From ab0b51a1fef87bcc643c3aaf2e635c811b28ccd8 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Tue, 15 Feb 2011 06:10:59 -0500
Subject: [PATCH] - Use only one from IMAP authentication methods to prevent login delays (1487784)
---
program/include/main.inc | 209 ++++++++++++++++++++++++++++++++++++++-------------
1 files changed, 155 insertions(+), 54 deletions(-)
diff --git a/program/include/main.inc b/program/include/main.inc
index 1ddb5f9..568b334 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -5,7 +5,7 @@
| program/include/main.inc |
| |
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2005-2009, The Roundcube Dev Team |
+ | Copyright (C) 2005-2011, The Roundcube Dev Team |
| Licensed under the GNU GPL |
| |
| PURPOSE: |
@@ -84,12 +84,25 @@
* It's a global wrapper for rcmail::gettext()
*
* @param mixed Named parameters array or label name
+ * @param string Domain to search in (e.g. plugin name)
* @return string Localized text
* @see rcmail::gettext()
*/
function rcube_label($p, $domain=null)
{
return rcmail::get_instance()->gettext($p, $domain);
+}
+
+
+/**
+ * Global wrapper of rcmail::text_exists()
+ * to check whether a text label is defined
+ *
+ * @see rcmail::text_exists()
+ */
+function rcube_label_exists($name, $domain=null)
+{
+ return rcmail::get_instance()->text_exists($name, $domain);
}
@@ -728,6 +741,16 @@
}
/**
+ * Convert the given string into a valid HTML identifier
+ * Same functionality as done in app.js with this.identifier_expr
+ *
+ */
+function html_identifier($str)
+{
+ return asciiwords($str, true, '_');
+}
+
+/**
* Remove single and double quotes from given string
*
* @param string Input value
@@ -778,7 +801,7 @@
while ($table_data && ($sql_arr = $db->fetch_assoc($table_data)))
{
$zebra_class = $c % 2 ? 'even' : 'odd';
- $table->add_row(array('id' => 'rcmrow' . $sql_arr[$id_col], 'class' => $zebra_class));
+ $table->add_row(array('id' => 'rcmrow' . html_identifier($sql_arr[$id_col]), 'class' => $zebra_class));
// format each col
foreach ($a_show_cols as $col)
@@ -795,11 +818,11 @@
if (!empty($row_data['class']))
$zebra_class .= ' '.$row_data['class'];
- $table->add_row(array('id' => 'rcmrow' . $row_data[$id_col], 'class' => $zebra_class));
+ $table->add_row(array('id' => 'rcmrow' . html_identifier($row_data[$id_col]), 'class' => $zebra_class));
// format each col
foreach ($a_show_cols as $col)
- $table->add($col, Q($row_data[$col]));
+ $table->add($col, Q(is_array($row_data[$col]) ? $row_data[$col][0] : $row_data[$col]));
$c++;
}
@@ -819,32 +842,43 @@
* @return string HTML field definition
*/
function rcmail_get_edit_field($col, $value, $attrib, $type='text')
- {
- $fname = '_'.$col;
- $attrib['name'] = $fname;
+{
+ static $colcounts = array();
- if ($type=='checkbox')
- {
+ $fname = '_'.$col;
+ $attrib['name'] = $fname . ($attrib['array'] ? '[]' : '');
+ $attrib['class'] = trim($attrib['class'] . ' ff_' . $col);
+
+ if ($type == 'checkbox') {
$attrib['value'] = '1';
$input = new html_checkbox($attrib);
- }
- else if ($type=='textarea')
- {
+ }
+ else if ($type == 'textarea') {
$attrib['cols'] = $attrib['size'];
$input = new html_textarea($attrib);
- }
- else
+ }
+ else if ($type == 'select') {
+ $input = new html_select($attrib);
+ $input->add('---', '');
+ $input->add(array_values($attrib['options']), array_keys($attrib['options']));
+ }
+ else {
+ if ($attrib['type'] != 'text' && $attrib['type'] != 'hidden')
+ $attrib['type'] = 'text';
$input = new html_inputfield($attrib);
+ }
// use value from post
- if (!empty($_POST[$fname]))
- $value = get_input_value($fname, RCUBE_INPUT_POST,
- $type == 'textarea' && strpos($attrib['class'], 'mce_editor')!==false ? true : false);
+ if (isset($_POST[$fname])) {
+ $postvalue = get_input_value($fname, RCUBE_INPUT_POST,
+ $type == 'textarea' && strpos($attrib['class'], 'mce_editor')!==false ? true : false);
+ $value = $attrib['array'] ? $postvalue[intval($colcounts[$col]++)] : $postvalue;
+ }
$out = $input->show($value);
-
+
return $out;
- }
+}
/**
@@ -861,8 +895,8 @@
$replacements = new rcube_string_replacer;
// ignore the whole block if evil styles are detected
- $stripped = preg_replace('/[^a-z\(:]/', '', rcmail_xss_entity_decode($source));
- if (preg_match('/expression|behavior|url\(|import/', $stripped))
+ $stripped = preg_replace('/[^a-z\(:;]/', '', rcmail_xss_entity_decode($source));
+ if (preg_match('/expression|behavior|url\(|import[^a]/', $stripped))
return '/* evil! */';
// remove css comments (sometimes used for some ugly hacks)
@@ -967,6 +1001,37 @@
/**
+ * Improved equivalent to strtotime()
+ *
+ * @param string Date string
+ * @return int
+ */
+function rcube_strtotime($date)
+{
+ // check for MS Outlook vCard date format YYYYMMDD
+ if (preg_match('/^([12][90]\d\d)([01]\d)(\d\d)$/', trim($date), $matches)) {
+ return mktime(0,0,0, intval($matches[2]), intval($matches[3]), intval($matches[1]));
+ }
+ else if (is_numeric($date))
+ return $date;
+
+ // support non-standard "GMTXXXX" literal
+ $date = preg_replace('/GMT\s*([+-][0-9]+)/', '\\1', $date);
+
+ // if date parsing fails, we have a date in non-rfc format.
+ // remove token from the end and try again
+ while ((($ts = @strtotime($date)) === false) || ($ts < 0)) {
+ $d = explode(' ', $date);
+ array_pop($d);
+ if (!$d) break;
+ $date = implode(' ', $d);
+ }
+
+ return $ts;
+}
+
+
+/**
* Convert the given date to a human readable form
* This uses the date formatting properties from config
*
@@ -975,31 +1040,17 @@
* @return string Formatted date string
*/
function format_date($date, $format=NULL)
- {
+{
global $CONFIG;
$ts = NULL;
- if (is_numeric($date))
- $ts = $date;
- else if (!empty($date))
- {
- // support non-standard "GMTXXXX" literal
- $date = preg_replace('/GMT\s*([+-][0-9]+)/', '\\1', $date);
- // if date parsing fails, we have a date in non-rfc format.
- // remove token from the end and try again
- while ((($ts = @strtotime($date))===false) || ($ts < 0))
- {
- $d = explode(' ', $date);
- array_pop($d);
- if (!$d) break;
- $date = implode(' ', $d);
- }
- }
+ if (!empty($date))
+ $ts = rcube_strtotime($date);
if (empty($ts))
return '';
-
+
// get user's timezone
if ($CONFIG['timezone'] === 'auto')
$tz = isset($_SESSION['timezone']) ? $_SESSION['timezone'] : date('Z')/3600;
@@ -1011,7 +1062,7 @@
// convert time to user's timezone
$timestamp = $ts - date('Z', $ts) + ($tz * 3600);
-
+
// get current timestamp in user's timezone
$now = time(); // local time
$now -= (int)date('Z'); // make GMT time
@@ -1019,30 +1070,33 @@
$now_date = getdate($now);
$today_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday'], $now_date['year']);
- $week_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday']-6, $now_date['year']);
+ $week_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday']-6, $now_date['year']);
// define date format depending on current time
if (!$format) {
- if ($CONFIG['prettydate'] && $timestamp > $today_limit && $timestamp < $now)
- return sprintf('%s %s', rcube_label('today'), date($CONFIG['date_today'] ? $CONFIG['date_today'] : 'H:i', $timestamp));
+ if ($CONFIG['prettydate'] && $timestamp > $today_limit && $timestamp < $now) {
+ $format = $CONFIG['date_today'] ? $CONFIG['date_today'] : 'H:i';
+ $today = true;
+ }
else if ($CONFIG['prettydate'] && $timestamp > $week_limit && $timestamp < $now)
$format = $CONFIG['date_short'] ? $CONFIG['date_short'] : 'D H:i';
else
$format = $CONFIG['date_long'] ? $CONFIG['date_long'] : 'd.m.Y H:i';
- }
+ }
// strftime() format
- if (preg_match('/%[a-z]+/i', $format))
- return strftime($format, $timestamp);
+ if (preg_match('/%[a-z]+/i', $format)) {
+ $format = strftime($format, $timestamp);
+ return $today ? (rcube_label('today') . ' ' . $format) : $format;
+ }
// parse format string manually in order to provide localized weekday and month names
// an alternative would be to convert the date() format string to fit with strftime()
$out = '';
- for($i=0; $i<strlen($format); $i++)
- {
+ for($i=0; $i<strlen($format); $i++) {
if ($format{$i}=='\\') // skip escape chars
continue;
-
+
// write char "as-is"
if ($format{$i}==' ' || $format{$i-1}=='\\')
$out .= $format{$i};
@@ -1062,10 +1116,10 @@
$out .= strftime('%x %X', $timestamp);
else
$out .= date($format{$i}, $timestamp);
- }
-
- return $out;
}
+
+ return $today ? (rcube_label('today') . ' ' . $out) : $out;
+}
/**
@@ -1220,6 +1274,19 @@
$address .= '(' . implode(',', $remote_ip) . ')';
return $address;
+}
+
+
+/**
+ * Check whether the HTTP referer matches the current request
+ *
+ * @return boolean True if referer is the same host+path, false if not
+ */
+function rcube_check_referer()
+{
+ $uri = parse_url($_SERVER['REQUEST_URI']);
+ $referer = parse_url(rc_request_header('Referer'));
+ return $referer['host'] == rc_request_header('Host') && $referer['path'] == $uri['path'];
}
@@ -1433,7 +1500,7 @@
}
// make folder name safe for ids and class names
- $folder_id = asciiwords($folder['id'], true, '_');
+ $folder_id = html_identifier($folder['id']);
$classes = array('mailbox');
// set special class for Sent, Drafts, Trash and Junk
@@ -1464,10 +1531,11 @@
$classes[] = 'unread';
$js_name = JQ($folder['id']);
- $html_name = Q($foldername . ($unread ? " ($unread)" : ''));
+ $html_name = Q($foldername) . ($unread ? html::span('unreadcount', " ($unread)") : '');
$link_attrib = $folder['virtual'] ? array() : array(
'href' => rcmail_url('', array('_mbox' => $folder['id'])),
'onclick' => sprintf("return %s.command('list','%s',this)", JS_OBJECT_NAME, $js_name),
+ 'rel' => $folder['id'],
'title' => $title,
);
@@ -1863,6 +1931,39 @@
return false;
}
+/*
+ * Idn_to_ascii wrapper.
+ * Intl/Idn modules version of this function doesn't work with e-mail address
+ */
+function rcube_idn_to_ascii($str)
+{
+ return rcube_idn_convert($str, true);
+}
+
+/*
+ * Idn_to_ascii wrapper.
+ * Intl/Idn modules version of this function doesn't work with e-mail address
+ */
+function rcube_idn_to_utf8($str)
+{
+ return rcube_idn_convert($str, false);
+}
+
+function rcube_idn_convert($input, $is_utf=false)
+{
+ if ($at = strpos($input, '@')) {
+ $user = substr($input, 0, $at);
+ $domain = substr($input, $at+1);
+ }
+ else {
+ $domain = $input;
+ }
+
+ $domain = $is_utf ? idn_to_ascii($domain) : idn_to_utf8($domain);
+
+ return $at ? $user . '@' . $domain : $domain;
+}
+
/**
* Helper class to turn relative urls into absolute ones
--
Gitblit v1.9.1