From 041c93ce0bc00cb6417ce2e4bdce2ed84d37f50a Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 May 2012 06:31:37 -0400
Subject: [PATCH] Removed $Id$
---
program/include/html.php | 137 ++++++++++++++++++++++++++++++++++-----------
1 files changed, 104 insertions(+), 33 deletions(-)
diff --git a/program/include/html.php b/program/include/html.php
index c225f7d..b42da1d 100644
--- a/program/include/html.php
+++ b/program/include/html.php
@@ -5,8 +5,11 @@
| program/include/html.php |
| |
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2005-2010, The Roundcube Dev Team |
- | Licensed under the GNU GPL |
+ | Copyright (C) 2005-2011, The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
| |
| PURPOSE: |
| Helper class to create valid XHTML code |
@@ -14,10 +17,7 @@
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
-
- $Id$
-
- */
+*/
/**
@@ -80,12 +80,12 @@
$tagname = self::$lc_tags ? strtolower($tagname) : $tagname;
if (isset($content) || in_array($tagname, self::$containers)) {
- $templ = $attrib['noclose'] ? "<%s%s>%s" : "<%s%s>%s</%s>%s";
- unset($attrib['noclose']);
- return sprintf($templ, $tagname, self::attrib_string($attrib, $allowed_attrib), $content, $tagname, $suffix);
+ $suffix = $attrib['noclose'] ? $suffix : '</' . $tagname . '>' . $suffix;
+ unset($attrib['noclose'], $attrib['nl']);
+ return '<' . $tagname . self::attrib_string($attrib, $allowed_attrib) . '>' . $content . $suffix;
}
else {
- return sprintf("<%s%s />%s", $tagname, self::attrib_string($attrib, $allowed_attrib), $suffix);
+ return '<' . $tagname . self::attrib_string($attrib, $allowed_attrib) . '>' . $suffix;
}
}
@@ -154,7 +154,7 @@
$attr = array('src' => $attr);
}
return self::tag('img', $attr + array('alt' => ''), null, array_merge(self::$common_attrib,
- array('src','alt','width','height','border','usemap')));
+ array('src','alt','width','height','border','usemap','onclick')));
}
/**
@@ -219,7 +219,31 @@
$attr = array('src' => $attr);
}
return self::tag('iframe', $attr, $cont, array_merge(self::$common_attrib,
- array('src','name','width','height','border','frameborder')));
+ array('src','name','width','height','border','frameborder')));
+ }
+
+ /**
+ * Derrived method to create <script> tags
+ *
+ * @param mixed $attr Hash array with tag attributes or string with script source (src)
+ * @param string $cont Javascript code to be placed as tag content
+ * @return string HTML code
+ * @see html::tag()
+ */
+ public static function script($attr, $cont = null)
+ {
+ if (is_string($attr)) {
+ $attr = array('src' => $attr);
+ }
+ if ($cont) {
+ if (self::$doctype == 'xhtml')
+ $cont = "\n/* <![CDATA[ */\n" . $cont . "\n/* ]]> */\n";
+ else
+ $cont = "\n" . $cont . "\n";
+ }
+
+ return self::tag('script', $attr + array('type' => 'text/javascript', 'nl' => true),
+ $cont, array_merge(self::$common_attrib, array('src','type','charset')));
}
/**
@@ -250,7 +274,7 @@
$attrib_arr = array();
foreach ($attrib as $key => $value) {
// skip size if not numeric
- if (($key=='size' && !is_numeric($value))) {
+ if ($key == 'size' && !is_numeric($value)) {
continue;
}
@@ -267,19 +291,62 @@
// attributes with no value
if (in_array($key, array('checked', 'multiple', 'disabled', 'selected'))) {
if ($value) {
- $attrib_arr[] = sprintf('%s="%s"', $key, $key);
+ $attrib_arr[] = $key . '="' . $key . '"';
}
}
- else if ($key=='value') {
- $attrib_arr[] = sprintf('%s="%s"', $key, Q($value, 'strict', false));
- }
else {
- $attrib_arr[] = sprintf('%s="%s"', $key, Q($value));
+ $attrib_arr[] = $key . '="' . self::quote($value, true) . '"';
}
}
+
return count($attrib_arr) ? ' '.implode(' ', $attrib_arr) : '';
}
+
+ /**
+ * Convert a HTML attribute string attributes to an associative array (name => value)
+ *
+ * @param string Input string
+ * @return array Key-value pairs of parsed attributes
+ */
+ public static function parse_attrib_string($str)
+ {
+ $attrib = array();
+ $regexp = '/\s*([-_a-z]+)=(["\'])??(?(2)([^\2]*)\2|(\S+?))/Ui';
+
+ preg_match_all($regexp, stripslashes($str), $regs, PREG_SET_ORDER);
+
+ // convert attributes to an associative array (name => value)
+ if ($regs) {
+ foreach ($regs as $attr) {
+ $attrib[strtolower($attr[1])] = html_entity_decode($attr[3] . $attr[4]);
+ }
+ }
+
+ return $attrib;
+ }
+
+ /**
+ * Replacing specials characters in html attribute value
+ *
+ * @param string $str Input string
+ * @param bool $validate Enables double quotation prevention
+ *
+ * @return string The quoted string
+ */
+ public static function quote($str, $validate = false)
+ {
+ $str = htmlspecialchars($str, ENT_COMPAT, RCMAIL_CHARSET);
+
+ // avoid douple quotation of &
+ // @TODO: get rid of it
+ if ($validate) {
+ $str = preg_replace('/&([A-Za-z]{2,6}|#[0-9]{2,4});/', '&\\1;', $str);
+ }
+
+ return $str;
+ }
}
+
/**
* Class to create an HTML input field
@@ -290,9 +357,11 @@
{
protected $tagname = 'input';
protected $type = 'text';
- protected $allowed = array('type','name','value','size','tabindex',
- 'autocomplete','checked','onchange','onclick','disabled','readonly',
- 'spellcheck','results','maxlength','src','multiple');
+ protected $allowed = array(
+ 'type','name','value','size','tabindex',
+ 'autocomplete','checked','onchange','onclick','disabled','readonly',
+ 'spellcheck','results','maxlength','src','multiple','placeholder',
+ );
/**
* Object constructor
@@ -307,10 +376,6 @@
if ($attrib['type']) {
$this->type = $attrib['type'];
- }
-
- if ($attrib['newline']) {
- $this->newline = true;
}
}
@@ -354,11 +419,12 @@
* @package HTML
*/
-class html_hiddenfield extends html_inputfield
+class html_hiddenfield extends html
{
+ protected $tagname = 'input';
protected $type = 'hidden';
protected $fields_arr = array();
- protected $newline = true;
+ protected $allowed = array('type','name','value','onchange','disabled','readonly');
/**
* Constructor
@@ -492,12 +558,12 @@
unset($this->attrib['value']);
}
- if (!empty($value) && !preg_match('/mce_editor/', $this->attrib['class'])) {
- $value = Q($value, 'strict', false);
+ if (!empty($value) && empty($this->attrib['is_escaped'])) {
+ $value = self::quote($value, true);
}
return self::tag($this->tagname, $this->attrib, $value,
- array_merge(self::$common_attrib, $this->allowed));
+ array_merge(self::$common_attrib, $this->allowed));
}
}
@@ -526,7 +592,7 @@
protected $options = array();
protected $allowed = array('name','size','tabindex','autocomplete',
'multiple','onchange','disabled','rel');
-
+
/**
* Add a new option to this drop-down
*
@@ -567,8 +633,14 @@
'selected' => (in_array($option['value'], $select, true) ||
in_array($option['text'], $select, true)) ? 1 : null);
- $this->content .= self::tag('option', $attr, Q($option['text']));
+ $option_content = $option['text'];
+ if (empty($this->attrib['is_escaped'])) {
+ $option_content = self::quote($option_content, true);
+ }
+
+ $this->content .= self::tag('option', $attr, $option_content);
}
+
return parent::show();
}
}
@@ -779,4 +851,3 @@
}
}
-
--
Gitblit v1.9.1