From f06aa8058b7e32ba32d4551074b6e0b8a300f751 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Mon, 21 Oct 2013 15:02:40 -0400
Subject: [PATCH] Bump version after security fix
---
program/include/rcube_template.php | 84 ++++++++++++++++++++++++++++++++++-------
1 files changed, 69 insertions(+), 15 deletions(-)
diff --git a/program/include/rcube_template.php b/program/include/rcube_template.php
old mode 100755
new mode 100644
index 433b22a..79b3124
--- a/program/include/rcube_template.php
+++ b/program/include/rcube_template.php
@@ -6,7 +6,10 @@
| |
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2006-2011, The Roundcube Dev Team |
- | Licensed under the GNU GPL |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
| |
| PURPOSE: |
| Class to handle HTML page output using a skin template. |
@@ -74,7 +77,9 @@
$this->set_env('x_frame_options', $this->app->config->get('x_frame_options', 'sameorigin'));
// load the correct skin (in case user-defined)
- $this->set_skin($this->config['skin']);
+ $skin = $this->app->config->get('skin');
+ $this->set_skin($skin);
+ $this->set_env('skin', $skin);
// add common javascripts
$this->add_script('var '.JS_OBJECT_NAME.' = new rcube_webmail();', 'head_top');
@@ -94,6 +99,7 @@
'username' => array($this, 'current_username'),
'message' => array($this, 'message_container'),
'charsetselector' => array($this, 'charset_selector'),
+ 'aboutcontent' => array($this, 'about_content'),
));
}
@@ -152,7 +158,7 @@
$valid = true;
}
else {
- $skin_path = $this->config['skin_path'] ? $this->config['skin_path'] : 'skins/default';
+ $skin_path = $this->config['skin_path'] ? $this->config['skin_path'] : 'skins/'.rcube_config::DEFAULT_SKIN;
$valid = !$skin;
}
@@ -160,6 +166,14 @@
$this->config['skin_path'] = $skin_path;
return $valid;
+ }
+
+ /**
+ * Getter for the current skin path property
+ */
+ public function get_skin_path()
+ {
+ return $this->config['skin_path'];
}
/**
@@ -524,6 +538,7 @@
{
$GLOBALS['__version'] = Q(RCMAIL_VERSION);
$GLOBALS['__comm_path'] = Q($this->app->comm_path);
+ $GLOBALS['__skin_path'] = Q($this->config['skin_path']);
return preg_replace_callback('/\$(__[a-z0-9_\-]+)/',
array($this, 'globals_callback'), $input);
}
@@ -660,7 +675,7 @@
*/
private function parse_xml($input)
{
- return preg_replace_callback('/<roundcube:([-_a-z]+)\s+([^>]+)>/Ui', array($this, 'xml_command'), $input);
+ return preg_replace_callback('/<roundcube:([-_a-z]+)\s+((?:[^>]|\\\\>)+)(?<!\\\\)>/Ui', array($this, 'xml_command'), $input);
}
@@ -696,7 +711,15 @@
$vars = $attrib + array('product' => $this->config['product_name']);
unset($vars['name'], $vars['command']);
$label = rcube_label($attrib + array('vars' => $vars));
- return !$attrib['noshow'] ? (get_boolean((string)$attrib['html']) ? $label : Q($label)) : '';
+ $quoting = !empty($attrib['quoting']) ? strtolower($attrib['quoting']) : (get_boolean((string)$attrib['html']) ? 'no' : '');
+ switch ($quoting) {
+ case 'no':
+ case 'raw': break;
+ case 'javascript':
+ case 'js': $label = JQ($label); break;
+ default: $label = Q($label); break;
+ }
+ return !$attrib['noshow'] ? $label : '';
}
break;
@@ -766,6 +789,13 @@
if (preg_match('/Revision:\s(\d+)/', @shell_exec('svn info'), $regs))
$ver .= ' [SVN r'.$regs[1].']';
}
+ else if (is_file(INSTALL_PATH . '.git/index')) {
+ if (preg_match('/Date:\s+([^\n]+)/', @shell_exec('git log -1'), $regs)) {
+ if ($date = date('Ymd.Hi', strtotime($regs[1]))) {
+ $ver .= ' [GIT '.$date.']';
+ }
+ }
+ }
$content = Q($ver);
}
else if ($object == 'steptitle') {
@@ -803,8 +833,8 @@
break;
case 'config':
$value = $this->config[$name];
- if (is_array($value) && $value[$_SESSION['imap_host']]) {
- $value = $value[$_SESSION['imap_host']];
+ if (is_array($value) && $value[$_SESSION['storage_host']]) {
+ $value = $value[$_SESSION['storage_host']];
}
break;
case 'request':
@@ -923,7 +953,7 @@
// make valid href to specific buttons
if (in_array($attrib['command'], rcmail::$main_tasks)) {
$attrib['href'] = rcmail_url(null, null, $attrib['command']);
- $attrib['onclick'] = sprintf("%s.switch_task('%s');return false", JS_OBJECT_NAME, $attrib['command']);
+ $attrib['onclick'] = sprintf("%s.command('switch-task','%s');return false", JS_OBJECT_NAME, $attrib['command']);
}
else if ($attrib['task'] && in_array($attrib['task'], rcmail::$main_tasks)) {
$attrib['href'] = rcmail_url($attrib['command'], null, $attrib['task']);
@@ -982,14 +1012,11 @@
if ($attrib['label']) {
$attrib['value'] = $attrib['label'];
}
+ if ($attrib['command']) {
+ $attrib['disabled'] = 'disabled';
+ }
- $attrib_str = html::attrib_string(
- $attrib,
- array(
- 'type', 'value', 'onclick', 'id', 'class', 'style', 'tabindex'
- )
- );
- $out = sprintf('<input%s disabled="disabled" />', $attrib_str);
+ $out = html::tag('input', $attrib, null, array('type', 'value', 'onclick', 'id', 'class', 'style', 'tabindex', 'disabled'));
}
// generate html code for button
@@ -1109,6 +1136,9 @@
$url = get_input_value('_url', RCUBE_INPUT_POST);
if (empty($url) && !preg_match('/_(task|action)=logout/', $_SERVER['QUERY_STRING']))
$url = $_SERVER['QUERY_STRING'];
+
+ // Disable autocapitalization on iPad/iPhone (#1488609)
+ $attrib['autocapitalize'] = 'off';
// set atocomplete attribute
$user_attrib = $autocomplete > 0 ? array() : array('autocomplete' => 'off');
@@ -1335,6 +1365,30 @@
return $select->show($set);
}
+ /**
+ * Include content from config/about.<LANG>.html if available
+ */
+ private function about_content($attrib)
+ {
+ $content = '';
+ $filenames = array(
+ 'about.' . $_SESSION['language'] . '.html',
+ 'about.' . substr($_SESSION['language'], 0, 2) . '.html',
+ 'about.html',
+ );
+ foreach ($filenames as $file) {
+ $fn = RCMAIL_CONFIG_DIR . '/' . $file;
+ if (is_readable($fn)) {
+ $content = file_get_contents($fn);
+ $content = $this->parse_conditions($content);
+ $content = $this->parse_xml($content);
+ break;
+ }
+ }
+
+ return $content;
+ }
+
} // end class rcube_template
--
Gitblit v1.9.1