From b79cc545ec020f7dd4bd83dcd06af3cf2b1fcaff Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 28 Aug 2012 05:20:20 -0400
Subject: [PATCH] Improvements/fixes for Larry skin
---
program/include/rcube_utils.php | 121 +++++++++++++++++++++++++++++++++++-----
1 files changed, 106 insertions(+), 15 deletions(-)
diff --git a/program/include/rcube_utils.php b/program/include/rcube_utils.php
index 5b31537..23bf556 100644
--- a/program/include/rcube_utils.php
+++ b/program/include/rcube_utils.php
@@ -18,9 +18,6 @@
| Author: Thomas Bruederli <roundcube@gmail.com> |
| Author: Aleksander Machniak <alec@alec.pl> |
+-----------------------------------------------------------------------+
-
- $Id$
-
*/
@@ -50,7 +47,7 @@
}
$cookie = session_get_cookie_params();
- $secure = self::https_check();
+ $secure = $cookie['secure'] || self::https_check();
setcookie($name, $value, $exp, $cookie['path'], $cookie['domain'], $secure, true);
}
@@ -87,17 +84,17 @@
// from PEAR::Validate
$regexp = '&^(?:
- ("\s*(?:[^"\f\n\r\t\v\b\s]+\s*)+")| #1 quoted name
- ([-\w!\#\$%\&\'*+~/^`|{}=]+(?:\.[-\w!\#\$%\&\'*+~/^`|{}=]+)*)) #2 OR dot-atom (RFC5322)
- $&xi';
+ ("\s*(?:[^"\f\n\r\t\v\b\s]+\s*)+")| #1 quoted name
+ ([-\w!\#\$%\&\'*+~/^`|{}=]+(?:\.[-\w!\#\$%\&\'*+~/^`|{}=]+)*)) #2 OR dot-atom (RFC5322)
+ $&xi';
if (!preg_match($regexp, $local_part)) {
return false;
}
- // Check domain part
- if (preg_match('/^\[*(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9]?[0-9])){3}\]*$/', $domain_part)) {
- return true; // IP address
+ // Validate domain part
+ if (preg_match('/^\[((IPv6:[0-9a-f:.]+)|([0-9.]+))\]$/i', $domain_part, $matches)) {
+ return self::check_ip(preg_replace('/^IPv6:/i', '', $matches[1])); // valid IPv4 or IPv6 address
}
else {
// If not an IP address
@@ -111,6 +108,11 @@
if (!preg_match('/^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]))$/', $part)) {
return false;
}
+ }
+
+ // last domain part
+ if (preg_match('/[^a-zA-Z]/', array_pop($domain_array))) {
+ return false;
}
$rcube = rcube::get_instance();
@@ -144,6 +146,52 @@
return false;
}
+
+ /**
+ * Validates IPv4 or IPv6 address
+ *
+ * @param string $ip IP address in v4 or v6 format
+ *
+ * @return bool True if the address is valid
+ */
+ public static function check_ip($ip)
+ {
+ // IPv6, but there's no build-in IPv6 support
+ if (strpos($ip, ':') !== false && !defined('AF_INET6')) {
+ $parts = explode(':', $domain_part);
+ $count = count($parts);
+
+ if ($count > 8 || $count < 2) {
+ return false;
+ }
+
+ foreach ($parts as $idx => $part) {
+ $length = strlen($part);
+ if (!$length) {
+ // there can be only one ::
+ if ($found_empty) {
+ return false;
+ }
+ $found_empty = true;
+ }
+ // last part can be an IPv4 address
+ else if ($idx == $count - 1) {
+ if (!preg_match('/^[0-9a-f]{1,4}$/i', $part)) {
+ return @inet_pton($part) !== false;
+ }
+ }
+ else if (!preg_match('/^[0-9a-f]{1,4}$/i', $part)) {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ return @inet_pton($ip) !== false;
+ }
+
+
/**
* Check whether the HTTP referer matches the current request
*
@@ -152,8 +200,8 @@
public static function check_referer()
{
$uri = parse_url($_SERVER['REQUEST_URI']);
- $referer = parse_url(rcube_request_header('Referer'));
- return $referer['host'] == rcube_request_header('Host') && $referer['path'] == $uri['path'];
+ $referer = parse_url(self::request_header('Referer'));
+ return $referer['host'] == self::request_header('Host') && $referer['path'] == $uri['path'];
}
@@ -619,8 +667,10 @@
{
// %n - host
$n = preg_replace('/:\d+$/', '', $_SERVER['SERVER_NAME']);
- // %d - domain name without first part, e.g. %n=mail.domain.tld, %d=domain.tld
- $d = preg_replace('/^[^\.]+\./', '', $n);
+ // %t - host name without first part, e.g. %n=mail.domain.tld, %t=domain.tld
+ $t = preg_replace('/^[^\.]+\./', '', $n);
+ // %d - domain name without first part
+ $d = preg_replace('/^[^\.]+\./', '', $_SERVER['HTTP_HOST']);
// %h - IMAP host
$h = $_SESSION['storage_host'] ? $_SESSION['storage_host'] : $host;
// %z - IMAP domain without first part, e.g. %h=imap.domain.tld, %z=domain.tld
@@ -635,7 +685,7 @@
}
}
- $name = str_replace(array('%n', '%d', '%h', '%z', '%s'), array($n, $d, $h, $z, $s[2]), $name);
+ $name = str_replace(array('%n', '%t', '%d', '%h', '%z', '%s'), array($n, $t, $d, $h, $z, $s[2]), $name);
return $name;
}
@@ -790,4 +840,45 @@
return $at ? $user . '@' . $domain : $domain;
}
+ /**
+ * Split the given string into word tokens
+ *
+ * @param string Input to tokenize
+ * @return array List of tokens
+ */
+ public static function tokenize_string($str)
+ {
+ return explode(" ", preg_replace(
+ array('/[\s;\/+-]+/i', '/(\d)[-.\s]+(\d)/', '/\s\w{1,3}\s/u'),
+ array(' ', '\\1\\2', ' '),
+ $str));
+ }
+
+ /**
+ * Normalize the given string for fulltext search.
+ * Currently only optimized for Latin-1 characters; to be extended
+ *
+ * @param string Input string (UTF-8)
+ * @param boolean True to return list of words as array
+ * @return mixed Normalized string or a list of normalized tokens
+ */
+ public static function normalize_string($str, $as_array = false)
+ {
+ // split by words
+ $arr = self::tokenize_string($str);
+
+ foreach ($arr as $i => $part) {
+ if (utf8_encode(utf8_decode($part)) == $part) { // is latin-1 ?
+ $arr[$i] = utf8_encode(strtr(strtolower(strtr(utf8_decode($part),
+ 'ÇçäâàåéêëèïîìÅÉöôòüûùÿøØáíóúñÑÁÂÀãÃÊËÈÍÎÏÓÔõÕÚÛÙýÝ',
+ 'ccaaaaeeeeiiiaeooouuuyooaiounnaaaaaeeeiiioooouuuyy')),
+ array('ß' => 'ss', 'ae' => 'a', 'oe' => 'o', 'ue' => 'u')));
+ }
+ else
+ $arr[$i] = mb_strtolower($part);
+ }
+
+ return $as_array ? $arr : join(" ", $arr);
+ }
+
}
--
Gitblit v1.9.1