From ea7c46b4f37691702b8e78dea34c3e9a3afb232d Mon Sep 17 00:00:00 2001 From: thomascube Date: Fri, 3 Mar 2006 16:34:35 +0000 Subject: Improved reading of POST and GET values --- program/include/main.inc | 53 +++++++++++++++++++++++++++++++++++++++- program/include/rcube_shared.inc | 7 ++++-- 2 files changed, 57 insertions(+), 3 deletions(-) (limited to 'program/include') diff --git a/program/include/main.inc b/program/include/main.inc index 3a15bfd17..515de03b9 100644 --- a/program/include/main.inc +++ b/program/include/main.inc @@ -24,6 +24,12 @@ require_once('lib/utf7.inc'); require_once('lib/utf8.class.php'); +// define constannts for input reading +define('RCUBE_INPUT_GET', 0x0101); +define('RCUBE_INPUT_POST', 0x0102); +define('RCUBE_INPUT_GPC', 0x0103); + + // register session and connect to server function rcmail_startup($task='mail') { @@ -376,6 +382,8 @@ function rcmail_login($user, $pass, $host=NULL) $imap_ssl = (isset($a_host['scheme']) && in_array($a_host['scheme'], array('ssl','imaps','tls'))) ? TRUE : FALSE; $imap_port = isset($a_host['port']) ? $a_host['port'] : ($imap_ssl ? 993 : $CONFIG['default_port']); } + else + $imap_port = $CONFIG['default_port']; // query if user already registered $sql_result = $DB->query("SELECT user_id, username, language, preferences @@ -897,6 +905,49 @@ function rep_specialchars_output($str, $enctype='', $mode='', $newlines=TRUE) } +/** + * Read input value and convert it for internal use + * Performs stripslashes() and charset conversion if necessary + * + * @param string Field name to read + * @param int Source to get value from (GPC) + * @param boolean Allow HTML tags in field value + * @param string Charset to convert into + * @return string Field value or NULL if not available + */ +function get_input_value($fname, $source, $allow_html=FALSE, $charset=NULL) + { + global $OUTPUT; + $value = NULL; + + if ($source==RCUBE_INPUT_GET && isset($_GET[$fname])) + $value = $_GET[$fname]; + else if ($source==RCUBE_INPUT_POST && isset($_POST[$fname])) + $value = $_POST[$fname]; + else if ($source==RCUBE_INPUT_GPC) + { + if (isset($_GET[$fname])) + $value = $_GET[$fname]; + else if (isset($_POST[$fname])) + $value = $_POST[$fname]; + else if (isset($_COOKIE[$fname])) + $value = $_COOKIE[$fname]; + } + + // strip slashes if magic_quotes enabled + if ((bool)get_magic_quotes_gpc()) + $value = stripslashes($value); + + // remove HTML tags if not allowed + if (!$allow_html) + $value = strip_tags($value); + + // convert to internal charset + return rcube_charset_convert($value, $OUTPUT->get_charset(), $charset); + } + + + // ************** template parsing and gui functions ************** @@ -1482,7 +1533,7 @@ function rcmail_login_form($attrib) $input_action = new hiddenfield(array('name' => '_action', 'value' => 'login')); $fields = array(); - $fields['user'] = $input_user->show($_POST['_user']); + $fields['user'] = $input_user->show(get_input_value('_user', RCUBE_INPUT_POST)); $fields['pass'] = $input_pass->show(); $fields['action'] = $input_action->show(); diff --git a/program/include/rcube_shared.inc b/program/include/rcube_shared.inc index da5665199..77753f5b4 100644 --- a/program/include/rcube_shared.inc +++ b/program/include/rcube_shared.inc @@ -108,7 +108,7 @@ class rcube_html_page // set default page title if (!strlen($this->title)) - $this->title = 'RoundCube|Mail'; + $this->title = 'RoundCube Mail'; // replace specialchars in content $__page_title = rep_specialchars_output($this->title, 'html', 'show', FALSE); @@ -117,7 +117,10 @@ class rcube_html_page // include meta tag with charset if (!empty($this->charset)) - $__page_header = ''."\n";; + { + header('Content-Type: text/html; charset='.$this->charset); + $__page_header = ''."\n"; + } // definition of the code to be placed in the document header and footer -- cgit v1.2.3