githubFork/roundcubemail.git

Fix path traversal vulnerability in setting a skin (#1490620)

Aleksander Machniak

2015-12-22 89a5dcb946fb34d39617b52572d8e9fe90d10617

commit \| author \| age
47124c	1	<?php
T	2
	3	/*
	4	+-----------------------------------------------------------------------+
60226a	5	\| program/include/rcmail_output_html.php \|
47124c	6	\| \|
e019f2	7	\| This file is part of the Roundcube Webmail client \|
b0ce5c	8	\| Copyright (C) 2006-2014, The Roundcube Dev Team \|
7fe381	9	\| \|
T	10	\| Licensed under the GNU General Public License version 3 or \|
	11	\| any later version with exceptions for skins & plugins. \|
	12	\| See the README file for a full license statement. \|
47124c	13	\| \|
T	14	\| PURPOSE: \|
	15	\| Class to handle HTML page output using a skin template. \|
	16	\| \|
	17	+-----------------------------------------------------------------------+
	18	\| Author: Thomas Bruederli <roundcube@gmail.com> \|
	19	+-----------------------------------------------------------------------+
041c93	20	*/
47124c	21
T	22
	23	/**
	24	* Class to create HTML page output using a skin template
	25	*
9ba496	26	* @package Webmail
9ab346	27	* @subpackage View
47124c	28	*/
60226a	29	class rcmail_output_html extends rcmail_output
47124c	30	{
c8a21d	31	public $type = 'html';
0c2596	32
8f57ce	33	protected $message;
0c2596	34	protected $template_name;
8f57ce	35	protected $js_env = array();
AM	36	protected $js_labels = array();
	37	protected $js_commands = array();
	38	protected $skin_paths = array();
0c2596	39	protected $scripts_path = '';
A	40	protected $script_files = array();
8f57ce	41	protected $css_files = array();
AM	42	protected $scripts = array();
0c2596	43	protected $default_template = "<html>\n<head><title></title></head>\n<body></body>\n</html>";
A	44	protected $header = '';
	45	protected $footer = '';
	46	protected $body = '';
	47	protected $base_path = '';
681ba6	48	protected $assets_path;
AM	49	protected $assets_dir = RCUBE_INSTALL_PATH;
538e64	50	protected $devel_mode = false;
47124c	51
7fcb56	52	// deprecated names of templates used before 0.5
0c2596	53	protected $deprecated_templates = array(
A	54	'contact' => 'showcontact',
	55	'contactadd' => 'addcontact',
	56	'contactedit' => 'editcontact',
7fcb56	57	'identityedit' => 'editidentity',
T	58	'messageprint' => 'printmessage',
	59	);
	60
47124c	61	/**
T	62	* Constructor
	63	*/
0c2596	64	public function __construct($task = null, $framed = false)
47124c	65	{
T	66	parent::__construct();
538e64	67
AM	68	$this->devel_mode = $this->config->get('devel_mode');
47124c	69
83a763	70	$this->set_env('task', $task);
0c2596	71	$this->set_env('x_frame_options', $this->config->get('x_frame_options', 'sameorigin'));
3863a9	72	$this->set_env('standard_windows', (bool) $this->config->get('standard_windows'));
244126	73	$this->set_env('locale', $_SESSION['language']);
47124c	74
ae7027	75	// add cookie info
AM	76	$this->set_env('cookie_domain', ini_get('session.cookie_domain'));
	77	$this->set_env('cookie_path', ini_get('session.cookie_path'));
39b905	78	$this->set_env('cookie_secure', filter_var(ini_get('session.cookie_secure'), FILTER_VALIDATE_BOOLEAN));
ae7027	79
423065	80	// load the correct skin (in case user-defined)
740875	81	$skin = $this->config->get('skin');
AM	82	$this->set_skin($skin);
	83	$this->set_env('skin', $skin);
681ba6	84
AM	85	$this->set_assets_path($this->config->get('assets_path'), $this->config->get('assets_dir'));
e58df3	86
271efe	87	if (!empty($_REQUEST['_extwin']))
0301d9	88	$this->set_env('extwin', 1);
8f57ce	89	if ($this->framed \|\| $framed)
0301d9	90	$this->set_env('framed', 1);
271efe	91
b34d67	92	$lic = <<<EOF
TB	93	/*
	94	@licstart The following is the entire license notice for the
	95	JavaScript code in this page.
	96
	97	Copyright (C) 2005-2014 The Roundcube Dev Team
	98
	99	The JavaScript code in this page is free software: you can redistribute
	100	it and/or modify it under the terms of the GNU General Public License
	101	as published by the Free Software Foundation, either version 3 of
	102	the License, or (at your option) any later version.
	103
	104	The code is distributed WITHOUT ANY WARRANTY; without even the implied
	105	warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
	106	See the GNU GPL for more details.
	107
	108	@licend The above is the entire license notice
	109	for the JavaScript code in this page.
	110	*/
	111	EOF;
47124c	112	// add common javascripts
b34d67	113	$this->add_script($lic, 'head_top');
60226a	114	$this->add_script('var '.self::JS_OBJECT_NAME.' = new rcube_webmail();', 'head_top');
47124c	115
T	116	// don't wait for page onload. Call init at the bottom of the page (delayed)
60226a	117	$this->add_script(self::JS_OBJECT_NAME.'.init();', 'docready');
47124c	118
T	119	$this->scripts_path = 'program/js/';
79275b	120	$this->include_script('jquery.min.js');
47124c	121	$this->include_script('common.js');
T	122	$this->include_script('app.js');
	123
	124	// register common UI objects
	125	$this->add_handlers(array(
	126	'loginform' => array($this, 'login_form'),
8e211a	127	'preloader' => array($this, 'preloader'),
47124c	128	'username' => array($this, 'current_username'),
T	129	'message' => array($this, 'message_container'),
	130	'charsetselector' => array($this, 'charset_selector'),
1a0f60	131	'aboutcontent' => array($this, 'about_content'),
47124c	132	));
T	133	}
	134
	135	/**
	136	* Set environment variable
	137	*
	138	* @param string Property name
	139	* @param mixed Property value
	140	* @param boolean True if this property should be added to client environment
	141	*/
	142	public function set_env($name, $value, $addtojs = true)
	143	{
	144	$this->env[$name] = $value;
0301d9	145
47124c	146	if ($addtojs \|\| isset($this->js_env[$name])) {
T	147	$this->js_env[$name] = $value;
	148	}
681ba6	149	}
AM	150
	151	/**
	152	* Parse and set assets path
	153	*
	154	* @param string Assets path (relative or absolute URL)
	155	*/
	156	public function set_assets_path($path, $fs_dir = null)
	157	{
	158	if (empty($path)) {
	159	return;
	160	}
	161
	162	$path = rtrim($path, '/') . '/';
	163
	164	// handle relative assets path
	165	if (!preg_match('\|^https?://\|', $path) && $path[0] != '/') {
	166	// save the path to search for asset files later
	167	$this->assets_dir = $path;
	168
	169	$base = preg_replace('/[?#&].*$/', '', $_SERVER['REQUEST_URI']);
	170	$base = rtrim($base, '/');
	171
	172	// remove url token if exists
	173	if ($len = intval($this->config->get('use_secure_urls'))) {
	174	$_base = explode('/', $base);
	175	$last = count($_base) - 1;
	176	$length = $len > 1 ? $len : 16; // as in rcube::get_secure_url_token()
	177
	178	// we can't use real token here because it
	179	// does not exists in unauthenticated state,
	180	// hope this will not produce false-positive matches
	181	if ($last > -1 && preg_match('/^[a-f0-9]{' . $length . '}$/', $_base[$last])) {
	182	$path = '../' . $path;
	183	}
	184	}
	185	}
	186
	187	// set filesystem path for assets
	188	if ($fs_dir) {
	189	if ($fs_dir[0] != '/') {
	190	$fs_dir = realpath(RCUBE_INSTALL_PATH . $fs_dir);
	191	}
	192	// ensure the path ends with a slash
	193	$this->assets_dir = rtrim($fs_dir, '/') . '/';
	194	}
	195
	196	$this->assets_path = $path;
	197	$this->set_env('assets_path', $path);
47124c	198	}
f645ce	199
T	200	/**
	201	* Getter for the current page title
	202	*
	203	* @return string The page title
	204	*/
0c2596	205	protected function get_pagetitle()
f645ce	206	{
T	207	if (!empty($this->pagetitle)) {
	208	$title = $this->pagetitle;
	209	}
	210	else if ($this->env['task'] == 'login') {
0c2596	211	$title = $this->app->gettext(array(
A	212	'name' => 'welcome',
	213	'vars' => array('product' => $this->config->get('product_name')
	214	)));
f645ce	215	}
T	216	else {
	217	$title = ucfirst($this->env['task']);
	218	}
ad334a	219
f645ce	220	return $title;
T	221	}
0c2596	222
e58df3	223	/**
A	224	* Set skin
	225	*/
	226	public function set_skin($skin)
	227	{
89a5dc	228	// Sanity check to prevent from path traversal vulnerability (#1490620)
AM	229	if (strpos($skin, '/') !== false \|\| strpos($skin, "\\") !== false) {
	230	rcube::raise_error(array(
	231	'file' => __FILE__,
	232	'line' => __LINE__,
	233	'message' => 'Invalid skin name'
	234	), true, false);
	235
	236	return false;
	237	}
	238
62c791	239	$valid = false;
b7addf	240	$path = RCUBE_INSTALL_PATH . 'skins/';
ad334a	241
b7addf	242	if (!empty($skin) && is_dir($path . $skin) && is_readable($path . $skin)) {
AM	243	$skin_path = 'skins/' . $skin;
	244	$valid = true;
62c791	245	}
T	246	else {
0c2596	247	$skin_path = $this->config->get('skin_path');
A	248	if (!$skin_path) {
aff970	249	$skin_path = 'skins/' . rcube_config::DEFAULT_SKIN;
0c2596	250	}
62c791	251	$valid = !$skin;
T	252	}
423065	253
1ffab0	254	$skin_path = rtrim($skin_path, '/');
AM	255
0c2596	256	$this->config->set('skin_path', $skin_path);
1730cf	257	$this->base_path = $skin_path;
ad334a	258
8fa22e	259	// register skin path(s)
TB	260	$this->skin_paths = array();
	261	$this->load_skin($skin_path);
	262
62c791	263	return $valid;
8fa22e	264	}
TB	265
	266	/**
	267	* Helper method to recursively read skin meta files and register search paths
	268	*/
	269	private function load_skin($skin_path)
	270	{
	271	$this->skin_paths[] = $skin_path;
	272
	273	// read meta file and check for dependecies
b7addf	274	$meta = @file_get_contents(RCUBE_INSTALL_PATH . $skin_path . '/meta.json');
AM	275	$meta = @json_decode($meta, true);
b0ce5c	276
TB	277	$meta['path'] = $skin_path;
	278	$skin_id = end(explode('/', $skin_path));
	279	if (!$meta['name']) {
	280	$meta['name'] = $skin_id;
	281	}
	282	$this->skins[$skin_id] = $meta;
	283
b7addf	284	if ($meta['extends']) {
AM	285	$path = RCUBE_INSTALL_PATH . 'skins/';
	286	if (is_dir($path . $meta['extends']) && is_readable($path . $meta['extends'])) {
	287	$this->load_skin('skins/' . $meta['extends']);
	288	}
8fa22e	289	}
e58df3	290	}
fc7b5b	291
T	292	/**
e58df3	293	* Check if a specific template exists
A	294	*
	295	* @param string Template name
	296	* @return boolean True if template exists
	297	*/
	298	public function template_exists($name)
	299	{
8fa22e	300	foreach ($this->skin_paths as $skin_path) {
b7addf	301	$filename = RCUBE_INSTALL_PATH . $skin_path . '/templates/' . $name . '.html';
AM	302	if ((is_file($filename) && is_readable($filename))
	303	\|\| ($this->deprecated_templates[$name] && $this->template_exists($this->deprecated_templates[$name]))
	304	) {
	305	return true;
	306	}
8fa22e	307	}
47124c	308
b7addf	309	return false;
AM	310	}
47124c	311
T	312	/**
28de39	313	* Find the given file in the current skin path stack
TB	314	*
	315	* @param string File name/path to resolve (starting with /)
	316	* @param string Reference to the base path of the matching skin
	317	* @param string Additional path to search in
681ba6	318	*
28de39	319	* @return mixed Relative path to the requested file or False if not found
TB	320	*/
bc53e2	321	public function get_skin_file($file, &$skin_path = null, $add_path = null)
28de39	322	{
TB	323	$skin_paths = $this->skin_paths;
8f57ce	324	if ($add_path) {
28de39	325	array_unshift($skin_paths, $add_path);
8f57ce	326	}
28de39	327
TB	328	foreach ($skin_paths as $skin_path) {
681ba6	329	$path = realpath(RCUBE_INSTALL_PATH . $skin_path . $file);
AM	330
	331	if ($path && is_file($path)) {
28de39	332	return $skin_path . $file;
681ba6	333	}
AM	334
	335	if ($this->assets_dir != RCUBE_INSTALL_PATH) {
	336	$path = realpath($this->assets_dir . $skin_path . $file);
	337
	338	if ($path && is_file($path)) {
	339	return $skin_path . $file;
	340	}
28de39	341	}
TB	342	}
	343
	344	return false;
	345	}
	346
	347	/**
47124c	348	* Register a GUI object to the client script
T	349	*
	350	* @param string Object name
	351	* @param string Object ID
	352	* @return void
	353	*/
	354	public function add_gui_object($obj, $id)
	355	{
60226a	356	$this->add_script(self::JS_OBJECT_NAME.".gui_object('$obj', '$id');");
47124c	357	}
T	358
	359	/**
	360	* Call a client method
	361	*
	362	* @param string Method to call
	363	* @param ... Additional arguments
	364	*/
	365	public function command()
	366	{
0e99d3	367	$cmd = func_get_args();
f66383	368	if (strpos($cmd[0], 'plugin.') !== false)
8f57ce	369	$this->js_commands[] = array('triggerEvent', $cmd[0], $cmd[1]);
f66383	370	else
8f57ce	371	$this->js_commands[] = $cmd;
47124c	372	}
T	373
	374	/**
	375	* Add a localized label to the client environment
	376	*/
	377	public function add_label()
	378	{
cc97ea	379	$args = func_get_args();
T	380	if (count($args) == 1 && is_array($args[0]))
8f57ce	381	$args = $args[0];
ad334a	382
cc97ea	383	foreach ($args as $name) {
0c2596	384	$this->js_labels[$name] = $this->app->gettext($name);
47124c	385	}
T	386	}
	387
	388	/**
	389	* Invoke display_message command
	390	*
7f5a84	391	* @param string $message Message to display
A	392	* @param string $type Message type [notice\|confirm\|error]
	393	* @param array $vars Key-value pairs to be replaced in localized text
	394	* @param boolean $override Override last set message
	395	* @param int $timeout Message display time in seconds
47124c	396	* @uses self::command()
T	397	*/
7f5a84	398	public function show_message($message, $type='notice', $vars=null, $override=true, $timeout=0)
47124c	399	{
69f18a	400	if ($override \|\| !$this->message) {
0c2596	401	if ($this->app->text_exists($message)) {
8dd172	402	if (!empty($vars))
A	403	$vars = array_map('Q', $vars);
0c2596	404	$msgtext = $this->app->gettext(array('name' => $message, 'vars' => $vars));
8dd172	405	}
A	406	else
	407	$msgtext = $message;
	408
69f18a	409	$this->message = $message;
7f5a84	410	$this->command('display_message', $msgtext, $type, $timeout * 1000);
69f18a	411	}
47124c	412	}
T	413
	414	/**
	415	* Delete all stored env variables and commands
4d1fe2	416	*
AM	417	* @param bool $all Reset all env variables (including internal)
47124c	418	*/
4d1fe2	419	public function reset($all = false)
47124c	420	{
e46d06	421	$framed = $this->framed;
8f57ce	422	$env = $all ? null : array_intersect_key($this->env, array('extwin'=>1, 'framed'=>1));
d30460	423
0c2596	424	parent::reset();
d30460	425
TB	426	// let some env variables survive
8f57ce	427	$this->env = $this->js_env = $env;
AM	428	$this->framed = $framed \|\| $this->env['framed'];
4d1fe2	429	$this->js_labels = array();
AM	430	$this->js_commands = array();
0c2596	431	$this->script_files = array();
A	432	$this->scripts = array();
	433	$this->header = '';
	434	$this->footer = '';
	435	$this->body = '';
e46d06	436
TB	437	// load defaults
	438	if (!$all) {
	439	$this->__construct();
	440	}
47124c	441	}
0c2596	442
47124c	443	/**
c719f3	444	* Redirect to a certain url
T	445	*
681ba6	446	* @param mixed $p Either a string with the action or url parameters as key-value pairs
AM	447	* @param int $delay Delay in seconds
	448	* @param bool $secure Redirect to secure location (see rcmail::url())
c719f3	449	*/
681ba6	450	public function redirect($p = array(), $delay = 1, $secure = false)
c719f3	451	{
271efe	452	if ($this->env['extwin'])
TB	453	$p['extwin'] = 1;
681ba6	454	$location = $this->app->url($p, false, false, $secure);
c719f3	455	header('Location: ' . $location);
T	456	exit;
	457	}
	458
	459	/**
47124c	460	* Send the request output to the client.
T	461	* This will either parse a skin tempalte or send an AJAX response
	462	*
	463	* @param string Template name
	464	* @param boolean True if script should terminate (default)
	465	*/
	466	public function send($templ = null, $exit = true)
	467	{
	468	if ($templ != 'iframe') {
a366a3	469	// prevent from endless loops
f78dab	470	if ($exit != 'recur' && $this->app->plugins->is_processing('render_page')) {
0c2596	471	rcube::raise_error(array('code' => 505, 'type' => 'php',
030db5	472	'file' => __FILE__, 'line' => __LINE__,
T	473	'message' => 'Recursion alert: ignoring output->send()'), true, false);
a366a3	474	return;
T	475	}
47124c	476	$this->parse($templ, false);
T	477	}
	478	else {
4d1fe2	479	$this->framed = true;
47124c	480	$this->write();
T	481	}
	482
c6514e	483	// set output asap
T	484	ob_flush();
	485	flush();
ad334a	486
c6514e	487	if ($exit) {
47124c	488	exit;
T	489	}
	490	}
0c2596	491
47124c	492	/**
T	493	* Process template and write to stdOut
	494	*
0c2596	495	* @param string $template HTML template content
47124c	496	*/
T	497	public function write($template = '')
	498	{
8f57ce	499	if (!empty($this->script_files)) {
AM	500	$this->set_env('request_token', $this->app->get_request_token());
	501	}
ef27a6	502
ffc748	503	$commands = $this->get_js_commands($framed);
8f57ce	504
ffc748	505	// if all js commands go to parent window we can ignore all
AM	506	// script files and skip rcube_webmail initialization (#1489792)
	507	if ($framed) {
	508	$this->scripts = array();
	509	$this->script_files = array();
ef51ae	510	$this->header = '';
AM	511	$this->footer = '';
4d1fe2	512	}
ffc748	513
AM	514	// write all javascript commands
	515	$this->add_script($commands, 'head_top');
ad334a	516
c170bf	517	// send clickjacking protection headers
8f57ce	518	$iframe = $this->framed \|\| $this->env['framed'];
AM	519	if (!headers_sent() && ($xframe = $this->app->config->get('x_frame_options', 'sameorigin'))) {
c170bf	520	header('X-Frame-Options: ' . ($iframe && $xframe == 'deny' ? 'sameorigin' : $xframe));
8f57ce	521	}
47124c	522
T	523	// call super method
0c2596	524	$this->_write($template, $this->config->get('skin_path'));
47124c	525	}
T	526
	527	/**
c739c7	528	* Parse a specific skin template and deliver to stdout (or return)
47124c	529	*
T	530	* @param string Template name
	531	* @param boolean Exit script
c739c7	532	* @param boolean Don't write to stdout, return parsed content instead
A	533	*
47124c	534	* @link http://php.net/manual/en/function.exit.php
T	535	*/
c739c7	536	function parse($name = 'main', $exit = true, $write = true)
47124c	537	{
8f57ce	538	$plugin = false;
AM	539	$realname = $name;
8d526c	540	$plugin_skin_paths = array();
TB	541
8fa22e	542	$this->template_name = $realname;
8e99ff	543
8fa22e	544	$temp = explode('.', $name, 2);
e7008c	545	if (count($temp) > 1) {
8f57ce	546	$plugin = $temp[0];
AM	547	$name = $temp[1];
	548	$skin_dir = $plugin . '/skins/' . $this->config->get('skin');
ca18a9	549
8fa22e	550	// apply skin search escalation list to plugin directory
TB	551	foreach ($this->skin_paths as $skin_path) {
28de39	552	$plugin_skin_paths[] = $this->app->plugins->url . $plugin . '/' . $skin_path;
8fa22e	553	}
TB	554
	555	// add fallback to default skin
	556	if (is_dir($this->app->plugins->dir . $plugin . '/skins/default')) {
20d50d	557	$skin_dir = $plugin . '/skins/default';
28de39	558	$plugin_skin_paths[] = $this->app->plugins->url . $skin_dir;
8fa22e	559	}
TB	560
8d526c	561	// prepend plugin skin paths to search list
8fa22e	562	$this->skin_paths = array_merge($plugin_skin_paths, $this->skin_paths);
TB	563	}
	564
	565	// find skin template
	566	$path = false;
	567	foreach ($this->skin_paths as $skin_path) {
681ba6	568	$path = RCUBE_INSTALL_PATH . "$skin_path/templates/$name.html";
8fa22e	569
TB	570	// fallback to deprecated template names
	571	if (!is_readable($path) && $this->deprecated_templates[$realname]) {
681ba6	572	$path = RCUBE_INSTALL_PATH . "$skin_path/templates/" . $this->deprecated_templates[$realname] . ".html";
bc66f7	573
TB	574	if (is_readable($path)) {
	575	rcube::raise_error(array(
	576	'code' => 502, 'type' => 'php',
	577	'file' => __FILE__, 'line' => __LINE__,
	578	'message' => "Using deprecated template '" . $this->deprecated_templates[$realname]
	579	. "' in $skin_path/templates. Please rename to '$realname'"),
	580	true, false);
	581	}
8fa22e	582	}
TB	583
	584	if (is_readable($path)) {
	585	$this->config->set('skin_path', $skin_path);
3806f1	586	$this->base_path = preg_replace('!plugins/\w+/!', '', $skin_path); // set base_path to core skin directory (not plugin's skin)
44e3bf	587	$skin_dir = preg_replace('!^plugins/!', '', $skin_path);
8fa22e	588	break;
TB	589	}
	590	else {
	591	$path = false;
20d50d	592	}
e7008c	593	}
ad334a	594
ff73e0	595	// read template file
8fa22e	596	if (!$path \|\| ($templ = @file_get_contents($path)) === false) {
0c2596	597	rcube::raise_error(array(
c7a88f	598	'code' => 404,
47124c	599	'type' => 'php',
T	600	'line' => __LINE__,
	601	'file' => __FILE__,
ca18a9	602	'message' => 'Error loading template for '.$realname
397cf7	603	), true, $write);
8d526c	604
TB	605	$this->skin_paths = array_slice($this->skin_paths, count($plugin_skin_paths));
47124c	606	return false;
T	607	}
ad334a	608
66f68e	609	// replace all path references to plugins/... with the configured plugins dir
T	610	// and /this/ to the current plugin skin directory
e7008c	611	if ($plugin) {
20d50d	612	$templ = preg_replace(array('/\bplugins\//', '/(["\']?)\/this\//'), array($this->app->plugins->url, '\\1'.$this->app->plugins->url.$skin_dir.'/'), $templ);
e7008c	613	}
47124c	614
T	615	// parse for specialtags
	616	$output = $this->parse_conditions($templ);
	617	$output = $this->parse_xml($output);
ad334a	618
742d61	619	// trigger generic hook where plugins can put additional content to the page
ca18a9	620	$hook = $this->app->plugins->exec_hook("render_page", array('template' => $realname, 'content' => $output));
47124c	621
e4a4ca	622	// save some memory
A	623	$output = $hook['content'];
	624	unset($hook['content']);
	625
5172ac	626	// make sure all <form> tags have a valid request token
T	627	$output = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $output);
	628	$this->footer = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $this->footer);
	629
8d526c	630	// remove plugin skin paths from current context
TB	631	$this->skin_paths = array_slice($this->skin_paths, count($plugin_skin_paths));
	632
5be6dc	633	if (!$write) {
c739c7	634	return $output;
47124c	635	}
ad334a	636
5be6dc	637	$this->write(trim($output));
AM	638
47124c	639	if ($exit) {
T	640	exit;
	641	}
	642	}
	643
	644	/**
	645	* Return executable javascript code for all registered commands
	646	*
	647	* @return string $out
	648	*/
ffc748	649	protected function get_js_commands(&$framed = null)
47124c	650	{
19138e	651	$out = '';
ffc748	652	$parent_commands = 0;
19138e	653	$top_commands = array();
8f57ce	654
19138e	655	// these should be always on top,
AM	656	// e.g. hide_message() below depends on env.framed
	657	if (!$this->framed && !empty($this->js_env)) {
	658	$top_commands[] = array('set_env', $this->js_env);
	659	}
	660	if (!empty($this->js_labels)) {
	661	$top_commands[] = array('add_label', $this->js_labels);
	662	}
	663
	664	// unlock interface after iframe load
	665	$unlock = preg_replace('/[^a-z0-9]/i', '', $_REQUEST['_unlock']);
	666	if ($this->framed) {
	667	$top_commands[] = array('iframe_loaded', $unlock);
	668	}
	669	else if ($unlock) {
	670	$top_commands[] = array('hide_message', $unlock);
	671	}
	672
	673	$commands = array_merge($top_commands, $this->js_commands);
	674
	675	foreach ($commands as $i => $args) {
47124c	676	$method = array_shift($args);
8f57ce	677	$parent = $this->framed \|\| preg_match('/^parent\./', $method);
AM	678
47124c	679	foreach ($args as $i => $arg) {
0c2596	680	$args[$i] = self::json_serialize($arg);
47124c	681	}
8f57ce	682
ffc748	683	if ($parent) {
AM	684	$parent_commands++;
	685	$method = preg_replace('/^parent\./', '', $method);
	686	$parent_prefix = 'if (window.parent && parent.' . self::JS_OBJECT_NAME . ') parent.';
	687	$method = $parent_prefix . self::JS_OBJECT_NAME . '.' . $method;
	688	}
	689	else {
	690	$method = self::JS_OBJECT_NAME . '.' . $method;
	691	}
	692
	693	$out .= sprintf("%s(%s);\n", $method, implode(',', $args));
	694	}
	695
19138e	696	$framed = $parent_prefix && $parent_commands == count($commands);
ffc748	697
AM	698	// make the output more compact if all commands go to parent window
	699	if ($framed) {
	700	$out = "if (window.parent && parent." . self::JS_OBJECT_NAME . ") {\n"
	701	. str_replace($parent_prefix, "\tparent.", $out)
	702	. "}\n";
47124c	703	}
ad334a	704
47124c	705	return $out;
T	706	}
	707
	708	/**
	709	* Make URLs starting with a slash point to skin directory
	710	*
	711	* @param string Input string
28de39	712	* @param boolean True if URL should be resolved using the current skin path stack
47124c	713	* @return string
T	714	*/
28de39	715	public function abs_url($str, $search_path = false)
47124c	716	{
28de39	717	if ($str[0] == '/') {
8f57ce	718	if ($search_path && ($file_url = $this->get_skin_file($str, $skin_path))) {
28de39	719	return $file_url;
8f57ce	720	}
28de39	721
8fa22e	722	return $this->base_path . $str;
28de39	723	}
8f57ce	724
AM	725	return $str;
0c2596	726	}
A	727
	728	/**
	729	* Show error page and terminate script execution
	730	*
	731	* @param int $code Error code
	732	* @param string $message Error message
	733	*/
	734	public function raise_error($code, $message)
	735	{
	736	global $__page_content, $ERROR_CODE, $ERROR_MESSAGE;
	737
	738	$ERROR_CODE = $code;
	739	$ERROR_MESSAGE = $message;
	740
9be2f4	741	include RCUBE_INSTALL_PATH . 'program/steps/utils/error.inc';
0c2596	742	exit;
47124c	743	}
T	744
681ba6	745	/**
AM	746	* Modify path by adding URL prefix if configured
	747	*/
	748	public function asset_url($path)
	749	{
	750	// iframe content can't be in a different domain
	751	// @TODO: check if assests are on a different domain
	752
	753	if (!$this->assets_path \|\| in_array($path[0], array('?', '/', '.')) \|\| strpos($path, '://')) {
	754	return $path;
	755	}
	756
	757	return $this->assets_path . $path;
	758	}
	759
47124c	760
T	761	/*** Template parsing methods ***/
	762
	763	/**
	764	* Replace all strings ($varname)
	765	* with the content of the according global variable.
	766	*/
0c2596	767	protected function parse_with_globals($input)
47124c	768	{
0c2596	769	$GLOBALS['__version'] = html::quote(RCMAIL_VERSION);
A	770	$GLOBALS['__comm_path'] = html::quote($this->app->comm_path);
8fa22e	771	$GLOBALS['__skin_path'] = html::quote($this->base_path);
0c2596	772
5740c0	773	return preg_replace_callback('/\$(__[a-z0-9_\-]+)/',
0c2596	774	array($this, 'globals_callback'), $input);
5740c0	775	}
0c2596	776
5740c0	777	/**
A	778	* Callback funtion for preg_replace_callback() in parse_with_globals()
	779	*/
0c2596	780	protected function globals_callback($matches)
5740c0	781	{
A	782	return $GLOBALS[$matches[1]];
8fa22e	783	}
TB	784
	785	/**
	786	* Correct absolute paths in images and other tags
	787	* add timestamp to .js and .css filename
	788	*/
	789	protected function fix_paths($output)
	790	{
	791	return preg_replace_callback(
	792	'!(src\|href\|background)=(["\']?)([a-z0-9/_.-]+)(["\'\s>])!i',
	793	array($this, 'file_callback'), $output);
	794	}
	795
	796	/**
681ba6	797	* Callback function for preg_replace_callback in fix_paths()
8fa22e	798	*
TB	799	* @return string Parsed string
	800	*/
	801	protected function file_callback($matches)
	802	{
	803	$file = $matches[3];
76f4f7	804	$file = preg_replace('!^/this/!', '/', $file);
8fa22e	805
TB	806	// correct absolute paths
	807	if ($file[0] == '/') {
	808	$file = $this->base_path . $file;
	809	}
	810
	811	// add file modification timestamp
538e64	812	if (preg_match('/\.(js\|css)$/', $file, $m)) {
c562a3	813	$file = $this->file_mod($file);
8fa22e	814	}
TB	815
	816	return $matches[1] . '=' . $matches[2] . $file . $matches[4];
c562a3	817	}
AM	818
	819	/**
681ba6	820	* Correct paths of asset files according to assets_path
AM	821	*/
	822	protected function fix_assets_paths($output)
	823	{
	824	return preg_replace_callback(
	825	'!(src\|href\|background)=(["\']?)([a-z0-9/_.?=-]+)(["\'\s>])!i',
	826	array($this, 'assets_callback'), $output);
	827	}
	828
	829	/**
	830	* Callback function for preg_replace_callback in fix_assets_paths()
	831	*
	832	* @return string Parsed string
	833	*/
	834	protected function assets_callback($matches)
	835	{
	836	$file = $this->asset_url($matches[3]);
	837
	838	return $matches[1] . '=' . $matches[2] . $file . $matches[4];
	839	}
	840
	841	/**
c562a3	842	* Modify file by adding mtime indicator
AM	843	*/
	844	protected function file_mod($file)
	845	{
	846	$fs = false;
	847	$ext = substr($file, strrpos($file, '.') + 1);
	848
	849	// use minified file if exists (not in development mode)
	850	if (!$this->devel_mode && !preg_match('/\.min\.' . $ext . '$/', $file)) {
	851	$minified_file = substr($file, 0, strlen($ext) * -1) . 'min.' . $ext;
681ba6	852	if ($fs = @filemtime($this->assets_dir . $minified_file)) {
c562a3	853	return $minified_file . '?s=' . $fs;
AM	854	}
	855	}
	856
681ba6	857	if ($fs = @filemtime($this->assets_dir . $file)) {
c562a3	858	$file .= '?s=' . $fs;
AM	859	}
	860
	861	return $file;
47124c	862	}
0c2596	863
47124c	864	/**
T	865	* Public wrapper to dipp into template parsing.
	866	*
	867	* @param string $input
	868	* @return string
a7e8eb	869	* @uses rcmail_output_html::parse_xml()
47124c	870	* @since 0.1-rc1
T	871	*/
	872	public function just_parse($input)
	873	{
b01d84	874	$input = $this->parse_conditions($input);
AM	875	$input = $this->parse_xml($input);
	876
	877	return $input;
47124c	878	}
0c2596	879
47124c	880	/**
T	881	* Parse for conditional tags
	882	*
	883	* @param string $input
	884	* @return string
	885	*/
0c2596	886	protected function parse_conditions($input)
47124c	887	{
84581e	888	$matches = preg_split('/<roundcube:(if\|elseif\|else\|endif)\s+([^>]+)>\n?/is', $input, 2, PREG_SPLIT_DELIM_CAPTURE);
47124c	889	if ($matches && count($matches) == 4) {
T	890	if (preg_match('/^(else\|endif)$/i', $matches[1])) {
	891	return $matches[0] . $this->parse_conditions($matches[3]);
	892	}
0c2596	893	$attrib = html::parse_attrib_string($matches[2]);
47124c	894	if (isset($attrib['condition'])) {
T	895	$condmet = $this->check_condition($attrib['condition']);
84581e	896	$submatches = preg_split('/<roundcube:(elseif\|else\|endif)\s+([^>]+)>\n?/is', $matches[3], 2, PREG_SPLIT_DELIM_CAPTURE);
47124c	897	if ($condmet) {
T	898	$result = $submatches[0];
84581e	899	$result.= ($submatches[1] != 'endif' ? preg_replace('/.*<roundcube:endif\s+[^>]+>\n?/Uis', '', $submatches[3], 1) : $submatches[3]);
47124c	900	}
T	901	else {
	902	$result = "<roundcube:$submatches[1] $submatches[2]>" . $submatches[3];
	903	}
	904	return $matches[0] . $this->parse_conditions($result);
	905	}
0c2596	906	rcube::raise_error(array(
47124c	907	'code' => 500,
T	908	'type' => 'php',
	909	'line' => __LINE__,
	910	'file' => __FILE__,
	911	'message' => "Unable to parse conditional tag " . $matches[2]
	912	), true, false);
	913	}
	914	return $input;
	915	}
	916
	917	/**
	918	* Determines if a given condition is met
	919	*
	920	* @todo Extend this to allow real conditions, not just "set"
	921	* @param string Condition statement
8e1d4a	922	* @return boolean True if condition is met, False if not
47124c	923	*/
0c2596	924	protected function check_condition($condition)
47124c	925	{
029d18	926	return $this->eval_expression($condition);
549933	927	}
ad334a	928
549933	929	/**
2eb794	930	* Inserts hidden field with CSRF-prevention-token into POST forms
549933	931	*/
0c2596	932	protected function alter_form_tag($matches)
549933	933	{
0c2596	934	$out = $matches[0];
A	935	$attrib = html::parse_attrib_string($matches[1]);
ad334a	936
549933	937	if (strtolower($attrib['method']) == 'post') {
T	938	$hidden = new html_hiddenfield(array('name' => '_token', 'value' => $this->app->get_request_token()));
	939	$out .= "\n" . $hidden->show();
	940	}
ad334a	941
549933	942	return $out;
8e1d4a	943	}
A	944
	945	/**
58e3a5	946	* Parse & evaluate a given expression and return its result.
f790b4	947	*
AM	948	* @param string Expression statement
	949	*
	950	* @return mixed Expression result
8e1d4a	951	*/
f790b4	952	protected function eval_expression ($expression)
AM	953	{
58e3a5	954	$expression = preg_replace(
47124c	955	array(
T	956	'/session:([a-z0-9_]+)/i',
f645ce	957	'/config:([a-z0-9_]+)(:([a-z0-9_]+))?/i',
40353f	958	'/env:([a-z0-9_]+)/i',
A	959	'/request:([a-z0-9_]+)/i',
	960	'/cookie:([a-z0-9_]+)/i',
8e99ff	961	'/browser:([a-z0-9_]+)/i',
A	962	'/template:name/i',
47124c	963	),
T	964	array(
	965	"\$_SESSION['\\1']",
d67485	966	"\$app->config->get('\\1',rcube_utils::get_boolean('\\3'))",
AW	967	"\$env['\\1']",
1aceb9	968	"rcube_utils::get_input_value('\\1', rcube_utils::INPUT_GPC)",
a17fe6	969	"\$_COOKIE['\\1']",
d67485	970	"\$browser->{'\\1'}",
8e99ff	971	$this->template_name,
47124c	972	),
58e3a5	973	$expression
AW	974	);
f790b4	975
d67485	976	$fn = create_function('$app,$browser,$env', "return ($expression);");
f790b4	977	if (!$fn) {
58e3a5	978	rcube::raise_error(array(
AW	979	'code' => 505,
	980	'type' => 'php',
	981	'file' => __FILE__,
	982	'line' => __LINE__,
	983	'message' => "Expression parse error on: ($expression)"), true, false);
f790b4	984
AM	985	return null;
58e3a5	986	}
f790b4	987
d67485	988	return $fn($this->app, $this->browser, $this->env);
47124c	989	}
T	990
	991	/**
	992	* Search for special tags in input and replace them
	993	* with the appropriate content
	994	*
	995	* @param string Input string to parse
	996	* @return string Altered input string
06655a	997	* @todo Use DOM-parser to traverse template HTML
47124c	998	* @todo Maybe a cache.
T	999	*/
0c2596	1000	protected function parse_xml($input)
47124c	1001	{
6af593	1002	return preg_replace_callback('/<roundcube:([-_a-z]+)\s+((?:[^>]\|\\\\>)+)(?<!\\\\)>/Ui', array($this, 'xml_command'), $input);
6f488b	1003	}
A	1004
	1005	/**
cc97ea	1006	* Callback function for parsing an xml command tag
T	1007	* and turn it into real html content
47124c	1008	*
cc97ea	1009	* @param array Matches array of preg_replace_callback
47124c	1010	* @return string Tag/Object content
T	1011	*/
0c2596	1012	protected function xml_command($matches)
47124c	1013	{
cc97ea	1014	$command = strtolower($matches[1]);
0c2596	1015	$attrib = html::parse_attrib_string($matches[2]);
47124c	1016
T	1017	// empty output if required condition is not met
	1018	if (!empty($attrib['condition']) && !$this->check_condition($attrib['condition'])) {
	1019	return '';
	1020	}
	1021
22a2c5	1022	// localize title and summary attributes
d58c39	1023	if ($command != 'button' && !empty($attrib['title']) && $this->app->text_exists($attrib['title'])) {
22a2c5	1024	$attrib['title'] = $this->app->gettext($attrib['title']);
TB	1025	}
d58c39	1026	if ($command != 'button' && !empty($attrib['summary']) && $this->app->text_exists($attrib['summary'])) {
22a2c5	1027	$attrib['summary'] = $this->app->gettext($attrib['summary']);
TB	1028	}
	1029
47124c	1030	// execute command
T	1031	switch ($command) {
	1032	// return a button
	1033	case 'button':
875a48	1034	if ($attrib['name'] \|\| $attrib['command']) {
47124c	1035	return $this->button($attrib);
T	1036	}
	1037	break;
	1038
b7d33e	1039	// frame
AM	1040	case 'frame':
	1041	return $this->frame($attrib);
	1042	break;
	1043
47124c	1044	// show a label
T	1045	case 'label':
8fa22e	1046	if ($attrib['expression'])
fe245e	1047	$attrib['name'] = $this->eval_expression($attrib['expression']);
8fa22e	1048
47124c	1049	if ($attrib['name'] \|\| $attrib['command']) {
0c2596	1050	$vars = $attrib + array('product' => $this->config->get('product_name'));
c87806	1051	unset($vars['name'], $vars['command']);
0d80fa	1052
AM	1053	$label = $this->app->gettext($attrib + array('vars' => $vars));
f707fe	1054	$quoting = !empty($attrib['quoting']) ? strtolower($attrib['quoting']) : (rcube_utils::get_boolean((string)$attrib['html']) ? 'no' : '');
0d80fa	1055
8ef203	1056	// 'noshow' can be used in skins to define new labels
TB	1057	if ($attrib['noshow']) {
	1058	return '';
	1059	}
	1060
fa8f6e	1061	switch ($quoting) {
TB	1062	case 'no':
0d80fa	1063	case 'raw':
AM	1064	break;
fa8f6e	1065	case 'javascript':
0d80fa	1066	case 'js':
10da75	1067	$label = rcube::JQ($label);
0d80fa	1068	break;
AM	1069	default:
	1070	$label = html::quote($label);
	1071	break;
fa8f6e	1072	}
0d80fa	1073
AM	1074	return $label;
47124c	1075	}
T	1076	break;
	1077
	1078	// include a file
	1079	case 'include':
8fa22e	1080	$old_base_path = $this->base_path;
175739	1081	if (!empty($attrib['skin_path'])) $attrib['skinpath'] = $attrib['skin_path'];
19b0d4	1082	if ($path = $this->get_skin_file($attrib['file'], $skin_path, $attrib['skinpath'])) {
2a0d3f	1083	$this->base_path = preg_replace('!plugins/\w+/!', '', $skin_path); // set base_path to core skin directory (not plugin's skin)
681ba6	1084	$path = realpath(RCUBE_INSTALL_PATH . $path);
8fa22e	1085	}
0c2596	1086
ff73e0	1087	if (is_readable($path)) {
0c2596	1088	if ($this->config->get('skin_include_php')) {
47124c	1089	$incl = $this->include_php($path);
T	1090	}
ff73e0	1091	else {
cc97ea	1092	$incl = file_get_contents($path);
T	1093	}
b4f7c6	1094	$incl = $this->parse_conditions($incl);
8fa22e	1095	$incl = $this->parse_xml($incl);
TB	1096	$incl = $this->fix_paths($incl);
	1097	$this->base_path = $old_base_path;
	1098	return $incl;
47124c	1099	}
T	1100	break;
	1101
	1102	case 'plugin.include':
cc97ea	1103	$hook = $this->app->plugins->exec_hook("template_plugin_include", $attrib);
T	1104	return $hook['content'];
ad334a	1105
cc97ea	1106	// define a container block
T	1107	case 'container':
	1108	if ($attrib['name'] && $attrib['id']) {
	1109	$this->command('gui_container', $attrib['name'], $attrib['id']);
	1110	// let plugins insert some content here
	1111	$hook = $this->app->plugins->exec_hook("template_container", $attrib);
	1112	return $hook['content'];
47124c	1113	}
T	1114	break;
	1115
	1116	// return code for a specific application object
	1117	case 'object':
	1118	$object = strtolower($attrib['name']);
cc97ea	1119	$content = '';
47124c	1120
T	1121	// we are calling a class/method
	1122	if (($handler = $this->object_handlers[$object]) && is_array($handler)) {
	1123	if ((is_object($handler[0]) && method_exists($handler[0], $handler[1])) \|\|
	1124	(is_string($handler[0]) && class_exists($handler[0])))
cc97ea	1125	$content = call_user_func($handler, $attrib);
47124c	1126	}
cc97ea	1127	// execute object handler function
47124c	1128	else if (function_exists($handler)) {
cc97ea	1129	$content = call_user_func($handler, $attrib);
47124c	1130	}
f23073	1131	else if ($object == 'doctype') {
T	1132	$content = html::doctype($attrib['value']);
	1133	}
ae39c4	1134	else if ($object == 'logo') {
T	1135	$attrib += array('alt' => $this->xml_command(array('', 'object', 'name="productname"')));
a77504	1136
fb4474	1137	if ($logo = $this->config->get('skin_logo')) {
P	1138	if (is_array($logo)) {
	1139	if ($template_logo = $logo[$this->template_name]) {
	1140	$attrib['src'] = $template_logo;
	1141	}
	1142	elseif ($template_logo = $logo['*']) {
	1143	$attrib['src'] = $template_logo;
	1144	}
	1145	}
	1146	else {
	1147	$attrib['src'] = $logo;
	1148	}
a77504	1149	}
P	1150
ae39c4	1151	$content = html::img($attrib);
T	1152	}
cc97ea	1153	else if ($object == 'productname') {
0c2596	1154	$name = $this->config->get('product_name', 'Roundcube Webmail');
A	1155	$content = html::quote($name);
47124c	1156	}
cc97ea	1157	else if ($object == 'version') {
c8fb2b	1158	$ver = (string)RCMAIL_VERSION;
9be2f4	1159	if (is_file(RCUBE_INSTALL_PATH . '.svn/entries')) {
c8fb2b	1160	if (preg_match('/Revision:\s(\d+)/', @shell_exec('svn info'), $regs))
T	1161	$ver .= ' [SVN r'.$regs[1].']';
	1162	}
9be2f4	1163	else if (is_file(RCUBE_INSTALL_PATH . '.git/index')) {
914c3e	1164	if (preg_match('/Date:\s+([^\n]+)/', @shell_exec('git log -1'), $regs)) {
AM	1165	if ($date = date('Ymd.Hi', strtotime($regs[1]))) {
	1166	$ver .= ' [GIT '.$date.']';
	1167	}
	1168	}
	1169	}
0c2596	1170	$content = html::quote($ver);
47124c	1171	}
cc97ea	1172	else if ($object == 'steptitle') {
0c2596	1173	$content = html::quote($this->get_pagetitle());
f645ce	1174	}
cc97ea	1175	else if ($object == 'pagetitle') {
538e64	1176	if ($this->devel_mode && !empty($_SESSION['username']))
0c2596	1177	$title = $_SESSION['username'].' :: ';
A	1178	else if ($prod_name = $this->config->get('product_name'))
	1179	$title = $prod_name . ' :: ';
159763	1180	else
0c2596	1181	$title = '';
f645ce	1182	$title .= $this->get_pagetitle();
0c2596	1183	$content = html::quote($title);
47124c	1184	}
ad334a	1185
cc97ea	1186	// exec plugin hooks for this template object
T	1187	$hook = $this->app->plugins->exec_hook("template_object_$object", $attrib + array('content' => $content));
	1188	return $hook['content'];
8e1d4a	1189
A	1190	// return code for a specified eval expression
	1191	case 'exp':
f790b4	1192	return html::quote($this->eval_expression($attrib['expression']));
ad334a	1193
47124c	1194	// return variable
T	1195	case 'var':
	1196	$var = explode(':', $attrib['name']);
	1197	$name = $var[1];
	1198	$value = '';
	1199
	1200	switch ($var[0]) {
	1201	case 'env':
	1202	$value = $this->env[$name];
	1203	break;
	1204	case 'config':
0c2596	1205	$value = $this->config->get($name);
c321a9	1206	if (is_array($value) && $value[$_SESSION['storage_host']]) {
T	1207	$value = $value[$_SESSION['storage_host']];
47124c	1208	}
T	1209	break;
	1210	case 'request':
1aceb9	1211	$value = rcube_utils::get_input_value($name, rcube_utils::INPUT_GPC);
47124c	1212	break;
T	1213	case 'session':
	1214	$value = $_SESSION[$name];
	1215	break;
d4273b	1216	case 'cookie':
A	1217	$value = htmlspecialchars($_COOKIE[$name]);
	1218	break;
a17fe6	1219	case 'browser':
A	1220	$value = $this->browser->{$name};
	1221	break;
47124c	1222	}
T	1223
	1224	if (is_array($value)) {
	1225	$value = implode(', ', $value);
	1226	}
	1227
0c2596	1228	return html::quote($value);
deb2b8	1229
TB	1230	case 'form':
	1231	return $this->form_tag($attrib);
47124c	1232	}
T	1233	return '';
	1234	}
0c2596	1235
47124c	1236	/**
T	1237	* Include a specific file and return it's contents
	1238	*
	1239	* @param string File path
	1240	* @return string Contents of the processed file
	1241	*/
0c2596	1242	protected function include_php($file)
47124c	1243	{
T	1244	ob_start();
	1245	include $file;
	1246	$out = ob_get_contents();
	1247	ob_end_clean();
	1248
	1249	return $out;
	1250	}
	1251
	1252	/**
	1253	* Create and register a button
	1254	*
	1255	* @param array Named button attributes
	1256	* @return string HTML button
	1257	* @todo Remove all inline JS calls and use jQuery instead.
	1258	* @todo Remove all sprintf()'s - they are pretty, but also slow.
	1259	*/
ed132e	1260	public function button($attrib)
47124c	1261	{
d01f9f	1262	static $s_button_count = 100;
AM	1263	static $disabled_actions = null;
47124c	1264
T	1265	// these commands can be called directly via url
cc97ea	1266	$a_static_commands = array('compose', 'list', 'preferences', 'folders', 'identities');
47124c	1267
c49c35	1268	if (!($attrib['command'] \|\| $attrib['name'] \|\| $attrib['href'])) {
47124c	1269	return '';
T	1270	}
ae0c82	1271
d01f9f	1272
47124c	1273	// try to find out the button type
T	1274	if ($attrib['type']) {
	1275	$attrib['type'] = strtolower($attrib['type']);
d01f9f	1276	if ($pos = strpos($attrib['type'], '-menuitem')) {
AM	1277	$attrib['type'] = substr($attrib['type'], 0, -9);
	1278	$menuitem = true;
	1279	}
47124c	1280	}
T	1281	else {
	1282	$attrib['type'] = ($attrib['image'] \|\| $attrib['imagepas'] \|\| $attrib['imageact']) ? 'image' : 'link';
	1283	}
e9b5a6	1284
47124c	1285	$command = $attrib['command'];
T	1286
d01f9f	1287	if ($attrib['task']) {
AM	1288	$element = $command = $attrib['task'] . '.' . $command;
	1289	}
	1290	else {
	1291	$element = ($this->env['task'] ? $this->env['task'] . '.' : '') . $command;
	1292	}
	1293
	1294	if ($disabled_actions === null) {
	1295	$disabled_actions = (array) $this->config->get('disabled_actions');
	1296	}
	1297
	1298	// remove buttons for disabled actions
	1299	if (in_array($element, $disabled_actions)) {
	1300	return '';
	1301	}
ad334a	1302
af3cf8	1303	if (!$attrib['image']) {
T	1304	$attrib['image'] = $attrib['imagepas'] ? $attrib['imagepas'] : $attrib['imageact'];
	1305	}
47124c	1306
T	1307	if (!$attrib['id']) {
	1308	$attrib['id'] = sprintf('rcmbtn%d', $s_button_count++);
	1309	}
	1310	// get localized text for labels and titles
	1311	if ($attrib['title']) {
0c2596	1312	$attrib['title'] = html::quote($this->app->gettext($attrib['title'], $attrib['domain']));
47124c	1313	}
T	1314	if ($attrib['label']) {
0c2596	1315	$attrib['label'] = html::quote($this->app->gettext($attrib['label'], $attrib['domain']));
47124c	1316	}
T	1317	if ($attrib['alt']) {
0c2596	1318	$attrib['alt'] = html::quote($this->app->gettext($attrib['alt'], $attrib['domain']));
47124c	1319	}
9b2ccd	1320
e8bcf0	1321	// set accessibility attributes
TB	1322	if (!$attrib['role']) {
	1323	$attrib['role'] = 'button';
	1324	}
	1325	if (!empty($attrib['class']) && !empty($attrib['classact']) \|\| !empty($attrib['imagepas']) && !empty($attrib['imageact'])) {
ea0866	1326	if (array_key_exists('tabindex', $attrib))
TB	1327	$attrib['data-tabindex'] = $attrib['tabindex'];
e8bcf0	1328	$attrib['tabindex'] = '-1'; // disable button by default
TB	1329	$attrib['aria-disabled'] = 'true';
	1330	}
	1331
47124c	1332	// set title to alt attribute for IE browsers
c9e9fe	1333	if ($this->browser->ie && !$attrib['title'] && $attrib['alt']) {
A	1334	$attrib['title'] = $attrib['alt'];
47124c	1335	}
T	1336
	1337	// add empty alt attribute for XHTML compatibility
	1338	if (!isset($attrib['alt'])) {
	1339	$attrib['alt'] = '';
	1340	}
	1341
	1342	// register button in the system
	1343	if ($attrib['command']) {
	1344	$this->add_script(sprintf(
	1345	"%s.register_button('%s', '%s', '%s', '%s', '%s', '%s');",
60226a	1346	self::JS_OBJECT_NAME,
47124c	1347	$command,
T	1348	$attrib['id'],
	1349	$attrib['type'],
ae0c82	1350	$attrib['imageact'] ? $this->abs_url($attrib['imageact']) : $attrib['classact'],
A	1351	$attrib['imagesel'] ? $this->abs_url($attrib['imagesel']) : $attrib['classsel'],
	1352	$attrib['imageover'] ? $this->abs_url($attrib['imageover']) : ''
47124c	1353	));
T	1354
	1355	// make valid href to specific buttons
197601	1356	if (in_array($attrib['command'], rcmail::$main_tasks)) {
0c2596	1357	$attrib['href'] = $this->app->url(array('task' => $attrib['command']));
60226a	1358	$attrib['onclick'] = sprintf("return %s.command('switch-task','%s',this,event)", self::JS_OBJECT_NAME, $attrib['command']);
47124c	1359	}
e9b5a6	1360	else if ($attrib['task'] && in_array($attrib['task'], rcmail::$main_tasks)) {
0c2596	1361	$attrib['href'] = $this->app->url(array('action' => $attrib['command'], 'task' => $attrib['task']));
e9b5a6	1362	}
47124c	1363	else if (in_array($attrib['command'], $a_static_commands)) {
0c2596	1364	$attrib['href'] = $this->app->url(array('action' => $attrib['command']));
a25d39	1365	}
271efe	1366	else if (($attrib['command'] == 'permaurl' \|\| $attrib['command'] == 'extwin') && !empty($this->env['permaurl'])) {
29f977	1367	$attrib['href'] = $this->env['permaurl'];
T	1368	}
47124c	1369	}
T	1370
	1371	// overwrite attributes
	1372	if (!$attrib['href']) {
	1373	$attrib['href'] = '#';
	1374	}
e9b5a6	1375	if ($attrib['task']) {
T	1376	if ($attrib['classact'])
	1377	$attrib['class'] = $attrib['classact'];
	1378	}
	1379	else if ($command && !$attrib['onclick']) {
47124c	1380	$attrib['onclick'] = sprintf(
c28161	1381	"return %s.command('%s','%s',this,event)",
60226a	1382	self::JS_OBJECT_NAME,
47124c	1383	$command,
T	1384	$attrib['prop']
	1385	);
	1386	}
	1387
	1388	$out = '';
	1389
	1390	// generate image tag
0c2596	1391	if ($attrib['type'] == 'image') {
47124c	1392	$attrib_str = html::attrib_string(
T	1393	$attrib,
	1394	array(
c9e9fe	1395	'style', 'class', 'id', 'width', 'height', 'border', 'hspace',
A	1396	'vspace', 'align', 'alt', 'tabindex', 'title'
47124c	1397	)
T	1398	);
ae0c82	1399	$btn_content = sprintf('<img src="%s"%s />', $this->abs_url($attrib['image']), $attrib_str);
47124c	1400	if ($attrib['label']) {
T	1401	$btn_content .= ' '.$attrib['label'];
	1402	}
c9e9fe	1403	$link_attrib = array('href', 'onclick', 'onmouseover', 'onmouseout', 'onmousedown', 'onmouseup', 'target');
47124c	1404	}
0c2596	1405	else if ($attrib['type'] == 'link') {
356a67	1406	$btn_content = isset($attrib['content']) ? $attrib['content'] : ($attrib['label'] ? $attrib['label'] : $attrib['command']);
59cdb4	1407	$link_attrib = array_merge(html::$common_attrib, array('href', 'onclick', 'tabindex', 'target'));
5587b3	1408	if ($attrib['innerclass'])
T	1409	$btn_content = html::span($attrib['innerclass'], $btn_content);
47124c	1410	}
0c2596	1411	else if ($attrib['type'] == 'input') {
47124c	1412	$attrib['type'] = 'button';
T	1413
	1414	if ($attrib['label']) {
	1415	$attrib['value'] = $attrib['label'];
	1416	}
f94e44	1417	if ($attrib['command']) {
T	1418	$attrib['disabled'] = 'disabled';
	1419	}
47124c	1420
ce6433	1421	$out = html::tag('input', $attrib, null, array('type', 'value', 'onclick', 'id', 'class', 'style', 'tabindex', 'disabled'));
47124c	1422	}
T	1423
	1424	// generate html code for button
	1425	if ($btn_content) {
707911	1426	$attrib_str = html::attrib_string($attrib, $link_attrib);
47124c	1427	$out = sprintf('<a%s>%s</a>', $attrib_str, $btn_content);
T	1428	}
	1429
bc2c43	1430	if ($attrib['wrapper']) {
AM	1431	$out = html::tag($attrib['wrapper'], null, $out);
47124c	1432	}
T	1433
d01f9f	1434	if ($menuitem) {
AM	1435	$class = $attrib['menuitem-class'] ? ' class="' . $attrib['menuitem-class'] . '"' : '';
	1436	$out = '<li role="menuitem"' . $class . '>' . $out . '</li>';
	1437	}
	1438
47124c	1439	return $out;
0c2596	1440	}
A	1441
	1442	/**
	1443	* Link an external script file
	1444	*
	1445	* @param string File URL
	1446	* @param string Target position [head\|foot]
	1447	*/
	1448	public function include_script($file, $position='head')
	1449	{
	1450	if (!preg_match('\|^https?://\|i', $file) && $file[0] != '/') {
c562a3	1451	$file = $this->file_mod($this->scripts_path . $file);
0c2596	1452	}
A	1453
	1454	if (!is_array($this->script_files[$position])) {
	1455	$this->script_files[$position] = array();
	1456	}
	1457
e46d06	1458	if (!in_array($file, $this->script_files[$position])) {
TB	1459	$this->script_files[$position][] = $file;
	1460	}
0c2596	1461	}
A	1462
	1463	/**
	1464	* Add inline javascript code
	1465	*
	1466	* @param string JS code snippet
	1467	* @param string Target position [head\|head_top\|foot]
	1468	*/
	1469	public function add_script($script, $position='head')
	1470	{
	1471	if (!isset($this->scripts[$position])) {
	1472	$this->scripts[$position] = "\n" . rtrim($script);
	1473	}
	1474	else {
	1475	$this->scripts[$position] .= "\n" . rtrim($script);
	1476	}
	1477	}
	1478
	1479	/**
	1480	* Link an external css file
	1481	*
	1482	* @param string File URL
	1483	*/
	1484	public function include_css($file)
	1485	{
	1486	$this->css_files[] = $file;
	1487	}
	1488
	1489	/**
	1490	* Add HTML code to the page header
	1491	*
	1492	* @param string $str HTML code
	1493	*/
	1494	public function add_header($str)
	1495	{
	1496	$this->header .= "\n" . $str;
	1497	}
	1498
	1499	/**
	1500	* Add HTML code to the page footer
	1501	* To be added right befor </body>
	1502	*
	1503	* @param string $str HTML code
	1504	*/
	1505	public function add_footer($str)
	1506	{
	1507	$this->footer .= "\n" . $str;
	1508	}
	1509
	1510	/**
	1511	* Process template and write to stdOut
	1512	*
	1513	* @param string HTML template
	1514	* @param string Base for absolute paths
	1515	*/
	1516	public function _write($templ = '', $base_path = '')
	1517	{
e2f90d	1518	$output = trim($templ);
AM	1519
	1520	if (empty($output)) {
ffc748	1521	$output = html::doctype('html5') . "\n" . $this->default_template;
e2f90d	1522	$is_empty = true;
0c2596	1523	}
A	1524
	1525	// set default page title
	1526	if (empty($this->pagetitle)) {
	1527	$this->pagetitle = 'Roundcube Mail';
	1528	}
	1529
184ed2	1530	// declare page language
TB	1531	if (!empty($_SESSION['language'])) {
	1532	$lang = substr($_SESSION['language'], 0, 2);
	1533	$output = preg_replace('/<html/', '<html lang="' . html::quote($lang) . '"', $output, 1);
	1534	if (!headers_sent()) {
	1535	header('Content-Language: ' . $lang);
	1536	}
	1537	}
	1538
0c2596	1539	// replace specialchars in content
A	1540	$page_title = html::quote($this->pagetitle);
	1541	$page_header = '';
	1542	$page_footer = '';
	1543
	1544	// include meta tag with charset
	1545	if (!empty($this->charset)) {
	1546	if (!headers_sent()) {
	1547	header('Content-Type: text/html; charset=' . $this->charset);
	1548	}
	1549	$page_header = '<meta http-equiv="content-type"';
	1550	$page_header.= ' content="text/html; charset=';
	1551	$page_header.= $this->charset . '" />'."\n";
	1552	}
	1553
	1554	// definition of the code to be placed in the document header and footer
	1555	if (is_array($this->script_files['head'])) {
	1556	foreach ($this->script_files['head'] as $file) {
	1557	$page_header .= html::script($file);
	1558	}
	1559	}
	1560
	1561	$head_script = $this->scripts['head_top'] . $this->scripts['head'];
	1562	if (!empty($head_script)) {
	1563	$page_header .= html::script(array(), $head_script);
	1564	}
	1565
	1566	if (!empty($this->header)) {
	1567	$page_header .= $this->header;
	1568	}
	1569
	1570	// put docready commands into page footer
	1571	if (!empty($this->scripts['docready'])) {
	1572	$this->add_script('$(document).ready(function(){ ' . $this->scripts['docready'] . "\n});", 'foot');
	1573	}
	1574
	1575	if (is_array($this->script_files['foot'])) {
	1576	foreach ($this->script_files['foot'] as $file) {
	1577	$page_footer .= html::script($file);
	1578	}
	1579	}
	1580
	1581	if (!empty($this->footer)) {
	1582	$page_footer .= $this->footer . "\n";
	1583	}
	1584
	1585	if (!empty($this->scripts['foot'])) {
	1586	$page_footer .= html::script(array(), $this->scripts['foot']);
	1587	}
	1588
	1589	// find page header
	1590	if ($hpos = stripos($output, '</head>')) {
	1591	$page_header .= "\n";
	1592	}
	1593	else {
	1594	if (!is_numeric($hpos)) {
	1595	$hpos = stripos($output, '<body');
	1596	}
	1597	if (!is_numeric($hpos) && ($hpos = stripos($output, '<html'))) {
	1598	while ($output[$hpos] != '>') {
	1599	$hpos++;
	1600	}
	1601	$hpos++;
	1602	}
	1603	$page_header = "<head>\n<title>$page_title</title>\n$page_header\n</head>\n";
	1604	}
	1605
	1606	// add page hader
	1607	if ($hpos) {
	1608	$output = substr_replace($output, $page_header, $hpos, 0);
	1609	}
	1610	else {
	1611	$output = $page_header . $output;
	1612	}
	1613
	1614	// add page footer
	1615	if (($fpos = strripos($output, '</body>')) \|\| ($fpos = strripos($output, '</html>'))) {
	1616	$output = substr_replace($output, $page_footer."\n", $fpos, 0);
	1617	}
	1618	else {
	1619	$output .= "\n".$page_footer;
	1620	}
	1621
	1622	// add css files in head, before scripts, for speed up with parallel downloads
e2f90d	1623	if (!empty($this->css_files) && !$is_empty
AM	1624	&& (($pos = stripos($output, '<script ')) \|\| ($pos = stripos($output, '</head>')))
0c2596	1625	) {
A	1626	$css = '';
	1627	foreach ($this->css_files as $file) {
	1628	$css .= html::tag('link', array('rel' => 'stylesheet',
	1629	'type' => 'text/css', 'href' => $file, 'nl' => true));
	1630	}
	1631	$output = substr_replace($output, $css, $pos, 0);
	1632	}
	1633
2a0d3f	1634	$output = $this->parse_with_globals($this->fix_paths($output));
TB	1635
681ba6	1636	if ($this->assets_path) {
AM	1637	$output = $this->fix_assets_paths($output);
	1638	}
	1639
0c2596	1640	// trigger hook with final HTML content to be sent
be98df	1641	$hook = $this->app->plugins->exec_hook("send_page", array('content' => $output));
0c2596	1642	if (!$hook['abort']) {
a92beb	1643	if ($this->charset != RCUBE_CHARSET) {
AM	1644	echo rcube_charset::convert($hook['content'], RCUBE_CHARSET, $this->charset);
0c2596	1645	}
A	1646	else {
	1647	echo $hook['content'];
	1648	}
	1649	}
47124c	1650	}
T	1651
b7d33e	1652	/**
AM	1653	* Returns iframe object, registers some related env variables
	1654	*
	1655	* @param array $attrib HTML attributes
28de39	1656	* @param boolean $is_contentframe Register this iframe as the 'contentframe' gui object
b7d33e	1657	* @return string IFRAME element
AM	1658	*/
28de39	1659	public function frame($attrib, $is_contentframe = false)
b7d33e	1660	{
28de39	1661	static $idcount = 0;
TB	1662
b7d33e	1663	if (!$attrib['id']) {
28de39	1664	$attrib['id'] = 'rcmframe' . ++$idcount;
b7d33e	1665	}
AM	1666
28de39	1667	$attrib['name'] = $attrib['id'];
681ba6	1668	$attrib['src'] = $attrib['src'] ? $this->abs_url($attrib['src'], true) : 'program/resources/blank.gif';
b7d33e	1669
28de39	1670	// register as 'contentframe' object
e0f7b9	1671	if ($is_contentframe \|\| $attrib['contentframe']) {
AM	1672	$this->set_env('contentframe', $attrib['contentframe'] ? $attrib['contentframe'] : $attrib['name']);
681ba6	1673	$this->set_env('blankpage', $this->asset_url($attrib['src']));
28de39	1674	}
b7d33e	1675
AM	1676	return html::iframe($attrib);
	1677	}
	1678
	1679
47124c	1680	/* *********** common functions delivering gui objects ************ */
T	1681
	1682	/**
197601	1683	* Create a form tag with the necessary hidden fields
T	1684	*
	1685	* @param array Named tag parameters
	1686	* @return string HTML code for the form
	1687	*/
	1688	public function form_tag($attrib, $content = null)
	1689	{
8f57ce	1690	if ($this->framed \|\| $this->env['framed']) {
197601	1691	$hiddenfield = new html_hiddenfield(array('name' => '_framed', 'value' => '1'));
T	1692	$hidden = $hiddenfield->show();
	1693	}
271efe	1694	if ($this->env['extwin']) {
TB	1695	$hiddenfield = new html_hiddenfield(array('name' => '_extwin', 'value' => '1'));
	1696	$hidden = $hiddenfield->show();
	1697	}
ad334a	1698
197601	1699	if (!$content)
T	1700	$attrib['noclose'] = true;
ad334a	1701
197601	1702	return html::tag('form',
deb2b8	1703	$attrib + array('action' => $this->app->comm_path, 'method' => "get"),
57f0c8	1704	$hidden . $content,
T	1705	array('id','class','style','name','method','action','enctype','onsubmit'));
	1706	}
ad334a	1707
57f0c8	1708	/**
T	1709	* Build a form tag with a unique request token
	1710	*
	1711	* @param array Named tag parameters including 'action' and 'task' values which will be put into hidden fields
	1712	* @param string Form content
	1713	* @return string HTML code for the form
	1714	*/
747797	1715	public function request_form($attrib, $content = '')
57f0c8	1716	{
T	1717	$hidden = new html_hiddenfield();
	1718	if ($attrib['task']) {
	1719	$hidden->add(array('name' => '_task', 'value' => $attrib['task']));
	1720	}
	1721	if ($attrib['action']) {
	1722	$hidden->add(array('name' => '_action', 'value' => $attrib['action']));
	1723	}
ad334a	1724
57f0c8	1725	unset($attrib['task'], $attrib['request']);
T	1726	$attrib['action'] = './';
ad334a	1727
57f0c8	1728	// we already have a <form> tag
0501b6	1729	if ($attrib['form']) {
8f57ce	1730	if ($this->framed \|\| $this->env['framed'])
0501b6	1731	$hidden->add(array('name' => '_framed', 'value' => '1'));
57f0c8	1732	return $hidden->show() . $content;
0501b6	1733	}
57f0c8	1734	else
T	1735	return $this->form_tag($attrib, $hidden->show() . $content);
197601	1736	}
T	1737
	1738	/**
47124c	1739	* GUI object 'username'
T	1740	* Showing IMAP username of the current session
	1741	*
	1742	* @param array Named tag parameters (currently not used)
	1743	* @return string HTML code for the gui object
	1744	*/
197601	1745	public function current_username($attrib)
47124c	1746	{
T	1747	static $username;
	1748
	1749	// alread fetched
	1750	if (!empty($username)) {
	1751	return $username;
	1752	}
	1753
e99991	1754	// Current username is an e-mail address
A	1755	if (strpos($_SESSION['username'], '@')) {
	1756	$username = $_SESSION['username'];
	1757	}
929a50	1758	// get e-mail address from default identity
e99991	1759	else if ($sql_arr = $this->app->user->get_identity()) {
7e9cec	1760	$username = $sql_arr['email'];
47124c	1761	}
T	1762	else {
7e9cec	1763	$username = $this->app->user->get_username();
47124c	1764	}
T	1765
1aceb9	1766	return rcube_utils::idn_to_utf8($username);
47124c	1767	}
T	1768
	1769	/**
	1770	* GUI object 'loginform'
	1771	* Returns code for the webmail login form
	1772	*
	1773	* @param array Named parameters
	1774	* @return string HTML code for the gui object
	1775	*/
0c2596	1776	protected function login_form($attrib)
47124c	1777	{
0c2596	1778	$default_host = $this->config->get('default_host');
A	1779	$autocomplete = (int) $this->config->get('login_autocomplete');
47124c	1780
T	1781	$_SESSION['temp'] = true;
ad334a	1782
cc97ea	1783	// save original url
1aceb9	1784	$url = rcube_utils::get_input_value('_url', rcube_utils::INPUT_POST);
3a2b27	1785	if (empty($url) && !preg_match('/_(task\|action)=logout/', $_SERVER['QUERY_STRING']))
cc97ea	1786	$url = $_SERVER['QUERY_STRING'];
47124c	1787
b8dc3e	1788	// Disable autocapitalization on iPad/iPhone (#1488609)
AM	1789	$attrib['autocapitalize'] = 'off';
	1790
1cca4f	1791	// set atocomplete attribute
A	1792	$user_attrib = $autocomplete > 0 ? array() : array('autocomplete' => 'off');
	1793	$host_attrib = $autocomplete > 0 ? array() : array('autocomplete' => 'off');
	1794	$pass_attrib = $autocomplete > 1 ? array() : array('autocomplete' => 'off');
	1795
c3be8e	1796	$input_task = new html_hiddenfield(array('name' => '_task', 'value' => 'login'));
47124c	1797	$input_action = new html_hiddenfield(array('name' => '_action', 'value' => 'login'));
c8ae24	1798	$input_tzone = new html_hiddenfield(array('name' => '_timezone', 'id' => 'rcmlogintz', 'value' => '_default_'));
cc97ea	1799	$input_url = new html_hiddenfield(array('name' => '_url', 'id' => 'rcmloginurl', 'value' => $url));
8df6bb	1800	$input_user = new html_inputfield(array('name' => '_user', 'id' => 'rcmloginuser', 'required' => 'required')
1cca4f	1801	+ $attrib + $user_attrib);
8df6bb	1802	$input_pass = new html_passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd', 'required' => 'required')
1cca4f	1803	+ $attrib + $pass_attrib);
47124c	1804	$input_host = null;
T	1805
f3e101	1806	if (is_array($default_host) && count($default_host) > 1) {
47124c	1807	$input_host = new html_select(array('name' => '_host', 'id' => 'rcmloginhost'));
T	1808
	1809	foreach ($default_host as $key => $value) {
	1810	if (!is_array($value)) {
	1811	$input_host->add($value, (is_numeric($key) ? $value : $key));
	1812	}
	1813	else {
	1814	$input_host = null;
	1815	break;
	1816	}
	1817	}
f3e101	1818	}
6ff0c3	1819	else if (is_array($default_host) && ($host = key($default_host)) !== null) {
f3e101	1820	$hide_host = true;
A	1821	$input_host = new html_hiddenfield(array(
6ff0c3	1822	'name' => '_host', 'id' => 'rcmloginhost', 'value' => is_numeric($host) ? $default_host[$host] : $host) + $attrib);
47124c	1823	}
e3e597	1824	else if (empty($default_host)) {
1cca4f	1825	$input_host = new html_inputfield(array('name' => '_host', 'id' => 'rcmloginhost')
A	1826	+ $attrib + $host_attrib);
47124c	1827	}
T	1828
	1829	$form_name = !empty($attrib['form']) ? $attrib['form'] : 'form';
	1830	$this->add_gui_object('loginform', $form_name);
	1831
	1832	// create HTML table with two cols
	1833	$table = new html_table(array('cols' => 2));
	1834
0c2596	1835	$table->add('title', html::label('rcmloginuser', html::quote($this->app->gettext('username'))));
1aceb9	1836	$table->add('input', $input_user->show(rcube_utils::get_input_value('_user', rcube_utils::INPUT_GPC)));
47124c	1837
0c2596	1838	$table->add('title', html::label('rcmloginpwd', html::quote($this->app->gettext('password'))));
497013	1839	$table->add('input', $input_pass->show());
47124c	1840
T	1841	// add host selection row
f3e101	1842	if (is_object($input_host) && !$hide_host) {
0c2596	1843	$table->add('title', html::label('rcmloginhost', html::quote($this->app->gettext('server'))));
1aceb9	1844	$table->add('input', $input_host->show(rcube_utils::get_input_value('_host', rcube_utils::INPUT_GPC)));
47124c	1845	}
T	1846
c3be8e	1847	$out = $input_task->show();
T	1848	$out .= $input_action->show();
c8ae24	1849	$out .= $input_tzone->show();
cc97ea	1850	$out .= $input_url->show();
47124c	1851	$out .= $table->show();
ad334a	1852
f3e101	1853	if ($hide_host) {
A	1854	$out .= $input_host->show();
	1855	}
47124c	1856
904fec	1857	if (rcube_utils::get_boolean($attrib['submit'])) {
AM	1858	$submit = new html_inputfield(array('type' => 'submit', 'id' => 'rcmloginsubmit',
	1859	'class' => 'button mainaction', 'value' => $this->app->gettext('login')));
	1860	$out .= html::p('formbuttons', $submit->show());
	1861	}
	1862
47124c	1863	// surround html output with a form tag
T	1864	if (empty($attrib['form'])) {
f3e101	1865	$out = $this->form_tag(array('name' => $form_name, 'method' => 'post'), $out);
47124c	1866	}
T	1867
086b15	1868	// include script for timezone detection
TB	1869	$this->include_script('jstz.min.js');
	1870
47124c	1871	return $out;
T	1872	}
	1873
	1874	/**
8e211a	1875	* GUI object 'preloader'
A	1876	* Loads javascript code for images preloading
	1877	*
	1878	* @param array Named parameters
	1879	* @return void
	1880	*/
0c2596	1881	protected function preloader($attrib)
8e211a	1882	{
A	1883	$images = preg_split('/[\s\t\n,]+/', $attrib['images'], -1, PREG_SPLIT_NO_EMPTY);
	1884	$images = array_map(array($this, 'abs_url'), $images);
681ba6	1885	$images = array_map(array($this, 'asset_url'), $images);
8e211a	1886
681ba6	1887	if (empty($images) \|\| $_REQUEST['_task'] == 'logout') {
8e211a	1888	return;
681ba6	1889	}
8e211a	1890
0c2596	1891	$this->add_script('var images = ' . self::json_serialize($images) .';
8e211a	1892	for (var i=0; i<images.length; i++) {
A	1893	img = new Image();
	1894	img.src = images[i];
044d66	1895	}', 'docready');
8e211a	1896	}
A	1897
	1898	/**
47124c	1899	* GUI object 'searchform'
T	1900	* Returns code for search function
	1901	*
	1902	* @param array Named parameters
	1903	* @return string HTML code for the gui object
	1904	*/
0c2596	1905	protected function search_form($attrib)
47124c	1906	{
T	1907	// add some labels to client
	1908	$this->add_label('searching');
	1909
	1910	$attrib['name'] = '_q';
	1911
	1912	if (empty($attrib['id'])) {
	1913	$attrib['id'] = 'rcmqsearchbox';
	1914	}
a3f149	1915	if ($attrib['type'] == 'search' && !$this->browser->khtml) {
2eb794	1916	unset($attrib['type'], $attrib['results']);
a3f149	1917	}
ad334a	1918
47124c	1919	$input_q = new html_inputfield($attrib);
T	1920	$out = $input_q->show();
	1921
	1922	$this->add_gui_object('qsearchbox', $attrib['id']);
	1923
	1924	// add form tag around text field
	1925	if (empty($attrib['form'])) {
197601	1926	$out = $this->form_tag(array(
904fec	1927	'name' => "rcmqsearchform",
60226a	1928	'onsubmit' => self::JS_OBJECT_NAME . ".command('search'); return false",
904fec	1929	'style' => "display:inline"),
2eb794	1930	$out);
47124c	1931	}
T	1932
	1933	return $out;
	1934	}
	1935
	1936	/**
	1937	* Builder for GUI object 'message'
	1938	*
	1939	* @param array Named tag parameters
	1940	* @return string HTML code for the gui object
	1941	*/
0c2596	1942	protected function message_container($attrib)
47124c	1943	{
T	1944	if (isset($attrib['id']) === false) {
	1945	$attrib['id'] = 'rcmMessageContainer';
	1946	}
	1947
	1948	$this->add_gui_object('message', $attrib['id']);
0c2596	1949
A	1950	return html::div($attrib, '');
47124c	1951	}
T	1952
	1953	/**
	1954	* GUI object 'charsetselector'
	1955	*
	1956	* @param array Named parameters for the select tag
	1957	* @return string HTML code for the gui object
	1958	*/
0c2596	1959	public function charset_selector($attrib)
47124c	1960	{
T	1961	// pass the following attributes to the form class
	1962	$field_attrib = array('name' => '_charset');
	1963	foreach ($attrib as $attr => $value) {
e55ab0	1964	if (in_array($attr, array('id', 'name', 'class', 'style', 'size', 'tabindex'))) {
47124c	1965	$field_attrib[$attr] = $value;
T	1966	}
	1967	}
e55ab0	1968
47124c	1969	$charsets = array(
0c2596	1970	'UTF-8' => 'UTF-8 ('.$this->app->gettext('unicode').')',
A	1971	'US-ASCII' => 'ASCII ('.$this->app->gettext('english').')',
	1972	'ISO-8859-1' => 'ISO-8859-1 ('.$this->app->gettext('westerneuropean').')',
	1973	'ISO-8859-2' => 'ISO-8859-2 ('.$this->app->gettext('easterneuropean').')',
	1974	'ISO-8859-4' => 'ISO-8859-4 ('.$this->app->gettext('baltic').')',
	1975	'ISO-8859-5' => 'ISO-8859-5 ('.$this->app->gettext('cyrillic').')',
	1976	'ISO-8859-6' => 'ISO-8859-6 ('.$this->app->gettext('arabic').')',
	1977	'ISO-8859-7' => 'ISO-8859-7 ('.$this->app->gettext('greek').')',
	1978	'ISO-8859-8' => 'ISO-8859-8 ('.$this->app->gettext('hebrew').')',
	1979	'ISO-8859-9' => 'ISO-8859-9 ('.$this->app->gettext('turkish').')',
	1980	'ISO-8859-10' => 'ISO-8859-10 ('.$this->app->gettext('nordic').')',
	1981	'ISO-8859-11' => 'ISO-8859-11 ('.$this->app->gettext('thai').')',
	1982	'ISO-8859-13' => 'ISO-8859-13 ('.$this->app->gettext('baltic').')',
	1983	'ISO-8859-14' => 'ISO-8859-14 ('.$this->app->gettext('celtic').')',
	1984	'ISO-8859-15' => 'ISO-8859-15 ('.$this->app->gettext('westerneuropean').')',
	1985	'ISO-8859-16' => 'ISO-8859-16 ('.$this->app->gettext('southeasterneuropean').')',
	1986	'WINDOWS-1250' => 'Windows-1250 ('.$this->app->gettext('easterneuropean').')',
	1987	'WINDOWS-1251' => 'Windows-1251 ('.$this->app->gettext('cyrillic').')',
	1988	'WINDOWS-1252' => 'Windows-1252 ('.$this->app->gettext('westerneuropean').')',
	1989	'WINDOWS-1253' => 'Windows-1253 ('.$this->app->gettext('greek').')',
	1990	'WINDOWS-1254' => 'Windows-1254 ('.$this->app->gettext('turkish').')',
	1991	'WINDOWS-1255' => 'Windows-1255 ('.$this->app->gettext('hebrew').')',
	1992	'WINDOWS-1256' => 'Windows-1256 ('.$this->app->gettext('arabic').')',
	1993	'WINDOWS-1257' => 'Windows-1257 ('.$this->app->gettext('baltic').')',
	1994	'WINDOWS-1258' => 'Windows-1258 ('.$this->app->gettext('vietnamese').')',
	1995	'ISO-2022-JP' => 'ISO-2022-JP ('.$this->app->gettext('japanese').')',
	1996	'ISO-2022-KR' => 'ISO-2022-KR ('.$this->app->gettext('korean').')',
	1997	'ISO-2022-CN' => 'ISO-2022-CN ('.$this->app->gettext('chinese').')',
	1998	'EUC-JP' => 'EUC-JP ('.$this->app->gettext('japanese').')',
	1999	'EUC-KR' => 'EUC-KR ('.$this->app->gettext('korean').')',
	2000	'EUC-CN' => 'EUC-CN ('.$this->app->gettext('chinese').')',
	2001	'BIG5' => 'BIG5 ('.$this->app->gettext('chinese').')',
	2002	'GB2312' => 'GB2312 ('.$this->app->gettext('chinese').')',
e55ab0	2003	);
47124c	2004
089e53	2005	if (!empty($_POST['_charset'])) {
AM	2006	$set = $_POST['_charset'];
	2007	}
	2008	else if (!empty($attrib['selected'])) {
	2009	$set = $attrib['selected'];
	2010	}
	2011	else {
	2012	$set = $this->get_charset();
	2013	}
47124c	2014
089e53	2015	$set = strtoupper($set);
AM	2016	if (!isset($charsets[$set])) {
	2017	$charsets[$set] = $set;
	2018	}
e55ab0	2019
A	2020	$select = new html_select($field_attrib);
	2021	$select->add(array_values($charsets), array_keys($charsets));
	2022
	2023	return $select->show($set);
47124c	2024	}
T	2025
1a0f60	2026	/**
T	2027	* Include content from config/about.<LANG>.html if available
	2028	*/
0c2596	2029	protected function about_content($attrib)
1a0f60	2030	{
T	2031	$content = '';
	2032	$filenames = array(
	2033	'about.' . $_SESSION['language'] . '.html',
	2034	'about.' . substr($_SESSION['language'], 0, 2) . '.html',
	2035	'about.html',
	2036	);
	2037	foreach ($filenames as $file) {
592668	2038	$fn = RCUBE_CONFIG_DIR . $file;
1a0f60	2039	if (is_readable($fn)) {
T	2040	$content = file_get_contents($fn);
	2041	$content = $this->parse_conditions($content);
	2042	$content = $this->parse_xml($content);
	2043	break;
	2044	}
	2045	}
	2046
	2047	return $content;
	2048	}
	2049
0c2596	2050	}