X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=program%2Finclude%2Fmain.inc;h=76db5670aa11e786cffe730a6fa08854ad81b421;hb=07e1de2dcd3f3ff8910a3680493f035b3c693cf0;hp=4c6ddffb272f764ef910c769af61dcbc4258c944;hpb=162c8d010934c01433e8125382fb493712575198;p=roundcube.git diff --git a/program/include/main.inc b/program/include/main.inc index 4c6ddff..76db567 100644 --- a/program/include/main.inc +++ b/program/include/main.inc @@ -4,8 +4,8 @@ +-----------------------------------------------------------------------+ | program/include/main.inc | | | - | This file is part of the RoundCube Webmail client | - | Copyright (C) 2005-2009, RoundCube Dev, - Switzerland | + | This file is part of the Roundcube Webmail client | + | Copyright (C) 2005-2009, Roundcube Dev, - Switzerland | | Licensed under the GNU GPL | | | | PURPOSE: | @@ -15,12 +15,12 @@ | Author: Thomas Bruederli | +-----------------------------------------------------------------------+ - $Id: main.inc 2483 2009-05-15 10:22:29Z thomasb $ + $Id: main.inc 4568 2011-02-24 12:12:09Z alec $ */ /** - * RoundCube Webmail common functions + * Roundcube Webmail common functions * * @package Core * @author Thomas Bruederli @@ -65,7 +65,7 @@ function get_table_name($table) */ function get_sequence_name($sequence) { - // return table name if configured + // return sequence name if configured $config_key = 'db_sequence_'.$sequence; $opt = rcmail::get_instance()->config->get($config_key); @@ -84,9 +84,9 @@ function get_sequence_name($sequence) * @return string Localized text * @see rcmail::gettext() */ -function rcube_label($p) +function rcube_label($p, $domain=null) { - return rcmail::get_instance()->gettext($p); + return rcmail::get_instance()->gettext($p, $domain); } @@ -124,7 +124,9 @@ function rcmail_url($action, $p=array(), $task=null) */ function rcmail_temp_gc() { - $tmp = unslashify($CONFIG['temp_dir']); + $rcmail = rcmail::get_instance(); + + $tmp = unslashify($rcmail->config->get('temp_dir')); $expire = mktime() - 172800; // expire in 48 hours if ($dir = opendir($tmp)) @@ -146,6 +148,7 @@ function rcmail_temp_gc() /** * Garbage collector for cache entries. * Remove all expired message cache records + * @return void */ function rcmail_cache_gc() { @@ -163,6 +166,18 @@ function rcmail_cache_gc() } +/** + * Catch an error and throw an exception. + * + * @param int Level of the error + * @param string Error message + */ +function rcube_error_handler($errno, $errstr) + { + throw new ErrorException($errstr, 0, $errno); + } + + /** * Convert a string from one charset to another. * Uses mbstring and iconv functions if possible @@ -170,60 +185,61 @@ function rcmail_cache_gc() * @param string Input string * @param string Suspected charset of the input string * @param string Target charset to convert to; defaults to RCMAIL_CHARSET - * @return Converted string + * @return string Converted string */ function rcube_charset_convert($str, $from, $to=NULL) { + static $iconv_options = null; static $mbstring_loaded = null; static $mbstring_list = null; static $convert_warning = false; + static $conv = null; - $from = strtoupper($from); - $to = $to==NULL ? strtoupper(RCMAIL_CHARSET) : strtoupper($to); - $error = false; $conv = null; + $error = false; - # RFC1642 - if ($from == 'UNICODE-1-1-UTF-7') - $from = 'UTF-7'; - if ($to == 'UNICODE-1-1-UTF-7') - $to = 'UTF-7'; + $to = empty($to) ? strtoupper(RCMAIL_CHARSET) : rcube_parse_charset($to); + $from = rcube_parse_charset($from); if ($from == $to || empty($str) || empty($from)) return $str; - - $aliases = array( - 'US-ASCII' => 'ISO-8859-1', - 'ANSI_X3.110-1983' => 'ISO-8859-1', - 'ANSI_X3.4-1968' => 'ISO-8859-1', - 'UNKNOWN-8BIT' => 'ISO-8859-15', - 'X-UNKNOWN' => 'ISO-8859-15', - 'X-USER-DEFINED' => 'ISO-8859-15', - 'ISO-8859-8-I' => 'ISO-8859-8', - 'KS_C_5601-1987' => 'EUC-KR', - ); - // convert charset using iconv module - if (function_exists('iconv') && $from != 'UTF-7' && $to != 'UTF-7') { - $aliases['GB2312'] = 'GB18030'; - $_iconv = iconv(($aliases[$from] ? $aliases[$from] : $from), ($aliases[$to] ? $aliases[$to] : $to) . "//IGNORE", $str); + // convert charset using iconv module + if (function_exists('iconv') && $from != 'UTF7-IMAP' && $to != 'UTF7-IMAP') { + if ($iconv_options === null) { + // ignore characters not available in output charset + $iconv_options = '//IGNORE'; + if (iconv('', $iconv_options, '') === false) { + // iconv implementation does not support options + $iconv_options = ''; + } + } + + // throw an exception if iconv reports an illegal character in input + // it means that input string has been truncated + set_error_handler('rcube_error_handler', E_NOTICE); + try { + $_iconv = iconv($from, $to . $iconv_options, $str); + } catch (ErrorException $e) { + $_iconv = false; + } + restore_error_handler(); if ($_iconv !== false) { - return $_iconv; + return $_iconv; } } - if (is_null($mbstring_loaded)) + if ($mbstring_loaded === null) $mbstring_loaded = extension_loaded('mbstring'); // convert charset using mbstring module if ($mbstring_loaded) { - $aliases['UTF-7'] = 'UTF7-IMAP'; $aliases['WINDOWS-1257'] = 'ISO-8859-13'; - if (is_null($mbstring_list)) { + if ($mbstring_list === null) { $mbstring_list = mb_list_encodings(); $mbstring_list = array_map('strtoupper', $mbstring_list); } - + $mb_from = $aliases[$from] ? $aliases[$from] : $from; $mb_to = $aliases[$to] ? $aliases[$to] : $to; @@ -234,59 +250,269 @@ function rcube_charset_convert($str, $from, $to=NULL) } } - # try to convert with custom classes - if (class_exists('utf8')) - $conv = new utf8(); - - // convert string to UTF-8 - if ($from == 'UTF-7') { - if ($_str = utf7_to_utf8($str)) - $str = $_str; - else - $error = true; - } - else if (($from == 'ISO-8859-1') && function_exists('utf8_encode')) { - $str = utf8_encode($str); - } - else if ($from != 'UTF-8' && $conv) { - $conv->loadCharset($from); - $str = $conv->strToUtf8($str); - } - else if ($from != 'UTF-8') + // convert charset using bundled classes/functions + if ($to == 'UTF-8') { + if ($from == 'UTF7-IMAP') { + if ($_str = utf7_to_utf8($str)) + return $_str; + } + else if ($from == 'UTF-7') { + if ($_str = rcube_utf7_to_utf8($str)) + return $_str; + } + else if (($from == 'ISO-8859-1') && function_exists('utf8_encode')) { + return utf8_encode($str); + } + else if (class_exists('utf8')) { + if (!$conv) + $conv = new utf8($from); + else + $conv->loadCharset($from); + + if($_str = $conv->strToUtf8($str)) + return $_str; + } $error = true; - - // encode string for output - if ($to == 'UTF-7') { - return utf8_to_utf7($str); - } - else if ($to == 'ISO-8859-1' && function_exists('utf8_decode')) { - return utf8_decode($str); } - else if ($to != 'UTF-8' && $conv) { - $conv->loadCharset($to); - return $conv->utf8ToStr($str); - } - else if ($to != 'UTF-8') { + + // encode string for output + if ($from == 'UTF-8') { + // @TODO: we need a function for UTF-7 (RFC2152) conversion + if ($to == 'UTF7-IMAP' || $to == 'UTF-7') { + if ($_str = utf8_to_utf7($str)) + return $_str; + } + else if ($to == 'ISO-8859-1' && function_exists('utf8_decode')) { + return utf8_decode($str); + } + else if (class_exists('utf8')) { + if (!$conv) + $conv = new utf8($to); + else + $conv->loadCharset($from); + + if ($_str = $conv->strToUtf8($str)) + return $_str; + } $error = true; } // report error - if ($error && !$convert_warning){ + if ($error && !$convert_warning) { raise_error(array( 'code' => 500, 'type' => 'php', 'file' => __FILE__, - 'message' => "Could not convert string from $from to $to. Make sure iconv is installed or lib/utf8.class is available" + 'line' => __LINE__, + 'message' => "Could not convert string from $from to $to. Make sure iconv/mbstring is installed or lib/utf8.class is available." ), true, false); $convert_warning = true; } - // return UTF-8 string + // return UTF-8 or original string return $str; } +/** + * Parse and validate charset name string (see #1485758). + * Sometimes charset string is malformed, there are also charset aliases + * but we need strict names for charset conversion (specially utf8 class) + * + * @param string Input charset name + * @return string The validated charset name + */ +function rcube_parse_charset($input) + { + static $charsets = array(); + $charset = strtoupper($input); + + if (isset($charsets[$input])) + return $charsets[$input]; + + $charset = preg_replace(array( + '/^[^0-9A-Z]+/', // e.g. _ISO-8859-JP$SIO + '/\$.*$/', // e.g. _ISO-8859-JP$SIO + '/UNICODE-1-1-*/', // RFC1641/1642 + '/^X-/', // X- prefix (e.g. X-ROMAN8 => ROMAN8) + ), '', $charset); + + if ($charset == 'BINARY') + return $charsets[$input] = null; + + # Aliases: some of them from HTML5 spec. + $aliases = array( + 'USASCII' => 'WINDOWS-1252', + 'ANSIX31101983' => 'WINDOWS-1252', + 'ANSIX341968' => 'WINDOWS-1252', + 'UNKNOWN8BIT' => 'ISO-8859-15', + 'UNKNOWN' => 'ISO-8859-15', + 'USERDEFINED' => 'ISO-8859-15', + 'KSC56011987' => 'EUC-KR', + 'GB2312' => 'GBK', + 'GB231280' => 'GBK', + 'UNICODE' => 'UTF-8', + 'UTF7IMAP' => 'UTF7-IMAP', + 'TIS620' => 'WINDOWS-874', + 'ISO88599' => 'WINDOWS-1254', + 'ISO885911' => 'WINDOWS-874', + 'MACROMAN' => 'MACINTOSH', + '77' => 'MAC', + '128' => 'SHIFT-JIS', + '129' => 'CP949', + '130' => 'CP1361', + '134' => 'GBK', + '136' => 'BIG5', + '161' => 'WINDOWS-1253', + '162' => 'WINDOWS-1254', + '163' => 'WINDOWS-1258', + '177' => 'WINDOWS-1255', + '178' => 'WINDOWS-1256', + '186' => 'WINDOWS-1257', + '204' => 'WINDOWS-1251', + '222' => 'WINDOWS-874', + '238' => 'WINDOWS-1250', + 'MS950' => 'CP950', + 'WINDOWS949' => 'UHC', + ); + + // allow A-Z and 0-9 only + $str = preg_replace('/[^A-Z0-9]/', '', $charset); + + if (isset($aliases[$str])) + $result = $aliases[$str]; + // UTF + else if (preg_match('/U[A-Z][A-Z](7|8|16|32)(BE|LE)*/', $str, $m)) + $result = 'UTF-' . $m[1] . $m[2]; + // ISO-8859 + else if (preg_match('/ISO8859([0-9]{0,2})/', $str, $m)) { + $iso = 'ISO-8859-' . ($m[1] ? $m[1] : 1); + // some clients sends windows-1252 text as latin1, + // it is safe to use windows-1252 for all latin1 + $result = $iso == 'ISO-8859-1' ? 'WINDOWS-1252' : $iso; + } + // handle broken charset names e.g. WINDOWS-1250HTTP-EQUIVCONTENT-TYPE + else if (preg_match('/(WIN|WINDOWS)([0-9]+)/', $str, $m)) { + $result = 'WINDOWS-' . $m[2]; + } + // LATIN + else if (preg_match('/LATIN(.*)/', $str, $m)) { + $aliases = array('2' => 2, '3' => 3, '4' => 4, '5' => 9, '6' => 10, + '7' => 13, '8' => 14, '9' => 15, '10' => 16, + 'ARABIC' => 6, 'CYRILLIC' => 5, 'GREEK' => 7, 'GREEK1' => 7, 'HEBREW' => 8); + + // some clients sends windows-1252 text as latin1, + // it is safe to use windows-1252 for all latin1 + if ($m[1] == 1) { + $result = 'WINDOWS-1252'; + } + // if iconv is not supported we need ISO labels, it's also safe for iconv + else if (!empty($aliases[$m[1]])) { + $result = 'ISO-8859-'.$aliases[$m[1]]; + } + // iconv requires convertion of e.g. LATIN-1 to LATIN1 + else { + $result = $str; + } + } + else { + $result = $charset; + } + + $charsets[$input] = $result; + + return $result; + } + + +/** + * Converts string from standard UTF-7 (RFC 2152) to UTF-8. + * + * @param string Input string + * @return string The converted string + */ +function rcube_utf7_to_utf8($str) +{ + $Index_64 = array( + 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, + 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0, + 0,0,0,0, 0,0,0,0, 0,0,0,1, 0,0,0,0, + 1,1,1,1, 1,1,1,1, 1,1,0,0, 0,0,0,0, + 0,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, + 1,1,1,1, 1,1,1,1, 1,1,1,0, 0,0,0,0, + 0,1,1,1, 1,1,1,1, 1,1,1,1, 1,1,1,1, + 1,1,1,1, 1,1,1,1, 1,1,1,0, 0,0,0,0, + ); + + $u7len = strlen($str); + $str = strval($str); + $res = ''; + + for ($i=0; $u7len > 0; $i++, $u7len--) + { + $u7 = $str[$i]; + if ($u7 == '+') + { + $i++; + $u7len--; + $ch = ''; + + for (; $u7len > 0; $i++, $u7len--) + { + $u7 = $str[$i]; + + if (!$Index_64[ord($u7)]) + break; + + $ch .= $u7; + } + + if ($ch == '') { + if ($u7 == '-') + $res .= '+'; + continue; + } + + $res .= rcube_utf16_to_utf8(base64_decode($ch)); + } + else + { + $res .= $u7; + } + } + + return $res; +} + +/** + * Converts string from UTF-16 to UTF-8 (helper for utf-7 to utf-8 conversion) + * + * @param string Input string + * @return string The converted string + */ +function rcube_utf16_to_utf8($str) +{ + $len = strlen($str); + $dec = ''; + + for ($i = 0; $i < $len; $i += 2) { + $c = ord($str[$i]) << 8 | ord($str[$i + 1]); + if ($c >= 0x0001 && $c <= 0x007F) { + $dec .= chr($c); + } else if ($c > 0x07FF) { + $dec .= chr(0xE0 | (($c >> 12) & 0x0F)); + $dec .= chr(0x80 | (($c >> 6) & 0x3F)); + $dec .= chr(0x80 | (($c >> 0) & 0x3F)); + } else { + $dec .= chr(0xC0 | (($c >> 6) & 0x1F)); + $dec .= chr(0x80 | (($c >> 0) & 0x3F)); + } + } + return $dec; +} + + /** * Replacing specials characters to a specific encoding type * @@ -294,33 +520,23 @@ function rcube_charset_convert($str, $from, $to=NULL) * @param string Encoding type: text|html|xml|js|url * @param string Replace mode for tags: show|replace|remove * @param boolean Convert newlines - * @return The quoted string + * @return string The quoted string */ function rep_specialchars_output($str, $enctype='', $mode='', $newlines=TRUE) { - global $OUTPUT; static $html_encode_arr = false; static $js_rep_table = false; static $xml_rep_table = false; - $charset = $OUTPUT->get_charset(); - $is_iso_8859_1 = false; - if ($charset == 'ISO-8859-1') { - $is_iso_8859_1 = true; - } if (!$enctype) $enctype = $OUTPUT->type; - // encode for plaintext - if ($enctype=='text') - return str_replace("\r\n", "\n", $mode=='remove' ? strip_tags($str) : $str); - // encode for HTML output if ($enctype=='html') { if (!$html_encode_arr) { - $html_encode_arr = get_html_translation_table(HTML_SPECIALCHARS); + $html_encode_arr = get_html_translation_table(HTML_SPECIALCHARS); unset($html_encode_arr['?']); } @@ -337,16 +553,15 @@ function rep_specialchars_output($str, $enctype='', $mode='', $newlines=TRUE) } else if ($mode=='remove') $str = strip_tags($str); - + + $out = strtr($str, $encode_arr); + // avoid douple quotation of & - $out = preg_replace('/&([A-Za-z]{2,6}|#[0-9]{2,4});/', '&\\1;', strtr($str, $encode_arr)); - + $out = preg_replace('/&([A-Za-z]{2,6}|#[0-9]{2,4});/', '&\\1;', $out); + return $newlines ? nl2br($out) : $out; } - if ($enctype=='url') - return rawurlencode($str); - // if the replace tables for XML and JS are not yet defined if ($js_rep_table===false) { @@ -354,31 +569,31 @@ function rep_specialchars_output($str, $enctype='', $mode='', $newlines=TRUE) $xml_rep_table['&'] = '&'; for ($c=160; $c<256; $c++) // can be increased to support more charsets - { - $xml_rep_table[Chr($c)] = "&#$c;"; - - if ($is_iso_8859_1) - $js_rep_table[Chr($c)] = sprintf("\\u%04x", $c); - } + $xml_rep_table[chr($c)] = "&#$c;"; $xml_rep_table['"'] = '"'; $js_rep_table['"'] = '\\"'; $js_rep_table["'"] = "\\'"; $js_rep_table["\\"] = "\\\\"; + // Unicode line and paragraph separators (#1486310) + $js_rep_table[chr(hexdec(E2)).chr(hexdec(80)).chr(hexdec(A8))] = '
'; + $js_rep_table[chr(hexdec(E2)).chr(hexdec(80)).chr(hexdec(A9))] = '
'; } - // encode for XML - if ($enctype=='xml') - return strtr($str, $xml_rep_table); - // encode for javascript use if ($enctype=='js') - { - if ($charset!='UTF-8') - $str = rcube_charset_convert($str, RCMAIL_CHARSET,$charset); - return preg_replace(array("/\r?\n/", "/\r/", '/<\\//'), array('\n', '\n', '<\\/'), strtr($str, $js_rep_table)); - } + + // encode for plaintext + if ($enctype=='text') + return str_replace("\r\n", "\n", $mode=='remove' ? strip_tags($str) : $str); + + if ($enctype=='url') + return rawurlencode($str); + + // encode for XML + if ($enctype=='xml') + return strtr($str, $xml_rep_table); // no encoding given -> return original string return $str; @@ -420,8 +635,7 @@ function JQ($str) * @return string Field value or NULL if not available */ function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL) - { - global $OUTPUT; +{ $value = NULL; if ($source==RCUBE_INPUT_GET && isset($_GET[$fname])) @@ -437,7 +651,32 @@ function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL) else if (isset($_COOKIE[$fname])) $value = $_COOKIE[$fname]; } - + + return parse_input_value($value, $allow_html, $charset); +} + +/** + * Parse/validate input value. See get_input_value() + * Performs stripslashes() and charset conversion if necessary + * + * @param string Input value + * @param boolean Allow HTML tags in field value + * @param string Charset to convert into + * @return string Parsed value + */ +function parse_input_value($value, $allow_html=FALSE, $charset=NULL) +{ + global $OUTPUT; + + if (empty($value)) + return $value; + + if (is_array($value)) { + foreach ($value as $idx => $val) + $value[$idx] = parse_input_value($val, $allow_html, $charset); + return $value; + } + // strip single quotes if magic_quotes_sybase is enabled if (ini_get('magic_quotes_sybase')) $value = str_replace("''", "'", $value); @@ -450,20 +689,39 @@ function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL) $value = strip_tags($value); // convert to internal charset - if (is_object($OUTPUT)) + if (is_object($OUTPUT) && $charset) return rcube_charset_convert($value, $OUTPUT->get_charset(), $charset); else return $value; +} + +/** + * Convert array of request parameters (prefixed with _) + * to a regular array with non-prefixed keys. + * + * @param int Source to get value from (GPC) + * @return array Hash array with all request parameters + */ +function request2param($mode = RCUBE_INPUT_GPC) +{ + $out = array(); + $src = $mode == RCUBE_INPUT_GET ? $_GET : ($mode == RCUBE_INPUT_POST ? $_POST : $_REQUEST); + foreach ($src as $key => $value) { + $fname = $key[0] == '_' ? substr($key, 1) : $key; + $out[$fname] = get_input_value($key, $mode); } + + return $out; +} /** * Remove all non-ascii and non-word chars - * except . and - + * except ., -, _ */ -function asciiwords($str, $css_id = false) +function asciiwords($str, $css_id = false, $replace_with = '') { $allowed = 'a-z0-9\_\-' . (!$css_id ? '\.' : ''); - return preg_replace("/[^$allowed]/i", '', $str); + return preg_replace("/[^$allowed]/i", $replace_with, $str); } /** @@ -474,7 +732,7 @@ function asciiwords($str, $css_id = false) */ function strip_quotes($str) { - return preg_replace('/[\'"]/', '', $str); + return str_replace(array("'", '"'), '', $str); } @@ -506,8 +764,9 @@ function rcube_table_output($attrib, $table_data, $a_show_cols, $id_col) $table = new html_table(/*array('cols' => count($a_show_cols))*/); // add table header - foreach ($a_show_cols as $col) - $table->add_header($col, Q(rcube_label($col))); + if (!$attrib['noheader']) + foreach ($a_show_cols as $col) + $table->add_header($col, Q(rcube_label($col))); $c = 0; if (!is_array($table_data)) @@ -516,7 +775,7 @@ function rcube_table_output($attrib, $table_data, $a_show_cols, $id_col) while ($table_data && ($sql_arr = $db->fetch_assoc($table_data))) { $zebra_class = $c % 2 ? 'even' : 'odd'; - $table->add_row(array('id' => 'rcmrow' . $sql_arr[$id_col], 'class' => "contact $zebra_class")); + $table->add_row(array('id' => 'rcmrow' . $sql_arr[$id_col], 'class' => $zebra_class)); // format each col foreach ($a_show_cols as $col) @@ -530,7 +789,10 @@ function rcube_table_output($attrib, $table_data, $a_show_cols, $id_col) foreach ($table_data as $row_data) { $zebra_class = $c % 2 ? 'even' : 'odd'; - $table->add_row(array('id' => 'rcmrow' . $row_data[$id_col], 'class' => "contact $zebra_class")); + if (!empty($row_data['class'])) + $zebra_class .= ' '.$row_data['class']; + + $table->add_row(array('id' => 'rcmrow' . $row_data[$id_col], 'class' => $zebra_class)); // format each col foreach ($a_show_cols as $col) @@ -594,12 +856,15 @@ function rcmail_mod_css_styles($source, $container_id) { $last_pos = 0; $replacements = new rcube_string_replacer; - + // ignore the whole block if evil styles are detected - $stripped = preg_replace('/[^a-z\(:]/', '', rcmail_xss_entitiy_decode($source)); - if (preg_match('/expression|behavior|url\(|import/', $stripped)) + $stripped = preg_replace('/[^a-z\(:;]/', '', rcmail_xss_entity_decode($source)); + if (preg_match('/expression|behavior|url\(|import[^a]/', $stripped)) return '/* evil! */'; + // remove css comments (sometimes used for some ugly hacks) + $source = preg_replace('!/\*(.+)\*/!Ums', '', $source); + // cut out all contents between { and } while (($pos = strpos($source, '{', $last_pos)) && ($pos2 = strpos($source, '}', $pos))) { @@ -607,22 +872,22 @@ function rcmail_mod_css_styles($source, $container_id) $source = substr($source, 0, $pos+1) . $replacements->get_replacement($key) . substr($source, $pos2, strlen($source)-$pos2); $last_pos = $pos+2; } - + // remove html comments and add #container to each tag selector. // also replace body definition because we also stripped off the tag $styles = preg_replace( array( '/(^\s*\s*$)/', - '/(^\s*|,\s*|\}\s*)([a-z0-9\._#][a-z0-9\.\-_]*)/im', - "/$container_id\s+body/i", + '/(^\s*|,\s*|\}\s*)([a-z0-9\._#\*][a-z0-9\.\-_]*)/im', + '/'.preg_quote($container_id, '/').'\s+body/i', ), array( '', "\\1#$container_id \\2", - "$container_id div.rcmBody", + $container_id, ), $source); - + // put block contents back in $styles = $replacements->resolve($styles); @@ -637,22 +902,22 @@ function rcmail_mod_css_styles($source, $container_id) * @param string CSS content to decode * @return string Decoded string */ -function rcmail_xss_entitiy_decode($content) +function rcmail_xss_entity_decode($content) { $out = html_entity_decode(html_entity_decode($content)); - $out = preg_replace_callback('/\\\([0-9a-f]{4})/i', 'rcmail_xss_entitiy_decode_callback', $out); + $out = preg_replace_callback('/\\\([0-9a-f]{4})/i', 'rcmail_xss_entity_decode_callback', $out); $out = preg_replace('#/\*.*\*/#Um', '', $out); return $out; } /** - * preg_replace_callback callback for rcmail_xss_entitiy_decode_callback + * preg_replace_callback callback for rcmail_xss_entity_decode_callback * * @param array matches result from preg_replace_callback * @return string decoded entity */ -function rcmail_xss_entitiy_decode_callback($matches) +function rcmail_xss_entity_decode_callback($matches) { return chr(hexdec($matches[1])); } @@ -688,11 +953,11 @@ function parse_attrib_string($str) preg_match_all('/\s*([-_a-z]+)=(["\'])??(?(2)([^\2]*)\2|(\S+?))/Ui', stripslashes($str), $regs, PREG_SET_ORDER); // convert attributes to an associative array (name => value) - if ($regs) - foreach ($regs as $attr) - { - $attrib[strtolower($attr[1])] = $attr[3] . $attr[4]; - } + if ($regs) { + foreach ($regs as $attr) { + $attrib[strtolower($attr[1])] = html_entity_decode($attr[3] . $attr[4]); + } + } return $attrib; } @@ -707,7 +972,7 @@ function parse_attrib_string($str) * @return string Formatted date string */ function format_date($date, $format=NULL) - { +{ global $CONFIG; $ts = NULL; @@ -731,7 +996,7 @@ function format_date($date, $format=NULL) if (empty($ts)) return ''; - + // get user's timezone if ($CONFIG['timezone'] === 'auto') $tz = isset($_SESSION['timezone']) ? $_SESSION['timezone'] : date('Z')/3600; @@ -743,7 +1008,7 @@ function format_date($date, $format=NULL) // convert time to user's timezone $timestamp = $ts - date('Z', $ts) + ($tz * 3600); - + // get current timestamp in user's timezone $now = time(); // local time $now -= (int)date('Z'); // make GMT time @@ -751,25 +1016,33 @@ function format_date($date, $format=NULL) $now_date = getdate($now); $today_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday'], $now_date['year']); - $week_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday']-6, $now_date['year']); + $week_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday']-6, $now_date['year']); - // define date format depending on current time - if ($CONFIG['prettydate'] && !$format && $timestamp > $today_limit && $timestamp < $now) - return sprintf('%s %s', rcube_label('today'), date($CONFIG['date_today'] ? $CONFIG['date_today'] : 'H:i', $timestamp)); - else if ($CONFIG['prettydate'] && !$format && $timestamp > $week_limit && $timestamp < $now) - $format = $CONFIG['date_short'] ? $CONFIG['date_short'] : 'D H:i'; - else if (!$format) - $format = $CONFIG['date_long'] ? $CONFIG['date_long'] : 'd.m.Y H:i'; + // define date format depending on current time + if (!$format) { + if ($CONFIG['prettydate'] && $timestamp > $today_limit && $timestamp < $now) { + $format = $CONFIG['date_today'] ? $CONFIG['date_today'] : 'H:i'; + $today = true; + } + else if ($CONFIG['prettydate'] && $timestamp > $week_limit && $timestamp < $now) + $format = $CONFIG['date_short'] ? $CONFIG['date_short'] : 'D H:i'; + else + $format = $CONFIG['date_long'] ? $CONFIG['date_long'] : 'd.m.Y H:i'; + } + // strftime() format + if (preg_match('/%[a-z]+/i', $format)) { + $format = strftime($format, $timestamp); + return $today ? (rcube_label('today') . ' ' . $format) : $format; + } // parse format string manually in order to provide localized weekday and month names // an alternative would be to convert the date() format string to fit with strftime() $out = ''; - for($i=0; $i', preg_match('/[\(\)\<\>\\\.\[\]@,;:"]/', $name) ? '"'.addcslashes($name, '"').'"' : $name, $email); + return sprintf('%s <%s>', preg_match('/[\(\)\<\>\\\.\[\]@,;:"]/', $name) ? '"'.addcslashes($name, '"').'"' : $name, trim($email)); } else - return $email; + return trim($email); } @@ -822,11 +1106,20 @@ function format_email_recipient($email, $name='') * Print or write debug messages * * @param mixed Debug message or data + * @return void */ function console() { + $args = func_get_args(); + + if (class_exists('rcmail', false)) { + $rcmail = rcmail::get_instance(); + if (is_object($rcmail->plugins)) + $rcmail->plugins->exec_hook('console', $args); + } + $msg = array(); - foreach (func_get_args() as $arg) + foreach ($args as $arg) $msg[] = !is_string($arg) ? var_export($arg, true) : $arg; if (!($GLOBALS['CONFIG']['debug_level'] & 4)) @@ -848,54 +1141,128 @@ function console() * * @param $name name of log file * @param line Line to append + * @return void */ function write_log($name, $line) { - global $CONFIG; + global $CONFIG, $RCMAIL; if (!is_string($line)) $line = var_export($line, true); + + if (empty($CONFIG['log_date_format'])) + $CONFIG['log_date_format'] = 'd-M-Y H:i:s O'; - $log_entry = sprintf("[%s]: %s\n", - date("d-M-Y H:i:s O", mktime()), - $line); - + $date = date($CONFIG['log_date_format']); + + // trigger logging hook + if (is_object($RCMAIL) && is_object($RCMAIL->plugins)) { + $log = $RCMAIL->plugins->exec_hook('write_log', array('name' => $name, 'date' => $date, 'line' => $line)); + $name = $log['name']; + $line = $log['line']; + $date = $log['date']; + if ($log['abort']) + return true; + } + if ($CONFIG['log_driver'] == 'syslog') { - if ($name == 'errors') - $prio = LOG_ERR; - else - $prio = LOG_INFO; - syslog($prio, $log_entry); - } else { + $prio = $name == 'errors' ? LOG_ERR : LOG_INFO; + syslog($prio, $line); + return true; + } + else { + $line = sprintf("[%s]: %s\n", $date, $line); + // log_driver == 'file' is assumed here if (empty($CONFIG['log_dir'])) $CONFIG['log_dir'] = INSTALL_PATH.'logs'; // try to open specific log file for writing - if ($fp = @fopen($CONFIG['log_dir'].'/'.$name, 'a')) { - fwrite($fp, $log_entry); + $logfile = $CONFIG['log_dir'].'/'.$name; + if ($fp = @fopen($logfile, 'a')) { + fwrite($fp, $line); fflush($fp); fclose($fp); + return true; } + else + trigger_error("Error writing to log file $logfile; Please check permissions", E_USER_WARNING); } + return false; +} + + +/** + * Write login data (name, ID, IP address) to the 'userlogins' log file. + * + * @return void + */ +function rcmail_log_login() +{ + global $RCMAIL; + + if (!$RCMAIL->config->get('log_logins') || !$RCMAIL->user) + return; + + write_log('userlogins', sprintf('Successful login for %s (ID: %d) from %s', + $RCMAIL->user->get_username(), $RCMAIL->user->ID, rcmail_remote_ip())); +} + + +/** + * Returns remote IP address and forwarded addresses if found + * + * @return string Remote IP address(es) + */ +function rcmail_remote_ip() +{ + $address = $_SERVER['REMOTE_ADDR']; + + // append the NGINX X-Real-IP header, if set + if (!empty($_SERVER['HTTP_X_REAL_IP'])) { + $remote_ip[] = 'X-Real-IP: ' . $_SERVER['HTTP_X_REAL_IP']; + } + // append the X-Forwarded-For header, if set + if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { + $remote_ip[] = 'X-Forwarded-For: ' . $_SERVER['HTTP_X_FORWARDED_FOR']; + } + + if (!empty($remote_ip)) + $address .= '(' . implode(',', $remote_ip) . ')'; + + return $address; +} + + +/** + * Check whether the HTTP referer matches the current request + * + * @return boolean True if referer is the same host+path, false if not + */ +function rcube_check_referer() +{ + $uri = parse_url($_SERVER['REQUEST_URI']); + $referer = parse_url(rc_request_header('Referer')); + return $referer['host'] == rc_request_header('Host') && $referer['path'] == $uri['path']; } /** * @access private + * @return mixed */ function rcube_timer() - { - list($usec, $sec) = explode(" ", microtime()); - return ((float)$usec + (float)$sec); - } - +{ + return microtime(true); +} + /** * @access private + * @return void */ -function rcube_print_time($timer, $label='Timer') - { +function rcube_print_time($timer, $label='Timer', $dest='console') +{ static $print_count = 0; $print_count++; @@ -905,8 +1272,8 @@ function rcube_print_time($timer, $label='Timer') if (empty($label)) $label = 'Timer '.$print_count; - console(sprintf("%s: %0.4f sec", $label, $diff)); - } + write_log($dest, sprintf("%s: %0.4f sec", $label, $diff)); +} /** @@ -920,7 +1287,7 @@ function rcmail_mailbox_list($attrib) global $RCMAIL; static $a_mailboxes; - $attrib += array('maxlength' => 100, 'relanames' => false); + $attrib += array('maxlength' => 100, 'realnames' => false); // add some labels to client $RCMAIL->output->add_label('purgefolderconfirm', 'deletemessagesconfirm'); @@ -945,6 +1312,9 @@ function rcmail_mailbox_list($attrib) rcmail_build_folder_tree($a_mailboxes, $folder, $delimiter); } + // allow plugins to alter the folder tree or to localize folder names + $hook = $RCMAIL->plugins->exec_hook('render_mailboxlist', array('list' => $a_mailboxes, 'delimiter' => $delimiter)); + if ($type=='select') { $select = new html_select($attrib); @@ -952,12 +1322,12 @@ function rcmail_mailbox_list($attrib) if ($attrib['noselection']) $select->add(rcube_label($attrib['noselection']), '0'); - rcmail_render_folder_tree_select($a_mailboxes, $mbox_name, $attrib['maxlength'], $select, $attrib['realnames']); + rcmail_render_folder_tree_select($hook['list'], $mbox_name, $attrib['maxlength'], $select, $attrib['realnames']); $out = $select->show(); } else { $js_mailboxlist = array(); - $out = html::tag('ul', $attrib, rcmail_render_folder_tree_html($a_mailboxes, $mbox_name, $js_mailboxlist, $attrib), html::$common_attrib); + $out = html::tag('ul', $attrib, rcmail_render_folder_tree_html($hook['list'], $mbox_name, $js_mailboxlist, $attrib), html::$common_attrib); $RCMAIL->output->add_gui_object('mailboxlist', $attrib['id']); $RCMAIL->output->set_env('mailboxes', $js_mailboxlist); @@ -972,17 +1342,23 @@ function rcmail_mailbox_list($attrib) * Return the mailboxlist as html_select object * * @param array Named parameters - * @return object html_select HTML drop-down object + * @return html_select HTML drop-down object */ function rcmail_mailbox_select($p = array()) { global $RCMAIL; - $p += array('maxlength' => 100, 'relanames' => false); + $p += array('maxlength' => 100, 'realnames' => false); $a_mailboxes = array(); - - foreach ($RCMAIL->imap->list_mailboxes() as $folder) - rcmail_build_folder_tree($a_mailboxes, $folder, $RCMAIL->imap->get_hierarchy_delimiter()); + + if ($p['unsubscribed']) + $list = $RCMAIL->imap->list_unsubscribed(); + else + $list = $RCMAIL->imap->list_mailboxes(); + + foreach ($list as $folder) + if (empty($p['exceptions']) || !in_array($folder, $p['exceptions'])) + rcmail_build_folder_tree($a_mailboxes, $folder, $RCMAIL->imap->get_hierarchy_delimiter()); $select = new html_select($p); @@ -998,14 +1374,25 @@ function rcmail_mailbox_select($p = array()) /** * Create a hierarchical array of the mailbox list * @access private + * @return void */ function rcmail_build_folder_tree(&$arrFolders, $folder, $delm='/', $path='') { + global $RCMAIL; + $pos = strpos($folder, $delm); + if ($pos !== false) { $subFolders = substr($folder, $pos+1); $currentFolder = substr($folder, 0, $pos); - $virtual = !isset($arrFolders[$currentFolder]); + + // sometimes folder has a delimiter as the last character + if (!strlen($subFolders)) + $virtual = false; + else if (!isset($arrFolders[$currentFolder])) + $virtual = true; + else + $virtual = $arrFolders[$currentFolder]['virtual']; } else { $subFolders = false; @@ -1015,17 +1402,22 @@ function rcmail_build_folder_tree(&$arrFolders, $folder, $delm='/', $path='') $path .= $currentFolder; + // Check \Noselect option (if options are in cache) + if (!$virtual && ($opts = $RCMAIL->imap->mailbox_options($path))) { + $virtual = in_array('\\Noselect', $opts); + } + if (!isset($arrFolders[$currentFolder])) { $arrFolders[$currentFolder] = array( 'id' => $path, - 'name' => rcube_charset_convert($currentFolder, 'UTF-7'), + 'name' => rcube_charset_convert($currentFolder, 'UTF7-IMAP'), 'virtual' => $virtual, 'folders' => array()); } else $arrFolders[$currentFolder]['virtual'] = $virtual; - if (!empty($subFolders)) + if (strlen($subFolders)) rcmail_build_folder_tree($arrFolders[$currentFolder]['folders'], $subFolders, $delm, $path.$delm); } @@ -1033,6 +1425,7 @@ function rcmail_build_folder_tree(&$arrFolders, $folder, $delm='/', $path='') /** * Return html for a structured list <ul> for the mailbox tree * @access private + * @return string */ function rcmail_render_folder_tree_html(&$arrFolders, &$mbox_name, &$jslist, $attrib, $nestLevel=0) { @@ -1064,7 +1457,7 @@ function rcmail_render_folder_tree_html(&$arrFolders, &$mbox_name, &$jslist, $at } // make folder name safe for ids and class names - $folder_id = asciiwords($folder['id'], true); + $folder_id = asciiwords($folder['id'], true, '_'); $classes = array('mailbox'); // set special class for Sent, Drafts, Trash and Junk @@ -1131,6 +1524,7 @@ function rcmail_render_folder_tree_html(&$arrFolders, &$mbox_name, &$jslist, $at /** * Return html for a flat list