From 853696b15a11708e04412001f68a516f2332363c Mon Sep 17 00:00:00 2001 From: thomascube Date: Mon, 5 Sep 2011 08:49:04 +0000 Subject: Backport changes from trunk up to r5164 --- CHANGELOG | 4 +++ config/main.inc.php.dist | 4 +++ installer/index.php | 28 +++++++++++++++++ installer/rcube_install.php | 17 +++++----- installer/utils.php | 18 +++++++++-- plugins/new_user_identity/new_user_identity.php | 10 +++--- program/include/rcube_ldap.php | 7 +++-- program/include/rcube_template.php | 5 +++ program/include/rcube_user.php | 2 +- program/include/rcube_vcard.php | 42 +++++++++++++++++++------ program/js/app.js | 10 +++--- program/localization/en_US/labels.inc | 2 ++ program/localization/pl_PL/labels.inc | 2 ++ program/steps/addressbook/func.inc | 2 +- 14 files changed, 120 insertions(+), 33 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index a7e71daf6..18c158234 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,6 +1,10 @@ CHANGELOG Roundcube Webmail =========================== +- Fallback to mail_domain in LDAP variable replacements; add 'host' to 'user_create' hook arguments (#1488024) +- Fixed wrong vCard type parameter mobile (#1488067) +- Fixed vCard WORKFAX issue (#1488046) +- Add vCard's Profile URL support (#1488062) - Fix imap_cache setting to values other than 'db' (#1488060) - Fix handling of attachments inside message/rfc822 parts (#1488026) - Make list of mimetypes that open in preview window configurable (#1487625) diff --git a/config/main.inc.php.dist b/config/main.inc.php.dist index 94bb79fb1..05cabcc08 100644 --- a/config/main.inc.php.dist +++ b/config/main.inc.php.dist @@ -237,6 +237,10 @@ $rcmail_config['ip_check'] = false; // check referer of incoming requests $rcmail_config['referer_check'] = false; +// X-Frame-Options HTTP header value sent to prevent from Clickjacking. +// Possible values: sameorigin|deny. Set to false in order to disable sending them +$rcmail_confoig['x_frame_options'] = 'sameorigin'; + // this key is used to encrypt the users imap password which is stored // in the session record (and the client cookie if remember password is enabled). // please provide a string of exactly 24 chars. diff --git a/installer/index.php b/installer/index.php index 8df7ab0ef..7ed52240b 100644 --- a/installer/index.php +++ b/installer/index.php @@ -1,5 +1,33 @@ | + +-------------------------------------------------------------------------+ + + $Id$ + +*/ + ini_set('error_reporting', E_ALL&~E_NOTICE); ini_set('display_errors', 1); diff --git a/installer/rcube_install.php b/installer/rcube_install.php index c8c103a95..ff3f7a4c3 100644 --- a/installer/rcube_install.php +++ b/installer/rcube_install.php @@ -5,7 +5,7 @@ | rcube_install.php | | | | This file is part of the Roundcube Webmail package | - | Copyright (C) 2008-2009, The Roundcube Dev Team | + | Copyright (C) 2008-2011, The Roundcube Dev Team | | Licensed under the GNU Public License | +-----------------------------------------------------------------------+ @@ -95,14 +95,15 @@ class rcube_install */ function _load_config($suffix) { - @include RCMAIL_CONFIG_DIR . '/main.inc' . $suffix; - if (is_array($rcmail_config)) { - $this->config += $rcmail_config; + if (is_readable($main_inc = RCMAIL_CONFIG_DIR . '/main.inc' . $suffix)) { + include($main_inc); + if (is_array($rcmail_config)) + $this->config += $rcmail_config; } - - @include RCMAIL_CONFIG_DIR . '/db.inc'. $suffix; - if (is_array($rcmail_config)) { - $this->config += $rcmail_config; + if (is_readable($db_inc = RCMAIL_CONFIG_DIR . '/db.inc'. $suffix)) { + include($db_inc); + if (is_array($rcmail_config)) + $this->config += $rcmail_config; } } diff --git a/installer/utils.php b/installer/utils.php index b08a118a5..a7521b980 100644 --- a/installer/utils.php +++ b/installer/utils.php @@ -2,9 +2,9 @@ /* +-------------------------------------------------------------------------+ | Roundcube Webmail IMAP Client | - | Version 0.3-20090702 | + | Version 0.6 | | | - | Copyright (C) 2005-2009, The Roundcube Dev Team | + | Copyright (C) 2005-2011, The Roundcube Dev Team | | | | This program is free software; you can redistribute it and/or modify | | it under the terms of the GNU General Public License version 2 | @@ -64,3 +64,17 @@ function raise_error($p) $rci = rcube_install::get_instance(); $rci->raise_error($p); } + +/** + * Local callback function for PEAR errors + */ +function rcube_pear_error($err) +{ + raise_error(array( + 'code' => $err->getCode(), + 'message' => $err->getMessage(), + )); +} + +// set PEAR error handling (will also load the PEAR main class) +PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'rcube_pear_error'); diff --git a/plugins/new_user_identity/new_user_identity.php b/plugins/new_user_identity/new_user_identity.php index 2fc025b59..32c2c9d03 100644 --- a/plugins/new_user_identity/new_user_identity.php +++ b/plugins/new_user_identity/new_user_identity.php @@ -6,7 +6,7 @@ * * This plugin requires that a working public_ldap directory be configured. * - * @version 1.02 + * @version 1.05 * @author Kris Steinhoff * * Example configuration: @@ -39,7 +39,7 @@ class new_user_identity extends rcube_plugin { $rcmail = rcmail::get_instance(); - if ($this->init_ldap()) { + if ($this->init_ldap($args['host'])) { $results = $this->ldap->search('*', $args['user'], TRUE); if (count($results->records) == 1) { $args['user_name'] = $results->records[0]['name']; @@ -54,7 +54,7 @@ class new_user_identity extends rcube_plugin return $args; } - private function init_ldap() + private function init_ldap($host) { if ($this->ldap) return $this->ldap->ready; @@ -72,7 +72,7 @@ class new_user_identity extends rcube_plugin $this->ldap = new new_user_identity_ldap_backend( $ldap_config[$addressbook], $rcmail->config->get('ldap_debug'), - $rcmail->config->mail_domain($_SESSION['imap_host']), + $rcmail->config->mail_domain($host), $match); return $this->ldap->ready; @@ -81,7 +81,7 @@ class new_user_identity extends rcube_plugin class new_user_identity_ldap_backend extends rcube_ldap { - function __construct($p, $debug=false, $mail_domain=NULL, $search=null) + function __construct($p, $debug, $mail_domain, $search) { parent::__construct($p, $debug, $mail_domain); $this->prop['search_fields'] = (array)$search; diff --git a/program/include/rcube_ldap.php b/program/include/rcube_ldap.php index bf978a7ff..699691d87 100644 --- a/program/include/rcube_ldap.php +++ b/program/include/rcube_ldap.php @@ -181,8 +181,11 @@ class rcube_ldap extends rcube_addressbook } // Get the pieces needed for variable replacement. - $fu = $RCMAIL->user->get_username(); - list($u, $d) = explode('@', $fu); + if ($fu = $RCMAIL->user->get_username()) + list($u, $d) = explode('@', $fu); + else + $d = $this->mail_domain; + $dc = 'dc='.strtr($d, array('.' => ',dc=')); // hierarchal domain string $replaces = array('%dc' => $dc, '%d' => $d, '%fu' => $fu, '%u' => $u); diff --git a/program/include/rcube_template.php b/program/include/rcube_template.php index c4dd73b23..1ec8e7dd3 100755 --- a/program/include/rcube_template.php +++ b/program/include/rcube_template.php @@ -356,6 +356,11 @@ class rcube_template extends rcube_html_page // make sure all
tags have a valid request token $template = preg_replace_callback('/]+)>/Ui', array($this, 'alter_form_tag'), $template); $this->footer = preg_replace_callback('/]+)>/Ui', array($this, 'alter_form_tag'), $this->footer); + + // send clickjacking protection headers + $iframe = $this->framed || !empty($_REQUEST['_framed']); + if (!headers_sent() && ($xframe = $this->app->config->get('x_frame_options', 'sameorigin'))) + header('X-Frame-Options: ' . ($iframe && $xframe == 'deny' ? 'sameorigin' : $xframe)); // call super method parent::write($template, $this->config['skin_path']); diff --git a/program/include/rcube_user.php b/program/include/rcube_user.php index d2bbaa176..dc5767d14 100644 --- a/program/include/rcube_user.php +++ b/program/include/rcube_user.php @@ -437,7 +437,7 @@ class rcube_user } $data = $rcmail->plugins->exec_hook('user_create', - array('user'=>$user, 'user_name'=>$user_name, 'user_email'=>$user_email)); + array('user'=>$user, 'user_name'=>$user_name, 'user_email'=>$user_email, 'host'=>$host)); // plugin aborted this operation if ($data['abort']) diff --git a/program/include/rcube_vcard.php b/program/include/rcube_vcard.php index c7dfe537b..283da1db7 100644 --- a/program/include/rcube_vcard.php +++ b/program/include/rcube_vcard.php @@ -50,8 +50,8 @@ class rcube_vcard 'spouse' => 'X-SPOUSE', 'edit' => 'X-AB-EDIT', ); - private $typemap = array('iPhone' => 'mobile', 'CELL' => 'mobile'); - private $phonetypemap = array('HOME1' => 'HOME', 'BUSINESS1' => 'WORK', 'BUSINESS2' => 'WORK2', 'BUSINESSFAX' => 'WORKFAX'); + private $typemap = array('iPhone' => 'mobile', 'CELL' => 'mobile', 'WORK,FAX' => 'workfax'); + private $phonetypemap = array('HOME1' => 'HOME', 'BUSINESS1' => 'WORK', 'BUSINESS2' => 'WORK2', 'BUSINESSFAX' => 'WORK,FAX'); private $addresstypemap = array('BUSINESS' => 'WORK'); private $immap = array('X-JABBER' => 'jabber', 'X-ICQ' => 'icq', 'X-MSN' => 'msn', 'X-AIM' => 'aim', 'X-YAHOO' => 'yahoo', 'X-SKYPE' => 'skype', 'X-SKYPE-USERNAME' => 'skype'); @@ -158,7 +158,8 @@ class rcube_vcard $subtype = ''; if (!empty($raw['type'])) { - $subtype = $typemap[$raw['type'][++$k]] ? $typemap[$raw['type'][$k]] : strtolower($raw['type'][$k]); + $combined = join(',', self::array_filter((array)$raw['type'], 'internet,pref', true)); + $subtype = $typemap[$combined] ? $typemap[$combined] : ($typemap[$raw['type'][++$k]] ? $typemap[$raw['type'][$k]] : strtolower($raw['type'][$k])); while ($k < count($raw['type']) && ($subtype == 'internet' || $subtype == 'pref')) $subtype = $typemap[$raw['type'][++$k]] ? $typemap[$raw['type'][$k]] : strtolower($raw['type'][$k]); } @@ -251,7 +252,7 @@ class rcube_vcard public function set($field, $value, $type = 'HOME') { $field = strtolower($field); - $type = strtoupper($type); + $type_uc = strtoupper($type); $typemap = array_flip($this->typemap); switch ($field) { @@ -300,7 +301,7 @@ class rcube_vcard break; case 'email': - $this->raw['EMAIL'][] = array(0 => $value, 'type' => array_filter(array('INTERNET', $type))); + $this->raw['EMAIL'][] = array(0 => $value, 'type' => array_filter(array('INTERNET', $type_uc))); $this->email[] = $value; break; @@ -317,8 +318,8 @@ class rcube_vcard break; case 'address': - if ($this->addresstypemap[$type]) - $type = $this->addresstypemap[$type]; + if ($this->addresstypemap[$type_uc]) + $type = $this->addresstypemap[$type_uc]; $value = $value[0] ? $value : array('', '', $value['street'], $value['locality'], $value['region'], $value['zipcode'], $value['country']); @@ -327,14 +328,14 @@ class rcube_vcard break; default: - if ($field == 'phone' && $this->phonetypemap[$type]) - $type = $this->phonetypemap[$type]; + if ($field == 'phone' && $this->phonetypemap[$type_uc]) + $type = $this->phonetypemap[$type_uc]; if (($tag = self::$fieldmap[$field]) && (is_array($value) || strlen($value))) { $index = count($this->raw[$tag]); $this->raw[$tag][$index] = (array)$value; if ($type) - $this->raw[$tag][$index]['type'] = array(($typemap[$type] ? $typemap[$type] : $type)); + $this->raw[$tag][$index]['type'] = explode(',', ($typemap[$type] ? $typemap[$type] : $type)); } break; } @@ -711,6 +712,27 @@ class rcube_vcard return true; } + /** + * Extract array values by a filter + * + * @param array Array to filter + * @param keys Array or comma separated list of values to keep + * @param boolean Invert key selection: remove the listed values + * @return array The filtered array + */ + private static function array_filter($arr, $values, $inverse = false) + { + if (!is_array($values)) + $values = explode(',', $values); + + $result = array(); + $keep = array_flip((array)$values); + foreach ($arr as $key => $val) + if ($inverse != isset($keep[strtolower($val)])) + $result[$key] = $val; + + return $result; + } /** * Returns UNICODE type based on BOM (Byte Order Mark) diff --git a/program/js/app.js b/program/js/app.js index 149736107..dc7aa3de3 100644 --- a/program/js/app.js +++ b/program/js/app.js @@ -990,7 +990,9 @@ function rcube_webmail() // reset quicksearch case 'reset-search': var n, s = this.env.search_request || this.env.qsearch; + this.reset_qsearch(); + this.select_all_mode = false; if (s && this.env.mailbox) this.list_mailbox(this.env.mailbox); @@ -1212,12 +1214,12 @@ function rcube_webmail() this.drag_menu = function(e, target) { var modkey = rcube_event.get_modifier(e), - menu = $('#'+this.gui_objects.message_dragmenu); + menu = this.gui_objects.message_dragmenu; if (menu && modkey == SHIFT_KEY && this.commands['copy']) { var pos = rcube_event.get_mouse_pos(e); this.env.drag_target = target; - menu.css({top: (pos.y-10)+'px', left: (pos.x-10)+'px'}).show(); + $(menu).css({top: (pos.y-10)+'px', left: (pos.x-10)+'px'}).show(); return true; } @@ -1226,9 +1228,9 @@ function rcube_webmail() this.drag_menu_action = function(action) { - var menu = $('#'+this.gui_objects.message_dragmenu); + var menu = this.gui_objects.message_dragmenu; if (menu) { - menu.hide(); + $(menu).hide(); } this.command(action, this.env.drag_target); this.env.drag_target = null; diff --git a/program/localization/en_US/labels.inc b/program/localization/en_US/labels.inc index efbc9a673..43a9b10b7 100644 --- a/program/localization/en_US/labels.inc +++ b/program/localization/en_US/labels.inc @@ -290,6 +290,8 @@ $labels['typepager'] = 'Pager'; $labels['typevideo'] = 'Video'; $labels['typeassistant'] = 'Assistant'; $labels['typehomepage'] = 'Home Page'; +$labels['typeblog'] = 'Blog'; +$labels['typeprofile'] = 'Profile'; $labels['addfield'] = 'Add field...'; $labels['addcontact'] = 'Add new contact'; diff --git a/program/localization/pl_PL/labels.inc b/program/localization/pl_PL/labels.inc index aa7127d04..5735977ae 100644 --- a/program/localization/pl_PL/labels.inc +++ b/program/localization/pl_PL/labels.inc @@ -399,6 +399,8 @@ $labels['typepager'] = 'Pager'; $labels['typevideo'] = 'Wideo'; $labels['typeassistant'] = 'Asystent'; $labels['typehomepage'] = 'Strona domowa'; +$labels['typeblog'] = 'Blog'; +$labels['typeprofile'] = 'Profil'; $labels['addfield'] = 'Dodaj pole...'; $labels['personalinfo'] = 'Informacje osobiste'; $labels['addphoto'] = 'Dodaj'; diff --git a/program/steps/addressbook/func.inc b/program/steps/addressbook/func.inc index 1ef55fd78..55d4255aa 100644 --- a/program/steps/addressbook/func.inc +++ b/program/steps/addressbook/func.inc @@ -46,7 +46,7 @@ $CONTACT_COLTYPES = array( ), 'category' => 'main'), 'birthday' => array('type' => 'date', 'size' => 12, 'maxlength' => 16, 'label' => rcube_label('birthday'), 'limit' => 1, 'render_func' => 'rcmail_format_date_col', 'category' => 'personal'), 'anniversary' => array('type' => 'date', 'size' => 12, 'maxlength' => 16, 'label' => rcube_label('anniversary'), 'limit' => 1, 'render_func' => 'rcmail_format_date_col', 'category' => 'personal'), - 'website' => array('type' => 'text', 'size' => 40, 'maxlength' => 50, 'label' => rcube_label('website'), 'subtypes' => array('homepage','work','blog','other'), 'category' => 'main'), + 'website' => array('type' => 'text', 'size' => 40, 'maxlength' => 50, 'label' => rcube_label('website'), 'subtypes' => array('homepage','work','blog','profile','other'), 'category' => 'main'), 'im' => array('type' => 'text', 'size' => 40, 'maxlength' => 50, 'label' => rcube_label('instantmessenger'), 'subtypes' => array('aim','icq','msn','yahoo','jabber','skype','other'), 'category' => 'main'), 'notes' => array('type' => 'textarea', 'size' => 40, 'rows' => 15, 'maxlength' => 500, 'label' => rcube_label('notes'), 'limit' => 1), 'photo' => array('type' => 'image', 'limit' => 1, 'category' => 'main'), -- cgit v1.2.3