From f06aa8058b7e32ba32d4551074b6e0b8a300f751 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Mon, 21 Oct 2013 15:02:40 -0400
Subject: [PATCH] Bump version after security fix
---
program/include/rcube_json_output.php | 137 +++++++++++++++++++++++++++------------------
1 files changed, 82 insertions(+), 55 deletions(-)
diff --git a/program/include/rcube_json_output.php b/program/include/rcube_json_output.php
index 399de1e..f062d4b 100644
--- a/program/include/rcube_json_output.php
+++ b/program/include/rcube_json_output.php
@@ -4,9 +4,12 @@
+-----------------------------------------------------------------------+
| program/include/rcube_json_output.php |
| |
- | This file is part of the RoundCube Webmail client |
- | Copyright (C) 2008-2009, RoundCube Dev. - Switzerland |
- | Licensed under the GNU GPL |
+ | This file is part of the Roundcube Webmail client |
+ | Copyright (C) 2008-2010, The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
| |
| PURPOSE: |
| Class to handle HTML page output using a skin template. |
@@ -28,48 +31,61 @@
*/
class rcube_json_output
{
+ /**
+ * Stores configuration object.
+ *
+ * @var rcube_config
+ */
private $config;
private $charset = RCMAIL_CHARSET;
- private $env = array();
private $texts = array();
private $commands = array();
private $callbacks = array();
private $message = null;
+ public $browser;
+ public $env = array();
public $type = 'js';
public $ajax_call = true;
-
-
+
+
/**
* Constructor
*/
- public function __construct($task)
+ public function __construct($task=null)
{
- $this->config = rcmail::get_instance()->config;
+ $this->config = rcmail::get_instance()->config;
+ $this->browser = new rcube_browser();
}
-
-
+
+
/**
* Set environment variable
*
- * @param string Property name
- * @param mixed Property value
+ * @param string $name Property name
+ * @param mixed $value Property value
*/
public function set_env($name, $value)
{
$this->env[$name] = $value;
}
-
+
+
/**
* Issue command to set page title
*
- * @param string New page title
+ * @param string $title New page title
*/
public function set_pagetitle($title)
{
- $name = $this->config->get('product_name');
+ if ($this->config->get('devel_mode') && !empty($_SESSION['username']))
+ $name = $_SESSION['username'];
+ else
+ $name = $this->config->get('product_name');
+
$this->command('set_pagetitle', empty($name) ? $title : $name.' :: '.$title);
}
+
/**
* @ignore
@@ -94,8 +110,8 @@
/**
* Register a template object handler
*
- * @param string Object name
- * @param string Function name to call
+ * @param string $obj Object name
+ * @param string $func Function name to call
* @return void
*/
public function add_handler($obj, $func)
@@ -103,18 +119,19 @@
// ignore
}
+
/**
* Register a list of template object handlers
*
- * @param array Hash array with object=>handler pairs
+ * @param array $arr Hash array with object=>handler pairs
* @return void
*/
public function add_handlers($arr)
{
// ignore
}
-
-
+
+
/**
* Call a client method
*
@@ -124,14 +141,14 @@
public function command()
{
$cmd = func_get_args();
-
+
if (strpos($cmd[0], 'plugin.') === 0)
$this->callbacks[] = $cmd;
else
$this->commands[] = $cmd;
}
-
-
+
+
/**
* Add a localized label to the client environment
*/
@@ -140,34 +157,40 @@
$args = func_get_args();
if (count($args) == 1 && is_array($args[0]))
$args = $args[0];
-
+
foreach ($args as $name) {
$this->texts[$name] = rcube_label($name);
}
}
-
+
/**
* Invoke display_message command
*
- * @param string Message to display
- * @param string Message type [notice|confirm|error]
- * @param array Key-value pairs to be replaced in localized text
- * @param boolean Override last set message
+ * @param string $message Message to display
+ * @param string $type Message type [notice|confirm|error]
+ * @param array $vars Key-value pairs to be replaced in localized text
+ * @param boolean $override Override last set message
+ * @param int $timeout Message displaying time in seconds
* @uses self::command()
*/
- public function show_message($message, $type='notice', $vars=null, $override=true)
+ public function show_message($message, $type='notice', $vars=null, $override=true, $timeout=0)
{
if ($override || !$this->message) {
+ if (rcube_label_exists($message)) {
+ if (!empty($vars))
+ $vars = array_map('Q', $vars);
+ $msgtext = rcube_label(array('name' => $message, 'vars' => $vars));
+ }
+ else
+ $msgtext = $message;
+
$this->message = $message;
- $this->command(
- 'display_message',
- rcube_label(array('name' => $message, 'vars' => $vars)),
- $type
- );
+ $this->command('display_message', $msgtext, $type, $timeout * 1000);
}
}
-
+
+
/**
* Delete all stored env variables and commands
*/
@@ -177,21 +200,23 @@
$this->texts = array();
$this->commands = array();
}
-
+
+
/**
* Redirect to a certain url
*
- * @param mixed Either a string with the action or url parameters as key-value pairs
+ * @param mixed $p Either a string with the action or url parameters as key-value pairs
+ * @param int $delay Delay in seconds
* @see rcmail::url()
*/
public function redirect($p = array(), $delay = 1)
{
$location = rcmail::get_instance()->url($p);
- $this->remote_response("window.setTimeout(\"location.href='{$location}'\", $delay);");
+ $this->remote_response(sprintf("window.setTimeout(function(){ %s.redirect('%s',true); }, %d);", JS_OBJECT_NAME, $location, $delay));
exit;
}
-
-
+
+
/**
* Send an AJAX response to the client.
*/
@@ -200,12 +225,12 @@
$this->remote_response();
exit;
}
-
-
+
+
/**
* Send an AJAX response with executable JS code
*
- * @param string Additional JS code
+ * @param string $add Additional JS code
* @param boolean True if output buffer should be flushed
* @return void
* @deprecated
@@ -224,24 +249,28 @@
unset($this->env['task'], $this->env['action'], $this->env['comm_path']);
$rcmail = rcmail::get_instance();
- $response = array('action' => $rcmail->action, 'unlock' => (bool)$_REQUEST['_unlock']);
-
+ $response['action'] = $rcmail->action;
+
+ if ($unlock = get_input_value('_unlock', RCUBE_INPUT_GPC)) {
+ $response['unlock'] = $unlock;
+ }
+
if (!empty($this->env))
- $response['env'] = $this->env;
-
+ $response['env'] = $this->env;
+
if (!empty($this->texts))
- $response['texts'] = $this->texts;
+ $response['texts'] = $this->texts;
// send function calls
$response['exec'] = $this->get_js_commands() . $add;
-
+
if (!empty($this->callbacks))
- $response['callbacks'] = $this->callbacks;
+ $response['callbacks'] = $this->callbacks;
echo json_serialize($response);
}
-
-
+
+
/**
* Return executable javascript code for all registered commands
*
@@ -267,5 +296,3 @@
return $out;
}
}
-
-
--
Gitblit v1.9.1