From 3ad2b1b4b0ac0fc7a6c7a5adaad9a0616b890daf Mon Sep 17 00:00:00 2001 From: alecpl Date: Thu, 24 Nov 2011 07:53:00 +0000 Subject: - Applied fixes from trunk up to r5479 --- program/js/app.js | 278 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 143 insertions(+), 135 deletions(-) (limited to 'program/js/app.js') diff --git a/program/js/app.js b/program/js/app.js index 8b98a4268..6c0d2cd8d 100644 --- a/program/js/app.js +++ b/program/js/app.js @@ -37,7 +37,7 @@ function rcube_webmail() // webmail client settings this.dblclick_time = 500; - this.message_time = 2000; + this.message_time = 4000; this.identifier_expr = new RegExp('[^0-9a-z\-_]', 'gi'); @@ -128,7 +128,7 @@ function rcube_webmail() // initialize webmail client this.init = function() { - var p = this; + var n, p = this; this.task = this.env.task; // check browser @@ -138,13 +138,29 @@ function rcube_webmail() } // find all registered gui containers - for (var n in this.gui_containers) + for (n in this.gui_containers) this.gui_containers[n] = $('#'+this.gui_containers[n]); // find all registered gui objects - for (var n in this.gui_objects) + for (n in this.gui_objects) this.gui_objects[n] = rcube_find_object(this.gui_objects[n]); + // clickjacking protection + if (this.env.x_frame_options) { + try { + // bust frame if not allowed + if (this.env.x_frame_options == 'deny' && top.location.href != self.location.href) + top.location.href = self.location.href; + else if (top.location.hostname != self.location.hostname) + throw 1; + } catch (e) { + // possible clickjacking attack: disable all form elements + $('form').each(function(){ ref.lock_form(this, true); }); + this.display_message("Blocked: possible clickjacking attack!", 'error'); + return; + } + } + // init registered buttons this.init_buttons(); @@ -380,8 +396,10 @@ function rcube_webmail() $('#rcmloginpwd').focus(); // detect client timezone - var tz = new Date().getTimezoneOffset() / -60; - var stdtz = new Date().getStdTimezoneOffset() / -60; + var dt = new Date(), + tz = dt.getTimezoneOffset() / -60, + stdtz = dt.getStdTimezoneOffset() / -60; + $('#rcmlogintz').val(stdtz); $('#rcmlogindst').val(tz > stdtz ? 1 : 0); @@ -442,7 +460,7 @@ function rcube_webmail() // execute a specific command on the web client this.command = function(command, props, obj) { - var ret; + var ret, uid, cid, url, flag; if (obj && obj.blur) obj.blur(); @@ -517,7 +535,6 @@ function rcube_webmail() return false; case 'open': - var uid; if (uid = this.get_single_uid()) { obj.href = '?_task='+this.env.task+'&_action=show&_mbox='+urlencode(this.env.mailbox)+'&_uid='+uid; return true; @@ -586,7 +603,7 @@ function rcube_webmail() // common commands used in multiple tasks case 'show': if (this.task == 'mail') { - var uid = this.get_single_uid(); + uid = this.get_single_uid(); if (uid && (!this.env.uid || uid != this.env.uid)) { if (this.env.mailbox == this.env.drafts_mailbox) this.goto_url('compose', '_draft_uid='+uid+'&_mbox='+urlencode(this.env.mailbox), true); @@ -595,7 +612,7 @@ function rcube_webmail() } } else if (this.task == 'addressbook') { - var cid = props ? props : this.get_single_cid(); + cid = props ? props : this.get_single_cid(); if (cid && !(this.env.action == 'show' && cid == this.env.cid)) this.load_contact(cid, 'show'); } @@ -611,13 +628,12 @@ function rcube_webmail() break; case 'edit': - var cid; if (this.task=='addressbook' && (cid = this.get_single_cid())) this.load_contact(cid, 'edit'); else if (this.task=='settings' && props) this.load_identity(props, 'edit-identity'); else if (this.task=='mail' && (cid = this.get_single_uid())) { - var url = (this.env.mailbox == this.env.drafts_mailbox) ? '_draft_uid=' : '_uid='; + url = (this.env.mailbox == this.env.drafts_mailbox) ? '_draft_uid=' : '_uid='; this.goto_url('compose', url+cid+'&_mbox='+urlencode(this.env.mailbox), true); } break; @@ -695,7 +711,7 @@ function rcube_webmail() if (props && !props._row) break; - var uid, flag = 'read'; + flag = 'read'; if (props._row.uid) { uid = props._row.uid; @@ -715,7 +731,7 @@ function rcube_webmail() if (props && !props._row) break; - var uid, flag = 'flagged'; + flag = 'flagged'; if (props._row.uid) { uid = props._row.uid; @@ -811,7 +827,7 @@ function rcube_webmail() break; case 'compose': - var url = this.url('mail/compose'); + url = this.url('mail/compose'); if (this.task == 'mail') { url += '&_mbox='+urlencode(this.env.mailbox); @@ -921,9 +937,8 @@ function rcube_webmail() case 'reply-all': case 'reply-list': case 'reply': - var uid; if (uid = this.get_single_uid()) { - var url = '_reply_uid='+uid+'&_mbox='+urlencode(this.env.mailbox); + url = '_reply_uid='+uid+'&_mbox='+urlencode(this.env.mailbox); if (command == 'reply-all') // do reply-list, when list is detected and popup menu wasn't used url += '&_all=' + (!props && this.commands['reply-list'] ? 'list' : 'all'); @@ -936,7 +951,6 @@ function rcube_webmail() case 'forward-attachment': case 'forward': - var uid, url; if (uid = this.get_single_uid()) { url = '_forward_uid='+uid+'&_mbox='+urlencode(this.env.mailbox); if (command == 'forward-attachment' || (!props && this.env.forward_attachment)) @@ -946,7 +960,6 @@ function rcube_webmail() break; case 'print': - var uid; if (uid = this.get_single_uid()) { ref.printwin = window.open(this.env.comm_path+'&_action=print&_uid='+uid+'&_mbox='+urlencode(this.env.mailbox)+(this.env.safemode ? '&_safe=1' : '')); if (this.printwin) { @@ -958,7 +971,6 @@ function rcube_webmail() break; case 'viewsource': - var uid; if (uid = this.get_single_uid()) { ref.sourcewin = window.open(this.env.comm_path+'&_action=viewsource&_uid='+uid+'&_mbox='+urlencode(this.env.mailbox)); if (this.sourcewin) @@ -967,7 +979,6 @@ function rcube_webmail() break; case 'download': - var uid; if (uid = this.get_single_uid()) this.goto_url('viewsource', '&_uid='+uid+'&_mbox='+urlencode(this.env.mailbox)+'&_save=1'); break; @@ -1064,10 +1075,10 @@ function rcube_webmail() // set command(s) enabled or disabled this.enable_command = function() { - var args = Array.prototype.slice.call(arguments), + var i, n, args = Array.prototype.slice.call(arguments), enable = args.pop(), cmd; - for (var n=0; n= pos.x2 || mouse.y < pos.y1 || mouse.y >= pos.y2) { @@ -1318,10 +1347,10 @@ function rcube_webmail() } // over the folders - for (var k in this.env.folder_coords) { + for (k in this.env.folder_coords) { pos = this.env.folder_coords[k]; if (mouse.x >= pos.x1 && mouse.x < pos.x2 && mouse.y >= pos.y1 && mouse.y < pos.y2){ - if ((check = this.check_droptarget(k))) { + if ((check = this.check_droptarget(k))) { li = this.get_folder_li(k); div = $(li.getElementsByTagName('div')[0]); @@ -1332,9 +1361,9 @@ function rcube_webmail() this.folder_auto_expand = k; this.folder_auto_timer = window.setTimeout(function() { - rcmail.command('collapse-folder', rcmail.folder_auto_expand); - rcmail.drag_start(null); - }, 1000); + rcmail.command('collapse-folder', rcmail.folder_auto_expand); + rcmail.drag_start(null); + }, 1000); } else if (this.folder_auto_timer) { window.clearTimeout(this.folder_auto_timer); this.folder_auto_timer = null; @@ -1360,31 +1389,29 @@ function rcube_webmail() } }; - this.collapse_folder = function(id) + this.collapse_folder = function(name) { - var li = this.get_folder_li(id), - div = $(li.getElementsByTagName('div')[0]); - - if (!div || (!div.hasClass('collapsed') && !div.hasClass('expanded'))) - return; - - var ul = $(li.getElementsByTagName('ul')[0]); + var li = this.get_folder_li(name, '', true), + div = $('div:first', li), + ul = $('ul:first', li); if (div.hasClass('collapsed')) { ul.show(); div.removeClass('collapsed').addClass('expanded'); - var reg = new RegExp('&'+urlencode(id)+'&'); + var reg = new RegExp('&'+urlencode(name)+'&'); this.env.collapsed_folders = this.env.collapsed_folders.replace(reg, ''); } - else { + else if (div.hasClass('expanded')) { ul.hide(); div.removeClass('expanded').addClass('collapsed'); - this.env.collapsed_folders = this.env.collapsed_folders+'&'+urlencode(id)+'&'; + this.env.collapsed_folders = this.env.collapsed_folders+'&'+urlencode(name)+'&'; // select parent folder if one of its childs is currently selected - if (this.env.mailbox.indexOf(id + this.env.delimiter) == 0) - this.command('list', id); + if (this.env.mailbox.indexOf(name + this.env.delimiter) == 0) + this.command('list', name); } + else + return; // Work around a bug in IE6 and IE7, see #1485309 if (bw.ie6 || bw.ie7) { @@ -1396,7 +1423,7 @@ function rcube_webmail() } this.command('save-pref', { name: 'collapsed_folders', value: this.env.collapsed_folders }); - this.set_unread_count_display(id, false); + this.set_unread_count_display(name, false); }; this.doc_mouse_up = function(e) @@ -1989,7 +2016,7 @@ function rcube_webmail() if (mbox != this.env.mailbox || (mbox == this.env.mailbox && !page && !sort)) url += '&_refresh=1'; - this.select_folder(mbox); + this.select_folder(mbox, '', true); this.env.mailbox = mbox; // load message list remotely @@ -3349,16 +3376,8 @@ function rcube_webmail() this.remove_from_attachment_list = function(name) { - if (this.env.attachments[name]) - delete this.env.attachments[name]; - - if (!this.gui_objects.attachmentlist) - return false; - - var list = this.gui_objects.attachmentlist.getElementsByTagName("li"); - for (i=0; i 0; i++) { + if (results && (len = results.length)) { + for (i=0; i < len && maxlen > 0; i++) { text = typeof results[i] === 'object' ? results[i].name : results[i]; li = document.createElement('LI'); li.innerHTML = text.replace(new RegExp('('+RegExp.escape(value)+')', 'ig'), '##$1%%').replace(//g, '>').replace(/##([^%]+)%%/g, '$1'); @@ -3748,7 +3767,7 @@ function rcube_webmail() } } - if (results && results.length) + if (len) this.env.contacts = this.env.contacts.concat(results); // run next parallel search @@ -4031,10 +4050,10 @@ function rcube_webmail() this.delete_contacts = function() { - // exit if no mailbox specified or if selection is empty var selection = this.contact_list.get_selection(), undelete = this.env.address_sources[this.env.source].undelete; + // exit if no mailbox specified or if selection is empty if (!(selection.length || this.env.cid) || (!undelete && !confirm(this.get_label('deletecontactconfirm')))) return; @@ -4075,7 +4094,7 @@ function rcube_webmail() { var c, row, list = this.contact_list; - cid = String(cid).replace(this.identifier_expr, '_'); + cid = this.html_identifier(cid); // when in searching mode, concat cid with the source name if (!list.rows[cid]) { @@ -4091,7 +4110,7 @@ function rcube_webmail() // cid change if (newcid) { - newcid = String(newcid).replace(this.identifier_expr, '_'); + newcid = this.html_identifier(newcid); row.id = 'rcmrow' + newcid; list.remove_row(cid); list.init_row(row); @@ -4110,7 +4129,7 @@ function rcube_webmail() var c, list = this.contact_list, row = document.createElement('tr'); - row.id = 'rcmrow'+String(cid).replace(this.identifier_expr, '_'); + row.id = 'rcmrow'+this.html_identifier(cid); row.className = 'contact'; if (list.in_selection(cid)) @@ -4292,7 +4311,7 @@ function rcube_webmail() .attr('rel', prop.source+':'+prop.id) .click(function() { return rcmail.command('listgroup', prop, this); }) .html(prop.name), - li = $('
  • ').attr({id: 'rcmli'+key.replace(this.identifier_expr, '_'), 'class': 'contactgroup'}) + li = $('
  • ').attr({id: 'rcmli'+this.html_identifier(key), 'class': 'contactgroup'}) .append(link); this.env.contactfolders[key] = this.env.contactgroups[key] = prop; @@ -4315,7 +4334,7 @@ function rcube_webmail() var newkey = 'G'+prop.source+prop.newid, newprop = $.extend({}, prop);; - li.id = String('rcmli'+newkey).replace(this.identifier_expr, '_'); + li.id = 'rcmli' + this.html_identifier(newkey); this.env.contactfolders[newkey] = this.env.contactfolders[key]; this.env.contactfolders[newkey].id = prop.newid; this.env.group = prop.newid; @@ -4347,7 +4366,7 @@ function rcube_webmail() { var row, name = prop.name.toUpperCase(), sibling = this.get_folder_li(prop.source), - prefix = 'rcmliG'+(prop.source).replace(this.identifier_expr, '_'); + prefix = 'rcmliG' + this.html_identifier(prop.source); // When renaming groups, we need to remove it from DOM and insert it in the proper place if (reloc) { @@ -4418,7 +4437,7 @@ function rcube_webmail() .appendTo(cell); this.init_edit_field(col, input); - + if (colprop.type == 'date' && $.datepicker) input.datepicker(); } @@ -4580,7 +4599,7 @@ function rcube_webmail() .attr('rel', id) .click(function() { return rcmail.command('listsearch', id, this); }) .html(name), - li = $('
  • ').attr({id: 'rcmli'+key.replace(this.identifier_expr, '_'), 'class': 'contactsearch'}) + li = $('
  • ').attr({id: 'rcmli' + this.html_identifier(key), 'class': 'contactsearch'}) .append(link), prop = {name:name, id:id, li:li[0]}; @@ -5151,17 +5170,18 @@ function rcube_webmail() init_button(cmd, this.buttons[cmd][i]); } } + + // set active task button + this.set_button(this.task, 'sel'); }; // set button to a specific state this.set_button = function(command, state) { - var button, obj, a_buttons = this.buttons[command]; - - if (!a_buttons || !a_buttons.length) - return false; + var n, button, obj, a_buttons = this.buttons[command], + len = a_buttons ? a_buttons.length : 0; - for (var n=0; n'+plainText+'' : ''); + $('#'+id).val(plainText ? '
    '+plainText+'
    ' : ''); this.set_busy(false, null, lock); }; -- cgit v1.2.3