From 73b14686fc7f2ac028af4e8366e7d3882d2894a8 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Thu, 30 Oct 2014 07:51:53 -0400
Subject: [PATCH] Fix possible issues in skin/skin_path config handling (#1490125)
---
program/include/rcmail_output_html.php | 102 ++++++++++++++++++++++++++++++++++----------------
1 files changed, 69 insertions(+), 33 deletions(-)
diff --git a/program/include/rcmail_output_html.php b/program/include/rcmail_output_html.php
index 7cab372..7a0992f 100644
--- a/program/include/rcmail_output_html.php
+++ b/program/include/rcmail_output_html.php
@@ -5,7 +5,7 @@
| program/include/rcmail_output_html.php |
| |
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2006-2012, The Roundcube Dev Team |
+ | Copyright (C) 2006-2013, The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
@@ -45,6 +45,7 @@
protected $footer = '';
protected $body = '';
protected $base_path = '';
+ protected $devel_mode = false;
// deprecated names of templates used before 0.5
protected $deprecated_templates = array(
@@ -64,6 +65,8 @@
{
parent::__construct();
+ $this->devel_mode = $this->config->get('devel_mode');
+
//$this->framed = $framed;
$this->set_env('task', $task);
$this->set_env('x_frame_options', $this->config->get('x_frame_options', 'sameorigin'));
@@ -80,9 +83,9 @@
$this->set_env('skin', $skin);
if (!empty($_REQUEST['_extwin']))
- $this->set_env('extwin', 1);
+ $this->set_env('extwin', 1);
if ($this->framed || !empty($_REQUEST['_framed']))
- $this->set_env('framed', 1);
+ $this->set_env('framed', 1);
// add common javascripts
$this->add_script('var '.self::JS_OBJECT_NAME.' = new rcube_webmail();', 'head_top');
@@ -116,6 +119,7 @@
public function set_env($name, $value, $addtojs = true)
{
$this->env[$name] = $value;
+
if ($addtojs || isset($this->js_env[$name])) {
$this->js_env[$name] = $value;
}
@@ -163,6 +167,8 @@
}
$valid = !$skin;
}
+
+ $skin_path = rtrim($skin_path, '/');
$this->config->set('skin_path', $skin_path);
$this->base_path = $skin_path;
@@ -310,12 +316,14 @@
*/
public function reset($all = false)
{
+ $framed = $this->framed;
$env = $all ? null : array_intersect_key($this->env, array('extwin'=>1, 'framed'=>1));
parent::reset();
// let some env variables survive
$this->env = $this->js_env = $env;
+ $this->framed = $framed || $this->env['framed'];
$this->js_labels = array();
$this->js_commands = array();
$this->script_files = array();
@@ -323,6 +331,11 @@
$this->header = '';
$this->footer = '';
$this->body = '';
+
+ // load defaults
+ if (!$all) {
+ $this->__construct();
+ }
}
/**
@@ -651,13 +664,34 @@
}
// add file modification timestamp
- if (preg_match('/\.(js|css)$/', $file)) {
- if ($fs = @filemtime($file)) {
- $file .= '?s=' . $fs;
- }
+ if (preg_match('/\.(js|css)$/', $file, $m)) {
+ $file = $this->file_mod($file);
}
return $matches[1] . '=' . $matches[2] . $file . $matches[4];
+ }
+
+ /**
+ * Modify file by adding mtime indicator
+ */
+ protected function file_mod($file)
+ {
+ $fs = false;
+ $ext = substr($file, strrpos($file, '.') + 1);
+
+ // use minified file if exists (not in development mode)
+ if (!$this->devel_mode && !preg_match('/\.min\.' . $ext . '$/', $file)) {
+ $minified_file = substr($file, 0, strlen($ext) * -1) . 'min.' . $ext;
+ if ($fs = @filemtime($minified_file)) {
+ return $minified_file . '?s=' . $fs;
+ }
+ }
+
+ if ($fs = @filemtime($file)) {
+ $file .= '?s=' . $fs;
+ }
+
+ return $file;
}
/**
@@ -838,16 +872,16 @@
$attrib['name'] = $this->eval_expression($attrib['expression']);
if ($attrib['name'] || $attrib['command']) {
- // @FIXME: 'noshow' is useless, remove?
- if ($attrib['noshow']) {
- return '';
- }
-
$vars = $attrib + array('product' => $this->config->get('product_name'));
unset($vars['name'], $vars['command']);
$label = $this->app->gettext($attrib + array('vars' => $vars));
$quoting = !empty($attrib['quoting']) ? strtolower($attrib['quoting']) : (rcube_utils::get_boolean((string)$attrib['html']) ? 'no' : '');
+
+ // 'noshow' can be used in skins to define new labels
+ if ($attrib['noshow']) {
+ return '';
+ }
switch ($quoting) {
case 'no':
@@ -964,7 +998,7 @@
$content = html::quote($this->get_pagetitle());
}
else if ($object == 'pagetitle') {
- if ($this->config->get('devel_mode') && !empty($_SESSION['username']))
+ if ($this->devel_mode && !empty($_SESSION['username']))
$title = $_SESSION['username'].' :: ';
else if ($prod_name = $this->config->get('product_name'))
$title = $prod_name . ' :: ';
@@ -1165,7 +1199,7 @@
}
else if ($attrib['type'] == 'link') {
$btn_content = isset($attrib['content']) ? $attrib['content'] : ($attrib['label'] ? $attrib['label'] : $attrib['command']);
- $link_attrib = array('href', 'onclick', 'title', 'id', 'class', 'style', 'tabindex', 'target');
+ $link_attrib = array_merge(html::$common_attrib, array('href', 'onclick', 'tabindex', 'target'));
if ($attrib['innerclass'])
$btn_content = html::span($attrib['innerclass'], $btn_content);
}
@@ -1184,7 +1218,7 @@
// generate html code for button
if ($btn_content) {
- $attrib_str = html::attrib_string($attrib, $link_attrib);
+ $attrib_str = html::attrib_string($attrib, array_merge($link_attrib, array('data-*')));
$out = sprintf('<a%s>%s</a>', $attrib_str, $btn_content);
}
@@ -1203,26 +1237,17 @@
*/
public function include_script($file, $position='head')
{
- static $sa_files = array();
-
if (!preg_match('|^https?://|i', $file) && $file[0] != '/') {
- $file = $this->scripts_path . $file;
- if ($fs = @filemtime($file)) {
- $file .= '?s=' . $fs;
- }
+ $file = $this->file_mod($this->scripts_path . $file);
}
-
- if (in_array($file, $sa_files)) {
- return;
- }
-
- $sa_files[] = $file;
if (!is_array($this->script_files[$position])) {
$this->script_files[$position] = array();
}
- $this->script_files[$position][] = $file;
+ if (!in_array($file, $this->script_files[$position])) {
+ $this->script_files[$position][] = $file;
+ }
}
/**
@@ -1280,7 +1305,12 @@
*/
public function _write($templ = '', $base_path = '')
{
- $output = empty($templ) ? $this->default_template : trim($templ);
+ $output = trim($templ);
+
+ if (empty($output)) {
+ $output = $this->default_template;
+ $is_empty = true;
+ }
// set default page title
if (empty($this->pagetitle)) {
@@ -1371,8 +1401,8 @@
}
// add css files in head, before scripts, for speed up with parallel downloads
- if (!empty($this->css_files) &&
- (($pos = stripos($output, '<script ')) || ($pos = stripos($output, '</head>')))
+ if (!empty($this->css_files) && !$is_empty
+ && (($pos = stripos($output, '<script ')) || ($pos = stripos($output, '</head>')))
) {
$css = '';
foreach ($this->css_files as $file) {
@@ -1601,6 +1631,12 @@
$out .= $input_host->show();
}
+ if (rcube_utils::get_boolean($attrib['submit'])) {
+ $submit = new html_inputfield(array('type' => 'submit', 'id' => 'rcmloginsubmit',
+ 'class' => 'button mainaction', 'value' => $this->app->gettext('login')));
+ $out .= html::p('formbuttons', $submit->show());
+ }
+
// surround html output with a form tag
if (empty($attrib['form'])) {
$out = $this->form_tag(array('name' => $form_name, 'method' => 'post'), $out);
@@ -1663,9 +1699,9 @@
// add form tag around text field
if (empty($attrib['form'])) {
$out = $this->form_tag(array(
- 'name' => "rcmqsearchform",
+ 'name' => "rcmqsearchform",
'onsubmit' => self::JS_OBJECT_NAME . ".command('search'); return false",
- 'style' => "display:inline"),
+ 'style' => "display:inline"),
$out);
}
--
Gitblit v1.9.1