| | |
|---|
| | | <?php |
|---|
| | | |
|---|
| | | /* |
|---|
| | | /** |
|---|
| | | +-----------------------------------------------------------------------+ |
|---|
| | | | program/include/rcmail_output_html.php | |
|---|
| | | | | |
|---|
| | |
|---|
| | | | Author: Thomas Bruederli <roundcube@gmail.com> | |
|---|
| | | +-----------------------------------------------------------------------+ |
|---|
| | | */ |
|---|
| | | |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * Class to create HTML page output using a skin template |
|---|
| | |
|---|
| | | */ |
|---|
| | | public function set_skin($skin) |
|---|
| | | { |
|---|
| | | // Sanity check to prevent from path traversal vulnerability (#1490620) |
|---|
| | | if (strpos($skin, '/') !== false || strpos($skin, "\\") !== false) { |
|---|
| | | rcube::raise_error(array( |
|---|
| | | 'file' => __FILE__, |
|---|
| | | 'line' => __LINE__, |
|---|
| | | 'message' => 'Invalid skin name' |
|---|
| | | ), true, false); |
|---|
| | | |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $valid = false; |
|---|
| | | $path = RCUBE_INSTALL_PATH . 'skins/'; |
|---|
| | | |
|---|
| | |
|---|
| | | $meta = @file_get_contents(RCUBE_INSTALL_PATH . $skin_path . '/meta.json'); |
|---|
| | | $meta = @json_decode($meta, true); |
|---|
| | | |
|---|
| | | $meta['path'] = $skin_path; |
|---|
| | | $skin_id = end(explode('/', $skin_path)); |
|---|
| | | $meta['path'] = $skin_path; |
|---|
| | | $path_elements = explode('/', $skin_path); |
|---|
| | | $skin_id = end($path_elements); |
|---|
| | | |
|---|
| | | if (!$meta['name']) { |
|---|
| | | $meta['name'] = $skin_id; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $this->skins[$skin_id] = $meta; |
|---|
| | | |
|---|
| | | if ($meta['extends']) { |
|---|
| | |
|---|
| | | if ($override || !$this->message) { |
|---|
| | | if ($this->app->text_exists($message)) { |
|---|
| | | if (!empty($vars)) |
|---|
| | | $vars = array_map('Q', $vars); |
|---|
| | | $vars = array_map(array('rcube','Q'), $vars); |
|---|
| | | $msgtext = $this->app->gettext(array('name' => $message, 'vars' => $vars)); |
|---|
| | | } |
|---|
| | | else |
|---|
| | |
|---|
| | | "rcube_utils::get_input_value('\\1', rcube_utils::INPUT_GPC)", |
|---|
| | | "\$_COOKIE['\\1']", |
|---|
| | | "\$browser->{'\\1'}", |
|---|
| | | $this->template_name, |
|---|
| | | "'" . $this->template_name . "'", |
|---|
| | | ), |
|---|
| | | $expression |
|---|
| | | ); |
|---|
| | |
|---|
| | | if (!($attrib['command'] || $attrib['name'] || $attrib['href'])) { |
|---|
| | | return ''; |
|---|
| | | } |
|---|
| | | |
|---|
| | | |
|---|
| | | // try to find out the button type |
|---|
| | | if ($attrib['type']) { |
|---|
| | |
|---|
| | | |
|---|
| | | return $content; |
|---|
| | | } |
|---|
| | | |
|---|
| | | } |
|---|
