From c5ee036866791ad1c5ab8281f25179169df9e042 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Fri, 05 Jun 2009 14:03:21 -0400
Subject: [PATCH] - fix rcmail_temp_gc() + small code cleanups

---
 program/include/main.inc    |   19 ++++++++++++-------
 program/steps/mail/func.inc |    2 +-
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/program/include/main.inc b/program/include/main.inc
index d46cec2..f9783ba 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -128,7 +128,9 @@
  */
 function rcmail_temp_gc()
   {
-  $tmp = unslashify($CONFIG['temp_dir']);
+  $rcmail = rcmail::get_instance();
+
+  $tmp = unslashify($rcmail->config->get('temp_dir'));
   $expire = mktime() - 172800;  // expire in 48 hours
 
   if ($dir = opendir($tmp))
@@ -564,7 +566,10 @@
     else if (isset($_COOKIE[$fname]))
       $value = $_COOKIE[$fname];
     }
-  
+
+  if (empty($value))
+    return $value;
+
   // strip single quotes if magic_quotes_sybase is enabled
   if (ini_get('magic_quotes_sybase'))
     $value = str_replace("''", "'", $value);
@@ -723,7 +728,7 @@
   $replacements = new rcube_string_replacer;
   
   // ignore the whole block if evil styles are detected
-  $stripped = preg_replace('/[^a-z\(:]/', '', rcmail_xss_entitiy_decode($source));
+  $stripped = preg_replace('/[^a-z\(:]/', '', rcmail_xss_entity_decode($source));
   if (preg_match('/expression|behavior|url\(|import/', $stripped))
     return '/* evil! */';
 
@@ -764,22 +769,22 @@
  * @param string CSS content to decode
  * @return string Decoded string
  */
-function rcmail_xss_entitiy_decode($content)
+function rcmail_xss_entity_decode($content)
 {
   $out = html_entity_decode(html_entity_decode($content));
-  $out = preg_replace_callback('/\\\([0-9a-f]{4})/i', 'rcmail_xss_entitiy_decode_callback', $out);
+  $out = preg_replace_callback('/\\\([0-9a-f]{4})/i', 'rcmail_xss_entity_decode_callback', $out);
   $out = preg_replace('#/\*.*\*/#Um', '', $out);
   return $out;
 }
 
 
 /**
- * preg_replace_callback callback for rcmail_xss_entitiy_decode_callback
+ * preg_replace_callback callback for rcmail_xss_entity_decode_callback
  *
  * @param array matches result from preg_replace_callback
  * @return string decoded entity
  */ 
-function rcmail_xss_entitiy_decode_callback($matches)
+function rcmail_xss_entity_decode_callback($matches)
 { 
   return chr(hexdec($matches[1]));
 }
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index d5f3a68..aad8c7d 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -861,7 +861,7 @@
       
     case 'style':
       // decode all escaped entities and reduce to ascii strings
-      $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entitiy_decode($content));
+      $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entity_decode($content));
       
       // now check for evil strings like expression, behavior or url()
       if (!preg_match('/expression|behavior|url\(|import/', $stripped)) {

--
Gitblit v1.9.1