diff options
Diffstat (limited to 'program/steps')
-rw-r--r-- | program/steps/addressbook/delete.inc | 3 | ||||
-rw-r--r-- | program/steps/addressbook/edit.inc | 15 | ||||
-rw-r--r-- | program/steps/addressbook/func.inc | 17 | ||||
-rw-r--r-- | program/steps/addressbook/list.inc | 6 | ||||
-rw-r--r-- | program/steps/addressbook/search.inc | 3 | ||||
-rw-r--r-- | program/steps/addressbook/show.inc | 34 | ||||
-rw-r--r-- | program/steps/mail/addcontact.inc | 13 | ||||
-rw-r--r-- | program/steps/mail/autocomplete.inc | 4 | ||||
-rw-r--r-- | program/steps/mail/compose.inc | 22 | ||||
-rw-r--r-- | program/steps/mail/func.inc | 33 | ||||
-rw-r--r-- | program/steps/mail/list_contacts.inc | 3 | ||||
-rw-r--r-- | program/steps/mail/sendmail.inc | 13 | ||||
-rw-r--r-- | program/steps/mail/show.inc | 16 | ||||
-rw-r--r-- | program/steps/settings/folders.inc | 2 | ||||
-rw-r--r-- | program/steps/settings/func.inc | 4 | ||||
-rw-r--r-- | program/steps/utils/error.inc | 2 | ||||
-rw-r--r-- | program/steps/utils/modcss.inc | 81 |
17 files changed, 160 insertions, 111 deletions
diff --git a/program/steps/addressbook/delete.inc b/program/steps/addressbook/delete.inc index a2f12495c..81b8a0970 100644 --- a/program/steps/addressbook/delete.inc +++ b/program/steps/addressbook/delete.inc @@ -70,6 +70,7 @@ $page = isset($_SESSION['page']) ? $_SESSION['page'] : 1; // update saved search after data changed if (($search_request = $_REQUEST['_search']) && isset($_SESSION['search'][$search_request])) { $sort_col = $RCMAIL->config->get('addressbook_sort_col', 'name'); + $afields = $RCMAIL->config->get('contactlist_fields'); $search = (array)$_SESSION['search'][$search_request]; $records = array(); @@ -83,7 +84,7 @@ if (($search_request = $_REQUEST['_search']) && isset($_SESSION['search'][$searc $source->set_search_set($set); // get records - $result = $source->list_records(array('name', 'firstname', 'surname', 'email')); + $result = $source->list_records($afields); if (!$result->count) { unset($search[$s]); diff --git a/program/steps/addressbook/edit.inc b/program/steps/addressbook/edit.inc index f96ad6747..0f1fd6697 100644 --- a/program/steps/addressbook/edit.inc +++ b/program/steps/addressbook/edit.inc @@ -262,12 +262,27 @@ function rcmail_source_selector($attrib) } +/** + * Register container as active area to drop photos onto + */ +function rcmail_photo_drop_area($attrib) +{ + global $OUTPUT; + + if ($attrib['id']) { + $OUTPUT->add_gui_object('filedrop', $attrib['id']); + $OUTPUT->set_env('filedrop', array('action' => 'upload-photo', 'fieldname' => '_photo', 'single' => 1, 'filter' => '^image/.+')); + } +} + + $OUTPUT->add_handlers(array( 'contactedithead' => 'rcmail_contact_edithead', 'contacteditform' => 'rcmail_contact_editform', 'contactphoto' => 'rcmail_contact_photo', 'photouploadform' => 'rcmail_upload_photo_form', 'sourceselector' => 'rcmail_source_selector', + 'filedroparea' => 'rcmail_photo_drop_area', )); if ($RCMAIL->action == 'add' && $OUTPUT->template_exists('contactadd')) diff --git a/program/steps/addressbook/func.inc b/program/steps/addressbook/func.inc index 80d89b001..5f5fcc673 100644 --- a/program/steps/addressbook/func.inc +++ b/program/steps/addressbook/func.inc @@ -368,7 +368,7 @@ function rcmail_contact_frame($attrib) $attrib['name'] = $attrib['id']; $OUTPUT->set_env('contentframe', $attrib['name']); - $OUTPUT->set_env('blankpage', $attrib['src'] ? $OUTPUT->abs_url($attrib['src']) : 'program/blank.gif'); + $OUTPUT->set_env('blankpage', $attrib['src'] ? $OUTPUT->abs_url($attrib['src']) : 'program/resources/blank.gif'); return html::iframe($attrib); } @@ -580,8 +580,13 @@ function rcmail_contact_form($form, $record, $attrib = null) if (empty($values) && $colprop['visible']) $values[] = ''; + if (!is_array($values)) { + // $values can be an object, don't use (array)$values syntax + $values = !empty($values) ? array($values) : array(); + } + $rows = ''; - foreach ((array)$values as $i => $val) { + foreach ($values as $i => $val) { if ($subtypes[$i]) $subtype = $subtypes[$i]; @@ -705,11 +710,15 @@ function rcmail_contact_photo($attrib) if ($result = $CONTACTS->get_result()) $record = $result->first(); - $photo_img = $attrib['placeholder'] ? $CONFIG['skin_path'] . $attrib['placeholder'] : 'program/blank.gif'; + $photo_img = $attrib['placeholder'] ? $CONFIG['skin_path'] . $attrib['placeholder'] : 'program/resources/blank.gif'; $RCMAIL->output->set_env('photo_placeholder', $photo_img); unset($attrib['placeholder']); - if (preg_match('!^https?://!i', $record['photo'])) + $plugin = $RCMAIL->plugins->exec_hook('contact_photo', array('record' => $record, 'data' => $record['photo'])); + + if ($plugin['url']) + $photo_img = $plugin['url']; + else if (preg_match('!^https?://!i', $record['photo'])) $photo_img = $record['photo']; else if ($record['photo']) $photo_img = $RCMAIL->url(array('_action' => 'photo', '_cid' => $record['ID'], '_source' => $SOURCE_ID)); diff --git a/program/steps/addressbook/list.inc b/program/steps/addressbook/list.inc index a24fb9520..06a1e10a3 100644 --- a/program/steps/addressbook/list.inc +++ b/program/steps/addressbook/list.inc @@ -19,6 +19,8 @@ +-----------------------------------------------------------------------+ */ +$afields = $RCMAIL->config->get('contactlist_fields'); + // Use search result if (!empty($_REQUEST['_search']) && isset($_SESSION['search'][$_REQUEST['_search']])) { @@ -43,7 +45,7 @@ if (!empty($_REQUEST['_search']) && isset($_SESSION['search'][$_REQUEST['_search $source->set_search_set($set); // get records - $result = $source->list_records(array('name', 'firstname', 'surname', 'email')); + $result = $source->list_records($afields); while ($row = $result->next()) { $row['sourceid'] = $s; @@ -73,7 +75,7 @@ else { $CONTACTS = rcmail_contact_source(null, true); // get contacts for this user - $result = $CONTACTS->list_records(array('name', 'firstname', 'surname', 'email')); + $result = $CONTACTS->list_records($afields); if (!$result->count && $result->searchonly) { $OUTPUT->show_message('contactsearchonly', 'notice'); diff --git a/program/steps/addressbook/search.inc b/program/steps/addressbook/search.inc index f83eb9fd6..d31e54b1a 100644 --- a/program/steps/addressbook/search.inc +++ b/program/steps/addressbook/search.inc @@ -145,6 +145,7 @@ function rcmail_contact_search() $search_set = array(); $records = array(); $sort_col = $RCMAIL->config->get('addressbook_sort_col', 'name'); + $afields = $RCMAIL->config->get('contactlist_fields'); foreach ($sources as $s) { $source = $RCMAIL->get_address_book($s['id']); @@ -179,7 +180,7 @@ function rcmail_contact_search() } // get records - $result = $source->list_records(array('name', 'firstname', 'surname', 'email')); + $result = $source->list_records($afields); while ($row = $result->next()) { $row['sourceid'] = $s['id']; diff --git a/program/steps/addressbook/show.inc b/program/steps/addressbook/show.inc index e5ff0d73e..48e37256d 100644 --- a/program/steps/addressbook/show.inc +++ b/program/steps/addressbook/show.inc @@ -22,7 +22,7 @@ // Get contact ID and source ID from request $cids = rcmail_get_cids(); $source = key($cids); -$cid = array_shift($cids[$source]); +$cid = $cids ? array_shift($cids[$source]) : null; // Initialize addressbook source $CONTACTS = rcmail_contact_source($source, true); @@ -39,6 +39,19 @@ rcmail_set_sourcename($CONTACTS); // return raw photo of the given contact if ($RCMAIL->action == 'photo') { + // search for contact first + if (!$record && ($email = get_input_value('_email', RCUBE_INPUT_GPC))) { + foreach ($RCMAIL->get_address_sources() as $s) { + $abook = $RCMAIL->get_address_book($s['id']); + $result = $abook->search(array('email'), $email, 1, true, true, 'photo'); + while ($result && ($record = $result->iterate())) { + if ($record['photo']) + break 2; + } + } + } + + // read the referenced file if (($file_id = get_input_value('_photo', RCUBE_INPUT_GPC)) && ($tempfile = $_SESSION['contacts']['files'][$file_id])) { $tempfile = $RCMAIL->plugins->exec_hook('attachment_display', $tempfile); if ($tempfile['status']) { @@ -54,8 +67,25 @@ if ($RCMAIL->action == 'photo') { $data = base64_decode($data, true); } + // let plugins do fancy things with contact photos + $plugin = $RCMAIL->plugins->exec_hook('contact_photo', array('record' => $record, 'email' => $email, 'data' => $data)); + + // redirect to url provided by a plugin + if ($plugin['url']) + $RCMAIL->output->redirect($plugin['url']); + else + $data = $plugin['data']; + + // deliver alt image + if (!$data && ($alt_img = get_input_value('_alt', RCUBE_INPUT_GPC)) && is_file($alt_img)) + $data = file_get_contents($alt_img); + + // cache for one day if requested by email + if (!$cid && $email) + $RCMAIL->output->future_expire_header(86400); + header('Content-Type: ' . rc_image_content_type($data)); - echo $data ? $data : file_get_contents('program/blank.gif'); + echo $data ? $data : file_get_contents('program/resources/blank.gif'); exit; } diff --git a/program/steps/mail/addcontact.inc b/program/steps/mail/addcontact.inc index 2dc406f84..380557766 100644 --- a/program/steps/mail/addcontact.inc +++ b/program/steps/mail/addcontact.inc @@ -23,17 +23,8 @@ if (!$OUTPUT->ajax_call) return; -$abook = $RCMAIL->config->get('default_addressbook'); - -// Get configured addressbook -$CONTACTS = $RCMAIL->get_address_book($abook, true); - -// Get first writeable addressbook if the configured doesn't exist -// This can happen when user deleted the addressbook (e.g. Kolab folder) -if ($abook == null || !is_object($CONTACTS)) { - $source = reset($RCMAIL->get_address_sources(true)); - $CONTACTS = $RCMAIL->get_address_book($source['id'], true); -} +// Get default addressbook +$CONTACTS = $RCMAIL->get_address_book(-1, true); if (!empty($_POST['_address']) && is_object($CONTACTS)) { diff --git a/program/steps/mail/autocomplete.inc b/program/steps/mail/autocomplete.inc index ba34fa5aa..55579814c 100644 --- a/program/steps/mail/autocomplete.inc +++ b/program/steps/mail/autocomplete.inc @@ -26,7 +26,7 @@ if ($RCMAIL->action == 'group-expand') { $members = array(); $abook->set_group($gid); $abook->set_pagesize(1000); // TODO: limit number of group members by config - $result = $abook->list_records(array('name', 'firstname', 'surname', 'email')); + $result = $abook->list_records($RCMAIL->config->get('contactlist_fields')); while ($result && ($sql_arr = $result->iterate())) { foreach ((array)$sql_arr['email'] as $email) { $members[] = format_email_recipient($email, rcube_addressbook::compose_list_name($sql_arr)); @@ -64,7 +64,7 @@ if (!empty($book_types) && strlen($search)) { $abook = $RCMAIL->get_address_book($id); $abook->set_pagesize($MAXNUM); - if ($result = $abook->search(array('name', 'firstname', 'surname', 'email'), $search, $mode, true, true, 'email')) { + if ($result = $abook->search($RCMAIL->config->get('contactlist_fields'), $search, $mode, true, true, 'email')) { while ($sql_arr = $result->iterate()) { // Contact can have more than one e-mail address $email_arr = (array)$abook->get_col_values('email', $sql_arr, true); diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc index 70f657d8d..57869d1f7 100644 --- a/program/steps/mail/compose.inc +++ b/program/steps/mail/compose.inc @@ -629,7 +629,8 @@ function rcmail_prepare_message_body() if (!empty($MESSAGE->parts)) { foreach ($MESSAGE->parts as $part) { - if ($part->type != 'content' || !$part->size) { + // skip no-content and attachment parts (#1488557) + if ($part->type != 'content' || !$part->size || $MESSAGE->is_attachment($part)) { continue; } @@ -662,10 +663,10 @@ function rcmail_prepare_message_body() unset($plugin); // add blocked.gif attachment (#1486516) - if ($isHtml && preg_match('#<img src="\./program/blocked\.gif"#', $body)) { - if ($attachment = rcmail_save_image('program/blocked.gif', 'image/gif')) { + if ($isHtml && preg_match('#<img src="\./program/resources/blocked\.gif"#', $body)) { + if ($attachment = rcmail_save_image('program/resources/blocked.gif', 'image/gif')) { $COMPOSE['attachments'][$attachment['id']] = $attachment; - $body = preg_replace('#\./program/blocked\.gif#', + $body = preg_replace('#\./program/resources/blocked\.gif#', $RCMAIL->comm_path.'&_action=display-attachment&_file=rcmfile'.$attachment['id'].'&_id='.$COMPOSE['id'], $body); } @@ -842,7 +843,7 @@ function rcmail_compose_body($attrib) "googie.decorateTextarea('%s');\n". "%s.set_env('spellcheck', googie);", $RCMAIL->output->get_skin_path(), - $RCMAIL->url(array('_task' => 'utils', '_action' => 'spell')), + $RCMAIL->url(array('_task' => 'utils', '_action' => 'spell', '_remote' => 1)), !empty($dictionary) ? 'true' : 'false', JQ(Q(rcube_label('checkspelling'))), JQ(Q(rcube_label('resumeediting'))), @@ -859,7 +860,7 @@ function rcmail_compose_body($attrib) $OUTPUT->set_env('spellcheck_langs', join(',', $editor_lang_set)); } - $out .= "\n".'<iframe name="savetarget" src="program/blank.gif" style="width:0;height:0;border:none;visibility:hidden;"></iframe>'; + $out .= "\n".'<iframe name="savetarget" src="program/resources/blank.gif" style="width:0;height:0;border:none;visibility:hidden;"></iframe>'; return $out; } @@ -958,18 +959,18 @@ function rcmail_create_forward_body($body, $bodyIsHtml) "<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">%s: </th><td>%s</td></tr>", rcube_label('subject'), Q($MESSAGE->subject), rcube_label('date'), Q($date), - rcube_label('from'), htmlspecialchars(Q($MESSAGE->get_header('from'), 'replace'), ENT_COMPAT, $charset), - rcube_label('to'), htmlspecialchars(Q($MESSAGE->get_header('to'), 'replace'), ENT_COMPAT, $charset)); + rcube_label('from'), Q($MESSAGE->get_header('from'), 'replace'), + rcube_label('to'), Q($MESSAGE->get_header('to'), 'replace')); if ($MESSAGE->headers->cc) $prefix .= sprintf("<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">%s: </th><td>%s</td></tr>", rcube_label('cc'), - htmlspecialchars(Q($MESSAGE->get_header('cc'), 'replace'), ENT_COMPAT, $charset)); + Q($MESSAGE->get_header('cc'), 'replace')); if ($MESSAGE->headers->replyto && $MESSAGE->headers->replyto != $MESSAGE->headers->from) $prefix .= sprintf("<tr><th align=\"right\" nowrap=\"nowrap\" valign=\"baseline\">%s: </th><td>%s</td></tr>", rcube_label('replyto'), - htmlspecialchars(Q($MESSAGE->get_header('replyto'), 'replace'), ENT_COMPAT, $charset)); + Q($MESSAGE->get_header('replyto'), 'replace')); $prefix .= "</tbody></table><br>"; } @@ -1522,6 +1523,7 @@ function get_form_tags($attrib) $hiddenfields = new html_hiddenfield(array('name' => '_task', 'value' => $RCMAIL->task)); $hiddenfields->add(array('name' => '_action', 'value' => 'send')); $hiddenfields->add(array('name' => '_id', 'value' => $COMPOSE['id'])); + $hiddenfields->add(array('name' => '_attachments')); $form_start = empty($attrib['form']) ? $RCMAIL->output->form_tag(array('name' => "form", 'method' => "post")) : ''; $form_start .= $hiddenfields->show(); diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 5a18ded6b..ddd34315a 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -398,7 +398,7 @@ function rcmail_messagecontent_frame($attrib) if ($RCMAIL->config->get('preview_pane')) $OUTPUT->set_env('contentframe', $attrib['id']); - $OUTPUT->set_env('blankpage', $attrib['src'] ? $OUTPUT->abs_url($attrib['src']) : 'program/blank.gif'); + $OUTPUT->set_env('blankpage', $attrib['src'] ? $OUTPUT->abs_url($attrib['src']) : 'program/resources/blank.gif'); return html::iframe($attrib); } @@ -518,21 +518,26 @@ function rcmail_check_safe(&$message) { global $RCMAIL; - $show_images = $RCMAIL->config->get('show_images'); if (!$message->is_safe - && !empty($show_images) - && $message->has_html_part()) - { - switch($show_images) { - case '1': // known senders only - $CONTACTS = new rcube_contacts($RCMAIL->db, $_SESSION['user_id']); - if ($CONTACTS->search('email', $message->sender['mailto'], true, false)->count) { - $message->set_safe(true); + && ($show_images = $RCMAIL->config->get('show_images')) + && $message->has_html_part() + ) { + switch ($show_images) { + case 1: // known senders only + // get default addressbook, like in addcontact.inc + $CONTACTS = $RCMAIL->get_address_book(-1, true); + + if ($CONTACTS) { + $result = $CONTACTS->search('email', $message->sender['mailto'], 1, false); + if ($result->count) { + $message->set_safe(true); + } } - break; - case '2': // always + break; + + case 2: // always $message->set_safe(true); - break; + break; } } } @@ -605,7 +610,7 @@ function rcmail_wash_html($html, $p, $cid_replaces) $wash_opts = array( 'show_washed' => false, 'allow_remote' => $p['safe'], - 'blocked_src' => "./program/blocked.gif", + 'blocked_src' => "./program/resources/blocked.gif", 'charset' => RCMAIL_CHARSET, 'cid_map' => $cid_replaces, 'html_elements' => array('body'), diff --git a/program/steps/mail/list_contacts.inc b/program/steps/mail/list_contacts.inc index 1a6480339..7c99a1309 100644 --- a/program/steps/mail/list_contacts.inc +++ b/program/steps/mail/list_contacts.inc @@ -57,7 +57,8 @@ if ($CONTACTS && $CONTACTS->ready) { // get contacts for this user $CONTACTS->set_group(0); - $result = $CONTACTS->list_records(array('name', 'firstname', 'surname', 'email')); + $afields = $RCMAIL->config->get('contactlist_fields'); + $result = $CONTACTS->list_records($afields); if (!$result->count && $result->searchonly) { $OUTPUT->show_message('contactsearchonly', 'notice'); diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc index 4790d35e2..70f1af714 100644 --- a/program/steps/mail/sendmail.inc +++ b/program/steps/mail/sendmail.inc @@ -458,6 +458,19 @@ if ($isHtml) { $message_body .= "\r\n</body></html>\r\n"; } +// sort attachments to make sure the order is the same as in the UI (#1488423) +$files = get_input_value('_attachments', RCUBE_INPUT_POST); +if ($files) { + $files = explode(',', $files); + $files = array_flip($files); + foreach ($files as $idx => $val) { + $files[$idx] = $COMPOSE['attachments'][$idx]; + unset($COMPOSE['attachments'][$idx]); + } + + $COMPOSE['attachments'] = array_merge(array_filter($files), $COMPOSE['attachments']); +} + // set line length for body wrapping $LINE_LENGTH = $RCMAIL->config->get('line_length', 72); diff --git a/program/steps/mail/show.inc b/program/steps/mail/show.inc index 5fa72d77f..82c826108 100644 --- a/program/steps/mail/show.inc +++ b/program/steps/mail/show.inc @@ -257,7 +257,7 @@ function rcmail_contact_exists($email) if ($email) { // @TODO: search in all address books? - $CONTACTS = $RCMAIL->get_address_book(null, true); + $CONTACTS = $RCMAIL->get_address_book(-1, true); $existing = $CONTACTS->search('email', $email, true, false); if ($existing->count) return true; @@ -266,11 +266,25 @@ function rcmail_contact_exists($email) return false; } +function rcmail_message_contactphoto($attrib) +{ + global $RCMAIL, $MESSAGE; + + $placeholder = $attrib['placeholder'] ? $RCMAIL->config->get('skin_path') . $attrib['placeholder'] : null; + if ($MESSAGE->sender) + $photo_img = $RCMAIL->url(array('_task' => 'addressbook', '_action' => 'photo', '_email' => $MESSAGE->sender['mailto'], '_alt' => $placeholder)); + else + $photo_img = $placeholder ? $placeholder : 'program/resources/blank.gif'; + + return html::img(array('src' => $photo_img) + $attrib); +} + $OUTPUT->add_handlers(array( 'messageattachments' => 'rcmail_message_attachments', 'mailboxname' => 'rcmail_mailbox_name_display', 'messageobjects' => 'rcmail_message_objects', + 'contactphoto' => 'rcmail_message_contactphoto', )); diff --git a/program/steps/settings/folders.inc b/program/steps/settings/folders.inc index e4e9f3155..2691a6e26 100644 --- a/program/steps/settings/folders.inc +++ b/program/steps/settings/folders.inc @@ -363,7 +363,7 @@ function rcmail_folder_frame($attrib) $attrib['name'] = $attrib['id']; $OUTPUT->set_env('contentframe', $attrib['name']); - $OUTPUT->set_env('blankpage', $attrib['src'] ? $OUTPUT->abs_url($attrib['src']) : 'program/blank.gif'); + $OUTPUT->set_env('blankpage', $attrib['src'] ? $OUTPUT->abs_url($attrib['src']) : 'program/resources/blank.gif'); return html::iframe($attrib); } diff --git a/program/steps/settings/func.inc b/program/steps/settings/func.inc index 7b5534e5d..3f5ef5390 100644 --- a/program/steps/settings/func.inc +++ b/program/steps/settings/func.inc @@ -34,7 +34,7 @@ function rcmail_preferences_frame($attrib) $attrib['name'] = $attrib['id']; $OUTPUT->set_env('contentframe', $attrib['name']); - $OUTPUT->set_env('blankpage', $attrib['src'] ? $OUTPUT->abs_url($attrib['src']) : 'program/blank.gif'); + $OUTPUT->set_env('blankpage', $attrib['src'] ? $OUTPUT->abs_url($attrib['src']) : 'program/resources/blank.gif'); return html::iframe($attrib); } @@ -181,7 +181,7 @@ function rcmail_user_prefs($current=null) $select_timezone = new html_select(array('name' => '_timezone', 'id' => $field_id)); $select_timezone->add(rcube_label('autodetect'), 'auto'); - $now = new DateTime(); + $zones = array(); foreach (DateTimeZone::listIdentifiers() as $i => $tzs) { try { $tz = new DateTimeZone($tzs); diff --git a/program/steps/utils/error.inc b/program/steps/utils/error.inc index 126cf2ef7..e6e409a21 100644 --- a/program/steps/utils/error.inc +++ b/program/steps/utils/error.inc @@ -23,7 +23,7 @@ $rcmail = rcmail::get_instance(); // browser is not compatible with this application if ($ERROR_CODE==409) { - $user_agent = $GLOBALS['HTTP_SERVER_VARS']['HTTP_USER_AGENT']; + $user_agent = $_SERVER['HTTP_USER_AGENT']; $__error_title = 'Your browser does not suit the requirements for this application'; $__error_text = <<<EOF <i>Supported browsers:</i><br /> diff --git a/program/steps/utils/modcss.inc b/program/steps/utils/modcss.inc index 77be150fe..1a28c6598 100644 --- a/program/steps/utils/modcss.inc +++ b/program/steps/utils/modcss.inc @@ -5,7 +5,7 @@ | program/steps/utils/modcss.inc | | | | This file is part of the Roundcube Webmail client | - | Copyright (C) 2007-2011, The Roundcube Dev Team | + | Copyright (C) 2007-2012, The Roundcube Dev Team | | | | Licensed under the GNU General Public License version 3 or | | any later version with exceptions for skins & plugins. | @@ -16,83 +16,48 @@ | | +-----------------------------------------------------------------------+ | Author: Thomas Bruederli <roundcube@gmail.com> | + | Author: Aleksander Machniak <alec@alec.pl> | +-----------------------------------------------------------------------+ */ -$source = ''; - $url = preg_replace('![^a-z0-9.-]!i', '', $_GET['_u']); + if ($url === null || !($realurl = $_SESSION['modcssurls'][$url])) { header('HTTP/1.1 403 Forbidden'); - echo "Unauthorized request"; - exit; + exit("Unauthorized request"); } -$a_uri = parse_url($realurl); -$port = $a_uri['port'] ? $a_uri['port'] : 80; -$host = $a_uri['host']; -$path = $a_uri['path'] . ($a_uri['query'] ? '?'.$a_uri['query'] : ''); - // don't allow any other connections than http(s) -if (strtolower(substr($a_uri['scheme'], 0, 4)) != 'http') { +if (!preg_match('~^(https?)://~i', $realurl, $matches)) { header('HTTP/1.1 403 Forbidden'); - echo "Invalid URL"; - exit; + exit("Invalid URL"); } -// try to open socket connection -if (!($fp = fsockopen($host, $port, $errno, $error, 15))) { - header('HTTP/1.1 500 Internal Server Error'); - echo $error; - exit; +if (!ini_get('allow_url_fopen')) { + header('HTTP/1.1 403 Forbidden'); + exit("HTTP connections disabled"); } -// set timeout for socket -stream_set_timeout($fp, 30); - -// send request -$out = "GET $path HTTP/1.0\r\n"; -$out .= "Host: $host\r\n"; -$out .= "Connection: Close\r\n\r\n"; -fwrite($fp, $out); +$scheme = strtolower($matches[1]); +$options = array( + $scheme => array( + 'method' => 'GET', + 'timeout' => 15, + ) +); -// read response -$header = true; -$headers = array(); -while (!feof($fp)) { - $line = trim(fgets($fp, 4048)); +$context = stream_context_create($options); +$source = @file_get_contents($realurl, false, $context); - if ($header) { - if (preg_match('/^HTTP\/1\..\s+(\d+)/', $line, $regs) - && intval($regs[1]) != 200) { - break; - } - else if (empty($line)) { - $header = false; - } - else { - list($key, $value) = explode(': ', $line); - $headers[strtolower($key)] = $value; - } - } - else { - $source .= "$line\n"; - } -} -fclose($fp); +// php.net/manual/en/reserved.variables.httpresponseheader.php +$headers = implode("\n", (array)$http_response_header); +$ctype = '~Content-Type:\s+text/(css|plain)~i'; -// check content-type header and mod styles -$mimetype = strtolower($headers['content-type']); -if (!empty($source) && in_array($mimetype, array('text/css','text/plain'))) { +if ($source !== false && preg_match($ctype, $headers)) { header('Content-Type: text/css'); echo rcmail_mod_css_styles($source, preg_replace('/[^a-z0-9]/i', '', $_GET['_c'])); exit; } -else - $error = "Invalid response returned by server"; header('HTTP/1.0 404 Not Found'); -echo $error; -exit; - - +exit("Invalid response returned by server"); |