X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=program%2Finclude%2Frcube_shared.inc;h=6e58ad86982c5293ae05d48ac77e1dd351a16403;hb=76507f7c63a660742e76889ad6e3919f3dde3bb0;hp=345f75e99b9076701a1ca134130863008655ba44;hpb=3adad46e27086084a8b28a32fc4fbc953dbfef6c;p=roundcube.git diff --git a/program/include/rcube_shared.inc b/program/include/rcube_shared.inc index 345f75e..6e58ad8 100644 --- a/program/include/rcube_shared.inc +++ b/program/include/rcube_shared.inc @@ -4,8 +4,8 @@ +-----------------------------------------------------------------------+ | rcube_shared.inc | | | - | This file is part of the RoundCube PHP suite | - | Copyright (C) 2005-2007, RoundCube Dev. - Switzerland | + | This file is part of the Roundcube PHP suite | + | Copyright (C) 2005-2007, The Roundcube Dev Team | | Licensed under the GNU GPL | | | | CONTENTS: | @@ -15,14 +15,14 @@ | Author: Thomas Bruederli | +-----------------------------------------------------------------------+ - $Id: rcube_shared.inc 2147 2008-12-11 17:29:50Z alec $ + $Id: rcube_shared.inc 5274 2011-09-23 10:11:27Z alec $ */ /** - * RoundCube shared functions - * + * Roundcube shared functions + * * @package Core */ @@ -32,18 +32,23 @@ */ function send_nocacheing_headers() { + global $OUTPUT; + if (headers_sent()) return; header("Expires: ".gmdate("D, d M Y H:i:s")." GMT"); header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT"); - header("Cache-Control: private, must-revalidate, post-check=0, pre-check=0"); - header("Pragma: no-cache"); - + // Request browser to disable DNS prefetching (CVE-2010-0464) + header("X-DNS-Prefetch-Control: off"); + // We need to set the following headers to make downloads work using IE in HTTPS mode. - if (isset($_SERVER['HTTPS'])) { - header('Pragma: '); - header('Cache-Control: '); + if ($OUTPUT->browser->ie && rcube_https_check()) { + header('Pragma: private'); + header("Cache-Control: private, must-revalidate"); + } else { + header("Cache-Control: private, no-cache, must-revalidate, post-check=0, pre-check=0"); + header("Pragma: no-cache"); } } @@ -64,142 +69,6 @@ function send_future_expire_header($offset=2600000) } -/** - * Check request for If-Modified-Since and send an according response. - * This will terminate the current script if headers match the given values - * - * @param int Modified date as unix timestamp - * @param string Etag value for caching - */ -function send_modified_header($mdate, $etag=null, $skip_check=false) -{ - if (headers_sent()) - return; - - $iscached = false; - $etag = $etag ? "\"$etag\"" : null; - - if (!$skip_check) - { - if ($_SERVER['HTTP_IF_MODIFIED_SINCE'] && strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= $mdate) - $iscached = true; - - if ($etag) - $iscached = ($_SERVER['HTTP_IF_NONE_MATCH'] == $etag); - } - - if ($iscached) - header("HTTP/1.x 304 Not Modified"); - else - header("Last-Modified: ".gmdate("D, d M Y H:i:s", $mdate)." GMT"); - - header("Cache-Control: max-age=0"); - header("Expires: "); - header("Pragma: "); - - if ($etag) - header("Etag: $etag"); - - if ($iscached) - { - ob_end_clean(); - exit; - } -} - - -/** - * Returns whether an $str is a reserved word for any of the version of Javascript or ECMAScript - * @param str String to check - * @return boolean True if $str is a reserver word, False if not - */ -function is_js_reserved_word($str) -{ - return in_array($str, array( - // ECMASript ver 4 reserved words - 'as','break','case','catch','class','const','continue', - 'default','delete','do','else','export','extends','false','finally','for','function', - 'if','import','in','instanceof','is','namespace','new','null','package','private', - 'public','return','super','switch','this','throw','true','try','typeof','use','var', - 'void','while','with', - // ECMAScript ver 4 future reserved words - 'abstract','debugger','enum','goto','implements','interface','native','protected', - 'synchronized','throws','transient','volatile', - // special meaning in some contexts - 'get','set', - // were reserved in ECMAScript ver 3 - 'boolean','byte','char','double','final','float','int','long','short','static' - )); -} - - -/** - * Convert a variable into a javascript object notation - * - * @param mixed Input value - * @return string Serialized JSON string - */ -function json_serialize($var) -{ - if (is_object($var)) - $var = get_object_vars($var); - - if (is_array($var)) - { - // empty array - if (!sizeof($var)) - return '[]'; - else - { - $keys_arr = array_keys($var); - $is_assoc = $have_numeric = 0; - - for ($i=0; $i $value) - { - // enclose key with quotes if it is not variable-name conform - if (!ereg("^[_a-zA-Z]{1}[_a-zA-Z0-9]*$", $key) || is_js_reserved_word($key)) - $key = "'$key'"; - - $pairs[] = sprintf("%s%s", $is_assoc ? "$key:" : '', json_serialize($value)); - } - - return $brackets{0} . implode(',', $pairs) . $brackets{1}; - } - } - else if (!is_string($var) && strval(intval($var)) === strval($var)) - return $var; - else if (is_bool($var)) - return $var ? '1' : '0'; - else - return "'".JQ($var)."'"; - -} - - -/** - * Function to convert an array to a javascript array - * Actually an alias function for json_serialize() - * @deprecated - */ -function array2js($arr, $type='') -{ - return json_serialize($arr); -} - - /** * Similar function as in_array() but case-insensitive * @@ -209,11 +78,11 @@ function array2js($arr, $type='') */ function in_array_nocase($needle, $haystack) { - $needle = rc_strtolower($needle); + $needle = mb_strtolower($needle); foreach ($haystack as $value) - if ($needle===rc_strtolower($value)) + if ($needle===mb_strtolower($value)) return true; - + return false; } @@ -227,7 +96,7 @@ function in_array_nocase($needle, $haystack) function get_boolean($str) { $str = strtolower($str); - if(in_array($str, array('false', '0', 'no', 'nein', ''), TRUE)) + if (in_array($str, array('false', '0', 'no', 'off', 'nein', ''), TRUE)) return FALSE; else return TRUE; @@ -238,33 +107,36 @@ function get_boolean($str) * Parse a human readable string for a number of bytes * * @param string Input string - * @return int Number of bytes + * @return float Number of bytes */ function parse_bytes($str) { if (is_numeric($str)) - return intval($str); - - if (preg_match('/([0-9]+)([a-z])/i', $str, $regs)) + return floatval($str); + + if (preg_match('/([0-9\.]+)\s*([a-z]*)/i', $str, $regs)) { $bytes = floatval($regs[1]); switch (strtolower($regs[2])) { case 'g': + case 'gb': $bytes *= 1073741824; break; case 'm': + case 'mb': $bytes *= 1048576; break; case 'k': + case 'kb': $bytes *= 1024; break; } } - return intval($bytes); + return floatval($bytes); } - + /** * Create a human readable string for a number of bytes * @@ -273,17 +145,17 @@ function parse_bytes($str) */ function show_bytes($bytes) { - if ($bytes > 1073741824) + if ($bytes >= 1073741824) { $gb = $bytes/1073741824; $str = sprintf($gb>=10 ? "%d " : "%.1f ", $gb) . rcube_label('GB'); } - else if ($bytes > 1048576) + else if ($bytes >= 1048576) { $mb = $bytes/1048576; $str = sprintf($mb>=10 ? "%d " : "%.1f ", $mb) . rcube_label('MB'); } - else if ($bytes > 1024) + else if ($bytes >= 1024) $str = sprintf("%d ", round($bytes/1024)) . rcube_label('KB'); else $str = sprintf('%d ', $bytes) . rcube_label('B'); @@ -291,7 +163,6 @@ function show_bytes($bytes) return $str; } - /** * Convert paths like ../xxx to an absolute path using a base url * @@ -303,20 +174,20 @@ function make_absolute_url($path, $base_url) { $host_url = $base_url; $abs_path = $path; - + // check if path is an absolute URL if (preg_match('/^[fhtps]+:\/\//', $path)) return $path; // cut base_url to the last directory - if (strpos($base_url, '/')>7) + if (strrpos($base_url, '/')>7) { - $host_url = substr($base_url, 0, strpos($base_url, '/')); + $host_url = substr($base_url, 0, strpos($base_url, '/', 7)); $base_url = substr($base_url, 0, strrpos($base_url, '/')); } // $path is absolute - if ($path{0}=='/') + if ($path[0] == '/') $abs_path = $host_url.$path; else { @@ -328,84 +199,67 @@ function make_absolute_url($path, $base_url) { if (strrpos($base_url, '/')) $base_url = substr($base_url, 0, strrpos($base_url, '/')); - + $path = substr($path, 3); } $abs_path = $base_url.'/'.$path; } - - return $abs_path; -} - - -/** - * Wrapper function for strlen - */ -function rc_strlen($str) -{ - if (function_exists('mb_strlen')) - return mb_strlen($str); - else - return strlen($str); -} - -/** - * Wrapper function for strtolower - */ -function rc_strtolower($str) -{ - if (function_exists('mb_strtolower')) - return mb_strtolower($str); - else - return strtolower($str); -} - -/** - * Wrapper function for strtoupper - */ -function rc_strtoupper($str) -{ - if (function_exists('mb_strtoupper')) - return mb_strtoupper($str); - else - return strtoupper($str); -} -/** - * Wrapper function for substr - */ -function rc_substr($str, $start, $len=null) -{ - if (function_exists('mb_substr')) - return mb_substr($str, $start, $len); - else - return substr($str, $start, $len); -} - -/** - * Wrapper function for strpos - */ -function rc_strpos($haystack, $needle, $offset=0) -{ - if (function_exists('mb_strpos')) - return mb_strpos($haystack, $needle, $offset); - else - return strpos($haystack, $needle, $offset); + return $abs_path; } /** - * Wrapper function for strrpos + * Wrapper function for wordwrap */ -function rc_strrpos($haystack, $needle, $offset=0) +function rc_wordwrap($string, $width=75, $break="\n", $cut=false) { - if (function_exists('mb_strrpos')) - return mb_strrpos($haystack, $needle, $offset); - else - return strrpos($haystack, $needle, $offset); + $para = explode($break, $string); + $string = ''; + while (count($para)) { + $line = array_shift($para); + if ($line[0] == '>') { + $string .= $line.$break; + continue; + } + $list = explode(' ', $line); + $len = 0; + while (count($list)) { + $line = array_shift($list); + $l = mb_strlen($line); + $newlen = $len + $l + ($len ? 1 : 0); + + if ($newlen <= $width) { + $string .= ($len ? ' ' : '').$line; + $len += (1 + $l); + } else { + if ($l > $width) { + if ($cut) { + $start = 0; + while ($l) { + $str = mb_substr($line, $start, $width); + $strlen = mb_strlen($str); + $string .= ($len ? $break : '').$str; + $start += $strlen; + $l -= $strlen; + $len = $strlen; + } + } else { + $string .= ($len ? $break : '').$line; + if (count($list)) $string .= $break; + $len = 0; + } + } else { + $string .= $break.$line; + $len = $l; + } + } + } + if (count($para)) $string .= $break; + } + return $string; } - /** * Read a specific HTTP request header * @@ -427,30 +281,6 @@ function rc_request_header($name) } return $hdrs[$key]; - } - - -/** - * Replace the middle part of a string with ... - * if it is longer than the allowed length - * - * @param string Input string - * @param int Max. length - * @param string Replace removed chars with this - * @return string Abbreviated string - */ -function abbreviate_string($str, $maxlength, $place_holder='...') -{ - $length = rc_strlen($str); - $first_part_length = floor($maxlength/2) - rc_strlen($place_holder); - - if ($length > $maxlength) - { - $second_starting_location = $length - $maxlength + $first_part_length + 1; - $str = rc_substr($str, 0, $first_part_length) . $place_holder . rc_substr($str, $second_starting_location, $length); - } - - return $str; } @@ -470,7 +300,7 @@ function unslashify($str) { return preg_replace('/\/$/', '', $str); } - + /** * Delete all files within a folder @@ -500,7 +330,7 @@ function clear_directory($dir_path) * @return int Unix timestamp */ function get_offset_time($offset_str, $factor=1) - { +{ if (preg_match('/^([0-9]+)\s*([smhdw])/i', $offset_str, $regs)) { $amount = (int)$regs[1]; @@ -511,7 +341,7 @@ function get_offset_time($offset_str, $factor=1) $amount = (int)$offset_str; $unit = 's'; } - + $ts = mktime(); switch ($unit) { @@ -531,44 +361,105 @@ function get_offset_time($offset_str, $factor=1) } +/** + * Truncate string if it is longer than the allowed length + * Replace the middle or the ending part of a string with a placeholder + * + * @param string Input string + * @param int Max. length + * @param string Replace removed chars with this + * @param bool Set to True if string should be truncated from the end + * @return string Abbreviated string + */ +function abbreviate_string($str, $maxlength, $place_holder='...', $ending=false) +{ + $length = mb_strlen($str); + + if ($length > $maxlength) + { + if ($ending) + return mb_substr($str, 0, $maxlength) . $place_holder; + + $place_holder_length = mb_strlen($place_holder); + $first_part_length = floor(($maxlength - $place_holder_length)/2); + $second_starting_location = $length - $maxlength + $first_part_length + $place_holder_length; + $str = mb_substr($str, 0, $first_part_length) . $place_holder . mb_substr($str, $second_starting_location); + } + + return $str; +} + + /** * A method to guess the mime_type of an attachment. * - * @param string $path Path to the file. - * @param string $failover Mime type supplied for failover. + * @param string $path Path to the file. + * @param string $name File name (with suffix) + * @param string $failover Mime type supplied for failover. + * @param string $is_stream Set to True if $path contains file body * * @return string * @author Till Klampaeckel * @see http://de2.php.net/manual/en/ref.fileinfo.php * @see http://de2.php.net/mime_content_type */ -function rc_mime_content_type($path, $failover = 'application/octet-stream') +function rc_mime_content_type($path, $name, $failover = 'application/octet-stream', $is_stream=false) { $mime_type = null; $mime_magic = rcmail::get_instance()->config->get('mime_magic'); + $mime_ext = @include(RCMAIL_CONFIG_DIR . '/mimetypes.php'); + $suffix = $name ? substr($name, strrpos($name, '.')+1) : '*'; - if (!extension_loaded('fileinfo')) { - @dl('fileinfo.' . PHP_SHLIB_SUFFIX); + // use file name suffix with hard-coded mime-type map + if (is_array($mime_ext)) { + $mime_type = $mime_ext[$suffix]; } - - if (function_exists('finfo_open')) { + // try fileinfo extension if available + if (!$mime_type && function_exists('finfo_open')) { if ($finfo = finfo_open(FILEINFO_MIME, $mime_magic)) { - $mime_type = finfo_file($finfo, $path); + if ($is_stream) + $mime_type = finfo_buffer($finfo, $path); + else + $mime_type = finfo_file($finfo, $path); finfo_close($finfo); } } - if (!$mime_type && function_exists('mime_content_type')) { - $mime_type = mime_content_type($path); + // try PHP's mime_content_type + if (!$mime_type && !$is_stream && function_exists('mime_content_type')) { + $mime_type = @mime_content_type($path); } - + // fall back to user-submitted string if (!$mime_type) { $mime_type = $failover; } + else { + // Sometimes (PHP-5.3?) content-type contains charset definition, + // Remove it (#1487122) also "charset=binary" is useless + $mime_type = array_shift(preg_split('/[; ]/', $mime_type)); + } return $mime_type; } +/** + * Detect image type of the given binary data by checking magic numbers + * + * @param string Binary file content + * @return string Detected mime-type or jpeg as fallback + */ +function rc_image_content_type($data) +{ + $type = 'jpeg'; + if (preg_match('/^\x89\x50\x4E\x47/', $data)) $type = 'png'; + else if (preg_match('/^\x47\x49\x46\x38/', $data)) $type = 'gif'; + else if (preg_match('/^\x00\x00\x01\x00/', $data)) $type = 'ico'; +// else if (preg_match('/^\xFF\xD8\xFF\xE0/', $data)) $type = 'jpeg'; + + return 'image/' . $type; +} + + /** * A method to guess encoding of a string. * @@ -599,4 +490,221 @@ function rc_detect_encoding($string, $failover='') return $result ? $result : $failover; } -?> +/** + * Removes non-unicode characters from input + * + * @param mixed $input String or array. + * @return string + */ +function rc_utf8_clean($input) +{ + // handle input of type array + if (is_array($input)) { + foreach ($input as $idx => $val) + $input[$idx] = rc_utf8_clean($val); + return $input; + } + + if (!is_string($input) || $input == '') + return $input; + + // iconv/mbstring are much faster (especially with long strings) + if (function_exists('mb_convert_encoding') && ($res = mb_convert_encoding($input, 'UTF-8', 'UTF-8')) !== false) + return $res; + + if (function_exists('iconv') && ($res = @iconv('UTF-8', 'UTF-8//IGNORE', $input)) !== false) + return $res; + + $regexp = '/^('. +// '[\x00-\x7F]'. // UTF8-1 + '|[\xC2-\xDF][\x80-\xBF]'. // UTF8-2 + '|\xE0[\xA0-\xBF][\x80-\xBF]'. // UTF8-3 + '|[\xE1-\xEC][\x80-\xBF][\x80-\xBF]'. // UTF8-3 + '|\xED[\x80-\x9F][\x80-\xBF]'. // UTF8-3 + '|[\xEE-\xEF][\x80-\xBF][\x80-\xBF]'. // UTF8-3 + '|\xF0[\x90-\xBF][\x80-\xBF][\x80-\xBF]'. // UTF8-4 + '|[\xF1-\xF3][\x80-\xBF][\x80-\xBF][\x80-\xBF]'.// UTF8-4 + '|\xF4[\x80-\x8F][\x80-\xBF][\x80-\xBF]'. // UTF8-4 + ')$/'; + + $seq = ''; + $out = ''; + + for ($i = 0, $len = strlen($input); $i < $len; $i++) { + $chr = $input[$i]; + $ord = ord($chr); + // 1-byte character + if ($ord <= 0x7F) { + if ($seq) + $out .= preg_match($regexp, $seq) ? $seq : ''; + $seq = ''; + $out .= $chr; + // first (or second) byte of multibyte sequence + } else if ($ord >= 0xC0) { + if (strlen($seq)>1) { + $out .= preg_match($regexp, $seq) ? $seq : ''; + $seq = ''; + } else if ($seq && ord($seq) < 0xC0) { + $seq = ''; + } + $seq .= $chr; + // next byte of multibyte sequence + } else if ($seq) { + $seq .= $chr; + } + } + + if ($seq) + $out .= preg_match($regexp, $seq) ? $seq : ''; + + return $out; +} + + +/** + * Convert a variable into a javascript object notation + * + * @param mixed Input value + * @return string Serialized JSON string + */ +function json_serialize($input) +{ + $input = rc_utf8_clean($input); + + // sometimes even using rc_utf8_clean() the input contains invalid UTF-8 sequences + // that's why we have @ here + return @json_encode($input); +} + + +/** + * Explode quoted string + * + * @param string Delimiter expression string for preg_match() + * @param string Input string + */ +function rcube_explode_quoted_string($delimiter, $string) +{ + $result = array(); + $strlen = strlen($string); + + for ($q=$p=$i=0; $i < $strlen; $i++) { + if ($string[$i] == "\"" && $string[$i-1] != "\\") { + $q = $q ? false : true; + } + else if (!$q && preg_match("/$delimiter/", $string[$i])) { + $result[] = substr($string, $p, $i - $p); + $p = $i + 1; + } + } + + $result[] = substr($string, $p); + return $result; +} + + +/** + * Get all keys from array (recursive) + * + * @param array Input array + * @return array + */ +function array_keys_recursive($array) +{ + $keys = array(); + + if (!empty($array)) + foreach ($array as $key => $child) { + $keys[] = $key; + foreach (array_keys_recursive($child) as $val) + $keys[] = $val; + } + return $keys; +} + + +/** + * mbstring replacement functions + */ + +if (!extension_loaded('mbstring')) +{ + function mb_strlen($str) + { + return strlen($str); + } + + function mb_strtolower($str) + { + return strtolower($str); + } + + function mb_strtoupper($str) + { + return strtoupper($str); + } + + function mb_substr($str, $start, $len=null) + { + return substr($str, $start, $len); + } + + function mb_strpos($haystack, $needle, $offset=0) + { + return strpos($haystack, $needle, $offset); + } + + function mb_strrpos($haystack, $needle, $offset=0) + { + return strrpos($haystack, $needle, $offset); + } +} + +/** + * intl replacement functions + */ + +if (!function_exists('idn_to_utf8')) +{ + function idn_to_utf8($domain, $flags=null) + { + static $idn, $loaded; + + if (!$loaded) { + $idn = new Net_IDNA2(); + $loaded = true; + } + + if ($idn && $domain && preg_match('/(^|\.)xn--/i', $domain)) { + try { + $domain = $idn->decode($domain); + } + catch (Exception $e) { + } + } + return $domain; + } +} + +if (!function_exists('idn_to_ascii')) +{ + function idn_to_ascii($domain, $flags=null) + { + static $idn, $loaded; + + if (!$loaded) { + $idn = new Net_IDNA2(); + $loaded = true; + } + + if ($idn && $domain && preg_match('/[^\x20-\x7E]/', $domain)) { + try { + $domain = $idn->encode($domain); + } + catch (Exception $e) { + } + } + return $domain; + } +} +