From ed1d212ae2daea5e4bd043417610177093e99f19 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 16 Jan 2016 03:03:51 -0500
Subject: [PATCH] Improved SVG cleanup code
---
program/lib/Roundcube/rcube_output.php | 50 ++++++++++++++++++++++++++++----------------------
1 files changed, 28 insertions(+), 22 deletions(-)
diff --git a/program/lib/Roundcube/rcube_output.php b/program/lib/Roundcube/rcube_output.php
index 7ccf9a0..5df6721 100644
--- a/program/lib/Roundcube/rcube_output.php
+++ b/program/lib/Roundcube/rcube_output.php
@@ -1,9 +1,9 @@
<?php
-/*
+/**
+-----------------------------------------------------------------------+
| This file is part of the Roundcube PHP suite |
- | Copyright (C) 2005-2012 The Roundcube Dev Team |
+ | Copyright (C) 2005-2014 The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
@@ -31,6 +31,7 @@
protected $config;
protected $charset = RCUBE_CHARSET;
protected $env = array();
+ protected $skins = array();
/**
@@ -43,19 +44,20 @@
$this->browser = new rcube_browser();
}
-
/**
* Magic getter
*/
public function __get($var)
{
- // allow read-only access to $env
- if ($var == 'env')
- return $this->env;
+ // allow read-only access to some members
+ switch ($var) {
+ case 'env': return $this->env;
+ case 'skins': return $this->skins;
+ case 'charset': return $this->charset;
+ }
return null;
}
-
/**
* Setter for output charset.
@@ -68,7 +70,6 @@
$this->charset = $charset;
}
-
/**
* Getter for output charset
*
@@ -78,7 +79,6 @@
{
return $this->charset;
}
-
/**
* Set environment variable
@@ -90,7 +90,6 @@
{
$this->env[$name] = $value;
}
-
/**
* Environment variable getter.
@@ -104,7 +103,6 @@
return $this->env[$name];
}
-
/**
* Delete all stored env variables and commands
*/
@@ -112,7 +110,6 @@
{
$this->env = array();
}
-
/**
* Invoke display_message command
@@ -125,7 +122,6 @@
*/
abstract function show_message($message, $type = 'notice', $vars = null, $override = true, $timeout = 0);
-
/**
* Redirect to a certain url.
*
@@ -134,12 +130,10 @@
*/
abstract function redirect($p = array(), $delay = 1);
-
/**
* Send output to the client.
*/
abstract function send();
-
/**
* Send HTTP headers to prevent caching a page
@@ -152,9 +146,6 @@
header("Expires: ".gmdate("D, d M Y H:i:s")." GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
-
- // Request browser to disable DNS prefetching (CVE-2010-0464)
- header("X-DNS-Prefetch-Control: off");
// We need to set the following headers to make downloads work using IE in HTTPS mode.
if ($this->browser->ie && rcube_utils::https_check()) {
@@ -174,14 +165,32 @@
*/
public function future_expire_header($offset = 2600000)
{
- if (headers_sent())
+ if (headers_sent()) {
return;
+ }
header("Expires: " . gmdate("D, d M Y H:i:s", time()+$offset) . " GMT");
header("Cache-Control: max-age=$offset");
header("Pragma: ");
}
+ /**
+ * Send browser compatibility/security/etc. headers
+ */
+ public function common_headers()
+ {
+ if (headers_sent()) {
+ return;
+ }
+
+ // Unlock IE compatibility mode
+ if ($this->browser->ie) {
+ header('X-UA-Compatible: IE=edge');
+ }
+
+ // Request browser to disable DNS prefetching (CVE-2010-0464)
+ header("X-DNS-Prefetch-Control: off");
+ }
/**
* Show error page and terminate script execution
@@ -195,7 +204,6 @@
fputs(STDERR, "Error $code: $message\n");
exit(-1);
}
-
/**
* Create an edit field for inclusion on a form
@@ -249,7 +257,6 @@
return $out;
}
-
/**
* Convert a variable into a javascript object notation
*
@@ -265,5 +272,4 @@
// that's why we have @ here
return @json_encode($input);
}
-
}
--
Gitblit v1.9.1