From ab0b51a1fef87bcc643c3aaf2e635c811b28ccd8 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Tue, 15 Feb 2011 06:10:59 -0500
Subject: [PATCH] - Use only one from IMAP authentication methods to prevent login delays (1487784)
---
program/include/main.inc | 409 ++++++++++++++++++++++++++++++++++++++++++++++-----------
1 files changed, 328 insertions(+), 81 deletions(-)
diff --git a/program/include/main.inc b/program/include/main.inc
index 31c9a08..568b334 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -5,7 +5,7 @@
| program/include/main.inc |
| |
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2005-2009, Roundcube Dev, - Switzerland |
+ | Copyright (C) 2005-2011, The Roundcube Dev Team |
| Licensed under the GNU GPL |
| |
| PURPOSE: |
@@ -84,12 +84,25 @@
* It's a global wrapper for rcmail::gettext()
*
* @param mixed Named parameters array or label name
+ * @param string Domain to search in (e.g. plugin name)
* @return string Localized text
* @see rcmail::gettext()
*/
function rcube_label($p, $domain=null)
{
return rcmail::get_instance()->gettext($p, $domain);
+}
+
+
+/**
+ * Global wrapper of rcmail::text_exists()
+ * to check whether a text label is defined
+ *
+ * @see rcmail::text_exists()
+ */
+function rcube_label_exists($name, $domain=null)
+{
+ return rcmail::get_instance()->text_exists($name, $domain);
}
@@ -539,7 +552,7 @@
{
if (!$html_encode_arr)
{
- $html_encode_arr = get_html_translation_table(HTML_SPECIALCHARS);
+ $html_encode_arr = get_html_translation_table(HTML_SPECIALCHARS);
unset($html_encode_arr['?']);
}
@@ -560,9 +573,7 @@
$out = strtr($str, $encode_arr);
// avoid douple quotation of &
- // commented out, because this breaks displaying of text with entity strings
- // in text messages.
- //$out = preg_replace('/&([A-Za-z]{2,6}|#[0-9]{2,4});/', '&\\1;', $out);
+ $out = preg_replace('/&([A-Za-z]{2,6}|#[0-9]{2,4});/', '&\\1;', $out);
return $newlines ? nl2br($out) : $out;
}
@@ -730,6 +741,16 @@
}
/**
+ * Convert the given string into a valid HTML identifier
+ * Same functionality as done in app.js with this.identifier_expr
+ *
+ */
+function html_identifier($str)
+{
+ return asciiwords($str, true, '_');
+}
+
+/**
* Remove single and double quotes from given string
*
* @param string Input value
@@ -780,7 +801,7 @@
while ($table_data && ($sql_arr = $db->fetch_assoc($table_data)))
{
$zebra_class = $c % 2 ? 'even' : 'odd';
- $table->add_row(array('id' => 'rcmrow' . $sql_arr[$id_col], 'class' => $zebra_class));
+ $table->add_row(array('id' => 'rcmrow' . html_identifier($sql_arr[$id_col]), 'class' => $zebra_class));
// format each col
foreach ($a_show_cols as $col)
@@ -797,11 +818,11 @@
if (!empty($row_data['class']))
$zebra_class .= ' '.$row_data['class'];
- $table->add_row(array('id' => 'rcmrow' . $row_data[$id_col], 'class' => $zebra_class));
+ $table->add_row(array('id' => 'rcmrow' . html_identifier($row_data[$id_col]), 'class' => $zebra_class));
// format each col
foreach ($a_show_cols as $col)
- $table->add($col, Q($row_data[$col]));
+ $table->add($col, Q(is_array($row_data[$col]) ? $row_data[$col][0] : $row_data[$col]));
$c++;
}
@@ -821,32 +842,43 @@
* @return string HTML field definition
*/
function rcmail_get_edit_field($col, $value, $attrib, $type='text')
- {
- $fname = '_'.$col;
- $attrib['name'] = $fname;
+{
+ static $colcounts = array();
- if ($type=='checkbox')
- {
+ $fname = '_'.$col;
+ $attrib['name'] = $fname . ($attrib['array'] ? '[]' : '');
+ $attrib['class'] = trim($attrib['class'] . ' ff_' . $col);
+
+ if ($type == 'checkbox') {
$attrib['value'] = '1';
$input = new html_checkbox($attrib);
- }
- else if ($type=='textarea')
- {
+ }
+ else if ($type == 'textarea') {
$attrib['cols'] = $attrib['size'];
$input = new html_textarea($attrib);
- }
- else
+ }
+ else if ($type == 'select') {
+ $input = new html_select($attrib);
+ $input->add('---', '');
+ $input->add(array_values($attrib['options']), array_keys($attrib['options']));
+ }
+ else {
+ if ($attrib['type'] != 'text' && $attrib['type'] != 'hidden')
+ $attrib['type'] = 'text';
$input = new html_inputfield($attrib);
+ }
// use value from post
- if (!empty($_POST[$fname]))
- $value = get_input_value($fname, RCUBE_INPUT_POST,
- $type == 'textarea' && strpos($attrib['class'], 'mce_editor')!==false ? true : false);
+ if (isset($_POST[$fname])) {
+ $postvalue = get_input_value($fname, RCUBE_INPUT_POST,
+ $type == 'textarea' && strpos($attrib['class'], 'mce_editor')!==false ? true : false);
+ $value = $attrib['array'] ? $postvalue[intval($colcounts[$col]++)] : $postvalue;
+ }
$out = $input->show($value);
-
+
return $out;
- }
+}
/**
@@ -863,8 +895,8 @@
$replacements = new rcube_string_replacer;
// ignore the whole block if evil styles are detected
- $stripped = preg_replace('/[^a-z\(:]/', '', rcmail_xss_entity_decode($source));
- if (preg_match('/expression|behavior|url\(|import/', $stripped))
+ $stripped = preg_replace('/[^a-z\(:;]/', '', rcmail_xss_entity_decode($source));
+ if (preg_match('/expression|behavior|url\(|import[^a]/', $stripped))
return '/* evil! */';
// remove css comments (sometimes used for some ugly hacks)
@@ -969,6 +1001,37 @@
/**
+ * Improved equivalent to strtotime()
+ *
+ * @param string Date string
+ * @return int
+ */
+function rcube_strtotime($date)
+{
+ // check for MS Outlook vCard date format YYYYMMDD
+ if (preg_match('/^([12][90]\d\d)([01]\d)(\d\d)$/', trim($date), $matches)) {
+ return mktime(0,0,0, intval($matches[2]), intval($matches[3]), intval($matches[1]));
+ }
+ else if (is_numeric($date))
+ return $date;
+
+ // support non-standard "GMTXXXX" literal
+ $date = preg_replace('/GMT\s*([+-][0-9]+)/', '\\1', $date);
+
+ // if date parsing fails, we have a date in non-rfc format.
+ // remove token from the end and try again
+ while ((($ts = @strtotime($date)) === false) || ($ts < 0)) {
+ $d = explode(' ', $date);
+ array_pop($d);
+ if (!$d) break;
+ $date = implode(' ', $d);
+ }
+
+ return $ts;
+}
+
+
+/**
* Convert the given date to a human readable form
* This uses the date formatting properties from config
*
@@ -977,31 +1040,17 @@
* @return string Formatted date string
*/
function format_date($date, $format=NULL)
- {
+{
global $CONFIG;
$ts = NULL;
- if (is_numeric($date))
- $ts = $date;
- else if (!empty($date))
- {
- // support non-standard "GMTXXXX" literal
- $date = preg_replace('/GMT\s*([+-][0-9]+)/', '\\1', $date);
- // if date parsing fails, we have a date in non-rfc format.
- // remove token from the end and try again
- while ((($ts = @strtotime($date))===false) || ($ts < 0))
- {
- $d = explode(' ', $date);
- array_pop($d);
- if (!$d) break;
- $date = implode(' ', $d);
- }
- }
+ if (!empty($date))
+ $ts = rcube_strtotime($date);
if (empty($ts))
return '';
-
+
// get user's timezone
if ($CONFIG['timezone'] === 'auto')
$tz = isset($_SESSION['timezone']) ? $_SESSION['timezone'] : date('Z')/3600;
@@ -1013,7 +1062,7 @@
// convert time to user's timezone
$timestamp = $ts - date('Z', $ts) + ($tz * 3600);
-
+
// get current timestamp in user's timezone
$now = time(); // local time
$now -= (int)date('Z'); // make GMT time
@@ -1021,30 +1070,33 @@
$now_date = getdate($now);
$today_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday'], $now_date['year']);
- $week_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday']-6, $now_date['year']);
+ $week_limit = mktime(0, 0, 0, $now_date['mon'], $now_date['mday']-6, $now_date['year']);
// define date format depending on current time
if (!$format) {
- if ($CONFIG['prettydate'] && $timestamp > $today_limit && $timestamp < $now)
- return sprintf('%s %s', rcube_label('today'), date($CONFIG['date_today'] ? $CONFIG['date_today'] : 'H:i', $timestamp));
+ if ($CONFIG['prettydate'] && $timestamp > $today_limit && $timestamp < $now) {
+ $format = $CONFIG['date_today'] ? $CONFIG['date_today'] : 'H:i';
+ $today = true;
+ }
else if ($CONFIG['prettydate'] && $timestamp > $week_limit && $timestamp < $now)
$format = $CONFIG['date_short'] ? $CONFIG['date_short'] : 'D H:i';
else
$format = $CONFIG['date_long'] ? $CONFIG['date_long'] : 'd.m.Y H:i';
- }
+ }
// strftime() format
- if (preg_match('/%[a-z]+/i', $format))
- return strftime($format, $timestamp);
+ if (preg_match('/%[a-z]+/i', $format)) {
+ $format = strftime($format, $timestamp);
+ return $today ? (rcube_label('today') . ' ' . $format) : $format;
+ }
// parse format string manually in order to provide localized weekday and month names
// an alternative would be to convert the date() format string to fit with strftime()
$out = '';
- for($i=0; $i<strlen($format); $i++)
- {
+ for($i=0; $i<strlen($format); $i++) {
if ($format{$i}=='\\') // skip escape chars
continue;
-
+
// write char "as-is"
if ($format{$i}==' ' || $format{$i-1}=='\\')
$out .= $format{$i};
@@ -1064,10 +1116,10 @@
$out .= strftime('%x %X', $timestamp);
else
$out .= date($format{$i}, $timestamp);
- }
-
- return $out;
}
+
+ return $today ? (rcube_label('today') . ' ' . $out) : $out;
+}
/**
@@ -1195,21 +1247,46 @@
if (!$RCMAIL->config->get('log_logins') || !$RCMAIL->user)
return;
- $address = $_SERVER['REMOTE_ADDR'];
- // append the NGINX X-Real-IP header, if set
- if (!empty($_SERVER['HTTP_X_REAL_IP'])) {
- $remote_ip[] = 'X-Real-IP: ' . $_SERVER['HTTP_X_REAL_IP'];
- }
- // append the X-Forwarded-For header, if set
- if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
- $remote_ip[] = 'X-Forwarded-For: ' . $_SERVER['HTTP_X_FORWARDED_FOR'];
- }
-
- if (!empty($remote_ip))
- $address .= '(' . implode(',', $remote_ip) . ')';
-
write_log('userlogins', sprintf('Successful login for %s (ID: %d) from %s',
- $RCMAIL->user->get_username(), $RCMAIL->user->ID, $address));
+ $RCMAIL->user->get_username(), $RCMAIL->user->ID, rcmail_remote_ip()));
+}
+
+
+/**
+ * Returns remote IP address and forwarded addresses if found
+ *
+ * @return string Remote IP address(es)
+ */
+function rcmail_remote_ip()
+{
+ $address = $_SERVER['REMOTE_ADDR'];
+
+ // append the NGINX X-Real-IP header, if set
+ if (!empty($_SERVER['HTTP_X_REAL_IP'])) {
+ $remote_ip[] = 'X-Real-IP: ' . $_SERVER['HTTP_X_REAL_IP'];
+ }
+ // append the X-Forwarded-For header, if set
+ if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+ $remote_ip[] = 'X-Forwarded-For: ' . $_SERVER['HTTP_X_FORWARDED_FOR'];
+ }
+
+ if (!empty($remote_ip))
+ $address .= '(' . implode(',', $remote_ip) . ')';
+
+ return $address;
+}
+
+
+/**
+ * Check whether the HTTP referer matches the current request
+ *
+ * @return boolean True if referer is the same host+path, false if not
+ */
+function rcube_check_referer()
+{
+ $uri = parse_url($_SERVER['REQUEST_URI']);
+ $referer = parse_url(rc_request_header('Referer'));
+ return $referer['host'] == rc_request_header('Host') && $referer['path'] == $uri['path'];
}
@@ -1221,7 +1298,7 @@
{
return microtime(true);
}
-
+
/**
* @access private
@@ -1316,8 +1393,13 @@
$p += array('maxlength' => 100, 'realnames' => false);
$a_mailboxes = array();
-
- foreach ($RCMAIL->imap->list_mailboxes() as $folder)
+
+ if ($p['unsubscribed'])
+ $list = $RCMAIL->imap->list_unsubscribed();
+ else
+ $list = $RCMAIL->imap->list_mailboxes();
+
+ foreach ($list as $folder)
if (empty($p['exceptions']) || !in_array($folder, $p['exceptions']))
rcmail_build_folder_tree($a_mailboxes, $folder, $RCMAIL->imap->get_hierarchy_delimiter());
@@ -1348,7 +1430,7 @@
$currentFolder = substr($folder, 0, $pos);
// sometimes folder has a delimiter as the last character
- if (empty($subFolders))
+ if (!strlen($subFolders))
$virtual = false;
else if (!isset($arrFolders[$currentFolder]))
$virtual = true;
@@ -1378,7 +1460,7 @@
else
$arrFolders[$currentFolder]['virtual'] = $virtual;
- if (!empty($subFolders))
+ if (strlen($subFolders))
rcmail_build_folder_tree($arrFolders[$currentFolder]['folders'], $subFolders, $delm, $path.$delm);
}
@@ -1418,7 +1500,7 @@
}
// make folder name safe for ids and class names
- $folder_id = asciiwords($folder['id'], true, '_');
+ $folder_id = html_identifier($folder['id']);
$classes = array('mailbox');
// set special class for Sent, Drafts, Trash and Junk
@@ -1449,10 +1531,11 @@
$classes[] = 'unread';
$js_name = JQ($folder['id']);
- $html_name = Q($foldername . ($unread ? " ($unread)" : ''));
+ $html_name = Q($foldername) . ($unread ? html::span('unreadcount', " ($unread)") : '');
$link_attrib = $folder['virtual'] ? array() : array(
'href' => rcmail_url('', array('_mbox' => $folder['id'])),
'onclick' => sprintf("return %s.command('list','%s',this)", JS_OBJECT_NAME, $js_name),
+ 'rel' => $folder['id'],
'title' => $title,
);
@@ -1553,6 +1636,97 @@
}
+function rcmail_quota_display($attrib)
+{
+ global $OUTPUT;
+
+ if (!$attrib['id'])
+ $attrib['id'] = 'rcmquotadisplay';
+
+ if(isset($attrib['display']))
+ $_SESSION['quota_display'] = $attrib['display'];
+
+ $OUTPUT->add_gui_object('quotadisplay', $attrib['id']);
+
+ $quota = rcmail_quota_content($attrib);
+
+ $OUTPUT->add_script('$(document).ready(function(){
+ rcmail.set_quota('.json_serialize($quota).')});', 'foot');
+
+ return html::span($attrib, '');
+}
+
+
+function rcmail_quota_content($attrib=NULL)
+{
+ global $RCMAIL;
+
+ $quota = $RCMAIL->imap->get_quota();
+ $quota = $RCMAIL->plugins->exec_hook('quota', $quota);
+
+ $quota_result = (array) $quota;
+ $quota_result['type'] = isset($_SESSION['quota_display']) ? $_SESSION['quota_display'] : '';
+
+ if (!$quota['total'] && $RCMAIL->config->get('quota_zero_as_unlimited')) {
+ $quota_result['title'] = rcube_label('unlimited');
+ $quota_result['percent'] = 0;
+ }
+ else if ($quota['total']) {
+ if (!isset($quota['percent']))
+ $quota_result['percent'] = min(100, round(($quota['used']/max(1,$quota['total']))*100));
+
+ $title = sprintf('%s / %s (%.0f%%)',
+ show_bytes($quota['used'] * 1024), show_bytes($quota['total'] * 1024),
+ $quota_result['percent']);
+
+ $quota_result['title'] = $title;
+
+ if ($attrib['width'])
+ $quota_result['width'] = $attrib['width'];
+ if ($attrib['height'])
+ $quota_result['height'] = $attrib['height'];
+ }
+ else {
+ $quota_result['title'] = rcube_label('unknown');
+ $quota_result['percent'] = 0;
+ }
+
+ return $quota_result;
+}
+
+
+/**
+ * Outputs error message according to server error/response codes
+ *
+ * @param string Fallback message label
+ * @param string Fallback message label arguments
+ *
+ * @return void
+ */
+function rcmail_display_server_error($fallback=null, $fallback_args=null)
+{
+ global $RCMAIL;
+
+ $err_code = $RCMAIL->imap->get_error_code();
+ $res_code = $RCMAIL->imap->get_response_code();
+
+ if ($res_code == rcube_imap::NOPERM) {
+ $RCMAIL->output->show_message('errornoperm', 'error');
+ }
+ else if ($res_code == rcube_imap::READONLY) {
+ $RCMAIL->output->show_message('errorreadonly', 'error');
+ }
+ else if ($err_code && ($err_str = $RCMAIL->imap->get_error_str())) {
+ $RCMAIL->output->show_message('servererrormsg', 'error', array('msg' => $err_str));
+ }
+ else if ($fallback) {
+ $RCMAIL->output->show_message($fallback, 'error', $fallback_args);
+ }
+
+ return true;
+}
+
+
/**
* Output HTML editor scripts
*
@@ -1578,8 +1752,46 @@
$RCMAIL->output->include_script('tiny_mce/tiny_mce.js');
$RCMAIL->output->include_script('editor.js');
- $RCMAIL->output->add_script('rcmail_editor_init("$__skin_path",
- "'.JQ($lang).'", '.intval($CONFIG['enable_spellcheck']).', "'.$mode.'");');
+ $RCMAIL->output->add_script(sprintf("rcmail_editor_init('\$__skin_path', '%s', %d, '%s');",
+ JQ($lang), intval($CONFIG['enable_spellcheck']), $mode),
+ 'foot');
+}
+
+
+/**
+ * Replaces TinyMCE's emoticon images with plain-text representation
+ *
+ * @param string HTML content
+ * @return string HTML content
+ */
+function rcmail_replace_emoticons($html)
+{
+ $emoticons = array(
+ '8-)' => 'smiley-cool',
+ ':-#' => 'smiley-foot-in-mouth',
+ ':-*' => 'smiley-kiss',
+ ':-X' => 'smiley-sealed',
+ ':-P' => 'smiley-tongue-out',
+ ':-@' => 'smiley-yell',
+ ":'(" => 'smiley-cry',
+ ':-(' => 'smiley-frown',
+ ':-D' => 'smiley-laughing',
+ ':-)' => 'smiley-smile',
+ ':-S' => 'smiley-undecided',
+ ':-$' => 'smiley-embarassed',
+ 'O:-)' => 'smiley-innocent',
+ ':-|' => 'smiley-money-mouth',
+ ':-O' => 'smiley-surprised',
+ ';-)' => 'smiley-wink',
+ );
+
+ foreach ($emoticons as $idx => $file) {
+ // <img title="Cry" src="http://.../program/js/tiny_mce/plugins/emotions/img/smiley-cry.gif" border="0" alt="Cry" />
+ $search[] = '/<img title="[a-z ]+" src="https?:\/\/[a-z0-9_.\/-]+\/tiny_mce\/plugins\/emotions\/img\/'.$file.'.gif"[^>]+\/>/i';
+ $replace[] = $idx;
+ }
+
+ return preg_replace($search, $replace, $html);
}
@@ -1627,16 +1839,17 @@
* Replaces hostname variables
*
* @param string $name Hostname
+ * @param string $host Optional IMAP hostname
* @return string
*/
-function rcube_parse_host($name)
+function rcube_parse_host($name, $host='')
{
// %n - host
$n = preg_replace('/:\d+$/', '', $_SERVER['SERVER_NAME']);
// %d - domain name without first part, e.g. %d=mail.domain.tld, %m=domain.tld
$d = preg_replace('/^[^\.]+\./', '', $n);
// %h - IMAP host
- $h = $_SESSION['imap_host'];
+ $h = $_SESSION['imap_host'] ? $_SESSION['imap_host'] : $host;
// %z - IMAP domain without first part, e.g. %h=imap.domain.tld, %z=domain.tld
$z = preg_replace('/^[^\.]+\./', '', $h);
@@ -1716,6 +1929,39 @@
}
return false;
+}
+
+/*
+ * Idn_to_ascii wrapper.
+ * Intl/Idn modules version of this function doesn't work with e-mail address
+ */
+function rcube_idn_to_ascii($str)
+{
+ return rcube_idn_convert($str, true);
+}
+
+/*
+ * Idn_to_ascii wrapper.
+ * Intl/Idn modules version of this function doesn't work with e-mail address
+ */
+function rcube_idn_to_utf8($str)
+{
+ return rcube_idn_convert($str, false);
+}
+
+function rcube_idn_convert($input, $is_utf=false)
+{
+ if ($at = strpos($input, '@')) {
+ $user = substr($input, 0, $at);
+ $domain = substr($input, $at+1);
+ }
+ else {
+ $domain = $input;
+ }
+
+ $domain = $is_utf ? idn_to_ascii($domain) : idn_to_utf8($domain);
+
+ return $at ? $user . '@' . $domain : $domain;
}
@@ -1818,3 +2064,4 @@
flush();
}
}
+
--
Gitblit v1.9.1