From 8c2e58b42e89ca0216307553a906c2ca776c44f8 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Mon, 20 Mar 2006 17:11:35 -0500
Subject: [PATCH] Minor improvements and bugfixes (see changelog)

---
 program/include/main.inc |   74 ++++++++++++++++++++++++++++++++++--
 1 files changed, 69 insertions(+), 5 deletions(-)

diff --git a/program/include/main.inc b/program/include/main.inc
index 3a15bfd..d3ee5e9 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -24,6 +24,12 @@
 require_once('lib/utf8.class.php');
 
 
+// define constannts for input reading
+define('RCUBE_INPUT_GET', 0x0101);
+define('RCUBE_INPUT_POST', 0x0102);
+define('RCUBE_INPUT_GPC', 0x0103);
+
+
 // register session and connect to server
 function rcmail_startup($task='mail')
   {
@@ -66,12 +72,14 @@
   // prepare DB connection
   require_once('include/rcube_'.(empty($CONFIG['db_backend']) ? 'db' : $CONFIG['db_backend']).'.inc');
   
-  $DB = new rcube_db($CONFIG['db_dsnw'], $CONFIG['db_dsnr']);
+  $DB = new rcube_db($CONFIG['db_dsnw'], $CONFIG['db_dsnr'], $CONFIG['db_persistent']);
   $DB->sqlite_initials = $INSTALL_PATH.'SQL/sqlite.initial.sql';
+  $DB->db_connect('w');
+    
 
   // we can use the database for storing session data
   // session queries do not work with MDB2
-  if ($CONFIG['db_backend']!='mdb2' && is_object($DB))
+  if ($CONFIG['db_backend']!='mdb2' && !$DB->is_error())
     include_once('include/session.inc');
 
 
@@ -376,6 +384,8 @@
     $imap_ssl = (isset($a_host['scheme']) && in_array($a_host['scheme'], array('ssl','imaps','tls'))) ? TRUE : FALSE;
     $imap_port = isset($a_host['port']) ? $a_host['port'] : ($imap_ssl ? 993 : $CONFIG['default_port']);
     }
+  else
+    $imap_port = $CONFIG['default_port'];
 
   // query if user already registered
   $sql_result = $DB->query("SELECT user_id, username, language, preferences
@@ -897,6 +907,49 @@
   }
 
 
+/**
+ * Read input value and convert it for internal use
+ * Performs stripslashes() and charset conversion if necessary
+ * 
+ * @param  string   Field name to read
+ * @param  int      Source to get value from (GPC)
+ * @param  boolean  Allow HTML tags in field value
+ * @param  string   Charset to convert into
+ * @return string   Field value or NULL if not available
+ */
+function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL)
+  {
+  global $OUTPUT;
+  $value = NULL;
+  
+  if ($source==RCUBE_INPUT_GET && isset($_GET[$fname]))
+    $value = $_GET[$fname];
+  else if ($source==RCUBE_INPUT_POST && isset($_POST[$fname]))
+    $value = $_POST[$fname];
+  else if ($source==RCUBE_INPUT_GPC)
+    {
+    if (isset($_GET[$fname]))
+      $value = $_GET[$fname];
+    else if (isset($_POST[$fname]))
+      $value = $_POST[$fname];
+    else if (isset($_COOKIE[$fname]))
+      $value = $_COOKIE[$fname];
+    }
+  
+  // strip slashes if magic_quotes enabled
+  if ((bool)get_magic_quotes_gpc())
+    $value = stripslashes($value);
+
+  // remove HTML tags if not allowed    
+  if (!$allow_html)
+    $value = strip_tags($value);
+  
+  // convert to internal charset
+  return rcube_charset_convert($value, $OUTPUT->get_charset(), $charset);
+  }
+
+
+
 
 // ************** template parsing and gui functions **************
 
@@ -1070,7 +1123,12 @@
       // execute object handler function
       if ($object_handlers[$object] && function_exists($object_handlers[$object]))
         return call_user_func($object_handlers[$object], $attrib);
-
+        
+      else if ($object=='productname')
+        {
+        $name = !empty($CONFIG['product_name']) ? $CONFIG['product_name'] : 'RoundCube Webmail';
+        return rep_specialchars_output($name, 'html', 'all');
+        }
       else if ($object=='pagetitle')
         {
         $task = $GLOBALS['_task'];
@@ -1098,7 +1156,7 @@
 // create and register a button
 function rcube_button($attrib)
   {
-  global $CONFIG, $OUTPUT, $JS_OBJECT_NAME, $BROWSER;
+  global $CONFIG, $OUTPUT, $JS_OBJECT_NAME, $BROWSER, $COMM_PATH, $MAIN_TASKS;
   static $sa_buttons = array();
   static $s_button_count = 100;
   
@@ -1170,6 +1228,7 @@
 
   // register button in the system
   if ($attrib['command'])
+    {
     $OUTPUT->add_script(sprintf("%s.register_button('%s', '%s', '%s', '%s', '%s', '%s');",
                                 $JS_OBJECT_NAME,
                                 $command,
@@ -1178,6 +1237,11 @@
                                 $attrib['imageact'] ? $skin_path.$attrib['imageact'] : $attrib['classact'],
                                 $attirb['imagesel'] ? $skin_path.$attirb['imagesel'] : $attrib['classsel'],
                                 $attrib['imageover'] ? $skin_path.$attrib['imageover'] : ''));
+
+    // make valid href to task buttons
+    if (in_array($attrib['command'], $MAIN_TASKS))
+      $attrib['href'] = ereg_replace('_task=[a-z]+', '_task='.$attrib['command'], $COMM_PATH);
+    }
 
   // overwrite attributes
   if (!$attrib['href'])
@@ -1482,7 +1546,7 @@
   $input_action = new hiddenfield(array('name' => '_action', 'value' => 'login'));
     
   $fields = array();
-  $fields['user'] = $input_user->show($_POST['_user']);
+  $fields['user'] = $input_user->show(get_input_value('_user', RCUBE_INPUT_POST));
   $fields['pass'] = $input_pass->show();
   $fields['action'] = $input_action->show();
   

--
Gitblit v1.9.1