From ab0b51a1fef87bcc643c3aaf2e635c811b28ccd8 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Tue, 15 Feb 2011 06:10:59 -0500
Subject: [PATCH] - Use only one from IMAP authentication methods to prevent login delays (1487784)
---
program/include/main.inc | 117 +++++++++++++++++++++++++++++++++++++++++++++++-----------
1 files changed, 95 insertions(+), 22 deletions(-)
diff --git a/program/include/main.inc b/program/include/main.inc
index 8e8de03..568b334 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -5,7 +5,7 @@
| program/include/main.inc |
| |
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2005-2009, The Roundcube Dev Team |
+ | Copyright (C) 2005-2011, The Roundcube Dev Team |
| Licensed under the GNU GPL |
| |
| PURPOSE: |
@@ -84,12 +84,25 @@
* It's a global wrapper for rcmail::gettext()
*
* @param mixed Named parameters array or label name
+ * @param string Domain to search in (e.g. plugin name)
* @return string Localized text
* @see rcmail::gettext()
*/
function rcube_label($p, $domain=null)
{
return rcmail::get_instance()->gettext($p, $domain);
+}
+
+
+/**
+ * Global wrapper of rcmail::text_exists()
+ * to check whether a text label is defined
+ *
+ * @see rcmail::text_exists()
+ */
+function rcube_label_exists($name, $domain=null)
+{
+ return rcmail::get_instance()->text_exists($name, $domain);
}
@@ -728,6 +741,16 @@
}
/**
+ * Convert the given string into a valid HTML identifier
+ * Same functionality as done in app.js with this.identifier_expr
+ *
+ */
+function html_identifier($str)
+{
+ return asciiwords($str, true, '_');
+}
+
+/**
* Remove single and double quotes from given string
*
* @param string Input value
@@ -778,7 +801,7 @@
while ($table_data && ($sql_arr = $db->fetch_assoc($table_data)))
{
$zebra_class = $c % 2 ? 'even' : 'odd';
- $table->add_row(array('id' => 'rcmrow' . $sql_arr[$id_col], 'class' => $zebra_class));
+ $table->add_row(array('id' => 'rcmrow' . html_identifier($sql_arr[$id_col]), 'class' => $zebra_class));
// format each col
foreach ($a_show_cols as $col)
@@ -795,7 +818,7 @@
if (!empty($row_data['class']))
$zebra_class .= ' '.$row_data['class'];
- $table->add_row(array('id' => 'rcmrow' . $row_data[$id_col], 'class' => $zebra_class));
+ $table->add_row(array('id' => 'rcmrow' . html_identifier($row_data[$id_col]), 'class' => $zebra_class));
// format each col
foreach ($a_show_cols as $col)
@@ -872,8 +895,8 @@
$replacements = new rcube_string_replacer;
// ignore the whole block if evil styles are detected
- $stripped = preg_replace('/[^a-z\(:]/', '', rcmail_xss_entity_decode($source));
- if (preg_match('/expression|behavior|url\(|import/', $stripped))
+ $stripped = preg_replace('/[^a-z\(:;]/', '', rcmail_xss_entity_decode($source));
+ if (preg_match('/expression|behavior|url\(|import[^a]/', $stripped))
return '/* evil! */';
// remove css comments (sometimes used for some ugly hacks)
@@ -1017,7 +1040,7 @@
* @return string Formatted date string
*/
function format_date($date, $format=NULL)
- {
+{
global $CONFIG;
$ts = NULL;
@@ -1027,7 +1050,7 @@
if (empty($ts))
return '';
-
+
// get user's timezone
if ($CONFIG['timezone'] === 'auto')
$tz = isset($_SESSION['timezone']) ? $_SESSION['timezone'] : date('Z')/3600;
@@ -1039,7 +1062,7 @@
// convert time to user's timezone
$timestamp = $ts - date('Z', $ts) + ($tz * 3600);
-
+
// get current timestamp in user's timezone
$now = time(); // local time
$now -= (int)date('Z'); // make GMT time
@@ -1047,30 +1070,33 @@
$now_date = getdate($now);
$today_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday'], $now_date['year']);
- $week_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday']-6, $now_date['year']);
+ $week_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday']-6, $now_date['year']);
// define date format depending on current time
if (!$format) {
- if ($CONFIG['prettydate'] && $timestamp > $today_limit && $timestamp < $now)
- return sprintf('%s %s', rcube_label('today'), date($CONFIG['date_today'] ? $CONFIG['date_today'] : 'H:i', $timestamp));
+ if ($CONFIG['prettydate'] && $timestamp > $today_limit && $timestamp < $now) {
+ $format = $CONFIG['date_today'] ? $CONFIG['date_today'] : 'H:i';
+ $today = true;
+ }
else if ($CONFIG['prettydate'] && $timestamp > $week_limit && $timestamp < $now)
$format = $CONFIG['date_short'] ? $CONFIG['date_short'] : 'D H:i';
else
$format = $CONFIG['date_long'] ? $CONFIG['date_long'] : 'd.m.Y H:i';
- }
+ }
// strftime() format
- if (preg_match('/%[a-z]+/i', $format))
- return strftime($format, $timestamp);
+ if (preg_match('/%[a-z]+/i', $format)) {
+ $format = strftime($format, $timestamp);
+ return $today ? (rcube_label('today') . ' ' . $format) : $format;
+ }
// parse format string manually in order to provide localized weekday and month names
// an alternative would be to convert the date() format string to fit with strftime()
$out = '';
- for($i=0; $i<strlen($format); $i++)
- {
+ for($i=0; $i<strlen($format); $i++) {
if ($format{$i}=='\\') // skip escape chars
continue;
-
+
// write char "as-is"
if ($format{$i}==' ' || $format{$i-1}=='\\')
$out .= $format{$i};
@@ -1090,10 +1116,10 @@
$out .= strftime('%x %X', $timestamp);
else
$out .= date($format{$i}, $timestamp);
- }
-
- return $out;
}
+
+ return $today ? (rcube_label('today') . ' ' . $out) : $out;
+}
/**
@@ -1248,6 +1274,19 @@
$address .= '(' . implode(',', $remote_ip) . ')';
return $address;
+}
+
+
+/**
+ * Check whether the HTTP referer matches the current request
+ *
+ * @return boolean True if referer is the same host+path, false if not
+ */
+function rcube_check_referer()
+{
+ $uri = parse_url($_SERVER['REQUEST_URI']);
+ $referer = parse_url(rc_request_header('Referer'));
+ return $referer['host'] == rc_request_header('Host') && $referer['path'] == $uri['path'];
}
@@ -1461,7 +1500,7 @@
}
// make folder name safe for ids and class names
- $folder_id = asciiwords($folder['id'], true, '_');
+ $folder_id = html_identifier($folder['id']);
$classes = array('mailbox');
// set special class for Sent, Drafts, Trash and Junk
@@ -1492,10 +1531,11 @@
$classes[] = 'unread';
$js_name = JQ($folder['id']);
- $html_name = Q($foldername . ($unread ? " ($unread)" : ''));
+ $html_name = Q($foldername) . ($unread ? html::span('unreadcount', " ($unread)") : '');
$link_attrib = $folder['virtual'] ? array() : array(
'href' => rcmail_url('', array('_mbox' => $folder['id'])),
'onclick' => sprintf("return %s.command('list','%s',this)", JS_OBJECT_NAME, $js_name),
+ 'rel' => $folder['id'],
'title' => $title,
);
@@ -1891,6 +1931,39 @@
return false;
}
+/*
+ * Idn_to_ascii wrapper.
+ * Intl/Idn modules version of this function doesn't work with e-mail address
+ */
+function rcube_idn_to_ascii($str)
+{
+ return rcube_idn_convert($str, true);
+}
+
+/*
+ * Idn_to_ascii wrapper.
+ * Intl/Idn modules version of this function doesn't work with e-mail address
+ */
+function rcube_idn_to_utf8($str)
+{
+ return rcube_idn_convert($str, false);
+}
+
+function rcube_idn_convert($input, $is_utf=false)
+{
+ if ($at = strpos($input, '@')) {
+ $user = substr($input, 0, $at);
+ $domain = substr($input, $at+1);
+ }
+ else {
+ $domain = $input;
+ }
+
+ $domain = $is_utf ? idn_to_ascii($domain) : idn_to_utf8($domain);
+
+ return $at ? $user . '@' . $domain : $domain;
+}
+
/**
* Helper class to turn relative urls into absolute ones
--
Gitblit v1.9.1