From d2215764898919f1ea3b461fb08ac430db4340a4 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Fri, 21 Mar 2014 13:32:13 -0400
Subject: [PATCH] Disable link registering mailto: protocol handler if not supported by the browser (#1489569)
---
program/steps/addressbook/show.inc | 222 ++++++++++++++++++++++++++++++++++++++++++-------------
1 files changed, 168 insertions(+), 54 deletions(-)
diff --git a/program/steps/addressbook/show.inc b/program/steps/addressbook/show.inc
index 960ea1c..f4224a3 100644
--- a/program/steps/addressbook/show.inc
+++ b/program/steps/addressbook/show.inc
@@ -4,9 +4,12 @@
+-----------------------------------------------------------------------+
| program/steps/addressbook/show.inc |
| |
- | This file is part of the RoundCube Webmail client |
- | Copyright (C) 2005, RoundCube Dev. - Switzerland |
- | Licensed under the GNU GPL |
+ | This file is part of the Roundcube Webmail client |
+ | Copyright (C) 2005-2013, The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
| |
| PURPOSE: |
| Show contact details |
@@ -14,67 +17,178 @@
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
-
- $Id$
-
*/
+// Get contact ID and source ID from request
+$cids = rcmail_get_cids();
+$source = key($cids);
+$cid = $cids ? array_shift($cids[$source]) : null;
-if ($_GET['_cid'] || $_POST['_cid'])
- {
- $cid = $_POST['_cid'] ? $_POST['_cid'] : $_GET['_cid'];
- $DB->query("SELECT * FROM ".get_table_name('contacts')."
- WHERE contact_id=?
- AND user_id=?
- AND del<>1",
- $cid,
- $_SESSION['user_id']);
-
- $CONTACT_RECORD = $DB->fetch_assoc();
-
- if (is_array($CONTACT_RECORD))
- $OUTPUT->add_script(sprintf("%s.set_env('cid', '%s');", $JS_OBJECT_NAME, $CONTACT_RECORD['contact_id']));
- }
+// Initialize addressbook source
+$CONTACTS = rcmail_contact_source($source, true);
+$SOURCE_ID = $source;
+// read contact record
+if ($cid && ($record = $CONTACTS->get_record($cid, true))) {
+ $OUTPUT->set_env('readonly', $CONTACTS->readonly || $record['readonly']);
+ $OUTPUT->set_env('cid', $record['ID']);
+ $OUTPUT->set_env('compose_extwin', $RCMAIL->config->get('compose_extwin',false));
+}
+
+// get address book name (for display)
+rcmail_set_sourcename($CONTACTS);
+
+$OUTPUT->add_handlers(array(
+ 'contacthead' => 'rcmail_contact_head',
+ 'contactdetails' => 'rcmail_contact_details',
+ 'contactphoto' => 'rcmail_contact_photo',
+));
+
+$OUTPUT->send('contact');
+
+
+
+function rcmail_contact_head($attrib)
+{
+ global $CONTACTS, $RCMAIL;
+
+ // check if we have a valid result
+ if (!(($result = $CONTACTS->get_result()) && ($record = $result->first()))) {
+ $RCMAIL->output->show_message('contactnotfound', 'error');
+ return false;
+ }
+
+ $form = array(
+ 'head' => array( // section 'head' is magic!
+ 'content' => array(
+ 'prefix' => array('type' => 'text'),
+ 'firstname' => array('type' => 'text'),
+ 'middlename' => array('type' => 'text'),
+ 'surname' => array('type' => 'text'),
+ 'suffix' => array('type' => 'text'),
+ ),
+ ),
+ );
+
+ unset($attrib['name']);
+ return rcmail_contact_form($form, $record, $attrib);
+}
function rcmail_contact_details($attrib)
- {
- global $CONTACT_RECORD, $JS_OBJECT_NAME;
+{
+ global $CONTACTS, $RCMAIL, $CONTACT_COLTYPES;
- if (!$CONTACT_RECORD)
- return show_message('contactnotfound');
-
- // a specific part is requested
- if ($attrib['part'])
- return rep_specialchars_output($CONTACT_RECORD[$attrib['part']]);
-
-
- // return the complete address record as table
- $out = "<table>\n\n";
-
- $a_show_cols = array('name', 'firstname', 'surname', 'email');
- foreach ($a_show_cols as $col)
- {
- if ($col=='email' && $CONTACT_RECORD[$col])
- $value = sprintf('<a href="#compose" onclick="%s.command(\'compose\', %d)" title="%s">%s</a>',
- $JS_OBJECT_NAME,
- $CONTACT_RECORD['contact_id'],
- rcube_label('composeto'),
- $CONTACT_RECORD[$col]);
- else
- $value = rep_specialchars_output($CONTACT_RECORD[$col]);
-
- $title = rcube_label($col);
- $out .= sprintf("<tr><td class=\"title\">%s</td><td>%s</td></tr>\n", $title, $value);
+ // check if we have a valid result
+ if (!(($result = $CONTACTS->get_result()) && ($record = $result->first()))) {
+ return false;
}
+ $i_size = !empty($attrib['size']) ? $attrib['size'] : 40;
- $out .= "\n</table>";
-
- return $out;
- }
+ $form = array(
+ 'contact' => array(
+ 'name' => $RCMAIL->gettext('properties'),
+ 'content' => array(
+ 'email' => array('size' => $i_size, 'render_func' => 'rcmail_render_email_value'),
+ 'phone' => array('size' => $i_size),
+ 'address' => array(),
+ 'website' => array('size' => $i_size, 'render_func' => 'rcmail_render_url_value'),
+ 'im' => array('size' => $i_size),
+ ),
+ ),
+ 'personal' => array(
+ 'name' => $RCMAIL->gettext('personalinfo'),
+ 'content' => array(
+ 'gender' => array('size' => $i_size),
+ 'maidenname' => array('size' => $i_size),
+ 'birthday' => array('size' => $i_size),
+ 'anniversary' => array('size' => $i_size),
+ 'manager' => array('size' => $i_size),
+ 'assistant' => array('size' => $i_size),
+ 'spouse' => array('size' => $i_size),
+ ),
+ ),
+ );
+
+ if (isset($CONTACT_COLTYPES['notes'])) {
+ $form['notes'] = array(
+ 'name' => $RCMAIL->gettext('notes'),
+ 'content' => array(
+ 'notes' => array('type' => 'textarea', 'label' => false),
+ ),
+ );
+ }
+
+ if ($CONTACTS->groups) {
+ $form['groups'] = array(
+ 'name' => $RCMAIL->gettext('groups'),
+ 'content' => rcmail_contact_record_groups($record['ID']),
+ );
+ }
+
+ return rcmail_contact_form($form, $record);
+}
-parse_template('showcontact');
-?>
\ No newline at end of file
+function rcmail_render_email_value($email)
+{
+ global $RCMAIL;
+
+ return html::a(array(
+ 'href' => 'mailto:' . $email,
+ 'onclick' => sprintf("return %s.command('compose','%s',this)", rcmail_output::JS_OBJECT_NAME, rcube::JQ($email)),
+ 'title' => $RCMAIL->gettext('composeto'),
+ 'class' => 'email',
+ ), rcube::Q($email));
+}
+
+
+function rcmail_render_url_value($url)
+{
+ $prefix = preg_match('!^(http|ftp)s?://!', $url) ? '' : 'http://';
+ return html::a(array(
+ 'href' => $prefix . $url,
+ 'target' => '_blank',
+ 'class' => 'url',
+ ), rcube::Q($url));
+}
+
+
+function rcmail_contact_record_groups($contact_id)
+{
+ global $RCMAIL, $CONTACTS, $GROUPS;
+
+ $GROUPS = $CONTACTS->list_groups();
+
+ if (empty($GROUPS)) {
+ return '';
+ }
+
+ $members = $CONTACTS->get_record_groups($contact_id);
+ $table = new html_table(array('cols' => 2, 'cellspacing' => 0, 'border' => 0));
+ $checkbox = new html_checkbox(array('name' => '_gid[]',
+ 'class' => 'groupmember', 'disabled' => $CONTACTS->readonly));
+
+ foreach ($GROUPS as $group) {
+ $gid = $group['ID'];
+ $table->add(null, $checkbox->show($members[$gid] ? $gid : null,
+ array('value' => $gid, 'id' => 'ff_gid' . $gid)));
+ $table->add(null, html::label('ff_gid' . $gid, rcube::Q($group['name'])));
+ }
+
+ $hiddenfields = new html_hiddenfield(array('name' => '_source', 'value' => rcube_utils::get_input_value('_source', rcube_utils::INPUT_GPC)));
+ $hiddenfields->add(array('name' => '_cid', 'value' => $contact_id));
+
+ $form_start = $RCMAIL->output->request_form(array(
+ 'name' => "form", 'method' => "post",
+ 'task' => $RCMAIL->task, 'action' => 'save',
+ 'request' => 'save.'.intval($contact_id),
+ 'noclose' => true), $hiddenfields->show());
+ $form_end = '</form>';
+
+ $RCMAIL->output->add_gui_object('editform', 'form');
+ $RCMAIL->output->add_label('addingmember', 'removingmember');
+
+ return $form_start . html::tag('fieldset', 'contactfieldgroup contactgroups', $table->show()) . $form_end;
+}
--
Gitblit v1.9.1