- Applied fixes from trunk up to r5498

author: alecpl <alec@alec.pl> 2011-11-28 09:03:27 +0000
committer: alecpl <alec@alec.pl> 2011-11-28 09:03:27 +0000
commit: 77449d011b2367a9f3d7bb179534aa09865aa26e (patch)
tree: 20a299715c627cecdc2f7247056dde120748c6a7 /program/include
parent: 2a3e02769d2014038675a5d8ddf18d1dba87bf2f (diff)
4 files changed, 44 insertions, 32 deletions
diff --git a/program/include/main.inc b/program/include/main.inc
index 25940bd67..714764959 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -640,20 +640,23 @@ function JQ($str)
 function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL)
 {
   $value = NULL;
-  
-  if ($source==RCUBE_INPUT_GET && isset($_GET[$fname]))
-    $value = $_GET[$fname];
-  else if ($source==RCUBE_INPUT_POST && isset($_POST[$fname]))
-    $value = $_POST[$fname];
-  else if ($source==RCUBE_INPUT_GPC)
-    {
+
+  if ($source == RCUBE_INPUT_GET) {
+    if (isset($_GET[$fname]))
+      $value = $_GET[$fname];
+  }
+  else if ($source == RCUBE_INPUT_POST) {
+    if (isset($_POST[$fname]))
+      $value = $_POST[$fname];
+  }
+  else if ($source == RCUBE_INPUT_GPC) {
     if (isset($_POST[$fname]))
       $value = $_POST[$fname];
     else if (isset($_GET[$fname]))
       $value = $_GET[$fname];
     else if (isset($_COOKIE[$fname]))
       $value = $_COOKIE[$fname];
-    }
+  }
 
   return parse_input_value($value, $allow_html, $charset);
 }
@@ -661,7 +664,7 @@ function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL)
 /**
  * Parse/validate input value. See get_input_value()
  * Performs stripslashes() and charset conversion if necessary
- * 
+ *
  * @param  string   Input value
  * @param  boolean  Allow HTML tags in field value
  * @param  string   Charset to convert into
@@ -687,15 +690,21 @@ function parse_input_value($value, $allow_html=FALSE, $charset=NULL)
   else if (get_magic_quotes_gpc() || get_magic_quotes_runtime())
     $value = stripslashes($value);
 
-  // remove HTML tags if not allowed    
+  // remove HTML tags if not allowed
   if (!$allow_html)
     $value = strip_tags($value);
-  
+
+  $output_charset = is_object($OUTPUT) ? $OUTPUT->get_charset() : null;
+
+  // remove invalid characters (#1488124)
+  if ($output_charset == 'UTF-8')
+    $value = rc_utf8_clean($value);
+
   // convert to internal charset
-  if (is_object($OUTPUT) && $charset)
-    return rcube_charset_convert($value, $OUTPUT->get_charset(), $charset);
-  else
-    return $value;
+  if ($charset && $output_charset)
+    $value = rcube_charset_convert($value, $output_charset, $charset);
+
+  return $value;
 }
 
 /**
@@ -711,10 +720,10 @@ function request2param($mode = RCUBE_INPUT_GPC, $ignore = 'task|action')
   $src = $mode == RCUBE_INPUT_GET ? $_GET : ($mode == RCUBE_INPUT_POST ? $_POST : $_REQUEST);
   foreach ($src as $key => $value) {
     $fname = $key[0] == '_' ? substr($key, 1) : $key;
-    if ($ignore && !preg_match("/($ignore)/", $fname))
+    if ($ignore && !preg_match('/^(' . $ignore . ')$/', $fname))
       $out[$fname] = get_input_value($key, $mode);
   }
-  
+
   return $out;
 }
 
diff --git a/program/include/rcube_browser.php b/program/include/rcube_browser.php
index c89c3897f..859f36795 100644
--- a/program/include/rcube_browser.php
+++ b/program/include/rcube_browser.php
@@ -33,19 +33,19 @@ class rcube_browser
         $HTTP_USER_AGENT = strtolower($_SERVER['HTTP_USER_AGENT']);
 
         $this->ver = 0;
-        $this->win = strstr($HTTP_USER_AGENT, 'win');
-        $this->mac = strstr($HTTP_USER_AGENT, 'mac');
-        $this->linux = strstr($HTTP_USER_AGENT, 'linux');
-        $this->unix  = strstr($HTTP_USER_AGENT, 'unix');
+        $this->win = strpos($HTTP_USER_AGENT, 'win') != false;
+        $this->mac = strpos($HTTP_USER_AGENT, 'mac') != false;
+        $this->linux = strpos($HTTP_USER_AGENT, 'linux') != false;
+        $this->unix  = strpos($HTTP_USER_AGENT, 'unix') != false;
 
-        $this->opera = strstr($HTTP_USER_AGENT, 'opera');
-        $this->ns4 = strstr($HTTP_USER_AGENT, 'mozilla/4') && !stristr($HTTP_USER_AGENT, 'msie');
-        $this->ns  = ($this->ns4 || strstr($HTTP_USER_AGENT, 'netscape'));
-        $this->ie  = !$this->opera && stristr($HTTP_USER_AGENT, 'compatible; msie');
-        $this->mz  = !$this->ie && strstr($HTTP_USER_AGENT, 'mozilla/5');
-        $this->chrome = strstr($HTTP_USER_AGENT, 'chrome');
-        $this->khtml = strstr($HTTP_USER_AGENT, 'khtml');
-        $this->safari = !$this->chrome && ($this->khtml || strstr($HTTP_USER_AGENT, 'safari'));
+        $this->opera = strpos($HTTP_USER_AGENT, 'opera') !== false;
+        $this->ns4 = strpos($HTTP_USER_AGENT, 'mozilla/4') !== false && strpos($HTTP_USER_AGENT, 'msie') === false;
+        $this->ns  = ($this->ns4 || strpos($HTTP_USER_AGENT, 'netscape') !== false);
+        $this->ie  = !$this->opera && strpos($HTTP_USER_AGENT, 'compatible; msie') !== false;
+        $this->mz  = !$this->ie && strpos($HTTP_USER_AGENT, 'mozilla/5') !== false;
+        $this->chrome = strpos($HTTP_USER_AGENT, 'chrome') !== false;
+        $this->khtml = strpos($HTTP_USER_AGENT, 'khtml') !== false;
+        $this->safari = !$this->chrome && ($this->khtml || strpos($HTTP_USER_AGENT, 'safari') !== false);
 
         if ($this->ns || $this->chrome) {
             $test = preg_match('/(mozilla|chrome)\/([0-9.]+)/', $HTTP_USER_AGENT, $regs);
diff --git a/program/include/rcube_config.php b/program/include/rcube_config.php
index 01e678150..f80f92c91 100644
--- a/program/include/rcube_config.php
+++ b/program/include/rcube_config.php
@@ -90,11 +90,14 @@ class rcube_config
 
         // enable display_errors in 'show' level, but not for ajax requests
         ini_set('display_errors', intval(empty($_REQUEST['_remote']) && ($this->prop['debug_level'] & 4)));
-        
+
         // set timezone auto settings values
         if ($this->prop['timezone'] == 'auto') {
           $this->prop['dst_active'] = intval(date('I'));
-          $this->prop['_timezone_value']   = date('Z') / 3600 - $this->prop['dst_active'];
+          $this->prop['_timezone_value'] = date('Z') / 3600 - $this->prop['dst_active'];
+        }
+        else if ($this->prop['dst_active'] === null) {
+          $this->prop['dst_active'] = intval(date('I'));
         }
 
         // export config data
diff --git a/program/include/rcube_smtp.php b/program/include/rcube_smtp.php
index 5c2dd92d2..56b601290 100644
--- a/program/include/rcube_smtp.php
+++ b/program/include/rcube_smtp.php
@@ -381,7 +381,7 @@ class rcube_smtp
           $from = $addresses[0];
 
         // Reject envelope From: addresses with spaces.
-        if (strstr($from, ' '))
+        if (strpos($from, ' ') !== false)
           return false;
 
         $lines[] = $key . ': ' . $value;
author	alecpl <alec@alec.pl>	2011-11-28 09:03:27 +0000
committer	alecpl <alec@alec.pl>	2011-11-28 09:03:27 +0000
commit	77449d011b2367a9f3d7bb179534aa09865aa26e (patch)
tree	20a299715c627cecdc2f7247056dde120748c6a7 /program/include
parent	2a3e02769d2014038675a5d8ddf18d1dba87bf2f (diff)