From 8e5ed7be9e754dfca0278653002ec75f9199d8a9 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 18 Jun 2010 07:50:19 -0400
Subject: [PATCH] Strip comments in css string + don't set font color to tags
---
program/include/main.inc | 195 ++++++++++++++++++++++++++++++++++++++++++------
1 files changed, 169 insertions(+), 26 deletions(-)
diff --git a/program/include/main.inc b/program/include/main.inc
index d2f28cd..7c506d9 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -325,9 +325,13 @@
* @param string Input charset name
* @return The validated charset name
*/
-function rcube_parse_charset($charset)
+function rcube_parse_charset($input)
{
- $charset = strtoupper($charset);
+ static $charsets = array();
+ $charset = strtoupper($input);
+
+ if (isset($charsets[$input]))
+ return $charsets[$input];
$charset = preg_replace(array(
'/^[^0-9A-Z]+/', // e.g. _ISO-8859-JP$SIO
@@ -367,24 +371,28 @@
$str = preg_replace(array('/[^A-Z0-9]/', '/^X+/'), '', $charset);
if (isset($aliases[$str]))
- return $aliases[$str];
-
- if (preg_match('/U[A-Z][A-Z](7|8|16|32)(BE|LE)*/', $str, $m))
- return 'UTF-' . $m[1] . $m[2];
-
- if (preg_match('/ISO8859([0-9]{0,2})/', $str, $m)) {
+ $result = $aliases[$str];
+ // UTF
+ else if (preg_match('/U[A-Z][A-Z](7|8|16|32)(BE|LE)*/', $str, $m))
+ $result = 'UTF-' . $m[1] . $m[2];
+ // ISO-8859
+ else if (preg_match('/ISO8859([0-9]{0,2})/', $str, $m)) {
$iso = 'ISO-8859-' . ($m[1] ? $m[1] : 1);
- # some clients sends windows-1252 text as latin1,
- # it is safe to use windows-1252 for all latin1
- return $iso == 'ISO-8859-1' ? 'WINDOWS-1252' : $iso;
+ // some clients sends windows-1252 text as latin1,
+ // it is safe to use windows-1252 for all latin1
+ $result = $iso == 'ISO-8859-1' ? 'WINDOWS-1252' : $iso;
}
-
// handle broken charset names e.g. WINDOWS-1250HTTP-EQUIVCONTENT-TYPE
- if (preg_match('/(WIN|WINDOWS)([0-9]+)/', $str, $m)) {
- return 'WINDOWS-' . $m[2];
+ else if (preg_match('/(WIN|WINDOWS)([0-9]+)/', $str, $m)) {
+ $result = 'WINDOWS-' . $m[2];
+ }
+ else {
+ $result = $charset;
}
- return $charset;
+ $charsets[$input] = $result;
+
+ return $result;
}
@@ -724,8 +732,9 @@
$table = new html_table(/*array('cols' => count($a_show_cols))*/);
// add table header
- foreach ($a_show_cols as $col)
- $table->add_header($col, Q(rcube_label($col)));
+ if (!$attrib['noheader'])
+ foreach ($a_show_cols as $col)
+ $table->add_header($col, Q(rcube_label($col)));
$c = 0;
if (!is_array($table_data))
@@ -821,6 +830,9 @@
if (preg_match('/expression|behavior|url\(|import/', $stripped))
return '/* evil! */';
+ // remove css comments (sometimes used for some ugly hacks)
+ $source = preg_replace('!/\*(.+)\*/!Ums', '', $source);
+
// cut out all contents between { and }
while (($pos = strpos($source, '{', $last_pos)) && ($pos2 = strpos($source, '}', $pos)))
{
@@ -828,13 +840,13 @@
$source = substr($source, 0, $pos+1) . $replacements->get_replacement($key) . substr($source, $pos2, strlen($source)-$pos2);
$last_pos = $pos+2;
}
-
+
// remove html comments and add #container to each tag selector.
// also replace body definition because we also stripped off the <body> tag
$styles = preg_replace(
array(
'/(^\s*<!--)|(-->\s*$)/',
- '/(^\s*|,\s*|\}\s*)([a-z0-9\._#][a-z0-9\.\-_]*)/im',
+ '/(^\s*|,\s*|\}\s*)([a-z0-9\._#\*][a-z0-9\.\-_]*)/im',
"/$container_id\s+body/i",
),
array(
@@ -1133,6 +1145,34 @@
/**
+ * Write login data (name, ID, IP address) to the 'userlogins' log file.
+ */
+function rcmail_log_login()
+{
+ global $RCMAIL;
+
+ if (!$RCMAIL->config->get('log_logins') || !$RCMAIL->user)
+ return;
+
+ $address = $_SERVER['REMOTE_ADDR'];
+ // append the NGINX X-Real-IP header, if set
+ if (!empty($_SERVER['HTTP_X_REAL_IP'])) {
+ $remote_ip[] = 'X-Real-IP: ' . $_SERVER['HTTP_X_REAL_IP'];
+ }
+ // append the X-Forwarded-For header, if set
+ if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+ $remote_ip[] = 'X-Forwarded-For: ' . $_SERVER['HTTP_X_FORWARDED_FOR'];
+ }
+
+ if (!empty($remote_ip))
+ $address .= '(' . implode(',', $remote_ip) . ')';
+
+ write_log('userlogins', sprintf('Successful login for %s (ID: %d) from %s',
+ $RCMAIL->user->get_username(), $RCMAIL->user->ID, $address));
+}
+
+
+/**
* @access private
*/
function rcube_timer()
@@ -1423,15 +1463,15 @@
{
global $CONFIG;
+ if ($folder_id == 'INBOX')
+ return 'inbox';
+
// for these mailboxes we have localized labels and css classes
foreach (array('sent', 'drafts', 'trash', 'junk') as $smbx)
{
if ($folder_id == $CONFIG[$smbx.'_mbox'])
return $smbx;
}
-
- if ($folder_id == 'INBOX')
- return 'inbox';
}
@@ -1496,12 +1536,28 @@
return false;
}
+
// for backward compatibility
function rcube_sess_unset($var_name=null)
{
global $RCMAIL;
$RCMAIL->session->remove($var_name);
+}
+
+
+// Replaces hostname variables
+function rcube_parse_host($name)
+{
+ // %n - host
+ $n = preg_replace('/:\d+$/', '', $_SERVER['SERVER_NAME']);
+ // %d - domain name without first part, e.g. %d=mail.domain.tld, %m=domain.tld
+ $d = preg_replace('/^[^\.]+\./', '', $n);
+ // %h - IMAP host
+ $h = $_SESSION['imap_host'];
+
+ $name = str_replace(array('%n', '%d', '%h'), array($n, $d, $h), $name);
+ return $name;
}
@@ -1552,8 +1608,15 @@
if (!$dns_check || !rcmail::get_instance()->config->get('email_dns_check'))
return true;
- if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN' && version_compare(PHP_VERSION, '5.3.0', '<'))
- return true;
+ if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN' && version_compare(PHP_VERSION, '5.3.0', '<')) {
+ $lookup = array();
+ @exec("nslookup -type=MX " . escapeshellarg($domain_part) . " 2>&1", $lookup);
+ foreach ($lookup as $line) {
+ if (strpos($line, 'MX preference'))
+ return true;
+ }
+ return false;
+ }
// find MX record(s)
if (getmxrr($domain_part, $mx_records))
@@ -1575,16 +1638,96 @@
class rcube_base_replacer
{
private $base_url;
-
+
public function __construct($base)
{
$this->base_url = $base;
}
-
+
public function callback($matches)
{
return $matches[1] . '="' . make_absolute_url($matches[3], $this->base_url) . '"';
}
}
+
+/**
+ * Throw system error and show error page
+ *
+ * @param array Named parameters
+ * - code: Error code (required)
+ * - type: Error type [php|db|imap|javascript] (required)
+ * - message: Error message
+ * - file: File where error occured
+ * - line: Line where error occured
+ * @param boolean True to log the error
+ * @param boolean Terminate script execution
+ */
+// may be defined in Installer
+if (!function_exists('raise_error')) {
+function raise_error($arg=array(), $log=false, $terminate=false)
+{
+ global $__page_content, $CONFIG, $OUTPUT, $ERROR_CODE, $ERROR_MESSAGE;
+
+ // report bug (if not incompatible browser)
+ if ($log && $arg['type'] && $arg['message'])
+ log_bug($arg);
+
+ // display error page and terminate script
+ if ($terminate) {
+ $ERROR_CODE = $arg['code'];
+ $ERROR_MESSAGE = $arg['message'];
+ include('program/steps/utils/error.inc');
+ exit;
+ }
+}
+}
+
+
+/**
+ * Report error according to configured debug_level
+ *
+ * @param array Named parameters
+ * @see raise_error()
+ */
+function log_bug($arg_arr)
+{
+ global $CONFIG;
+ $program = strtoupper($arg_arr['type']);
+
+ // write error to local log file
+ if ($CONFIG['debug_level'] & 1) {
+ $post_query = ($_SERVER['REQUEST_METHOD'] == 'POST' ? '?_task='.urlencode($_POST['_task']).'&_action='.urlencode($_POST['_action']) : '');
+ $log_entry = sprintf("%s Error: %s%s (%s %s)",
+ $program,
+ $arg_arr['message'],
+ $arg_arr['file'] ? sprintf(' in %s on line %d', $arg_arr['file'], $arg_arr['line']) : '',
+ $_SERVER['REQUEST_METHOD'],
+ $_SERVER['REQUEST_URI'] . $post_query);
+
+ if (!write_log('errors', $log_entry)) {
+ // send error to PHPs error handler if write_log didn't succeed
+ trigger_error($arg_arr['message']);
+ }
+ }
+
+ // resport the bug to the global bug reporting system
+ if ($CONFIG['debug_level'] & 2) {
+ // TODO: Send error via HTTP
+ }
+
+ // show error if debug_mode is on
+ if ($CONFIG['debug_level'] & 4) {
+ print "<b>$program Error";
+
+ if (!empty($arg_arr['file']) && !empty($arg_arr['line']))
+ print " in $arg_arr[file] ($arg_arr[line])";
+
+ print ':</b> ';
+ print nl2br($arg_arr['message']);
+ print '<br />';
+ flush();
+ }
+}
+
?>
--
Gitblit v1.9.1