From 8e5ed7be9e754dfca0278653002ec75f9199d8a9 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 18 Jun 2010 07:50:19 -0400
Subject: [PATCH] Strip comments in css string + don't set font color to tags

---
 program/include/main.inc |  112 +++++++++++++++++++++++++++++++++++++++++++++++++++++---
 1 files changed, 106 insertions(+), 6 deletions(-)

diff --git a/program/include/main.inc b/program/include/main.inc
index 004212f..7c506d9 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -732,8 +732,9 @@
   $table = new html_table(/*array('cols' => count($a_show_cols))*/);
     
   // add table header
-  foreach ($a_show_cols as $col)
-    $table->add_header($col, Q(rcube_label($col)));
+  if (!$attrib['noheader'])
+    foreach ($a_show_cols as $col)
+      $table->add_header($col, Q(rcube_label($col)));
   
   $c = 0;
   if (!is_array($table_data)) 
@@ -829,6 +830,9 @@
   if (preg_match('/expression|behavior|url\(|import/', $stripped))
     return '/* evil! */';
 
+  // remove css comments (sometimes used for some ugly hacks)
+  $source = preg_replace('!/\*(.+)\*/!Ums', '', $source);
+
   // cut out all contents between { and }
   while (($pos = strpos($source, '{', $last_pos)) && ($pos2 = strpos($source, '}', $pos)))
   {
@@ -836,13 +840,13 @@
     $source = substr($source, 0, $pos+1) . $replacements->get_replacement($key) . substr($source, $pos2, strlen($source)-$pos2);
     $last_pos = $pos+2;
   }
-  
+
   // remove html comments and add #container to each tag selector.
   // also replace body definition because we also stripped off the <body> tag
   $styles = preg_replace(
     array(
       '/(^\s*<!--)|(-->\s*$)/',
-      '/(^\s*|,\s*|\}\s*)([a-z0-9\._#][a-z0-9\.\-_]*)/im',
+      '/(^\s*|,\s*|\}\s*)([a-z0-9\._#\*][a-z0-9\.\-_]*)/im',
       "/$container_id\s+body/i",
     ),
     array(
@@ -1532,12 +1536,28 @@
   return false;
 }
 
+
 // for backward compatibility
 function rcube_sess_unset($var_name=null)
 {
   global $RCMAIL;
 
   $RCMAIL->session->remove($var_name);
+}
+
+
+// Replaces hostname variables
+function rcube_parse_host($name)
+{
+  // %n - host
+  $n = preg_replace('/:\d+$/', '', $_SERVER['SERVER_NAME']);
+  // %d - domain name without first part, e.g. %d=mail.domain.tld, %m=domain.tld
+  $d = preg_replace('/^[^\.]+\./', '', $n);
+  // %h - IMAP host
+  $h = $_SESSION['imap_host'];
+
+  $name = str_replace(array('%n', '%d', '%h'), array($n, $d, $h), $name);
+  return $name;
 }
 
 
@@ -1618,16 +1638,96 @@
 class rcube_base_replacer
 {
   private $base_url;
-  
+
   public function __construct($base)
   {
     $this->base_url = $base;
   }
-  
+
   public function callback($matches)
   {
     return $matches[1] . '="' . make_absolute_url($matches[3], $this->base_url) . '"';
   }
 }
 
+
+/**
+ * Throw system error and show error page
+ *
+ * @param array Named parameters
+ *  - code: Error code (required)
+ *  - type: Error type [php|db|imap|javascript] (required)
+ *  - message: Error message
+ *  - file: File where error occured
+ *  - line: Line where error occured
+ * @param boolean True to log the error
+ * @param boolean Terminate script execution
+ */
+// may be defined in Installer
+if (!function_exists('raise_error')) {
+function raise_error($arg=array(), $log=false, $terminate=false)
+{
+    global $__page_content, $CONFIG, $OUTPUT, $ERROR_CODE, $ERROR_MESSAGE;
+
+    // report bug (if not incompatible browser)
+    if ($log && $arg['type'] && $arg['message'])
+        log_bug($arg);
+
+    // display error page and terminate script
+    if ($terminate) {
+        $ERROR_CODE = $arg['code'];
+        $ERROR_MESSAGE = $arg['message'];
+        include('program/steps/utils/error.inc');
+        exit;
+    }
+}
+}
+
+
+/**
+ * Report error according to configured debug_level
+ *
+ * @param array Named parameters
+ * @see raise_error()
+ */
+function log_bug($arg_arr)
+{
+    global $CONFIG;
+    $program = strtoupper($arg_arr['type']);
+
+    // write error to local log file
+    if ($CONFIG['debug_level'] & 1) {
+        $post_query = ($_SERVER['REQUEST_METHOD'] == 'POST' ? '?_task='.urlencode($_POST['_task']).'&_action='.urlencode($_POST['_action']) : '');
+        $log_entry = sprintf("%s Error: %s%s (%s %s)",
+            $program,
+            $arg_arr['message'],
+            $arg_arr['file'] ? sprintf(' in %s on line %d', $arg_arr['file'], $arg_arr['line']) : '',
+            $_SERVER['REQUEST_METHOD'],
+            $_SERVER['REQUEST_URI'] . $post_query);
+
+        if (!write_log('errors', $log_entry)) {
+            // send error to PHPs error handler if write_log didn't succeed
+            trigger_error($arg_arr['message']);
+        }
+    }
+
+    // resport the bug to the global bug reporting system
+    if ($CONFIG['debug_level'] & 2) {
+        // TODO: Send error via HTTP
+    }
+
+    // show error if debug_mode is on
+    if ($CONFIG['debug_level'] & 4) {
+        print "<b>$program Error";
+
+        if (!empty($arg_arr['file']) && !empty($arg_arr['line']))
+            print " in $arg_arr[file] ($arg_arr[line])";
+
+        print ':</b>&nbsp;';
+        print nl2br($arg_arr['message']);
+        print '<br />';
+        flush();
+    }
+}
+
 ?>

--
Gitblit v1.9.1