From e5d60d69d4108a0e62270548117773244ca1905e Mon Sep 17 00:00:00 2001 From: alecpl <alec@alec.pl> Date: Wed, 09 Dec 2009 03:18:47 -0500 Subject: [PATCH] - Use built-in json_encode() for proper JSON format in AJAX replies (and compat. with jQuery 1.4) --- program/include/rcube_template.php | 123 ++++++++++++++++++++++++---------------- 1 files changed, 74 insertions(+), 49 deletions(-) diff --git a/program/include/rcube_template.php b/program/include/rcube_template.php index c4db040..19f2d43 100755 --- a/program/include/rcube_template.php +++ b/program/include/rcube_template.php @@ -59,6 +59,7 @@ //$this->framed = $framed; $this->set_env('task', $task); + $this->set_env('request_token', $this->app->get_request_token()); // load the correct skin (in case user-defined) $this->set_skin($this->config['skin']); @@ -287,6 +288,11 @@ public function send($templ = null, $exit = true) { if ($templ != 'iframe') { + // prevent from endless loops + if ($exit != 'recur' && $this->app->plugins->is_processing('render_page')) { + raise_error(array('code' => 505, 'type' => 'php', 'message' => 'Recursion alert: ignoring output->send()'), true, false); + return; + } $this->parse($templ, false); } else { @@ -320,6 +326,10 @@ $js = $this->framed ? "if(window.parent) {\n" : ''; $js .= $this->get_js_commands() . ($this->framed ? ' }' : ''); $this->add_script($js, 'head_top'); + + // make sure all <form> tags have a valid request token + $template = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $template); + $this->footer = preg_replace_callback('/<form\s+([^>]+)>/Ui', array($this, 'alter_form_tag'), $this->footer); // call super method parent::write($template, $this->config['skin_path']); @@ -404,12 +414,12 @@ { $out = ''; if (!$this->framed && !empty($this->js_env)) { - $out .= JS_OBJECT_NAME . '.set_env('.json_serialize($this->js_env).");\n"; + $out .= JS_OBJECT_NAME . '.set_env('.json_encode($this->js_env).");\n"; } foreach ($this->js_commands as $i => $args) { $method = array_shift($args); foreach ($args as $i => $arg) { - $args[$i] = json_serialize($arg); + $args[$i] = json_encode($arg); } $parent = $this->framed || preg_match('/^parent\./', $method); $out .= sprintf( @@ -509,7 +519,24 @@ */ private function check_condition($condition) { - return eval("return (".$this->parse_expression($condition).");"); + return eval("return (".$this->parse_expression($condition).");"); + } + + + /** + * + */ + private function alter_form_tag($matches) + { + $out = $matches[0]; + $attrib = parse_attrib_string($matches[1]); + + if (strtolower($attrib['method']) == 'post') { + $hidden = new html_hiddenfield(array('name' => '_token', 'value' => $this->app->get_request_token())); + $out .= "\n" . $hidden->show(); + } + + return $out; } @@ -784,8 +811,8 @@ } // set title to alt attribute for IE browsers - if ($this->browser->ie && $attrib['title'] && !$attrib['alt']) { - $attrib['alt'] = $attrib['title']; + if ($this->browser->ie && !$attrib['title'] && $attrib['alt']) { + $attrib['title'] = $attrib['alt']; } // add empty alt attribute for XHTML compatibility @@ -813,9 +840,9 @@ else if (in_array($attrib['command'], $a_static_commands)) { $attrib['href'] = rcmail_url($attrib['command']); } - else if ($attrib['command'] == 'permaurl' && !empty($this->env['permaurl'])) { - $attrib['href'] = $this->env['permaurl']; - } + else if ($attrib['command'] == 'permaurl' && !empty($this->env['permaurl'])) { + $attrib['href'] = $this->env['permaurl']; + } } // overwrite attributes @@ -830,35 +857,6 @@ $attrib['prop'] ); } - if ($command && $attrib['imageover']) { - $attrib['onmouseover'] = sprintf( - "return %s.button_over('%s','%s')", - JS_OBJECT_NAME, - $command, - $attrib['id'] - ); - $attrib['onmouseout'] = sprintf( - "return %s.button_out('%s','%s')", - JS_OBJECT_NAME, - $command, - $attrib['id'] - ); - } - - if ($command && $attrib['imagesel']) { - $attrib['onmousedown'] = sprintf( - "return %s.button_sel('%s','%s')", - JS_OBJECT_NAME, - $command, - $attrib['id'] - ); - $attrib['onmouseup'] = sprintf( - "return %s.button_out('%s','%s')", - JS_OBJECT_NAME, - $command, - $attrib['id'] - ); - } $out = ''; @@ -867,19 +865,18 @@ $attrib_str = html::attrib_string( $attrib, array( - 'style', 'class', 'id', 'width', - 'height', 'border', 'hspace', - 'vspace', 'align', 'alt', 'tabindex' + 'style', 'class', 'id', 'width', 'height', 'border', 'hspace', + 'vspace', 'align', 'alt', 'tabindex', 'title' ) ); $btn_content = sprintf('<img src="%s"%s />', $this->abs_url($attrib['image']), $attrib_str); if ($attrib['label']) { $btn_content .= ' '.$attrib['label']; } - $link_attrib = array('href', 'onclick', 'onmouseover', 'onmouseout', 'onmousedown', 'onmouseup', 'title', 'target'); + $link_attrib = array('href', 'onclick', 'onmouseover', 'onmouseout', 'onmousedown', 'onmouseup', 'target'); } else if ($attrib['type']=='link') { - $btn_content = $attrib['label'] ? $attrib['label'] : $attrib['command']; + $btn_content = isset($attrib['content']) ? $attrib['content'] : ($attrib['label'] ? $attrib['label'] : $attrib['command']); $link_attrib = array('href', 'onclick', 'title', 'id', 'class', 'style', 'tabindex', 'target'); } else if ($attrib['type']=='input') { @@ -892,8 +889,7 @@ $attrib_str = html::attrib_string( $attrib, array( - 'type', 'value', 'onclick', - 'id', 'class', 'style', 'tabindex' + 'type', 'value', 'onclick', 'id', 'class', 'style', 'tabindex' ) ); $out = sprintf('<input%s disabled="disabled" />', $attrib_str); @@ -920,7 +916,7 @@ */ public function form_tag($attrib, $content = null) { - if ($this->framed) { + if ($this->framed || !empty($_REQUEST['_framed'])) { $hiddenfield = new html_hiddenfield(array('name' => '_framed', 'value' => '1')); $hidden = $hiddenfield->show(); } @@ -930,7 +926,36 @@ return html::tag('form', $attrib + array('action' => "./", 'method' => "get"), - $hidden . $content); + $hidden . $content, + array('id','class','style','name','method','action','enctype','onsubmit')); + } + + + /** + * Build a form tag with a unique request token + * + * @param array Named tag parameters including 'action' and 'task' values which will be put into hidden fields + * @param string Form content + * @return string HTML code for the form + */ + public function request_form($attrib, $content = '') + { + $hidden = new html_hiddenfield(); + if ($attrib['task']) { + $hidden->add(array('name' => '_task', 'value' => $attrib['task'])); + } + if ($attrib['action']) { + $hidden->add(array('name' => '_action', 'value' => $attrib['action'])); + } + + unset($attrib['task'], $attrib['request']); + $attrib['action'] = './'; + + // we already have a <form> tag + if ($attrib['form']) + return $hidden->show() . $content; + else + return $this->form_tag($attrib, $hidden->show() . $content); } @@ -980,8 +1005,8 @@ if (empty($url) && !preg_match('/_(task|action)=logout/', $_SERVER['QUERY_STRING'])) $url = $_SERVER['QUERY_STRING']; - $input_user = new html_inputfield(array('name' => '_user', 'id' => 'rcmloginuser', 'size' => 30) + $attrib); - $input_pass = new html_passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd', 'size' => 30) + $attrib); + $input_user = new html_inputfield(array('name' => '_user', 'id' => 'rcmloginuser') + $attrib); + $input_pass = new html_passwordfield(array('name' => '_pass', 'id' => 'rcmloginpwd') + $attrib); $input_action = new html_hiddenfield(array('name' => '_action', 'value' => 'login')); $input_tzone = new html_hiddenfield(array('name' => '_timezone', 'id' => 'rcmlogintz', 'value' => '_default_')); $input_url = new html_hiddenfield(array('name' => '_url', 'id' => 'rcmloginurl', 'value' => $url)); @@ -1001,7 +1026,7 @@ } } else if (empty($default_host)) { - $input_host = new html_inputfield(array('name' => '_host', 'id' => 'rcmloginhost', 'size' => 30)); + $input_host = new html_inputfield(array('name' => '_host', 'id' => 'rcmloginhost') + $attrib); } $form_name = !empty($attrib['form']) ? $attrib['form'] : 'form'; -- Gitblit v1.9.1