From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/js/googiespell.js | 388 ++++++++++++++++++++++++++++++++++++-------------------
1 files changed, 253 insertions(+), 135 deletions(-)
diff --git a/program/js/googiespell.js b/program/js/googiespell.js
index 68ed4f6..478858b 100644
--- a/program/js/googiespell.js
+++ b/program/js/googiespell.js
@@ -1,21 +1,31 @@
/*
- SpellCheck
- jQuery'fied spell checker based on GoogieSpell 4.0
- Copyright Amir Salihefendic 2006
- Copyright Aleksander Machniak 2009
- LICENSE
- GPL
- AUTHORS
- 4mir Salihefendic (http://amix.dk) - amix@amix.dk
- Aleksander Machniak - alec [at] alec.pl
+ +-----------------------------------------------------------------------+
+ | Roundcube SpellCheck script |
+ | jQuery'fied spell checker based on GoogieSpell 4.0 |
+ | (which was published under GPL "version 2 or any later version") |
+ | |
+ | This file is part of the Roundcube Webmail client |
+ | Copyright (C) 2006 Amir Salihefendic |
+ | Copyright (C) 2009 The Roundcube Dev Team |
+ | Copyright (C) 2011 Kolab Systems AG |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
+ | |
+ +-----------------------------------------------------------------------+
+ | Authors: 4mir Salihefendic <amix@amix.dk> |
+ | Aleksander Machniak - <alec [at] alec.pl> |
+ +-----------------------------------------------------------------------+
*/
-var SPELL_CUR_LANG = null;
-var GOOGIE_DEFAULT_LANG = 'en';
+var GOOGIE_CUR_LANG,
+ GOOGIE_DEFAULT_LANG = 'en';
-function GoogieSpell(img_dir, server_url) {
+function GoogieSpell(img_dir, server_url, has_dict)
+{
var ref = this,
- cookie_value = getCookie('language');
+ cookie_value = rcmail.get_cookie('language');
GOOGIE_CUR_LANG = cookie_value != null ? cookie_value : GOOGIE_DEFAULT_LANG;
@@ -30,9 +40,9 @@
this.org_lang_to_word = {
"da": "Dansk", "de": "Deutsch", "en": "English",
- "es": "Español", "fr": "Français", "it": "Italiano",
- "nl": "Nederlands", "pl": "Polski", "pt": "Português",
- "fi": "Suomi", "sv": "Svenska"
+ "es": "Español", "fr": "Français", "it": "Italiano",
+ "nl": "Nederlands", "pl": "Polski", "pt": "Português",
+ "ru": "Русский", "fi": "Suomi", "sv": "Svenska"
};
this.lang_to_word = this.org_lang_to_word;
this.langlist_codes = this.array_keys(this.lang_to_word);
@@ -49,10 +59,11 @@
this.lang_rsm_edt = "Resume editing";
this.lang_no_error_found = "No spelling errors found";
this.lang_no_suggestions = "No suggestions";
+ this.lang_learn_word = "Add to dictionary";
this.show_spell_img = false; // roundcube mod.
this.decoration = true;
- this.use_close_btn = true;
+ this.use_close_btn = false;
this.edit_layer_dbl_click = true;
this.report_ta_not_found = true;
@@ -64,6 +75,7 @@
this.extra_menu_items = [];
this.custom_spellcheck_starter = null;
this.main_controller = true;
+ this.has_dictionary = has_dict;
// Observers
this.lang_state_observer = null;
@@ -82,15 +94,17 @@
// Set document's onclick to hide the language and error menu
$(document).bind('click', function(e) {
- if($(e.target).attr('googie_action_btn') != '1' && ref.isLangWindowShown())
+ var target = $(e.target);
+ if(target.attr('googie_action_btn') != '1' && ref.isLangWindowShown())
ref.hideLangWindow();
- if($(e.target).attr('googie_action_btn') != '1' && ref.isErrorWindowShown())
+ if(target.attr('googie_action_btn') != '1' && ref.isErrorWindowShown())
ref.hideErrorWindow();
});
-this.decorateTextarea = function(id) {
- this.text_area = typeof(id) == 'string' ? document.getElementById(id) : id;
+this.decorateTextarea = function(id)
+{
+ this.text_area = typeof id === 'string' ? document.getElementById(id) : id;
if (this.text_area) {
if (!this.spell_container && this.decoration) {
@@ -118,47 +132,56 @@
//////
// API Functions (the ones that you can call)
/////
-this.setSpellContainer = function(id) {
- this.spell_container = typeof(id) == 'string' ? document.getElementById(id) : id;
+this.setSpellContainer = function(id)
+{
+ this.spell_container = typeof id === 'string' ? document.getElementById(id) : id;
};
-this.setLanguages = function(lang_dict) {
+this.setLanguages = function(lang_dict)
+{
this.lang_to_word = lang_dict;
this.langlist_codes = this.array_keys(lang_dict);
};
-this.setCurrentLanguage = function(lan_code) {
+this.setCurrentLanguage = function(lan_code)
+{
GOOGIE_CUR_LANG = lan_code;
//Set cookie
var now = new Date();
now.setTime(now.getTime() + 365 * 24 * 60 * 60 * 1000);
- setCookie('language', lan_code, now);
+ rcmail.set_cookie('language', lan_code, now);
};
-this.setForceWidthHeight = function(width, height) {
+this.setForceWidthHeight = function(width, height)
+{
// Set to null if you want to use one of them
this.force_width = width;
this.force_height = height;
};
-this.setDecoration = function(bool) {
+this.setDecoration = function(bool)
+{
this.decoration = bool;
};
-this.dontUseCloseButtons = function() {
+this.dontUseCloseButtons = function()
+{
this.use_close_btn = false;
};
-this.appendNewMenuItem = function(name, call_back_fn, checker) {
+this.appendNewMenuItem = function(name, call_back_fn, checker)
+{
this.extra_menu_items.push([name, call_back_fn, checker]);
};
-this.appendCustomMenuBuilder = function(eval, builder) {
- this.custom_menu_builder.push([eval, builder]);
+this.appendCustomMenuBuilder = function(eval_fn, builder)
+{
+ this.custom_menu_builder.push([eval_fn, builder]);
};
-this.setFocus = function() {
+this.setFocus = function()
+{
try {
this.focus_link_b.focus();
this.focus_link_t.focus();
@@ -173,13 +196,15 @@
//////
// Set functions (internal)
/////
-this.setStateChanged = function(current_state) {
+this.setStateChanged = function(current_state)
+{
this.state = current_state;
if (this.spelling_state_observer != null && this.report_state_change)
this.spelling_state_observer(current_state, this);
};
-this.setReportStateChange = function(bool) {
+this.setReportStateChange = function(bool)
+{
this.report_state_change = bool;
};
@@ -187,26 +212,85 @@
//////
// Request functions
/////
-this.getUrl = function() {
+this.getUrl = function()
+{
return this.server_url + GOOGIE_CUR_LANG;
};
-this.escapeSpecial = function(val) {
- return val.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">");
+this.escapeSpecial = function(val)
+{
+ return val ? val.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">") : '';
};
-this.createXMLReq = function (text) {
+this.createXMLReq = function (text)
+{
return '<?xml version="1.0" encoding="utf-8" ?>'
+ '<spellrequest textalreadyclipped="0" ignoredups="0" ignoredigits="1" ignoreallcaps="1">'
+ '<text>' + text + '</text></spellrequest>';
};
-this.spellCheck = function(ignore) {
+this.spellCheck = function(ignore)
+{
+ this.prepare(ignore);
+
+ var req_text = this.escapeSpecial(this.orginal_text),
+ ref = this;
+
+ $.ajax({ type: 'POST', url: this.getUrl(), data: this.createXMLReq(req_text), dataType: 'text',
+ error: function(o) {
+ if (ref.custom_ajax_error)
+ ref.custom_ajax_error(ref);
+ else
+ alert('An error was encountered on the server. Please try again later.');
+ if (ref.main_controller) {
+ $(ref.spell_span).remove();
+ ref.removeIndicator();
+ }
+ ref.checkSpellingState();
+ },
+ success: function(data) {
+ ref.processData(data);
+ if (!ref.results.length) {
+ if (!ref.custom_no_spelling_error)
+ ref.flashNoSpellingErrorState();
+ else
+ ref.custom_no_spelling_error(ref);
+ }
+ ref.removeIndicator();
+ }
+ });
+};
+
+this.learnWord = function(word, id)
+{
+ word = this.escapeSpecial(word.innerHTML);
+
+ var ref = this,
+ req_text = '<?xml version="1.0" encoding="utf-8" ?><learnword><text>' + word + '</text></learnword>';
+
+ $.ajax({ type: 'POST', url: this.getUrl(), data: req_text, dataType: 'text',
+ error: function(o) {
+ if (ref.custom_ajax_error)
+ ref.custom_ajax_error(ref);
+ else
+ alert('An error was encountered on the server. Please try again later.');
+ },
+ success: function(data) {
+ }
+ });
+};
+
+
+//////
+// Spell checking functions
+/////
+this.prepare = function(ignore, no_indicator)
+{
this.cnt_errors_fixed = 0;
this.cnt_errors = 0;
this.setStateChanged('checking_spell');
- if (this.main_controller)
+ if (!no_indicator && this.main_controller)
this.appendIndicator(this.spell_span);
this.error_links = [];
@@ -234,45 +318,10 @@
$(this.spell_span).unbind('click');
this.orginal_text = $(this.text_area).val();
- var req_text = this.escapeSpecial(this.orginal_text);
- var ref = this;
-
- $.ajax({ type: 'POST', url: this.getUrl(),
- data: this.createXMLReq(req_text), dataType: 'text',
- error: function(o) {
- if (ref.custom_ajax_error)
- ref.custom_ajax_error(ref);
- else
- alert('An error was encountered on the server. Please try again later.');
- if (ref.main_controller) {
- $(ref.spell_span).remove();
- ref.removeIndicator();
- }
- ref.checkSpellingState();
- },
- success: function(data) {
- var r_text = data;
- ref.results = ref.parseResult(r_text);
- if (r_text.match(/<c.*>/) != null) {
- // Before parsing be sure that errors were found
- ref.showErrorsInIframe();
- ref.resumeEditingState();
- } else {
- if (!ref.custom_no_spelling_error)
- ref.flashNoSpellingErrorState();
- else
- ref.custom_no_spelling_error(ref);
- }
- ref.removeIndicator();
- }
- });
};
-
-//////
-// Spell checking functions
-/////
-this.parseResult = function(r_text) {
+this.parseResult = function(r_text)
+{
// Returns an array: result[item] -> ['attrs'], ['suggestions']
var re_split_attr_c = /\w+="(\d+|true)"/g,
re_split_text = /\t/g,
@@ -310,25 +359,37 @@
return results;
};
+this.processData = function(data)
+{
+ this.results = this.parseResult(data);
+ if (this.results.length) {
+ this.showErrorsInIframe();
+ this.resumeEditingState();
+ }
+};
//////
// Error menu functions
/////
-this.createErrorWindow = function() {
+this.createErrorWindow = function()
+{
this.error_window = document.createElement('div');
$(this.error_window).addClass('googie_window popupmenu').attr('googie_action_btn', '1');
};
-this.isErrorWindowShown = function() {
+this.isErrorWindowShown = function()
+{
return $(this.error_window).is(':visible');
};
-this.hideErrorWindow = function() {
+this.hideErrorWindow = function()
+{
$(this.error_window).hide();
$(this.error_window_iframe).hide();
};
-this.updateOrginalText = function(offset, old_value, new_value, id) {
+this.updateOrginalText = function(offset, old_value, new_value, id)
+{
var part_1 = this.orginal_text.substring(0, offset),
part_2 = this.orginal_text.substring(offset+old_value.length),
add_2_offset = new_value.length - old_value.length;
@@ -347,18 +408,20 @@
elm.old_value = old_value;
};
-this.createListSeparator = function() {
+this.createListSeparator = function()
+{
var td = document.createElement('td'),
tr = document.createElement('tr');
$(td).html(' ').attr('googie_action_btn', '1')
- .css({'cursor': 'default', 'font-size': '3px', 'border-top': '1px solid #ccc', 'padding-top': '3px'});
+ .css({'cursor': 'default', 'font-size': '3px', 'border-top': '1px solid #ccc', 'padding-top': '3px'});
tr.appendChild(td);
return tr;
};
-this.correctError = function(id, elm, l_elm, rm_pre_space) {
+this.correctError = function(id, elm, l_elm, rm_pre_space)
+{
var old_value = elm.innerHTML,
new_value = l_elm.nodeType == 3 ? l_elm.nodeValue : l_elm.innerHTML,
offset = this.results[id]['attrs']['o'];
@@ -383,7 +446,15 @@
this.errorFixed();
};
-this.showErrorWindow = function(elm, id) {
+this.ignoreError = function(elm, id)
+{
+ // @TODO: ignore all same words
+ $(elm).removeAttr('class').css('color', '').unbind();
+ this.hideErrorWindow();
+};
+
+this.showErrorWindow = function(elm, id)
+{
if (this.show_menu_observer)
this.show_menu_observer(this);
@@ -399,11 +470,12 @@
var changed = false;
for (var k=0; k<this.custom_menu_builder.length; k++) {
var eb = this.custom_menu_builder[k];
- if(eb[0]((this.results[id]))){
+ if (eb[0](this.results[id])) {
changed = eb[1](this, list, elm);
break;
}
}
+
if (!changed) {
// Build up the result list
var suggestions = this.results[id]['suggestions'],
@@ -411,6 +483,26 @@
len = this.results[id]['attrs']['l'],
row, item, dummy;
+ // [Add to dictionary] button
+ if (this.has_dictionary && !$(elm).attr('is_corrected')) {
+ row = document.createElement('tr'),
+ item = document.createElement('td'),
+ dummy = document.createElement('span');
+
+ $(dummy).text(this.lang_learn_word);
+ $(item).attr('googie_action_btn', '1').css('cursor', 'default')
+ .mouseover(ref.item_onmouseover)
+ .mouseout(ref.item_onmouseout)
+ .click(function(e) {
+ ref.learnWord(elm, id);
+ ref.ignoreError(elm, id);
+ });
+
+ item.appendChild(dummy);
+ row.appendChild(item);
+ list.appendChild(row);
+ }
+/*
if (suggestions.length == 0) {
row = document.createElement('tr'),
item = document.createElement('td'),
@@ -423,7 +515,7 @@
row.appendChild(item);
list.appendChild(row);
}
-
+*/
for (var i=0, len=suggestions.length; i < len; i++) {
row = document.createElement('tr'),
item = document.createElement('td'),
@@ -431,16 +523,15 @@
$(dummy).html(suggestions[i]);
- $(item).bind('mouseover', this.item_onmouseover)
- .bind('mouseout', this.item_onmouseout)
- .bind('click', function(e) { ref.correctError(id, elm, e.target.firstChild) });
+ $(item).mouseover(this.item_onmouseover).mouseout(this.item_onmouseout)
+ .click(function(e) { ref.correctError(id, elm, e.target.firstChild) });
item.appendChild(dummy);
row.appendChild(item);
list.appendChild(row);
}
- //The element is changed, append the revert
+ // The element is changed, append the revert
if (elm.is_changed && elm.innerHTML != elm.old_value) {
var old_value = elm.old_value,
revert_row = document.createElement('tr'),
@@ -449,11 +540,10 @@
$(rev_span).addClass('googie_list_revert').html(this.lang_revert + ' ' + old_value);
- $(revert).bind('mouseover', this.item_onmouseover)
- .bind('mouseout', this.item_onmouseout)
- .bind('click', function(e) {
+ $(revert).mouseover(this.item_onmouseover).mouseout(this.item_onmouseout)
+ .click(function(e) {
ref.updateOrginalText(offset, elm.innerHTML, old_value, id);
- $(elm).attr('is_corrected', true).css('color', '#b91414').html(old_value);
+ $(elm).removeAttr('is_corrected').css('color', '#b91414').html(old_value);
ref.hideErrorWindow();
});
@@ -488,11 +578,11 @@
$(ok_pic).attr('src', this.img_dir + 'ok.gif')
.width(32).height(16)
.css({'cursor': 'pointer', 'margin-left': '2px', 'margin-right': '2px'})
- .bind('click', onsub);
+ .click(onsub);
$(edit_form).attr('googie_action_btn', '1')
.css({'margin': 0, 'padding': 0, 'cursor': 'default', 'white-space': 'nowrap'})
- .bind('submit', onsub);
+ .submit(onsub);
edit_form.appendChild(edit_input);
edit_form.appendChild(ok_pic);
@@ -513,9 +603,9 @@
e_col = document.createElement('td');
$(e_col).html(e_elm[0])
- .bind('mouseover', ref.item_onmouseover)
- .bind('mouseout', ref.item_onmouseout)
- .bind('click', function() { return e_elm[1](elm, ref) });
+ .mouseover(ref.item_onmouseover)
+ .mouseout(ref.item_onmouseout)
+ .click(function() { return e_elm[1](elm, ref) });
e_row.appendChild(e_col);
list.appendChild(e_row);
@@ -565,7 +655,8 @@
//////
// Edit layer (the layer where the suggestions are stored)
//////
-this.createEditLayer = function(width, height) {
+this.createEditLayer = function(width, height)
+{
this.edit_layer = document.createElement('div');
$(this.edit_layer).addClass('googie_edit_layer').attr('id', 'googie_edit_layer')
.width('auto').height(height);
@@ -577,8 +668,9 @@
}
var ref = this;
+
if (this.edit_layer_dbl_click) {
- $(this.edit_layer).bind('click', function(e) {
+ $(this.edit_layer).dblclick(function(e) {
if (e.target.className != 'googie_link' && !ref.isErrorWindowShown()) {
ref.resumeEditing();
var fn1 = function() {
@@ -592,7 +684,8 @@
}
};
-this.resumeEditing = function() {
+this.resumeEditing = function()
+{
this.setStateChanged('ready');
if (this.edit_layer)
@@ -618,7 +711,8 @@
this.checkSpellingState(false);
};
-this.createErrorLink = function(text, id) {
+this.createErrorLink = function(text, id)
+{
var elm = document.createElement('span'),
ref = this,
d = function (e) {
@@ -627,13 +721,14 @@
return false;
};
- $(elm).html(text).addClass('googie_link').bind('click', d)
- .attr({'googie_action_btn' : '1', 'g_id' : id, 'is_corrected' : false});
+ $(elm).html(text).addClass('googie_link').click(d).removeAttr('is_corrected')
+ .attr({'googie_action_btn' : '1', 'g_id' : id});
return elm;
};
-this.createPart = function(txt_part) {
+this.createPart = function(txt_part)
+{
if (txt_part == " ")
return document.createTextNode(" ");
@@ -648,7 +743,8 @@
return span;
};
-this.showErrorsInIframe = function() {
+this.showErrorsInIframe = function()
+{
var output = document.createElement('div'),
pointer = 0,
results = this.results;
@@ -706,7 +802,8 @@
//////
// Choose language menu
//////
-this.createLangWindow = function() {
+this.createLangWindow = function()
+{
this.language_window = document.createElement('div');
$(this.language_window).addClass('googie_window popupmenu')
.width(100).attr('googie_action_btn', '1');
@@ -765,16 +862,19 @@
this.language_window.appendChild(table);
};
-this.isLangWindowShown = function() {
- return $(this.language_window).is(':hidden');
+this.isLangWindowShown = function()
+{
+ return $(this.language_window).is(':visible');
};
-this.hideLangWindow = function() {
+this.hideLangWindow = function()
+{
$(this.language_window).hide();
$(this.switch_lan_pic).removeClass().addClass('googie_lang_3d_on');
};
-this.showLangWindow = function(elm) {
+this.showLangWindow = function(elm)
+{
if (this.show_menu_observer)
this.show_menu_observer(this);
@@ -795,11 +895,13 @@
this.highlightCurSel();
};
-this.deHighlightCurSel = function() {
+this.deHighlightCurSel = function()
+{
$(this.lang_cur_elm).removeClass().addClass('googie_list_onout');
};
-this.highlightCurSel = function() {
+this.highlightCurSel = function()
+{
if (GOOGIE_CUR_LANG == null)
GOOGIE_CUR_LANG = GOOGIE_DEFAULT_LANG;
for (var i=0; i < this.lang_elms.length; i++) {
@@ -813,7 +915,8 @@
}
};
-this.createChangeLangPic = function() {
+this.createChangeLangPic = function()
+{
var img = $('<img>')
.attr({src: this.img_dir + 'change_lang.gif', 'alt': 'Change language', 'googie_action_btn': '1'}),
switch_lan = document.createElement('span');
@@ -836,7 +939,8 @@
return switch_lan;
};
-this.createSpellDiv = function() {
+this.createSpellDiv = function()
+{
var span = document.createElement('span');
$(span).addClass('googie_check_spelling_link').text(this.lang_chck_spell);
@@ -851,7 +955,8 @@
//////
// State functions
/////
-this.flashNoSpellingErrorState = function(on_finish) {
+this.flashNoSpellingErrorState = function(on_finish)
+{
this.setStateChanged('no_error_found');
var ref = this;
@@ -877,7 +982,8 @@
}
};
-this.resumeEditingState = function() {
+this.resumeEditingState = function()
+{
this.setStateChanged('resume_editing');
//Change link text to resume
@@ -895,7 +1001,8 @@
catch (e) {};
};
-this.checkSpellingState = function(fire) {
+this.checkSpellingState = function(fire)
+{
if (fire)
this.setStateChanged('ready');
@@ -928,12 +1035,14 @@
//////
// Misc. functions
/////
-this.isDefined = function(o) {
- return (o != 'undefined' && o != null)
+this.isDefined = function(o)
+{
+ return (o !== undefined && o !== null)
};
-this.errorFixed = function() {
- this.cnt_errors_fixed++;
+this.errorFixed = function()
+{
+ this.cnt_errors_fixed++;
if (this.all_errors_fixed_observer)
if (this.cnt_errors_fixed == this.cnt_errors) {
this.hideErrorWindow();
@@ -941,15 +1050,18 @@
}
};
-this.errorFound = function() {
+this.errorFound = function()
+{
this.cnt_errors++;
};
-this.createCloseButton = function(c_fn) {
+this.createCloseButton = function(c_fn)
+{
return this.createButton(this.lang_close, 'googie_list_close', c_fn);
};
-this.createButton = function(name, css_class, c_fn) {
+this.createButton = function(name, css_class, c_fn)
+{
var btn_row = document.createElement('tr'),
btn = document.createElement('td'),
spn_btn;
@@ -971,17 +1083,19 @@
return btn_row;
};
-this.removeIndicator = function(elm) {
+this.removeIndicator = function(elm)
+{
//$(this.indicator).remove();
// roundcube mod.
if (window.rcmail)
- rcmail.set_busy(false);
+ rcmail.set_busy(false, null, this.rc_msg_id);
};
-this.appendIndicator = function(elm) {
+this.appendIndicator = function(elm)
+{
// modified by roundcube
if (window.rcmail)
- rcmail.set_busy(true, 'checking');
+ this.rc_msg_id = rcmail.set_busy(true, 'checking');
/*
this.indicator = document.createElement('img');
$(this.indicator).attr('src', this.img_dir + 'indicator.gif')
@@ -994,19 +1108,23 @@
*/
}
-this.createFocusLink = function(name) {
+this.createFocusLink = function(name)
+{
var link = document.createElement('a');
$(link).attr({'href': 'javascript:;', 'name': name});
return link;
};
-this.item_onmouseover = function(e) {
+this.item_onmouseover = function(e)
+{
if (this.className != 'googie_list_revert' && this.className != 'googie_list_close')
this.className = 'googie_list_onhover';
else
this.parentNode.className = 'googie_list_onhover';
};
-this.item_onmouseout = function(e) {
+
+this.item_onmouseout = function(e)
+{
if (this.className != 'googie_list_revert' && this.className != 'googie_list_close')
this.className = 'googie_list_onout';
else
--
Gitblit v1.9.1