From 40353f1a6c7e80ae373a2dcec7ae16db217162a5 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Wed, 03 Mar 2010 07:41:55 -0500
Subject: [PATCH] - Fix regression in template expressions, don't allow '-' character in env/request/cookie name
---
program/include/rcube_template.php | 67 ++++++++++++---------------------
1 files changed, 25 insertions(+), 42 deletions(-)
diff --git a/program/include/rcube_template.php b/program/include/rcube_template.php
index af5164f..f8f4963 100755
--- a/program/include/rcube_template.php
+++ b/program/include/rcube_template.php
@@ -73,7 +73,7 @@
$this->add_script($javascript, 'head_top');
$this->add_script($javascript_foot, 'foot');
$this->scripts_path = 'program/js/';
- $this->include_script('jquery-1.3.min.js');
+ $this->include_script('jquery-1.4.min.js');
$this->include_script('common.js');
$this->include_script('app.js');
@@ -289,8 +289,10 @@
{
if ($templ != 'iframe') {
// prevent from endless loops
- if ($this->app->plugins->is_processing('render_page')) {
- raise_error(array('code' => 505, 'type' => 'php', 'message' => 'Recursion alert: ignoring output->send()'), true, false);
+ if ($exit != 'recur' && $this->app->plugins->is_processing('render_page')) {
+ raise_error(array('code' => 505, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => 'Recursion alert: ignoring output->send()'), true, false);
return;
}
$this->parse($templ, false);
@@ -329,6 +331,7 @@
// make sure all <form> tags have a valid request token
$template = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $template);
+ $this->footer = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $this->footer);
// call super method
parent::write($template, $this->config['skin_path']);
@@ -454,7 +457,16 @@
{
$GLOBALS['__version'] = Q(RCMAIL_VERSION);
$GLOBALS['__comm_path'] = Q($this->app->comm_path);
- return preg_replace('/\$(__[a-z0-9_\-]+)/e', '$GLOBALS["\\1"]', $input);
+ return preg_replace_callback('/\$(__[a-z0-9_\-]+)/',
+ array($this, 'globals_callback'), $input);
+ }
+
+ /**
+ * Callback funtion for preg_replace_callback() in parse_with_globals()
+ */
+ private function globals_callback($matches)
+ {
+ return $GLOBALS[$matches[1]];
}
/**
@@ -543,7 +555,7 @@
* Parses expression and replaces variables
*
* @param string Expression statement
- * @return string Expression statement
+ * @return string Expression value
*/
private function parse_expression($expression)
{
@@ -839,9 +851,9 @@
else if (in_array($attrib['command'], $a_static_commands)) {
$attrib['href'] = rcmail_url($attrib['command']);
}
- else if ($attrib['command'] == 'permaurl' && !empty($this->env['permaurl'])) {
- $attrib['href'] = $this->env['permaurl'];
- }
+ else if ($attrib['command'] == 'permaurl' && !empty($this->env['permaurl'])) {
+ $attrib['href'] = $this->env['permaurl'];
+ }
}
// overwrite attributes
@@ -854,35 +866,6 @@
JS_OBJECT_NAME,
$command,
$attrib['prop']
- );
- }
- if ($command && $attrib['imageover']) {
- $attrib['onmouseover'] = sprintf(
- "return %s.button_over('%s','%s')",
- JS_OBJECT_NAME,
- $command,
- $attrib['id']
- );
- $attrib['onmouseout'] = sprintf(
- "return %s.button_out('%s','%s')",
- JS_OBJECT_NAME,
- $command,
- $attrib['id']
- );
- }
-
- if ($command && $attrib['imagesel']) {
- $attrib['onmousedown'] = sprintf(
- "return %s.button_sel('%s','%s')",
- JS_OBJECT_NAME,
- $command,
- $attrib['id']
- );
- $attrib['onmouseup'] = sprintf(
- "return %s.button_out('%s','%s')",
- JS_OBJECT_NAME,
- $command,
- $attrib['id']
);
}
@@ -904,7 +887,7 @@
$link_attrib = array('href', 'onclick', 'onmouseover', 'onmouseout', 'onmousedown', 'onmouseup', 'target');
}
else if ($attrib['type']=='link') {
- $btn_content = $attrib['label'] ? $attrib['label'] : $attrib['command'];
+ $btn_content = isset($attrib['content']) ? $attrib['content'] : ($attrib['label'] ? $attrib['label'] : $attrib['command']);
$link_attrib = array('href', 'onclick', 'title', 'id', 'class', 'style', 'tabindex', 'target');
}
else if ($attrib['type']=='input') {
@@ -1003,7 +986,7 @@
return $username;
}
- // get e-mail address form default identity
+ // get e-mail address from default identity
if ($sql_arr = $this->app->user->get_identity()) {
$username = $sql_arr['email'];
}
@@ -1033,8 +1016,8 @@
if (empty($url) && !preg_match('/_(task|action)=logout/', $_SERVER['QUERY_STRING']))
$url = $_SERVER['QUERY_STRING'];
- $input_user = new html_inputfield(array('name' => '_user', 'id' => 'rcmloginuser', 'size' => 30) + $attrib);
- $input_pass = new html_passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd', 'size' => 30) + $attrib);
+ $input_user = new html_inputfield(array('name' => '_user', 'id' => 'rcmloginuser') + $attrib);
+ $input_pass = new html_passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd') + $attrib);
$input_action = new html_hiddenfield(array('name' => '_action', 'value' => 'login'));
$input_tzone = new html_hiddenfield(array('name' => '_timezone', 'id' => 'rcmlogintz', 'value' => '_default_'));
$input_url = new html_hiddenfield(array('name' => '_url', 'id' => 'rcmloginurl', 'value' => $url));
@@ -1054,7 +1037,7 @@
}
}
else if (empty($default_host)) {
- $input_host = new html_inputfield(array('name' => '_host', 'id' => 'rcmloginhost', 'size' => 30));
+ $input_host = new html_inputfield(array('name' => '_host', 'id' => 'rcmloginhost') + $attrib);
}
$form_name = !empty($attrib['form']) ? $attrib['form'] : 'form';
--
Gitblit v1.9.1