From f06aa8058b7e32ba32d4551074b6e0b8a300f751 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Mon, 21 Oct 2013 15:02:40 -0400
Subject: [PATCH] Bump version after security fix
---
program/include/rcube_template.php | 50 +++++++++++++++++++++++++++++++++++++++++---------
1 files changed, 41 insertions(+), 9 deletions(-)
diff --git a/program/include/rcube_template.php b/program/include/rcube_template.php
old mode 100755
new mode 100644
index f650803..79b3124
--- a/program/include/rcube_template.php
+++ b/program/include/rcube_template.php
@@ -6,7 +6,10 @@
| |
| This file is part of the Roundcube Webmail client |
| Copyright (C) 2006-2011, The Roundcube Dev Team |
- | Licensed under the GNU GPL |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
| |
| PURPOSE: |
| Class to handle HTML page output using a skin template. |
@@ -74,7 +77,9 @@
$this->set_env('x_frame_options', $this->app->config->get('x_frame_options', 'sameorigin'));
// load the correct skin (in case user-defined)
- $this->set_skin($this->config['skin']);
+ $skin = $this->app->config->get('skin');
+ $this->set_skin($skin);
+ $this->set_env('skin', $skin);
// add common javascripts
$this->add_script('var '.JS_OBJECT_NAME.' = new rcube_webmail();', 'head_top');
@@ -153,7 +158,7 @@
$valid = true;
}
else {
- $skin_path = $this->config['skin_path'] ? $this->config['skin_path'] : 'skins/default';
+ $skin_path = $this->config['skin_path'] ? $this->config['skin_path'] : 'skins/'.rcube_config::DEFAULT_SKIN;
$valid = !$skin;
}
@@ -161,6 +166,14 @@
$this->config['skin_path'] = $skin_path;
return $valid;
+ }
+
+ /**
+ * Getter for the current skin path property
+ */
+ public function get_skin_path()
+ {
+ return $this->config['skin_path'];
}
/**
@@ -525,6 +538,7 @@
{
$GLOBALS['__version'] = Q(RCMAIL_VERSION);
$GLOBALS['__comm_path'] = Q($this->app->comm_path);
+ $GLOBALS['__skin_path'] = Q($this->config['skin_path']);
return preg_replace_callback('/\$(__[a-z0-9_\-]+)/',
array($this, 'globals_callback'), $input);
}
@@ -661,7 +675,7 @@
*/
private function parse_xml($input)
{
- return preg_replace_callback('/<roundcube:([-_a-z]+)\s+([^>]+)>/Ui', array($this, 'xml_command'), $input);
+ return preg_replace_callback('/<roundcube:([-_a-z]+)\s+((?:[^>]|\\\\>)+)(?<!\\\\)>/Ui', array($this, 'xml_command'), $input);
}
@@ -697,7 +711,15 @@
$vars = $attrib + array('product' => $this->config['product_name']);
unset($vars['name'], $vars['command']);
$label = rcube_label($attrib + array('vars' => $vars));
- return !$attrib['noshow'] ? (get_boolean((string)$attrib['html']) ? $label : Q($label)) : '';
+ $quoting = !empty($attrib['quoting']) ? strtolower($attrib['quoting']) : (get_boolean((string)$attrib['html']) ? 'no' : '');
+ switch ($quoting) {
+ case 'no':
+ case 'raw': break;
+ case 'javascript':
+ case 'js': $label = JQ($label); break;
+ default: $label = Q($label); break;
+ }
+ return !$attrib['noshow'] ? $label : '';
}
break;
@@ -767,6 +789,13 @@
if (preg_match('/Revision:\s(\d+)/', @shell_exec('svn info'), $regs))
$ver .= ' [SVN r'.$regs[1].']';
}
+ else if (is_file(INSTALL_PATH . '.git/index')) {
+ if (preg_match('/Date:\s+([^\n]+)/', @shell_exec('git log -1'), $regs)) {
+ if ($date = date('Ymd.Hi', strtotime($regs[1]))) {
+ $ver .= ' [GIT '.$date.']';
+ }
+ }
+ }
$content = Q($ver);
}
else if ($object == 'steptitle') {
@@ -804,8 +833,8 @@
break;
case 'config':
$value = $this->config[$name];
- if (is_array($value) && $value[$_SESSION['imap_host']]) {
- $value = $value[$_SESSION['imap_host']];
+ if (is_array($value) && $value[$_SESSION['storage_host']]) {
+ $value = $value[$_SESSION['storage_host']];
}
break;
case 'request':
@@ -924,7 +953,7 @@
// make valid href to specific buttons
if (in_array($attrib['command'], rcmail::$main_tasks)) {
$attrib['href'] = rcmail_url(null, null, $attrib['command']);
- $attrib['onclick'] = sprintf("%s.switch_task('%s');return false", JS_OBJECT_NAME, $attrib['command']);
+ $attrib['onclick'] = sprintf("%s.command('switch-task','%s');return false", JS_OBJECT_NAME, $attrib['command']);
}
else if ($attrib['task'] && in_array($attrib['task'], rcmail::$main_tasks)) {
$attrib['href'] = rcmail_url($attrib['command'], null, $attrib['task']);
@@ -987,7 +1016,7 @@
$attrib['disabled'] = 'disabled';
}
- $out = html::tag('input', $attrib, '', array('type', 'value', 'onclick', 'id', 'class', 'style', 'tabindex', 'disabled'));
+ $out = html::tag('input', $attrib, null, array('type', 'value', 'onclick', 'id', 'class', 'style', 'tabindex', 'disabled'));
}
// generate html code for button
@@ -1108,6 +1137,9 @@
if (empty($url) && !preg_match('/_(task|action)=logout/', $_SERVER['QUERY_STRING']))
$url = $_SERVER['QUERY_STRING'];
+ // Disable autocapitalization on iPad/iPhone (#1488609)
+ $attrib['autocapitalize'] = 'off';
+
// set atocomplete attribute
$user_attrib = $autocomplete > 0 ? array() : array('autocomplete' => 'off');
$host_attrib = $autocomplete > 0 ? array() : array('autocomplete' => 'off');
--
Gitblit v1.9.1