From e019f2d0f2dc2fbfa345ab5d7ae85e67bfdd76b8 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Sat, 25 Sep 2010 09:03:53 -0400
Subject: [PATCH] - s/RoundCube/Roundcube/
---
program/include/main.inc | 372 +++++++++++++++++++++++++++++++++++++++++++---------
1 files changed, 303 insertions(+), 69 deletions(-)
diff --git a/program/include/main.inc b/program/include/main.inc
index 944cdf7..efcb60e 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -4,8 +4,8 @@
+-----------------------------------------------------------------------+
| program/include/main.inc |
| |
- | This file is part of the RoundCube Webmail client |
- | Copyright (C) 2005-2009, RoundCube Dev, - Switzerland |
+ | This file is part of the Roundcube Webmail client |
+ | Copyright (C) 2005-2009, Roundcube Dev, - Switzerland |
| Licensed under the GNU GPL |
| |
| PURPOSE: |
@@ -20,7 +20,7 @@
*/
/**
- * RoundCube Webmail common functions
+ * Roundcube Webmail common functions
*
* @package Core
* @author Thomas Bruederli <roundcube@gmail.com>
@@ -30,7 +30,6 @@
require_once('include/rcube_shared.inc');
// fallback if not PHP modules are available
-@include_once('lib/des.inc');
@include_once('lib/utf8.class.php');
// define constannts for input reading
@@ -200,22 +199,23 @@
$error = false;
- $to = empty($to) ? $to = strtoupper(RCMAIL_CHARSET) : rcube_parse_charset($to);
+ $to = empty($to) ? strtoupper(RCMAIL_CHARSET) : rcube_parse_charset($to);
$from = rcube_parse_charset($from);
if ($from == $to || empty($str) || empty($from))
return $str;
- // convert charset using iconv module
- if (function_exists('iconv') && $from != 'UTF-7' && $to != 'UTF-7') {
+ // convert charset using iconv module
+ if (function_exists('iconv') && $from != 'UTF7-IMAP' && $to != 'UTF7-IMAP') {
if ($iconv_options === null) {
- // transliterate characters not available in output charset
- $iconv_options = '//TRANSLIT';
+ // ignore characters not available in output charset
+ $iconv_options = '//IGNORE';
if (iconv('', $iconv_options, '') === false) {
// iconv implementation does not support options
$iconv_options = '';
}
}
+
// throw an exception if iconv reports an illegal character in input
// it means that input string has been truncated
set_error_handler('rcube_error_handler', E_NOTICE);
@@ -325,14 +325,19 @@
* @param string Input charset name
* @return The validated charset name
*/
-function rcube_parse_charset($charset)
+function rcube_parse_charset($input)
{
- $charset = strtoupper($charset);
+ static $charsets = array();
+ $charset = strtoupper($input);
+
+ if (isset($charsets[$input]))
+ return $charsets[$input];
$charset = preg_replace(array(
- '/^[^0-9A-Z]+/', // e.g. _ISO-8859-JP$SIO
- '/\$.*$/', // e.g. _ISO-8859-JP$SIO
- '/UNICODE-1-1-/', // RFC1642
+ '/^[^0-9A-Z]+/', // e.g. _ISO-8859-JP$SIO
+ '/\$.*$/', // e.g. _ISO-8859-JP$SIO
+ '/UNICODE-1-1-*/', // RFC1641/1642
+ '/^X-/', // X- prefix (e.g. X-ROMAN8 => ROMAN8)
), '', $charset);
# Aliases: some of them from HTML5 spec.
@@ -352,25 +357,69 @@
'ISO88599' => 'WINDOWS-1254',
'ISO885911' => 'WINDOWS-874',
'MACROMAN' => 'MACINTOSH',
+ '77' => 'MAC',
+ '128' => 'SHIFT-JIS',
+ '129' => 'CP949',
+ '130' => 'CP1361',
+ '134' => 'GBK',
+ '136' => 'BIG5',
+ '161' => 'WINDOWS-1253',
+ '162' => 'WINDOWS-1254',
+ '163' => 'WINDOWS-1258',
+ '177' => 'WINDOWS-1255',
+ '178' => 'WINDOWS-1256',
+ '186' => 'WINDOWS-1257',
+ '204' => 'WINDOWS-1251',
+ '222' => 'WINDOWS-874',
+ '238' => 'WINDOWS-1250',
);
- // allow a-z and 0-9 only and remove X- prefix (e.g. X-ROMAN8 => ROMAN8)
- $str = preg_replace(array('/[^a-z0-9]/i', '/^x+/i'), '', $charset);
+ // allow A-Z and 0-9 only
+ $str = preg_replace('/[^A-Z0-9]/', '', $charset);
if (isset($aliases[$str]))
- return $aliases[$str];
-
- if (preg_match('/UTF(7|8|16|32)(BE|LE)*/', $str, $m))
- return 'UTF-' . $m[1] . $m[2];
-
- if (preg_match('/ISO8859([0-9]{0,2})/', $str, $m)) {
+ $result = $aliases[$str];
+ // UTF
+ else if (preg_match('/U[A-Z][A-Z](7|8|16|32)(BE|LE)*/', $str, $m))
+ $result = 'UTF-' . $m[1] . $m[2];
+ // ISO-8859
+ else if (preg_match('/ISO8859([0-9]{0,2})/', $str, $m)) {
$iso = 'ISO-8859-' . ($m[1] ? $m[1] : 1);
- # some clients sends windows-1252 text as latin1,
- # it is safe to use windows-1252 for all latin1
- return $iso == 'ISO-8859-1' ? 'WINDOWS-1252' : $iso;
+ // some clients sends windows-1252 text as latin1,
+ // it is safe to use windows-1252 for all latin1
+ $result = $iso == 'ISO-8859-1' ? 'WINDOWS-1252' : $iso;
+ }
+ // handle broken charset names e.g. WINDOWS-1250HTTP-EQUIVCONTENT-TYPE
+ else if (preg_match('/(WIN|WINDOWS)([0-9]+)/', $str, $m)) {
+ $result = 'WINDOWS-' . $m[2];
+ }
+ // LATIN
+ else if (preg_match('/LATIN(.*)/', $str, $m)) {
+ $aliases = array('2' => 2, '3' => 3, '4' => 4, '5' => 9, '6' => 10,
+ '7' => 13, '8' => 14, '9' => 15, '10' => 16,
+ 'ARABIC' => 6, 'CYRILLIC' => 5, 'GREEK' => 7, 'GREEK1' => 7, 'HEBREW' => 8);
+
+ // some clients sends windows-1252 text as latin1,
+ // it is safe to use windows-1252 for all latin1
+ if ($m[1] == 1) {
+ $result = 'WINDOWS-1252';
+ }
+ // if iconv is not supported we need ISO labels, it's also safe for iconv
+ else if (!empty($aliases[$m[1]])) {
+ $result = 'ISO-8859-'.$aliases[$m[1]];
+ }
+ // iconv requires convertion of e.g. LATIN-1 to LATIN1
+ else {
+ $result = $str;
+ }
+ }
+ else {
+ $result = $charset;
}
- return $charset;
+ $charsets[$input] = $result;
+
+ return $result;
}
@@ -582,7 +631,6 @@
*/
function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL)
{
- global $OUTPUT;
$value = NULL;
if ($source==RCUBE_INPUT_GET && isset($_GET[$fname]))
@@ -599,8 +647,30 @@
$value = $_COOKIE[$fname];
}
+ return parse_input_value($value, $allow_html, $charset);
+}
+
+/**
+ * Parse/validate input value. See get_input_value()
+ * Performs stripslashes() and charset conversion if necessary
+ *
+ * @param string Input value
+ * @param boolean Allow HTML tags in field value
+ * @param string Charset to convert into
+ * @return string Parsed value
+ */
+function parse_input_value($value, $allow_html=FALSE, $charset=NULL)
+{
+ global $OUTPUT;
+
if (empty($value))
return $value;
+
+ if (is_array($value)) {
+ foreach ($value as $idx => $val)
+ $value[$idx] = parse_input_value($val, $allow_html, $charset);
+ return $value;
+ }
// strip single quotes if magic_quotes_sybase is enabled
if (ini_get('magic_quotes_sybase'))
@@ -614,7 +684,7 @@
$value = strip_tags($value);
// convert to internal charset
- if (is_object($OUTPUT))
+ if (is_object($OUTPUT) && $charset)
return rcube_charset_convert($value, $OUTPUT->get_charset(), $charset);
else
return $value;
@@ -657,7 +727,7 @@
*/
function strip_quotes($str)
{
- return preg_replace('/[\'"]/', '', $str);
+ return str_replace(array("'", '"'), '', $str);
}
@@ -689,8 +759,9 @@
$table = new html_table(/*array('cols' => count($a_show_cols))*/);
// add table header
- foreach ($a_show_cols as $col)
- $table->add_header($col, Q(rcube_label($col)));
+ if (!$attrib['noheader'])
+ foreach ($a_show_cols as $col)
+ $table->add_header($col, Q(rcube_label($col)));
$c = 0;
if (!is_array($table_data))
@@ -713,6 +784,9 @@
foreach ($table_data as $row_data)
{
$zebra_class = $c % 2 ? 'even' : 'odd';
+ if (!empty($row_data['class']))
+ $zebra_class .= ' '.$row_data['class'];
+
$table->add_row(array('id' => 'rcmrow' . $row_data[$id_col], 'class' => $zebra_class));
// format each col
@@ -777,11 +851,14 @@
{
$last_pos = 0;
$replacements = new rcube_string_replacer;
-
+
// ignore the whole block if evil styles are detected
$stripped = preg_replace('/[^a-z\(:]/', '', rcmail_xss_entity_decode($source));
if (preg_match('/expression|behavior|url\(|import/', $stripped))
return '/* evil! */';
+
+ // remove css comments (sometimes used for some ugly hacks)
+ $source = preg_replace('!/\*(.+)\*/!Ums', '', $source);
// cut out all contents between { and }
while (($pos = strpos($source, '{', $last_pos)) && ($pos2 = strpos($source, '}', $pos)))
@@ -790,22 +867,22 @@
$source = substr($source, 0, $pos+1) . $replacements->get_replacement($key) . substr($source, $pos2, strlen($source)-$pos2);
$last_pos = $pos+2;
}
-
+
// remove html comments and add #container to each tag selector.
// also replace body definition because we also stripped off the <body> tag
$styles = preg_replace(
array(
'/(^\s*<!--)|(-->\s*$)/',
- '/(^\s*|,\s*|\}\s*)([a-z0-9\._#][a-z0-9\.\-_]*)/im',
- "/$container_id\s+body/i",
+ '/(^\s*|,\s*|\}\s*)([a-z0-9\._#\*][a-z0-9\.\-_]*)/im',
+ '/'.preg_quote($container_id, '/').'\s+body/i',
),
array(
'',
"\\1#$container_id \\2",
- "$container_id div.rcmBody",
+ $container_id,
),
$source);
-
+
// put block contents back in
$styles = $replacements->resolve($styles);
@@ -1067,14 +1144,14 @@
return true;
}
- $log_entry = sprintf("[%s]: %s\n", $date, $line);
-
if ($CONFIG['log_driver'] == 'syslog') {
$prio = $name == 'errors' ? LOG_ERR : LOG_INFO;
- syslog($prio, $log_entry);
+ syslog($prio, $line);
return true;
}
else {
+ $line = sprintf("[%s]: %s\n", $date, $line);
+
// log_driver == 'file' is assumed here
if (empty($CONFIG['log_dir']))
$CONFIG['log_dir'] = INSTALL_PATH.'logs';
@@ -1082,7 +1159,7 @@
// try to open specific log file for writing
$logfile = $CONFIG['log_dir'].'/'.$name;
if ($fp = @fopen($logfile, 'a')) {
- fwrite($fp, $log_entry);
+ fwrite($fp, $line);
fflush($fp);
fclose($fp);
return true;
@@ -1091,6 +1168,34 @@
trigger_error("Error writing to log file $logfile; Please check permissions", E_USER_WARNING);
}
return false;
+}
+
+
+/**
+ * Write login data (name, ID, IP address) to the 'userlogins' log file.
+ */
+function rcmail_log_login()
+{
+ global $RCMAIL;
+
+ if (!$RCMAIL->config->get('log_logins') || !$RCMAIL->user)
+ return;
+
+ $address = $_SERVER['REMOTE_ADDR'];
+ // append the NGINX X-Real-IP header, if set
+ if (!empty($_SERVER['HTTP_X_REAL_IP'])) {
+ $remote_ip[] = 'X-Real-IP: ' . $_SERVER['HTTP_X_REAL_IP'];
+ }
+ // append the X-Forwarded-For header, if set
+ if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+ $remote_ip[] = 'X-Forwarded-For: ' . $_SERVER['HTTP_X_FORWARDED_FOR'];
+ }
+
+ if (!empty($remote_ip))
+ $address .= '(' . implode(',', $remote_ip) . ')';
+
+ write_log('userlogins', sprintf('Successful login for %s (ID: %d) from %s',
+ $RCMAIL->user->get_username(), $RCMAIL->user->ID, $address));
}
@@ -1385,15 +1490,15 @@
{
global $CONFIG;
+ if ($folder_id == 'INBOX')
+ return 'inbox';
+
// for these mailboxes we have localized labels and css classes
foreach (array('sent', 'drafts', 'trash', 'junk') as $smbx)
{
if ($folder_id == $CONFIG[$smbx.'_mbox'])
return $smbx;
}
-
- if ($folder_id == 'INBOX')
- return 'inbox';
}
@@ -1427,7 +1532,11 @@
if ($hook['abort'])
return;
- $lang = strtolower(substr($_SESSION['language'], 0, 2));
+ $lang = strtolower($_SESSION['language']);
+
+ // TinyMCE uses 'tw' for zh_TW (which is wrong, because tw is a code of Twi language)
+ $lang = ($lang == 'zh_tw') ? 'tw' : substr($lang, 0, 2);
+
if (!file_exists(INSTALL_PATH . 'program/js/tiny_mce/langs/'.$lang.'.js'))
$lang = 'en';
@@ -1447,63 +1556,109 @@
function rcube_https_check($port=null, $use_https=true)
{
global $RCMAIL;
-
+
if (!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) != 'off')
+ return true;
+ if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https')
return true;
if ($port && $_SERVER['SERVER_PORT'] == $port)
return true;
- if ($use_https && $RCMAIL->config->get('use_https'))
+ if ($use_https && isset($RCMAIL) && $RCMAIL->config->get('use_https'))
return true;
return false;
}
+// for backward compatibility
+function rcube_sess_unset($var_name=null)
+{
+ global $RCMAIL;
+
+ $RCMAIL->session->remove($var_name);
+}
+
+
+// Replaces hostname variables
+function rcube_parse_host($name)
+{
+ // %n - host
+ $n = preg_replace('/:\d+$/', '', $_SERVER['SERVER_NAME']);
+ // %d - domain name without first part, e.g. %d=mail.domain.tld, %m=domain.tld
+ $d = preg_replace('/^[^\.]+\./', '', $n);
+ // %h - IMAP host
+ $h = $_SESSION['imap_host'];
+ // %z - IMAP domain without first part, e.g. %h=imap.domain.tld, %z=domain.tld
+ $z = preg_replace('/^[^\.]+\./', '', $h);
+
+ $name = str_replace(array('%n', '%d', '%h', '%z'), array($n, $d, $h, $z), $name);
+ return $name;
+}
+
+
/**
* E-mail address validation
*/
-function check_email($email)
+function check_email($email, $dns_check=true)
{
// Check for invalid characters
if (preg_match('/[\x00-\x1F\x7F-\xFF]/', $email))
return false;
- // Check that there's one @ symbol, and that the lengths are right
- if (!preg_match('/^([^@]{1,64})@([^@]{1,255})$/', $email, $email_array))
+ // Check for length limit specified by RFC 5321 (#1486453)
+ if (strlen($email) > 254)
return false;
- // Check local part
- $local_array = explode('.', $email_array[1]);
- foreach ($local_array as $local_part)
- if (!preg_match('/^(([A-Za-z0-9!#$%&\'*+\/=?^_`{|}~-]+)|("[^"]+"))$/', $local_part))
- return false;
+ $email_array = explode('@', $email);
+
+ // Check that there's one @ symbol
+ if (count($email_array) < 2)
+ return false;
+
+ $domain_part = array_pop($email_array);
+ $local_part = implode('@', $email_array);
+
+ // from PEAR::Validate
+ $regexp = '&^(?:
+ ("\s*(?:[^"\f\n\r\t\v\b\s]+\s*)+")| #1 quoted name
+ ([-\w!\#\$%\&\'*+~/^`|{}=]+(?:\.[-\w!\#\$%\&\'*+~/^`|{}=]+)*)) #2 OR dot-atom (RFC5322)
+ $&xi';
+
+ if (!preg_match($regexp, $local_part))
+ return false;
// Check domain part
- if (preg_match('/^(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}$/', $email_array[2])
- || preg_match('/^\[(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}\]$/', $email_array[2]))
- return true; // If an IP address
+ if (preg_match('/^\[*(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}\]*$/', $domain_part))
+ return true; // IP address
else {
// If not an IP address
- $domain_array = explode('.', $email_array[2]);
+ $domain_array = explode('.', $domain_part);
if (sizeof($domain_array) < 2)
return false; // Not enough parts to be a valid domain
- foreach ($domain_array as $domain_part)
- if (!preg_match('/^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]))$/', $domain_part))
+ foreach ($domain_array as $part)
+ if (!preg_match('/^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]))$/', $part))
return false;
- if (!rcmail::get_instance()->config->get('email_dns_check'))
+ if (!$dns_check || !rcmail::get_instance()->config->get('email_dns_check'))
return true;
- if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN' && version_compare(PHP_VERSION, '5.3.0', '<'))
- return true;
+ if (strtoupper(substr(PHP_OS, 0, 3)) == 'WIN' && version_compare(PHP_VERSION, '5.3.0', '<')) {
+ $lookup = array();
+ @exec("nslookup -type=MX " . escapeshellarg($domain_part) . " 2>&1", $lookup);
+ foreach ($lookup as $line) {
+ if (strpos($line, 'MX preference'))
+ return true;
+ }
+ return false;
+ }
// find MX record(s)
- if (getmxrr($email_array[2], $mx_records))
+ if (getmxrr($domain_part, $mx_records))
return true;
// find any DNS record
- if (checkdnsrr($email_array[2], 'ANY'))
+ if (checkdnsrr($domain_part, 'ANY'))
return true;
}
@@ -1518,16 +1673,95 @@
class rcube_base_replacer
{
private $base_url;
-
+
public function __construct($base)
{
$this->base_url = $base;
}
-
+
public function callback($matches)
{
return $matches[1] . '="' . make_absolute_url($matches[3], $this->base_url) . '"';
}
}
-?>
+
+/**
+ * Throw system error and show error page
+ *
+ * @param array Named parameters
+ * - code: Error code (required)
+ * - type: Error type [php|db|imap|javascript] (required)
+ * - message: Error message
+ * - file: File where error occured
+ * - line: Line where error occured
+ * @param boolean True to log the error
+ * @param boolean Terminate script execution
+ */
+// may be defined in Installer
+if (!function_exists('raise_error')) {
+function raise_error($arg=array(), $log=false, $terminate=false)
+{
+ global $__page_content, $CONFIG, $OUTPUT, $ERROR_CODE, $ERROR_MESSAGE;
+
+ // report bug (if not incompatible browser)
+ if ($log && $arg['type'] && $arg['message'])
+ log_bug($arg);
+
+ // display error page and terminate script
+ if ($terminate) {
+ $ERROR_CODE = $arg['code'];
+ $ERROR_MESSAGE = $arg['message'];
+ include('program/steps/utils/error.inc');
+ exit;
+ }
+}
+}
+
+
+/**
+ * Report error according to configured debug_level
+ *
+ * @param array Named parameters
+ * @see raise_error()
+ */
+function log_bug($arg_arr)
+{
+ global $CONFIG;
+ $program = strtoupper($arg_arr['type']);
+
+ // write error to local log file
+ if ($CONFIG['debug_level'] & 1) {
+ $post_query = ($_SERVER['REQUEST_METHOD'] == 'POST' ? '?_task='.urlencode($_POST['_task']).'&_action='.urlencode($_POST['_action']) : '');
+ $log_entry = sprintf("%s Error: %s%s (%s %s)",
+ $program,
+ $arg_arr['message'],
+ $arg_arr['file'] ? sprintf(' in %s on line %d', $arg_arr['file'], $arg_arr['line']) : '',
+ $_SERVER['REQUEST_METHOD'],
+ $_SERVER['REQUEST_URI'] . $post_query);
+
+ if (!write_log('errors', $log_entry)) {
+ // send error to PHPs error handler if write_log didn't succeed
+ trigger_error($arg_arr['message']);
+ }
+ }
+
+ // resport the bug to the global bug reporting system
+ if ($CONFIG['debug_level'] & 2) {
+ // TODO: Send error via HTTP
+ }
+
+ // show error if debug_mode is on
+ if ($CONFIG['debug_level'] & 4) {
+ print "<b>$program Error";
+
+ if (!empty($arg_arr['file']) && !empty($arg_arr['line']))
+ print " in $arg_arr[file] ($arg_arr[line])";
+
+ print ':</b> ';
+ print nl2br($arg_arr['message']);
+ print '<br />';
+ flush();
+ }
+}
+
--
Gitblit v1.9.1