| commit | author | age | ||
| 4e17e6 | 1 | <?php |
| T | 2 | |
| 3 | /* | |
| 4 | +-----------------------------------------------------------------------+ | |
| 5 | | program/steps/settings/save_identity.inc | | |
| 6 | | | | |
| e019f2 | 7 | | This file is part of the Roundcube Webmail client | |
| f5e7b3 | 8 | | Copyright (C) 2005-2009, The Roundcube Dev Team | |
| 7fe381 | 9 | | | |
| T | 10 | | Licensed under the GNU General Public License version 3 or | |
| 11 | | any later version with exceptions for skins & plugins. | | |
| 12 | | See the README file for a full license statement. | | |
| 4e17e6 | 13 | | | |
| T | 14 | | PURPOSE: | |
| 15 | | Save an identity record or to add a new one | | |
| 16 | | | | |
| 17 | +-----------------------------------------------------------------------+ | |
| 18 | | Author: Thomas Bruederli <roundcube@gmail.com> | | |
| 19 | +-----------------------------------------------------------------------+ | |
| 20 | */ | |
| 21 | ||
| ec0171 | 22 | define('IDENTITIES_LEVEL', intval($RCMAIL->config->get('identities_level', 0))); |
| A | 23 | |
| a0109c | 24 | $a_save_cols = array('name', 'email', 'organization', 'reply-to', 'bcc', 'standard', 'signature', 'html_signature'); |
| S | 25 | $a_boolean_cols = array('standard', 'html_signature'); |
| 6ec91f | 26 | $updated = $default_id = false; |
| 4e17e6 | 27 | |
| 10a699 | 28 | // check input |
| 876d31 | 29 | if (IDENTITIES_LEVEL != 4 && (empty($_POST['_name']) || (empty($_POST['_email']) && IDENTITIES_LEVEL != 1 && IDENTITIES_LEVEL != 3))) { |
| f11541 | 30 | $OUTPUT->show_message('formincomplete', 'warning'); |
| 6b2b2e | 31 | $RCMAIL->overwrite_action('edit-identity'); |
| 10a699 | 32 | return; |
| 516467 | 33 | } |
| 10a699 | 34 | |
| fba1f5 | 35 | $save_data = array(); |
| 876d31 | 36 | foreach ($a_save_cols as $col) { |
| fba1f5 | 37 | $fname = '_'.$col; |
| T | 38 | if (isset($_POST[$fname])) |
| 6b2b2e | 39 | $save_data[$col] = rcube_utils::get_input_value($fname, rcube_utils::INPUT_POST, true); |
| fba1f5 | 40 | } |
| T | 41 | |
| 42 | // set "off" values for checkboxes that were not checked, and therefore | |
| 43 | // not included in the POST body. | |
| 876d31 | 44 | foreach ($a_boolean_cols as $col) { |
| fba1f5 | 45 | $fname = '_' . $col; |
| T | 46 | if (!isset($_POST[$fname])) |
| 47 | $save_data[$col] = 0; | |
| 48 | } | |
| ec0171 | 49 | |
| A | 50 | // unset email address if user has no rights to change it |
| 876d31 | 51 | if (IDENTITIES_LEVEL == 1 || IDENTITIES_LEVEL == 3) { |
| ec0171 | 52 | unset($save_data['email']); |
| 876d31 | 53 | } |
| AM | 54 | // unset all fields except signature |
| 55 | else if (IDENTITIES_LEVEL == 4) { | |
| 56 | foreach ($save_data as $idx => $value) { | |
| 57 | if ($idx != 'signature' && $idx != 'html_signature') { | |
| 58 | unset($save_data[$idx]); | |
| 59 | } | |
| 60 | } | |
| c753bc | 61 | } |
| JK | 62 | |
| e99991 | 63 | // Validate e-mail addresses |
| 6b2b2e | 64 | $email_checks = array(rcube_utils::idn_to_ascii($save_data['email'])); |
| 6707ca | 65 | foreach (array('reply-to', 'bcc') as $item) { |
| b8b6e5 | 66 | foreach (rcube_mime::decode_address_list($save_data[$item], null, false) as $rcpt) |
| 6b2b2e | 67 | $email_checks[] = rcube_utils::idn_to_ascii($rcpt['mailto']); |
| 6707ca | 68 | } |
| T | 69 | |
| 70 | foreach ($email_checks as $email) { | |
| 6b2b2e | 71 | if ($email && !rcube_utils::check_email($email)) { |
| 6707ca | 72 | // show error message |
| 6b2b2e | 73 | $OUTPUT->show_message('emailformaterror', 'error', array('email' => rcube_utils::idn_to_utf8($email)), false); |
| AM | 74 | $RCMAIL->overwrite_action('edit-identity'); |
| 6707ca | 75 | return; |
| e99991 | 76 | } |
| A | 77 | } |
| fba1f5 | 78 | |
| ce5a64 | 79 | // XSS protection in HTML signature (#1489251) |
| AM | 80 | if (!empty($save_data['signature']) && !empty($save_data['html_signature'])) { |
| 81 | $save_data['signature'] = rcmail_wash_html($save_data['signature']); | |
| 82 | ||
| 83 | // clear POST data of signature, we want to use safe content | |
| 84 | // when the form is displayed again | |
| 85 | unset($_POST['_signature']); | |
| 86 | } | |
| 87 | ||
| 4e17e6 | 88 | // update an existing contact |
| 876d31 | 89 | if ($_POST['_iid']) { |
| 6b2b2e | 90 | $iid = rcube_utils::get_input_value('_iid', rcube_utils::INPUT_POST); |
| 876d31 | 91 | |
| AM | 92 | if (in_array(IDENTITIES_LEVEL, array(1,3,4))) { |
| 93 | // merge with old identity data, fixes #1488834 | |
| 94 | $identity = $RCMAIL->user->get_identity($iid); | |
| 95 | $save_data = array_merge($identity, $save_data); | |
| 96 | unset($save_data['changed'], $save_data['del'], $save_data['user_id'], $save_data['identity_id']); | |
| 97 | } | |
| 98 | ||
| 119ad1 | 99 | $plugin = $RCMAIL->plugins->exec_hook('identity_update', array('id' => $iid, 'record' => $save_data)); |
| 69f18a | 100 | $save_data = $plugin['record']; |
| e99991 | 101 | |
| A | 102 | if ($save_data['email']) |
| 6b2b2e | 103 | $save_data['email'] = rcube_utils::idn_to_ascii($save_data['email']); |
| ce92ba | 104 | if (!$plugin['abort']) |
| a90ad2 | 105 | $updated = $RCMAIL->user->update_identity($iid, $save_data); |
| ce92ba | 106 | else |
| A | 107 | $updated = $plugin['result']; |
| 108 | ||
| 109 | if ($updated) { | |
| 461253 | 110 | $OUTPUT->show_message('successfullysaved', 'confirmation'); |
| ce92ba | 111 | |
| 876d31 | 112 | if (!empty($save_data['standard'])) |
| AM | 113 | $default_id = $iid; |
| ce92ba | 114 | |
| A | 115 | if ($_POST['_framed']) { |
| 461253 | 116 | // update the changed col in list |
| 6b2b2e | 117 | $OUTPUT->command('parent.update_identity_row', $iid, rcube::Q(trim($save_data['name'] . ' <' . rcube_utils::idn_to_utf8($save_data['email']) .'>'))); |
| 4e17e6 | 118 | } |
| 461253 | 119 | } |
| ce92ba | 120 | else { |
| 461253 | 121 | // show error message |
| ce92ba | 122 | $OUTPUT->show_message($plugin['message'] ? $plugin['message'] : 'errorsaving', 'error', null, false); |
| 6b2b2e | 123 | $RCMAIL->overwrite_action('edit-identity'); |
| 461253 | 124 | return; |
| 4e17e6 | 125 | } |
| fba1f5 | 126 | } |
| 4e17e6 | 127 | |
| c1b3c4 | 128 | // insert a new identity record |
| 876d31 | 129 | else if (IDENTITIES_LEVEL < 2) { |
| 789e59 | 130 | if (IDENTITIES_LEVEL == 1) { |
| AM | 131 | $save_data['email'] = $RCMAIL->get_user_email(); |
| 132 | } | |
| ec0171 | 133 | |
| e6ce00 | 134 | $plugin = $RCMAIL->plugins->exec_hook('identity_create', array('record' => $save_data)); |
| 69f18a | 135 | $save_data = $plugin['record']; |
| T | 136 | |
| 2d5bee | 137 | if ($save_data['email']) |
| 6b2b2e | 138 | $save_data['email'] = rcube_utils::idn_to_ascii($save_data['email']); |
| e99991 | 139 | |
| ce92ba | 140 | if (!$plugin['abort']) |
| a90ad2 | 141 | $insert_id = $save_data['email'] ? $RCMAIL->user->insert_identity($save_data) : null; |
| ce92ba | 142 | else |
| A | 143 | $insert_id = $plugin['result']; |
| 144 | ||
| 145 | if ($insert_id) { | |
| 461253 | 146 | $OUTPUT->show_message('successfullysaved', 'confirmation', null, false); |
| 2d5bee | 147 | |
| 461253 | 148 | $_GET['_iid'] = $insert_id; |
| 4e17e6 | 149 | |
| 876d31 | 150 | if (!empty($save_data['standard'])) |
| 461253 | 151 | $default_id = $insert_id; |
| 7c2a93 | 152 | |
| T | 153 | if ($_POST['_framed']) { |
| 154 | // add a new row to the list | |
| 6b2b2e | 155 | $OUTPUT->command('parent.update_identity_row', $insert_id, rcube::Q(trim($save_data['name'] . ' <' . rcube_utils::idn_to_utf8($save_data['email']) .'>')), true); |
| 7c2a93 | 156 | } |
| 461253 | 157 | } |
| ce92ba | 158 | else { |
| 461253 | 159 | // show error message |
| ce92ba | 160 | $OUTPUT->show_message($plugin['message'] ? $plugin['message'] : 'errorsaving', 'error', null, false); |
| 6b2b2e | 161 | $RCMAIL->overwrite_action('edit-identity'); |
| 461253 | 162 | return; |
| 4e17e6 | 163 | } |
| fba1f5 | 164 | } |
| f645ce | 165 | else |
| T | 166 | $OUTPUT->show_message('opnotpermitted', 'error'); |
| 4e17e6 | 167 | |
| T | 168 | |
| 6ec91f | 169 | // mark all other identities as 'not-default' |
| T | 170 | if ($default_id) |
| a90ad2 | 171 | $RCMAIL->user->set_default($default_id); |
| 6ec91f | 172 | |
| 4e17e6 | 173 | // go to next step |
| 7c2a93 | 174 | if (!empty($_REQUEST['_framed'])) { |
| 6b2b2e | 175 | $RCMAIL->overwrite_action('edit-identity'); |
| 7c2a93 | 176 | } |
| T | 177 | else |
| 6b2b2e | 178 | $RCMAIL->overwrite_action('identities'); |
| ce5a64 | 179 | |
| AM | 180 | |
| 181 | /** | |
| 182 | * Sanity checks/cleanups on HTML body of signature | |
| 183 | */ | |
| 184 | function rcmail_wash_html($html) | |
| 185 | { | |
| 186 | // Add header with charset spec., washtml cannot work without that | |
| 187 | $html = '<html><head>' | |
| 6b2b2e | 188 | . '<meta http-equiv="Content-Type" content="text/html; charset='.RCUBE_CHARSET.'" />' |
| ce5a64 | 189 | . '</head><body>' . $html . '</body></html>'; |
| AM | 190 | |
| 191 | // clean HTML with washhtml by Frederic Motte | |
| 192 | $wash_opts = array( | |
| 193 | 'show_washed' => false, | |
| 194 | 'allow_remote' => 1, | |
| 6b2b2e | 195 | 'charset' => RCUBE_CHARSET, |
| ce5a64 | 196 | 'html_elements' => array('body', 'link'), |
| AM | 197 | 'html_attribs' => array('rel', 'type'), |
| 198 | ); | |
| 199 | ||
| 200 | // initialize HTML washer | |
| 201 | $washer = new rcube_washtml($wash_opts); | |
| 202 | ||
| 203 | //$washer->add_callback('form', 'rcmail_washtml_callback'); | |
| 204 | //$washer->add_callback('style', 'rcmail_washtml_callback'); | |
| 205 | ||
| 206 | // Remove non-UTF8 characters (#1487813) | |
| 6b2b2e | 207 | $html = rcube_charset::clean($html); |
| ce5a64 | 208 | |
| AM | 209 | $html = $washer->wash($html); |
| 210 | ||
| 211 | // remove unwanted comments and tags (produced by washtml) | |
| 212 | $html = preg_replace(array('/<!--[^>]+-->/', '/<\/?body>/'), '', $html); | |
| 213 | ||
| 214 | return $html; | |
| 215 | } | |
