From 037af6890fe6fdb84a08d3c86083e847c90ec0ad Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 Oct 2013 08:17:26 -0400
Subject: [PATCH] Fix vulnerability in handling _session argument of utils/save-prefs (#1489382)
---
program/steps/addressbook/func.inc | 618 ++++++++++++++++++++++++++++++++++++++++---------------
1 files changed, 443 insertions(+), 175 deletions(-)
diff --git a/program/steps/addressbook/func.inc b/program/steps/addressbook/func.inc
index 7597fa7..5326e2b 100644
--- a/program/steps/addressbook/func.inc
+++ b/program/steps/addressbook/func.inc
@@ -5,8 +5,11 @@
| program/steps/addressbook/func.inc |
| |
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2005-2007, The Roundcube Dev Team |
- | Licensed under the GNU GPL |
+ | Copyright (C) 2005-2012, The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
| |
| PURPOSE: |
| Provide addressbook functionality and GUI objects |
@@ -14,96 +17,162 @@
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
-
- $Id$
-
*/
-// add list of address sources to client env
-$js_list = $RCMAIL->get_address_sources();
-
-// select source
-$source = get_input_value('_source', RCUBE_INPUT_GPC);
-
-// if source is not set use first directory
-if (empty($source))
- $source = $js_list[key($js_list)]['id'];
-
-// instantiate a contacts object according to the given source
-$CONTACTS = $RCMAIL->get_address_book($source);
-
-$CONTACTS->set_pagesize($CONFIG['pagesize']);
-
-// set list properties and session vars
-if (!empty($_GET['_page']))
- $CONTACTS->set_page(($_SESSION['page'] = intval($_GET['_page'])));
-else
- $CONTACTS->set_page(isset($_SESSION['page']) ?$_SESSION['page'] : 1);
-
-if (!empty($_REQUEST['_gid']))
- $CONTACTS->set_group(get_input_value('_gid', RCUBE_INPUT_GPC));
-
-// set message set for search result
-if (!empty($_REQUEST['_search']) && isset($_SESSION['search'][$_REQUEST['_search']]))
- $CONTACTS->set_search_set($_SESSION['search'][$_REQUEST['_search']]);
-
-// set data source env
-$OUTPUT->set_env('source', $source ? $source : '0');
-$OUTPUT->set_env('readonly', $CONTACTS->readonly, false);
-if (!$OUTPUT->ajax_call) {
- $OUTPUT->set_env('address_sources', $js_list);
- $OUTPUT->set_pagetitle(rcube_label('addressbook'));
-}
-
+$SEARCH_MODS_DEFAULT = array('name'=>1, 'firstname'=>1, 'surname'=>1, 'email'=>1, '*'=>1);
// general definition of contact coltypes
$CONTACT_COLTYPES = array(
- 'name' => array('type' => 'text', 'size' => 40, 'limit' => 1, 'label' => rcube_label('name')),
- 'firstname' => array('type' => 'text', 'size' => 19, 'limit' => 1, 'label' => rcube_label('firstname')),
- 'surname' => array('type' => 'text', 'size' => 19, 'limit' => 1, 'label' => rcube_label('surname')),
- 'middlename' => array('type' => 'text', 'size' => 19, 'limit' => 1, 'label' => rcube_label('middlename')),
- 'prefix' => array('type' => 'text', 'size' => 8, 'limit' => 1, 'label' => rcube_label('nameprefix')),
- 'suffix' => array('type' => 'text', 'size' => 8, 'limit' => 1, 'label' => rcube_label('namesuffix')),
- 'nickname' => array('type' => 'text', 'size' => 40, 'limit' => 1, 'label' => rcube_label('nickname')),
- 'jobtitle' => array('type' => 'text', 'size' => 40, 'limit' => 1, 'label' => rcube_label('jobtitle')),
- 'organization' => array('type' => 'text', 'size' => 19, 'limit' => 1, 'label' => rcube_label('organization')),
- 'department' => array('type' => 'text', 'size' => 19, 'limit' => 1, 'label' => rcube_label('department')),
- 'gender' => array('type' => 'select', 'limit' => 1, 'label' => rcube_label('gender'), 'options' => array('male' => rcube_label('male'), 'female' => rcube_label('female'))),
- 'maidenname' => array('type' => 'text', 'size' => 40, 'limit' => 1, 'label' => rcube_label('maidenname')),
- 'email' => array('type' => 'text', 'size' => 40, 'label' => rcube_label('email'), 'subtypes' => array('home','work','other')),
- 'phone' => array('type' => 'text', 'size' => 40, 'label' => rcube_label('phone'), 'subtypes' => array('home','home2','work','work2','mobile','main','homefax','workfax','car','pager','video','assistant','other')),
+ 'name' => array('type' => 'text', 'size' => 40, 'maxlength' => 50, 'limit' => 1, 'label' => rcube_label('name'), 'category' => 'main'),
+ 'firstname' => array('type' => 'text', 'size' => 19, 'maxlength' => 50, 'limit' => 1, 'label' => rcube_label('firstname'), 'category' => 'main'),
+ 'surname' => array('type' => 'text', 'size' => 19, 'maxlength' => 50, 'limit' => 1, 'label' => rcube_label('surname'), 'category' => 'main'),
+ 'email' => array('type' => 'text', 'size' => 40, 'maxlength' => 254, 'label' => rcube_label('email'), 'subtypes' => array('home','work','other'), 'category' => 'main'),
+ 'middlename' => array('type' => 'text', 'size' => 19, 'maxlength' => 50, 'limit' => 1, 'label' => rcube_label('middlename'), 'category' => 'main'),
+ 'prefix' => array('type' => 'text', 'size' => 8, 'maxlength' => 20, 'limit' => 1, 'label' => rcube_label('nameprefix'), 'category' => 'main'),
+ 'suffix' => array('type' => 'text', 'size' => 8, 'maxlength' => 20, 'limit' => 1, 'label' => rcube_label('namesuffix'), 'category' => 'main'),
+ 'nickname' => array('type' => 'text', 'size' => 40, 'maxlength' => 50, 'limit' => 1, 'label' => rcube_label('nickname'), 'category' => 'main'),
+ 'jobtitle' => array('type' => 'text', 'size' => 40, 'maxlength' => 50, 'limit' => 1, 'label' => rcube_label('jobtitle'), 'category' => 'main'),
+ 'organization' => array('type' => 'text', 'size' => 40, 'maxlength' => 50, 'limit' => 1, 'label' => rcube_label('organization'), 'category' => 'main'),
+ 'department' => array('type' => 'text', 'size' => 40, 'maxlength' => 50, 'limit' => 1, 'label' => rcube_label('department'), 'category' => 'main'),
+ 'gender' => array('type' => 'select', 'limit' => 1, 'label' => rcube_label('gender'), 'options' => array('male' => rcube_label('male'), 'female' => rcube_label('female')), 'category' => 'personal'),
+ 'maidenname' => array('type' => 'text', 'size' => 40, 'maxlength' => 50, 'limit' => 1, 'label' => rcube_label('maidenname'), 'category' => 'personal'),
+ 'phone' => array('type' => 'text', 'size' => 40, 'maxlength' => 20, 'label' => rcube_label('phone'), 'subtypes' => array('home','home2','work','work2','mobile','main','homefax','workfax','car','pager','video','assistant','other'), 'category' => 'main'),
'address' => array('type' => 'composite', 'label' => rcube_label('address'), 'subtypes' => array('home','work','other'), 'childs' => array(
- 'street' => array('type' => 'text', 'size' => 40, 'label' => rcube_label('street')),
- 'locality' => array('type' => 'text', 'size' => 28, 'label' => rcube_label('locality')),
- 'zipcode' => array('type' => 'text', 'size' => 8, 'label' => rcube_label('zipcode')),
- 'region' => array('type' => 'text', 'size' => 12, 'label' => rcube_label('region')),
- 'country' => array('type' => 'text', 'size' => 40, 'label' => rcube_label('country')),
- )),
- 'birthday' => array('type' => 'date', 'size' => 12, 'label' => rcube_label('birthday'), 'limit' => 1, 'render_func' => 'rcmail_format_date_col'),
- 'anniversary' => array('type' => 'date', 'size' => 12, 'label' => rcube_label('anniversary'), 'limit' => 1, 'render_func' => 'rcmail_format_date_col'),
- 'website' => array('type' => 'text', 'size' => 40, 'label' => rcube_label('website'), 'subtypes' => array('homepage','work','blog','other')),
- 'im' => array('type' => 'text', 'size' => 40, 'label' => rcube_label('instantmessenger'), 'subtypes' => array('aim','icq','msn','yahoo','jabber','skype','other')),
- 'notes' => array('type' => 'textarea', 'size' => 40, 'rows' => 15, 'label' => rcube_label('notes'), 'limit' => 1),
- 'photo' => array('type' => 'image', 'limit' => 1),
- 'assistant' => array('type' => 'text', 'size' => 40, 'limit' => 1, 'label' => rcube_label('assistant')),
- 'manager' => array('type' => 'text', 'size' => 40, 'limit' => 1, 'label' => rcube_label('manager')),
- 'spouse' => array('type' => 'text', 'size' => 40, 'limit' => 1, 'label' => rcube_label('spouse')),
+ 'street' => array('type' => 'text', 'size' => 40, 'maxlength' => 50, 'label' => rcube_label('street'), 'category' => 'main'),
+ 'locality' => array('type' => 'text', 'size' => 28, 'maxlength' => 50, 'label' => rcube_label('locality'), 'category' => 'main'),
+ 'zipcode' => array('type' => 'text', 'size' => 8, 'maxlength' => 15, 'label' => rcube_label('zipcode'), 'category' => 'main'),
+ 'region' => array('type' => 'text', 'size' => 12, 'maxlength' => 50, 'label' => rcube_label('region'), 'category' => 'main'),
+ 'country' => array('type' => 'text', 'size' => 40, 'maxlength' => 50, 'label' => rcube_label('country'), 'category' => 'main'),
+ ), 'category' => 'main'),
+ 'birthday' => array('type' => 'date', 'size' => 12, 'maxlength' => 16, 'label' => rcube_label('birthday'), 'limit' => 1, 'render_func' => 'rcmail_format_date_col', 'category' => 'personal'),
+ 'anniversary' => array('type' => 'date', 'size' => 12, 'maxlength' => 16, 'label' => rcube_label('anniversary'), 'limit' => 1, 'render_func' => 'rcmail_format_date_col', 'category' => 'personal'),
+ 'website' => array('type' => 'text', 'size' => 40, 'maxlength' => 50, 'label' => rcube_label('website'), 'subtypes' => array('homepage','work','blog','profile','other'), 'category' => 'main'),
+ 'im' => array('type' => 'text', 'size' => 40, 'maxlength' => 50, 'label' => rcube_label('instantmessenger'), 'subtypes' => array('aim','icq','msn','yahoo','jabber','skype','other'), 'category' => 'main'),
+ 'notes' => array('type' => 'textarea', 'size' => 40, 'rows' => 15, 'maxlength' => 500, 'label' => rcube_label('notes'), 'limit' => 1),
+ 'photo' => array('type' => 'image', 'limit' => 1, 'category' => 'main'),
+ 'assistant' => array('type' => 'text', 'size' => 40, 'maxlength' => 50, 'limit' => 1, 'label' => rcube_label('assistant'), 'category' => 'personal'),
+ 'manager' => array('type' => 'text', 'size' => 40, 'maxlength' => 50, 'limit' => 1, 'label' => rcube_label('manager'), 'category' => 'personal'),
+ 'spouse' => array('type' => 'text', 'size' => 40, 'maxlength' => 50, 'limit' => 1, 'label' => rcube_label('spouse'), 'category' => 'personal'),
// TODO: define fields for vcards like GEO, KEY
);
-// reduce/extend $CONTACT_COLTYPES with specification from the current $CONTACT object
-if (is_array($CONTACTS->coltypes)) {
- // remove cols not listed by the backend class
- $contact_cols = $CONTACTS->coltypes[0] ? array_flip($CONTACTS->coltypes) : $CONTACTS->coltypes;
- $CONTACT_COLTYPES = array_intersect_key($CONTACT_COLTYPES, $contact_cols);
- // add associative coltypes definition
- if (!$CONTACTS->coltypes[0]) {
- foreach ($CONTACTS->coltypes as $col => $colprop)
- $CONTACT_COLTYPES[$col] = $CONTACT_COLTYPES[$col] ? array_merge($CONTACT_COLTYPES[$col], $colprop) : $colprop;
+$PAGE_SIZE = $RCMAIL->config->get('addressbook_pagesize', $RCMAIL->config->get('pagesize', 50));
+
+// Addressbook UI
+if (!$RCMAIL->action && !$OUTPUT->ajax_call) {
+ // add list of address sources to client env
+ $js_list = $RCMAIL->get_address_sources();
+
+ // count all/writeable sources
+ $writeable = 0;
+ $count = 0;
+ foreach ($js_list as $sid => $s) {
+ $count++;
+ if (!$s['readonly']) {
+ $writeable++;
+ }
+ // unset hidden sources
+ if ($s['hidden']) {
+ unset($js_list[$sid]);
+ }
}
+
+ $search_mods = $RCMAIL->config->get('addressbook_search_mods', $SEARCH_MODS_DEFAULT);
+ $OUTPUT->set_env('search_mods', $search_mods);
+ $OUTPUT->set_env('address_sources', $js_list);
+ $OUTPUT->set_env('writable_source', $writeable);
+ $OUTPUT->set_env('compose_extwin', $RCMAIL->config->get('compose_extwin',false));
+
+ $OUTPUT->set_pagetitle(rcube_label('addressbook'));
+ $_SESSION['addressbooks_count'] = $count;
+ $_SESSION['addressbooks_count_writeable'] = $writeable;
+
+ // select address book
+ $source = get_input_value('_source', RCUBE_INPUT_GPC);
+
+ // use first directory by default
+ if (!strlen($source) || !isset($js_list[$source])) {
+ $source = $RCMAIL->config->get('default_addressbook');
+ if (!strlen($source) || !isset($js_list[$source])) {
+ $source = strval(key($js_list));
+ }
+ }
+
+ $CONTACTS = rcmail_contact_source($source, true);
}
-$OUTPUT->set_env('photocol', is_array($CONTACT_COLTYPES['photo']));
+// remove undo information...
+if ($undo = $_SESSION['contact_undo']) {
+ // ...after timeout
+ $undo_time = $RCMAIL->config->get('undo_timeout', 0);
+ if ($undo['ts'] < time() - $undo_time)
+ $RCMAIL->session->remove('contact_undo');
+}
+
+// instantiate a contacts object according to the given source
+function rcmail_contact_source($source=null, $init_env=false, $writable=false)
+{
+ global $RCMAIL, $OUTPUT, $CONTACT_COLTYPES, $PAGE_SIZE;
+
+ if (!strlen($source)) {
+ $source = get_input_value('_source', RCUBE_INPUT_GPC);
+ }
+
+ // Get object
+ $CONTACTS = $RCMAIL->get_address_book($source, $writable);
+ $CONTACTS->set_pagesize($PAGE_SIZE);
+
+ // set list properties and session vars
+ if (!empty($_GET['_page']))
+ $CONTACTS->set_page(($_SESSION['page'] = intval($_GET['_page'])));
+ else
+ $CONTACTS->set_page(isset($_SESSION['page']) ? $_SESSION['page'] : 1);
+
+ if (!empty($_REQUEST['_gid']))
+ $CONTACTS->set_group(get_input_value('_gid', RCUBE_INPUT_GPC));
+
+ if (!$init_env)
+ return $CONTACTS;
+
+ $OUTPUT->set_env('readonly', $CONTACTS->readonly);
+ $OUTPUT->set_env('source', $source);
+
+ // reduce/extend $CONTACT_COLTYPES with specification from the current $CONTACT object
+ if (is_array($CONTACTS->coltypes)) {
+ // remove cols not listed by the backend class
+ $contact_cols = $CONTACTS->coltypes[0] ? array_flip($CONTACTS->coltypes) : $CONTACTS->coltypes;
+ $CONTACT_COLTYPES = array_intersect_key($CONTACT_COLTYPES, $contact_cols);
+ // add associative coltypes definition
+ if (!$CONTACTS->coltypes[0]) {
+ foreach ($CONTACTS->coltypes as $col => $colprop) {
+ if (is_array($colprop['childs'])) {
+ foreach ($colprop['childs'] as $childcol => $childprop)
+ $colprop['childs'][$childcol] = array_merge((array)$CONTACT_COLTYPES[$col]['childs'][$childcol], $childprop);
+ }
+ $CONTACT_COLTYPES[$col] = $CONTACT_COLTYPES[$col] ? array_merge($CONTACT_COLTYPES[$col], $colprop) : $colprop;
+ }
+ }
+ }
+
+ $OUTPUT->set_env('photocol', is_array($CONTACT_COLTYPES['photo']));
+
+ return $CONTACTS;
+}
+
+
+function rcmail_set_sourcename($abook)
+{
+ global $OUTPUT;
+
+ // get address book name (for display)
+ if ($abook && $_SESSION['addressbooks_count'] > 1) {
+ $name = $abook->get_name();
+ if (!$name) {
+ $name = rcube_label('personaladrbook');
+ }
+ $OUTPUT->set_env('sourcename', html_entity_decode($name, ENT_COMPAT, 'UTF-8'));
+ }
+}
function rcmail_directory_list($attrib)
@@ -116,33 +185,80 @@
$out = '';
$local_id = '0';
$jsdata = array();
- $current = get_input_value('_source', RCUBE_INPUT_GPC);
+
$line_templ = html::tag('li', array(
- 'id' => 'rcmli%s', 'class' => 'addressbook %s'),
+ 'id' => 'rcmli%s', 'class' => '%s', 'noclose' => true),
html::a(array('href' => '%s',
+ 'rel' => '%s',
'onclick' => "return ".JS_OBJECT_NAME.".command('list','%s',this)"), '%s'));
- // currently selected is the first address source in the list
- if (!isset($current))
- $current = strval(key((array)$OUTPUT->env['address_sources']));
+ $sources = (array) $OUTPUT->get_env('address_sources');
+ reset($sources);
- foreach ((array)$OUTPUT->env['address_sources'] as $j => $source) {
- $id = strval($source['id'] ? $source['id'] : $j);
+ // currently selected source
+ $current = get_input_value('_source', RCUBE_INPUT_GPC);
+
+ foreach ($sources as $j => $source) {
+ $id = strval(strlen($source['id']) ? $source['id'] : $j);
$js_id = JQ($id);
- $dom_id = preg_replace('/[^a-z0-9\-_]/i', '_', $id);
- $out .= sprintf($line_templ, $dom_id, ($current === $id ? 'selected' : ''),
+
+ // set class name(s)
+ $class_name = 'addressbook';
+ if ($current === $id)
+ $class_name .= ' selected';
+ if ($source['readonly'])
+ $class_name .= ' readonly';
+ if ($source['class_name'])
+ $class_name .= ' ' . $source['class_name'];
+
+ $name = !empty($source['name']) ? $source['name'] : $id;
+ $out .= sprintf($line_templ,
+ rcube_utils::html_identifier($id, true),
+ $class_name,
Q(rcmail_url(null, array('_source' => $id))),
- $js_id, (!empty($source['name']) ? Q($source['name']) : Q($id)));
+ $source['id'],
+ $js_id, $name);
$groupdata = array('out' => $out, 'jsdata' => $jsdata, 'source' => $id);
if ($source['groups'])
$groupdata = rcmail_contact_groups($groupdata);
$jsdata = $groupdata['jsdata'];
$out = $groupdata['out'];
+ $out .= '</li>';
}
- $OUTPUT->set_env('contactgroups', $jsdata);
+ $line_templ = html::tag('li', array(
+ 'id' => 'rcmli%s', 'class' => '%s'),
+ html::a(array('href' => '#', 'rel' => 'S%s',
+ 'onclick' => "return ".JS_OBJECT_NAME.".command('listsearch', '%s', this)"), '%s'));
+
+ // Saved searches
+ $sources = $RCMAIL->user->list_searches(rcube_user::SEARCH_ADDRESSBOOK);
+ foreach ($sources as $j => $source) {
+ $id = $source['id'];
+ $js_id = JQ($id);
+
+ // set class name(s)
+ $class_name = 'contactsearch';
+ if ($current === $id)
+ $class_name .= ' selected';
+ if ($source['class_name'])
+ $class_name .= ' ' . $source['class_name'];
+
+ $out .= sprintf($line_templ,
+ rcube_utils::html_identifier('S'.$id, true),
+ $class_name,
+ $id,
+ $js_id, (!empty($source['name']) ? Q($source['name']) : Q($id)));
+ }
+
+ $OUTPUT->set_env('contactgroups', $jsdata);
+ $OUTPUT->set_env('collapsed_abooks', (string)$RCMAIL->config->get('collapsed_abooks',''));
$OUTPUT->add_gui_object('folderlist', $attrib['id']);
+ $OUTPUT->include_script('treelist.js');
+
+ // add some labels to client
+ $OUTPUT->add_label('deletegroupconfirm', 'groupdeleting', 'addingmember', 'removingmember');
return html::tag('ul', $attrib, $out, html::$common_attrib);
}
@@ -153,52 +269,63 @@
global $RCMAIL;
$groups = $RCMAIL->get_address_book($args['source'])->list_groups();
+ $js_id = $RCMAIL->JQ($args['source']);
+ $groups_html = '';
if (!empty($groups)) {
$line_templ = html::tag('li', array(
- 'id' => 'rcmliG%s', 'class' => 'contactgroup'),
+ 'id' => 'rcmli%s', 'class' => 'contactgroup'),
html::a(array('href' => '#',
+ 'rel' => '%s:%s',
'onclick' => "return ".JS_OBJECT_NAME.".command('listgroup',{'source':'%s','id':'%s'},this)"), '%s'));
+
+ // append collapse/expand toggle and open a new <ul>
+ $is_collapsed = strpos($RCMAIL->config->get('collapsed_abooks',''), '&'.rawurlencode($args['source']).'&') !== false;
+ $args['out'] .= html::div('treetoggle ' . ($is_collapsed ? 'collapsed' : 'expanded'), ' ');
$jsdata = array();
foreach ($groups as $group) {
- $args['out'] .= sprintf($line_templ, asciiwords($args['source'] . $group['ID'], true, '_'), $args['source'], $group['ID'], Q($group['name']));
+ $groups_html .= sprintf($line_templ,
+ rcube_utils::html_identifier('G' . $args['source'] . $group['ID'], true),
+ $args['source'], $group['ID'],
+ $args['source'], $group['ID'], Q($group['name'])
+ );
$args['jsdata']['G'.$args['source'].$group['ID']] = array(
'source' => $args['source'], 'id' => $group['ID'],
'name' => $group['name'], 'type' => 'group');
}
}
+ $args['out'] .= html::tag('ul',
+ array('class' => 'groups', 'style' => ($is_collapsed || empty($groups) ? "display:none;" : null)),
+ $groups_html);
+
return $args;
}
-// return the message list as HTML table
+// return the contacts list as HTML table
function rcmail_contacts_list($attrib)
{
global $CONTACTS, $OUTPUT;
// define list of cols to be displayed
- $a_show_cols = array('name');
-
- // count contacts for this user
- $result = $CONTACTS->list_records($a_show_cols);
+ $a_show_cols = array('name','action');
// add id to message list table if not specified
if (!strlen($attrib['id']))
$attrib['id'] = 'rcmAddressList';
// create XHTML table
- $out = rcube_table_output($attrib, $result->records, $a_show_cols, $CONTACTS->primary_key);
+ $out = rcube_table_output($attrib, array(), $a_show_cols, $CONTACTS->primary_key);
// set client env
$OUTPUT->add_gui_object('contactslist', $attrib['id']);
$OUTPUT->set_env('current_page', (int)$CONTACTS->list_page);
- $OUTPUT->set_env('pagecount', ceil($result->count/$CONTACTS->page_size));
$OUTPUT->include_script('list.js');
// add some labels to client
- $OUTPUT->add_label('deletecontactconfirm');
+ $OUTPUT->add_label('deletecontactconfirm', 'copyingcontact', 'contactdeleting');
return $out;
}
@@ -212,17 +339,70 @@
return;
// define list of cols to be displayed
- $a_show_cols = array('name');
-
- while ($row = $result->next()) {
- $a_row_cols = array();
-
- // format each col
- foreach ($a_show_cols as $col)
- $a_row_cols[$col] = Q($row[$col]);
+ $a_show_cols = array('name','action');
- $OUTPUT->command($prefix.'add_contact_row', $row['ID'], $a_row_cols);
+ while ($row = $result->next()) {
+ $row['CID'] = $row['ID'];
+ $row['email'] = reset(rcube_addressbook::get_col_values('email', $row, true));
+
+ $source_id = $OUTPUT->get_env('source');
+ $a_row_cols = array();
+ $classes = array($row['_type'] ? $row['_type'] : 'person');
+
+ // build contact ID with source ID
+ if (isset($row['sourceid'])) {
+ $row['ID'] = $row['ID'].'-'.$row['sourceid'];
+ $source_id = $row['sourceid'];
+ }
+
+ // format each col
+ foreach ($a_show_cols as $col) {
+ $val = '';
+ switch ($col) {
+ case 'name':
+ $val = Q(rcube_addressbook::compose_list_name($row));
+ break;
+
+ case 'action':
+ if ($row['_type'] == 'group') {
+ $val = html::a(array(
+ 'href' => '#list',
+ 'rel' => $row['ID'],
+ 'title' => rcube_label('listgroup'),
+ 'onclick' => sprintf("return %s.command('pushgroup',{'source':'%s','id':'%s'},this,event)", JS_OBJECT_NAME, $source_id, $row['CID']),
+ ), '»');
+ }
+ else
+ $val = ' ';
+ break;
+
+ default:
+ $val = Q($row[$col]);
+ break;
+ }
+
+ $a_row_cols[$col] = $val;
+ }
+
+ if ($row['readonly'])
+ $classes[] = 'readonly';
+
+ $OUTPUT->command($prefix.'add_contact_row', $row['ID'], $a_row_cols, join(' ', $classes), array_intersect_key($row, array('ID'=>1,'readonly'=>1,'_type'=>1,'email'=>1,'name'=>1)));
}
+}
+
+
+function rcmail_contacts_list_title($attrib)
+{
+ global $OUTPUT;
+
+ $attrib += array('label' => 'contacts', 'id' => 'rcmabooklisttitle', 'tag' => 'span');
+ unset($attrib['name']);
+
+ $OUTPUT->add_gui_object('addresslist_title', $attrib['id']);
+ $OUTPUT->add_label('contacts');
+
+ return html::tag($attrib['tag'], $attrib, rcube_label($attrib['label']), html::$common_attrib);
}
@@ -233,13 +413,8 @@
if (!$attrib['id'])
$attrib['id'] = 'rcmcontactframe';
-
- $attrib['name'] = $attrib['id'];
- $OUTPUT->set_env('contentframe', $attrib['name']);
- $OUTPUT->set_env('blankpage', $attrib['src'] ? $OUTPUT->abs_url($attrib['src']) : 'program/blank.gif');
-
- return html::iframe($attrib);
+ return $OUTPUT->frame($attrib, true);
}
@@ -252,28 +427,30 @@
$OUTPUT->add_gui_object('countdisplay', $attrib['id']);
- return html::span($attrib, rcmail_get_rowcount_text());
+ if ($attrib['label'])
+ $_SESSION['contactcountdisplay'] = $attrib['label'];
+
+ return html::span($attrib, rcube_label('loading'));
}
-function rcmail_get_rowcount_text()
+function rcmail_get_rowcount_text($result=null)
{
- global $CONTACTS;
-
+ global $CONTACTS, $PAGE_SIZE;
+
// read nr of contacts
- $result = $CONTACTS->get_result();
if (!$result) {
- $result = $CONTACTS->count();
+ $result = $CONTACTS->get_result();
}
if ($result->count == 0)
$out = rcube_label('nocontactsfound');
else
$out = rcube_label(array(
- 'name' => 'contactsfromto',
+ 'name' => $_SESSION['contactcountdisplay'] ? $_SESSION['contactcountdisplay'] : 'contactsfromto',
'vars' => array(
'from' => $result->first + 1,
- 'to' => min($result->count, $result->first + $CONTACTS->page_size),
+ 'to' => min($result->count, $result->first + $PAGE_SIZE),
'count' => $result->count)
));
@@ -284,20 +461,20 @@
function rcmail_get_type_label($type)
{
$label = 'type'.$type;
- if (rcube_label_exists($label))
- return rcube_label($label);
+ if (rcube_label_exists($label, '*', $domain))
+ return rcube_label($label, $domain);
else if (preg_match('/\w+(\d+)$/', $label, $m)
&& ($label = preg_replace('/(\d+)$/', '', $label))
- && rcube_label_exists($label))
- return rcube_label($label) . ' ' . $m[1];
-
+ && rcube_label_exists($label, '*', $domain))
+ return rcube_label($label, $domain) . ' ' . $m[1];
+
return ucfirst($type);
}
function rcmail_contact_form($form, $record, $attrib = null)
{
- global $RCMAIL, $CONFIG;
+ global $RCMAIL;
// Allow plugins to modify contact form content
$plugin = $RCMAIL->plugins->exec_hook('contact_form', array(
@@ -306,23 +483,24 @@
$form = $plugin['form'];
$record = $plugin['record'];
$edit_mode = $RCMAIL->action != 'show';
- $del_button = $attrib['deleteicon'] ? html::img(array('src' => $CONFIG['skin_path'] . $attrib['deleteicon'], 'alt' => rcube_label('delete'))) : rcube_label('delete');
+ $del_button = $attrib['deleteicon'] ? html::img(array('src' => $RCMAIL->output->get_skin_file($attrib['deleteicon']), 'alt' => rcube_label('delete'))) : rcube_label('delete');
unset($attrib['deleteicon']);
$out = '';
-
+
// get default coltypes
$coltypes = $GLOBALS['CONTACT_COLTYPES'];
- $coltype_lables = array();
-
+ $coltype_labels = array();
+
foreach ($coltypes as $col => $prop) {
if ($prop['subtypes']) {
+ $subtype_names = array_map('rcmail_get_type_label', $prop['subtypes']);
$select_subtype = new html_select(array('name' => '_subtype_'.$col.'[]', 'class' => 'contactselectsubtype'));
- $select_subtype->add($prop['subtypes']);
+ $select_subtype->add($subtype_names, $prop['subtypes']);
$coltypes[$col]['subtypes_select'] = $select_subtype->show();
}
if ($prop['childs']) {
foreach ($prop['childs'] as $childcol => $cp)
- $coltype_lables[$childcol] = array('label' => $cp['label']);
+ $coltype_labels[$childcol] = array('label' => $cp['label']);
}
}
@@ -337,10 +515,9 @@
// render head section with name fields (not a regular list of rows)
if ($section == 'head') {
$content = '';
-
- // TODO: use the save name composition function as in save.inc
- $names_arr = array($record['prefix'], $record['firstname'], $record['middlename'], $record['surname'], $record['suffix']);
- if ($record['name'] == join(' ', array_filter($names_arr)))
+
+ // unset display name if it is composed from name parts
+ if ($record['name'] == rcube_addressbook::compose_display_name(array('name' => '') + (array)$record))
unset($record['name']);
// group fields
@@ -348,7 +525,9 @@
'names' => array('prefix','firstname','middlename','surname','suffix'),
'displayname' => array('name'),
'nickname' => array('nickname'),
- 'jobnames' => array('organization','department','jobtitle'),
+ 'organization' => array('organization'),
+ 'department' => array('department'),
+ 'jobtitle' => array('jobtitle'),
);
foreach ($field_blocks as $blockname => $colnames) {
$fields = '';
@@ -356,6 +535,10 @@
// skip cols unknown to the backend
if (!$coltypes[$col])
continue;
+
+ // only string values are expected here
+ if (is_array($record[$col]))
+ $record[$col] = join(' ', $record[$col]);
if ($RCMAIL->action == 'show') {
if (!empty($record[$col]))
@@ -373,7 +556,7 @@
}
$content .= html::div($blockname, $fields);
}
-
+
if ($edit_mode)
$content .= html::p('addfield', $select_add->show(null));
@@ -441,8 +624,13 @@
if (empty($values) && $colprop['visible'])
$values[] = '';
+ if (!is_array($values)) {
+ // $values can be an object, don't use (array)$values syntax
+ $values = !empty($values) ? array($values) : array();
+ }
+
$rows = '';
- foreach ((array)$values as $i => $val) {
+ foreach ($values as $i => $val) {
if ($subtypes[$i])
$subtype = $subtypes[$i];
@@ -451,7 +639,12 @@
$composite = array(); $j = 0;
$template = $RCMAIL->config->get($col . '_template', '{'.join('} {', array_keys($colprop['childs'])).'}');
foreach ($colprop['childs'] as $childcol => $cp) {
- $childvalue = $val[$childcol] ? $val[$childcol] : $val[$j];
+ if (!empty($val) && is_array($val)) {
+ $childvalue = $val[$childcol] ? $val[$childcol] : $val[$j];
+ }
+ else {
+ $childvalue = '';
+ }
if ($edit_mode) {
if ($colprop['subtypes'] || $colprop['limit'] != 1) $cp['array'] = true;
@@ -466,7 +659,7 @@
$coltypes[$field] += (array)$colprop;
$coltypes[$field]['count']++;
- $val = strtr($template, $composite);
+ $val = preg_replace('/\{\w+\}/', '', strtr($template, $composite));
}
else if ($edit_mode) {
// call callback to render/format value
@@ -477,6 +670,13 @@
if ($colprop['subtypes'] || $colprop['limit'] != 1)
$colprop['array'] = true;
+
+ // load jquery UI datepicker for date fields
+ if ($colprop['type'] == 'date') {
+ $colprop['class'] .= ($colprop['class'] ? ' ' : '') . 'datepicker';
+ if (!$colprop['render_func'])
+ $val = rcmail_format_date_col($val);
+ }
$val = rcmail_get_edit_field($col, $val, $colprop, $colprop['type']);
$coltypes[$field]['count']++;
@@ -505,18 +705,23 @@
else // row without label
$rows .= html::div('row', html::div('contactfield', $val));
}
-
+
// add option to the add-field menu
if (!$colprop['limit'] || $coltypes[$field]['count'] < $colprop['limit']) {
$select_add->add($colprop['label'], $col);
$select_add->_count++;
}
-
+
// wrap rows in fieldgroup container
- $content .= html::tag('fieldset', array('class' => 'contactfieldgroup ' . ($colprop['subtypes'] ? 'contactfieldgroupmulti ' : '') . 'contactcontroller' . $col, 'style' => ($rows ? null : 'display:none')),
- ($colprop['subtypes'] ? html::tag('legend', null, Q($colprop['label'])) : ' ') .
- $rows);
+ if ($rows) {
+ $content .= html::tag('fieldset', array('class' => 'contactfieldgroup ' . ($colprop['subtypes'] ? 'contactfieldgroupmulti ' : '') . 'contactcontroller' . $col, 'style' => ($rows ? null : 'display:none')),
+ ($colprop['subtypes'] ? html::tag('legend', null, Q($colprop['label'])) : ' ') .
+ $rows);
+ }
}
+
+ if (!$content && (!$edit_mode || !$select_add->_count))
+ continue;
// also render add-field selector
if ($edit_mode)
@@ -528,11 +733,12 @@
$content = $fieldset['content'];
}
- $out .= html::tag('fieldset', null, html::tag('legend', null, Q($fieldset['name'])) . $content) ."\n";
+ if ($content)
+ $out .= html::tag('fieldset', null, html::tag('legend', null, Q($fieldset['name'])) . $content) ."\n";
}
if ($edit_mode) {
- $RCMAIL->output->set_env('coltypes', $coltypes + $coltype_lables);
+ $RCMAIL->output->set_env('coltypes', $coltypes + $coltype_labels);
$RCMAIL->output->set_env('delbutton', $del_button);
$RCMAIL->output->add_label('delete');
}
@@ -543,37 +749,97 @@
function rcmail_contact_photo($attrib)
{
- global $CONTACTS, $CONTACT_COLTYPES, $RCMAIL, $CONFIG;
-
+ global $SOURCE_ID, $CONTACTS, $CONTACT_COLTYPES, $RCMAIL;
+
if ($result = $CONTACTS->get_result())
$record = $result->first();
-
- $photo_img = $attrib['placeholder'] ? $CONFIG['skin_path'] . $attrib['placeholder'] : 'program/blank.gif';
+
+ $photo_img = $attrib['placeholder'] ? $RCMAIL->output->get_skin_file($attrib['placeholder']) : 'program/resources/blank.gif';
+ if ($record['_type'] == 'group' && $attrib['placeholdergroup'])
+ $photo_img = $RCMAIL->output->get_skin_file($attrib['placeholdergroup']);
+
+ $RCMAIL->output->set_env('photo_placeholder', $photo_img);
unset($attrib['placeholder']);
-
- if ($CONTACT_COLTYPES['photo']) {
- $RCMAIL->output->set_env('photo_placeholder', $photo_img);
-
- if ($record['photo'])
- $photo_img = $RCMAIL->url(array('_action' => 'photo', '_cid' => $record['ID'], '_source' => $_REQUEST['_source']));
- $img = html::img(array('src' => $photo_img, 'border' => 1, 'alt' => ''));
- $content = html::div($attrib, $img);
-
- if ($RCMAIL->action == 'edit' || $RCMAIL->action == 'add') {
- $RCMAIL->output->add_gui_object('contactphoto', $attrib['id']);
- $hidden = new html_hiddenfield(array('name' => '_photo', 'id' => 'ff_photo'));
- $content .= $hidden->show();
- }
- }
-
- return $content;
+
+ $plugin = $RCMAIL->plugins->exec_hook('contact_photo', array('record' => $record, 'data' => $record['photo']));
+
+ if ($plugin['url'])
+ $photo_img = $plugin['url'];
+ else if (preg_match('!^https?://!i', $record['photo']))
+ $photo_img = $record['photo'];
+ else if ($record['photo'])
+ $photo_img = $RCMAIL->url(array('_action' => 'photo', '_cid' => $record['ID'], '_source' => $SOURCE_ID));
+ else
+ $ff_value = '-del-'; // will disable delete-photo action
+
+ $img = html::img(array('src' => $photo_img, 'border' => 1, 'alt' => ''));
+ $content = html::div($attrib, $img);
+
+ if ($CONTACT_COLTYPES['photo'] && ($RCMAIL->action == 'edit' || $RCMAIL->action == 'add')) {
+ $RCMAIL->output->add_gui_object('contactphoto', $attrib['id']);
+ $hidden = new html_hiddenfield(array('name' => '_photo', 'id' => 'ff_photo', 'value' => $ff_value));
+ $content .= $hidden->show();
+ }
+
+ return $content;
}
function rcmail_format_date_col($val)
{
global $RCMAIL;
- return format_date($val, $RCMAIL->config->get('date_format', 'Y-m-d'));
+ return format_date($val, $RCMAIL->config->get('date_format', 'Y-m-d'), false);
+}
+
+
+/**
+ * Returns contact ID(s) and source(s) from GET/POST data
+ *
+ * @return array List of contact IDs per-source
+ */
+function rcmail_get_cids($filter = null)
+{
+ // contact ID (or comma-separated list of IDs) is provided in two
+ // forms. If _source is an empty string then the ID is a string
+ // containing contact ID and source name in form: <ID>-<SOURCE>
+
+ $cid = get_input_value('_cid', RCUBE_INPUT_GPC);
+ $source = (string) get_input_value('_source', RCUBE_INPUT_GPC);
+
+ if (is_array($cid)) {
+ return $cid;
+ }
+
+ if (!preg_match('/^[a-zA-Z0-9\+\/=_-]+(,[a-zA-Z0-9\+\/=_-]+)*$/', $cid)) {
+ return array();
+ }
+
+ $cid = explode(',', $cid);
+ $got_source = strlen($source);
+ $result = array();
+
+ // create per-source contact IDs array
+ foreach ($cid as $id) {
+ // extract source ID from contact ID (it's there in search mode)
+ // see #1488959 and #1488862 for reference
+ if (!$got_source) {
+ if ($sep = strrpos($id, '-')) {
+ $contact_id = substr($id, 0, $sep);
+ $source_id = (string) substr($id, $sep+1);
+ if (strlen($source_id)) {
+ $result[$source_id][] = $contact_id;
+ }
+ }
+ }
+ else {
+ if (substr($id, -($got_source+1)) === "-$source") {
+ $id = substr($id, 0, -($got_source+1));
+ }
+ $result[$source][] = $id;
+ }
+ }
+
+ return $filter !== null ? $result[$filter] : $result;
}
@@ -582,6 +848,7 @@
'directorylist' => 'rcmail_directory_list',
// 'groupslist' => 'rcmail_contact_groups',
'addresslist' => 'rcmail_contacts_list',
+ 'addresslisttitle' => 'rcmail_contacts_list_title',
'addressframe' => 'rcmail_contact_frame',
'recordscountdisplay' => 'rcmail_rowcount_display',
'searchform' => array($OUTPUT, 'search_form')
@@ -591,10 +858,11 @@
$RCMAIL->register_action_map(array(
'add' => 'edit.inc',
'photo' => 'show.inc',
- 'upload-photo' => 'save.inc',
'group-create' => 'groups.inc',
'group-rename' => 'groups.inc',
'group-delete' => 'groups.inc',
'group-addmembers' => 'groups.inc',
'group-delmembers' => 'groups.inc',
+ 'search-create' => 'search.inc',
+ 'search-delete' => 'search.inc',
));
--
Gitblit v1.9.1