From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 plugins/newmail_notifier/newmail_notifier.js |   67 ++++++++++++++++++++++-----------
 1 files changed, 44 insertions(+), 23 deletions(-)

diff --git a/plugins/newmail_notifier/newmail_notifier.js b/plugins/newmail_notifier/newmail_notifier.js
index 846bc94..4b71c22 100644
--- a/plugins/newmail_notifier/newmail_notifier.js
+++ b/plugins/newmail_notifier/newmail_notifier.js
@@ -1,18 +1,30 @@
 /**
  * New Mail Notifier plugin script
  *
- * @version @package_version@
  * @author Aleksander Machniak <alec@alec.pl>
+ *
+ * @licstart  The following is the entire license notice for the
+ * JavaScript code in this file.
+ *
+ * Copyright (c) 2013, The Roundcube Dev Team
+ *
+ * The JavaScript code in this page is free software: you can redistribute it
+ * and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation, either version 3 of
+ * the License, or (at your option) any later version.
+ *
+ * @licend  The above is the entire license notice
+ * for the JavaScript code in this file.
  */
 
 if (window.rcmail && rcmail.env.task == 'mail') {
-    rcmail.addEventListener('plugin.newmail_notifier', newmail_notifier_run);
-    rcmail.addEventListener('actionbefore', newmail_notifier_stop);
-    rcmail.addEventListener('init', function() {
-        // bind to messages list select event, so favicon will be reverted on message preview too
-        if (rcmail.message_list)
-            rcmail.message_list.addEventListener('select', newmail_notifier_stop);
-    });
+    rcmail.addEventListener('plugin.newmail_notifier', newmail_notifier_run)
+        .addEventListener('actionbefore', newmail_notifier_stop)
+        .addEventListener('init', function() {
+            // bind to messages list select event, so favicon will be reverted on message preview too
+            if (rcmail.message_list)
+                rcmail.message_list.addEventListener('select', newmail_notifier_stop);
+        });
 }
 
 // Executes notification methods
@@ -23,7 +35,7 @@
     if (prop.sound)
         newmail_notifier_sound();
     if (prop.desktop)
-        newmail_notifier_desktop(rcmail.gettext('body', 'newmail_notifier'));
+        newmail_notifier_desktop(rcmail.get_label('body', 'newmail_notifier'));
 }
 
 // Stops notification
@@ -46,12 +58,13 @@
 // Basic notification: window.focus and favicon change
 function newmail_notifier_basic()
 {
-    var w = rcmail.is_framed() ? window.parent : window;
+    var w = rcmail.is_framed() ? window.parent : window,
+        path = rcmail.assets_path('plugins/newmail_notifier');
 
     w.focus();
 
     // we cannot simply change a href attribute, we must to replace the link element (at least in FF)
-    var link = $('<link rel="shortcut icon" href="plugins/newmail_notifier/favicon.ico"/>'),
+    var link = $('<link rel="shortcut icon">').attr('href', path + '/favicon.ico'),
         oldlink = $('link[rel="shortcut icon"]', w.document);
 
     if (!rcmail.env.favicon_href)
@@ -63,7 +76,7 @@
     // Add IE icon overlay if we're pinned to Taskbar
     try {
         if (window.external.msIsSiteMode()) {
-            window.external.msSiteModeSetIconOverlay('plugins/newmail_notifier/overlay.ico', rcmail.gettext('title', 'newmail_notifier'));
+            window.external.msSiteModeSetIconOverlay(path + '/overlay.ico', rcmail.get_label('title', 'newmail_notifier'));
         }
     } catch(e) {}
 }
@@ -71,11 +84,17 @@
 // Sound notification
 function newmail_notifier_sound()
 {
-    var elem, src = 'plugins/newmail_notifier/sound.wav';
+    var elem, src = rcmail.assets_path('plugins/newmail_notifier/sound'),
+        plugin = navigator.mimeTypes ? navigator.mimeTypes['audio/mp3'] : {};
+
+    // Internet Explorer does not support wav files,
+    // support in other browsers depends on enabled plugins,
+    // so we use wav as a fallback
+    src += bw.ie || (plugin && plugin.enabledPlugin) ? '.mp3' : '.wav';
 
     // HTML5
     try {
-        elem = $('<audio src="' + src + '" />');
+        elem = $('<audio>').attr('src', src);
         elem.get(0).play();
     }
     // old method
@@ -90,19 +109,21 @@
 // - Require Chrome or Firefox latest version (22+) / 21.0 or older with a plugin
 function newmail_notifier_desktop(body)
 {
-    var timeout = rcmail.env.newmail_notifier_timeout || 10;
+    var timeout = rcmail.env.newmail_notifier_timeout || 10,
+        icon = rcmail.assets_path('plugins/newmail_notifier/mail.png');
+
 
     // As of 17 June 2013, Chrome/Chromium does not implement Notification.permission correctly that
     // it gives 'undefined' until an object has been created:
     // https://code.google.com/p/chromium/issues/detail?id=163226
     try {
         if (Notification.permission == 'granted' || Notification.permission == undefined) {
-            var popup = new Notification(rcmail.gettext('title', 'newmail_notifier'), {
+            var popup = new Notification(rcmail.get_label('title', 'newmail_notifier'), {
                 dir: "auto",
                 lang: "",
                 body: body,
                 tag: "newmail_notifier",
-                icon: "plugins/newmail_notifier/mail.png",
+                icon: icon
             });
             popup.onclick = function() {
                 this.close();
@@ -117,8 +138,8 @@
         if (dn && !dn.checkPermission()) {
             if (rcmail.newmail_popup)
                 rcmail.newmail_popup.cancel();
-            var popup = window.webkitNotifications.createNotification('plugins/newmail_notifier/mail.png',
-                rcmail.gettext('title', 'newmail_notifier'), body);
+            var popup = window.webkitNotifications.createNotification(icon,
+                rcmail.get_label('title', 'newmail_notifier'), body);
             popup.onclick = function() {
                 this.cancel();
             }
@@ -133,7 +154,7 @@
 
 function newmail_notifier_test_desktop()
 {
-    var txt = rcmail.gettext('testbody', 'newmail_notifier');
+    var txt = rcmail.get_label('testbody', 'newmail_notifier');
 
     // W3C draft implementation (with fix for Chrome/Chromium)
     try {
@@ -150,12 +171,12 @@
             else
                 dn.requestPermission(function() {
                     if (!newmail_notifier_desktop(txt))
-                        rcmail.display_message(rcmail.gettext('desktopdisabled', 'newmail_notifier'), 'error');
+                        rcmail.display_message(rcmail.get_label('desktopdisabled', 'newmail_notifier'), 'error');
                 });
         }
         else
             // Everything fails, means the browser has no support
-            rcmail.display_message(rcmail.gettext('desktopunsupported', 'newmail_notifier'), 'error');
+            rcmail.display_message(rcmail.get_label('desktopunsupported', 'newmail_notifier'), 'error');
     }
 }
 
@@ -172,7 +193,7 @@
 function newmail_notifier_desktop_authorize() {
         Notification.requestPermission(function(perm) {
                 if (perm == 'denied')
-                        rcmail.display_message(rcmail.gettext('desktopdisabled', 'newmail_notifier'), 'error');
+                        rcmail.display_message(rcmail.get_label('desktopdisabled', 'newmail_notifier'), 'error');
                 if (perm == 'granted')
                         newmail_notifier_test_desktop();  // Test again, which should show test message
         });

--
Gitblit v1.9.1