From 2bbc3da52aee81e920e46778d68278bd31f7bb6b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Wed, 08 Aug 2012 02:44:46 -0400
Subject: [PATCH] - Check request tokens also in devel_mode
---
program/include/rcube_shared.inc | 776 +++++++++++++++++++++-------------------------------------
1 files changed, 285 insertions(+), 491 deletions(-)
diff --git a/program/include/rcube_shared.inc b/program/include/rcube_shared.inc
index 547174b..85f2784 100644
--- a/program/include/rcube_shared.inc
+++ b/program/include/rcube_shared.inc
@@ -2,318 +2,100 @@
/*
+-----------------------------------------------------------------------+
- | rcube_shared.inc |
+ | program/include/rcube_shared.inc |
| |
- | This file is part of the RoundCube PHP suite |
- | Copyright (C) 2005-2007, RoundCube Dev. - Switzerland |
- | Licensed under the GNU GPL |
+ | This file is part of the Roundcube PHP suite |
+ | Copyright (C) 2005-2012, The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
| |
| CONTENTS: |
- | Shared functions and classes used in PHP projects |
+ | Shared functions used by Roundcube Framework |
| |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
-
- $Id$
-
*/
/**
- * RoundCube shared functions
- *
+ * Roundcube shared functions
+ *
* @package Core
*/
/**
- * Send HTTP headers to prevent caching this page
- */
-function send_nocacheing_headers()
-{
- if (headers_sent())
- return;
-
- header("Expires: ".gmdate("D, d M Y H:i:s")." GMT");
- header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
- header("Cache-Control: private, must-revalidate, post-check=0, pre-check=0");
- header("Pragma: no-cache");
-
- // We need to set the following headers to make downloads work using IE in HTTPS mode.
- if (rcube_https_check()) {
- header('Pragma: ');
- header('Cache-Control: ');
- }
-}
-
-
-/**
- * Send header with expire date 30 days in future
- *
- * @param int Expiration time in seconds
- */
-function send_future_expire_header($offset=2600000)
-{
- if (headers_sent())
- return;
-
- header("Expires: ".gmdate("D, d M Y H:i:s", mktime()+$offset)." GMT");
- header("Cache-Control: max-age=$offset");
- header("Pragma: ");
-}
-
-
-/**
- * Check request for If-Modified-Since and send an according response.
- * This will terminate the current script if headers match the given values
- *
- * @param int Modified date as unix timestamp
- * @param string Etag value for caching
- */
-function send_modified_header($mdate, $etag=null, $skip_check=false)
-{
- if (headers_sent())
- return;
-
- $iscached = false;
- $etag = $etag ? "\"$etag\"" : null;
-
- if (!$skip_check)
- {
- if ($_SERVER['HTTP_IF_MODIFIED_SINCE'] && strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= $mdate)
- $iscached = true;
-
- if ($etag)
- $iscached = ($_SERVER['HTTP_IF_NONE_MATCH'] == $etag);
- }
-
- if ($iscached)
- header("HTTP/1.x 304 Not Modified");
- else
- header("Last-Modified: ".gmdate("D, d M Y H:i:s", $mdate)." GMT");
-
- header("Cache-Control: private, must-revalidate, max-age=0");
- header("Expires: ");
- header("Pragma: ");
-
- if ($etag)
- header("Etag: $etag");
-
- if ($iscached)
- {
- ob_end_clean();
- exit;
- }
-}
-
-
-/**
* Similar function as in_array() but case-insensitive
*
- * @param mixed Needle value
- * @param array Array to search in
+ * @param string $needle Needle value
+ * @param array $heystack Array to search in
+ *
* @return boolean True if found, False if not
*/
function in_array_nocase($needle, $haystack)
{
- $needle = mb_strtolower($needle);
- foreach ($haystack as $value)
- if ($needle===mb_strtolower($value))
- return true;
-
- return false;
+ $needle = mb_strtolower($needle);
+ foreach ((array)$haystack as $value) {
+ if ($needle === mb_strtolower($value)) {
+ return true;
+ }
+ }
+
+ return false;
}
/**
- * Find out if the string content means TRUE or FALSE
+ * Find out if the string content means true or false
*
- * @param string Input value
- * @return boolean Imagine what!
+ * @param string $str Input value
+ *
+ * @return boolean Boolean value
*/
function get_boolean($str)
{
- $str = strtolower($str);
- if (in_array($str, array('false', '0', 'no', 'nein', ''), TRUE))
- return FALSE;
- else
- return TRUE;
+ $str = strtolower($str);
+
+ return !in_array($str, array('false', '0', 'no', 'off', 'nein', ''), true);
}
/**
- * Parse a human readable string for a number of bytes
+ * Parse a human readable string for a number of bytes.
*
- * @param string Input string
+ * @param string $str Input string
+ *
* @return float Number of bytes
*/
function parse_bytes($str)
{
- if (is_numeric($str))
- return floatval($str);
-
- if (preg_match('/([0-9]+)([a-z])/i', $str, $regs))
- {
- $bytes = floatval($regs[1]);
- switch (strtolower($regs[2]))
- {
- case 'g':
- $bytes *= 1073741824;
- break;
- case 'm':
- $bytes *= 1048576;
- break;
- case 'k':
- $bytes *= 1024;
- break;
+ if (is_numeric($str)) {
+ return floatval($str);
}
- }
- return floatval($bytes);
-}
-
-/**
- * Create a human readable string for a number of bytes
- *
- * @param int Number of bytes
- * @return string Byte string
- */
-function show_bytes($bytes)
-{
- if ($bytes > 1073741824)
- {
- $gb = $bytes/1073741824;
- $str = sprintf($gb>=10 ? "%d " : "%.1f ", $gb) . rcube_label('GB');
- }
- else if ($bytes > 1048576)
- {
- $mb = $bytes/1048576;
- $str = sprintf($mb>=10 ? "%d " : "%.1f ", $mb) . rcube_label('MB');
- }
- else if ($bytes > 1024)
- $str = sprintf("%d ", round($bytes/1024)) . rcube_label('KB');
- else
- $str = sprintf('%d ', $bytes) . rcube_label('B');
-
- return $str;
-}
-
-
-/**
- * Convert paths like ../xxx to an absolute path using a base url
- *
- * @param string Relative path
- * @param string Base URL
- * @return string Absolute URL
- */
-function make_absolute_url($path, $base_url)
-{
- $host_url = $base_url;
- $abs_path = $path;
-
- // check if path is an absolute URL
- if (preg_match('/^[fhtps]+:\/\//', $path))
- return $path;
-
- // cut base_url to the last directory
- if (strrpos($base_url, '/')>7)
- {
- $host_url = substr($base_url, 0, strpos($base_url, '/'));
- $base_url = substr($base_url, 0, strrpos($base_url, '/'));
- }
-
- // $path is absolute
- if ($path{0}=='/')
- $abs_path = $host_url.$path;
- else
- {
- // strip './' because its the same as ''
- $path = preg_replace('/^\.\//', '', $path);
-
- if (preg_match_all('/\.\.\//', $path, $matches, PREG_SET_ORDER))
- foreach ($matches as $a_match)
- {
- if (strrpos($base_url, '/'))
- $base_url = substr($base_url, 0, strrpos($base_url, '/'));
-
- $path = substr($path, 3);
- }
-
- $abs_path = $base_url.'/'.$path;
- }
-
- return $abs_path;
-}
-
-/**
- * Wrapper function for wordwrap
- */
-function rc_wordwrap($string, $width=75, $break="\n", $cut=false)
-{
- $para = explode($break, $string);
- $string = '';
- while (count($para)) {
- $list = explode(' ', array_shift($para));
- $len = 0;
- while (count($list)) {
- $line = array_shift($list);
- $l = mb_strlen($line);
- $newlen = $len + $l + ($len ? 1 : 0);
-
- if ($newlen <= $width) {
- $string .= ($len ? ' ' : '').$line;
- $len += (1 + $l);
- } else {
- if ($l > $width) {
- if ($cut) {
- $start = 0;
- while ($l) {
- $str = mb_substr($line, $start, $width);
- $strlen = mb_strlen($str);
- $string .= ($len ? $break : '').$str;
- $start += $strlen;
- $l -= $strlen;
- $len = $strlen;
- }
- } else {
- $string .= ($len ? $break : '').$line;
- if (count($list)) $string .= $break;
- $len = 0;
- }
- } else {
- $string .= $break.$line;
- $len = $l;
+ if (preg_match('/([0-9\.]+)\s*([a-z]*)/i', $str, $regs)) {
+ $bytes = floatval($regs[1]);
+ switch (strtolower($regs[2])) {
+ case 'g':
+ case 'gb':
+ $bytes *= 1073741824;
+ break;
+ case 'm':
+ case 'mb':
+ $bytes *= 1048576;
+ break;
+ case 'k':
+ case 'kb':
+ $bytes *= 1024;
+ break;
}
- }
}
- if (count($para)) $string .= $break;
- }
- return $string;
+
+ return floatval($bytes);
}
-
-/**
- * Read a specific HTTP request header
- *
- * @access static
- * @param string $name Header name
- * @return mixed Header value or null if not available
- */
-function rc_request_header($name)
-{
- if (function_exists('getallheaders'))
- {
- $hdrs = array_change_key_case(getallheaders(), CASE_UPPER);
- $key = strtoupper($name);
- }
- else
- {
- $key = 'HTTP_' . strtoupper(strtr($name, '-', '_'));
- $hdrs = array_change_key_case($_SERVER, CASE_UPPER);
- }
-
- return $hdrs[$key];
- }
/**
@@ -332,287 +114,205 @@
{
return preg_replace('/\/$/', '', $str);
}
-
+
/**
* Delete all files within a folder
*
* @param string Path to directory
+ *
* @return boolean True on success, False if directory was not found
*/
function clear_directory($dir_path)
{
- $dir = @opendir($dir_path);
- if(!$dir) return FALSE;
+ $dir = @opendir($dir_path);
+ if (!$dir) {
+ return false;
+ }
- while ($file = readdir($dir))
- if (strlen($file)>2)
- unlink("$dir_path/$file");
+ while ($file = readdir($dir)) {
+ if (strlen($file) > 2) {
+ unlink("$dir_path/$file");
+ }
+ }
- closedir($dir);
- return TRUE;
+ closedir($dir);
+
+ return true;
}
/**
- * Create a unix timestamp with a specified offset from now
+ * Returns number of seconds for a specified offset string.
*
- * @param string String representation of the offset (e.g. 20min, 5h, 2days)
- * @param int Factor to multiply with the offset
+ * @param string $str String representation of the offset (e.g. 20min, 5h, 2days, 1week)
+ *
+ * @return int Number of seconds
+ */
+function get_offset_sec($str)
+{
+ if (preg_match('/^([0-9]+)\s*([smhdw])/i', $str, $regs)) {
+ $amount = (int) $regs[1];
+ $unit = strtolower($regs[2]);
+ }
+ else {
+ $amount = (int) $str;
+ $unit = 's';
+ }
+
+ switch ($unit) {
+ case 'w':
+ $amount *= 7;
+ case 'd':
+ $amount *= 24;
+ case 'h':
+ $amount *= 60;
+ case 'm':
+ $amount *= 60;
+ }
+
+ return $amount;
+}
+
+
+/**
+ * Create a unix timestamp with a specified offset from now.
+ *
+ * @param string $offset_str String representation of the offset (e.g. 20min, 5h, 2days)
+ * @param int $factor Factor to multiply with the offset
+ *
* @return int Unix timestamp
*/
function get_offset_time($offset_str, $factor=1)
- {
- if (preg_match('/^([0-9]+)\s*([smhdw])/i', $offset_str, $regs))
- {
- $amount = (int)$regs[1];
- $unit = strtolower($regs[2]);
- }
- else
- {
- $amount = (int)$offset_str;
- $unit = 's';
- }
-
- $ts = mktime();
- switch ($unit)
- {
- case 'w':
- $amount *= 7;
- case 'd':
- $amount *= 24;
- case 'h':
- $amount *= 60;
- case 'm':
- $amount *= 60;
- case 's':
- $ts += $amount * $factor;
- }
-
- return $ts;
+{
+ return time() + get_offset_sec($offset_str) * $factor;
}
/**
- * Replace the middle part of a string with ...
- * if it is longer than the allowed length
+ * Truncate string if it is longer than the allowed length.
+ * Replace the middle or the ending part of a string with a placeholder.
*
- * @param string Input string
- * @param int Max. length
- * @param string Replace removed chars with this
+ * @param string $str Input string
+ * @param int $maxlength Max. length
+ * @param string $placeholder Replace removed chars with this
+ * @param bool $ending Set to True if string should be truncated from the end
+ *
* @return string Abbreviated string
*/
-function abbreviate_string($str, $maxlength, $place_holder='...')
+function abbreviate_string($str, $maxlength, $placeholder='...', $ending=false)
{
- $length = mb_strlen($str);
- $first_part_length = floor($maxlength/2) - mb_strlen($place_holder);
-
- if ($length > $maxlength)
- {
- $second_starting_location = $length - $maxlength + $first_part_length + 1;
- $str = mb_substr($str, 0, $first_part_length) . $place_holder . mb_substr($str, $second_starting_location, $length);
- }
+ $length = mb_strlen($str);
- return $str;
+ if ($length > $maxlength) {
+ if ($ending) {
+ return mb_substr($str, 0, $maxlength) . $placeholder;
+ }
+
+ $placeholder_length = mb_strlen($placeholder);
+ $first_part_length = floor(($maxlength - $placeholder_length)/2);
+ $second_starting_location = $length - $maxlength + $first_part_length + $placeholder_length;
+
+ $str = mb_substr($str, 0, $first_part_length) . $placeholder . mb_substr($str, $second_starting_location);
+ }
+
+ return $str;
}
-/**
- * A method to guess the mime_type of an attachment.
- *
- * @param string $path Path to the file.
- * @param string $name File name (with suffix)
- * @param string $failover Mime type supplied for failover.
- *
- * @return string
- * @author Till Klampaeckel <till@php.net>
- * @see http://de2.php.net/manual/en/ref.fileinfo.php
- * @see http://de2.php.net/mime_content_type
- */
-function rc_mime_content_type($path, $name, $failover = 'application/octet-stream')
-{
- $mime_type = null;
- $mime_magic = rcmail::get_instance()->config->get('mime_magic');
- $mime_ext = @include(RCMAIL_CONFIG_DIR . '/mimetypes.php');
- $suffix = $name ? substr($name, strrpos($name, '.')+1) : '*';
- // use file name suffix with hard-coded mime-type map
- if (is_array($mime_ext)) {
- $mime_type = $mime_ext[$suffix];
- }
- // try fileinfo extension if available
- if (!$mime_type) {
- if (!extension_loaded('fileinfo')) {
- @dl('fileinfo.' . PHP_SHLIB_SUFFIX);
- }
- if (function_exists('finfo_open')) {
- if ($finfo = finfo_open(FILEINFO_MIME, $mime_magic)) {
- $mime_type = finfo_file($finfo, $path);
- finfo_close($finfo);
+/**
+ * Get all keys from array (recursive).
+ *
+ * @param array $array Input array
+ *
+ * @return array List of array keys
+ */
+function array_keys_recursive($array)
+{
+ $keys = array();
+
+ if (!empty($array)) {
+ foreach ($array as $key => $child) {
+ $keys[] = $key;
+ foreach (array_keys_recursive($child) as $val) {
+ $keys[] = $val;
}
}
}
- // try PHP's mime_content_type
- if (!$mime_type && function_exists('mime_content_type')) {
- $mime_type = mime_content_type($path);
- }
- // fall back to user-submitted string
- if (!$mime_type) {
- $mime_type = $failover;
- }
- return $mime_type;
-}
-
-/**
- * A method to guess encoding of a string.
- *
- * @param string $string String.
- * @param string $failover Default result for failover.
- *
- * @return string
- */
-function rc_detect_encoding($string, $failover='')
-{
- if (!function_exists('mb_detect_encoding')) {
- return $failover;
- }
-
- // FIXME: the order is important, because sometimes
- // iso string is detected as euc-jp and etc.
- $enc = array(
- 'UTF-8', 'SJIS', 'BIG5', 'GB2312',
- 'ISO-8859-1', 'ISO-8859-2', 'ISO-8859-3', 'ISO-8859-4',
- 'ISO-8859-5', 'ISO-8859-6', 'ISO-8859-7', 'ISO-8859-8', 'ISO-8859-9',
- 'ISO-8859-10', 'ISO-8859-13', 'ISO-8859-14', 'ISO-8859-15', 'ISO-8859-16',
- 'WINDOWS-1252', 'WINDOWS-1251', 'EUC-JP', 'EUC-TW', 'KOI8-R',
- 'ISO-2022-KR', 'ISO-2022-JP'
- );
-
- $result = mb_detect_encoding($string, join(',', $enc));
-
- return $result ? $result : $failover;
-}
-
-/**
- * Removes non-unicode characters from input
- *
- * @param mixed $input String or array.
- * @return string
- */
-function rc_utf8_clean($input)
-{
- // handle input of type array
- if (is_array($input)) {
- foreach ($input as $idx => $val)
- $input[$idx] = rc_utf8_clean($val);
- return $input;
- }
-
- if (!is_string($input) || $input == '')
- return $input;
-
- // iconv/mbstring are much faster (especially with long strings)
- if (function_exists('mb_convert_encoding') && ($res = mb_convert_encoding($input, 'UTF8', 'UTF8')))
- return $res;
-
- if (function_exists('iconv') && ($res = iconv('UTF8', 'UTF8//IGNORE', $input)))
- return $res;
-
- $regexp = '/^('.
-// '[\x00-\x7F]'. // UTF8-1
- '|[\xC2-\xDF][\x80-\xBF]'. // UTF8-2
- '|\xE0[\xA0-\xBF][\x80-\xBF]'. // UTF8-3
- '|[\xE1-\xEC][\x80-\xBF][\x80-\xBF]'. // UTF8-3
- '|\xED[\x80-\x9F][\x80-\xBF]'. // UTF8-3
- '|[\xEE-\xEF][\x80-\xBF][\x80-\xBF]'. // UTF8-3
- '|\xF0[\x90-\xBF][\x80-\xBF][\x80-\xBF]'. // UTF8-4
- '|[\xF1-\xF3][\x80-\xBF][\x80-\xBF][\x80-\xBF]'.// UTF8-4
- '|\xF4[\x80-\x8F][\x80-\xBF][\x80-\xBF]'. // UTF8-4
- ')$/';
-
- $seq = '';
- $out = '';
-
- for ($i = 0, $len = strlen($input)-1; $i < $len; $i++) {
- $chr = $input[$i];
- $ord = ord($chr);
- // 1-byte character
- if ($ord <= 0x7F) {
- if ($seq)
- $out .= preg_match($regexp, $seq) ? $seq : '';
- $seq = '';
- $out .= $chr;
- // first (or second) byte of multibyte sequence
- } else if ($ord >= 0xC0) {
- if (strlen($seq)>1) {
- $out .= preg_match($regexp, $seq) ? $seq : '';
- $seq = '';
- } else if ($seq && ord($seq) < 0xC0) {
- $seq = '';
- }
- $seq .= $chr;
- // next byte of multibyte sequence
- } else if ($seq) {
- $seq .= $chr;
- }
- }
-
- if ($seq)
- $out .= preg_match($regexp, $seq) ? $seq : '';
-
- return $out;
+ return $keys;
}
/**
- * Convert a variable into a javascript object notation
- *
- * @param mixed Input value
- * @return string Serialized JSON string
+ * Remove all non-ascii and non-word chars except ., -, _
*/
-function json_serialize($input)
+function asciiwords($str, $css_id = false, $replace_with = '')
{
- $input = rc_utf8_clean($input);
-
- return json_encode($input);
+ $allowed = 'a-z0-9\_\-' . (!$css_id ? '\.' : '');
+ return preg_replace("/[^$allowed]/i", $replace_with, $str);
}
/**
- * Explode quoted string
- *
- * @param string Delimiter expression string for preg_match()
- * @param string Input string
+ * Remove single and double quotes from given string
+ *
+ * @param string Input value
+ *
+ * @return string Dequoted string
*/
-function rcube_explode_quoted_string($delimiter, $string)
+function strip_quotes($str)
{
- $result = array();
- $strlen = strlen($string);
+ return str_replace(array("'", '"'), '', $str);
+}
- for ($q=$p=$i=0; $i < $strlen; $i++) {
- if ($string[$i] == "\"" && $string[$i-1] != "\\") {
- $q = $q ? false : true;
- }
- else if (!$q && preg_match("/$delimiter/", $string[$i])) {
- $result[] = substr($string, $p, $i - $p);
- $p = $i + 1;
+
+/**
+ * Remove new lines characters from given string
+ *
+ * @param string $str Input value
+ *
+ * @return string Stripped string
+ */
+function strip_newlines($str)
+{
+ return preg_replace('/[\r\n]/', '', $str);
+}
+
+
+/**
+ * Compose a valid representation of name and e-mail address
+ *
+ * @param string $email E-mail address
+ * @param string $name Person name
+ *
+ * @return string Formatted string
+ */
+function format_email_recipient($email, $name = '')
+{
+ $email = trim($email);
+
+ if ($name && $name != $email) {
+ // Special chars as defined by RFC 822 need to in quoted string (or escaped).
+ if (preg_match('/[\(\)\<\>\\\.\[\]@,;:"]/', $name)) {
+ $name = '"'.addcslashes($name, '"').'"';
+ }
+
+ return "$name <$email>";
}
- }
-
- $result[] = substr($string, $p);
- return $result;
+
+ return $email;
}
/**
* mbstring replacement functions
*/
-
if (!extension_loaded('mbstring'))
{
function mb_strlen($str)
{
- return strlen($str);
+ return strlen($str);
}
function mb_strtolower($str)
@@ -641,4 +341,98 @@
}
}
-?>
+/**
+ * intl replacement functions
+ */
+
+if (!function_exists('idn_to_utf8'))
+{
+ function idn_to_utf8($domain, $flags=null)
+ {
+ static $idn, $loaded;
+
+ if (!$loaded) {
+ $idn = new Net_IDNA2();
+ $loaded = true;
+ }
+
+ if ($idn && $domain && preg_match('/(^|\.)xn--/i', $domain)) {
+ try {
+ $domain = $idn->decode($domain);
+ }
+ catch (Exception $e) {
+ }
+ }
+ return $domain;
+ }
+}
+
+if (!function_exists('idn_to_ascii'))
+{
+ function idn_to_ascii($domain, $flags=null)
+ {
+ static $idn, $loaded;
+
+ if (!$loaded) {
+ $idn = new Net_IDNA2();
+ $loaded = true;
+ }
+
+ if ($idn && $domain && preg_match('/[^\x20-\x7E]/', $domain)) {
+ try {
+ $domain = $idn->encode($domain);
+ }
+ catch (Exception $e) {
+ }
+ }
+ return $domain;
+ }
+}
+
+/**
+ * Use PHP5 autoload for dynamic class loading
+ *
+ * @todo Make Zend, PEAR etc play with this
+ * @todo Make our classes conform to a more straight forward CS.
+ */
+function rcube_autoload($classname)
+{
+ $filename = preg_replace(
+ array(
+ '/MDB2_(.+)/',
+ '/Mail_(.+)/',
+ '/Net_(.+)/',
+ '/Auth_(.+)/',
+ '/^html_.+/',
+ '/^utf8$/',
+ ),
+ array(
+ 'Mail/\\1',
+ 'Mail/\\1',
+ 'Net/\\1',
+ 'Auth/\\1',
+ 'html',
+ 'utf8.class',
+ ),
+ $classname
+ );
+
+ if ($fp = @fopen("$filename.php", 'r', true)) {
+ fclose($fp);
+ include_once "$filename.php";
+ return true;
+ }
+
+ return false;
+}
+
+/**
+ * Local callback function for PEAR errors
+ */
+function rcube_pear_error($err)
+{
+ error_log(sprintf("%s (%s): %s",
+ $err->getMessage(),
+ $err->getCode(),
+ $err->getUserinfo()), 0);
+}
--
Gitblit v1.9.1