githubFork/roundcubemail.git

Fix path traversal vulnerability in setting a skin (#1490620)

Aleksander Machniak

2015-12-22 10e5192a2b1bc90ec137f5e69d0aa072c1210d6d

commit \| author \| age
47124c	1	<?php
T	2
a95874	3	/**
47124c	4	+-----------------------------------------------------------------------+
60226a	5	\| program/include/rcmail_output_html.php \|
47124c	6	\| \|
e019f2	7	\| This file is part of the Roundcube Webmail client \|
b0ce5c	8	\| Copyright (C) 2006-2014, The Roundcube Dev Team \|
7fe381	9	\| \|
T	10	\| Licensed under the GNU General Public License version 3 or \|
	11	\| any later version with exceptions for skins & plugins. \|
	12	\| See the README file for a full license statement. \|
47124c	13	\| \|
T	14	\| PURPOSE: \|
	15	\| Class to handle HTML page output using a skin template. \|
	16	\| \|
	17	+-----------------------------------------------------------------------+
	18	\| Author: Thomas Bruederli <roundcube@gmail.com> \|
	19	+-----------------------------------------------------------------------+
041c93	20	*/
47124c	21
T	22	/**
	23	* Class to create HTML page output using a skin template
	24	*
9ba496	25	* @package Webmail
9ab346	26	* @subpackage View
47124c	27	*/
60226a	28	class rcmail_output_html extends rcmail_output
47124c	29	{
c8a21d	30	public $type = 'html';
0c2596	31
8f57ce	32	protected $message;
0c2596	33	protected $template_name;
8f57ce	34	protected $js_env = array();
AM	35	protected $js_labels = array();
	36	protected $js_commands = array();
	37	protected $skin_paths = array();
0c2596	38	protected $scripts_path = '';
A	39	protected $script_files = array();
8f57ce	40	protected $css_files = array();
AM	41	protected $scripts = array();
0c2596	42	protected $default_template = "<html>\n<head><title></title></head>\n<body></body>\n</html>";
A	43	protected $header = '';
	44	protected $footer = '';
	45	protected $body = '';
	46	protected $base_path = '';
681ba6	47	protected $assets_path;
AM	48	protected $assets_dir = RCUBE_INSTALL_PATH;
538e64	49	protected $devel_mode = false;
47124c	50
7fcb56	51	// deprecated names of templates used before 0.5
0c2596	52	protected $deprecated_templates = array(
A	53	'contact' => 'showcontact',
	54	'contactadd' => 'addcontact',
	55	'contactedit' => 'editcontact',
7fcb56	56	'identityedit' => 'editidentity',
T	57	'messageprint' => 'printmessage',
	58	);
	59
47124c	60	/**
T	61	* Constructor
	62	*/
0c2596	63	public function __construct($task = null, $framed = false)
47124c	64	{
T	65	parent::__construct();
538e64	66
AM	67	$this->devel_mode = $this->config->get('devel_mode');
47124c	68
83a763	69	$this->set_env('task', $task);
0c2596	70	$this->set_env('x_frame_options', $this->config->get('x_frame_options', 'sameorigin'));
3863a9	71	$this->set_env('standard_windows', (bool) $this->config->get('standard_windows'));
244126	72	$this->set_env('locale', $_SESSION['language']);
47124c	73
ae7027	74	// add cookie info
AM	75	$this->set_env('cookie_domain', ini_get('session.cookie_domain'));
	76	$this->set_env('cookie_path', ini_get('session.cookie_path'));
39b905	77	$this->set_env('cookie_secure', filter_var(ini_get('session.cookie_secure'), FILTER_VALIDATE_BOOLEAN));
ae7027	78
423065	79	// load the correct skin (in case user-defined)
740875	80	$skin = $this->config->get('skin');
AM	81	$this->set_skin($skin);
	82	$this->set_env('skin', $skin);
681ba6	83
AM	84	$this->set_assets_path($this->config->get('assets_path'), $this->config->get('assets_dir'));
e58df3	85
271efe	86	if (!empty($_REQUEST['_extwin']))
0301d9	87	$this->set_env('extwin', 1);
8f57ce	88	if ($this->framed \|\| $framed)
0301d9	89	$this->set_env('framed', 1);
271efe	90
b34d67	91	$lic = <<<EOF
TB	92	/*
	93	@licstart The following is the entire license notice for the
	94	JavaScript code in this page.
	95
	96	Copyright (C) 2005-2014 The Roundcube Dev Team
	97
	98	The JavaScript code in this page is free software: you can redistribute
	99	it and/or modify it under the terms of the GNU General Public License
	100	as published by the Free Software Foundation, either version 3 of
	101	the License, or (at your option) any later version.
	102
	103	The code is distributed WITHOUT ANY WARRANTY; without even the implied
	104	warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
	105	See the GNU GPL for more details.
	106
	107	@licend The above is the entire license notice
	108	for the JavaScript code in this page.
	109	*/
	110	EOF;
47124c	111	// add common javascripts
b34d67	112	$this->add_script($lic, 'head_top');
60226a	113	$this->add_script('var '.self::JS_OBJECT_NAME.' = new rcube_webmail();', 'head_top');
47124c	114
T	115	// don't wait for page onload. Call init at the bottom of the page (delayed)
60226a	116	$this->add_script(self::JS_OBJECT_NAME.'.init();', 'docready');
47124c	117
T	118	$this->scripts_path = 'program/js/';
79275b	119	$this->include_script('jquery.min.js');
47124c	120	$this->include_script('common.js');
T	121	$this->include_script('app.js');
	122
	123	// register common UI objects
	124	$this->add_handlers(array(
	125	'loginform' => array($this, 'login_form'),
8e211a	126	'preloader' => array($this, 'preloader'),
47124c	127	'username' => array($this, 'current_username'),
T	128	'message' => array($this, 'message_container'),
	129	'charsetselector' => array($this, 'charset_selector'),
1a0f60	130	'aboutcontent' => array($this, 'about_content'),
47124c	131	));
T	132	}
	133
	134	/**
	135	* Set environment variable
	136	*
	137	* @param string Property name
	138	* @param mixed Property value
	139	* @param boolean True if this property should be added to client environment
	140	*/
	141	public function set_env($name, $value, $addtojs = true)
	142	{
	143	$this->env[$name] = $value;
0301d9	144
47124c	145	if ($addtojs \|\| isset($this->js_env[$name])) {
T	146	$this->js_env[$name] = $value;
	147	}
681ba6	148	}
AM	149
	150	/**
	151	* Parse and set assets path
	152	*
	153	* @param string Assets path (relative or absolute URL)
	154	*/
	155	public function set_assets_path($path, $fs_dir = null)
	156	{
	157	if (empty($path)) {
	158	return;
	159	}
	160
	161	$path = rtrim($path, '/') . '/';
	162
	163	// handle relative assets path
	164	if (!preg_match('\|^https?://\|', $path) && $path[0] != '/') {
	165	// save the path to search for asset files later
	166	$this->assets_dir = $path;
	167
	168	$base = preg_replace('/[?#&].*$/', '', $_SERVER['REQUEST_URI']);
	169	$base = rtrim($base, '/');
	170
	171	// remove url token if exists
	172	if ($len = intval($this->config->get('use_secure_urls'))) {
	173	$_base = explode('/', $base);
	174	$last = count($_base) - 1;
	175	$length = $len > 1 ? $len : 16; // as in rcube::get_secure_url_token()
	176
	177	// we can't use real token here because it
	178	// does not exists in unauthenticated state,
	179	// hope this will not produce false-positive matches
	180	if ($last > -1 && preg_match('/^[a-f0-9]{' . $length . '}$/', $_base[$last])) {
	181	$path = '../' . $path;
	182	}
	183	}
	184	}
	185
	186	// set filesystem path for assets
	187	if ($fs_dir) {
	188	if ($fs_dir[0] != '/') {
	189	$fs_dir = realpath(RCUBE_INSTALL_PATH . $fs_dir);
	190	}
	191	// ensure the path ends with a slash
	192	$this->assets_dir = rtrim($fs_dir, '/') . '/';
	193	}
	194
	195	$this->assets_path = $path;
	196	$this->set_env('assets_path', $path);
47124c	197	}
f645ce	198
T	199	/**
	200	* Getter for the current page title
	201	*
	202	* @return string The page title
	203	*/
0c2596	204	protected function get_pagetitle()
f645ce	205	{
T	206	if (!empty($this->pagetitle)) {
	207	$title = $this->pagetitle;
	208	}
	209	else if ($this->env['task'] == 'login') {
0c2596	210	$title = $this->app->gettext(array(
A	211	'name' => 'welcome',
	212	'vars' => array('product' => $this->config->get('product_name')
	213	)));
f645ce	214	}
T	215	else {
	216	$title = ucfirst($this->env['task']);
	217	}
ad334a	218
f645ce	219	return $title;
T	220	}
0c2596	221
e58df3	222	/**
A	223	* Set skin
	224	*/
	225	public function set_skin($skin)
	226	{
10e519	227	// Sanity check to prevent from path traversal vulnerability (#1490620)
AM	228	if (strpos($skin, '/') !== false \|\| strpos($skin, "\\") !== false) {
	229	rcube::raise_error(array(
	230	'file' => __FILE__,
	231	'line' => __LINE__,
	232	'message' => 'Invalid skin name'
	233	), true, false);
	234
	235	return false;
	236	}
	237
62c791	238	$valid = false;
b7addf	239	$path = RCUBE_INSTALL_PATH . 'skins/';
ad334a	240
b7addf	241	if (!empty($skin) && is_dir($path . $skin) && is_readable($path . $skin)) {
AM	242	$skin_path = 'skins/' . $skin;
	243	$valid = true;
62c791	244	}
T	245	else {
0c2596	246	$skin_path = $this->config->get('skin_path');
A	247	if (!$skin_path) {
aff970	248	$skin_path = 'skins/' . rcube_config::DEFAULT_SKIN;
0c2596	249	}
62c791	250	$valid = !$skin;
T	251	}
423065	252
1ffab0	253	$skin_path = rtrim($skin_path, '/');
AM	254
0c2596	255	$this->config->set('skin_path', $skin_path);
1730cf	256	$this->base_path = $skin_path;
ad334a	257
8fa22e	258	// register skin path(s)
TB	259	$this->skin_paths = array();
	260	$this->load_skin($skin_path);
	261
62c791	262	return $valid;
8fa22e	263	}
TB	264
	265	/**
	266	* Helper method to recursively read skin meta files and register search paths
	267	*/
	268	private function load_skin($skin_path)
	269	{
	270	$this->skin_paths[] = $skin_path;
	271
	272	// read meta file and check for dependecies
b7addf	273	$meta = @file_get_contents(RCUBE_INSTALL_PATH . $skin_path . '/meta.json');
AM	274	$meta = @json_decode($meta, true);
b0ce5c	275
93e640	276	$meta['path'] = $skin_path;
AM	277	$path_elements = explode('/', $skin_path);
	278	$skin_id = end($path_elements);
	279
b0ce5c	280	if (!$meta['name']) {
TB	281	$meta['name'] = $skin_id;
	282	}
93e640	283
b0ce5c	284	$this->skins[$skin_id] = $meta;
TB	285
b7addf	286	if ($meta['extends']) {
AM	287	$path = RCUBE_INSTALL_PATH . 'skins/';
	288	if (is_dir($path . $meta['extends']) && is_readable($path . $meta['extends'])) {
	289	$this->load_skin('skins/' . $meta['extends']);
	290	}
8fa22e	291	}
e58df3	292	}
fc7b5b	293
T	294	/**
e58df3	295	* Check if a specific template exists
A	296	*
	297	* @param string Template name
	298	* @return boolean True if template exists
	299	*/
	300	public function template_exists($name)
	301	{
8fa22e	302	foreach ($this->skin_paths as $skin_path) {
b7addf	303	$filename = RCUBE_INSTALL_PATH . $skin_path . '/templates/' . $name . '.html';
AM	304	if ((is_file($filename) && is_readable($filename))
	305	\|\| ($this->deprecated_templates[$name] && $this->template_exists($this->deprecated_templates[$name]))
	306	) {
	307	return true;
	308	}
8fa22e	309	}
47124c	310
b7addf	311	return false;
AM	312	}
47124c	313
T	314	/**
28de39	315	* Find the given file in the current skin path stack
TB	316	*
	317	* @param string File name/path to resolve (starting with /)
	318	* @param string Reference to the base path of the matching skin
	319	* @param string Additional path to search in
681ba6	320	*
28de39	321	* @return mixed Relative path to the requested file or False if not found
TB	322	*/
bc53e2	323	public function get_skin_file($file, &$skin_path = null, $add_path = null)
28de39	324	{
TB	325	$skin_paths = $this->skin_paths;
8f57ce	326	if ($add_path) {
28de39	327	array_unshift($skin_paths, $add_path);
8f57ce	328	}
28de39	329
TB	330	foreach ($skin_paths as $skin_path) {
681ba6	331	$path = realpath(RCUBE_INSTALL_PATH . $skin_path . $file);
AM	332
	333	if ($path && is_file($path)) {
28de39	334	return $skin_path . $file;
681ba6	335	}
AM	336
	337	if ($this->assets_dir != RCUBE_INSTALL_PATH) {
	338	$path = realpath($this->assets_dir . $skin_path . $file);
	339
	340	if ($path && is_file($path)) {
	341	return $skin_path . $file;
	342	}
28de39	343	}
TB	344	}
	345
	346	return false;
	347	}
	348
	349	/**
47124c	350	* Register a GUI object to the client script
T	351	*
	352	* @param string Object name
	353	* @param string Object ID
	354	* @return void
	355	*/
	356	public function add_gui_object($obj, $id)
	357	{
60226a	358	$this->add_script(self::JS_OBJECT_NAME.".gui_object('$obj', '$id');");
47124c	359	}
T	360
	361	/**
	362	* Call a client method
	363	*
	364	* @param string Method to call
	365	* @param ... Additional arguments
	366	*/
	367	public function command()
	368	{
0e99d3	369	$cmd = func_get_args();
f66383	370	if (strpos($cmd[0], 'plugin.') !== false)
8f57ce	371	$this->js_commands[] = array('triggerEvent', $cmd[0], $cmd[1]);
f66383	372	else
8f57ce	373	$this->js_commands[] = $cmd;
47124c	374	}
T	375
	376	/**
	377	* Add a localized label to the client environment
	378	*/
	379	public function add_label()
	380	{
cc97ea	381	$args = func_get_args();
T	382	if (count($args) == 1 && is_array($args[0]))
8f57ce	383	$args = $args[0];
ad334a	384
cc97ea	385	foreach ($args as $name) {
0c2596	386	$this->js_labels[$name] = $this->app->gettext($name);
47124c	387	}
T	388	}
	389
	390	/**
	391	* Invoke display_message command
	392	*
7f5a84	393	* @param string $message Message to display
A	394	* @param string $type Message type [notice\|confirm\|error]
	395	* @param array $vars Key-value pairs to be replaced in localized text
	396	* @param boolean $override Override last set message
	397	* @param int $timeout Message display time in seconds
47124c	398	* @uses self::command()
T	399	*/
7f5a84	400	public function show_message($message, $type='notice', $vars=null, $override=true, $timeout=0)
47124c	401	{
69f18a	402	if ($override \|\| !$this->message) {
0c2596	403	if ($this->app->text_exists($message)) {
8dd172	404	if (!empty($vars))
234fd1	405	$vars = array_map(array('rcube','Q'), $vars);
0c2596	406	$msgtext = $this->app->gettext(array('name' => $message, 'vars' => $vars));
8dd172	407	}
A	408	else
	409	$msgtext = $message;
	410
69f18a	411	$this->message = $message;
7f5a84	412	$this->command('display_message', $msgtext, $type, $timeout * 1000);
69f18a	413	}
47124c	414	}
T	415
	416	/**
	417	* Delete all stored env variables and commands
4d1fe2	418	*
AM	419	* @param bool $all Reset all env variables (including internal)
47124c	420	*/
4d1fe2	421	public function reset($all = false)
47124c	422	{
e46d06	423	$framed = $this->framed;
8f57ce	424	$env = $all ? null : array_intersect_key($this->env, array('extwin'=>1, 'framed'=>1));
d30460	425
0c2596	426	parent::reset();
d30460	427
TB	428	// let some env variables survive
8f57ce	429	$this->env = $this->js_env = $env;
AM	430	$this->framed = $framed \|\| $this->env['framed'];
4d1fe2	431	$this->js_labels = array();
AM	432	$this->js_commands = array();
0c2596	433	$this->script_files = array();
A	434	$this->scripts = array();
	435	$this->header = '';
	436	$this->footer = '';
	437	$this->body = '';
e46d06	438
TB	439	// load defaults
	440	if (!$all) {
	441	$this->__construct();
	442	}
47124c	443	}
0c2596	444
47124c	445	/**
c719f3	446	* Redirect to a certain url
T	447	*
681ba6	448	* @param mixed $p Either a string with the action or url parameters as key-value pairs
AM	449	* @param int $delay Delay in seconds
	450	* @param bool $secure Redirect to secure location (see rcmail::url())
c719f3	451	*/
681ba6	452	public function redirect($p = array(), $delay = 1, $secure = false)
c719f3	453	{
271efe	454	if ($this->env['extwin'])
TB	455	$p['extwin'] = 1;
681ba6	456	$location = $this->app->url($p, false, false, $secure);
c719f3	457	header('Location: ' . $location);
T	458	exit;
	459	}
	460
	461	/**
47124c	462	* Send the request output to the client.
T	463	* This will either parse a skin tempalte or send an AJAX response
	464	*
	465	* @param string Template name
	466	* @param boolean True if script should terminate (default)
	467	*/
	468	public function send($templ = null, $exit = true)
	469	{
	470	if ($templ != 'iframe') {
a366a3	471	// prevent from endless loops
f78dab	472	if ($exit != 'recur' && $this->app->plugins->is_processing('render_page')) {
0c2596	473	rcube::raise_error(array('code' => 505, 'type' => 'php',
030db5	474	'file' => __FILE__, 'line' => __LINE__,
T	475	'message' => 'Recursion alert: ignoring output->send()'), true, false);
a366a3	476	return;
T	477	}
47124c	478	$this->parse($templ, false);
T	479	}
	480	else {
4d1fe2	481	$this->framed = true;
47124c	482	$this->write();
T	483	}
	484
c6514e	485	// set output asap
T	486	ob_flush();
	487	flush();
ad334a	488
c6514e	489	if ($exit) {
47124c	490	exit;
T	491	}
	492	}
0c2596	493
47124c	494	/**
T	495	* Process template and write to stdOut
	496	*
0c2596	497	* @param string $template HTML template content
47124c	498	*/
T	499	public function write($template = '')
	500	{
8f57ce	501	if (!empty($this->script_files)) {
AM	502	$this->set_env('request_token', $this->app->get_request_token());
	503	}
ef27a6	504
ffc748	505	$commands = $this->get_js_commands($framed);
8f57ce	506
ffc748	507	// if all js commands go to parent window we can ignore all
AM	508	// script files and skip rcube_webmail initialization (#1489792)
	509	if ($framed) {
	510	$this->scripts = array();
	511	$this->script_files = array();
ef51ae	512	$this->header = '';
AM	513	$this->footer = '';
4d1fe2	514	}
ffc748	515
AM	516	// write all javascript commands
	517	$this->add_script($commands, 'head_top');
ad334a	518
c170bf	519	// send clickjacking protection headers
8f57ce	520	$iframe = $this->framed \|\| $this->env['framed'];
AM	521	if (!headers_sent() && ($xframe = $this->app->config->get('x_frame_options', 'sameorigin'))) {
c170bf	522	header('X-Frame-Options: ' . ($iframe && $xframe == 'deny' ? 'sameorigin' : $xframe));
8f57ce	523	}
47124c	524
T	525	// call super method
0c2596	526	$this->_write($template, $this->config->get('skin_path'));
47124c	527	}
T	528
	529	/**
c739c7	530	* Parse a specific skin template and deliver to stdout (or return)
47124c	531	*
T	532	* @param string Template name
	533	* @param boolean Exit script
c739c7	534	* @param boolean Don't write to stdout, return parsed content instead
A	535	*
47124c	536	* @link http://php.net/manual/en/function.exit.php
T	537	*/
c739c7	538	function parse($name = 'main', $exit = true, $write = true)
47124c	539	{
8f57ce	540	$plugin = false;
AM	541	$realname = $name;
8d526c	542	$plugin_skin_paths = array();
TB	543
8fa22e	544	$this->template_name = $realname;
8e99ff	545
8fa22e	546	$temp = explode('.', $name, 2);
e7008c	547	if (count($temp) > 1) {
8f57ce	548	$plugin = $temp[0];
AM	549	$name = $temp[1];
	550	$skin_dir = $plugin . '/skins/' . $this->config->get('skin');
ca18a9	551
8fa22e	552	// apply skin search escalation list to plugin directory
TB	553	foreach ($this->skin_paths as $skin_path) {
28de39	554	$plugin_skin_paths[] = $this->app->plugins->url . $plugin . '/' . $skin_path;
8fa22e	555	}
TB	556
	557	// add fallback to default skin
	558	if (is_dir($this->app->plugins->dir . $plugin . '/skins/default')) {
20d50d	559	$skin_dir = $plugin . '/skins/default';
28de39	560	$plugin_skin_paths[] = $this->app->plugins->url . $skin_dir;
8fa22e	561	}
TB	562
8d526c	563	// prepend plugin skin paths to search list
8fa22e	564	$this->skin_paths = array_merge($plugin_skin_paths, $this->skin_paths);
TB	565	}
	566
	567	// find skin template
	568	$path = false;
	569	foreach ($this->skin_paths as $skin_path) {
681ba6	570	$path = RCUBE_INSTALL_PATH . "$skin_path/templates/$name.html";
8fa22e	571
TB	572	// fallback to deprecated template names
	573	if (!is_readable($path) && $this->deprecated_templates[$realname]) {
681ba6	574	$path = RCUBE_INSTALL_PATH . "$skin_path/templates/" . $this->deprecated_templates[$realname] . ".html";
bc66f7	575
TB	576	if (is_readable($path)) {
	577	rcube::raise_error(array(
	578	'code' => 502, 'type' => 'php',
	579	'file' => __FILE__, 'line' => __LINE__,
	580	'message' => "Using deprecated template '" . $this->deprecated_templates[$realname]
	581	. "' in $skin_path/templates. Please rename to '$realname'"),
	582	true, false);
	583	}
8fa22e	584	}
TB	585
	586	if (is_readable($path)) {
	587	$this->config->set('skin_path', $skin_path);
3806f1	588	$this->base_path = preg_replace('!plugins/\w+/!', '', $skin_path); // set base_path to core skin directory (not plugin's skin)
44e3bf	589	$skin_dir = preg_replace('!^plugins/!', '', $skin_path);
8fa22e	590	break;
TB	591	}
	592	else {
	593	$path = false;
20d50d	594	}
e7008c	595	}
ad334a	596
ff73e0	597	// read template file
8fa22e	598	if (!$path \|\| ($templ = @file_get_contents($path)) === false) {
0c2596	599	rcube::raise_error(array(
0bd99d	600	'code' => 404,
47124c	601	'type' => 'php',
T	602	'line' => __LINE__,
	603	'file' => __FILE__,
ca18a9	604	'message' => 'Error loading template for '.$realname
397cf7	605	), true, $write);
8d526c	606
TB	607	$this->skin_paths = array_slice($this->skin_paths, count($plugin_skin_paths));
47124c	608	return false;
T	609	}
ad334a	610
66f68e	611	// replace all path references to plugins/... with the configured plugins dir
T	612	// and /this/ to the current plugin skin directory
e7008c	613	if ($plugin) {
20d50d	614	$templ = preg_replace(array('/\bplugins\//', '/(["\']?)\/this\//'), array($this->app->plugins->url, '\\1'.$this->app->plugins->url.$skin_dir.'/'), $templ);
e7008c	615	}
47124c	616
T	617	// parse for specialtags
	618	$output = $this->parse_conditions($templ);
	619	$output = $this->parse_xml($output);
ad334a	620
742d61	621	// trigger generic hook where plugins can put additional content to the page
ca18a9	622	$hook = $this->app->plugins->exec_hook("render_page", array('template' => $realname, 'content' => $output));
47124c	623
e4a4ca	624	// save some memory
A	625	$output = $hook['content'];
	626	unset($hook['content']);
	627
5172ac	628	// make sure all <form> tags have a valid request token
T	629	$output = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $output);
	630	$this->footer = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $this->footer);
	631
8d526c	632	// remove plugin skin paths from current context
TB	633	$this->skin_paths = array_slice($this->skin_paths, count($plugin_skin_paths));
	634
5be6dc	635	if (!$write) {
c739c7	636	return $output;
47124c	637	}
ad334a	638
5be6dc	639	$this->write(trim($output));
AM	640
47124c	641	if ($exit) {
T	642	exit;
	643	}
	644	}
	645
	646	/**
	647	* Return executable javascript code for all registered commands
	648	*
	649	* @return string $out
	650	*/
ffc748	651	protected function get_js_commands(&$framed = null)
47124c	652	{
19138e	653	$out = '';
ffc748	654	$parent_commands = 0;
19138e	655	$top_commands = array();
8f57ce	656
19138e	657	// these should be always on top,
AM	658	// e.g. hide_message() below depends on env.framed
	659	if (!$this->framed && !empty($this->js_env)) {
	660	$top_commands[] = array('set_env', $this->js_env);
	661	}
	662	if (!empty($this->js_labels)) {
	663	$top_commands[] = array('add_label', $this->js_labels);
	664	}
	665
	666	// unlock interface after iframe load
	667	$unlock = preg_replace('/[^a-z0-9]/i', '', $_REQUEST['_unlock']);
	668	if ($this->framed) {
	669	$top_commands[] = array('iframe_loaded', $unlock);
	670	}
	671	else if ($unlock) {
	672	$top_commands[] = array('hide_message', $unlock);
	673	}
	674
	675	$commands = array_merge($top_commands, $this->js_commands);
	676
	677	foreach ($commands as $i => $args) {
47124c	678	$method = array_shift($args);
8f57ce	679	$parent = $this->framed \|\| preg_match('/^parent\./', $method);
AM	680
47124c	681	foreach ($args as $i => $arg) {
0c2596	682	$args[$i] = self::json_serialize($arg);
47124c	683	}
8f57ce	684
ffc748	685	if ($parent) {
AM	686	$parent_commands++;
	687	$method = preg_replace('/^parent\./', '', $method);
	688	$parent_prefix = 'if (window.parent && parent.' . self::JS_OBJECT_NAME . ') parent.';
	689	$method = $parent_prefix . self::JS_OBJECT_NAME . '.' . $method;
	690	}
	691	else {
	692	$method = self::JS_OBJECT_NAME . '.' . $method;
	693	}
	694
	695	$out .= sprintf("%s(%s);\n", $method, implode(',', $args));
	696	}
	697
19138e	698	$framed = $parent_prefix && $parent_commands == count($commands);
ffc748	699
AM	700	// make the output more compact if all commands go to parent window
	701	if ($framed) {
	702	$out = "if (window.parent && parent." . self::JS_OBJECT_NAME . ") {\n"
	703	. str_replace($parent_prefix, "\tparent.", $out)
	704	. "}\n";
47124c	705	}
ad334a	706
47124c	707	return $out;
T	708	}
	709
	710	/**
	711	* Make URLs starting with a slash point to skin directory
	712	*
	713	* @param string Input string
28de39	714	* @param boolean True if URL should be resolved using the current skin path stack
47124c	715	* @return string
T	716	*/
28de39	717	public function abs_url($str, $search_path = false)
47124c	718	{
28de39	719	if ($str[0] == '/') {
8f57ce	720	if ($search_path && ($file_url = $this->get_skin_file($str, $skin_path))) {
28de39	721	return $file_url;
8f57ce	722	}
28de39	723
8fa22e	724	return $this->base_path . $str;
28de39	725	}
8f57ce	726
AM	727	return $str;
0c2596	728	}
A	729
	730	/**
	731	* Show error page and terminate script execution
	732	*
	733	* @param int $code Error code
	734	* @param string $message Error message
	735	*/
	736	public function raise_error($code, $message)
	737	{
	738	global $__page_content, $ERROR_CODE, $ERROR_MESSAGE;
	739
	740	$ERROR_CODE = $code;
	741	$ERROR_MESSAGE = $message;
	742
9be2f4	743	include RCUBE_INSTALL_PATH . 'program/steps/utils/error.inc';
0c2596	744	exit;
47124c	745	}
T	746
681ba6	747	/**
AM	748	* Modify path by adding URL prefix if configured
	749	*/
	750	public function asset_url($path)
	751	{
	752	// iframe content can't be in a different domain
	753	// @TODO: check if assests are on a different domain
	754
	755	if (!$this->assets_path \|\| in_array($path[0], array('?', '/', '.')) \|\| strpos($path, '://')) {
	756	return $path;
	757	}
	758
	759	return $this->assets_path . $path;
	760	}
	761
47124c	762
T	763	/*** Template parsing methods ***/
	764
	765	/**
	766	* Replace all strings ($varname)
	767	* with the content of the according global variable.
	768	*/
0c2596	769	protected function parse_with_globals($input)
47124c	770	{
0c2596	771	$GLOBALS['__version'] = html::quote(RCMAIL_VERSION);
A	772	$GLOBALS['__comm_path'] = html::quote($this->app->comm_path);
8fa22e	773	$GLOBALS['__skin_path'] = html::quote($this->base_path);
0c2596	774
5740c0	775	return preg_replace_callback('/\$(__[a-z0-9_\-]+)/',
0c2596	776	array($this, 'globals_callback'), $input);
5740c0	777	}
0c2596	778
5740c0	779	/**
A	780	* Callback funtion for preg_replace_callback() in parse_with_globals()
	781	*/
0c2596	782	protected function globals_callback($matches)
5740c0	783	{
A	784	return $GLOBALS[$matches[1]];
8fa22e	785	}
TB	786
	787	/**
	788	* Correct absolute paths in images and other tags
	789	* add timestamp to .js and .css filename
	790	*/
	791	protected function fix_paths($output)
	792	{
	793	return preg_replace_callback(
	794	'!(src\|href\|background)=(["\']?)([a-z0-9/_.-]+)(["\'\s>])!i',
	795	array($this, 'file_callback'), $output);
	796	}
	797
	798	/**
681ba6	799	* Callback function for preg_replace_callback in fix_paths()
8fa22e	800	*
TB	801	* @return string Parsed string
	802	*/
	803	protected function file_callback($matches)
	804	{
	805	$file = $matches[3];
76f4f7	806	$file = preg_replace('!^/this/!', '/', $file);
8fa22e	807
TB	808	// correct absolute paths
	809	if ($file[0] == '/') {
	810	$file = $this->base_path . $file;
	811	}
	812
	813	// add file modification timestamp
538e64	814	if (preg_match('/\.(js\|css)$/', $file, $m)) {
c562a3	815	$file = $this->file_mod($file);
8fa22e	816	}
TB	817
	818	return $matches[1] . '=' . $matches[2] . $file . $matches[4];
c562a3	819	}
AM	820
	821	/**
681ba6	822	* Correct paths of asset files according to assets_path
AM	823	*/
	824	protected function fix_assets_paths($output)
	825	{
	826	return preg_replace_callback(
	827	'!(src\|href\|background)=(["\']?)([a-z0-9/_.?=-]+)(["\'\s>])!i',
	828	array($this, 'assets_callback'), $output);
	829	}
	830
	831	/**
	832	* Callback function for preg_replace_callback in fix_assets_paths()
	833	*
	834	* @return string Parsed string
	835	*/
	836	protected function assets_callback($matches)
	837	{
	838	$file = $this->asset_url($matches[3]);
	839
	840	return $matches[1] . '=' . $matches[2] . $file . $matches[4];
	841	}
	842
	843	/**
c562a3	844	* Modify file by adding mtime indicator
AM	845	*/
	846	protected function file_mod($file)
	847	{
	848	$fs = false;
	849	$ext = substr($file, strrpos($file, '.') + 1);
	850
	851	// use minified file if exists (not in development mode)
	852	if (!$this->devel_mode && !preg_match('/\.min\.' . $ext . '$/', $file)) {
	853	$minified_file = substr($file, 0, strlen($ext) * -1) . 'min.' . $ext;
681ba6	854	if ($fs = @filemtime($this->assets_dir . $minified_file)) {
c562a3	855	return $minified_file . '?s=' . $fs;
AM	856	}
	857	}
	858
681ba6	859	if ($fs = @filemtime($this->assets_dir . $file)) {
c562a3	860	$file .= '?s=' . $fs;
AM	861	}
	862
	863	return $file;
47124c	864	}
0c2596	865
47124c	866	/**
T	867	* Public wrapper to dipp into template parsing.
	868	*
	869	* @param string $input
	870	* @return string
a7e8eb	871	* @uses rcmail_output_html::parse_xml()
47124c	872	* @since 0.1-rc1
T	873	*/
	874	public function just_parse($input)
	875	{
b01d84	876	$input = $this->parse_conditions($input);
AM	877	$input = $this->parse_xml($input);
	878
	879	return $input;
47124c	880	}
0c2596	881
47124c	882	/**
T	883	* Parse for conditional tags
	884	*
	885	* @param string $input
	886	* @return string
	887	*/
0c2596	888	protected function parse_conditions($input)
47124c	889	{
84581e	890	$matches = preg_split('/<roundcube:(if\|elseif\|else\|endif)\s+([^>]+)>\n?/is', $input, 2, PREG_SPLIT_DELIM_CAPTURE);
47124c	891	if ($matches && count($matches) == 4) {
T	892	if (preg_match('/^(else\|endif)$/i', $matches[1])) {
	893	return $matches[0] . $this->parse_conditions($matches[3]);
	894	}
0c2596	895	$attrib = html::parse_attrib_string($matches[2]);
47124c	896	if (isset($attrib['condition'])) {
T	897	$condmet = $this->check_condition($attrib['condition']);
84581e	898	$submatches = preg_split('/<roundcube:(elseif\|else\|endif)\s+([^>]+)>\n?/is', $matches[3], 2, PREG_SPLIT_DELIM_CAPTURE);
47124c	899	if ($condmet) {
T	900	$result = $submatches[0];
84581e	901	$result.= ($submatches[1] != 'endif' ? preg_replace('/.*<roundcube:endif\s+[^>]+>\n?/Uis', '', $submatches[3], 1) : $submatches[3]);
47124c	902	}
T	903	else {
	904	$result = "<roundcube:$submatches[1] $submatches[2]>" . $submatches[3];
	905	}
	906	return $matches[0] . $this->parse_conditions($result);
	907	}
0c2596	908	rcube::raise_error(array(
47124c	909	'code' => 500,
T	910	'type' => 'php',
	911	'line' => __LINE__,
	912	'file' => __FILE__,
	913	'message' => "Unable to parse conditional tag " . $matches[2]
	914	), true, false);
	915	}
	916	return $input;
	917	}
	918
	919	/**
	920	* Determines if a given condition is met
	921	*
	922	* @todo Extend this to allow real conditions, not just "set"
	923	* @param string Condition statement
8e1d4a	924	* @return boolean True if condition is met, False if not
47124c	925	*/
0c2596	926	protected function check_condition($condition)
47124c	927	{
029d18	928	return $this->eval_expression($condition);
549933	929	}
ad334a	930
549933	931	/**
2eb794	932	* Inserts hidden field with CSRF-prevention-token into POST forms
549933	933	*/
0c2596	934	protected function alter_form_tag($matches)
549933	935	{
0c2596	936	$out = $matches[0];
A	937	$attrib = html::parse_attrib_string($matches[1]);
ad334a	938
549933	939	if (strtolower($attrib['method']) == 'post') {
T	940	$hidden = new html_hiddenfield(array('name' => '_token', 'value' => $this->app->get_request_token()));
	941	$out .= "\n" . $hidden->show();
	942	}
ad334a	943
549933	944	return $out;
8e1d4a	945	}
A	946
	947	/**
58e3a5	948	* Parse & evaluate a given expression and return its result.
f790b4	949	*
AM	950	* @param string Expression statement
	951	*
	952	* @return mixed Expression result
8e1d4a	953	*/
f790b4	954	protected function eval_expression ($expression)
AM	955	{
58e3a5	956	$expression = preg_replace(
47124c	957	array(
T	958	'/session:([a-z0-9_]+)/i',
f645ce	959	'/config:([a-z0-9_]+)(:([a-z0-9_]+))?/i',
40353f	960	'/env:([a-z0-9_]+)/i',
A	961	'/request:([a-z0-9_]+)/i',
	962	'/cookie:([a-z0-9_]+)/i',
8e99ff	963	'/browser:([a-z0-9_]+)/i',
A	964	'/template:name/i',
47124c	965	),
T	966	array(
	967	"\$_SESSION['\\1']",
d67485	968	"\$app->config->get('\\1',rcube_utils::get_boolean('\\3'))",
AW	969	"\$env['\\1']",
1aceb9	970	"rcube_utils::get_input_value('\\1', rcube_utils::INPUT_GPC)",
a17fe6	971	"\$_COOKIE['\\1']",
d67485	972	"\$browser->{'\\1'}",
93e640	973	"'" . $this->template_name . "'",
47124c	974	),
58e3a5	975	$expression
AW	976	);
f790b4	977
d67485	978	$fn = create_function('$app,$browser,$env', "return ($expression);");
f790b4	979	if (!$fn) {
58e3a5	980	rcube::raise_error(array(
AW	981	'code' => 505,
	982	'type' => 'php',
	983	'file' => __FILE__,
	984	'line' => __LINE__,
	985	'message' => "Expression parse error on: ($expression)"), true, false);
f790b4	986
AM	987	return null;
58e3a5	988	}
f790b4	989
d67485	990	return $fn($this->app, $this->browser, $this->env);
47124c	991	}
T	992
	993	/**
	994	* Search for special tags in input and replace them
	995	* with the appropriate content
	996	*
	997	* @param string Input string to parse
	998	* @return string Altered input string
06655a	999	* @todo Use DOM-parser to traverse template HTML
47124c	1000	* @todo Maybe a cache.
T	1001	*/
0c2596	1002	protected function parse_xml($input)
47124c	1003	{
6af593	1004	return preg_replace_callback('/<roundcube:([-_a-z]+)\s+((?:[^>]\|\\\\>)+)(?<!\\\\)>/Ui', array($this, 'xml_command'), $input);
6f488b	1005	}
A	1006
	1007	/**
cc97ea	1008	* Callback function for parsing an xml command tag
T	1009	* and turn it into real html content
47124c	1010	*
cc97ea	1011	* @param array Matches array of preg_replace_callback
47124c	1012	* @return string Tag/Object content
T	1013	*/
0c2596	1014	protected function xml_command($matches)
47124c	1015	{
cc97ea	1016	$command = strtolower($matches[1]);
0c2596	1017	$attrib = html::parse_attrib_string($matches[2]);
47124c	1018
T	1019	// empty output if required condition is not met
	1020	if (!empty($attrib['condition']) && !$this->check_condition($attrib['condition'])) {
	1021	return '';
	1022	}
	1023
22a2c5	1024	// localize title and summary attributes
d58c39	1025	if ($command != 'button' && !empty($attrib['title']) && $this->app->text_exists($attrib['title'])) {
22a2c5	1026	$attrib['title'] = $this->app->gettext($attrib['title']);
TB	1027	}
d58c39	1028	if ($command != 'button' && !empty($attrib['summary']) && $this->app->text_exists($attrib['summary'])) {
22a2c5	1029	$attrib['summary'] = $this->app->gettext($attrib['summary']);
TB	1030	}
	1031
47124c	1032	// execute command
T	1033	switch ($command) {
	1034	// return a button
	1035	case 'button':
875a48	1036	if ($attrib['name'] \|\| $attrib['command']) {
47124c	1037	return $this->button($attrib);
T	1038	}
	1039	break;
	1040
b7d33e	1041	// frame
AM	1042	case 'frame':
	1043	return $this->frame($attrib);
	1044	break;
	1045
47124c	1046	// show a label
T	1047	case 'label':
8fa22e	1048	if ($attrib['expression'])
fe245e	1049	$attrib['name'] = $this->eval_expression($attrib['expression']);
8fa22e	1050
47124c	1051	if ($attrib['name'] \|\| $attrib['command']) {
0c2596	1052	$vars = $attrib + array('product' => $this->config->get('product_name'));
c87806	1053	unset($vars['name'], $vars['command']);
0d80fa	1054
AM	1055	$label = $this->app->gettext($attrib + array('vars' => $vars));
f707fe	1056	$quoting = !empty($attrib['quoting']) ? strtolower($attrib['quoting']) : (rcube_utils::get_boolean((string)$attrib['html']) ? 'no' : '');
0d80fa	1057
8ef203	1058	// 'noshow' can be used in skins to define new labels
TB	1059	if ($attrib['noshow']) {
	1060	return '';
	1061	}
	1062
fa8f6e	1063	switch ($quoting) {
TB	1064	case 'no':
0d80fa	1065	case 'raw':
AM	1066	break;
fa8f6e	1067	case 'javascript':
0d80fa	1068	case 'js':
10da75	1069	$label = rcube::JQ($label);
0d80fa	1070	break;
AM	1071	default:
	1072	$label = html::quote($label);
	1073	break;
fa8f6e	1074	}
0d80fa	1075
AM	1076	return $label;
47124c	1077	}
T	1078	break;
	1079
	1080	// include a file
	1081	case 'include':
8fa22e	1082	$old_base_path = $this->base_path;
175739	1083	if (!empty($attrib['skin_path'])) $attrib['skinpath'] = $attrib['skin_path'];
19b0d4	1084	if ($path = $this->get_skin_file($attrib['file'], $skin_path, $attrib['skinpath'])) {
2a0d3f	1085	$this->base_path = preg_replace('!plugins/\w+/!', '', $skin_path); // set base_path to core skin directory (not plugin's skin)
681ba6	1086	$path = realpath(RCUBE_INSTALL_PATH . $path);
8fa22e	1087	}
0c2596	1088
ff73e0	1089	if (is_readable($path)) {
0c2596	1090	if ($this->config->get('skin_include_php')) {
47124c	1091	$incl = $this->include_php($path);
T	1092	}
ff73e0	1093	else {
cc97ea	1094	$incl = file_get_contents($path);
T	1095	}
b4f7c6	1096	$incl = $this->parse_conditions($incl);
8fa22e	1097	$incl = $this->parse_xml($incl);
TB	1098	$incl = $this->fix_paths($incl);
	1099	$this->base_path = $old_base_path;
	1100	return $incl;
47124c	1101	}
T	1102	break;
	1103
	1104	case 'plugin.include':
cc97ea	1105	$hook = $this->app->plugins->exec_hook("template_plugin_include", $attrib);
T	1106	return $hook['content'];
ad334a	1107
cc97ea	1108	// define a container block
T	1109	case 'container':
	1110	if ($attrib['name'] && $attrib['id']) {
	1111	$this->command('gui_container', $attrib['name'], $attrib['id']);
	1112	// let plugins insert some content here
	1113	$hook = $this->app->plugins->exec_hook("template_container", $attrib);
	1114	return $hook['content'];
47124c	1115	}
T	1116	break;
	1117
	1118	// return code for a specific application object
	1119	case 'object':
	1120	$object = strtolower($attrib['name']);
cc97ea	1121	$content = '';
47124c	1122
T	1123	// we are calling a class/method
	1124	if (($handler = $this->object_handlers[$object]) && is_array($handler)) {
	1125	if ((is_object($handler[0]) && method_exists($handler[0], $handler[1])) \|\|
	1126	(is_string($handler[0]) && class_exists($handler[0])))
cc97ea	1127	$content = call_user_func($handler, $attrib);
47124c	1128	}
cc97ea	1129	// execute object handler function
47124c	1130	else if (function_exists($handler)) {
cc97ea	1131	$content = call_user_func($handler, $attrib);
47124c	1132	}
f23073	1133	else if ($object == 'doctype') {
T	1134	$content = html::doctype($attrib['value']);
	1135	}
ae39c4	1136	else if ($object == 'logo') {
T	1137	$attrib += array('alt' => $this->xml_command(array('', 'object', 'name="productname"')));
a77504	1138
fb4474	1139	if ($logo = $this->config->get('skin_logo')) {
P	1140	if (is_array($logo)) {
	1141	if ($template_logo = $logo[$this->template_name]) {
	1142	$attrib['src'] = $template_logo;
	1143	}
	1144	elseif ($template_logo = $logo['*']) {
	1145	$attrib['src'] = $template_logo;
	1146	}
	1147	}
	1148	else {
	1149	$attrib['src'] = $logo;
	1150	}
a77504	1151	}
P	1152
ae39c4	1153	$content = html::img($attrib);
T	1154	}
cc97ea	1155	else if ($object == 'productname') {
0c2596	1156	$name = $this->config->get('product_name', 'Roundcube Webmail');
A	1157	$content = html::quote($name);
47124c	1158	}
cc97ea	1159	else if ($object == 'version') {
c8fb2b	1160	$ver = (string)RCMAIL_VERSION;
9be2f4	1161	if (is_file(RCUBE_INSTALL_PATH . '.svn/entries')) {
c8fb2b	1162	if (preg_match('/Revision:\s(\d+)/', @shell_exec('svn info'), $regs))
T	1163	$ver .= ' [SVN r'.$regs[1].']';
	1164	}
9be2f4	1165	else if (is_file(RCUBE_INSTALL_PATH . '.git/index')) {
914c3e	1166	if (preg_match('/Date:\s+([^\n]+)/', @shell_exec('git log -1'), $regs)) {
AM	1167	if ($date = date('Ymd.Hi', strtotime($regs[1]))) {
	1168	$ver .= ' [GIT '.$date.']';
	1169	}
	1170	}
	1171	}
0c2596	1172	$content = html::quote($ver);
47124c	1173	}
cc97ea	1174	else if ($object == 'steptitle') {
0c2596	1175	$content = html::quote($this->get_pagetitle());
f645ce	1176	}
cc97ea	1177	else if ($object == 'pagetitle') {
538e64	1178	if ($this->devel_mode && !empty($_SESSION['username']))
0c2596	1179	$title = $_SESSION['username'].' :: ';
A	1180	else if ($prod_name = $this->config->get('product_name'))
	1181	$title = $prod_name . ' :: ';
159763	1182	else
0c2596	1183	$title = '';
f645ce	1184	$title .= $this->get_pagetitle();
0c2596	1185	$content = html::quote($title);
47124c	1186	}
ad334a	1187
cc97ea	1188	// exec plugin hooks for this template object
T	1189	$hook = $this->app->plugins->exec_hook("template_object_$object", $attrib + array('content' => $content));
	1190	return $hook['content'];
8e1d4a	1191
A	1192	// return code for a specified eval expression
	1193	case 'exp':
f790b4	1194	return html::quote($this->eval_expression($attrib['expression']));
ad334a	1195
47124c	1196	// return variable
T	1197	case 'var':
	1198	$var = explode(':', $attrib['name']);
	1199	$name = $var[1];
	1200	$value = '';
	1201
	1202	switch ($var[0]) {
	1203	case 'env':
	1204	$value = $this->env[$name];
	1205	break;
	1206	case 'config':
0c2596	1207	$value = $this->config->get($name);
c321a9	1208	if (is_array($value) && $value[$_SESSION['storage_host']]) {
T	1209	$value = $value[$_SESSION['storage_host']];
47124c	1210	}
T	1211	break;
	1212	case 'request':
1aceb9	1213	$value = rcube_utils::get_input_value($name, rcube_utils::INPUT_GPC);
47124c	1214	break;
T	1215	case 'session':
	1216	$value = $_SESSION[$name];
	1217	break;
d4273b	1218	case 'cookie':
A	1219	$value = htmlspecialchars($_COOKIE[$name]);
	1220	break;
a17fe6	1221	case 'browser':
A	1222	$value = $this->browser->{$name};
	1223	break;
47124c	1224	}
T	1225
	1226	if (is_array($value)) {
	1227	$value = implode(', ', $value);
	1228	}
	1229
0c2596	1230	return html::quote($value);
deb2b8	1231
TB	1232	case 'form':
	1233	return $this->form_tag($attrib);
47124c	1234	}
T	1235	return '';
	1236	}
0c2596	1237
47124c	1238	/**
T	1239	* Include a specific file and return it's contents
	1240	*
	1241	* @param string File path
	1242	* @return string Contents of the processed file
	1243	*/
0c2596	1244	protected function include_php($file)
47124c	1245	{
T	1246	ob_start();
	1247	include $file;
	1248	$out = ob_get_contents();
	1249	ob_end_clean();
	1250
	1251	return $out;
	1252	}
	1253
	1254	/**
	1255	* Create and register a button
	1256	*
	1257	* @param array Named button attributes
	1258	* @return string HTML button
	1259	* @todo Remove all inline JS calls and use jQuery instead.
	1260	* @todo Remove all sprintf()'s - they are pretty, but also slow.
	1261	*/
ed132e	1262	public function button($attrib)
47124c	1263	{
d01f9f	1264	static $s_button_count = 100;
AM	1265	static $disabled_actions = null;
47124c	1266
T	1267	// these commands can be called directly via url
cc97ea	1268	$a_static_commands = array('compose', 'list', 'preferences', 'folders', 'identities');
47124c	1269
c49c35	1270	if (!($attrib['command'] \|\| $attrib['name'] \|\| $attrib['href'])) {
47124c	1271	return '';
T	1272	}
ae0c82	1273
47124c	1274	// try to find out the button type
T	1275	if ($attrib['type']) {
	1276	$attrib['type'] = strtolower($attrib['type']);
d01f9f	1277	if ($pos = strpos($attrib['type'], '-menuitem')) {
AM	1278	$attrib['type'] = substr($attrib['type'], 0, -9);
	1279	$menuitem = true;
	1280	}
47124c	1281	}
T	1282	else {
	1283	$attrib['type'] = ($attrib['image'] \|\| $attrib['imagepas'] \|\| $attrib['imageact']) ? 'image' : 'link';
	1284	}
e9b5a6	1285
47124c	1286	$command = $attrib['command'];
T	1287
d01f9f	1288	if ($attrib['task']) {
AM	1289	$element = $command = $attrib['task'] . '.' . $command;
	1290	}
	1291	else {
	1292	$element = ($this->env['task'] ? $this->env['task'] . '.' : '') . $command;
	1293	}
	1294
	1295	if ($disabled_actions === null) {
	1296	$disabled_actions = (array) $this->config->get('disabled_actions');
	1297	}
	1298
	1299	// remove buttons for disabled actions
	1300	if (in_array($element, $disabled_actions)) {
	1301	return '';
	1302	}
ad334a	1303
af3cf8	1304	if (!$attrib['image']) {
T	1305	$attrib['image'] = $attrib['imagepas'] ? $attrib['imagepas'] : $attrib['imageact'];
	1306	}
47124c	1307
T	1308	if (!$attrib['id']) {
	1309	$attrib['id'] = sprintf('rcmbtn%d', $s_button_count++);
	1310	}
	1311	// get localized text for labels and titles
	1312	if ($attrib['title']) {
0c2596	1313	$attrib['title'] = html::quote($this->app->gettext($attrib['title'], $attrib['domain']));
47124c	1314	}
T	1315	if ($attrib['label']) {
0c2596	1316	$attrib['label'] = html::quote($this->app->gettext($attrib['label'], $attrib['domain']));
47124c	1317	}
T	1318	if ($attrib['alt']) {
0c2596	1319	$attrib['alt'] = html::quote($this->app->gettext($attrib['alt'], $attrib['domain']));
47124c	1320	}
9b2ccd	1321
e8bcf0	1322	// set accessibility attributes
TB	1323	if (!$attrib['role']) {
	1324	$attrib['role'] = 'button';
	1325	}
	1326	if (!empty($attrib['class']) && !empty($attrib['classact']) \|\| !empty($attrib['imagepas']) && !empty($attrib['imageact'])) {
ea0866	1327	if (array_key_exists('tabindex', $attrib))
TB	1328	$attrib['data-tabindex'] = $attrib['tabindex'];
e8bcf0	1329	$attrib['tabindex'] = '-1'; // disable button by default
TB	1330	$attrib['aria-disabled'] = 'true';
	1331	}
	1332
47124c	1333	// set title to alt attribute for IE browsers
c9e9fe	1334	if ($this->browser->ie && !$attrib['title'] && $attrib['alt']) {
A	1335	$attrib['title'] = $attrib['alt'];
47124c	1336	}
T	1337
	1338	// add empty alt attribute for XHTML compatibility
	1339	if (!isset($attrib['alt'])) {
	1340	$attrib['alt'] = '';
	1341	}
	1342
	1343	// register button in the system
	1344	if ($attrib['command']) {
	1345	$this->add_script(sprintf(
	1346	"%s.register_button('%s', '%s', '%s', '%s', '%s', '%s');",
60226a	1347	self::JS_OBJECT_NAME,
47124c	1348	$command,
T	1349	$attrib['id'],
	1350	$attrib['type'],
ae0c82	1351	$attrib['imageact'] ? $this->abs_url($attrib['imageact']) : $attrib['classact'],
A	1352	$attrib['imagesel'] ? $this->abs_url($attrib['imagesel']) : $attrib['classsel'],
	1353	$attrib['imageover'] ? $this->abs_url($attrib['imageover']) : ''
47124c	1354	));
T	1355
	1356	// make valid href to specific buttons
197601	1357	if (in_array($attrib['command'], rcmail::$main_tasks)) {
0c2596	1358	$attrib['href'] = $this->app->url(array('task' => $attrib['command']));
60226a	1359	$attrib['onclick'] = sprintf("return %s.command('switch-task','%s',this,event)", self::JS_OBJECT_NAME, $attrib['command']);
47124c	1360	}
e9b5a6	1361	else if ($attrib['task'] && in_array($attrib['task'], rcmail::$main_tasks)) {
0c2596	1362	$attrib['href'] = $this->app->url(array('action' => $attrib['command'], 'task' => $attrib['task']));
e9b5a6	1363	}
47124c	1364	else if (in_array($attrib['command'], $a_static_commands)) {
0c2596	1365	$attrib['href'] = $this->app->url(array('action' => $attrib['command']));
a25d39	1366	}
271efe	1367	else if (($attrib['command'] == 'permaurl' \|\| $attrib['command'] == 'extwin') && !empty($this->env['permaurl'])) {
29f977	1368	$attrib['href'] = $this->env['permaurl'];
T	1369	}
47124c	1370	}
T	1371
	1372	// overwrite attributes
	1373	if (!$attrib['href']) {
	1374	$attrib['href'] = '#';
	1375	}
e9b5a6	1376	if ($attrib['task']) {
T	1377	if ($attrib['classact'])
	1378	$attrib['class'] = $attrib['classact'];
	1379	}
	1380	else if ($command && !$attrib['onclick']) {
47124c	1381	$attrib['onclick'] = sprintf(
c28161	1382	"return %s.command('%s','%s',this,event)",
60226a	1383	self::JS_OBJECT_NAME,
47124c	1384	$command,
T	1385	$attrib['prop']
	1386	);
	1387	}
	1388
	1389	$out = '';
	1390
	1391	// generate image tag
0c2596	1392	if ($attrib['type'] == 'image') {
47124c	1393	$attrib_str = html::attrib_string(
T	1394	$attrib,
	1395	array(
c9e9fe	1396	'style', 'class', 'id', 'width', 'height', 'border', 'hspace',
A	1397	'vspace', 'align', 'alt', 'tabindex', 'title'
47124c	1398	)
T	1399	);
ae0c82	1400	$btn_content = sprintf('<img src="%s"%s />', $this->abs_url($attrib['image']), $attrib_str);
47124c	1401	if ($attrib['label']) {
T	1402	$btn_content .= ' '.$attrib['label'];
	1403	}
c9e9fe	1404	$link_attrib = array('href', 'onclick', 'onmouseover', 'onmouseout', 'onmousedown', 'onmouseup', 'target');
47124c	1405	}
0c2596	1406	else if ($attrib['type'] == 'link') {
356a67	1407	$btn_content = isset($attrib['content']) ? $attrib['content'] : ($attrib['label'] ? $attrib['label'] : $attrib['command']);
59cdb4	1408	$link_attrib = array_merge(html::$common_attrib, array('href', 'onclick', 'tabindex', 'target'));
5587b3	1409	if ($attrib['innerclass'])
T	1410	$btn_content = html::span($attrib['innerclass'], $btn_content);
47124c	1411	}
0c2596	1412	else if ($attrib['type'] == 'input') {
47124c	1413	$attrib['type'] = 'button';
T	1414
	1415	if ($attrib['label']) {
	1416	$attrib['value'] = $attrib['label'];
	1417	}
f94e44	1418	if ($attrib['command']) {
T	1419	$attrib['disabled'] = 'disabled';
	1420	}
47124c	1421
ce6433	1422	$out = html::tag('input', $attrib, null, array('type', 'value', 'onclick', 'id', 'class', 'style', 'tabindex', 'disabled'));
47124c	1423	}
T	1424
	1425	// generate html code for button
	1426	if ($btn_content) {
707911	1427	$attrib_str = html::attrib_string($attrib, $link_attrib);
47124c	1428	$out = sprintf('<a%s>%s</a>', $attrib_str, $btn_content);
T	1429	}
	1430
bc2c43	1431	if ($attrib['wrapper']) {
AM	1432	$out = html::tag($attrib['wrapper'], null, $out);
47124c	1433	}
T	1434
d01f9f	1435	if ($menuitem) {
AM	1436	$class = $attrib['menuitem-class'] ? ' class="' . $attrib['menuitem-class'] . '"' : '';
	1437	$out = '<li role="menuitem"' . $class . '>' . $out . '</li>';
	1438	}
	1439
47124c	1440	return $out;
0c2596	1441	}
A	1442
	1443	/**
	1444	* Link an external script file
	1445	*
	1446	* @param string File URL
	1447	* @param string Target position [head\|foot]
	1448	*/
	1449	public function include_script($file, $position='head')
	1450	{
	1451	if (!preg_match('\|^https?://\|i', $file) && $file[0] != '/') {
c562a3	1452	$file = $this->file_mod($this->scripts_path . $file);
0c2596	1453	}
A	1454
	1455	if (!is_array($this->script_files[$position])) {
	1456	$this->script_files[$position] = array();
	1457	}
	1458
e46d06	1459	if (!in_array($file, $this->script_files[$position])) {
TB	1460	$this->script_files[$position][] = $file;
	1461	}
0c2596	1462	}
A	1463
	1464	/**
	1465	* Add inline javascript code
	1466	*
	1467	* @param string JS code snippet
	1468	* @param string Target position [head\|head_top\|foot]
	1469	*/
	1470	public function add_script($script, $position='head')
	1471	{
	1472	if (!isset($this->scripts[$position])) {
	1473	$this->scripts[$position] = "\n" . rtrim($script);
	1474	}
	1475	else {
	1476	$this->scripts[$position] .= "\n" . rtrim($script);
	1477	}
	1478	}
	1479
	1480	/**
	1481	* Link an external css file
	1482	*
	1483	* @param string File URL
	1484	*/
	1485	public function include_css($file)
	1486	{
	1487	$this->css_files[] = $file;
	1488	}
	1489
	1490	/**
	1491	* Add HTML code to the page header
	1492	*
	1493	* @param string $str HTML code
	1494	*/
	1495	public function add_header($str)
	1496	{
	1497	$this->header .= "\n" . $str;
	1498	}
	1499
	1500	/**
	1501	* Add HTML code to the page footer
	1502	* To be added right befor </body>
	1503	*
	1504	* @param string $str HTML code
	1505	*/
	1506	public function add_footer($str)
	1507	{
	1508	$this->footer .= "\n" . $str;
	1509	}
	1510
	1511	/**
	1512	* Process template and write to stdOut
	1513	*
	1514	* @param string HTML template
	1515	* @param string Base for absolute paths
	1516	*/
	1517	public function _write($templ = '', $base_path = '')
	1518	{
e2f90d	1519	$output = trim($templ);
AM	1520
	1521	if (empty($output)) {
ffc748	1522	$output = html::doctype('html5') . "\n" . $this->default_template;
e2f90d	1523	$is_empty = true;
0c2596	1524	}
A	1525
	1526	// set default page title
	1527	if (empty($this->pagetitle)) {
	1528	$this->pagetitle = 'Roundcube Mail';
	1529	}
	1530
184ed2	1531	// declare page language
TB	1532	if (!empty($_SESSION['language'])) {
	1533	$lang = substr($_SESSION['language'], 0, 2);
	1534	$output = preg_replace('/<html/', '<html lang="' . html::quote($lang) . '"', $output, 1);
	1535	if (!headers_sent()) {
	1536	header('Content-Language: ' . $lang);
	1537	}
	1538	}
	1539
0c2596	1540	// replace specialchars in content
A	1541	$page_title = html::quote($this->pagetitle);
	1542	$page_header = '';
	1543	$page_footer = '';
	1544
	1545	// include meta tag with charset
	1546	if (!empty($this->charset)) {
	1547	if (!headers_sent()) {
	1548	header('Content-Type: text/html; charset=' . $this->charset);
	1549	}
	1550	$page_header = '<meta http-equiv="content-type"';
	1551	$page_header.= ' content="text/html; charset=';
	1552	$page_header.= $this->charset . '" />'."\n";
	1553	}
	1554
	1555	// definition of the code to be placed in the document header and footer
	1556	if (is_array($this->script_files['head'])) {
	1557	foreach ($this->script_files['head'] as $file) {
	1558	$page_header .= html::script($file);
	1559	}
	1560	}
	1561
	1562	$head_script = $this->scripts['head_top'] . $this->scripts['head'];
	1563	if (!empty($head_script)) {
	1564	$page_header .= html::script(array(), $head_script);
	1565	}
	1566
	1567	if (!empty($this->header)) {
	1568	$page_header .= $this->header;
	1569	}
	1570
	1571	// put docready commands into page footer
	1572	if (!empty($this->scripts['docready'])) {
	1573	$this->add_script('$(document).ready(function(){ ' . $this->scripts['docready'] . "\n});", 'foot');
	1574	}
	1575
	1576	if (is_array($this->script_files['foot'])) {
	1577	foreach ($this->script_files['foot'] as $file) {
	1578	$page_footer .= html::script($file);
	1579	}
	1580	}
	1581
	1582	if (!empty($this->footer)) {
	1583	$page_footer .= $this->footer . "\n";
	1584	}
	1585
	1586	if (!empty($this->scripts['foot'])) {
	1587	$page_footer .= html::script(array(), $this->scripts['foot']);
	1588	}
	1589
	1590	// find page header
	1591	if ($hpos = stripos($output, '</head>')) {
	1592	$page_header .= "\n";
	1593	}
	1594	else {
	1595	if (!is_numeric($hpos)) {
	1596	$hpos = stripos($output, '<body');
	1597	}
	1598	if (!is_numeric($hpos) && ($hpos = stripos($output, '<html'))) {
	1599	while ($output[$hpos] != '>') {
	1600	$hpos++;
	1601	}
	1602	$hpos++;
	1603	}
	1604	$page_header = "<head>\n<title>$page_title</title>\n$page_header\n</head>\n";
	1605	}
	1606
	1607	// add page hader
	1608	if ($hpos) {
	1609	$output = substr_replace($output, $page_header, $hpos, 0);
	1610	}
	1611	else {
	1612	$output = $page_header . $output;
	1613	}
	1614
	1615	// add page footer
	1616	if (($fpos = strripos($output, '</body>')) \|\| ($fpos = strripos($output, '</html>'))) {
	1617	$output = substr_replace($output, $page_footer."\n", $fpos, 0);
	1618	}
	1619	else {
	1620	$output .= "\n".$page_footer;
	1621	}
	1622
	1623	// add css files in head, before scripts, for speed up with parallel downloads
e2f90d	1624	if (!empty($this->css_files) && !$is_empty
AM	1625	&& (($pos = stripos($output, '<script ')) \|\| ($pos = stripos($output, '</head>')))
0c2596	1626	) {
A	1627	$css = '';
	1628	foreach ($this->css_files as $file) {
	1629	$css .= html::tag('link', array('rel' => 'stylesheet',
	1630	'type' => 'text/css', 'href' => $file, 'nl' => true));
	1631	}
	1632	$output = substr_replace($output, $css, $pos, 0);
	1633	}
	1634
2a0d3f	1635	$output = $this->parse_with_globals($this->fix_paths($output));
TB	1636
681ba6	1637	if ($this->assets_path) {
AM	1638	$output = $this->fix_assets_paths($output);
	1639	}
	1640
0c2596	1641	// trigger hook with final HTML content to be sent
be98df	1642	$hook = $this->app->plugins->exec_hook("send_page", array('content' => $output));
0c2596	1643	if (!$hook['abort']) {
a92beb	1644	if ($this->charset != RCUBE_CHARSET) {
AM	1645	echo rcube_charset::convert($hook['content'], RCUBE_CHARSET, $this->charset);
0c2596	1646	}
A	1647	else {
	1648	echo $hook['content'];
	1649	}
	1650	}
47124c	1651	}
T	1652
b7d33e	1653	/**
AM	1654	* Returns iframe object, registers some related env variables
	1655	*
	1656	* @param array $attrib HTML attributes
28de39	1657	* @param boolean $is_contentframe Register this iframe as the 'contentframe' gui object
b7d33e	1658	* @return string IFRAME element
AM	1659	*/
28de39	1660	public function frame($attrib, $is_contentframe = false)
b7d33e	1661	{
28de39	1662	static $idcount = 0;
TB	1663
b7d33e	1664	if (!$attrib['id']) {
28de39	1665	$attrib['id'] = 'rcmframe' . ++$idcount;
b7d33e	1666	}
AM	1667
28de39	1668	$attrib['name'] = $attrib['id'];
681ba6	1669	$attrib['src'] = $attrib['src'] ? $this->abs_url($attrib['src'], true) : 'program/resources/blank.gif';
b7d33e	1670
28de39	1671	// register as 'contentframe' object
e0f7b9	1672	if ($is_contentframe \|\| $attrib['contentframe']) {
AM	1673	$this->set_env('contentframe', $attrib['contentframe'] ? $attrib['contentframe'] : $attrib['name']);
681ba6	1674	$this->set_env('blankpage', $this->asset_url($attrib['src']));
28de39	1675	}
b7d33e	1676
AM	1677	return html::iframe($attrib);
	1678	}
	1679
	1680
47124c	1681	/* *********** common functions delivering gui objects ************ */
T	1682
	1683	/**
197601	1684	* Create a form tag with the necessary hidden fields
T	1685	*
	1686	* @param array Named tag parameters
	1687	* @return string HTML code for the form
	1688	*/
	1689	public function form_tag($attrib, $content = null)
	1690	{
8f57ce	1691	if ($this->framed \|\| $this->env['framed']) {
197601	1692	$hiddenfield = new html_hiddenfield(array('name' => '_framed', 'value' => '1'));
T	1693	$hidden = $hiddenfield->show();
	1694	}
271efe	1695	if ($this->env['extwin']) {
TB	1696	$hiddenfield = new html_hiddenfield(array('name' => '_extwin', 'value' => '1'));
	1697	$hidden = $hiddenfield->show();
	1698	}
ad334a	1699
197601	1700	if (!$content)
T	1701	$attrib['noclose'] = true;
ad334a	1702
197601	1703	return html::tag('form',
deb2b8	1704	$attrib + array('action' => $this->app->comm_path, 'method' => "get"),
57f0c8	1705	$hidden . $content,
T	1706	array('id','class','style','name','method','action','enctype','onsubmit'));
	1707	}
ad334a	1708
57f0c8	1709	/**
T	1710	* Build a form tag with a unique request token
	1711	*
	1712	* @param array Named tag parameters including 'action' and 'task' values which will be put into hidden fields
	1713	* @param string Form content
	1714	* @return string HTML code for the form
	1715	*/
747797	1716	public function request_form($attrib, $content = '')
57f0c8	1717	{
T	1718	$hidden = new html_hiddenfield();
	1719	if ($attrib['task']) {
	1720	$hidden->add(array('name' => '_task', 'value' => $attrib['task']));
	1721	}
	1722	if ($attrib['action']) {
	1723	$hidden->add(array('name' => '_action', 'value' => $attrib['action']));
	1724	}
ad334a	1725
57f0c8	1726	unset($attrib['task'], $attrib['request']);
T	1727	$attrib['action'] = './';
ad334a	1728
57f0c8	1729	// we already have a <form> tag
0501b6	1730	if ($attrib['form']) {
8f57ce	1731	if ($this->framed \|\| $this->env['framed'])
0501b6	1732	$hidden->add(array('name' => '_framed', 'value' => '1'));
57f0c8	1733	return $hidden->show() . $content;
0501b6	1734	}
57f0c8	1735	else
T	1736	return $this->form_tag($attrib, $hidden->show() . $content);
197601	1737	}
T	1738
	1739	/**
47124c	1740	* GUI object 'username'
T	1741	* Showing IMAP username of the current session
	1742	*
	1743	* @param array Named tag parameters (currently not used)
	1744	* @return string HTML code for the gui object
	1745	*/
197601	1746	public function current_username($attrib)
47124c	1747	{
T	1748	static $username;
	1749
	1750	// alread fetched
	1751	if (!empty($username)) {
	1752	return $username;
	1753	}
	1754
e99991	1755	// Current username is an e-mail address
A	1756	if (strpos($_SESSION['username'], '@')) {
	1757	$username = $_SESSION['username'];
	1758	}
929a50	1759	// get e-mail address from default identity
e99991	1760	else if ($sql_arr = $this->app->user->get_identity()) {
7e9cec	1761	$username = $sql_arr['email'];
47124c	1762	}
T	1763	else {
7e9cec	1764	$username = $this->app->user->get_username();
47124c	1765	}
T	1766
1aceb9	1767	return rcube_utils::idn_to_utf8($username);
47124c	1768	}
T	1769
	1770	/**
	1771	* GUI object 'loginform'
	1772	* Returns code for the webmail login form
	1773	*
	1774	* @param array Named parameters
	1775	* @return string HTML code for the gui object
	1776	*/
0c2596	1777	protected function login_form($attrib)
47124c	1778	{
0c2596	1779	$default_host = $this->config->get('default_host');
A	1780	$autocomplete = (int) $this->config->get('login_autocomplete');
47124c	1781
T	1782	$_SESSION['temp'] = true;
ad334a	1783
cc97ea	1784	// save original url
1aceb9	1785	$url = rcube_utils::get_input_value('_url', rcube_utils::INPUT_POST);
3a2b27	1786	if (empty($url) && !preg_match('/_(task\|action)=logout/', $_SERVER['QUERY_STRING']))
cc97ea	1787	$url = $_SERVER['QUERY_STRING'];
47124c	1788
b8dc3e	1789	// Disable autocapitalization on iPad/iPhone (#1488609)
AM	1790	$attrib['autocapitalize'] = 'off';
	1791
1cca4f	1792	// set atocomplete attribute
A	1793	$user_attrib = $autocomplete > 0 ? array() : array('autocomplete' => 'off');
	1794	$host_attrib = $autocomplete > 0 ? array() : array('autocomplete' => 'off');
	1795	$pass_attrib = $autocomplete > 1 ? array() : array('autocomplete' => 'off');
	1796
c3be8e	1797	$input_task = new html_hiddenfield(array('name' => '_task', 'value' => 'login'));
47124c	1798	$input_action = new html_hiddenfield(array('name' => '_action', 'value' => 'login'));
c8ae24	1799	$input_tzone = new html_hiddenfield(array('name' => '_timezone', 'id' => 'rcmlogintz', 'value' => '_default_'));
cc97ea	1800	$input_url = new html_hiddenfield(array('name' => '_url', 'id' => 'rcmloginurl', 'value' => $url));
8df6bb	1801	$input_user = new html_inputfield(array('name' => '_user', 'id' => 'rcmloginuser', 'required' => 'required')
1cca4f	1802	+ $attrib + $user_attrib);
8df6bb	1803	$input_pass = new html_passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd', 'required' => 'required')
1cca4f	1804	+ $attrib + $pass_attrib);
47124c	1805	$input_host = null;
T	1806
f3e101	1807	if (is_array($default_host) && count($default_host) > 1) {
47124c	1808	$input_host = new html_select(array('name' => '_host', 'id' => 'rcmloginhost'));
T	1809
	1810	foreach ($default_host as $key => $value) {
	1811	if (!is_array($value)) {
	1812	$input_host->add($value, (is_numeric($key) ? $value : $key));
	1813	}
	1814	else {
	1815	$input_host = null;
	1816	break;
	1817	}
	1818	}
f3e101	1819	}
6ff0c3	1820	else if (is_array($default_host) && ($host = key($default_host)) !== null) {
f3e101	1821	$hide_host = true;
A	1822	$input_host = new html_hiddenfield(array(
6ff0c3	1823	'name' => '_host', 'id' => 'rcmloginhost', 'value' => is_numeric($host) ? $default_host[$host] : $host) + $attrib);
47124c	1824	}
e3e597	1825	else if (empty($default_host)) {
1cca4f	1826	$input_host = new html_inputfield(array('name' => '_host', 'id' => 'rcmloginhost')
A	1827	+ $attrib + $host_attrib);
47124c	1828	}
T	1829
	1830	$form_name = !empty($attrib['form']) ? $attrib['form'] : 'form';
	1831	$this->add_gui_object('loginform', $form_name);
	1832
	1833	// create HTML table with two cols
	1834	$table = new html_table(array('cols' => 2));
	1835
0c2596	1836	$table->add('title', html::label('rcmloginuser', html::quote($this->app->gettext('username'))));
1aceb9	1837	$table->add('input', $input_user->show(rcube_utils::get_input_value('_user', rcube_utils::INPUT_GPC)));
47124c	1838
0c2596	1839	$table->add('title', html::label('rcmloginpwd', html::quote($this->app->gettext('password'))));
497013	1840	$table->add('input', $input_pass->show());
47124c	1841
T	1842	// add host selection row
f3e101	1843	if (is_object($input_host) && !$hide_host) {
0c2596	1844	$table->add('title', html::label('rcmloginhost', html::quote($this->app->gettext('server'))));
1aceb9	1845	$table->add('input', $input_host->show(rcube_utils::get_input_value('_host', rcube_utils::INPUT_GPC)));
47124c	1846	}
T	1847
c3be8e	1848	$out = $input_task->show();
T	1849	$out .= $input_action->show();
c8ae24	1850	$out .= $input_tzone->show();
cc97ea	1851	$out .= $input_url->show();
47124c	1852	$out .= $table->show();
ad334a	1853
f3e101	1854	if ($hide_host) {
A	1855	$out .= $input_host->show();
	1856	}
47124c	1857
904fec	1858	if (rcube_utils::get_boolean($attrib['submit'])) {
AM	1859	$submit = new html_inputfield(array('type' => 'submit', 'id' => 'rcmloginsubmit',
	1860	'class' => 'button mainaction', 'value' => $this->app->gettext('login')));
	1861	$out .= html::p('formbuttons', $submit->show());
	1862	}
	1863
47124c	1864	// surround html output with a form tag
T	1865	if (empty($attrib['form'])) {
f3e101	1866	$out = $this->form_tag(array('name' => $form_name, 'method' => 'post'), $out);
47124c	1867	}
T	1868
086b15	1869	// include script for timezone detection
TB	1870	$this->include_script('jstz.min.js');
	1871
47124c	1872	return $out;
T	1873	}
	1874
	1875	/**
8e211a	1876	* GUI object 'preloader'
A	1877	* Loads javascript code for images preloading
	1878	*
	1879	* @param array Named parameters
	1880	* @return void
	1881	*/
0c2596	1882	protected function preloader($attrib)
8e211a	1883	{
A	1884	$images = preg_split('/[\s\t\n,]+/', $attrib['images'], -1, PREG_SPLIT_NO_EMPTY);
	1885	$images = array_map(array($this, 'abs_url'), $images);
681ba6	1886	$images = array_map(array($this, 'asset_url'), $images);
8e211a	1887
681ba6	1888	if (empty($images) \|\| $_REQUEST['_task'] == 'logout') {
8e211a	1889	return;
681ba6	1890	}
8e211a	1891
0c2596	1892	$this->add_script('var images = ' . self::json_serialize($images) .';
8e211a	1893	for (var i=0; i<images.length; i++) {
A	1894	img = new Image();
	1895	img.src = images[i];
044d66	1896	}', 'docready');
8e211a	1897	}
A	1898
	1899	/**
47124c	1900	* GUI object 'searchform'
T	1901	* Returns code for search function
	1902	*
	1903	* @param array Named parameters
	1904	* @return string HTML code for the gui object
	1905	*/
0c2596	1906	protected function search_form($attrib)
47124c	1907	{
T	1908	// add some labels to client
	1909	$this->add_label('searching');
	1910
	1911	$attrib['name'] = '_q';
	1912
	1913	if (empty($attrib['id'])) {
	1914	$attrib['id'] = 'rcmqsearchbox';
	1915	}
a3f149	1916	if ($attrib['type'] == 'search' && !$this->browser->khtml) {
2eb794	1917	unset($attrib['type'], $attrib['results']);
a3f149	1918	}
ad334a	1919
47124c	1920	$input_q = new html_inputfield($attrib);
T	1921	$out = $input_q->show();
	1922
	1923	$this->add_gui_object('qsearchbox', $attrib['id']);
	1924
	1925	// add form tag around text field
	1926	if (empty($attrib['form'])) {
197601	1927	$out = $this->form_tag(array(
904fec	1928	'name' => "rcmqsearchform",
60226a	1929	'onsubmit' => self::JS_OBJECT_NAME . ".command('search'); return false",
904fec	1930	'style' => "display:inline"),
2eb794	1931	$out);
47124c	1932	}
T	1933
	1934	return $out;
	1935	}
	1936
	1937	/**
	1938	* Builder for GUI object 'message'
	1939	*
	1940	* @param array Named tag parameters
	1941	* @return string HTML code for the gui object
	1942	*/
0c2596	1943	protected function message_container($attrib)
47124c	1944	{
T	1945	if (isset($attrib['id']) === false) {
	1946	$attrib['id'] = 'rcmMessageContainer';
	1947	}
	1948
	1949	$this->add_gui_object('message', $attrib['id']);
0c2596	1950
A	1951	return html::div($attrib, '');
47124c	1952	}
T	1953
	1954	/**
	1955	* GUI object 'charsetselector'
	1956	*
	1957	* @param array Named parameters for the select tag
	1958	* @return string HTML code for the gui object
	1959	*/
0c2596	1960	public function charset_selector($attrib)
47124c	1961	{
T	1962	// pass the following attributes to the form class
	1963	$field_attrib = array('name' => '_charset');
	1964	foreach ($attrib as $attr => $value) {
e55ab0	1965	if (in_array($attr, array('id', 'name', 'class', 'style', 'size', 'tabindex'))) {
47124c	1966	$field_attrib[$attr] = $value;
T	1967	}
	1968	}
e55ab0	1969
47124c	1970	$charsets = array(
0c2596	1971	'UTF-8' => 'UTF-8 ('.$this->app->gettext('unicode').')',
A	1972	'US-ASCII' => 'ASCII ('.$this->app->gettext('english').')',
	1973	'ISO-8859-1' => 'ISO-8859-1 ('.$this->app->gettext('westerneuropean').')',
	1974	'ISO-8859-2' => 'ISO-8859-2 ('.$this->app->gettext('easterneuropean').')',
	1975	'ISO-8859-4' => 'ISO-8859-4 ('.$this->app->gettext('baltic').')',
	1976	'ISO-8859-5' => 'ISO-8859-5 ('.$this->app->gettext('cyrillic').')',
	1977	'ISO-8859-6' => 'ISO-8859-6 ('.$this->app->gettext('arabic').')',
	1978	'ISO-8859-7' => 'ISO-8859-7 ('.$this->app->gettext('greek').')',
	1979	'ISO-8859-8' => 'ISO-8859-8 ('.$this->app->gettext('hebrew').')',
	1980	'ISO-8859-9' => 'ISO-8859-9 ('.$this->app->gettext('turkish').')',
	1981	'ISO-8859-10' => 'ISO-8859-10 ('.$this->app->gettext('nordic').')',
	1982	'ISO-8859-11' => 'ISO-8859-11 ('.$this->app->gettext('thai').')',
	1983	'ISO-8859-13' => 'ISO-8859-13 ('.$this->app->gettext('baltic').')',
	1984	'ISO-8859-14' => 'ISO-8859-14 ('.$this->app->gettext('celtic').')',
	1985	'ISO-8859-15' => 'ISO-8859-15 ('.$this->app->gettext('westerneuropean').')',
	1986	'ISO-8859-16' => 'ISO-8859-16 ('.$this->app->gettext('southeasterneuropean').')',
	1987	'WINDOWS-1250' => 'Windows-1250 ('.$this->app->gettext('easterneuropean').')',
	1988	'WINDOWS-1251' => 'Windows-1251 ('.$this->app->gettext('cyrillic').')',
	1989	'WINDOWS-1252' => 'Windows-1252 ('.$this->app->gettext('westerneuropean').')',
	1990	'WINDOWS-1253' => 'Windows-1253 ('.$this->app->gettext('greek').')',
	1991	'WINDOWS-1254' => 'Windows-1254 ('.$this->app->gettext('turkish').')',
	1992	'WINDOWS-1255' => 'Windows-1255 ('.$this->app->gettext('hebrew').')',
	1993	'WINDOWS-1256' => 'Windows-1256 ('.$this->app->gettext('arabic').')',
	1994	'WINDOWS-1257' => 'Windows-1257 ('.$this->app->gettext('baltic').')',
	1995	'WINDOWS-1258' => 'Windows-1258 ('.$this->app->gettext('vietnamese').')',
	1996	'ISO-2022-JP' => 'ISO-2022-JP ('.$this->app->gettext('japanese').')',
	1997	'ISO-2022-KR' => 'ISO-2022-KR ('.$this->app->gettext('korean').')',
	1998	'ISO-2022-CN' => 'ISO-2022-CN ('.$this->app->gettext('chinese').')',
	1999	'EUC-JP' => 'EUC-JP ('.$this->app->gettext('japanese').')',
	2000	'EUC-KR' => 'EUC-KR ('.$this->app->gettext('korean').')',
	2001	'EUC-CN' => 'EUC-CN ('.$this->app->gettext('chinese').')',
	2002	'BIG5' => 'BIG5 ('.$this->app->gettext('chinese').')',
	2003	'GB2312' => 'GB2312 ('.$this->app->gettext('chinese').')',
e55ab0	2004	);
47124c	2005
089e53	2006	if (!empty($_POST['_charset'])) {
AM	2007	$set = $_POST['_charset'];
	2008	}
	2009	else if (!empty($attrib['selected'])) {
	2010	$set = $attrib['selected'];
	2011	}
	2012	else {
	2013	$set = $this->get_charset();
	2014	}
47124c	2015
089e53	2016	$set = strtoupper($set);
AM	2017	if (!isset($charsets[$set])) {
	2018	$charsets[$set] = $set;
	2019	}
e55ab0	2020
A	2021	$select = new html_select($field_attrib);
	2022	$select->add(array_values($charsets), array_keys($charsets));
	2023
	2024	return $select->show($set);
47124c	2025	}
T	2026
1a0f60	2027	/**
T	2028	* Include content from config/about.<LANG>.html if available
	2029	*/
0c2596	2030	protected function about_content($attrib)
1a0f60	2031	{
T	2032	$content = '';
	2033	$filenames = array(
	2034	'about.' . $_SESSION['language'] . '.html',
	2035	'about.' . substr($_SESSION['language'], 0, 2) . '.html',
	2036	'about.html',
	2037	);
	2038	foreach ($filenames as $file) {
592668	2039	$fn = RCUBE_CONFIG_DIR . $file;
1a0f60	2040	if (is_readable($fn)) {
T	2041	$content = file_get_contents($fn);
	2042	$content = $this->parse_conditions($content);
	2043	$content = $this->parse_xml($content);
	2044	break;
	2045	}
	2046	}
	2047
	2048	return $content;
	2049	}
0c2596	2050	}