for GET requests) - if (!$valid || ($_SERVER['REQUEST_METHOD']!='POST' && $now-$_SESSION['auth_time'] > 300)) - { - $_SESSION['last_auth'] = $_SESSION['auth_time']; - $_SESSION['auth_time'] = $now; - setcookie('sessauth', rcmail_auth_hash(session_id(), $now)); - } - } - else - $valid = $CONFIG['ip_check'] ? $_SERVER['REMOTE_ADDR'] == $SESS_CLIENT_IP : true; - - // check session filetime - if (!empty($CONFIG['session_lifetime']) && isset($SESS_CHANGED) - && $SESS_CHANGED + $CONFIG['session_lifetime']*60 < time()) - $valid = false; - - return $valid; + $app = rcmail::get_instance(); + $app->action = $action; + $app->output->set_env('action', $action); } /** - * Create global IMAP object and connect to server + * Compose an URL for a specific action * - * @param boolean True if connection should be established + * @param string Request action + * @param array More URL parameters + * @param string Request task (omit if the same) + * @return The application URL */ -function rcmail_imap_init($connect=FALSE) - { - global $CONFIG, $DB, $IMAP, $OUTPUT; - - $IMAP = new rcube_imap($DB); - $IMAP->debug_level = $CONFIG['debug_level']; - $IMAP->skip_deleted = $CONFIG['skip_deleted']; - - - // connect with stored session data - if ($connect) - { - if (!($conn = $IMAP->connect($_SESSION['imap_host'], $_SESSION['username'], decrypt_passwd($_SESSION['password']), $_SESSION['imap_port'], $_SESSION['imap_ssl']))) - $OUTPUT->show_message('imaperror', 'error'); - - rcmail_set_imap_prop(); - } - - // enable caching of imap data - if ($CONFIG['enable_caching']===TRUE) - $IMAP->set_caching(TRUE); - - // set pagesize from config - if (isset($CONFIG['pagesize'])) - $IMAP->set_pagesize($CONFIG['pagesize']); - } +function rcmail_url($action, $p=array(), $task=null) +{ + $app = rcmail::get_instance(); + return $app->url((array)$p + array('_action' => $action, 'task' => $task)); +} /** - * Set root dir and last stored mailbox - * This must be done AFTER connecting to the server! + * Garbage collector function for temp files. + * Remove temp files older than two days */ -function rcmail_set_imap_prop() - { - global $CONFIG, $IMAP; - - if (!empty($CONFIG['default_charset'])) - $IMAP->set_charset($CONFIG['default_charset']); +function rcmail_temp_gc() +{ + $rcmail = rcmail::get_instance(); + + $tmp = unslashify($rcmail->config->get('temp_dir')); + $expire = mktime() - 172800; // expire in 48 hours - // set root dir from config - if (!empty($CONFIG['imap_root'])) - $IMAP->set_rootdir($CONFIG['imap_root']); + if ($dir = opendir($tmp)) { + while (($fname = readdir($dir)) !== false) { + if ($fname{0} == '.') + continue; - if (is_array($CONFIG['default_imap_folders'])) - $IMAP->set_default_mailboxes($CONFIG['default_imap_folders']); + if (filemtime($tmp.'/'.$fname) < $expire) + @unlink($tmp.'/'.$fname); + } - if (!empty($_SESSION['mbox'])) - $IMAP->set_mailbox($_SESSION['mbox']); - if (isset($_SESSION['page'])) - $IMAP->set_page($_SESSION['page']); + closedir($dir); } +} /** - * Do these things on script shutdown + * Garbage collector for cache entries. + * Remove all expired message cache records + * @return void */ -function rcmail_shutdown() - { - global $IMAP, $CONTACTS; - - if (is_object($IMAP)) - { - $IMAP->close(); - $IMAP->write_cache(); - } - - if (is_object($CONTACTS)) - $CONTACTS->close(); - - // before closing the database connection, write session data - session_write_close(); - } +function rcmail_cache_gc() +{ + $rcmail = rcmail::get_instance(); + $db = $rcmail->get_dbh(); + // get target timestamp + $ts = get_offset_time($rcmail->config->get('message_cache_lifetime', '30d'), -1); -/** - * Destroy session data and remove cookie - */ -function rcmail_kill_session() - { - global $USER; - - if ((isset($_SESSION['sort_col']) && $_SESSION['sort_col']!=$a_user_prefs['message_sort_col']) || - (isset($_SESSION['sort_order']) && $_SESSION['sort_order']!=$a_user_prefs['message_sort_order'])) - { - $a_user_prefs = array('message_sort_col' => $_SESSION['sort_col'], 'message_sort_order' => $_SESSION['sort_order']); - $USER->save_prefs($a_user_prefs); - } + $db->query("DELETE FROM ".get_table_name('messages')." + WHERE created < " . $db->fromunixtime($ts)); - $_SESSION = array('user_lang' => $GLOBALS['sess_user_lang'], 'auth_time' => time(), 'temp' => true); - setcookie('sessauth', '-del-', time()-60); - $USER->reset(); - } + $db->query("DELETE FROM ".get_table_name('cache')." + WHERE created < " . $db->fromunixtime($ts)); +} /** - * Return correct name for a specific database table + * Catch an error and throw an exception. * - * @param string Table name - * @return string Translated table name - */ -function get_table_name($table) - { - global $CONFIG; - - // return table name if configured - $config_key = 'db_table_'.$table; - - if (strlen($CONFIG[$config_key])) - return $CONFIG[$config_key]; - - return $table; - } + * @param int Level of the error + * @param string Error message + */ +function rcube_error_handler($errno, $errstr) +{ + throw new ErrorException($errstr, 0, $errno); +} /** - * Return correct name for a specific database sequence - * (used for Postres only) + * Convert a string from one charset to another. + * Uses mbstring and iconv functions if possible * - * @param string Secuence name - * @return string Translated sequence name + * @param string Input string + * @param string Suspected charset of the input string + * @param string Target charset to convert to; defaults to RCMAIL_CHARSET + * @return string Converted string */ -function get_sequence_name($sequence) - { - global $CONFIG; - - // return table name if configured - $config_key = 'db_sequence_'.$sequence; +function rcube_charset_convert($str, $from, $to=NULL) +{ + static $iconv_options = null; + static $mbstring_loaded = null; + static $mbstring_list = null; + static $conv = null; - if (strlen($CONFIG[$config_key])) - return $CONFIG[$config_key]; - - return $sequence; + $error = false; + + $to = empty($to) ? strtoupper(RCMAIL_CHARSET) : rcube_parse_charset($to); + $from = rcube_parse_charset($from); + + if ($from == $to || empty($str) || empty($from)) + return $str; + + // convert charset using iconv module + if (function_exists('iconv') && $from != 'UTF7-IMAP' && $to != 'UTF7-IMAP') { + if ($iconv_options === null) { + // ignore characters not available in output charset + $iconv_options = '//IGNORE'; + if (iconv('', $iconv_options, '') === false) { + // iconv implementation does not support options + $iconv_options = ''; + } + } + + // throw an exception if iconv reports an illegal character in input + // it means that input string has been truncated + set_error_handler('rcube_error_handler', E_NOTICE); + try { + $_iconv = iconv($from, $to . $iconv_options, $str); + } catch (ErrorException $e) { + $_iconv = false; + } + restore_error_handler(); + if ($_iconv !== false) { + return $_iconv; + } } + if ($mbstring_loaded === null) + $mbstring_loaded = extension_loaded('mbstring'); -/** - * Check the given string and returns language properties - * - * @param string Language code - * @param string Peropert name - * @return string Property value - */ -function rcube_language_prop($lang, $prop='lang') - { - global $INSTALL_PATH; - static $rcube_languages, $rcube_language_aliases, $rcube_charsets; + // convert charset using mbstring module + if ($mbstring_loaded) { + $aliases['WINDOWS-1257'] = 'ISO-8859-13'; - if (empty($rcube_languages)) - @include($INSTALL_PATH.'program/localization/index.inc'); - - // check if we have an alias for that language - if (!isset($rcube_languages[$lang]) && isset($rcube_language_aliases[$lang])) - $lang = $rcube_language_aliases[$lang]; - - // try the first two chars - if (!isset($rcube_languages[$lang]) && strlen($lang)>2) - { - $lang = substr($lang, 0, 2); - $lang = rcube_language_prop($lang); + if ($mbstring_list === null) { + $mbstring_list = mb_list_encodings(); + $mbstring_list = array_map('strtoupper', $mbstring_list); } - if (!isset($rcube_languages[$lang])) - $lang = 'en_US'; + $mb_from = $aliases[$from] ? $aliases[$from] : $from; + $mb_to = $aliases[$to] ? $aliases[$to] : $to; - // language has special charset configured - if (isset($rcube_charsets[$lang])) - $charset = $rcube_charsets[$lang]; - else - $charset = 'UTF-8'; + // return if encoding found, string matches encoding and convert succeeded + if (in_array($mb_from, $mbstring_list) && in_array($mb_to, $mbstring_list)) { + if (mb_check_encoding($str, $mb_from) && ($out = mb_convert_encoding($str, $mb_to, $mb_from))) + return $out; + } + } + // convert charset using bundled classes/functions + if ($to == 'UTF-8') { + if ($from == 'UTF7-IMAP') { + if ($_str = utf7_to_utf8($str)) + return $_str; + } + else if ($from == 'UTF-7') { + if ($_str = rcube_utf7_to_utf8($str)) + return $_str; + } + else if (($from == 'ISO-8859-1') && function_exists('utf8_encode')) { + return utf8_encode($str); + } + else if (class_exists('utf8')) { + if (!$conv) + $conv = new utf8($from); + else + $conv->loadCharset($from); + + if($_str = $conv->strToUtf8($str)) + return $_str; + } + $error = true; + } - if ($prop=='charset') - return $charset; - else - return $lang; + // encode string for output + if ($from == 'UTF-8') { + // @TODO: we need a function for UTF-7 (RFC2152) conversion + if ($to == 'UTF7-IMAP' || $to == 'UTF-7') { + if ($_str = utf8_to_utf7($str)) + return $_str; + } + else if ($to == 'ISO-8859-1' && function_exists('utf8_decode')) { + return utf8_decode($str); + } + else if (class_exists('utf8')) { + if (!$conv) + $conv = new utf8($to); + else + $conv->loadCharset($from); + + if ($_str = $conv->strToUtf8($str)) + return $_str; + } + $error = true; } - + + // return UTF-8 or original string + return $str; +} + /** - * Init output object for GUI and add common scripts. - * This will instantiate a rcmail_template object and set - * environment vars according to the current session and configuration + * Parse and validate charset name string (see #1485758). + * Sometimes charset string is malformed, there are also charset aliases + * but we need strict names for charset conversion (specially utf8 class) + * + * @param string Input charset name + * @return string The validated charset name */ -function rcmail_load_gui() - { - global $CONFIG, $OUTPUT, $sess_user_lang; - - // init output page - $OUTPUT = new rcmail_template($CONFIG, $GLOBALS['_task']); - $OUTPUT->set_env('comm_path', $GLOBALS['COMM_PATH']); +function rcube_parse_charset($input) +{ + static $charsets = array(); + $charset = strtoupper($input); - if (is_array($CONFIG['javascript_config'])) - { - foreach ($CONFIG['javascript_config'] as $js_config_var) - $OUTPUT->set_env($js_config_var, $CONFIG[$js_config_var]); - } + if (isset($charsets[$input])) + return $charsets[$input]; - if (!empty($GLOBALS['_framed'])) - $OUTPUT->set_env('framed', true); + $charset = preg_replace(array( + '/^[^0-9A-Z]+/', // e.g. _ISO-8859-JP$SIO + '/\$.*$/', // e.g. _ISO-8859-JP$SIO + '/UNICODE-1-1-*/', // RFC1641/1642 + '/^X-/', // X- prefix (e.g. X-ROMAN8 => ROMAN8) + ), '', $charset); - // set locale setting - rcmail_set_locale($sess_user_lang); + if ($charset == 'BINARY') + return $charsets[$input] = null; - // set user-selected charset - if (!empty($CONFIG['charset'])) - $OUTPUT->set_charset($CONFIG['charset']); - - // register common UI objects - $OUTPUT->add_handlers(array( - 'loginform' => 'rcmail_login_form', - 'username' => 'rcmail_current_username', - 'message' => 'rcmail_message_container', - 'charsetselector' => 'rcmail_charset_selector', - )); + # Aliases: some of them from HTML5 spec. + $aliases = array( + 'USASCII' => 'WINDOWS-1252', + 'ANSIX31101983' => 'WINDOWS-1252', + 'ANSIX341968' => 'WINDOWS-1252', + 'UNKNOWN8BIT' => 'ISO-8859-15', + 'UNKNOWN' => 'ISO-8859-15', + 'USERDEFINED' => 'ISO-8859-15', + 'KSC56011987' => 'EUC-KR', + 'GB2312' => 'GBK', + 'GB231280' => 'GBK', + 'UNICODE' => 'UTF-8', + 'UTF7IMAP' => 'UTF7-IMAP', + 'TIS620' => 'WINDOWS-874', + 'ISO88599' => 'WINDOWS-1254', + 'ISO885911' => 'WINDOWS-874', + 'MACROMAN' => 'MACINTOSH', + '77' => 'MAC', + '128' => 'SHIFT-JIS', + '129' => 'CP949', + '130' => 'CP1361', + '134' => 'GBK', + '136' => 'BIG5', + '161' => 'WINDOWS-1253', + '162' => 'WINDOWS-1254', + '163' => 'WINDOWS-1258', + '177' => 'WINDOWS-1255', + '178' => 'WINDOWS-1256', + '186' => 'WINDOWS-1257', + '204' => 'WINDOWS-1251', + '222' => 'WINDOWS-874', + '238' => 'WINDOWS-1250', + 'MS950' => 'CP950', + 'WINDOWS949' => 'UHC', + ); - // add some basic label to client - if (!$OUTPUT->ajax_call) - rcube_add_label('loading', 'movingmessage'); + // allow A-Z and 0-9 only + $str = preg_replace('/[^A-Z0-9]/', '', $charset); + + if (isset($aliases[$str])) + $result = $aliases[$str]; + // UTF + else if (preg_match('/U[A-Z][A-Z](7|8|16|32)(BE|LE)*/', $str, $m)) + $result = 'UTF-' . $m[1] . $m[2]; + // ISO-8859 + else if (preg_match('/ISO8859([0-9]{0,2})/', $str, $m)) { + $iso = 'ISO-8859-' . ($m[1] ? $m[1] : 1); + // some clients sends windows-1252 text as latin1, + // it is safe to use windows-1252 for all latin1 + $result = $iso == 'ISO-8859-1' ? 'WINDOWS-1252' : $iso; + } + // handle broken charset names e.g. WINDOWS-1250HTTP-EQUIVCONTENT-TYPE + else if (preg_match('/(WIN|WINDOWS)([0-9]+)/', $str, $m)) { + $result = 'WINDOWS-' . $m[2]; + } + // LATIN + else if (preg_match('/LATIN(.*)/', $str, $m)) { + $aliases = array('2' => 2, '3' => 3, '4' => 4, '5' => 9, '6' => 10, + '7' => 13, '8' => 14, '9' => 15, '10' => 16, + 'ARABIC' => 6, 'CYRILLIC' => 5, 'GREEK' => 7, 'GREEK1' => 7, 'HEBREW' => 8); + + // some clients sends windows-1252 text as latin1, + // it is safe to use windows-1252 for all latin1 + if ($m[1] == 1) { + $result = 'WINDOWS-1252'; + } + // if iconv is not supported we need ISO labels, it's also safe for iconv + else if (!empty($aliases[$m[1]])) { + $result = 'ISO-8859-'.$aliases[$m[1]]; + } + // iconv requires convertion of e.g. LATIN-1 to LATIN1 + else { + $result = $str; + } + } + else { + $result = $charset; } + $charsets[$input] = $result; -/** - * Set localization charset based on the given language. - * This also creates a global property for mbstring usage. - */ -function rcmail_set_locale($lang) - { - global $OUTPUT, $MBSTRING; - static $s_mbstring_loaded = NULL; - - // settings for mbstring module (by Tadashi Jokagi) - if (is_null($s_mbstring_loaded)) - $MBSTRING = $s_mbstring_loaded = extension_loaded("mbstring"); - else - $MBSTRING = $s_mbstring_loaded = FALSE; - - if ($MBSTRING) - mb_internal_encoding(RCMAIL_CHARSET); - - $OUTPUT->set_charset(rcube_language_prop($lang, 'charset')); - } + return $result; +} /** - * Auto-select IMAP host based on the posted login information + * Converts string from standard UTF-7 (RFC 2152) to UTF-8. * - * @return string Selected IMAP host + * @param string Input string + * @return string The converted string */ -function rcmail_autoselect_host() +function rcube_utf7_to_utf8($str) +{ + $Index_64 = array( + 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, + 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, + 0,0,0,0, 0,0,0,0, 0,0,0,1, 0,0,0,0, + 1,1,1,1, 1,1,1,1, 1,1,0,0, 0,0,0,0, + 0,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, + 1,1,1,1, 1,1,1,1, 1,1,1,0, 0,0,0,0, + 0,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, + 1,1,1,1, 1,1,1,1, 1,1,1,0, 0,0,0,0, + ); + + $u7len = strlen($str); + $str = strval($str); + $res = ''; + + for ($i=0; $u7len > 0; $i++, $u7len--) { - global $CONFIG; - - $host = isset($_POST['_host']) ? get_input_value('_host', RCUBE_INPUT_POST) : $CONFIG['default_host']; - if (is_array($host)) + $u7 = $str[$i]; + if ($u7 == '+') { - list($user, $domain) = explode('@', get_input_value('_user', RCUBE_INPUT_POST)); - if (!empty($domain)) + $i++; + $u7len--; + $ch = ''; + + for (; $u7len > 0; $i++, $u7len--) { - foreach ($host as $imap_host => $mail_domains) - if (is_array($mail_domains) && in_array($domain, $mail_domains)) - { - $host = $imap_host; + $u7 = $str[$i]; + + if (!$Index_64[ord($u7)]) break; - } + + $ch .= $u7; + } + + if ($ch == '') { + if ($u7 == '-') + $res .= '+'; + continue; } - // take the first entry if $host is still an array - if (is_array($host)) - $host = array_shift($host); + $res .= rcube_utf16_to_utf8(base64_decode($ch)); + } + else + { + $res .= $u7; } - - return $host; } + return $res; +} /** - * Perfom login to the IMAP server and to the webmail service. - * This will also create a new user entry if auto_create_user is configured. + * Converts string from UTF-16 to UTF-8 (helper for utf-7 to utf-8 conversion) * - * @param string IMAP user name - * @param string IMAP password - * @param string IMAP host - * @return boolean True on success, False on failure + * @param string Input string + * @return string The converted string */ -function rcmail_login($user, $pass, $host=NULL) - { - global $CONFIG, $IMAP, $DB, $USER, $sess_user_lang; - $user_id = NULL; - - if (!$host) - $host = $CONFIG['default_host']; - - // Validate that selected host is in the list of configured hosts - if (is_array($CONFIG['default_host'])) - { - $allowed = FALSE; - foreach ($CONFIG['default_host'] as $key => $host_allowed) - { - if (!is_numeric($key)) - $host_allowed = $key; - if ($host == $host_allowed) - { - $allowed = TRUE; - break; - } - } - if (!$allowed) - return FALSE; +function rcube_utf16_to_utf8($str) +{ + $len = strlen($str); + $dec = ''; + + for ($i = 0; $i < $len; $i += 2) { + $c = ord($str[$i]) << 8 | ord($str[$i + 1]); + if ($c >= 0x0001 && $c <= 0x007F) { + $dec .= chr($c); + } else if ($c > 0x07FF) { + $dec .= chr(0xE0 | (($c >> 12) & 0x0F)); + $dec .= chr(0x80 | (($c >> 6) & 0x3F)); + $dec .= chr(0x80 | (($c >> 0) & 0x3F)); + } else { + $dec .= chr(0xC0 | (($c >> 6) & 0x1F)); + $dec .= chr(0x80 | (($c >> 0) & 0x3F)); } - else if (!empty($CONFIG['default_host']) && $host != $CONFIG['default_host']) - return FALSE; - - // parse $host URL - $a_host = parse_url($host); - if ($a_host['host']) - { - $host = $a_host['host']; - $imap_ssl = (isset($a_host['scheme']) && in_array($a_host['scheme'], array('ssl','imaps','tls'))) ? $a_host['scheme'] : null; - $imap_port = isset($a_host['port']) ? $a_host['port'] : ($imap_ssl ? 993 : $CONFIG['default_port']); - } - else - $imap_port = $CONFIG['default_port']; - - - /* Modify username with domain if required - Inspired by Marco - */ - // Check if we need to add domain - if (!empty($CONFIG['username_domain']) && !strpos($user, '@')) - { - if (is_array($CONFIG['username_domain']) && isset($CONFIG['username_domain'][$host])) - $user .= '@'.$CONFIG['username_domain'][$host]; - else if (is_string($CONFIG['username_domain'])) - $user .= '@'.$CONFIG['username_domain']; - } - - // try to resolve email address from virtuser table - if (!empty($CONFIG['virtuser_file']) && strpos($user, '@')) - $user = rcube_user::email2user($user); - - // lowercase username if it's an e-mail address (#1484473) - if (strpos($user, '@')) - $user = strtolower($user); - - // query if user already registered - if ($existing = rcube_user::query($user, $host)) - $USER = $existing; - - // user already registered -> overwrite username - if ($USER->ID) - { - $user_id = $USER->ID; - $user = $USER->data['username']; - } - - // exit if IMAP login failed - if (!($imap_login = $IMAP->connect($host, $user, $pass, $imap_port, $imap_ssl))) - return false; - - // user already registered - if ($USER->ID) - { - // get user prefs - $CONFIG = array_merge($CONFIG, (array)$USER->get_prefs()); - - // set user specific language - if (!empty($USER->data['language'])) - $sess_user_lang = $_SESSION['user_lang'] = $USER->data['language']; - - // update user's record - $USER->touch(); - } - // create new system user - else if ($CONFIG['auto_create_user']) - { - if ($created = rcube_user::create($user, $host)) - { - $USER = $created; - - // get existing mailboxes - $a_mailboxes = $IMAP->list_mailboxes(); - } - } - else - { - raise_error(array( - 'code' => 600, - 'type' => 'php', - 'file' => "config/main.inc.php", - 'message' => "Acces denied for new user $user. 'auto_create_user' is disabled" - ), true, false); - } - - if ($USER->ID) - { - $_SESSION['user_id'] = $USER->ID; - $_SESSION['username'] = $USER->data['username']; - $_SESSION['imap_host'] = $host; - $_SESSION['imap_port'] = $imap_port; - $_SESSION['imap_ssl'] = $imap_ssl; - $_SESSION['user_lang'] = $sess_user_lang; - $_SESSION['password'] = encrypt_passwd($pass); - $_SESSION['login_time'] = mktime(); - - // force reloading complete list of subscribed mailboxes - rcmail_set_imap_prop(); - $IMAP->clear_cache('mailboxes'); - - if ($CONFIG['create_default_folders']) - $IMAP->create_default_folders(); - - return TRUE; - } - - return FALSE; - } - - -/** - * Load virtuser table in array - * - * @return array Virtuser table entries - */ -function rcmail_getvirtualfile() - { - global $CONFIG; - if (empty($CONFIG['virtuser_file']) || !is_file($CONFIG['virtuser_file'])) - return FALSE; - - // read file - $a_lines = file($CONFIG['virtuser_file']); - return $a_lines; - } - - -/** - * Find matches of the given pattern in virtuser table - * - * @param string Regular expression to search for - * @return array Matching entries - */ -function rcmail_findinvirtual($pattern) - { - $result = array(); - $virtual = rcmail_getvirtualfile(); - if ($virtual==FALSE) - return $result; - - // check each line for matches - foreach ($virtual as $line) - { - $line = trim($line); - if (empty($line) || $line{0}=='#') - continue; - - if (eregi($pattern, $line)) - $result[] = $line; - } - - return $result; - } - - -/** - * Overwrite action variable - * - * @param string New action value - */ -function rcmail_overwrite_action($action) - { - global $OUTPUT; - $GLOBALS['_action'] = $action; - $OUTPUT->set_env('action', $action); - } - - -/** - * Compose an URL for a specific action - * - * @param string Request action - * @param array More URL parameters - * @param string Request task (omit if the same) - * @return The application URL - */ -function rcmail_url($action, $p=array(), $task=null) -{ - global $MAIN_TASKS, $COMM_PATH; - $qstring = ''; - $base = $COMM_PATH; - - if ($task && in_array($task, $MAIN_TASKS)) - $base = ereg_replace('_task=[a-z]+', '_task='.$task, $COMM_PATH); - - if (is_array($p)) - foreach ($p as $key => $val) - $qstring .= '&'.urlencode($key).'='.urlencode($val); - - return $base . ($action ? '&_action='.$action : '') . $qstring; -} - - -// @deprecated -function show_message($message, $type='notice', $vars=NULL) - { - global $OUTPUT; - $OUTPUT->show_message($message, $type, $vars); - } - - -/** - * Encrypt IMAP password using DES encryption - * - * @param string Password to encrypt - * @return string Encryprted string - */ -function encrypt_passwd($pass) -{ - if (function_exists('mcrypt_module_open') && ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, ""))) { - $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); - mcrypt_generic_init($td, get_des_key(), $iv); - $cypher = mcrypt_generic($td, $pass); - mcrypt_generic_deinit($td); - mcrypt_module_close($td); - } - else if (function_exists('des')) { - $cypher = des(get_des_key(), $pass, 1, 0, NULL); - } - else { - $cypher = $pass; - - raise_error(array( - 'code' => 500, - 'type' => 'php', - 'file' => __FILE__, - 'message' => "Could not convert encrypt password. Make sure Mcrypt is installed or lib/des.inc is available" - ), true, false); - } - - return base64_encode($cypher); -} - - -/** - * Decrypt IMAP password using DES encryption - * - * @param string Encrypted password - * @return string Plain password - */ -function decrypt_passwd($cypher) -{ - if (function_exists('mcrypt_module_open') && ($td = mcrypt_module_open(MCRYPT_TripleDES, "", MCRYPT_MODE_ECB, ""))) { - $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($td), MCRYPT_RAND); - mcrypt_generic_init($td, get_des_key(), $iv); - $pass = mdecrypt_generic($td, base64_decode($cypher)); - mcrypt_generic_deinit($td); - mcrypt_module_close($td); - } - else if (function_exists('des')) { - $pass = des(get_des_key(), base64_decode($cypher), 0, 0, NULL); - } - else { - $pass = base64_decode($cypher); - } - - return preg_replace('/\x00/', '', $pass); - } - - -/** - * Return a 24 byte key for the DES encryption - * - * @return string DES encryption key - */ -function get_des_key() - { - $key = !empty($GLOBALS['CONFIG']['des_key']) ? $GLOBALS['CONFIG']['des_key'] : 'rcmail?24BitPwDkeyF**ECB'; - $len = strlen($key); - - // make sure the key is exactly 24 chars long - if ($len<24) - $key .= str_repeat('_', 24-$len); - else if ($len>24) - substr($key, 0, 24); - - return $key; - } - - -/** - * Read directory program/localization and return a list of available languages - * - * @return array List of available localizations - */ -function rcube_list_languages() - { - global $CONFIG, $INSTALL_PATH; - static $sa_languages = array(); - - if (!sizeof($sa_languages)) - { - @include($INSTALL_PATH.'program/localization/index.inc'); - - if ($dh = @opendir($INSTALL_PATH.'program/localization')) - { - while (($name = readdir($dh)) !== false) - { - if ($name{0}=='.' || !is_dir($INSTALL_PATH.'program/localization/'.$name)) - continue; - - if ($label = $rcube_languages[$name]) - $sa_languages[$name] = $label ? $label : $name; - } - closedir($dh); - } - } - return $sa_languages; - } - - -/** - * Add a localized label to the client environment - */ -function rcube_add_label() - { - global $OUTPUT; - - $arg_list = func_get_args(); - foreach ($arg_list as $i => $name) - $OUTPUT->command('add_label', $name, rcube_label($name)); - } - - -/** - * Garbage collector function for temp files. - * Remove temp files older than two days - */ -function rcmail_temp_gc() - { - $tmp = unslashify($CONFIG['temp_dir']); - $expire = mktime() - 172800; // expire in 48 hours - - if ($dir = opendir($tmp)) - { - while (($fname = readdir($dir)) !== false) - { - if ($fname{0} == '.') - continue; - - if (filemtime($tmp.'/'.$fname) < $expire) - @unlink($tmp.'/'.$fname); - } - - closedir($dir); - } - } - - -/** - * Garbage collector for cache entries. - * Remove all expired message cache records - */ -function rcmail_message_cache_gc() - { - global $DB, $CONFIG; - - // no cache lifetime configured - if (empty($CONFIG['message_cache_lifetime'])) - return; - - // get target timestamp - $ts = get_offset_time($CONFIG['message_cache_lifetime'], -1); - - $DB->query("DELETE FROM ".get_table_name('messages')." - WHERE created < ".$DB->fromunixtime($ts)); - } - - -/** - * Convert a string from one charset to another. - * Uses mbstring and iconv functions if possible - * - * @param string Input string - * @param string Suspected charset of the input string - * @param string Target charset to convert to; defaults to RCMAIL_CHARSET - * @return Converted string - */ -function rcube_charset_convert($str, $from, $to=NULL) - { - global $MBSTRING; - static $convert_warning = false; - - $from = strtoupper($from); - $to = $to==NULL ? strtoupper(RCMAIL_CHARSET) : strtoupper($to); - $error = false; $conv = null; - - if ($from==$to || $str=='' || empty($from)) - return $str; - - $aliases = array( - 'UNKNOWN-8BIT' => 'ISO-8859-15', - 'X-UNKNOWN' => 'ISO-8859-15', - 'X-USER-DEFINED' => 'ISO-8859-15', - 'ISO-8859-8-I' => 'ISO-8859-8', - 'KS_C_5601-1987' => 'EUC-KR', - ); - - // convert charset using iconv module - if (function_exists('iconv') && $from != 'UTF-7' && $to != 'UTF-7') - { - $aliases['GB2312'] = 'GB18030'; - return iconv(($aliases[$from] ? $aliases[$from] : $from), ($aliases[$to] ? $aliases[$to] : $to) . "//IGNORE", $str); - } - - // convert charset using mbstring module - if ($MBSTRING) - { - $aliases['UTF-7'] = 'UTF7-IMAP'; - $aliases['WINDOWS-1257'] = 'ISO-8859-13'; - - // return if convert succeeded - if (($out = mb_convert_encoding($str, ($aliases[$to] ? $aliases[$to] : $to), ($aliases[$from] ? $aliases[$from] : $from))) != '') - return $out; - } - - - if (class_exists('utf8')) - $conv = new utf8(); - - // convert string to UTF-8 - if ($from == 'UTF-7') - $str = utf7_to_utf8($str); - else if (($from == 'ISO-8859-1') && function_exists('utf8_encode')) - $str = utf8_encode($str); - else if ($from != 'UTF-8' && $conv) - { - $conv->loadCharset($from); - $str = $conv->strToUtf8($str); - } - else if ($from != 'UTF-8') - $error = true; - - // encode string for output - if ($to == 'UTF-7') - return utf8_to_utf7($str); - else if ($to == 'ISO-8859-1' && function_exists('utf8_decode')) - return utf8_decode($str); - else if ($to != 'UTF-8' && $conv) - { - $conv->loadCharset($to); - return $conv->utf8ToStr($str); - } - else if ($to != 'UTF-8') - $error = true; - - // report error - if ($error && !$convert_warning) - { - raise_error(array( - 'code' => 500, - 'type' => 'php', - 'file' => __FILE__, - 'message' => "Could not convert string charset. Make sure iconv is installed or lib/utf8.class is available" - ), true, false); - - $convert_warning = true; - } - - // return UTF-8 string - return $str; - } + } + return $dec; +} /** @@ -1030,26 +517,23 @@ function rcube_charset_convert($str, $from, $to=NULL) * @param string Encoding type: text|html|xml|js|url * @param string Replace mode for tags: show|replace|remove * @param boolean Convert newlines - * @return The quoted string + * @return string The quoted string */ function rep_specialchars_output($str, $enctype='', $mode='', $newlines=TRUE) { - global $OUTPUT_TYPE, $OUTPUT; - static $html_encode_arr, $js_rep_table, $xml_rep_table; + static $html_encode_arr = false; + static $js_rep_table = false; + static $xml_rep_table = false; if (!$enctype) - $enctype = $GLOBALS['OUTPUT_TYPE']; - - // encode for plaintext - if ($enctype=='text') - return str_replace("\r\n", "\n", $mode=='remove' ? strip_tags($str) : $str); + $enctype = $OUTPUT->type; // encode for HTML output if ($enctype=='html') { if (!$html_encode_arr) { - $html_encode_arr = get_html_translation_table(HTML_SPECIALCHARS); + $html_encode_arr = get_html_translation_table(HTML_SPECIALCHARS); unset($html_encode_arr['?']); } @@ -1066,46 +550,48 @@ function rep_specialchars_output($str, $enctype='', $mode='', $newlines=TRUE) } else if ($mode=='remove') $str = strip_tags($str); - + + $out = strtr($str, $encode_arr); + // avoid douple quotation of & - $out = preg_replace('/&([a-z]{2,5}|#[0-9]{2,4});/', '&\\1;', strtr($str, $encode_arr)); - + $out = preg_replace('/&([A-Za-z]{2,6}|#[0-9]{2,4});/', '&\\1;', $out); + return $newlines ? nl2br($out) : $out; } - if ($enctype=='url') - return rawurlencode($str); - // if the replace tables for XML and JS are not yet defined - if (!$js_rep_table) + if ($js_rep_table===false) { $js_rep_table = $xml_rep_table = array(); $xml_rep_table['&'] = '&'; for ($c=160; $c<256; $c++) // can be increased to support more charsets - { - $xml_rep_table[Chr($c)] = "&#$c;"; - - if ($OUTPUT->get_charset()=='ISO-8859-1') - $js_rep_table[Chr($c)] = sprintf("\\u%04x", $c); - } + $xml_rep_table[chr($c)] = "&#$c;"; $xml_rep_table['"'] = '"'; + $js_rep_table['"'] = '\\"'; + $js_rep_table["'"] = "\\'"; + $js_rep_table["\\"] = "\\\\"; + // Unicode line and paragraph separators (#1486310) + $js_rep_table[chr(hexdec(E2)).chr(hexdec(80)).chr(hexdec(A8))] = '
'; + $js_rep_table[chr(hexdec(E2)).chr(hexdec(80)).chr(hexdec(A9))] = '
'; } + // encode for javascript use + if ($enctype=='js') + return preg_replace(array("/\r?\n/", "/\r/", '/<\\//'), array('\n', '\n', '<\\/'), strtr($str, $js_rep_table)); + + // encode for plaintext + if ($enctype=='text') + return str_replace("\r\n", "\n", $mode=='remove' ? strip_tags($str) : $str); + + if ($enctype=='url') + return rawurlencode($str); + // encode for XML if ($enctype=='xml') return strtr($str, $xml_rep_table); - // encode for javascript use - if ($enctype=='js') - { - if ($OUTPUT->get_charset()!='UTF-8') - $str = rcube_charset_convert($str, RCMAIL_CHARSET, $OUTPUT->get_charset()); - - return preg_replace(array("/\r?\n/", "/\r/"), array('\n', '\n'), addslashes(strtr($str, $js_rep_table))); - } - // no encoding given -> return original string return $str; } @@ -1146,8 +632,7 @@ function JQ($str) * @return string Field value or NULL if not available */ function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL) - { - global $OUTPUT; +{ $value = NULL; if ($source==RCUBE_INPUT_GET && isset($_GET[$fname])) @@ -1163,9 +648,37 @@ function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL) else if (isset($_COOKIE[$fname])) $value = $_COOKIE[$fname]; } - + + return parse_input_value($value, $allow_html, $charset); +} + +/** + * Parse/validate input value. See get_input_value() + * Performs stripslashes() and charset conversion if necessary + * + * @param string Input value + * @param boolean Allow HTML tags in field value + * @param string Charset to convert into + * @return string Parsed value + */ +function parse_input_value($value, $allow_html=FALSE, $charset=NULL) +{ + global $OUTPUT; + + if (empty($value)) + return $value; + + if (is_array($value)) { + foreach ($value as $idx => $val) + $value[$idx] = parse_input_value($val, $allow_html, $charset); + return $value; + } + + // strip single quotes if magic_quotes_sybase is enabled + if (ini_get('magic_quotes_sybase')) + $value = str_replace("''", "'", $value); // strip slashes if magic_quotes enabled - if ((bool)get_magic_quotes_gpc()) + else if (get_magic_quotes_gpc() || get_magic_quotes_runtime()) $value = stripslashes($value); // remove HTML tags if not allowed @@ -1173,19 +686,49 @@ function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL) $value = strip_tags($value); // convert to internal charset - if (is_object($OUTPUT)) + if (is_object($OUTPUT) && $charset) return rcube_charset_convert($value, $OUTPUT->get_charset(), $charset); else return $value; +} + +/** + * Convert array of request parameters (prefixed with _) + * to a regular array with non-prefixed keys. + * + * @param int Source to get value from (GPC) + * @return array Hash array with all request parameters + */ +function request2param($mode = RCUBE_INPUT_GPC) +{ + $out = array(); + $src = $mode == RCUBE_INPUT_GET ? $_GET : ($mode == RCUBE_INPUT_POST ? $_POST : $_REQUEST); + foreach ($src as $key => $value) { + $fname = $key[0] == '_' ? substr($key, 1) : $key; + $out[$fname] = get_input_value($key, $mode); } + + return $out; +} /** * Remove all non-ascii and non-word chars - * except . and - + * except ., -, _ + */ +function asciiwords($str, $css_id = false, $replace_with = '') +{ + $allowed = 'a-z0-9\_\-' . (!$css_id ? '\.' : ''); + return preg_replace("/[^$allowed]/i", $replace_with, $str); +} + +/** + * Convert the given string into a valid HTML identifier + * Same functionality as done in app.js with this.identifier_expr + * */ -function asciiwords($str) +function html_identifier($str) { - return preg_replace('/[^a-z0-9.-_]/i', '', $str); + return asciiwords($str, true, '_'); } /** @@ -1196,7 +739,7 @@ function asciiwords($str) */ function strip_quotes($str) { - return preg_replace('/[\'"]/', '', $str); + return str_replace(array("'", '"'), '', $str); } @@ -1212,32 +755,6 @@ function strip_newlines($str) } -/** - * Check if a specific template exists - * - * @param string Template name - * @return boolean True if template exists - */ -function template_exists($name) - { - global $CONFIG; - $skin_path = $CONFIG['skin_path']; - - // check template file - return is_file("$skin_path/templates/$name.html"); - } - - -/** - * Wrapper for rcmail_template::parse() - * @deprecated - */ -function parse_template($name='main', $exit=true) - { - $GLOBALS['OUTPUT']->parse($name, $exit); - } - - /** * Create a HTML table based on the given data * @@ -1249,65 +766,50 @@ function parse_template($name='main', $exit=true) */ function rcube_table_output($attrib, $table_data, $a_show_cols, $id_col) { - global $DB; + global $RCMAIL; - // allow the following attributes to be added to the tag - $attrib_str = create_attrib_string($attrib, array('style', 'class', 'id', 'cellpadding', 'cellspacing', 'border', 'summary')); - - $table = '\n"; + $table = new html_table(/*array('cols' => count($a_show_cols))*/); - // add table title - $table .= "\n"; - - foreach ($a_show_cols as $col) - $table .= '\n"; - - $table .= "\n\n"; + // add table header + if (!$attrib['noheader']) + foreach ($a_show_cols as $col) + $table->add_header($col, Q(rcube_label($col))); $c = 0; if (!is_array($table_data)) + { + $db = $RCMAIL->get_dbh(); + while ($table_data && ($sql_arr = $db->fetch_assoc($table_data))) { - while ($table_data && ($sql_arr = $DB->fetch_assoc($table_data))) - { - $zebra_class = $c%2 ? 'even' : 'odd'; - - $table .= sprintf(''."\n", $sql_arr[$id_col]); + $zebra_class = $c % 2 ? 'even' : 'odd'; + $table->add_row(array('id' => 'rcmrow' . html_identifier($sql_arr[$id_col]), 'class' => $zebra_class)); // format each col foreach ($a_show_cols as $col) - { - $cont = Q($sql_arr[$col]); - $table .= '\n"; - } - - $table .= "\n"; + $table->add($col, Q($sql_arr[$col])); + $c++; - } } + } else - { + { foreach ($table_data as $row_data) - { - $zebra_class = $c%2 ? 'even' : 'odd'; + { + $zebra_class = $c % 2 ? 'even' : 'odd'; + if (!empty($row_data['class'])) + $zebra_class .= ' '.$row_data['class']; - $table .= sprintf(''."\n", $row_data[$id_col]); + $table->add_row(array('id' => 'rcmrow' . html_identifier($row_data[$id_col]), 'class' => $zebra_class)); // format each col foreach ($a_show_cols as $col) - { - $cont = Q($row_data[$col]); - $table .= '\n"; - } - - $table .= "\n"; + $table->add($col, Q(is_array($row_data[$col]) ? $row_data[$col][0] : $row_data[$col])); + $c++; - } } + } - // complete message table - $table .= "
' . Q(rcube_label($col)) . "
' . $cont . "
' . $cont . "
\n"; - - return $table; + return $table->show($attrib); } @@ -1321,54 +823,42 @@ function rcube_table_output($attrib, $table_data, $a_show_cols, $id_col) * @return string HTML field definition */ function rcmail_get_edit_field($col, $value, $attrib, $type='text') - { +{ + static $colcounts = array(); + $fname = '_'.$col; - $attrib['name'] = $fname; + $attrib['name'] = $fname . ($attrib['array'] ? '[]' : ''); + $attrib['class'] = trim($attrib['class'] . ' ff_' . $col); - if ($type=='checkbox') - { + if ($type == 'checkbox') { $attrib['value'] = '1'; - $input = new checkbox($attrib); - } - else if ($type=='textarea') - { + $input = new html_checkbox($attrib); + } + else if ($type == 'textarea') { $attrib['cols'] = $attrib['size']; - $input = new textarea($attrib); - } - else - $input = new textfield($attrib); + $input = new html_textarea($attrib); + } + else if ($type == 'select') { + $input = new html_select($attrib); + $input->add('---', ''); + $input->add(array_values($attrib['options']), array_keys($attrib['options'])); + } + else { + if ($attrib['type'] != 'text' && $attrib['type'] != 'hidden') + $attrib['type'] = 'text'; + $input = new html_inputfield($attrib); + } // use value from post - if (!empty($_POST[$fname])) - $value = get_input_value($fname, RCUBE_INPUT_POST); - - $out = $input->show($value); - - return $out; + if (isset($_POST[$fname])) { + $postvalue = get_input_value($fname, RCUBE_INPUT_POST, true); + $value = $attrib['array'] ? $postvalue[intval($colcounts[$col]++)] : $postvalue; } + $out = $input->show($value); -/** - * Return the mail domain configured for the given host - * - * @param string IMAP host - * @return string Resolved SMTP host - */ -function rcmail_mail_domain($host) - { - global $CONFIG; - - $domain = $host; - if (is_array($CONFIG['mail_domain'])) - { - if (isset($CONFIG['mail_domain'][$host])) - $domain = $CONFIG['mail_domain'][$host]; - } - else if (!empty($CONFIG['mail_domain'])) - $domain = $CONFIG['mail_domain']; - - return $domain; - } + return $out; +} /** @@ -1379,21 +869,24 @@ function rcmail_mail_domain($host) * @param string Container ID to use as prefix * @return string Modified CSS source */ -function rcmail_mod_css_styles($source, $container_id, $base_url = '') +function rcmail_mod_css_styles($source, $container_id) { - $a_css_values = array(); $last_pos = 0; - + $replacements = new rcube_string_replacer; + // ignore the whole block if evil styles are detected - if (stristr($source, 'expression') || stristr($source, 'behavior')) - return ''; + $stripped = preg_replace('/[^a-z\(:;]/', '', rcmail_xss_entity_decode($source)); + if (preg_match('/expression|behavior|url\(|import[^a]/', $stripped)) + return '/* evil! */'; + + // remove css comments (sometimes used for some ugly hacks) + $source = preg_replace('!/\*(.+)\*/!Ums', '', $source); // cut out all contents between { and } while (($pos = strpos($source, '{', $last_pos)) && ($pos2 = strpos($source, '}', $pos))) { - $key = sizeof($a_css_values); - $a_css_values[$key] = substr($source, $pos+1, $pos2-($pos+1)); - $source = substr($source, 0, $pos+1) . "<>" . substr($source, $pos2, strlen($source)-$pos2); + $key = $replacements->add(substr($source, $pos+1, $pos2-($pos+1))); + $source = substr($source, 0, $pos+1) . $replacements->get_replacement($key) . substr($source, $pos2, strlen($source)-$pos2); $last_pos = $pos+2; } @@ -1402,44 +895,50 @@ function rcmail_mod_css_styles($source, $container_id, $base_url = '') $styles = preg_replace( array( '/(^\s*\s*$)/', - '/(^\s*|,\s*|\}\s*)([a-z0-9\._#][a-z0-9\.\-_]*)/im', - '/@import\s+(url\()?[\'"]?([^\)\'"]+)[\'"]?(\))?/ime', - '/<>/e', - "/$container_id\s+body/i" + '/(^\s*|,\s*|\}\s*)([a-z0-9\._#\*][a-z0-9\.\-_]*)/im', + '/'.preg_quote($container_id, '/').'\s+body/i', ), array( '', "\\1#$container_id \\2", - "sprintf(\"@import url('./bin/modcss.php?u=%s&c=%s')\", urlencode(make_absolute_url('\\2','$base_url')), urlencode($container_id))", - "\$a_css_values[\\1]", - "$container_id div.rcmBody" + $container_id, ), $source); + // put block contents back in + $styles = $replacements->resolve($styles); + return $styles; } + /** - * Try to autodetect operating system and find the correct line endings + * Decode escaped entities used by known XSS exploits. + * See http://downloads.securityfocus.com/vulnerabilities/exploits/26800.eml for examples * - * @return string The appropriate mail header delimiter + * @param string CSS content to decode + * @return string Decoded string */ -function rcmail_header_delm() +function rcmail_xss_entity_decode($content) { - global $CONFIG; - - // use the configured delimiter for headers - if (!empty($CONFIG['mail_header_delimiter'])) - return $CONFIG['mail_header_delimiter']; - else if (strtolower(substr(PHP_OS, 0, 3)=='win')) - return "\r\n"; - else if (strtolower(substr(PHP_OS, 0, 3)=='mac')) - return "\r\n"; - else - return "\n"; + $out = html_entity_decode(html_entity_decode($content)); + $out = preg_replace_callback('/\\\([0-9a-f]{4})/i', 'rcmail_xss_entity_decode_callback', $out); + $out = preg_replace('#/\*.*\*/#Um', '', $out); + return $out; } +/** + * preg_replace_callback callback for rcmail_xss_entity_decode_callback + * + * @param array matches result from preg_replace_callback + * @return string decoded entity + */ +function rcmail_xss_entity_decode_callback($matches) +{ + return chr(hexdec($matches[1])); +} + /** * Compose a valid attribute string for HTML tags * @@ -1468,17 +967,50 @@ function create_attrib_string($attrib, $allowed_attribs=array('id', 'class', 'st function parse_attrib_string($str) { $attrib = array(); - preg_match_all('/\s*([-_a-z]+)=(["\'])([^"]+)\2/Ui', stripslashes($str), $regs, PREG_SET_ORDER); + preg_match_all('/\s*([-_a-z]+)=(["\'])??(?(2)([^\2]*)\2|(\S+?))/Ui', stripslashes($str), $regs, PREG_SET_ORDER); // convert attributes to an associative array (name => value) - if ($regs) - foreach ($regs as $attr) - $attrib[strtolower($attr[1])] = $attr[3]; + if ($regs) { + foreach ($regs as $attr) { + $attrib[strtolower($attr[1])] = html_entity_decode($attr[3] . $attr[4]); + } + } return $attrib; } +/** + * Improved equivalent to strtotime() + * + * @param string Date string + * @return int + */ +function rcube_strtotime($date) +{ + // check for MS Outlook vCard date format YYYYMMDD + if (preg_match('/^([12][90]\d\d)([01]\d)(\d\d)$/', trim($date), $matches)) { + return mktime(0,0,0, intval($matches[2]), intval($matches[3]), intval($matches[1])); + } + else if (is_numeric($date)) + return $date; + + // support non-standard "GMTXXXX" literal + $date = preg_replace('/GMT\s*([+-][0-9]+)/', '\\1', $date); + + // if date parsing fails, we have a date in non-rfc format. + // remove token from the end and try again + while ((($ts = @strtotime($date)) === false) || ($ts < 0)) { + $d = explode(' ', $date); + array_pop($d); + if (!$d) break; + $date = implode(' ', $d); + } + + return $ts; +} + + /** * Convert the given date to a human readable form * This uses the date formatting properties from config @@ -1488,436 +1020,1354 @@ function parse_attrib_string($str) * @return string Formatted date string */ function format_date($date, $format=NULL) - { - global $CONFIG, $sess_user_lang; +{ + global $RCMAIL, $CONFIG; $ts = NULL; - - if (is_numeric($date)) - $ts = $date; - else if (!empty($date)) - $ts = @strtotime($date); - + + if (!empty($date)) + $ts = rcube_strtotime($date); + if (empty($ts)) return ''; - + // get user's timezone - $tz = $CONFIG['timezone']; - if ($CONFIG['dst_active']) - $tz++; + $tz = $RCMAIL->config->get_timezone(); // convert time to user's timezone $timestamp = $ts - date('Z', $ts) + ($tz * 3600); - + // get current timestamp in user's timezone $now = time(); // local time $now -= (int)date('Z'); // make GMT time $now += ($tz * 3600); // user's time $now_date = getdate($now); - $today_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday'], $now_date['year']); - $week_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday']-6, $now_date['year']); + $today_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday'], $now_date['year']); + $week_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday']-6, $now_date['year']); + + // define date format depending on current time + if (!$format) { + if ($CONFIG['prettydate'] && $timestamp > $today_limit && $timestamp < $now) { + $format = $CONFIG['date_today'] ? $CONFIG['date_today'] : 'H:i'; + $today = true; + } + else if ($CONFIG['prettydate'] && $timestamp > $week_limit && $timestamp < $now) + $format = $CONFIG['date_short'] ? $CONFIG['date_short'] : 'D H:i'; + else + $format = $CONFIG['date_long'] ? $CONFIG['date_long'] : 'd.m.Y H:i'; + } + + // strftime() format + if (preg_match('/%[a-z]+/i', $format)) { + $format = strftime($format, $timestamp); + return $today ? (rcube_label('today') . ' ' . $format) : $format; + } + + // parse format string manually in order to provide localized weekday and month names + // an alternative would be to convert the date() format string to fit with strftime() + $out = ''; + for($i=0; $i', preg_match('/[\(\)\<\>\\\.\[\]@,;:"]/', $name) ? '"'.addcslashes($name, '"').'"' : $name, trim($email)); + } + + return trim($email); +} + + +/** + * Return the mailboxlist in HTML + * + * @param array Named parameters + * @return string HTML code for the gui object + */ +function rcmail_mailbox_list($attrib) +{ + global $RCMAIL; + static $a_mailboxes; + + $attrib += array('maxlength' => 100, 'realnames' => false); + + // add some labels to client + $RCMAIL->output->add_label('purgefolderconfirm', 'deletemessagesconfirm'); + + $type = $attrib['type'] ? $attrib['type'] : 'ul'; + unset($attrib['type']); + + if ($type=='ul' && !$attrib['id']) + $attrib['id'] = 'rcmboxlist'; + + if (empty($attrib['folder_name'])) + $attrib['folder_name'] = '*'; + + // get mailbox list + $mbox_name = $RCMAIL->imap->get_mailbox_name(); + + // build the folders tree + if (empty($a_mailboxes)) { + // get mailbox list + $a_folders = $RCMAIL->imap->list_mailboxes('', $attrib['folder_name'], $attrib['folder_filter']); + $delimiter = $RCMAIL->imap->get_hierarchy_delimiter(); + $a_mailboxes = array(); + + foreach ($a_folders as $folder) + rcmail_build_folder_tree($a_mailboxes, $folder, $delimiter); + } + + // allow plugins to alter the folder tree or to localize folder names + $hook = $RCMAIL->plugins->exec_hook('render_mailboxlist', array('list' => $a_mailboxes, 'delimiter' => $delimiter)); + + if ($type == 'select') { + $select = new html_select($attrib); + + // add no-selection option + if ($attrib['noselection']) + $select->add(rcube_label($attrib['noselection']), ''); + + rcmail_render_folder_tree_select($hook['list'], $mbox_name, $attrib['maxlength'], $select, $attrib['realnames']); + $out = $select->show(); + } + else { + $js_mailboxlist = array(); + $out = html::tag('ul', $attrib, rcmail_render_folder_tree_html($hook['list'], $mbox_name, $js_mailboxlist, $attrib), html::$common_attrib); + + $RCMAIL->output->add_gui_object('mailboxlist', $attrib['id']); + $RCMAIL->output->set_env('mailboxes', $js_mailboxlist); + $RCMAIL->output->set_env('collapsed_folders', (string)$RCMAIL->config->get('collapsed_folders')); + } + + return $out; +} + + +/** + * Return the mailboxlist as html_select object + * + * @param array Named parameters + * @return html_select HTML drop-down object + */ +function rcmail_mailbox_select($p = array()) +{ + global $RCMAIL; + + $p += array('maxlength' => 100, 'realnames' => false); + $a_mailboxes = array(); + + if (empty($p['folder_name'])) + $p['folder_name'] = '*'; + + if ($p['unsubscribed']) + $list = $RCMAIL->imap->list_unsubscribed('', $p['folder_name'], $p['folder_filter']); + else + $list = $RCMAIL->imap->list_mailboxes('', $p['folder_name'], $p['folder_filter']); + + $delimiter = $RCMAIL->imap->get_hierarchy_delimiter(); + + foreach ($list as $folder) { + if (empty($p['exceptions']) || !in_array($folder, $p['exceptions'])) + rcmail_build_folder_tree($a_mailboxes, $folder, $delimiter); + } + + $select = new html_select($p); + + if ($p['noselection']) + $select->add($p['noselection'], ''); + + rcmail_render_folder_tree_select($a_mailboxes, $mbox, $p['maxlength'], $select, $p['realnames'], 0, $p['exceptions']); + + return $select; +} + + +/** + * Create a hierarchical array of the mailbox list + * @access private + * @return void + */ +function rcmail_build_folder_tree(&$arrFolders, $folder, $delm='/', $path='') +{ + global $RCMAIL; + + // Handle namespace prefix + $prefix = ''; + if (!$path) { + $n_folder = $folder; + $folder = $RCMAIL->imap->mod_mailbox($folder); + + if ($n_folder != $folder) { + $prefix = substr($n_folder, 0, -strlen($folder)); + } + } + + $pos = strpos($folder, $delm); + + if ($pos !== false) { + $subFolders = substr($folder, $pos+1); + $currentFolder = substr($folder, 0, $pos); + + // sometimes folder has a delimiter as the last character + if (!strlen($subFolders)) + $virtual = false; + else if (!isset($arrFolders[$currentFolder])) + $virtual = true; + else + $virtual = $arrFolders[$currentFolder]['virtual']; + } + else { + $subFolders = false; + $currentFolder = $folder; + $virtual = false; + } + + $path .= $prefix.$currentFolder; + + if (!isset($arrFolders[$currentFolder])) { + // Check \Noselect option (if options are in cache) + if (!$virtual && ($opts = $RCMAIL->imap->mailbox_options($path))) { + $virtual = in_array('\\Noselect', $opts); + } + + $arrFolders[$currentFolder] = array( + 'id' => $path, + 'name' => rcube_charset_convert($currentFolder, 'UTF7-IMAP'), + 'virtual' => $virtual, + 'folders' => array()); + } + else + $arrFolders[$currentFolder]['virtual'] = $virtual; + + if (strlen($subFolders)) + rcmail_build_folder_tree($arrFolders[$currentFolder]['folders'], $subFolders, $delm, $path.$delm); +} + + +/** + * Return html for a structured list <ul> for the mailbox tree + * @access private + * @return string + */ +function rcmail_render_folder_tree_html(&$arrFolders, &$mbox_name, &$jslist, $attrib, $nestLevel=0) +{ + global $RCMAIL, $CONFIG; + + $maxlength = intval($attrib['maxlength']); + $realnames = (bool)$attrib['realnames']; + $msgcounts = $RCMAIL->imap->get_cache('messagecount'); + + $idx = 0; + $out = ''; + foreach ($arrFolders as $key => $folder) { + $zebra_class = (($nestLevel+1)*$idx) % 2 == 0 ? 'even' : 'odd'; + $title = null; + + if (($folder_class = rcmail_folder_classname($folder['id'])) && !$realnames) { + $foldername = rcube_label($folder_class); + } + else { + $foldername = $folder['name']; + + // shorten the folder name to a given length + if ($maxlength && $maxlength > 1) { + $fname = abbreviate_string($foldername, $maxlength); + if ($fname != $foldername) + $title = $foldername; + $foldername = $fname; + } + } + + // make folder name safe for ids and class names + $folder_id = html_identifier($folder['id']); + $classes = array('mailbox'); + + // set special class for Sent, Drafts, Trash and Junk + if ($folder['id'] == $CONFIG['sent_mbox']) + $classes[] = 'sent'; + else if ($folder['id'] == $CONFIG['drafts_mbox']) + $classes[] = 'drafts'; + else if ($folder['id'] == $CONFIG['trash_mbox']) + $classes[] = 'trash'; + else if ($folder['id'] == $CONFIG['junk_mbox']) + $classes[] = 'junk'; + else if ($folder['id'] == 'INBOX') + $classes[] = 'inbox'; + else + $classes[] = '_'.asciiwords($folder_class ? $folder_class : strtolower($folder['id']), true); + + $classes[] = $zebra_class; + + if ($folder['id'] == $mbox_name) + $classes[] = 'selected'; + + $collapsed = strpos($CONFIG['collapsed_folders'], '&'.rawurlencode($folder['id']).'&') !== false; + $unread = $msgcounts ? intval($msgcounts[$folder['id']]['UNSEEN']) : 0; + + if ($folder['virtual']) + $classes[] = 'virtual'; + else if ($unread) + $classes[] = 'unread'; + + $js_name = JQ($folder['id']); + $html_name = Q($foldername) . ($unread ? html::span('unreadcount', " ($unread)") : ''); + $link_attrib = $folder['virtual'] ? array() : array( + 'href' => rcmail_url('', array('_mbox' => $folder['id'])), + 'onclick' => sprintf("return %s.command('list','%s',this)", JS_OBJECT_NAME, $js_name), + 'rel' => $folder['id'], + 'title' => $title, + ); + + $out .= html::tag('li', array( + 'id' => "rcmli".$folder_id, + 'class' => join(' ', $classes), + 'noclose' => true), + html::a($link_attrib, $html_name) . + (!empty($folder['folders']) ? html::div(array( + 'class' => ($collapsed ? 'collapsed' : 'expanded'), + 'style' => "position:absolute", + 'onclick' => sprintf("%s.command('collapse-folder', '%s')", JS_OBJECT_NAME, $js_name) + ), ' ') : '')); + + $jslist[$folder_id] = array('id' => $folder['id'], 'name' => $foldername, 'virtual' => $folder['virtual']); + + if (!empty($folder['folders'])) { + $out .= html::tag('ul', array('style' => ($collapsed ? "display:none;" : null)), + rcmail_render_folder_tree_html($folder['folders'], $mbox_name, $jslist, $attrib, $nestLevel+1)); + } + + $out .= "\n"; + $idx++; + } + + return $out; +} + + +/** + * Return html for a flat list for the mailbox tree - * @access private - */ -function rcmail_render_folder_tree_select(&$arrFolders, &$mbox_name, $maxlength, $nestLevel=0) - { - global $IMAP, $OUTPUT; + if (function_exists('apc_fetch')) { + $status = apc_fetch($prefix . $params['name']); - $idx = 0; - $out = ''; - foreach ($arrFolders as $key=>$folder) - { - if ($folder_class = rcmail_folder_classname($folder['id'])) - $foldername = rcube_label($folder_class); - else - { - $foldername = $folder['name']; - - // shorten the folder name to a given length - if ($maxlength && $maxlength>1) - $foldername = abbreviate_string($foldername, $maxlength); - } + if (!empty($status)) { + $status['percent'] = round($status['current']/$status['total']*100); + $params = array_merge($status, $params); + } + } - $out .= sprintf(''."\n", - htmlspecialchars($folder['id']), - str_repeat(' ', $nestLevel*4), - Q($foldername)); + if (isset($params['percent'])) + $params['text'] = rcube_label(array('name' => 'uploadprogress', 'vars' => array( + 'percent' => $params['percent'] . '%', + 'current' => show_bytes($params['current']), + 'total' => show_bytes($params['total']) + ))); - if (!empty($folder['folders'])) - $out .= rcmail_render_folder_tree_select($folder['folders'], $mbox_name, $maxlength, $nestLevel+1); + $RCMAIL->output->command('upload_progress_update', $params); + $RCMAIL->output->send(); +} - $idx++; - } +function rcube_upload_init() +{ + global $RCMAIL; - return $out; - } + // Enable upload progress bar + if (($seconds = $RCMAIL->config->get('upload_progress')) && ini_get('apc.rfc1867')) { + if ($field_name = ini_get('apc.rfc1867_name')) { + $RCMAIL->output->set_env('upload_progress_name', $field_name); + $RCMAIL->output->set_env('upload_progress_time', (int) $seconds); + } + } + // find max filesize value + $max_filesize = parse_bytes(ini_get('upload_max_filesize')); + $max_postsize = parse_bytes(ini_get('post_max_size')); + if ($max_postsize && $max_postsize < $max_filesize) + $max_filesize = $max_postsize; -/** - * Return internal name for the given folder if it matches the configured special folders - * @access private - */ -function rcmail_folder_classname($folder_id) -{ - global $CONFIG; + $RCMAIL->output->set_env('max_filesize', $max_filesize); + $max_filesize = show_bytes($max_filesize); + $RCMAIL->output->set_env('filesizeerror', rcube_label(array( + 'name' => 'filesizeerror', 'vars' => array('size' => $max_filesize)))); - $cname = null; - $folder_lc = strtolower($folder_id); - - // for these mailboxes we have localized labels and css classes - foreach (array('inbox', 'sent', 'drafts', 'trash', 'junk') as $smbx) - { - if ($folder_lc == $smbx || $folder_id == $CONFIG[$smbx.'_mbox']) - $cname = $smbx; - } - - return $cname; + return $max_filesize; } - /** - * Try to localize the given IMAP folder name. - * UTF-7 decode it in case no localized text was found - * - * @param string Folder name - * @return string Localized folder name in UTF-8 encoding + * Initializes client-side autocompletion */ -function rcmail_localize_foldername($name) +function rcube_autocomplete_init() { - if ($folder_class = rcmail_folder_classname($name)) - return rcube_label($folder_class); - else - return rcube_charset_convert($name, 'UTF-7'); -} + global $RCMAIL; + static $init; + + if ($init) + return; + $init = 1; -?> + if (($threads = (int)$RCMAIL->config->get('autocomplete_threads')) > 0) { + $book_types = (array) $RCMAIL->config->get('autocomplete_addressbooks', 'sql'); + if (count($book_types) > 1) { + $RCMAIL->output->set_env('autocomplete_threads', $threads); + $RCMAIL->output->set_env('autocomplete_sources', $book_types); + } + } + + $RCMAIL->output->set_env('autocomplete_max', (int)$RCMAIL->config->get('autocomplete_max', 15)); + $RCMAIL->output->set_env('autocomplete_min_length', $RCMAIL->config->get('autocomplete_min_length')); + $RCMAIL->output->add_label('autocompletechars'); +}