From 40353f1a6c7e80ae373a2dcec7ae16db217162a5 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Wed, 03 Mar 2010 07:41:55 -0500
Subject: [PATCH] - Fix regression in template expressions, don't allow '-' character in env/request/cookie name

---
 program/include/rcube_template.php |   25 ++++++++++++++++++-------
 1 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/program/include/rcube_template.php b/program/include/rcube_template.php
index 19f2d43..f8f4963 100755
--- a/program/include/rcube_template.php
+++ b/program/include/rcube_template.php
@@ -73,7 +73,7 @@
         $this->add_script($javascript, 'head_top');
         $this->add_script($javascript_foot, 'foot');
         $this->scripts_path = 'program/js/';
-        $this->include_script('jquery-1.3.min.js');
+        $this->include_script('jquery-1.4.min.js');
         $this->include_script('common.js');
         $this->include_script('app.js');
 
@@ -290,7 +290,9 @@
         if ($templ != 'iframe') {
             // prevent from endless loops
             if ($exit != 'recur' && $this->app->plugins->is_processing('render_page')) {
-                raise_error(array('code' => 505, 'type' => 'php', 'message' => 'Recursion alert: ignoring output->send()'), true, false);
+                raise_error(array('code' => 505, 'type' => 'php',
+                  'file' => __FILE__, 'line' => __LINE__,
+                  'message' => 'Recursion alert: ignoring output->send()'), true, false);
                 return;
             }
             $this->parse($templ, false);
@@ -414,12 +416,12 @@
     {
         $out = '';
         if (!$this->framed && !empty($this->js_env)) {
-            $out .= JS_OBJECT_NAME . '.set_env('.json_encode($this->js_env).");\n";
+            $out .= JS_OBJECT_NAME . '.set_env('.json_serialize($this->js_env).");\n";
         }
         foreach ($this->js_commands as $i => $args) {
             $method = array_shift($args);
             foreach ($args as $i => $arg) {
-                $args[$i] = json_encode($arg);
+                $args[$i] = json_serialize($arg);
             }
             $parent = $this->framed || preg_match('/^parent\./', $method);
             $out .= sprintf(
@@ -455,7 +457,16 @@
     {
         $GLOBALS['__version'] = Q(RCMAIL_VERSION);
         $GLOBALS['__comm_path'] = Q($this->app->comm_path);
-        return preg_replace('/\$(__[a-z0-9_\-]+)/e', '$GLOBALS["\\1"]', $input);
+        return preg_replace_callback('/\$(__[a-z0-9_\-]+)/',
+	    array($this, 'globals_callback'), $input);
+    }
+
+    /**
+     * Callback funtion for preg_replace_callback() in parse_with_globals()
+     */
+    private function globals_callback($matches)
+    {
+        return $GLOBALS[$matches[1]];
     }
 
     /**
@@ -544,7 +555,7 @@
      * Parses expression and replaces variables
      *
      * @param  string Expression statement
-     * @return string Expression statement
+     * @return string Expression value
      */
     private function parse_expression($expression)
     {
@@ -975,7 +986,7 @@
             return $username;
         }
 
-        // get e-mail address form default identity
+        // get e-mail address from default identity
         if ($sql_arr = $this->app->user->get_identity()) {
             $username = $sql_arr['email'];
         }

--
Gitblit v1.9.1