From ed1d212ae2daea5e4bd043417610177093e99f19 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Sat, 16 Jan 2016 03:03:51 -0500
Subject: [PATCH] Improved SVG cleanup code
---
program/lib/Roundcube/rcube_output.php | 175 +++++++++++++++++++++++++++------------------------------
1 files changed, 83 insertions(+), 92 deletions(-)
diff --git a/program/lib/Roundcube/rcube_output.php b/program/lib/Roundcube/rcube_output.php
index f7ac300..5df6721 100644
--- a/program/lib/Roundcube/rcube_output.php
+++ b/program/lib/Roundcube/rcube_output.php
@@ -1,18 +1,16 @@
<?php
-/*
+/**
+-----------------------------------------------------------------------+
- | program/include/rcube_output.php |
- | |
| This file is part of the Roundcube PHP suite |
- | Copyright (C) 2005-2012 The Roundcube Dev Team |
+ | Copyright (C) 2005-2014 The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
| See the README file for a full license statement. |
+ | |
| CONTENTS: |
| Abstract class for output generation |
- | |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
| Author: Aleksander Machniak <alec@alec.pl> |
@@ -28,51 +26,38 @@
abstract class rcube_output
{
public $browser;
- public $type = 'html';
- public $ajax_call = false;
- public $framed = false;
protected $app;
protected $config;
- protected $charset = RCMAIL_CHARSET;
+ protected $charset = RCUBE_CHARSET;
protected $env = array();
- protected $pagetitle = '';
- protected $object_handlers = array();
+ protected $skins = array();
/**
* Object constructor
*/
- public function __construct($task = null, $framed = false)
+ public function __construct()
{
$this->app = rcube::get_instance();
$this->config = $this->app->config;
$this->browser = new rcube_browser();
}
-
/**
* Magic getter
*/
public function __get($var)
{
- // allow read-only access to $env
- if ($var == 'env')
- return $this->env;
+ // allow read-only access to some members
+ switch ($var) {
+ case 'env': return $this->env;
+ case 'skins': return $this->skins;
+ case 'charset': return $this->charset;
+ }
return null;
}
-
- /**
- * Setter for page title
- *
- * @param string $title Page title
- */
- public function set_pagetitle($title)
- {
- $this->pagetitle = $title;
- }
-
/**
* Setter for output charset.
@@ -85,7 +70,6 @@
$this->charset = $charset;
}
-
/**
* Getter for output charset
*
@@ -95,16 +79,6 @@
{
return $this->charset;
}
-
-
- /**
- * Getter for the current skin path property
- */
- public function get_skin_path()
- {
- return $this->config->get('skin_path');
- }
-
/**
* Set environment variable
@@ -116,7 +90,6 @@
{
$this->env[$name] = $value;
}
-
/**
* Environment variable getter.
@@ -130,32 +103,13 @@
return $this->env[$name];
}
-
/**
* Delete all stored env variables and commands
*/
public function reset()
{
$this->env = array();
- $this->object_handlers = array();
- $this->pagetitle = '';
}
-
-
- /**
- * Call a client method
- *
- * @param string Method to call
- * @param ... Additional arguments
- */
- abstract function command();
-
-
- /**
- * Add a localized label to the client environment
- */
- abstract function add_label();
-
/**
* Invoke display_message command
@@ -168,7 +122,6 @@
*/
abstract function show_message($message, $type = 'notice', $vars = null, $override = true, $timeout = 0);
-
/**
* Redirect to a certain url.
*
@@ -177,37 +130,10 @@
*/
abstract function redirect($p = array(), $delay = 1);
-
/**
* Send output to the client.
*/
abstract function send();
-
-
- /**
- * Register a template object handler
- *
- * @param string Object name
- * @param string Function name to call
- * @return void
- */
- public function add_handler($obj, $func)
- {
- $this->object_handlers[$obj] = $func;
- }
-
-
- /**
- * Register a list of template object handlers
- *
- * @param array Hash array with object=>handler pairs
- * @return void
- */
- public function add_handlers($arr)
- {
- $this->object_handlers = array_merge($this->object_handlers, $arr);
- }
-
/**
* Send HTTP headers to prevent caching a page
@@ -221,16 +147,13 @@
header("Expires: ".gmdate("D, d M Y H:i:s")." GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
- // Request browser to disable DNS prefetching (CVE-2010-0464)
- header("X-DNS-Prefetch-Control: off");
-
// We need to set the following headers to make downloads work using IE in HTTPS mode.
if ($this->browser->ie && rcube_utils::https_check()) {
header('Pragma: private');
header("Cache-Control: private, must-revalidate");
}
else {
- header("Cache-Control: private, no-cache, must-revalidate, post-check=0, pre-check=0");
+ header("Cache-Control: private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0");
header("Pragma: no-cache");
}
}
@@ -242,14 +165,32 @@
*/
public function future_expire_header($offset = 2600000)
{
- if (headers_sent())
+ if (headers_sent()) {
return;
+ }
header("Expires: " . gmdate("D, d M Y H:i:s", time()+$offset) . " GMT");
header("Cache-Control: max-age=$offset");
header("Pragma: ");
}
+ /**
+ * Send browser compatibility/security/etc. headers
+ */
+ public function common_headers()
+ {
+ if (headers_sent()) {
+ return;
+ }
+
+ // Unlock IE compatibility mode
+ if ($this->browser->ie) {
+ header('X-UA-Compatible: IE=edge');
+ }
+
+ // Request browser to disable DNS prefetching (CVE-2010-0464)
+ header("X-DNS-Prefetch-Control: off");
+ }
/**
* Show error page and terminate script execution
@@ -264,6 +205,57 @@
exit(-1);
}
+ /**
+ * Create an edit field for inclusion on a form
+ *
+ * @param string col field name
+ * @param string value field value
+ * @param array attrib HTML element attributes for field
+ * @param string type HTML element type (default 'text')
+ *
+ * @return string HTML field definition
+ */
+ public static function get_edit_field($col, $value, $attrib, $type = 'text')
+ {
+ static $colcounts = array();
+
+ $fname = '_'.$col;
+ $attrib['name'] = $fname . ($attrib['array'] ? '[]' : '');
+ $attrib['class'] = trim($attrib['class'] . ' ff_' . $col);
+
+ if ($type == 'checkbox') {
+ $attrib['value'] = '1';
+ $input = new html_checkbox($attrib);
+ }
+ else if ($type == 'textarea') {
+ $attrib['cols'] = $attrib['size'];
+ $input = new html_textarea($attrib);
+ }
+ else if ($type == 'select') {
+ $input = new html_select($attrib);
+ $input->add('---', '');
+ $input->add(array_values($attrib['options']), array_keys($attrib['options']));
+ }
+ else if ($attrib['type'] == 'password') {
+ $input = new html_passwordfield($attrib);
+ }
+ else {
+ if ($attrib['type'] != 'text' && $attrib['type'] != 'hidden') {
+ $attrib['type'] = 'text';
+ }
+ $input = new html_inputfield($attrib);
+ }
+
+ // use value from post
+ if (isset($_POST[$fname])) {
+ $postvalue = rcube_utils::get_input_value($fname, rcube_utils::INPUT_POST, true);
+ $value = $attrib['array'] ? $postvalue[intval($colcounts[$col]++)] : $postvalue;
+ }
+
+ $out = $input->show($value);
+
+ return $out;
+ }
/**
* Convert a variable into a javascript object notation
@@ -280,5 +272,4 @@
// that's why we have @ here
return @json_encode($input);
}
-
}
--
Gitblit v1.9.1