From 2965a981b7ec22866fbdf2d567d87e2d068d3617 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Fri, 31 Jul 2015 16:04:08 -0400
Subject: [PATCH] Allow to search and import missing PGP pubkeys from keyservers using Publickey.js
---
program/include/rcmail_output_html.php | 662 ++++++++++++++++++++++++++++++++++++++----------------
1 files changed, 460 insertions(+), 202 deletions(-)
diff --git a/program/include/rcmail_output_html.php b/program/include/rcmail_output_html.php
index 05904e5..365c403 100644
--- a/program/include/rcmail_output_html.php
+++ b/program/include/rcmail_output_html.php
@@ -5,7 +5,7 @@
| program/include/rcmail_output_html.php |
| |
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2006-2012, The Roundcube Dev Team |
+ | Copyright (C) 2006-2014, The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
@@ -23,28 +23,31 @@
/**
* Class to create HTML page output using a skin template
*
- * @package Core
+ * @package Webmail
* @subpackage View
*/
class rcmail_output_html extends rcmail_output
{
public $type = 'html';
- protected $message = null;
- protected $js_env = array();
- protected $js_labels = array();
- protected $js_commands = array();
- protected $skin_paths = array();
+ protected $message;
protected $template_name;
+ protected $js_env = array();
+ protected $js_labels = array();
+ protected $js_commands = array();
+ protected $skin_paths = array();
protected $scripts_path = '';
protected $script_files = array();
- protected $css_files = array();
- protected $scripts = array();
+ protected $css_files = array();
+ protected $scripts = array();
protected $default_template = "<html>\n<head><title></title></head>\n<body></body>\n</html>";
protected $header = '';
protected $footer = '';
protected $body = '';
protected $base_path = '';
+ protected $assets_path;
+ protected $assets_dir = RCUBE_INSTALL_PATH;
+ protected $devel_mode = false;
// deprecated names of templates used before 0.5
protected $deprecated_templates = array(
@@ -57,31 +60,57 @@
/**
* Constructor
- *
- * @todo Replace $this->config with the real rcube_config object
*/
public function __construct($task = null, $framed = false)
{
parent::__construct();
- //$this->framed = $framed;
+ $this->devel_mode = $this->config->get('devel_mode');
+
$this->set_env('task', $task);
$this->set_env('x_frame_options', $this->config->get('x_frame_options', 'sameorigin'));
+ $this->set_env('standard_windows', (bool) $this->config->get('standard_windows'));
+ $this->set_env('locale', $_SESSION['language']);
// add cookie info
$this->set_env('cookie_domain', ini_get('session.cookie_domain'));
$this->set_env('cookie_path', ini_get('session.cookie_path'));
- $this->set_env('cookie_secure', ini_get('session.cookie_secure'));
+ $this->set_env('cookie_secure', filter_var(ini_get('session.cookie_secure'), FILTER_VALIDATE_BOOLEAN));
// load the correct skin (in case user-defined)
$skin = $this->config->get('skin');
$this->set_skin($skin);
$this->set_env('skin', $skin);
- if (!empty($_REQUEST['_extwin']))
- $this->set_env('extwin', 1);
+ $this->set_assets_path($this->config->get('assets_path'), $this->config->get('assets_dir'));
+ if (!empty($_REQUEST['_extwin']))
+ $this->set_env('extwin', 1);
+ if ($this->framed || $framed)
+ $this->set_env('framed', 1);
+
+ $lic = <<<EOF
+/*
+ @licstart The following is the entire license notice for the
+ JavaScript code in this page.
+
+ Copyright (C) 2005-2014 The Roundcube Dev Team
+
+ The JavaScript code in this page is free software: you can redistribute
+ it and/or modify it under the terms of the GNU General Public License
+ as published by the Free Software Foundation, either version 3 of
+ the License, or (at your option) any later version.
+
+ The code is distributed WITHOUT ANY WARRANTY; without even the implied
+ warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ See the GNU GPL for more details.
+
+ @licend The above is the entire license notice
+ for the JavaScript code in this page.
+*/
+EOF;
// add common javascripts
+ $this->add_script($lic, 'head_top');
$this->add_script('var '.self::JS_OBJECT_NAME.' = new rcube_webmail();', 'head_top');
// don't wait for page onload. Call init at the bottom of the page (delayed)
@@ -103,7 +132,6 @@
));
}
-
/**
* Set environment variable
*
@@ -114,11 +142,60 @@
public function set_env($name, $value, $addtojs = true)
{
$this->env[$name] = $value;
+
if ($addtojs || isset($this->js_env[$name])) {
$this->js_env[$name] = $value;
}
}
+ /**
+ * Parse and set assets path
+ *
+ * @param string Assets path (relative or absolute URL)
+ */
+ public function set_assets_path($path, $fs_dir = null)
+ {
+ if (empty($path)) {
+ return;
+ }
+
+ $path = rtrim($path, '/') . '/';
+
+ // handle relative assets path
+ if (!preg_match('|^https?://|', $path) && $path[0] != '/') {
+ // save the path to search for asset files later
+ $this->assets_dir = $path;
+
+ $base = preg_replace('/[?#&].*$/', '', $_SERVER['REQUEST_URI']);
+ $base = rtrim($base, '/');
+
+ // remove url token if exists
+ if ($len = intval($this->config->get('use_secure_urls'))) {
+ $_base = explode('/', $base);
+ $last = count($_base) - 1;
+ $length = $len > 1 ? $len : 16; // as in rcube::get_secure_url_token()
+
+ // we can't use real token here because it
+ // does not exists in unauthenticated state,
+ // hope this will not produce false-positive matches
+ if ($last > -1 && preg_match('/^[a-f0-9]{' . $length . '}$/', $_base[$last])) {
+ $path = '../' . $path;
+ }
+ }
+ }
+
+ // set filesystem path for assets
+ if ($fs_dir) {
+ if ($fs_dir[0] != '/') {
+ $fs_dir = realpath(RCUBE_INSTALL_PATH . $fs_dir);
+ }
+ // ensure the path ends with a slash
+ $this->assets_dir = rtrim($fs_dir, '/') . '/';
+ }
+
+ $this->assets_path = $path;
+ $this->set_env('assets_path', $path);
+ }
/**
* Getter for the current page title
@@ -143,17 +220,17 @@
return $title;
}
-
/**
* Set skin
*/
public function set_skin($skin)
{
$valid = false;
+ $path = RCUBE_INSTALL_PATH . 'skins/';
- if (!empty($skin) && is_dir('skins/'.$skin) && is_readable('skins/'.$skin)) {
- $skin_path = 'skins/'.$skin;
- $valid = true;
+ if (!empty($skin) && is_dir($path . $skin) && is_readable($path . $skin)) {
+ $skin_path = 'skins/' . $skin;
+ $valid = true;
}
else {
$skin_path = $this->config->get('skin_path');
@@ -162,6 +239,8 @@
}
$valid = !$skin;
}
+
+ $skin_path = rtrim($skin_path, '/');
$this->config->set('skin_path', $skin_path);
$this->base_path = $skin_path;
@@ -181,12 +260,23 @@
$this->skin_paths[] = $skin_path;
// read meta file and check for dependecies
- $meta = @json_decode(@file_get_contents($skin_path.'/meta.json'), true);
- if ($meta['extends'] && is_dir('skins/' . $meta['extends'])) {
- $this->load_skin('skins/' . $meta['extends']);
+ $meta = @file_get_contents(RCUBE_INSTALL_PATH . $skin_path . '/meta.json');
+ $meta = @json_decode($meta, true);
+
+ $meta['path'] = $skin_path;
+ $skin_id = end(explode('/', $skin_path));
+ if (!$meta['name']) {
+ $meta['name'] = $skin_id;
+ }
+ $this->skins[$skin_id] = $meta;
+
+ if ($meta['extends']) {
+ $path = RCUBE_INSTALL_PATH . 'skins/';
+ if (is_dir($path . $meta['extends']) && is_readable($path . $meta['extends'])) {
+ $this->load_skin('skins/' . $meta['extends']);
+ }
}
}
-
/**
* Check if a specific template exists
@@ -196,16 +286,17 @@
*/
public function template_exists($name)
{
- $found = false;
foreach ($this->skin_paths as $skin_path) {
- $filename = $skin_path . '/templates/' . $name . '.html';
- $found = (is_file($filename) && is_readable($filename)) || ($this->deprecated_templates[$name] && $this->template_exists($this->deprecated_templates[$name]));
- if ($found)
- break;
+ $filename = RCUBE_INSTALL_PATH . $skin_path . '/templates/' . $name . '.html';
+ if ((is_file($filename) && is_readable($filename))
+ || ($this->deprecated_templates[$name] && $this->template_exists($this->deprecated_templates[$name]))
+ ) {
+ return true;
+ }
}
- return $found;
- }
+ return false;
+ }
/**
* Find the given file in the current skin path stack
@@ -213,24 +304,34 @@
* @param string File name/path to resolve (starting with /)
* @param string Reference to the base path of the matching skin
* @param string Additional path to search in
+ *
* @return mixed Relative path to the requested file or False if not found
*/
public function get_skin_file($file, &$skin_path = null, $add_path = null)
{
$skin_paths = $this->skin_paths;
- if ($add_path)
+ if ($add_path) {
array_unshift($skin_paths, $add_path);
+ }
foreach ($skin_paths as $skin_path) {
- $path = realpath($skin_path . $file);
- if (is_file($path)) {
+ $path = realpath(RCUBE_INSTALL_PATH . $skin_path . $file);
+
+ if ($path && is_file($path)) {
return $skin_path . $file;
+ }
+
+ if ($this->assets_dir != RCUBE_INSTALL_PATH) {
+ $path = realpath($this->assets_dir . $skin_path . $file);
+
+ if ($path && is_file($path)) {
+ return $skin_path . $file;
+ }
}
}
return false;
}
-
/**
* Register a GUI object to the client script
@@ -244,7 +345,6 @@
$this->add_script(self::JS_OBJECT_NAME.".gui_object('$obj', '$id');");
}
-
/**
* Call a client method
*
@@ -255,11 +355,10 @@
{
$cmd = func_get_args();
if (strpos($cmd[0], 'plugin.') !== false)
- $this->js_commands[] = array('triggerEvent', $cmd[0], $cmd[1]);
+ $this->js_commands[] = array('triggerEvent', $cmd[0], $cmd[1]);
else
- $this->js_commands[] = $cmd;
+ $this->js_commands[] = $cmd;
}
-
/**
* Add a localized label to the client environment
@@ -268,13 +367,12 @@
{
$args = func_get_args();
if (count($args) == 1 && is_array($args[0]))
- $args = $args[0];
+ $args = $args[0];
foreach ($args as $name) {
$this->js_labels[$name] = $this->app->gettext($name);
}
}
-
/**
* Invoke display_message command
@@ -302,39 +400,50 @@
}
}
-
/**
* Delete all stored env variables and commands
+ *
+ * @param bool $all Reset all env variables (including internal)
*/
- public function reset()
+ public function reset($all = false)
{
+ $framed = $this->framed;
+ $env = $all ? null : array_intersect_key($this->env, array('extwin'=>1, 'framed'=>1));
+
parent::reset();
- $this->js_env = array();
- $this->js_labels = array();
- $this->js_commands = array();
+
+ // let some env variables survive
+ $this->env = $this->js_env = $env;
+ $this->framed = $framed || $this->env['framed'];
+ $this->js_labels = array();
+ $this->js_commands = array();
$this->script_files = array();
$this->scripts = array();
$this->header = '';
$this->footer = '';
$this->body = '';
- }
+ // load defaults
+ if (!$all) {
+ $this->__construct();
+ }
+ }
/**
* Redirect to a certain url
*
- * @param mixed $p Either a string with the action or url parameters as key-value pairs
- * @param int $delay Delay in seconds
+ * @param mixed $p Either a string with the action or url parameters as key-value pairs
+ * @param int $delay Delay in seconds
+ * @param bool $secure Redirect to secure location (see rcmail::url())
*/
- public function redirect($p = array(), $delay = 1)
+ public function redirect($p = array(), $delay = 1, $secure = false)
{
if ($this->env['extwin'])
$p['extwin'] = 1;
- $location = $this->app->url($p);
+ $location = $this->app->url($p, false, false, $secure);
header('Location: ' . $location);
exit;
}
-
/**
* Send the request output to the client.
@@ -356,7 +465,7 @@
$this->parse($templ, false);
}
else {
- $this->framed = $templ == 'iframe' ? true : $this->framed;
+ $this->framed = true;
$this->write();
}
@@ -369,7 +478,6 @@
}
}
-
/**
* Process template and write to stdOut
*
@@ -377,32 +485,33 @@
*/
public function write($template = '')
{
- // unlock interface after iframe load
- $unlock = preg_replace('/[^a-z0-9]/i', '', $_REQUEST['_unlock']);
- if ($this->framed) {
- array_unshift($this->js_commands, array('set_busy', false, null, $unlock));
- }
- else if ($unlock) {
- array_unshift($this->js_commands, array('hide_message', $unlock));
+ if (!empty($this->script_files)) {
+ $this->set_env('request_token', $this->app->get_request_token());
}
- if (!empty($this->script_files))
- $this->set_env('request_token', $this->app->get_request_token());
+ $commands = $this->get_js_commands($framed);
- // write all env variables to client
- $js = $this->framed ? "if(window.parent) {\n" : '';
- $js .= $this->get_js_commands() . ($this->framed ? ' }' : '');
- $this->add_script($js, 'head_top');
+ // if all js commands go to parent window we can ignore all
+ // script files and skip rcube_webmail initialization (#1489792)
+ if ($framed) {
+ $this->scripts = array();
+ $this->script_files = array();
+ $this->header = '';
+ $this->footer = '';
+ }
+
+ // write all javascript commands
+ $this->add_script($commands, 'head_top');
// send clickjacking protection headers
- $iframe = $this->framed || !empty($_REQUEST['_framed']);
- if (!headers_sent() && ($xframe = $this->app->config->get('x_frame_options', 'sameorigin')))
+ $iframe = $this->framed || $this->env['framed'];
+ if (!headers_sent() && ($xframe = $this->app->config->get('x_frame_options', 'sameorigin'))) {
header('X-Frame-Options: ' . ($iframe && $xframe == 'deny' ? 'sameorigin' : $xframe));
+ }
// call super method
$this->_write($template, $this->config->get('skin_path'));
}
-
/**
* Parse a specific skin template and deliver to stdout (or return)
@@ -415,18 +524,19 @@
*/
function parse($name = 'main', $exit = true, $write = true)
{
- $plugin = false;
- $realname = $name;
+ $plugin = false;
+ $realname = $name;
+ $plugin_skin_paths = array();
+
$this->template_name = $realname;
$temp = explode('.', $name, 2);
if (count($temp) > 1) {
- $plugin = $temp[0];
- $name = $temp[1];
- $skin_dir = $plugin . '/skins/' . $this->config->get('skin');
+ $plugin = $temp[0];
+ $name = $temp[1];
+ $skin_dir = $plugin . '/skins/' . $this->config->get('skin');
// apply skin search escalation list to plugin directory
- $plugin_skin_paths = array();
foreach ($this->skin_paths as $skin_path) {
$plugin_skin_paths[] = $this->app->plugins->url . $plugin . '/' . $skin_path;
}
@@ -437,18 +547,18 @@
$plugin_skin_paths[] = $this->app->plugins->url . $skin_dir;
}
- // add plugin skin paths to search list
+ // prepend plugin skin paths to search list
$this->skin_paths = array_merge($plugin_skin_paths, $this->skin_paths);
}
// find skin template
$path = false;
foreach ($this->skin_paths as $skin_path) {
- $path = "$skin_path/templates/$name.html";
+ $path = RCUBE_INSTALL_PATH . "$skin_path/templates/$name.html";
// fallback to deprecated template names
if (!is_readable($path) && $this->deprecated_templates[$realname]) {
- $path = "$skin_path/templates/" . $this->deprecated_templates[$realname] . ".html";
+ $path = RCUBE_INSTALL_PATH . "$skin_path/templates/" . $this->deprecated_templates[$realname] . ".html";
if (is_readable($path)) {
rcube::raise_error(array(
@@ -474,12 +584,14 @@
// read template file
if (!$path || ($templ = @file_get_contents($path)) === false) {
rcube::raise_error(array(
- 'code' => 501,
+ 'code' => 404,
'type' => 'php',
'line' => __LINE__,
'file' => __FILE__,
'message' => 'Error loading template for '.$realname
), true, $write);
+
+ $this->skin_paths = array_slice($this->skin_paths, count($plugin_skin_paths));
return false;
}
@@ -504,62 +616,83 @@
$output = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $output);
$this->footer = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $this->footer);
- if ($write) {
- // add debug console
- if ($realname != 'error' && ($this->config->get('debug_level') & 8)) {
- $this->add_footer('<div id="console" style="position:absolute;top:5px;left:5px;width:405px;padding:2px;background:white;z-index:9000;display:none">
- <a href="#toggle" onclick="con=$(\'#dbgconsole\');con[con.is(\':visible\')?\'hide\':\'show\']();return false">console</a>
- <textarea name="console" id="dbgconsole" rows="20" cols="40" style="display:none;width:400px;border:none;font-size:10px" spellcheck="false"></textarea></div>'
- );
- $this->add_script(
- "if (!window.console || !window.console.log) {\n".
- " window.console = new rcube_console();\n".
- " $('#console').show();\n".
- "}", 'foot');
- }
- $this->write(trim($output));
- }
- else {
+ // remove plugin skin paths from current context
+ $this->skin_paths = array_slice($this->skin_paths, count($plugin_skin_paths));
+
+ if (!$write) {
return $output;
}
+
+ $this->write(trim($output));
if ($exit) {
exit;
}
}
-
/**
* Return executable javascript code for all registered commands
*
* @return string $out
*/
- protected function get_js_commands()
+ protected function get_js_commands(&$framed = null)
{
- $out = '';
+ $out = '';
+ $parent_commands = 0;
+ $top_commands = array();
+
+ // these should be always on top,
+ // e.g. hide_message() below depends on env.framed
if (!$this->framed && !empty($this->js_env)) {
- $out .= self::JS_OBJECT_NAME . '.set_env('.self::json_serialize($this->js_env).");\n";
+ $top_commands[] = array('set_env', $this->js_env);
}
if (!empty($this->js_labels)) {
- $this->command('add_label', $this->js_labels);
+ $top_commands[] = array('add_label', $this->js_labels);
}
- foreach ($this->js_commands as $i => $args) {
+
+ // unlock interface after iframe load
+ $unlock = preg_replace('/[^a-z0-9]/i', '', $_REQUEST['_unlock']);
+ if ($this->framed) {
+ $top_commands[] = array('iframe_loaded', $unlock);
+ }
+ else if ($unlock) {
+ $top_commands[] = array('hide_message', $unlock);
+ }
+
+ $commands = array_merge($top_commands, $this->js_commands);
+
+ foreach ($commands as $i => $args) {
$method = array_shift($args);
+ $parent = $this->framed || preg_match('/^parent\./', $method);
+
foreach ($args as $i => $arg) {
$args[$i] = self::json_serialize($arg);
}
- $parent = $this->framed || preg_match('/^parent\./', $method);
- $out .= sprintf(
- "%s.%s(%s);\n",
- ($parent ? 'if(window.parent && parent.'.self::JS_OBJECT_NAME.') parent.' : '') . self::JS_OBJECT_NAME,
- preg_replace('/^parent\./', '', $method),
- implode(',', $args)
- );
+
+ if ($parent) {
+ $parent_commands++;
+ $method = preg_replace('/^parent\./', '', $method);
+ $parent_prefix = 'if (window.parent && parent.' . self::JS_OBJECT_NAME . ') parent.';
+ $method = $parent_prefix . self::JS_OBJECT_NAME . '.' . $method;
+ }
+ else {
+ $method = self::JS_OBJECT_NAME . '.' . $method;
+ }
+
+ $out .= sprintf("%s(%s);\n", $method, implode(',', $args));
+ }
+
+ $framed = $parent_prefix && $parent_commands == count($commands);
+
+ // make the output more compact if all commands go to parent window
+ if ($framed) {
+ $out = "if (window.parent && parent." . self::JS_OBJECT_NAME . ") {\n"
+ . str_replace($parent_prefix, "\tparent.", $out)
+ . "}\n";
}
return $out;
}
-
/**
* Make URLs starting with a slash point to skin directory
@@ -571,15 +704,15 @@
public function abs_url($str, $search_path = false)
{
if ($str[0] == '/') {
- if ($search_path && ($file_url = $this->get_skin_file($str, $skin_path)))
+ if ($search_path && ($file_url = $this->get_skin_file($str, $skin_path))) {
return $file_url;
+ }
return $this->base_path . $str;
}
- else
- return $str;
- }
+ return $str;
+ }
/**
* Show error page and terminate script execution
@@ -596,6 +729,21 @@
include RCUBE_INSTALL_PATH . 'program/steps/utils/error.inc';
exit;
+ }
+
+ /**
+ * Modify path by adding URL prefix if configured
+ */
+ public function asset_url($path)
+ {
+ // iframe content can't be in a different domain
+ // @TODO: check if assests are on a different domain
+
+ if (!$this->assets_path || in_array($path[0], array('?', '/', '.')) || strpos($path, '://')) {
+ return $path;
+ }
+
+ return $this->assets_path . $path;
}
@@ -615,7 +763,6 @@
array($this, 'globals_callback'), $input);
}
-
/**
* Callback funtion for preg_replace_callback() in parse_with_globals()
*/
@@ -623,7 +770,6 @@
{
return $GLOBALS[$matches[1]];
}
-
/**
* Correct absolute paths in images and other tags
@@ -636,16 +782,15 @@
array($this, 'file_callback'), $output);
}
-
/**
- * Callback function for preg_replace_callback in write()
+ * Callback function for preg_replace_callback in fix_paths()
*
* @return string Parsed string
*/
protected function file_callback($matches)
{
$file = $matches[3];
- $file[0] = preg_replace('!^/this/!', '/', $file[0]);
+ $file = preg_replace('!^/this/!', '/', $file);
// correct absolute paths
if ($file[0] == '/') {
@@ -653,22 +798,64 @@
}
// add file modification timestamp
- if (preg_match('/\.(js|css)$/', $file)) {
- if ($fs = @filemtime($file)) {
- $file .= '?s=' . $fs;
- }
+ if (preg_match('/\.(js|css)$/', $file, $m)) {
+ $file = $this->file_mod($file);
}
return $matches[1] . '=' . $matches[2] . $file . $matches[4];
}
+ /**
+ * Correct paths of asset files according to assets_path
+ */
+ protected function fix_assets_paths($output)
+ {
+ return preg_replace_callback(
+ '!(src|href|background)=(["\']?)([a-z0-9/_.?=-]+)(["\'\s>])!i',
+ array($this, 'assets_callback'), $output);
+ }
+
+ /**
+ * Callback function for preg_replace_callback in fix_assets_paths()
+ *
+ * @return string Parsed string
+ */
+ protected function assets_callback($matches)
+ {
+ $file = $this->asset_url($matches[3]);
+
+ return $matches[1] . '=' . $matches[2] . $file . $matches[4];
+ }
+
+ /**
+ * Modify file by adding mtime indicator
+ */
+ protected function file_mod($file)
+ {
+ $fs = false;
+ $ext = substr($file, strrpos($file, '.') + 1);
+
+ // use minified file if exists (not in development mode)
+ if (!$this->devel_mode && !preg_match('/\.min\.' . $ext . '$/', $file)) {
+ $minified_file = substr($file, 0, strlen($ext) * -1) . 'min.' . $ext;
+ if ($fs = @filemtime($this->assets_dir . $minified_file)) {
+ return $minified_file . '?s=' . $fs;
+ }
+ }
+
+ if ($fs = @filemtime($this->assets_dir . $file)) {
+ $file .= '?s=' . $fs;
+ }
+
+ return $file;
+ }
/**
* Public wrapper to dipp into template parsing.
*
* @param string $input
* @return string
- * @uses rcube_output_html::parse_xml()
+ * @uses rcmail_output_html::parse_xml()
* @since 0.1-rc1
*/
public function just_parse($input)
@@ -678,7 +865,6 @@
return $input;
}
-
/**
* Parse for conditional tags
@@ -717,20 +903,17 @@
return $input;
}
-
/**
* Determines if a given condition is met
*
- * @todo Get rid off eval() once I understand what this does.
* @todo Extend this to allow real conditions, not just "set"
* @param string Condition statement
* @return boolean True if condition is met, False if not
*/
protected function check_condition($condition)
{
- return eval("return (".$this->parse_expression($condition).");");
+ return $this->eval_expression($condition);
}
-
/**
* Inserts hidden field with CSRF-prevention-token into POST forms
@@ -748,16 +931,16 @@
return $out;
}
-
/**
- * Parses expression and replaces variables
+ * Parse & evaluate a given expression and return its result.
*
- * @param string Expression statement
- * @return string Expression value
+ * @param string Expression statement
+ *
+ * @return mixed Expression result
*/
- protected function parse_expression($expression)
+ protected function eval_expression ($expression)
{
- return preg_replace(
+ $expression = preg_replace(
array(
'/session:([a-z0-9_]+)/i',
'/config:([a-z0-9_]+)(:([a-z0-9_]+))?/i',
@@ -769,16 +952,30 @@
),
array(
"\$_SESSION['\\1']",
- "\$this->app->config->get('\\1',rcube_utils::get_boolean('\\3'))",
- "\$this->env['\\1']",
+ "\$app->config->get('\\1',rcube_utils::get_boolean('\\3'))",
+ "\$env['\\1']",
"rcube_utils::get_input_value('\\1', rcube_utils::INPUT_GPC)",
"\$_COOKIE['\\1']",
- "\$this->browser->{'\\1'}",
+ "\$browser->{'\\1'}",
$this->template_name,
),
- $expression);
- }
+ $expression
+ );
+ $fn = create_function('$app,$browser,$env', "return ($expression);");
+ if (!$fn) {
+ rcube::raise_error(array(
+ 'code' => 505,
+ 'type' => 'php',
+ 'file' => __FILE__,
+ 'line' => __LINE__,
+ 'message' => "Expression parse error on: ($expression)"), true, false);
+
+ return null;
+ }
+
+ return $fn($this->app, $this->browser, $this->env);
+ }
/**
* Search for special tags in input and replace them
@@ -793,7 +990,6 @@
{
return preg_replace_callback('/<roundcube:([-_a-z]+)\s+((?:[^>]|\\\\>)+)(?<!\\\\)>/Ui', array($this, 'xml_command'), $input);
}
-
/**
* Callback function for parsing an xml command tag
@@ -810,6 +1006,14 @@
// empty output if required condition is not met
if (!empty($attrib['condition']) && !$this->check_condition($attrib['condition'])) {
return '';
+ }
+
+ // localize title and summary attributes
+ if ($command != 'button' && !empty($attrib['title']) && $this->app->text_exists($attrib['title'])) {
+ $attrib['title'] = $this->app->gettext($attrib['title']);
+ }
+ if ($command != 'button' && !empty($attrib['summary']) && $this->app->text_exists($attrib['summary'])) {
+ $attrib['summary'] = $this->app->gettext($attrib['summary']);
}
// execute command
@@ -829,19 +1033,19 @@
// show a label
case 'label':
if ($attrib['expression'])
- $attrib['name'] = eval("return " . $this->parse_expression($attrib['expression']) .";");
+ $attrib['name'] = $this->eval_expression($attrib['expression']);
if ($attrib['name'] || $attrib['command']) {
- // @FIXME: 'noshow' is useless, remove?
- if ($attrib['noshow']) {
- return '';
- }
-
$vars = $attrib + array('product' => $this->config->get('product_name'));
unset($vars['name'], $vars['command']);
$label = $this->app->gettext($attrib + array('vars' => $vars));
$quoting = !empty($attrib['quoting']) ? strtolower($attrib['quoting']) : (rcube_utils::get_boolean((string)$attrib['html']) ? 'no' : '');
+
+ // 'noshow' can be used in skins to define new labels
+ if ($attrib['noshow']) {
+ return '';
+ }
switch ($quoting) {
case 'no':
@@ -863,9 +1067,10 @@
// include a file
case 'include':
$old_base_path = $this->base_path;
+ if (!empty($attrib['skin_path'])) $attrib['skinpath'] = $attrib['skin_path'];
if ($path = $this->get_skin_file($attrib['file'], $skin_path, $attrib['skinpath'])) {
$this->base_path = preg_replace('!plugins/\w+/!', '', $skin_path); // set base_path to core skin directory (not plugin's skin)
- $path = realpath($path);
+ $path = realpath(RCUBE_INSTALL_PATH . $path);
}
if (is_readable($path)) {
@@ -917,8 +1122,21 @@
}
else if ($object == 'logo') {
$attrib += array('alt' => $this->xml_command(array('', 'object', 'name="productname"')));
- if ($logo = $this->config->get('skin_logo'))
- $attrib['src'] = $logo;
+
+ if ($logo = $this->config->get('skin_logo')) {
+ if (is_array($logo)) {
+ if ($template_logo = $logo[$this->template_name]) {
+ $attrib['src'] = $template_logo;
+ }
+ elseif ($template_logo = $logo['*']) {
+ $attrib['src'] = $template_logo;
+ }
+ }
+ else {
+ $attrib['src'] = $logo;
+ }
+ }
+
$content = html::img($attrib);
}
else if ($object == 'productname') {
@@ -944,7 +1162,7 @@
$content = html::quote($this->get_pagetitle());
}
else if ($object == 'pagetitle') {
- if ($this->config->get('devel_mode') && !empty($_SESSION['username']))
+ if ($this->devel_mode && !empty($_SESSION['username']))
$title = $_SESSION['username'].' :: ';
else if ($prod_name = $this->config->get('product_name'))
$title = $prod_name . ' :: ';
@@ -960,8 +1178,7 @@
// return code for a specified eval expression
case 'exp':
- $value = $this->parse_expression($attrib['expression']);
- return eval("return html::quote($value);");
+ return html::quote($this->eval_expression($attrib['expression']));
// return variable
case 'var':
@@ -998,11 +1215,12 @@
}
return html::quote($value);
- break;
+
+ case 'form':
+ return $this->form_tag($attrib);
}
return '';
}
-
/**
* Include a specific file and return it's contents
@@ -1020,7 +1238,6 @@
return $out;
}
-
/**
* Create and register a button
*
@@ -1031,18 +1248,24 @@
*/
public function button($attrib)
{
- static $s_button_count = 100;
+ static $s_button_count = 100;
+ static $disabled_actions = null;
// these commands can be called directly via url
$a_static_commands = array('compose', 'list', 'preferences', 'folders', 'identities');
- if (!($attrib['command'] || $attrib['name'])) {
+ if (!($attrib['command'] || $attrib['name'] || $attrib['href'])) {
return '';
}
+
// try to find out the button type
if ($attrib['type']) {
$attrib['type'] = strtolower($attrib['type']);
+ if ($pos = strpos($attrib['type'], '-menuitem')) {
+ $attrib['type'] = substr($attrib['type'], 0, -9);
+ $menuitem = true;
+ }
}
else {
$attrib['type'] = ($attrib['image'] || $attrib['imagepas'] || $attrib['imageact']) ? 'image' : 'link';
@@ -1050,8 +1273,21 @@
$command = $attrib['command'];
- if ($attrib['task'])
- $command = $attrib['task'] . '.' . $command;
+ if ($attrib['task']) {
+ $element = $command = $attrib['task'] . '.' . $command;
+ }
+ else {
+ $element = ($this->env['task'] ? $this->env['task'] . '.' : '') . $command;
+ }
+
+ if ($disabled_actions === null) {
+ $disabled_actions = (array) $this->config->get('disabled_actions');
+ }
+
+ // remove buttons for disabled actions
+ if (in_array($element, $disabled_actions)) {
+ return '';
+ }
if (!$attrib['image']) {
$attrib['image'] = $attrib['imagepas'] ? $attrib['imagepas'] : $attrib['imageact'];
@@ -1069,6 +1305,17 @@
}
if ($attrib['alt']) {
$attrib['alt'] = html::quote($this->app->gettext($attrib['alt'], $attrib['domain']));
+ }
+
+ // set accessibility attributes
+ if (!$attrib['role']) {
+ $attrib['role'] = 'button';
+ }
+ if (!empty($attrib['class']) && !empty($attrib['classact']) || !empty($attrib['imagepas']) && !empty($attrib['imageact'])) {
+ if (array_key_exists('tabindex', $attrib))
+ $attrib['data-tabindex'] = $attrib['tabindex'];
+ $attrib['tabindex'] = '-1'; // disable button by default
+ $attrib['aria-disabled'] = 'true';
}
// set title to alt attribute for IE browsers
@@ -1146,7 +1393,7 @@
}
else if ($attrib['type'] == 'link') {
$btn_content = isset($attrib['content']) ? $attrib['content'] : ($attrib['label'] ? $attrib['label'] : $attrib['command']);
- $link_attrib = array('href', 'onclick', 'title', 'id', 'class', 'style', 'tabindex', 'target');
+ $link_attrib = array_merge(html::$common_attrib, array('href', 'onclick', 'tabindex', 'target'));
if ($attrib['innerclass'])
$btn_content = html::span($attrib['innerclass'], $btn_content);
}
@@ -1169,9 +1416,17 @@
$out = sprintf('<a%s>%s</a>', $attrib_str, $btn_content);
}
+ if ($attrib['wrapper']) {
+ $out = html::tag($attrib['wrapper'], null, $out);
+ }
+
+ if ($menuitem) {
+ $class = $attrib['menuitem-class'] ? ' class="' . $attrib['menuitem-class'] . '"' : '';
+ $out = '<li role="menuitem"' . $class . '>' . $out . '</li>';
+ }
+
return $out;
}
-
/**
* Link an external script file
@@ -1181,28 +1436,18 @@
*/
public function include_script($file, $position='head')
{
- static $sa_files = array();
-
if (!preg_match('|^https?://|i', $file) && $file[0] != '/') {
- $file = $this->scripts_path . $file;
- if ($fs = @filemtime($file)) {
- $file .= '?s=' . $fs;
- }
+ $file = $this->file_mod($this->scripts_path . $file);
}
-
- if (in_array($file, $sa_files)) {
- return;
- }
-
- $sa_files[] = $file;
if (!is_array($this->script_files[$position])) {
$this->script_files[$position] = array();
}
- $this->script_files[$position][] = $file;
+ if (!in_array($file, $this->script_files[$position])) {
+ $this->script_files[$position][] = $file;
+ }
}
-
/**
* Add inline javascript code
@@ -1220,7 +1465,6 @@
}
}
-
/**
* Link an external css file
*
@@ -1231,7 +1475,6 @@
$this->css_files[] = $file;
}
-
/**
* Add HTML code to the page header
*
@@ -1241,7 +1484,6 @@
{
$this->header .= "\n" . $str;
}
-
/**
* Add HTML code to the page footer
@@ -1254,7 +1496,6 @@
$this->footer .= "\n" . $str;
}
-
/**
* Process template and write to stdOut
*
@@ -1263,11 +1504,25 @@
*/
public function _write($templ = '', $base_path = '')
{
- $output = empty($templ) ? $this->default_template : trim($templ);
+ $output = trim($templ);
+
+ if (empty($output)) {
+ $output = html::doctype('html5') . "\n" . $this->default_template;
+ $is_empty = true;
+ }
// set default page title
if (empty($this->pagetitle)) {
$this->pagetitle = 'Roundcube Mail';
+ }
+
+ // declare page language
+ if (!empty($_SESSION['language'])) {
+ $lang = substr($_SESSION['language'], 0, 2);
+ $output = preg_replace('/<html/', '<html lang="' . html::quote($lang) . '"', $output, 1);
+ if (!headers_sent()) {
+ header('Content-Language: ' . $lang);
+ }
}
// replace specialchars in content
@@ -1354,8 +1609,8 @@
}
// add css files in head, before scripts, for speed up with parallel downloads
- if (!empty($this->css_files) &&
- (($pos = stripos($output, '<script ')) || ($pos = stripos($output, '</head>')))
+ if (!empty($this->css_files) && !$is_empty
+ && (($pos = stripos($output, '<script ')) || ($pos = stripos($output, '</head>')))
) {
$css = '';
foreach ($this->css_files as $file) {
@@ -1366,6 +1621,10 @@
}
$output = $this->parse_with_globals($this->fix_paths($output));
+
+ if ($this->assets_path) {
+ $output = $this->fix_assets_paths($output);
+ }
// trigger hook with final HTML content to be sent
$hook = $this->app->plugins->exec_hook("send_page", array('content' => $output));
@@ -1378,7 +1637,6 @@
}
}
}
-
/**
* Returns iframe object, registers some related env variables
@@ -1396,12 +1654,12 @@
}
$attrib['name'] = $attrib['id'];
- $attrib['src'] = $attrib['src'] ? $this->abs_url($attrib['src'], true) : 'program/resources/blank.gif';
+ $attrib['src'] = $attrib['src'] ? $this->abs_url($attrib['src'], true) : 'program/resources/blank.gif';
// register as 'contentframe' object
if ($is_contentframe || $attrib['contentframe']) {
$this->set_env('contentframe', $attrib['contentframe'] ? $attrib['contentframe'] : $attrib['name']);
- $this->set_env('blankpage', $attrib['src']);
+ $this->set_env('blankpage', $this->asset_url($attrib['src']));
}
return html::iframe($attrib);
@@ -1409,7 +1667,6 @@
/* ************* common functions delivering gui objects ************** */
-
/**
* Create a form tag with the necessary hidden fields
@@ -1419,7 +1676,7 @@
*/
public function form_tag($attrib, $content = null)
{
- if ($this->framed || !empty($_REQUEST['_framed'])) {
+ if ($this->framed || $this->env['framed']) {
$hiddenfield = new html_hiddenfield(array('name' => '_framed', 'value' => '1'));
$hidden = $hiddenfield->show();
}
@@ -1432,11 +1689,10 @@
$attrib['noclose'] = true;
return html::tag('form',
- $attrib + array('action' => "./", 'method' => "get"),
+ $attrib + array('action' => $this->app->comm_path, 'method' => "get"),
$hidden . $content,
array('id','class','style','name','method','action','enctype','onsubmit'));
}
-
/**
* Build a form tag with a unique request token
@@ -1460,14 +1716,13 @@
// we already have a <form> tag
if ($attrib['form']) {
- if ($this->framed || !empty($_REQUEST['_framed']))
+ if ($this->framed || $this->env['framed'])
$hidden->add(array('name' => '_framed', 'value' => '1'));
return $hidden->show() . $content;
}
else
return $this->form_tag($attrib, $hidden->show() . $content);
}
-
/**
* GUI object 'username'
@@ -1500,7 +1755,6 @@
return rcube_utils::idn_to_utf8($username);
}
-
/**
* GUI object 'loginform'
* Returns code for the webmail login form
@@ -1532,9 +1786,9 @@
$input_action = new html_hiddenfield(array('name' => '_action', 'value' => 'login'));
$input_tzone = new html_hiddenfield(array('name' => '_timezone', 'id' => 'rcmlogintz', 'value' => '_default_'));
$input_url = new html_hiddenfield(array('name' => '_url', 'id' => 'rcmloginurl', 'value' => $url));
- $input_user = new html_inputfield(array('name' => '_user', 'id' => 'rcmloginuser')
+ $input_user = new html_inputfield(array('name' => '_user', 'id' => 'rcmloginuser', 'required' => 'required')
+ $attrib + $user_attrib);
- $input_pass = new html_passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd')
+ $input_pass = new html_passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd', 'required' => 'required')
+ $attrib + $pass_attrib);
$input_host = null;
@@ -1589,6 +1843,12 @@
$out .= $input_host->show();
}
+ if (rcube_utils::get_boolean($attrib['submit'])) {
+ $submit = new html_inputfield(array('type' => 'submit', 'id' => 'rcmloginsubmit',
+ 'class' => 'button mainaction', 'value' => $this->app->gettext('login')));
+ $out .= html::p('formbuttons', $submit->show());
+ }
+
// surround html output with a form tag
if (empty($attrib['form'])) {
$out = $this->form_tag(array('name' => $form_name, 'method' => 'post'), $out);
@@ -1599,7 +1859,6 @@
return $out;
}
-
/**
* GUI object 'preloader'
@@ -1612,9 +1871,11 @@
{
$images = preg_split('/[\s\t\n,]+/', $attrib['images'], -1, PREG_SPLIT_NO_EMPTY);
$images = array_map(array($this, 'abs_url'), $images);
+ $images = array_map(array($this, 'asset_url'), $images);
- if (empty($images) || $this->app->task == 'logout')
+ if (empty($images) || $_REQUEST['_task'] == 'logout') {
return;
+ }
$this->add_script('var images = ' . self::json_serialize($images) .';
for (var i=0; i<images.length; i++) {
@@ -1622,7 +1883,6 @@
img.src = images[i];
}', 'docready');
}
-
/**
* GUI object 'searchform'
@@ -1653,15 +1913,14 @@
// add form tag around text field
if (empty($attrib['form'])) {
$out = $this->form_tag(array(
- 'name' => "rcmqsearchform",
+ 'name' => "rcmqsearchform",
'onsubmit' => self::JS_OBJECT_NAME . ".command('search'); return false",
- 'style' => "display:inline"),
+ 'style' => "display:inline"),
$out);
}
return $out;
}
-
/**
* Builder for GUI object 'message'
@@ -1679,7 +1938,6 @@
return html::div($attrib, '');
}
-
/**
* GUI object 'charsetselector'
--
Gitblit v1.9.1