From f06aa8058b7e32ba32d4551074b6e0b8a300f751 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Mon, 21 Oct 2013 15:02:40 -0400
Subject: [PATCH] Bump version after security fix
---
program/js/common.js | 221 +++++++++++++++++++++++++++++++++++++++++++++---------
1 files changed, 182 insertions(+), 39 deletions(-)
diff --git a/program/js/common.js b/program/js/common.js
index cacf0ff..a07cc8c 100644
--- a/program/js/common.js
+++ b/program/js/common.js
@@ -3,8 +3,11 @@
| Roundcube common js library |
| |
| This file is part of the Roundcube web development suite |
- | Copyright (C) 2005-2007, The Roundcube Dev Team |
- | Licensed under the GNU GPL |
+ | Copyright (C) 2005-2012, The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
| |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
@@ -52,14 +55,15 @@
this.ie4 = (this.ie && !this.dom);
this.ie5 = (this.dom && this.appver.indexOf('MSIE 5')>0);
this.ie8 = (this.dom && this.appver.indexOf('MSIE 8')>0);
+ this.ie9 = (this.dom && this.appver.indexOf('MSIE 9')>0);
this.ie7 = (this.dom && this.appver.indexOf('MSIE 7')>0);
this.ie6 = (this.dom && !this.ie8 && !this.ie7 && this.appver.indexOf('MSIE 6')>0);
this.ns = ((this.ver < 5 && this.name == 'Netscape') || (this.ver >= 5 && this.vendor.indexOf('Netscape') >= 0));
this.chrome = (this.agent_lc.indexOf('chrome') > 0);
this.safari = (!this.chrome && (this.agent_lc.indexOf('safari') > 0 || this.agent_lc.indexOf('applewebkit') > 0));
- this.mz = (this.dom && !this.ie && !this.ns && !this.chrome && !this.safari && this.agent.indexOf('Mozilla') >= 0);
- this.konq = (this.agent_lc.indexOf('konqueror') > 0);
+ this.konq = (this.agent_lc.indexOf('konqueror') > 0);
+ this.mz = (this.dom && !this.ie && !this.ns && !this.chrome && !this.safari && !this.konq && this.agent.indexOf('Mozilla') >= 0);
this.iphone = (this.safari && this.agent_lc.indexOf('iphone') > 0);
this.ipad = (this.safari && this.agent_lc.indexOf('ipad') > 0);
this.opera = window.opera ? true : false;
@@ -102,30 +106,23 @@
{
var classname = ' js';
- if (this.ie) {
- classname += ' ie';
- if (this.ie5)
- classname += ' ie5';
- else if (this.ie6)
- classname += ' ie6';
- else if (this.ie7)
- classname += ' ie7';
- else if (this.ie8)
- classname += ' ie8';
- }
+ if (this.ie)
+ classname += ' ie ie'+parseInt(this.vendver);
else if (this.opera)
classname += ' opera';
else if (this.konq)
classname += ' konqueror';
else if (this.safari)
- classname += ' safari';
-
- if (this.chrome)
classname += ' chrome';
- else if (this.iphone)
+ else if (this.chrome)
+ classname += ' chrome';
+
+ if (this.iphone)
classname += ' iphone';
else if (this.ipad)
classname += ' ipad';
+ else if (this.safari || this.chrome)
+ classname += ' webkit';
if (document.documentElement)
document.documentElement.className += classname;
@@ -171,14 +168,12 @@
var opcode = 0;
e = e || window.event;
- if (bw.mac && e) {
+ if (bw.mac && e)
opcode += (e.metaKey && CONTROL_KEY) + (e.shiftKey && SHIFT_KEY);
- return opcode;
- }
- if (e) {
+ else if (e)
opcode += (e.ctrlKey && CONTROL_KEY) + (e.shiftKey && SHIFT_KEY);
- return opcode;
- }
+
+ return opcode;
},
/**
@@ -347,13 +342,25 @@
break;
}
}
-
- if (ret)
- delete ret.event;
+ if (ret && ret.event) {
+ try {
+ delete ret.event;
+ } catch (err) {
+ // IE6-7 doesn't support deleting HTMLFormElement attributes (#1488017)
+ $(ret).removeAttr('event');
+ }
+ }
}
this._event_exec = false;
- delete e.event;
+ if (e.event) {
+ try {
+ delete e.event;
+ } catch (err) {
+ // IE6-7 doesn't support deleting HTMLFormElement attributes (#1488017)
+ $(e).removeAttr('event');
+ }
+ }
return ret;
}
@@ -483,12 +490,15 @@
atom = '[^\\x00-\\x20\\x22\\x28\\x29\\x2c\\x2e\\x3a-\\x3c\\x3e\\x40\\x5b-\\x5d\\x7f-\\xff]+',
quoted_pair = '\\x5c[\\x00-\\x7f]',
quoted_string = '\\x22('+qtext+'|'+quoted_pair+')*\\x22',
+ ipv4 = '\\[(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}\\]',
+ ipv6 = '\\[IPv6:[0-9a-f:.]+\\]',
+ ip_addr = '(' + ipv4 + ')|(' + ipv6 + ')',
// Use simplified domain matching, because we need to allow Unicode characters here
// So, e-mail address should be validated also on server side after idn_to_ascii() use
//domain_literal = '\\x5b('+dtext+'|'+quoted_pair+')*\\x5d',
//sub_domain = '('+atom+'|'+domain_literal+')',
// allow punycode/unicode top-level domain
- domain = '([^@\\x2e]+\\x2e)+([^\\x00-\\x40\\x5b-\\x60\\x7b-\\x7f]{2,}|xn--[a-z0-9]{2,})',
+ domain = '(('+ip_addr+')|(([^@\\x2e]+\\x2e)+([^\\x00-\\x40\\x5b-\\x60\\x7b-\\x7f]{2,}|xn--[a-z0-9]{2,})))',
// ICANN e-mail test (http://idn.icann.org/E-mail_test)
icann_domains = [
'\\u0645\\u062b\\u0627\\u0644\\x2e\\u0625\\u062e\\u062a\\u0628\\u0627\\u0631',
@@ -516,7 +526,6 @@
return false;
};
-
// recursively copy an object
function rcube_clone_object(obj)
{
@@ -532,10 +541,17 @@
return out;
};
-// make a string URL safe
+// make a string URL safe (and compatible with PHP's rawurlencode())
function urlencode(str)
{
- return window.encodeURIComponent ? encodeURIComponent(str) : escape(str);
+ if (window.encodeURIComponent)
+ return encodeURIComponent(str).replace('*', '%2A');
+
+ return escape(str)
+ .replace('+', '%2B')
+ .replace('*', '%2A')
+ .replace('/', '%2F')
+ .replace('@', '%40');
};
@@ -607,10 +623,10 @@
return null;
}
else {
- begin += 2;
+ begin += 2;
}
- var end = document.cookie.indexOf(";", begin);
+ var end = dc.indexOf(";", begin);
if (end == -1)
end = dc.length;
@@ -661,13 +677,28 @@
return String(str).replace(/([.*+?^=!:${}()|[\]\/\\])/g, '\\$1');
};
+// Extend Date prototype to detect Standard timezone without DST
+// from http://www.michaelapproved.com/articles/timezone-detect-and-ignore-daylight-saving-time-dst/
+Date.prototype.getStdTimezoneOffset = function()
+{
+ var m = 12,
+ d = new Date(null, m, 1),
+ tzo = d.getTimezoneOffset();
+
+ while (--m) {
+ d.setUTCMonth(m);
+ if (tzo != d.getTimezoneOffset()) {
+ return Math.max(tzo, d.getTimezoneOffset());
+ }
+ }
+
+ return tzo;
+}
// Make getElementById() case-sensitive on IE
-if (bw.ie)
-{
+if (bw.ie) {
document._getElementById = document.getElementById;
- document.getElementById = function(id)
- {
+ document.getElementById = function(id) {
var i = 0, obj = document._getElementById(id);
if (obj && obj.id != id)
@@ -677,3 +708,115 @@
return obj;
}
}
+
+// jQuery plugin to emulate HTML5 placeholder attributes on input elements
+jQuery.fn.placeholder = function(text) {
+ return this.each(function() {
+ var elem = $(this);
+ this.title = text;
+
+ if ('placeholder' in this) {
+ elem.attr('placeholder', text); // Try HTML5 placeholder attribute first
+ }
+ else { // Fallback to Javascript emulation of placeholder
+ this._placeholder = text;
+ elem.blur(function(e) {
+ if ($.trim(elem.val()) == "")
+ elem.val(text);
+ elem.triggerHandler('change');
+ })
+ .focus(function(e) {
+ if ($.trim(elem.val()) == text)
+ elem.val("");
+ elem.triggerHandler('change');
+ })
+ .change(function(e) {
+ var active = elem.val() == text;
+ elem[(active ? 'addClass' : 'removeClass')]('placeholder').attr('spellcheck', active);
+ });
+
+ if (this != document.activeElement) // Do not blur currently focused element
+ elem.blur();
+ }
+ });
+};
+
+
+// This code was written by Tyler Akins and has been placed in the
+// public domain. It would be nice if you left this header intact.
+// Base64 code from Tyler Akins -- http://rumkin.com
+var Base64 = (function () {
+ var keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
+
+ var obj = {
+ /**
+ * Encodes a string in base64
+ * @param {String} input The string to encode in base64.
+ */
+ encode: function (input) {
+ if (typeof(window.btoa) === 'function')
+ return btoa(input);
+
+ var chr1, chr2, chr3, enc1, enc2, enc3, enc4, i = 0, output = '', len = input.length;
+
+ do {
+ chr1 = input.charCodeAt(i++);
+ chr2 = input.charCodeAt(i++);
+ chr3 = input.charCodeAt(i++);
+
+ enc1 = chr1 >> 2;
+ enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
+ enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
+ enc4 = chr3 & 63;
+
+ if (isNaN(chr2))
+ enc3 = enc4 = 64;
+ else if (isNaN(chr3))
+ enc4 = 64;
+
+ output = output
+ + keyStr.charAt(enc1) + keyStr.charAt(enc2)
+ + keyStr.charAt(enc3) + keyStr.charAt(enc4);
+ } while (i < len);
+
+ return output;
+ },
+
+ /**
+ * Decodes a base64 string.
+ * @param {String} input The string to decode.
+ */
+ decode: function (input) {
+ if (typeof(window.atob) === 'function')
+ return atob(input);
+
+ var chr1, chr2, chr3, enc1, enc2, enc3, enc4, len, i = 0, output = '';
+
+ // remove all characters that are not A-Z, a-z, 0-9, +, /, or =
+ input = input.replace(/[^A-Za-z0-9\+\/\=]/g, "");
+ len = input.length;
+
+ do {
+ enc1 = keyStr.indexOf(input.charAt(i++));
+ enc2 = keyStr.indexOf(input.charAt(i++));
+ enc3 = keyStr.indexOf(input.charAt(i++));
+ enc4 = keyStr.indexOf(input.charAt(i++));
+
+ chr1 = (enc1 << 2) | (enc2 >> 4);
+ chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
+ chr3 = ((enc3 & 3) << 6) | enc4;
+
+ output = output + String.fromCharCode(chr1);
+
+ if (enc3 != 64)
+ output = output + String.fromCharCode(chr2);
+ if (enc4 != 64)
+ output = output + String.fromCharCode(chr3);
+ } while (i < len);
+
+ return output;
+ }
+ };
+
+ return obj;
+})();
--
Gitblit v1.9.1