X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=program%2Finclude%2Fmain.inc;h=f92976245328fabd52946f2b01195d47a0b4ae6a;hb=76507f7c63a660742e76889ad6e3919f3dde3bb0;hp=f25f4cbd755f45b6f285c7255e9287db6baaeb82;hpb=b68022ca3782d5eb5a1a7ef6f8cf7abe1dc15bd6;p=roundcube.git diff --git a/program/include/main.inc b/program/include/main.inc index f25f4cb..f929762 100644 --- a/program/include/main.inc +++ b/program/include/main.inc @@ -4,8 +4,8 @@ +-----------------------------------------------------------------------+ | program/include/main.inc | | | - | This file is part of the RoundCube Webmail client | - | Copyright (C) 2005-2009, RoundCube Dev, - Switzerland | + | This file is part of the Roundcube Webmail client | + | Copyright (C) 2005-2011, The Roundcube Dev Team | | Licensed under the GNU GPL | | | | PURPOSE: | @@ -15,19 +15,19 @@ | Author: Thomas Bruederli | +-----------------------------------------------------------------------+ - $Id: main.inc 2852 2009-08-10 21:32:44Z thomasb $ + $Id: main.inc 5591 2011-12-10 14:16:31Z thomasb $ */ /** - * RoundCube Webmail common functions + * Roundcube Webmail common functions * * @package Core * @author Thomas Bruederli */ -require_once('lib/utf7.inc'); -require_once('include/rcube_shared.inc'); +require_once 'utf7.inc'; +require_once INSTALL_PATH . 'program/include/rcube_shared.inc'; // define constannts for input reading define('RCUBE_INPUT_GET', 0x0101); @@ -65,7 +65,7 @@ function get_table_name($table) */ function get_sequence_name($sequence) { - // return table name if configured + // return sequence name if configured $config_key = 'db_sequence_'.$sequence; $opt = rcmail::get_instance()->config->get($config_key); @@ -81,6 +81,7 @@ function get_sequence_name($sequence) * It's a global wrapper for rcmail::gettext() * * @param mixed Named parameters array or label name + * @param string Domain to search in (e.g. plugin name) * @return string Localized text * @see rcmail::gettext() */ @@ -90,6 +91,18 @@ function rcube_label($p, $domain=null) } +/** + * Global wrapper of rcmail::text_exists() + * to check whether a text label is defined + * + * @see rcmail::text_exists() + */ +function rcube_label_exists($name, $domain=null, &$ref_domain = null) +{ + return rcmail::get_instance()->text_exists($name, $domain, $ref_domain); +} + + /** * Overwrite action variable * @@ -123,46 +136,63 @@ function rcmail_url($action, $p=array(), $task=null) * Remove temp files older than two days */ function rcmail_temp_gc() - { +{ $rcmail = rcmail::get_instance(); $tmp = unslashify($rcmail->config->get('temp_dir')); $expire = mktime() - 172800; // expire in 48 hours - if ($dir = opendir($tmp)) - { - while (($fname = readdir($dir)) !== false) - { + if ($dir = opendir($tmp)) { + while (($fname = readdir($dir)) !== false) { if ($fname{0} == '.') continue; if (filemtime($tmp.'/'.$fname) < $expire) @unlink($tmp.'/'.$fname); - } + } closedir($dir); - } } +} /** * Garbage collector for cache entries. * Remove all expired message cache records + * @return void */ function rcmail_cache_gc() - { +{ $rcmail = rcmail::get_instance(); $db = $rcmail->get_dbh(); - + // get target timestamp $ts = get_offset_time($rcmail->config->get('message_cache_lifetime', '30d'), -1); - - $db->query("DELETE FROM ".get_table_name('messages')." - WHERE created < " . $db->fromunixtime($ts)); - $db->query("DELETE FROM ".get_table_name('cache')." - WHERE created < " . $db->fromunixtime($ts)); - } + $db->query("DELETE FROM ".get_table_name('cache_messages') + ." WHERE changed < " . $db->fromunixtime($ts)); + + $db->query("DELETE FROM ".get_table_name('cache_index') + ." WHERE changed < " . $db->fromunixtime($ts)); + + $db->query("DELETE FROM ".get_table_name('cache_thread') + ." WHERE changed < " . $db->fromunixtime($ts)); + + $db->query("DELETE FROM ".get_table_name('cache') + ." WHERE created < " . $db->fromunixtime($ts)); +} + + +/** + * Catch an error and throw an exception. + * + * @param int Level of the error + * @param string Error message + */ +function rcube_error_handler($errno, $errstr) +{ + throw new ErrorException($errstr, 0, $errno); +} /** @@ -172,46 +202,63 @@ function rcmail_cache_gc() * @param string Input string * @param string Suspected charset of the input string * @param string Target charset to convert to; defaults to RCMAIL_CHARSET - * @return Converted string + * @return string Converted string */ function rcube_charset_convert($str, $from, $to=NULL) - { +{ + static $iconv_options = null; static $mbstring_loaded = null; static $mbstring_list = null; - static $convert_warning = false; static $conv = null; - + $error = false; - $to = empty($to) ? $to = strtoupper(RCMAIL_CHARSET) : rcube_parse_charset($to); + $to = empty($to) ? strtoupper(RCMAIL_CHARSET) : rcube_parse_charset($to); $from = rcube_parse_charset($from); if ($from == $to || empty($str) || empty($from)) return $str; - // convert charset using iconv module - if (function_exists('iconv') && $from != 'UTF-7' && $to != 'UTF-7') { - $_iconv = iconv($from, $to . '//IGNORE', $str); + // convert charset using iconv module + if (function_exists('iconv') && $from != 'UTF7-IMAP' && $to != 'UTF7-IMAP') { + if ($iconv_options === null) { + // ignore characters not available in output charset + $iconv_options = '//IGNORE'; + if (iconv('', $iconv_options, '') === false) { + // iconv implementation does not support options + $iconv_options = ''; + } + } + + // throw an exception if iconv reports an illegal character in input + // it means that input string has been truncated + set_error_handler('rcube_error_handler', E_NOTICE); + try { + $_iconv = iconv($from, $to . $iconv_options, $str); + } catch (ErrorException $e) { + $_iconv = false; + } + restore_error_handler(); if ($_iconv !== false) { - return $_iconv; + return $_iconv; } } - if (is_null($mbstring_loaded)) + if ($mbstring_loaded === null) $mbstring_loaded = extension_loaded('mbstring'); - + // convert charset using mbstring module if ($mbstring_loaded) { $aliases['WINDOWS-1257'] = 'ISO-8859-13'; - - if (is_null($mbstring_list)) { + + if ($mbstring_list === null) { $mbstring_list = mb_list_encodings(); $mbstring_list = array_map('strtoupper', $mbstring_list); } $mb_from = $aliases[$from] ? $aliases[$from] : $from; $mb_to = $aliases[$to] ? $aliases[$to] : $to; - + // return if encoding found, string matches encoding and convert succeeded if (in_array($mb_from, $mbstring_list) && in_array($mb_to, $mbstring_list)) { if (mb_check_encoding($str, $mb_from) && ($out = mb_convert_encoding($str, $mb_to, $mb_from))) @@ -243,7 +290,7 @@ function rcube_charset_convert($str, $from, $to=NULL) } $error = true; } - + // encode string for output if ($from == 'UTF-8') { // @TODO: we need a function for UTF-7 (RFC2152) conversion @@ -265,23 +312,10 @@ function rcube_charset_convert($str, $from, $to=NULL) } $error = true; } - - // report error - if ($error && !$convert_warning) { - raise_error(array( - 'code' => 500, - 'type' => 'php', - 'file' => __FILE__, - 'line' => __LINE__, - 'message' => "Could not convert string from $from to $to. Make sure iconv/mbstring is installed or lib/utf8.class is available." - ), true, false); - - $convert_warning = true; - } - + // return UTF-8 or original string return $str; - } +} /** @@ -289,15 +323,26 @@ function rcube_charset_convert($str, $from, $to=NULL) * Sometimes charset string is malformed, there are also charset aliases * but we need strict names for charset conversion (specially utf8 class) * - * @param string Input charset name - * @return The validated charset name + * @param string Input charset name + * @return string The validated charset name */ -function rcube_parse_charset($charset) - { - $charset = strtoupper($charset); +function rcube_parse_charset($input) +{ + static $charsets = array(); + $charset = strtoupper($input); + + if (isset($charsets[$input])) + return $charsets[$input]; + + $charset = preg_replace(array( + '/^[^0-9A-Z]+/', // e.g. _ISO-8859-JP$SIO + '/\$.*$/', // e.g. _ISO-8859-JP$SIO + '/UNICODE-1-1-*/', // RFC1641/1642 + '/^X-/', // X- prefix (e.g. X-ROMAN8 => ROMAN8) + ), '', $charset); - # RFC1642 - $charset = str_replace('UNICODE-1-1-', '', $charset); + if ($charset == 'BINARY') + return $charsets[$input] = null; # Aliases: some of them from HTML5 spec. $aliases = array( @@ -315,33 +360,80 @@ function rcube_parse_charset($charset) 'TIS620' => 'WINDOWS-874', 'ISO88599' => 'WINDOWS-1254', 'ISO885911' => 'WINDOWS-874', + 'MACROMAN' => 'MACINTOSH', + '77' => 'MAC', + '128' => 'SHIFT-JIS', + '129' => 'CP949', + '130' => 'CP1361', + '134' => 'GBK', + '136' => 'BIG5', + '161' => 'WINDOWS-1253', + '162' => 'WINDOWS-1254', + '163' => 'WINDOWS-1258', + '177' => 'WINDOWS-1255', + '178' => 'WINDOWS-1256', + '186' => 'WINDOWS-1257', + '204' => 'WINDOWS-1251', + '222' => 'WINDOWS-874', + '238' => 'WINDOWS-1250', + 'MS950' => 'CP950', + 'WINDOWS949' => 'UHC', ); - // allow a-z and 0-9 only and remove X- prefix (e.g. X-ROMAN8 => ROMAN8) - $str = preg_replace(array('/[^a-z0-9]/i', '/^x+/i'), '', $charset); + // allow A-Z and 0-9 only + $str = preg_replace('/[^A-Z0-9]/', '', $charset); if (isset($aliases[$str])) - return $aliases[$str]; - - if (preg_match('/UTF(7|8|16|32)(BE|LE)*/', $str, $m)) - return 'UTF-' . $m[1] . $m[2]; - - if (preg_match('/ISO8859([0-9]{0,2})/', $str, $m)) { + $result = $aliases[$str]; + // UTF + else if (preg_match('/U[A-Z][A-Z](7|8|16|32)(BE|LE)*/', $str, $m)) + $result = 'UTF-' . $m[1] . $m[2]; + // ISO-8859 + else if (preg_match('/ISO8859([0-9]{0,2})/', $str, $m)) { $iso = 'ISO-8859-' . ($m[1] ? $m[1] : 1); - # some clients sends windows-1252 text as latin1, - # it is safe to use windows-1252 for all latin1 - return $iso == 'ISO-8859-1' ? 'WINDOWS-1252' : $iso; + // some clients sends windows-1252 text as latin1, + // it is safe to use windows-1252 for all latin1 + $result = $iso == 'ISO-8859-1' ? 'WINDOWS-1252' : $iso; + } + // handle broken charset names e.g. WINDOWS-1250HTTP-EQUIVCONTENT-TYPE + else if (preg_match('/(WIN|WINDOWS)([0-9]+)/', $str, $m)) { + $result = 'WINDOWS-' . $m[2]; + } + // LATIN + else if (preg_match('/LATIN(.*)/', $str, $m)) { + $aliases = array('2' => 2, '3' => 3, '4' => 4, '5' => 9, '6' => 10, + '7' => 13, '8' => 14, '9' => 15, '10' => 16, + 'ARABIC' => 6, 'CYRILLIC' => 5, 'GREEK' => 7, 'GREEK1' => 7, 'HEBREW' => 8); + + // some clients sends windows-1252 text as latin1, + // it is safe to use windows-1252 for all latin1 + if ($m[1] == 1) { + $result = 'WINDOWS-1252'; + } + // if iconv is not supported we need ISO labels, it's also safe for iconv + else if (!empty($aliases[$m[1]])) { + $result = 'ISO-8859-'.$aliases[$m[1]]; + } + // iconv requires convertion of e.g. LATIN-1 to LATIN1 + else { + $result = $str; } - - return $charset; } + else { + $result = $charset; + } + + $charsets[$input] = $result; + + return $result; +} /** * Converts string from standard UTF-7 (RFC 2152) to UTF-8. * * @param string Input string - * @return The converted string + * @return string The converted string */ function rcube_utf7_to_utf8($str) { @@ -400,7 +492,7 @@ function rcube_utf7_to_utf8($str) * Converts string from UTF-16 to UTF-8 (helper for utf-7 to utf-8 conversion) * * @param string Input string - * @return The converted string + * @return string The converted string */ function rcube_utf16_to_utf8($str) { @@ -431,7 +523,7 @@ function rcube_utf16_to_utf8($str) * @param string Encoding type: text|html|xml|js|url * @param string Replace mode for tags: show|replace|remove * @param boolean Convert newlines - * @return The quoted string + * @return string The quoted string */ function rep_specialchars_output($str, $enctype='', $mode='', $newlines=TRUE) { @@ -447,7 +539,7 @@ function rep_specialchars_output($str, $enctype='', $mode='', $newlines=TRUE) { if (!$html_encode_arr) { - $html_encode_arr = get_html_translation_table(HTML_SPECIALCHARS); + $html_encode_arr = get_html_translation_table(HTML_SPECIALCHARS); unset($html_encode_arr['?']); } @@ -464,10 +556,12 @@ function rep_specialchars_output($str, $enctype='', $mode='', $newlines=TRUE) } else if ($mode=='remove') $str = strip_tags($str); - + + $out = strtr($str, $encode_arr); + // avoid douple quotation of & - $out = preg_replace('/&([A-Za-z]{2,6}|#[0-9]{2,4});/', '&\\1;', strtr($str, $encode_arr)); - + $out = preg_replace('/&([A-Za-z]{2,6}|#[0-9]{2,4});/', '&\\1;', $out); + return $newlines ? nl2br($out) : $out; } @@ -478,12 +572,15 @@ function rep_specialchars_output($str, $enctype='', $mode='', $newlines=TRUE) $xml_rep_table['&'] = '&'; for ($c=160; $c<256; $c++) // can be increased to support more charsets - $xml_rep_table[Chr($c)] = "&#$c;"; + $xml_rep_table[chr($c)] = "&#$c;"; $xml_rep_table['"'] = '"'; $js_rep_table['"'] = '\\"'; $js_rep_table["'"] = "\\'"; $js_rep_table["\\"] = "\\\\"; + // Unicode line and paragraph separators (#1486310) + $js_rep_table[chr(hexdec(E2)).chr(hexdec(80)).chr(hexdec(A8))] = '
'; + $js_rep_table[chr(hexdec(E2)).chr(hexdec(80)).chr(hexdec(A9))] = '
'; } // encode for javascript use @@ -542,26 +639,50 @@ function JQ($str) */ function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL) { - global $OUTPUT; $value = NULL; - - if ($source==RCUBE_INPUT_GET && isset($_GET[$fname])) - $value = $_GET[$fname]; - else if ($source==RCUBE_INPUT_POST && isset($_POST[$fname])) - $value = $_POST[$fname]; - else if ($source==RCUBE_INPUT_GPC) - { + + if ($source == RCUBE_INPUT_GET) { + if (isset($_GET[$fname])) + $value = $_GET[$fname]; + } + else if ($source == RCUBE_INPUT_POST) { + if (isset($_POST[$fname])) + $value = $_POST[$fname]; + } + else if ($source == RCUBE_INPUT_GPC) { if (isset($_POST[$fname])) $value = $_POST[$fname]; else if (isset($_GET[$fname])) $value = $_GET[$fname]; else if (isset($_COOKIE[$fname])) $value = $_COOKIE[$fname]; - } + } + + return parse_input_value($value, $allow_html, $charset); +} + +/** + * Parse/validate input value. See get_input_value() + * Performs stripslashes() and charset conversion if necessary + * + * @param string Input value + * @param boolean Allow HTML tags in field value + * @param string Charset to convert into + * @return string Parsed value + */ +function parse_input_value($value, $allow_html=FALSE, $charset=NULL) +{ + global $OUTPUT; if (empty($value)) return $value; + if (is_array($value)) { + foreach ($value as $idx => $val) + $value[$idx] = parse_input_value($val, $allow_html, $charset); + return $value; + } + // strip single quotes if magic_quotes_sybase is enabled if (ini_get('magic_quotes_sybase')) $value = str_replace("''", "'", $value); @@ -569,15 +690,21 @@ function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL) else if (get_magic_quotes_gpc() || get_magic_quotes_runtime()) $value = stripslashes($value); - // remove HTML tags if not allowed + // remove HTML tags if not allowed if (!$allow_html) $value = strip_tags($value); - + + $output_charset = is_object($OUTPUT) ? $OUTPUT->get_charset() : null; + + // remove invalid characters (#1488124) + if ($output_charset == 'UTF-8') + $value = rc_utf8_clean($value); + // convert to internal charset - if (is_object($OUTPUT)) - return rcube_charset_convert($value, $OUTPUT->get_charset(), $charset); - else - return $value; + if ($charset && $output_charset) + $value = rcube_charset_convert($value, $output_charset, $charset); + + return $value; } /** @@ -587,15 +714,16 @@ function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL) * @param int Source to get value from (GPC) * @return array Hash array with all request parameters */ -function request2param($mode = RCUBE_INPUT_GPC) +function request2param($mode = RCUBE_INPUT_GPC, $ignore = 'task|action') { $out = array(); $src = $mode == RCUBE_INPUT_GET ? $_GET : ($mode == RCUBE_INPUT_POST ? $_POST : $_REQUEST); foreach ($src as $key => $value) { $fname = $key[0] == '_' ? substr($key, 1) : $key; - $out[$fname] = get_input_value($key, $mode); + if ($ignore && !preg_match('/^(' . $ignore . ')$/', $fname)) + $out[$fname] = get_input_value($key, $mode); } - + return $out; } @@ -609,6 +737,18 @@ function asciiwords($str, $css_id = false, $replace_with = '') return preg_replace("/[^$allowed]/i", $replace_with, $str); } +/** + * Convert the given string into a valid HTML identifier + * Same functionality as done in app.js with rcube_webmail.html_identifier() + */ +function html_identifier($str, $encode=false) +{ + if ($encode) + return rtrim(strtr(base64_encode($str), '+/', '-_'), '='); + else + return asciiwords($str, true, '_'); +} + /** * Remove single and double quotes from given string * @@ -617,7 +757,7 @@ function asciiwords($str, $css_id = false, $replace_with = '') */ function strip_quotes($str) { - return preg_replace('/[\'"]/', '', $str); + return str_replace(array("'", '"'), '', $str); } @@ -643,48 +783,48 @@ function strip_newlines($str) * @return string HTML table code */ function rcube_table_output($attrib, $table_data, $a_show_cols, $id_col) - { +{ global $RCMAIL; - + $table = new html_table(/*array('cols' => count($a_show_cols))*/); - + // add table header - foreach ($a_show_cols as $col) - $table->add_header($col, Q(rcube_label($col))); - + if (!$attrib['noheader']) + foreach ($a_show_cols as $col) + $table->add_header($col, Q(rcube_label($col))); + $c = 0; - if (!is_array($table_data)) + if (!is_array($table_data)) { $db = $RCMAIL->get_dbh(); while ($table_data && ($sql_arr = $db->fetch_assoc($table_data))) { - $zebra_class = $c % 2 ? 'even' : 'odd'; - $table->add_row(array('id' => 'rcmrow' . $sql_arr[$id_col], 'class' => $zebra_class)); + $table->add_row(array('id' => 'rcmrow' . html_identifier($sql_arr[$id_col]))); // format each col foreach ($a_show_cols as $col) $table->add($col, Q($sql_arr[$col])); - + $c++; } } - else - { + else { foreach ($table_data as $row_data) { - $zebra_class = $c % 2 ? 'even' : 'odd'; - $table->add_row(array('id' => 'rcmrow' . $row_data[$id_col], 'class' => $zebra_class)); + $class = !empty($row_data['class']) ? $row_data['class'] : ''; + + $table->add_row(array('id' => 'rcmrow' . html_identifier($row_data[$id_col]), 'class' => $class)); // format each col foreach ($a_show_cols as $col) - $table->add($col, Q($row_data[$col])); - + $table->add($col, Q(is_array($row_data[$col]) ? $row_data[$col][0] : $row_data[$col])); + $c++; } } return $table->show($attrib); - } +} /** @@ -697,32 +837,42 @@ function rcube_table_output($attrib, $table_data, $a_show_cols, $id_col) * @return string HTML field definition */ function rcmail_get_edit_field($col, $value, $attrib, $type='text') - { +{ + static $colcounts = array(); + $fname = '_'.$col; - $attrib['name'] = $fname; + $attrib['name'] = $fname . ($attrib['array'] ? '[]' : ''); + $attrib['class'] = trim($attrib['class'] . ' ff_' . $col); - if ($type=='checkbox') - { + if ($type == 'checkbox') { $attrib['value'] = '1'; $input = new html_checkbox($attrib); - } - else if ($type=='textarea') - { + } + else if ($type == 'textarea') { $attrib['cols'] = $attrib['size']; $input = new html_textarea($attrib); - } - else + } + else if ($type == 'select') { + $input = new html_select($attrib); + $input->add('---', ''); + $input->add(array_values($attrib['options']), array_keys($attrib['options'])); + } + else { + if ($attrib['type'] != 'text' && $attrib['type'] != 'hidden') + $attrib['type'] = 'text'; $input = new html_inputfield($attrib); + } // use value from post - if (!empty($_POST[$fname])) - $value = get_input_value($fname, RCUBE_INPUT_POST, - $type == 'textarea' && strpos($attrib['class'], 'mce_editor')!==false ? true : false); + if (isset($_POST[$fname])) { + $postvalue = get_input_value($fname, RCUBE_INPUT_POST, true); + $value = $attrib['array'] ? $postvalue[intval($colcounts[$col]++)] : $postvalue; + } $out = $input->show($value); - + return $out; - } +} /** @@ -733,39 +883,56 @@ function rcmail_get_edit_field($col, $value, $attrib, $type='text') * @param string Container ID to use as prefix * @return string Modified CSS source */ -function rcmail_mod_css_styles($source, $container_id) +function rcmail_mod_css_styles($source, $container_id, $allow_remote=false) { $last_pos = 0; $replacements = new rcube_string_replacer; - + // ignore the whole block if evil styles are detected - $stripped = preg_replace('/[^a-z\(:]/', '', rcmail_xss_entity_decode($source)); - if (preg_match('/expression|behavior|url\(|import/', $stripped)) + $source = rcmail_xss_entity_decode($source); + $stripped = preg_replace('/[^a-z\(:;]/i', '', $source); + $evilexpr = 'expression|behavior|javascript:|import[^a]' . (!$allow_remote ? '|url\(' : ''); + if (preg_match("/$evilexpr/i", $stripped)) return '/* evil! */'; // cut out all contents between { and } - while (($pos = strpos($source, '{', $last_pos)) && ($pos2 = strpos($source, '}', $pos))) - { - $key = $replacements->add(substr($source, $pos+1, $pos2-($pos+1))); + while (($pos = strpos($source, '{', $last_pos)) && ($pos2 = strpos($source, '}', $pos))) { + $styles = substr($source, $pos+1, $pos2-($pos+1)); + + // check every line of a style block... + if ($allow_remote) { + $a_styles = preg_split('/;[\r\n]*/', $styles, -1, PREG_SPLIT_NO_EMPTY); + foreach ($a_styles as $line) { + $stripped = preg_replace('/[^a-z\(:;]/i', '', $line); + // ... and only allow strict url() values + if (stripos($stripped, 'url(') && !preg_match('!url\s*\([ "\'](https?:)//[a-z0-9/._+-]+["\' ]\)!Uims', $line)) { + $a_styles = array('/* evil! */'); + break; + } + } + $styles = join(";\n", $a_styles); + } + + $key = $replacements->add($styles); $source = substr($source, 0, $pos+1) . $replacements->get_replacement($key) . substr($source, $pos2, strlen($source)-$pos2); $last_pos = $pos+2; } - + // remove html comments and add #container to each tag selector. // also replace body definition because we also stripped off the tag $styles = preg_replace( array( '/(^\s*\s*$)/', - '/(^\s*|,\s*|\}\s*)([a-z0-9\._#][a-z0-9\.\-_]*)/im', - "/$container_id\s+body/i", + '/(^\s*|,\s*|\}\s*)([a-z0-9\._#\*][a-z0-9\.\-_]*)/im', + '/'.preg_quote($container_id, '/').'\s+body/i', ), array( '', "\\1#$container_id \\2", - "$container_id div.rcmBody", + $container_id, ), $source); - + // put block contents back in $styles = $replacements->resolve($styles); @@ -784,7 +951,7 @@ function rcmail_xss_entity_decode($content) { $out = html_entity_decode(html_entity_decode($content)); $out = preg_replace_callback('/\\\([0-9a-f]{4})/i', 'rcmail_xss_entity_decode_callback', $out); - $out = preg_replace('#/\*.*\*/#Um', '', $out); + $out = preg_replace('#/\*.*\*/#Ums', '', $out); return $out; } @@ -841,297 +1008,216 @@ function parse_attrib_string($str) } +/** + * Improved equivalent to strtotime() + * + * @param string Date string + * @return int + */ +function rcube_strtotime($date) +{ + // check for MS Outlook vCard date format YYYYMMDD + if (preg_match('/^([12][90]\d\d)([01]\d)(\d\d)$/', trim($date), $matches)) { + return mktime(0,0,0, intval($matches[2]), intval($matches[3]), intval($matches[1])); + } + else if (is_numeric($date)) + return $date; + + // support non-standard "GMTXXXX" literal + $date = preg_replace('/GMT\s*([+-][0-9]+)/', '\\1', $date); + + // if date parsing fails, we have a date in non-rfc format. + // remove token from the end and try again + while ((($ts = @strtotime($date)) === false) || ($ts < 0)) { + $d = explode(' ', $date); + array_pop($d); + if (!$d) break; + $date = implode(' ', $d); + } + + return $ts; +} + + /** * Convert the given date to a human readable form * This uses the date formatting properties from config * - * @param mixed Date representation (string or timestamp) + * @param mixed Date representation (string or timestamp) * @param string Date format to use + * @param bool Enables date convertion according to user timezone + * * @return string Formatted date string */ -function format_date($date, $format=NULL) - { - global $CONFIG; - - $ts = NULL; +function format_date($date, $format=NULL, $convert=true) +{ + global $RCMAIL, $CONFIG; - if (is_numeric($date)) - $ts = $date; - else if (!empty($date)) - { - // support non-standard "GMTXXXX" literal - $date = preg_replace('/GMT\s*([+-][0-9]+)/', '\\1', $date); - // if date parsing fails, we have a date in non-rfc format. - // remove token from the end and try again - while ((($ts = @strtotime($date))===false) || ($ts < 0)) - { - $d = explode(' ', $date); - array_pop($d); - if (!$d) break; - $date = implode(' ', $d); - } - } + if (!empty($date)) + $ts = rcube_strtotime($date); if (empty($ts)) return ''; - - // get user's timezone - if ($CONFIG['timezone'] === 'auto') - $tz = isset($_SESSION['timezone']) ? $_SESSION['timezone'] : date('Z')/3600; + + if ($convert) { + // get user's timezone offset + $tz = $RCMAIL->config->get_timezone(); + + // convert time to user's timezone + $timestamp = $ts - date('Z', $ts) + ($tz * 3600); + + // get current timestamp in user's timezone + $now = time(); // local time + $now -= (int)date('Z'); // make GMT time + $now += ($tz * 3600); // user's time + } else { - $tz = $CONFIG['timezone']; - if ($CONFIG['dst_active']) - $tz++; + $now = time(); + $timestamp = $ts; } - // convert time to user's timezone - $timestamp = $ts - date('Z', $ts) + ($tz * 3600); - - // get current timestamp in user's timezone - $now = time(); // local time - $now -= (int)date('Z'); // make GMT time - $now += ($tz * 3600); // user's time - $now_date = getdate($now); - - $today_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday'], $now_date['year']); - $week_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday']-6, $now_date['year']); - - // define date format depending on current time - if ($CONFIG['prettydate'] && !$format && $timestamp > $today_limit && $timestamp < $now) - return sprintf('%s %s', rcube_label('today'), date($CONFIG['date_today'] ? $CONFIG['date_today'] : 'H:i', $timestamp)); - else if ($CONFIG['prettydate'] && !$format && $timestamp > $week_limit && $timestamp < $now) - $format = $CONFIG['date_short'] ? $CONFIG['date_short'] : 'D H:i'; - else if (!$format) - $format = $CONFIG['date_long'] ? $CONFIG['date_long'] : 'd.m.Y H:i'; + // define date format depending on current time + if (!$format) { + $now_date = getdate($now); + $today_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday'], $now_date['year']); + $week_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday']-6, $now_date['year']); + + if ($CONFIG['prettydate'] && $timestamp > $today_limit && $timestamp < $now) { + $format = $RCMAIL->config->get('date_today', $RCMAIL->config->get('time_format', 'H:i')); + $today = true; + } + else if ($CONFIG['prettydate'] && $timestamp > $week_limit && $timestamp < $now) + $format = $RCMAIL->config->get('date_short', 'D H:i'); + else + $format = $RCMAIL->config->get('date_long', 'Y-m-d H:i'); + } // strftime() format - if (preg_match('/%[a-z]+/i', $format)) - return strftime($format, $timestamp); + if (preg_match('/%[a-z]+/i', $format)) { + $format = strftime($format, $timestamp); + return $today ? (rcube_label('today') . ' ' . $format) : $format; + } // parse format string manually in order to provide localized weekday and month names // an alternative would be to convert the date() format string to fit with strftime() $out = ''; - for($i=0; $i', preg_match('/[\(\)\<\>\\\.\[\]@,;:"]/', $name) ? '"'.addcslashes($name, '"').'"' : $name, $email); - } - else - return $email; + return sprintf('%s <%s>', preg_match('/[\(\)\<\>\\\.\[\]@,;:"]/', $name) ? '"'.addcslashes($name, '"').'"' : $name, trim($email)); } - - -/****** debugging functions ********/ + return trim($email); +} /** - * Print or write debug messages + * Return the mailboxlist in HTML * - * @param mixed Debug message or data + * @param array Named parameters + * @return string HTML code for the gui object */ -function console() - { - $args = func_get_args(); +function rcmail_mailbox_list($attrib) +{ + global $RCMAIL; + static $a_mailboxes; - if (class_exists('rcmail', false)) { - $rcmail = rcmail::get_instance(); - if (is_object($rcmail->plugins)) - $rcmail->plugins->exec_hook('console', $args); - } + $attrib += array('maxlength' => 100, 'realnames' => false); - $msg = array(); - foreach ($args as $arg) - $msg[] = !is_string($arg) ? var_export($arg, true) : $arg; + // add some labels to client + $RCMAIL->output->add_label('purgefolderconfirm', 'deletemessagesconfirm'); - if (!($GLOBALS['CONFIG']['debug_level'] & 4)) - write_log('console', join(";\n", $msg)); - else if ($GLOBALS['OUTPUT']->ajax_call) - print "/*\n " . join(";\n", $msg) . " \n*/\n"; - else - { - print '
';
-    print join(";
\n", $msg);
-    print "
\n"; - } - } + $type = $attrib['type'] ? $attrib['type'] : 'ul'; + unset($attrib['type']); + if ($type=='ul' && !$attrib['id']) + $attrib['id'] = 'rcmboxlist'; -/** - * Append a line to a logfile in the logs directory. - * Date will be added automatically to the line. - * - * @param $name name of log file - * @param line Line to append - */ -function write_log($name, $line) - { - global $CONFIG, $RCMAIL; - - if (!is_string($line)) - $line = var_export($line, true); - - if (empty($CONFIG['log_date_format'])) - $CONFIG['log_date_format'] = 'd-M-Y H:i:s O'; - - $date = date($CONFIG['log_date_format']); - - // trigger logging hook - if (is_object($RCMAIL) && is_object($RCMAIL->plugins)) { - $log = $RCMAIL->plugins->exec_hook('write_log', array('name' => $name, 'date' => $date, 'line' => $line)); - $name = $log['name']; - $line = $log['line']; - $date = $log['date']; - if ($log['abort']) - return; - } - - $log_entry = sprintf("[%s]: %s\n", $date, $line); - - if ($CONFIG['log_driver'] == 'syslog') { - $prio = $name == 'errors' ? LOG_ERR : LOG_INFO; - syslog($prio, $log_entry); - return true; - } - else { - // log_driver == 'file' is assumed here - if (empty($CONFIG['log_dir'])) - $CONFIG['log_dir'] = INSTALL_PATH.'logs'; - - // try to open specific log file for writing - if ($fp = @fopen($CONFIG['log_dir'].'/'.$name, 'a')) { - fwrite($fp, $log_entry); - fflush($fp); - fclose($fp); - return true; - } - } - return false; -} - - -/** - * @access private - */ -function rcube_timer() -{ - return microtime(true); -} - - -/** - * @access private - */ -function rcube_print_time($timer, $label='Timer', $dest='console') -{ - static $print_count = 0; - - $print_count++; - $now = rcube_timer(); - $diff = $now-$timer; - - if (empty($label)) - $label = 'Timer '.$print_count; - - write_log($dest, sprintf("%s: %0.4f sec", $label, $diff)); -} - - -/** - * Return the mailboxlist in HTML - * - * @param array Named parameters - * @return string HTML code for the gui object - */ -function rcmail_mailbox_list($attrib) -{ - global $RCMAIL; - static $a_mailboxes; - - $attrib += array('maxlength' => 100, 'relanames' => false); - - // add some labels to client - $RCMAIL->output->add_label('purgefolderconfirm', 'deletemessagesconfirm'); - - $type = $attrib['type'] ? $attrib['type'] : 'ul'; - unset($attrib['type']); - - if ($type=='ul' && !$attrib['id']) - $attrib['id'] = 'rcmboxlist'; + if (empty($attrib['folder_name'])) + $attrib['folder_name'] = '*'; // get mailbox list $mbox_name = $RCMAIL->imap->get_mailbox_name(); - + // build the folders tree if (empty($a_mailboxes)) { // get mailbox list - $a_folders = $RCMAIL->imap->list_mailboxes(); + $a_folders = $RCMAIL->imap->list_mailboxes('', $attrib['folder_name'], $attrib['folder_filter']); $delimiter = $RCMAIL->imap->get_hierarchy_delimiter(); $a_mailboxes = array(); foreach ($a_folders as $folder) rcmail_build_folder_tree($a_mailboxes, $folder, $delimiter); } - + // allow plugins to alter the folder tree or to localize folder names $hook = $RCMAIL->plugins->exec_hook('render_mailboxlist', array('list' => $a_mailboxes, 'delimiter' => $delimiter)); - if ($type=='select') { + if ($type == 'select') { $select = new html_select($attrib); - + // add no-selection option if ($attrib['noselection']) - $select->add(rcube_label($attrib['noselection']), '0'); - + $select->add(rcube_label($attrib['noselection']), ''); + rcmail_render_folder_tree_select($hook['list'], $mbox_name, $attrib['maxlength'], $select, $attrib['realnames']); $out = $select->show(); } else { $js_mailboxlist = array(); $out = html::tag('ul', $attrib, rcmail_render_folder_tree_html($hook['list'], $mbox_name, $js_mailboxlist, $attrib), html::$common_attrib); - + $RCMAIL->output->add_gui_object('mailboxlist', $attrib['id']); $RCMAIL->output->set_env('mailboxes', $js_mailboxlist); - $RCMAIL->output->set_env('collapsed_folders', $RCMAIL->config->get('collapsed_folders')); + $RCMAIL->output->set_env('collapsed_folders', (string)$RCMAIL->config->get('collapsed_folders')); } return $out; @@ -1142,25 +1228,37 @@ function rcmail_mailbox_list($attrib) * Return the mailboxlist as html_select object * * @param array Named parameters - * @return object html_select HTML drop-down object + * @return html_select HTML drop-down object */ function rcmail_mailbox_select($p = array()) { global $RCMAIL; - - $p += array('maxlength' => 100, 'relanames' => false); + + $p += array('maxlength' => 100, 'realnames' => false); $a_mailboxes = array(); - - foreach ($RCMAIL->imap->list_mailboxes() as $folder) - rcmail_build_folder_tree($a_mailboxes, $folder, $RCMAIL->imap->get_hierarchy_delimiter()); + + if (empty($p['folder_name'])) + $p['folder_name'] = '*'; + + if ($p['unsubscribed']) + $list = $RCMAIL->imap->list_unsubscribed('', $p['folder_name'], $p['folder_filter'], $p['folder_rights']); + else + $list = $RCMAIL->imap->list_mailboxes('', $p['folder_name'], $p['folder_filter'], $p['folder_rights']); + + $delimiter = $RCMAIL->imap->get_hierarchy_delimiter(); + + foreach ($list as $folder) { + if (empty($p['exceptions']) || !in_array($folder, $p['exceptions'])) + rcmail_build_folder_tree($a_mailboxes, $folder, $delimiter); + } $select = new html_select($p); - + if ($p['noselection']) $select->add($p['noselection'], ''); - - rcmail_render_folder_tree_select($a_mailboxes, $mbox, $p['maxlength'], $select, $p['realnames']); - + + rcmail_render_folder_tree_select($a_mailboxes, $mbox, $p['maxlength'], $select, $p['realnames'], 0, $p); + return $select; } @@ -1168,14 +1266,36 @@ function rcmail_mailbox_select($p = array()) /** * Create a hierarchical array of the mailbox list * @access private + * @return void */ function rcmail_build_folder_tree(&$arrFolders, $folder, $delm='/', $path='') { + global $RCMAIL; + + // Handle namespace prefix + $prefix = ''; + if (!$path) { + $n_folder = $folder; + $folder = $RCMAIL->imap->mod_mailbox($folder); + + if ($n_folder != $folder) { + $prefix = substr($n_folder, 0, -strlen($folder)); + } + } + $pos = strpos($folder, $delm); + if ($pos !== false) { $subFolders = substr($folder, $pos+1); $currentFolder = substr($folder, 0, $pos); - $virtual = !isset($arrFolders[$currentFolder]); + + // sometimes folder has a delimiter as the last character + if (!strlen($subFolders)) + $virtual = false; + else if (!isset($arrFolders[$currentFolder])) + $virtual = true; + else + $virtual = $arrFolders[$currentFolder]['virtual']; } else { $subFolders = false; @@ -1183,7 +1303,7 @@ function rcmail_build_folder_tree(&$arrFolders, $folder, $delm='/', $path='') $virtual = false; } - $path .= $currentFolder; + $path .= $prefix.$currentFolder; if (!isset($arrFolders[$currentFolder])) { $arrFolders[$currentFolder] = array( @@ -1195,30 +1315,32 @@ function rcmail_build_folder_tree(&$arrFolders, $folder, $delm='/', $path='') else $arrFolders[$currentFolder]['virtual'] = $virtual; - if (!empty($subFolders)) + if (strlen($subFolders)) rcmail_build_folder_tree($arrFolders[$currentFolder]['folders'], $subFolders, $delm, $path.$delm); } - + /** * Return html for a structured list <ul> for the mailbox tree * @access private + * @return string */ function rcmail_render_folder_tree_html(&$arrFolders, &$mbox_name, &$jslist, $attrib, $nestLevel=0) { global $RCMAIL, $CONFIG; - + $maxlength = intval($attrib['maxlength']); $realnames = (bool)$attrib['realnames']; $msgcounts = $RCMAIL->imap->get_cache('messagecount'); - $idx = 0; $out = ''; foreach ($arrFolders as $key => $folder) { - $zebra_class = (($nestLevel+1)*$idx) % 2 == 0 ? 'even' : 'odd'; - $title = null; + $title = null; + $folder_class = rcmail_folder_classname($folder['id']); + $collapsed = strpos($CONFIG['collapsed_folders'], '&'.rawurlencode($folder['id']).'&') !== false; + $unread = $msgcounts ? intval($msgcounts[$folder['id']]['UNSEEN']) : 0; - if (($folder_class = rcmail_folder_classname($folder['id'])) && !$realnames) { + if ($folder_class && !$realnames) { $foldername = rcube_label($folder_class); } else { @@ -1234,41 +1356,27 @@ function rcmail_render_folder_tree_html(&$arrFolders, &$mbox_name, &$jslist, $at } // make folder name safe for ids and class names - $folder_id = asciiwords($folder['id'], true, '_'); + $folder_id = html_identifier($folder['id'], true); $classes = array('mailbox'); // set special class for Sent, Drafts, Trash and Junk - if ($folder['id']==$CONFIG['sent_mbox']) - $classes[] = 'sent'; - else if ($folder['id']==$CONFIG['drafts_mbox']) - $classes[] = 'drafts'; - else if ($folder['id']==$CONFIG['trash_mbox']) - $classes[] = 'trash'; - else if ($folder['id']==$CONFIG['junk_mbox']) - $classes[] = 'junk'; - else if ($folder['id']=='INBOX') - $classes[] = 'inbox'; - else - $classes[] = '_'.asciiwords($folder_class ? $folder_class : strtolower($folder['id']), true); - - $classes[] = $zebra_class; - + if ($folder_class) + $classes[] = $folder_class; + if ($folder['id'] == $mbox_name) $classes[] = 'selected'; - $collapsed = preg_match('/&'.rawurlencode($folder['id']).'&/', $RCMAIL->config->get('collapsed_folders')); - $unread = $msgcounts ? intval($msgcounts[$folder['id']]['UNSEEN']) : 0; - if ($folder['virtual']) $classes[] = 'virtual'; else if ($unread) $classes[] = 'unread'; $js_name = JQ($folder['id']); - $html_name = Q($foldername . ($unread ? " ($unread)" : '')); + $html_name = Q($foldername) . ($unread ? html::span('unreadcount', " ($unread)") : ''); $link_attrib = $folder['virtual'] ? array() : array( 'href' => rcmail_url('', array('_mbox' => $folder['id'])), 'onclick' => sprintf("return %s.command('list','%s',this)", JS_OBJECT_NAME, $js_name), + 'rel' => $folder['id'], 'title' => $title, ); @@ -1282,16 +1390,15 @@ function rcmail_render_folder_tree_html(&$arrFolders, &$mbox_name, &$jslist, $at 'style' => "position:absolute", 'onclick' => sprintf("%s.command('collapse-folder', '%s')", JS_OBJECT_NAME, $js_name) ), ' ') : '')); - + $jslist[$folder_id] = array('id' => $folder['id'], 'name' => $foldername, 'virtual' => $folder['virtual']); - + if (!empty($folder['folders'])) { $out .= html::tag('ul', array('style' => ($collapsed ? "display:none;" : null)), rcmail_render_folder_tree_html($folder['folders'], $mbox_name, $jslist, $attrib, $nestLevel+1)); } $out .= "\n"; - $idx++; } return $out; @@ -1301,53 +1408,66 @@ function rcmail_render_folder_tree_html(&$arrFolders, &$mbox_name, &$jslist, $at /** * Return html for a flat list