Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<?php /* +-----------------------------------------------------------------------+ | Th..
Decoded Output download
<?php
/*
+-----------------------------------------------------------------------+
| This file is part of the Roundcube Webmail client |
| |
| Copyright (C) The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
| See the README file for a full license statement. |
| |
| PURPOSE: |
| Class to handle HTML page output using a skin template. |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <[email protected]> |
+-----------------------------------------------------------------------+
*/
/**
* Class to create HTML page output using a skin template
*/
class rcmail_output_html extends rcmail_output
{
public $type = 'html';
protected $message;
protected $template_name;
protected $objects = [];
protected $js_env = [];
protected $js_labels = [];
protected $js_commands = [];
protected $skin_paths = [];
protected $skin_extends = [];
protected $skin_name = '';
protected $scripts_path = '';
protected $script_files = [];
protected $css_files = [];
protected $scripts = [];
protected $task;
protected $meta_tags = [];
protected $link_tags = ['shortcut icon' => ''];
protected $header = '';
protected $footer = '';
protected $body = '';
protected $base_path = '';
protected $assets_path;
protected $assets_dir = RCUBE_INSTALL_PATH;
protected $devel_mode = false;
protected $default_template = "<html>
<head><meta name='generator' content='Roundcube'></head>
<body></body>
</html>";
// deprecated names of templates used before 0.5
protected $deprecated_templates = [
'contact' => 'showcontact',
'contactadd' => 'addcontact',
'contactedit' => 'editcontact',
'identityedit' => 'editidentity',
'messageprint' => 'printmessage',
];
// deprecated names of template objects used before 1.4
protected $deprecated_template_objects = [
'addressframe' => 'contentframe',
'messagecontentframe' => 'contentframe',
'prefsframe' => 'contentframe',
'folderframe' => 'contentframe',
'identityframe' => 'contentframe',
'responseframe' => 'contentframe',
'keyframe' => 'contentframe',
'filterframe' => 'contentframe',
];
/**
* Constructor
*/
public function __construct($task = null, $framed = false)
{
parent::__construct();
$this->task = $task;
$this->init($framed);
}
/**
* Initialization
*/
protected function init($framed = false)
{
$this->set_env('task', $this->task);
$this->set_env('standard_windows', (bool) $this->config->get('standard_windows'));
$this->set_env('locale', !empty($_SESSION['language']) ? $_SESSION['language'] : 'en_US');
$this->set_env('devel_mode', $this->devel_mode);
// Version number e.g. 1.4.2 will be 10402
$version = explode('.', preg_replace('/[^0-9.].*/', '', RCMAIL_VERSION));
$this->set_env('rcversion', intval($version[0]) * 10000 + intval($version[1]) * 100 + ($version[2] ?? 0));
// add cookie info
$this->set_env('cookie_domain', ini_get('session.cookie_domain'));
$this->set_env('cookie_path', ini_get('session.cookie_path'));
$this->set_env('cookie_secure', filter_var(ini_get('session.cookie_secure'), \FILTER_VALIDATE_BOOLEAN));
// Easy way to change skin via GET argument, for developers
if ($this->devel_mode && !empty($_GET['skin']) && preg_match('/^[a-z0-9-_]+$/i', $_GET['skin'])) {
if ($this->check_skin($_GET['skin'])) {
$this->set_skin($_GET['skin']);
$this->app->user->save_prefs(['skin' => $_GET['skin']]);
}
}
// load and setup the skin
$this->set_skin($this->config->get('skin'));
$this->set_assets_path($this->config->get('assets_path'), $this->config->get('assets_dir'));
if (!empty($_REQUEST['_extwin'])) {
$this->set_env('extwin', 1);
}
if ($this->framed || $framed) {
$this->set_env('framed', 1);
}
$lic = <<<'EOF'
/*
@licstart The following is the entire license notice for the
JavaScript code in this page.
Copyright (C) The Roundcube Dev Team
The JavaScript code in this page is free software: you can redistribute
it and/or modify it under the terms of the GNU General Public License
as published by the Free Software Foundation, either version 3 of
the License, or (at your option) any later version.
The code is distributed WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU GPL for more details.
@licend The above is the entire license notice
for the JavaScript code in this page.
*/
EOF;
// add common javascripts
$this->add_script($lic, 'head_top');
$this->add_script('var ' . self::JS_OBJECT_NAME . ' = new rcube_webmail();', 'head_top');
// don't wait for page onload. Call init at the bottom of the page (delayed)
$this->add_script(self::JS_OBJECT_NAME . '.init();', 'docready');
$this->scripts_path = 'program/js/';
$this->include_script('jquery.min.js');
$this->include_script('common.js');
$this->include_script('app.js');
// register common UI objects
$this->add_handlers([
'loginform' => [$this, 'login_form'],
'preloader' => [$this, 'preloader'],
'username' => [$this, 'current_username'],
'message' => [$this, 'message_container'],
'charsetselector' => [$this, 'charset_selector'],
'aboutcontent' => [$this, 'about_content'],
]);
// set blankpage (watermark) url
$blankpage = $this->config->get('blankpage_url', '/watermark.html');
$this->set_env('blankpage', $blankpage);
}
/**
* Set environment variable
*
* @param string $name Property name
* @param mixed $value Property value
* @param bool $addtojs True if this property should be added
* to client environment
*/
#[Override]
public function set_env($name, $value, $addtojs = true)
{
$this->env[$name] = $value;
if ($addtojs || isset($this->js_env[$name])) {
$this->js_env[$name] = $value;
}
}
/**
* Parse and set assets path
*
* @param string $path Assets path URL (relative or absolute)
* @param string $fs_dir Assets path in filesystem
*/
public function set_assets_path($path, $fs_dir = null)
{
// set absolute path for assets if /index.php/foo/bar url is used
if (empty($path) && !empty($_SERVER['PATH_INFO'])) {
$path = preg_replace('/\?_task=[a-z]+/', '', $this->app->url([], true));
}
if (empty($path)) {
return;
}
$path = rtrim($path, '/') . '/';
// handle relative assets path
if (!preg_match('|^https?://|', $path) && $path[0] != '/') {
// save the path to search for asset files later
$this->assets_dir = $path;
$base = preg_replace('/[?#&].*$/', '', $_SERVER['REQUEST_URI']);
$base = rtrim($base, '/');
// remove url token if exists
if ($len = intval($this->config->get('use_secure_urls'))) {
$_base = explode('/', $base);
$last = count($_base) - 1;
$length = $len > 1 ? $len : 16; // as in rcube::get_secure_url_token()
// we can't use real token here because it
// does not exists in unauthenticated state,
// hope this will not produce false-positive matches
if (preg_match('/^[a-f0-9]{' . $length . '}$/', $_base[$last])) {
$path = '../' . $path;
}
}
}
// set filesystem path for assets
if ($fs_dir) {
if ($fs_dir[0] != '/') {
$fs_dir = realpath(RCUBE_INSTALL_PATH . $fs_dir);
}
// ensure the path ends with a slash
$this->assets_dir = rtrim($fs_dir, '/') . '/';
}
$this->assets_path = $path;
$this->set_env('assets_path', $path);
}
/**
* Getter for the current page title
*
* @param bool $full Prepend title with product/user name
*
* @return string The page title
*/
protected function get_pagetitle($full = true)
{
if (!empty($this->pagetitle)) {
$title = $this->pagetitle;
} elseif (isset($this->env['task'])) {
if ($this->env['task'] == 'login') {
$title = $this->app->gettext([
'name' => 'welcome',
'vars' => ['product' => $this->config->get('product_name')],
]);
} else {
$title = ucfirst($this->env['task']);
}
} else {
$title = '';
}
if ($full && $title) {
if ($this->devel_mode && !empty($_SESSION['username'])) {
$title = $_SESSION['username'] . ' :: ' . $title;
} elseif ($prod_name = $this->config->get('product_name')) {
$title = $prod_name . ' :: ' . $title;
}
}
return $title;
}
/**
* Getter for the current skin path property
*/
#[Override]
public function get_skin_path()
{
return $this->skin_paths[0];
}
/**
* Set skin
*
* @param string $skin Skin name
*/
public function set_skin($skin)
{
if (!$this->check_skin($skin)) {
// If the skin does not exist (could be removed or invalid),
// fallback to the skin set in the system configuration (#7271)
$skin = $this->config->system_skin;
}
$skin_path = 'skins/' . $skin;
$this->config->set('skin_path', $skin_path);
$this->base_path = $skin_path;
// register skin path(s)
$this->skin_paths = [];
$this->skins = [];
$this->load_skin($skin);
$this->skin_name = $skin;
$this->set_env('skin', $skin);
}
/**
* Check skin validity/existence
*
* @param string $skin Skin name
*
* @return bool True if the skin exist and is readable, False otherwise
*/
public function check_skin($skin)
{
// Sanity check to prevent from path traversal vulnerability (#1490620)
// @phpstan-ignore-next-line
if (!is_string($skin) || strpos($skin, '/') !== false || strpos($skin, '\') !== false) {
rcube::raise_error('Invalid skin name', true);
return false;
}
$skins_allowed = $this->config->get('skins_allowed');
if (!empty($skins_allowed) && !in_array($skin, (array) $skins_allowed)) {
return false;
}
$path = RCUBE_INSTALL_PATH . 'skins/';
return !empty($skin) && is_dir($path . $skin) && is_readable($path . $skin);
}
/**
* Helper method to recursively read skin meta files and register search paths
*/
private function load_skin($skin_name)
{
$skin_path = 'skins/' . $skin_name;
$this->skin_paths[] = $skin_path;
// read meta file and check for dependencies
$meta = $this->get_skin_info($skin_name);
$meta['path'] = $skin_path;
$path_elements = explode('/', $skin_path);
$skin_id = end($path_elements);
if (empty($meta['name'])) {
$meta['name'] = $skin_id;
}
$this->skins[$skin_id] = $meta;
// Keep skin config for ajax requests (#6613)
$_SESSION['skin_config'] = [];
if (!empty($meta['extends'])) {
$path = RCUBE_INSTALL_PATH . 'skins/';
if (is_dir($path . $meta['extends']) && is_readable($path . $meta['extends'])) {
$_SESSION['skin_config'] = $this->load_skin($meta['extends']);
$this->skin_extends[] = $meta['extends'];
}
}
if (!empty($meta['config'])) {
foreach ($meta['config'] as $key => $value) {
$this->config->set($key, $value, true);
$_SESSION['skin_config'][$key] = $value;
}
$value = array_merge((array) $this->config->get('dont_override'), array_keys($meta['config']));
$this->config->set('dont_override', $value, true);
}
if (!empty($meta['localization'])) {
$locdir = $meta['localization'] === true ? 'localization' : $meta['localization'];
if ($texts = $this->app->read_localization(RCUBE_INSTALL_PATH . $skin_path . '/' . $locdir)) {
$this->app->load_language($_SESSION['language'], $texts);
}
}
// Use array_merge() here to allow for global default and extended skins
if (!empty($meta['meta'])) {
$this->meta_tags = array_merge($this->meta_tags, (array) $meta['meta']);
}
if (!empty($meta['links'])) {
$this->link_tags = array_merge($this->link_tags, (array) $meta['links']);
}
if (!empty($this->skin_extends)) {
$this->set_env('skin_extends', $this->skin_extends);
}
$this->set_env('dark_mode_support', (bool) $this->config->get('dark_mode_support'));
return $_SESSION['skin_config'];
}
/**
* Check if a specific template exists
*
* @param string $name Template name
*
* @return bool True if template exists, False otherwise
*/
public function template_exists($name)
{
foreach ($this->skin_paths as $skin_path) {
$filename = RCUBE_INSTALL_PATH . $skin_path . '/templates/' . $name . '.html';
if (
(is_file($filename) && is_readable($filename))
|| (!empty($this->deprecated_templates[$name]) && $this->template_exists($this->deprecated_templates[$name]))
) {
return true;
}
}
return false;
}
/**
* Find the given file in the current skin path stack
*
* @param string $file File name/path to resolve (starting with /)
* @param string &$skin_path Reference to the base path of the matching skin
* @param string $add_path Additional path to search in
* @param bool $minified Fallback to a minified version of the file
*
* @return string|false Relative path to the requested file or False if not found
*/
public function get_skin_file($file, &$skin_path = null, $add_path = null, $minified = false)
{
$skin_paths = $this->skin_paths;
if ($add_path) {
array_unshift($skin_paths, $add_path);
$skin_paths = array_unique($skin_paths);
}
if ($file[0] != '/') {
$file = '/' . $file;
}
if ($skin_path = $this->find_file_path($file, $skin_paths)) {
return $skin_path . $file;
}
if ($minified && preg_match('/(?<!\.min)\.(js|css)$/', $file)) {
$file = preg_replace('/\.(js|css)$/', '.min.', $file);
if ($skin_path = $this->find_file_path($file, $skin_paths)) {
return $skin_path . $file;
}
}
return false;
}
/**
* Find path of the asset file
*/
protected function find_file_path($file, $skin_paths)
{
foreach ($skin_paths as $skin_path) {
if ($this->assets_dir != RCUBE_INSTALL_PATH) {
if (realpath($this->assets_dir . $skin_path . $file)) {
return $skin_path;
}
}
if (realpath(RCUBE_INSTALL_PATH . $skin_path . $file)) {
return $skin_path;
}
}
}
/**
* Register a GUI object to the client script
*
* @param string $obj Object name
* @param string $id Object ID
*/
public function add_gui_object($obj, $id)
{
$this->add_script(self::JS_OBJECT_NAME . ".gui_object('{$obj}', '{$id}');");
}
/**
* Call a client method
*
* @param string $cmd Method to call
* @param mixed ...$args Method arguments
*/
#[Override]
public function command($cmd, ...$args)
{
if (strpos($cmd, 'plugin.') !== false) {
$this->js_commands[] = ['triggerEvent', $cmd, $args[0]];
} else {
array_unshift($args, $cmd);
$this->js_commands[] = $args;
}
}
/**
* Add a localized label to the client environment
*
* @param mixed ...$args Labels (an array of strings, or many string arguments)
*/
#[Override]
public function add_label(...$args)
{
if (count($args) == 1 && is_array($args[0])) {
$args = $args[0];
}
foreach ($args as $name) {
$this->js_labels[$name] = $this->app->gettext($name);
}
}
/**
* Invoke display_message command
*
* @param string $message Message to display
* @param string $type Message type [notice|confirm|error]
* @param array $vars Key-value pairs to be replaced in localized text
* @param bool $override Override last set message
* @param int $timeout Message display time in seconds
*
* @uses self::command()
*/
#[Override]
public function show_message($message, $type = 'notice', $vars = null, $override = true, $timeout = 0)
{
if ($override || !$this->message) {
if ($this->app->text_exists($message)) {
if (!empty($vars)) {
$vars = array_map(['rcube', 'Q'], $vars);
}
$msgtext = $this->app->gettext(['name' => $message, 'vars' => $vars]);
} else {
$msgtext = $message;
}
$this->message = $message;
$this->command('display_message', $msgtext, $type, $timeout * 1000);
}
}
/**
* Delete all stored env variables and commands
*
* @param bool $all Reset all env variables (including internal)
*/
#[Override]
public function reset($all = false)
{
$framed = $this->framed;
$task = $this->env['task'] ?? '';
$env = $all ? null : array_intersect_key($this->env, ['extwin' => 1, 'framed' => 1]);
// keep jQuery-UI files
$css_files = $script_files = [];
foreach ($this->css_files as $file) {
if (strpos($file, 'plugins/jqueryui') === 0) {
$css_files[] = $file;
}
}
foreach ($this->script_files as $position => $files) {
foreach ($files as $file) {
if (strpos($file, 'plugins/jqueryui') === 0) {
$script_files[$position][] = $file;
}
}
}
parent::reset();
// let some env variables survive
$this->env = $this->js_env = $env;
$this->framed = $framed || !empty($this->env['framed']);
$this->js_labels = [];
$this->js_commands = [];
$this->scripts = [];
$this->header = '';
$this->footer = '';
$this->body = '';
$this->css_files = [];
$this->script_files = [];
// load defaults
if (!$all) {
$this->init();
}
// Note: we merge jQuery-UI scripts after jQuery...
$this->css_files = array_merge($this->css_files, $css_files);
$this->script_files = array_merge_recursive($this->script_files, $script_files);
$this->set_env('orig_task', $task);
}
/**
* Redirect to a certain url
*
* @param mixed $p Either a string with the action or url parameters as key-value pairs
* @param int $delay Delay in seconds
* @param bool $secure Redirect to secure location (see rcmail::url())
*/
#[Override]
public function redirect($p = [], $delay = 1, $secure = false)
{
if (!empty($this->env['extwin']) && !(is_string($p) && preg_match('#^https?://#', $p))) {
if (!is_array($p)) {
$p = ['_action' => $p];
}
$p['_extwin'] = 1;
}
$location = $this->app->url($p, false, false, $secure);
$this->header('Location: ' . $location);
exit;
}
/**
* Send the request output to the client.
* This will either parse a skin template.
*
* @param string $templ Template name
* @param bool $exit True if script should terminate (default)
*/
#[Override]
public function send($templ = null, $exit = true)
{
if ($templ != 'iframe') {
// prevent from endless loops
if ($exit != 'recur' && $this->app->plugins->is_processing('render_page')) {
rcube::raise_error([
'code' => 505,
'message' => 'Recursion alert: ignoring output->send()',
], true, false);
return;
}
$this->parse($templ, false);
} else {
$this->framed = true;
$this->write();
}
// set output asap
ob_flush();
flush();
if ($exit) {
exit;
}
}
/**
* Process template and write to stdOut
*
* @param string $template HTML template content
*/
public function write($template = '')
{
if (!empty($this->script_files)) {
$this->set_env('request_token', $this->app->get_request_token());
}
// Fix assets path on blankpage
if (!empty($this->js_env['blankpage'])) {
$this->js_env['blankpage'] = $this->asset_url($this->js_env['blankpage'], true);
}
$commands = $this->get_js_commands($framed);
// if all js commands go to parent window we can ignore all
// script files and skip rcube_webmail initialization (#1489792)
// but not on error pages where skins may need jQuery, etc.
if ($framed && empty($this->js_env['server_error'])) {
$this->scripts = [];
$this->script_files = [];
$this->header = '';
$this->footer = '';
}
// write all javascript commands
if (!empty($commands)) {
$this->add_script($commands, 'head_top');
}
$this->page_headers();
// call super method
$this->_write($template);
}
/**
* Send common page headers
* For now it only (re)sets X-Frame-Options when needed
*/
public function page_headers()
{
if (headers_sent()) {
return;
}
// allow (legal) iframe content to be loaded
$framed = $this->framed || !empty($this->env['framed']);
if ($framed && ($xopt = $this->app->config->get('x_frame_options', 'sameorigin'))) {
if (strtolower($xopt) === 'deny') {
$this->header('X-Frame-Options: sameorigin', true);
}
}
}
/**
* Parse a specific skin template and deliver to stdout (or return)
*
* @param string $name Template name
* @param bool $exit Exit script
* @param bool $write Don't write to stdout, return parsed content instead
*
* @see http://php.net/manual/en/function.exit.php
*/
public function parse($name = 'main', $exit = true, $write = true)
{
$plugin = false;
$realname = $name;
$skin_dir = '';
$plugin_skin_paths = [];
$this->template_name = $realname;
$temp = explode('.', $name, 2);
if (count($temp) > 1) {
$plugin = $temp[0];
$name = $temp[1];
$skin_dir = $plugin . '/skins/' . $this->config->get('skin');
// apply skin search escalation list to plugin directory
foreach ($this->skin_paths as $skin_path) {
// skin folder in plugin dir
$plugin_skin_paths[] = $this->app->plugins->url . $plugin . '/' . $skin_path;
// plugin folder in skin dir
$plugin_skin_paths[] = $skin_path . '/plugins/' . $plugin;
}
// prepend plugin skin paths to search list
$this->skin_paths = array_merge($plugin_skin_paths, $this->skin_paths);
}
// find skin template
$path = false;
foreach ($this->skin_paths as $skin_path) {
// when requesting a plugin template ignore global skin path(s)
if ($plugin && strpos($skin_path, $this->app->plugins->url) === false) {
continue;
}
$path = RCUBE_INSTALL_PATH . "{$skin_path}/templates/{$name}.html";
// fallback to deprecated template names
if (!is_readable($path) && !empty($this->deprecated_templates[$realname])) {
$dname = $this->deprecated_templates[$realname];
$path = RCUBE_INSTALL_PATH . "{$skin_path}/templates/{$dname}.html";
if (is_readable($path)) {
rcube::raise_error([
'code' => 502,
'message' => "Using deprecated template '{$dname}' in {$skin_path}/templates. Please rename to '{$realname}'",
], true, false);
}
}
if (is_readable($path)) {
$this->config->set('skin_path', $skin_path);
// set base_path to core skin directory (not plugin's skin)
$this->base_path = preg_replace('!plugins/\w+/!', '', $skin_path);
$skin_dir = preg_replace('!^plugins/!', '', $skin_path);
break;
}
$path = false;
}
// read template file
if (!$path || ($templ = @file_get_contents($path)) === false) {
rcube::raise_error([
'code' => 404,
'message' => 'Error loading template for ' . $realname,
], true, $write);
$this->skin_paths = array_slice($this->skin_paths, count($plugin_skin_paths));
return false;
}
// replace all path references to plugins/... with the configured plugins dir
// and /this/ to the current plugin skin directory
if ($plugin) {
$templ = preg_replace(
['/plugins\//', '/(["\']?)\/this\//'],
[$this->app->plugins->url, '' . $this->app->plugins->url . $skin_dir . '/'],
$templ
);
}
// parse for special tags
$output = $this->parse_conditions($templ);
$output = $this->parse_xml($output);
// trigger generic hook where plugins can put additional content to the page
$hook = $this->app->plugins->exec_hook('render_page', [
'template' => $realname,
'content' => $output,
'write' => $write,
]);
// save some memory
$output = $hook['content'];
unset($hook['content']);
// remove plugin skin paths from current context
$this->skin_paths = array_slice($this->skin_paths, count($plugin_skin_paths));
if (!$write) {
return $this->postrender($output);
}
$this->write(trim($output));
if ($exit) {
exit;
}
}
/**
* Return executable javascript code for all registered commands
*/
protected function get_js_commands(&$framed = null)
{
$out = '';
$parent_commands = 0;
$parent_prefix = '';
$top_commands = [];
// these should be always on top,
// e.g. hide_message() below depends on env.framed
if (!$this->framed && !empty($this->js_env)) {
$top_commands[] = ['set_env', $this->js_env];
}
if (!empty($this->js_labels)) {
$top_commands[] = ['add_label', $this->js_labels];
}
// unlock interface after iframe load
$unlock = isset($_REQUEST['_unlock']) ? preg_replace('/[^a-z0-9]/i', '', $_REQUEST['_unlock']) : 0;
if ($this->framed) {
$top_commands[] = ['iframe_loaded', $unlock];
} elseif ($unlock) {
$top_commands[] = ['hide_message', $unlock];
}
$commands = array_merge($top_commands, $this->js_commands);
foreach ($commands as $args) {
$method = array_shift($args);
$parent = $this->framed || preg_match('/^parent\./', $method);
foreach ($args as $i => $arg) {
$args[$i] = self::json_serialize($arg, $this->devel_mode);
}
if ($parent) {
$parent_commands++;
$method = preg_replace('/^parent\./', '', $method);
$parent_prefix = 'if (window.parent && parent.' . self::JS_OBJECT_NAME . ') parent.';
$method = $parent_prefix . self::JS_OBJECT_NAME . '.' . $method;
} else {
$method = self::JS_OBJECT_NAME . '.' . $method;
}
$out .= sprintf("%s(%s);
", $method, implode(',', $args));
}
$framed = $parent_prefix && $parent_commands == count($commands);
// make the output more compact if all commands go to parent window
if ($framed) {
$out = 'if (window.parent && parent.' . self::JS_OBJECT_NAME . ") {
"
. str_replace($parent_prefix, " parent.", $out)
. "}
";
}
return $out;
}
/**
* Make URLs starting with a slash point to skin directory
*
* @param string $str Input string
* @param bool $search_path True if URL should be resolved using the current skin path stack
*
* @return string URL
*/
public function abs_url($str, $search_path = false)
{
if (isset($str[0]) && $str[0] == '/') {
if ($search_path && ($file_url = $this->get_skin_file($str))) {
return $file_url;
}
return $this->base_path . $str;
}
return $str;
}
/**
* Show error page and terminate script execution
*
* @param int $code Error code
* @param string $message Error message
*/
#[Override]
public function raise_error($code, $message)
{
$args = [
'code' => $code,
'message' => $message,
];
$page = new rcmail_action_utils_error();
$page->run($args);
}
/**
* Modify path by adding URL prefix if configured
*
* @param string $path Asset path
* @param bool $abs_url Pass to self::abs_url() first
*
* @return string Asset path
*/
public function asset_url($path, $abs_url = false)
{
// iframe content can't be in a different domain
// @TODO: check if assets are on a different domain
if ($abs_url) {
$path = $this->abs_url($path, true);
}
if (!$this->assets_path || in_array($path[0], ['?', '/', '.']) || strpos($path, '://')) {
return $path;
}
return $this->assets_path . $path;
}
// Template parsing methods
/**
* Replace all strings ($varname)
* with the content of the according global variable.
*/
protected function parse_with_globals($input)
{
$GLOBALS['__version'] = html::quote(RCMAIL_VERSION);
$GLOBALS['__comm_path'] = html::quote($this->app->comm_path);
$GLOBALS['__skin_path'] = html::quote($this->base_path);
return preg_replace_callback('/\$(__[a-z0-9_\-]+)/', [$this, 'globals_callback'], $input);
}
/**
* Callback function for preg_replace_callback() in parse_with_globals()
*/
protected function globals_callback($matches)
{
return $GLOBALS[$matches[1]];
}
/**
* Correct absolute paths in images and other tags (add cache busters)
*/
protected function fix_paths($output)
{
$regexp = '!(src|href|background|data-src-[a-z]+)=(["\']?)([a-z0-9/_.-]+)(["\'\s>])!i';
return preg_replace_callback($regexp, [$this, 'file_callback'], $output);
}
/**
* Callback function for preg_replace_callback in fix_paths()
*
* @return string Parsed string
*/
protected function file_callback($matches)
{
$file = $matches[3];
$file = preg_replace('!^/this/!', '/', $file);
// correct absolute paths
if ($file[0] == '/') {
$this->get_skin_file($file, $skin_path, $this->base_path);
$file = ($skin_path ?: $this->base_path) . $file;
}
// add file modification timestamp
if (preg_match('/\.(js|css|less|ico|png|svg|jpeg)$/', $file)) {
$file = $this->file_mod($file);
}
return $matches[1] . '=' . $matches[2] . $file . $matches[4];
}
/**
* Correct paths of asset files according to assets_path
*/
protected function fix_assets_paths($output)
{
$regexp = '!(src|href|background)=(["\']?)([a-z0-9/_.?=-]+)(["\'\s>])!i';
return preg_replace_callback($regexp, [$this, 'assets_callback'], $output);
}
/**
* Callback function for preg_replace_callback in fix_assets_paths()
*
* @return string Parsed string
*/
protected function assets_callback($matches)
{
$file = $this->asset_url($matches[3]);
return $matches[1] . '=' . $matches[2] . $file . $matches[4];
}
/**
* Modify file by adding mtime indicator
*/
protected function file_mod($file)
{
$fs = false;
$ext = substr($file, strrpos($file, '.') + 1);
// use minified file if exists (not in development mode)
if (!$this->devel_mode && !preg_match('/\.min\.' . $ext . '$/', $file)) {
$minified_file = substr($file, 0, strlen($ext) * -1) . 'min.' . $ext;
if ($fs = @filemtime($this->assets_dir . $minified_file)) {
return $minified_file . '?s=' . $fs;
}
}
if ($fs = @filemtime($this->assets_dir . $file)) {
$file .= '?s=' . $fs;
}
return $file;
}
/**
* Public wrapper to dip into template parsing.
*
* @param string $input Template content
*
* @return string
*
* @uses rcmail_output_html::parse_xml()
*
* @since 0.1-rc1
*/
public function just_parse($input)
{
$input = $this->parse_conditions($input);
$input = $this->parse_xml($input);
$input = $this->postrender($input);
return $input;
}
/**
* Parse for conditional tags
*/
protected function parse_conditions($input)
{
$regexp1 = '/<roundcube:if\s+([^>]+)>/is';
$regexp2 = '/<roundcube:(if|elseif|else|endif)\s*([^>]*)>/is';
$pos = 0;
// Find IF tags and process them
while ($pos < strlen($input) && preg_match($regexp1, $input, $conditions, \PREG_OFFSET_CAPTURE, $pos)) {
$pos = $start = $conditions[0][1];
// Process the 'condition' attribute
$attrib = html::parse_attrib_string($conditions[1][0]);
$condmet = isset($attrib['condition']) && $this->check_condition($attrib['condition']);
// Define start/end position of the content to pass into the output
$content_start = $condmet ? $pos + strlen($conditions[0][0]) : null;
$content_end = null;
$level = 0;
$endif = null;
$n = $pos + 1;
// Process the code until the closing tag (for the processed IF tag)
while (preg_match($regexp2, $input, $matches, \PREG_OFFSET_CAPTURE, $n)) {
$tag_start = $matches[0][1];
$tag_end = $tag_start + strlen($matches[0][0]);
$tag_name = strtolower($matches[1][0]);
switch ($tag_name) {
case 'if':
$level++;
break;
case 'endif':
if (!$level--) {
$endif = $tag_end;
if ($content_end === null) {
$content_end = $tag_start;
}
break 2;
}
break;
case 'elseif':
if (!$level) {
if ($condmet) {
if ($content_end === null) {
$content_end = $tag_start;
}
} else {
// Process the 'condition' attribute
$attrib = html::parse_attrib_string($matches[2][0]);
$condmet = isset($attrib['condition']) && $this->check_condition($attrib['condition']);
if ($condmet) {
$content_start = $tag_end;
}
}
}
break;
case 'else':
if (!$level) {
if ($condmet) {
if ($content_end === null) {
$content_end = $tag_start;
}
} else {
$content_start = $tag_end;
}
}
break;
}
$n = $tag_end;
}
// No ending tag found
if ($endif === null) {
$pos = strlen($input);
if ($content_end === null) {
$content_end = $pos;
}
}
if ($content_start === null) {
$content = '';
} else {
$content = substr($input, $content_start, $content_end - $content_start);
}
// Replace the whole IF statement with the output content
$input = substr_replace($input, $content, $start, max($endif, $content_end, $pos) - $start);
$pos = $start;
}
return $input;
}
/**
* Determines if a given condition is met
*
* @param string $condition Condition statement
*
* @return bool True if condition is met, False if not
*
* @todo Extend this to allow real conditions, not just "set"
*/
protected function check_condition($condition)
{
return $this->eval_expression($condition);
}
/**
* Inserts hidden field with CSRF-prevention-token into POST forms
*/
protected function alter_form_tag($matches)
{
$out = $matches[0];
$attrib = html::parse_attrib_string($matches[1]);
if (!empty($attrib['method']) && strtolower($attrib['method']) == 'post') {
$hidden = new html_hiddenfield(['name' => '_token', 'value' => $this->app->get_request_token()]);
$out .= "
" . $hidden->show();
}
return $out;
}
/**
* Parse & evaluate a given expression and return its result.
*
* @param string $expression Expression statement
*
* @return mixed Expression result
*/
protected function eval_expression($expression)
{
$expression = preg_replace(
[
'/session:([a-z0-9_]+)/i',
'/config:([a-z0-9_]+)(:([a-z0-9_]+))?/i',
'/env:([a-z0-9_]+)/i',
'/request:([a-z0-9_]+)/i',
'/cookie:([a-z0-9_]+)/i',
'/browser:([a-z0-9_]+)/i',
'/template:name/i',
],
[
"(\$_SESSION['\1'] ?? null)",
"\$this->app->config->get('\1',rcube_utils::get_boolean('\3'))",
"(\$this->env['\1'] ?? null)",
"rcube_utils::get_input_value('\1', rcube_utils::INPUT_GPC)",
"(\$_COOKIE['\1'] ?? null)",
"(\$this->browser->{'\1'} ?? null)",
"'{$this->template_name}'",
],
$expression
);
// Note: We used create_function() before but it's deprecated in PHP 7.2
// and really it was just a wrapper on eval().
return eval("return ({$expression});");
}
/**
* Parse variable strings
*
* @param string $type Variable type (env, config etc)
* @param string $name Variable name
*
* @return mixed Variable value
*/
protected function parse_variable($type, $name)
{
$value = '';
switch ($type) {
case 'env':
$value = $this->env[$name] ?? null;
break;
case 'config':
$value = $this->config->get($name);
if (is_array($value) && !empty($value[$_SESSION['storage_host']])) {
$value = $value[$_SESSION['storage_host']];
}
break;
case 'request':
$value = rcube_utils::get_input_value($name, rcube_utils::INPUT_GPC);
break;
case 'session':
$value = $_SESSION[$name] ?? '';
break;
case 'cookie':
$value = htmlspecialchars($_COOKIE[$name], \ENT_COMPAT | \ENT_HTML401, RCUBE_CHARSET);
break;
case 'browser':
$value = $this->browser->{$name} ?? '';
break;
}
return $value;
}
/**
* Search for special tags in input and replace them
* with the appropriate content
*
* @param string $input Input string to parse
*
* @return string Altered input string
*
* @todo Use DOM-parser to traverse template HTML
* @todo Maybe a cache.
*/
protected function parse_xml($input)
{
$regexp = '/<roundcube:([-_a-z]+)\s+((?:[^>]|\\>)+)(?<!\\)>/Ui';
return preg_replace_callback($regexp, [$this, 'xml_command'], $input);
}
/**
* Callback function for parsing an xml command tag
* and turn it into real html content
*
* @param array $matches Matches array of preg_replace_callback
*
* @return string Tag/Object content
*/
protected function xml_command($matches)
{
$command = strtolower($matches[1]);
$attrib = html::parse_attrib_string($matches[2]);
// empty output if required condition is not met
if (!empty($attrib['condition']) && !$this->check_condition($attrib['condition'])) {
return '';
}
// localize title and summary attributes
if ($command != 'button' && !empty($attrib['title']) && $this->app->text_exists($attrib['title'])) {
$attrib['title'] = $this->app->gettext($attrib['title']);
}
if ($command != 'button' && !empty($attrib['summary']) && $this->app->text_exists($attrib['summary'])) {
$attrib['summary'] = $this->app->gettext($attrib['summary']);
}
// execute command
switch ($command) {
// return a button
case 'button':
if (!empty($attrib['name']) || !empty($attrib['command'])) {
return $this->button($attrib);
}
break;
// frame (<< reindent once https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7179 is fixed)
case 'frame':
return $this->frame($attrib);
// show a label (<< reindent once https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7179 is fixed)
case 'label':
if (!empty($attrib['expression'])) {
$attrib['name'] = $this->eval_expression($attrib['expression']);
}
if (!empty($attrib['name']) || !empty($attrib['command'])) {
$vars = $attrib + ['product' => $this->config->get('product_name')];
unset($vars['name'], $vars['command']);
$label = $this->app->gettext($attrib + ['vars' => $vars]);
$quoting = null;
if (!empty($attrib['quoting'])) {
$quoting = strtolower($attrib['quoting']);
} elseif (isset($attrib['html'])) {
$quoting = rcube_utils::get_boolean((string) $attrib['html']) ? 'no' : '';
}
// 'noshow' can be used in skins to define new labels
if (!empty($attrib['noshow'])) {
return '';
}
switch ($quoting) {
case 'no':
case 'raw':
break;
case 'javascript':
case 'js':
$label = rcube::JQ($label);
break;
default:
$label = html::quote($label);
break;
}
return $label;
}
break;
case 'add_label':
$this->add_label($attrib['name']);
break;
// include a file (<< reindent once https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7179 is fixed)
case 'include':
if (!empty($attrib['condition']) && !$this->check_condition($attrib['condition'])) {
break;
}
if ($attrib['file'][0] != '/') {
$attrib['file'] = '/templates/' . $attrib['file'];
}
$old_base_path = $this->base_path;
$include = '';
$attr_skin_path = !empty($attrib['skinpath']) ? $attrib['skinpath'] : null;
if (!empty($attrib['skin_path'])) {
$attr_skin_path = $attrib['skin_path'];
}
if ($path = $this->get_skin_file($attrib['file'], $skin_path, $attr_skin_path)) {
// set base_path to core skin directory (not plugin's skin)
$this->base_path = preg_replace('!plugins/\w+/!', '', $skin_path);
$path = realpath(RCUBE_INSTALL_PATH . $path);
}
if (is_readable($path)) {
$allow_php = $this->config->get('skin_include_php');
$include = $allow_php ? $this->include_php($path) : file_get_contents($path);
$include = $this->parse_conditions($include);
$include = $this->parse_xml($include);
$include = $this->fix_paths($include);
}
$this->base_path = $old_base_path;
return $include;
case 'plugin.include':
$hook = $this->app->plugins->exec_hook('template_plugin_include', $attrib + ['content' => '']);
return $hook['content'];
// define a container block (<< reindent once https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7179 is fixed)
case 'container':
if (!empty($attrib['name']) && !empty($attrib['id'])) {
$this->command('gui_container', $attrib['name'], $attrib['id']);
// let plugins insert some content here
$hook = $this->app->plugins->exec_hook('template_container', $attrib + ['content' => '']);
return $hook['content'];
}
break;
// return code for a specific application object (<< reindent once https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7179 is fixed)
case 'object':
$object = strtolower($attrib['name']);
$content = '';
$handler = null;
// correct deprecated object names
if (!empty($this->deprecated_template_objects[$object])) {
$object = $this->deprecated_template_objects[$object];
}
if (!empty($this->object_handlers[$object])) {
$handler = $this->object_handlers[$object];
}
// execute object handler function
if (is_callable($handler)) {
$this->prepare_object_attribs($attrib);
// We assume that objects with src attribute are internal (in most
// cases this is a watermark frame). We need this to make sure assets_path
// is added to the internal assets paths
$external = empty($attrib['src']);
$content = call_user_func($handler, $attrib);
} elseif ($object == 'doctype') {
$content = html::doctype($attrib['value']);
} elseif ($object == 'logo') {
$attrib += ['alt' => $this->xml_command(['', 'object', 'name="productname"'])];
// 'type' attribute added in 1.4 was renamed 'logo-type' in 1.5
// check both for backwards compatibility
$logo_type = !empty($attrib['logo-type']) ? $attrib['logo-type'] : null;
$logo_match = !empty($attrib['logo-match']) ? $attrib['logo-match'] : null;
if (!empty($attrib['type']) && empty($logo_type)) {
$logo_type = $attrib['type'];
}
if (($template_logo = $this->get_template_logo($logo_type, $logo_match)) !== null) {
$attrib['src'] = $template_logo;
}
if (($link = $this->get_template_logo('link')) !== null) {
$attrib['onclick'] = "location.href='{$link}';";
$attrib['style'] = 'cursor:pointer;';
}
$additional_logos = [];
$logo_types = (array) $this->config->get('additional_logo_types');
foreach ($logo_types as $type) {
if (($template_logo = $this->get_template_logo($type)) !== null) {
$additional_logos[$type] = $this->abs_url($template_logo);
} elseif (!empty($attrib['data-src-' . $type])) {
$additional_logos[$type] = $this->abs_url($attrib['data-src-' . $type]);
}
}
if (!empty($additional_logos)) {
$this->set_env('additional_logos', $additional_logos);
}
if (!empty($attrib['src'])) {
$content = html::img($attrib);
}
} elseif ($object == 'productname') {
$name = $this->config->get('product_name', 'Roundcube Webmail');
$content = html::quote($name);
} elseif ($object == 'version') {
$ver = (string) RCMAIL_VERSION;
if (is_file(RCUBE_INSTALL_PATH . '.svn/entries')) {
if (function_exists('shell_exec')) {
if (preg_match('/Revision:\s(\d+)/', (string) @shell_exec('svn info'), $regs)) {
$ver .= ' [SVN r' . $regs[1] . ']';
}
} else {
$ver .= ' [SVN]';
}
} elseif (is_file(RCUBE_INSTALL_PATH . '.git/index')) {
if (function_exists('shell_exec')) {
if (preg_match('/Date:\s+([^
]+)/', (string) @shell_exec('git log -1'), $regs)) {
if ($date = date('Ymd.Hi', strtotime($regs[1]))) {
$ver .= ' [GIT ' . $date . ']';
}
}
} else {
$ver .= ' [GIT]';
}
}
$content = html::quote($ver);
} elseif ($object == 'steptitle') {
$content = html::quote($this->get_pagetitle(false));
} elseif ($object == 'pagetitle') {
// Deprecated, <title> will be added automatically
$content = html::quote($this->get_pagetitle());
} elseif ($object == 'contentframe') {
if (empty($attrib['id'])) {
$attrib['id'] = 'rcm' . $this->env['task'] . 'frame';
}
// parse variables
if (preg_match('/^(config|env):([a-z0-9_]+)$/i', $attrib['src'], $matches)) {
$attrib['src'] = $this->parse_variable($matches[1], $matches[2]);
}
$content = $this->frame($attrib, true);
} elseif ($object == 'meta' || $object == 'links') {
if ($object == 'meta') {
$source = 'meta_tags';
$tag = 'meta';
$key = 'name';
$param = 'content';
} else {
$source = 'link_tags';
$tag = 'link';
$key = 'rel';
$param = 'href';
}
foreach ($this->{$source} as $name => $vars) {
// $vars can be in many forms:
// - string
// - ['key' => 'val']
// - [string, string]
// - [[], string]
// - [['key' => 'val'], ['key' => 'val']]
// normalise this for processing by checking for string array keys
$vars = is_array($vars) ? (count(array_filter(array_keys($vars), 'is_string')) > 0 ? [$vars] : $vars) : [$vars];
foreach ($vars as $args) {
// skip unset headers e.g. when extending a skin and removing a header defined in the parent
if ($args === false) {
continue;
}
$args = is_array($args) ? $args : [$param => $args];
// special handling for favicon
if ($object == 'links' && $name == 'shortcut icon' && empty($args[$param])) {
if ($href = $this->get_template_logo('favicon')) {
$args[$param] = $href;
} elseif ($href = $this->config->get('favicon', '/images/favicon.ico')) {
$args[$param] = $href;
}
}
$content .= html::tag($tag, [$key => $name, 'nl' => true] + $args);
}
}
}
// exec plugin hooks for this template object
$hook = $this->app->plugins->exec_hook("template_object_{$object}", $attrib + ['content' => (string) $content]);
if (strlen($hook['content']) && !empty($external)) {
$object_id = uniqid('TEMPLOBJECT:', true);
$this->objects[$object_id] = $hook['content'];
$hook['content'] = $object_id;
}
return $hook['content'];
// return <link> element (<< reindent once https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7179 is fixed)
case 'link':
if ($attrib['condition'] && !$this->check_condition($attrib['condition'])) {
break;
}
unset($attrib['condition']);
return html::tag('link', $attrib);
// return code for a specified eval expression (<< reindent once https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7179 is fixed)
case 'exp':
return html::quote($this->eval_expression($attrib['expression']));
// return variable (<< reindent once https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7179 is fixed)
case 'var':
$var = explode(':', $attrib['name']);
$value = $this->parse_variable($var[0], $var[1]);
if (is_array($value)) {
$value = implode(', ', $value);
}
return html::quote($value);
case 'form':
return $this->form_tag($attrib);
}
return '';
}
/**
* Prepares template object attributes
*
* @param array &$attribs Attributes
*/
protected function prepare_object_attribs(&$attribs)
{
foreach ($attribs as $key => &$value) {
if (strpos($key, 'data-label-') === 0) {
// Localize data-label-* attributes
$value = $this->app->gettext($value);
} elseif ($key[0] == ':') {
// Evaluate attributes with expressions and remove special character from attribute name
$attribs[substr($key, 1)] = $this->eval_expression($value);
unset($attribs[$key]);
}
}
}
/**
* Include a specific file and return it's contents
*
* @param string $file File path
*
* @return string Contents of the processed file
*/
protected function include_php($file)
{
ob_start();
include $file;
$out = ob_get_contents();
ob_end_clean();
return $out;
}
/**
* Put objects' content back into template output
*/
protected function postrender($output)
{
// insert objects' contents
foreach ($this->objects as $key => $val) {
$output = str_replace($key, (string) $val, $output, $count);
if ($count) {
$this->objects[$key] = null;
}
}
// make sure all <form> tags have a valid request token
$output = preg_replace_callback('/<form\s+([^>]+)>/Ui', [$this, 'alter_form_tag'], $output);
return $output;
}
/**
* Create and register a button
*
* @param array $attrib Named button attributes
*
* @return string HTML button
*
* @todo Remove all inline JS calls and use jQuery instead.
* @todo Remove all sprintf()'s - they are pretty, but also slow.
*/
public function button($attrib)
{
static $s_button_count = 100;
// these commands can be called directly via url
$a_static_commands = ['compose', 'list', 'preferences', 'folders', 'identities'];
if (empty($attrib['command']) && empty($attrib['name']) && empty($attrib['href'])) {
return '';
}
$command = !empty($attrib['command']) ? $attrib['command'] : null;
$action = $command ?: (!empty($attrib['name']) ? $attrib['name'] : null);
if (!empty($attrib['task'])) {
$command = $attrib['task'] . '.' . $command;
$element = $attrib['task'] . '.' . $action;
} else {
$element = (!empty($this->env['task']) ? $this->env['task'] . '.' : '') . $action;
}
$disabled_actions = (array) $this->config->get('disabled_actions');
// remove buttons for disabled actions
if (in_array($element, $disabled_actions) || in_array($action, $disabled_actions)) {
return '';
}
// try to find out the button type
if (!empty($attrib['type'])) {
$attrib['type'] = strtolower($attrib['type']);
if (strpos($attrib['type'], '-menuitem')) {
$attrib['type'] = substr($attrib['type'], 0, -9);
$menuitem = true;
}
} elseif (!empty($attrib['image']) || !empty($attrib['imagepas']) || !empty($attrib['imageact'])) {
$attrib['type'] = 'image';
} else {
$attrib['type'] = 'button';
}
if (empty($attrib['image'])) {
if (!empty($attrib['imagepas'])) {
$attrib['image'] = $attrib['imagepas'];
} elseif (!empty($attrib['imageact'])) {
$attrib['image'] = $attrib['imageact'];
}
}
if (empty($attrib['id'])) {
// ensure auto generated IDs are unique between main window and content frame
// Elastic skin duplicates buttons between the two on smaller screens (#7618)
$prefix = ($this->framed || !empty($this->env['framed'])) ? 'frm' : '';
$attrib['id'] = sprintf('rcmbtn%s%d', $prefix, $s_button_count++);
}
// get localized text for labels and titles
$domain = !empty($attrib['domain']) ? $attrib['domain'] : null;
if (!empty($attrib['title'])) {
$attrib['title'] = html::quote($this->app->gettext($attrib['title'], $domain));
}
if (!empty($attrib['label'])) {
$attrib['label'] = html::quote($this->app->gettext($attrib['label'], $domain));
}
if (!empty($attrib['alt'])) {
$attrib['alt'] = html::quote($this->app->gettext($attrib['alt'], $domain));
}
// set accessibility attributes
if (empty($attrib['role'])) {
$attrib['role'] = 'button';
}
if (!empty($attrib['class']) && !empty($attrib['classact']) || !empty($attrib['imagepas']) && !empty($attrib['imageact'])) {
if (array_key_exists('tabindex', $attrib)) {
$attrib['data-tabindex'] = $attrib['tabindex'];
}
$attrib['tabindex'] = '-1'; // disable button by default
$attrib['aria-disabled'] = 'true';
}
// set title to alt attribute for IE browsers
if ($this->browser->ie && empty($attrib['title']) && !empty($attrib['alt'])) {
$attrib['title'] = $attrib['alt'];
}
// add empty alt attribute for XHTML compatibility
if (!isset($attrib['alt'])) {
$attrib['alt'] = '';
}
// register button in the system
if (!empty($attrib['command'])) {
$this->add_script(sprintf(
"%s.register_button('%s', '%s', '%s', '%s', '%s', '%s');",
self::JS_OBJECT_NAME,
$command,
$attrib['id'],
$attrib['type'],
!empty($attrib['imageact']) ? $this->abs_url($attrib['imageact']) : (!empty($attrib['classact']) ? $attrib['classact'] : ''),
!empty($attrib['imagesel']) ? $this->abs_url($attrib['imagesel']) : (!empty($attrib['classsel']) ? $attrib['classsel'] : ''),
!empty($attrib['imageover']) ? $this->abs_url($attrib['imageover']) : ''
));
// make valid href to specific buttons
if (in_array($attrib['command'], rcmail::$main_tasks)) {
$attrib['href'] = $this->app->url(['task' => $attrib['command']]);
$attrib['onclick'] = sprintf("return %s.command('switch-task','%s',this,event)", self::JS_OBJECT_NAME, $attrib['command']);
} elseif (!empty($attrib['task']) && in_array($attrib['task'], rcmail::$main_tasks)) {
$attrib['href'] = $this->app->url(['action' => $attrib['command'], 'task' => $attrib['task']]);
} elseif (in_array($attrib['command'], $a_static_commands)) {
$attrib['href'] = $this->app->url(['action' => $attrib['command']]);
} elseif (($attrib['command'] == 'permaurl' || $attrib['command'] == 'extwin') && !empty($this->env['permaurl'])) {
$attrib['href'] = $this->env['permaurl'];
}
}
// overwrite attributes
if (empty($attrib['href'])) {
$attrib['href'] = '#';
}
if (!empty($attrib['task'])) {
if (!empty($attrib['classact'])) {
$attrib['class'] = $attrib['classact'];
}
} elseif ($command && empty($attrib['onclick'])) {
$attrib['onclick'] = sprintf(
"return %s.command('%s','%s',this,event)",
self::JS_OBJECT_NAME,
$command,
!empty($attrib['prop']) ? $attrib['prop'] : ''
);
}
$out = '';
$btn_content = null;
$link_attrib = [];
// generate image tag
if ($attrib['type'] == 'image') {
$attrib_str = html::attrib_string(
$attrib,
[
'style', 'class', 'id', 'width', 'height', 'border', 'hspace',
'vspace', 'align', 'alt', 'tabindex', 'title',
]
);
$btn_content = sprintf('<img src="%s"%s />', $this->abs_url($attrib['image']), $attrib_str);
if (!empty($attrib['label'])) {
$btn_content .= ' ' . $attrib['label'];
}
$link_attrib = ['href', 'onclick', 'onmouseover', 'onmouseout', 'onmousedown', 'onmouseup', 'target'];
} elseif ($attrib['type'] == 'link') {
$btn_content = $attrib['content'] ?? (!empty($attrib['label']) ? $attrib['label'] : $attrib['command']);
$link_attrib = array_merge(html::$common_attrib, ['href', 'onclick', 'tabindex', 'target', 'rel']);
if (!empty($attrib['innerclass'])) {
$btn_content = html::span($attrib['innerclass'], $btn_content);
}
} elseif ($attrib['type'] == 'input') {
$attrib['type'] = 'button';
if (!empty($attrib['label'])) {
$attrib['value'] = $attrib['label'];
}
if (!empty($attrib['command'])) {
$attrib['disabled'] = 'disabled';
}
$out = html::tag('input', $attrib, null, ['type', 'value', 'onclick', 'id', 'class', 'style', 'tabindex', 'disabled']);
} else {
if (!empty($attrib['label'])) {
$attrib['value'] = $attrib['label'];
}
if (!empty($attrib['command'])) {
$attrib['disabled'] = 'disabled';
}
$content = $attrib['content'] ?? $attrib['label'];
$out = html::tag('button', $attrib, $content, ['type', 'value', 'onclick', 'id', 'class', 'style', 'tabindex', 'disabled']);
}
// generate html code for button
if ($btn_content) {
$attrib_str = html::attrib_string($attrib, $link_attrib);
$out = sprintf('<a%s>%s</a>', $attrib_str, $btn_content);
}
if (!empty($attrib['wrapper'])) {
$out = html::tag($attrib['wrapper'], null, $out);
}
if (!empty($menuitem)) {
$class = !empty($attrib['menuitem-class']) ? ' class="' . $attrib['menuitem-class'] . '"' : '';
$out = '<li role="menuitem"' . $class . '>' . $out . '</li>';
}
return $out;
}
/**
* Link an external script file
*
* @param string $file File URL
* @param string $position Target position [head|head_bottom|foot]
*/
public function include_script($file, $position = 'head', $add_path = true)
{
if ($add_path && !preg_match('|^https?://|i', $file) && $file[0] != '/') {
$file = $this->file_mod($this->scripts_path . $file);
}
if (!isset($this->script_files[$position]) || !is_array($this->script_files[$position])) {
$this->script_files[$position] = [];
}
if (!in_array($file, $this->script_files[$position])) {
$this->script_files[$position][] = $file;
}
}
/**
* Add inline javascript code
*
* @param string $script JS code snippet
* @param string $position Target position [head|head_top|foot|docready]
*/
public function add_script($script, $position = 'head')
{
if (!isset($this->scripts[$position])) {
$this->scripts[$position] = rtrim($script);
} else {
$this->scripts[$position] .= "
" . rtrim($script);
}
}
/**
* Link an external css file
*
* @param string $file File URL
*/
public function include_css($file)
{
$this->css_files[] = $file;
}
/**
* Add HTML code to the page header
*
* @param string $str HTML code
*/
public function add_header($str)
{
$this->header .= "
" . $str;
}
/**
* Add HTML code to the page footer
* To be added right before </body>
*
* @param string $str HTML code
*/
public function add_footer($str)
{
$this->footer .= "
" . $str;
}
/**
* Process template and write to stdOut
*
* @param string $output HTML output
*/
protected function _write($output = '')
{
$output = trim($output);
if (empty($output)) {
$output = html::doctype('html5') . "
" . $this->default_template;
$is_empty = true;
}
$merge_script_files = static function ($output, $script) {
return $output . html::script($script);
};
$merge_scripts = static function ($output, $script) {
return $output . html::script([], $script);
};
// put docready commands into page footer
if (!empty($this->scripts['docready'])) {
$this->add_script("\$(function() {
" . $this->scripts['docready'] . "
});", 'foot');
}
$page_header = '';
$page_footer = '';
$meta = '';
// declare page language
if (!empty($_SESSION['language'])) {
$lang = substr($_SESSION['language'], 0, 2);
$output = preg_replace('/<html/', '<html lang="' . html::quote($lang) . '"', $output, 1);
if (!headers_sent()) {
$this->header('Content-Language: ' . $lang);
}
}
// include meta tag with charset
if (!empty($this->charset)) {
if (!headers_sent()) {
$this->header('Content-Type: text/html; charset=' . $this->charset);
}
$meta .= html::tag('meta', [
'http-equiv' => 'content-type',
'content' => "text/html; charset={$this->charset}",
'nl' => true,
]);
}
// include page title (after charset specification)
$meta .= '<title>' . html::quote($this->get_pagetitle()) . "</title>
";
$output = (string) preg_replace('/(<head[^>]*>)
*/i', "\1
{$meta}", $output, 1, $count);
if (!$count) {
$page_header .= $meta;
}
// include scripts into header/footer
if (!empty($this->script_files['head'])) {
$page_header .= array_reduce((array) $this->script_files['head'], $merge_script_files);
}
$head = $this->scripts['head_top'] ?? '';
$head .= $this->scripts['head'] ?? '';
$page_header .= array_reduce((array) $head, $merge_scripts);
$page_header .= $this->header . "
";
if (!empty($this->script_files['head_bottom'])) {
$page_header .= array_reduce((array) $this->script_files['head_bottom'], $merge_script_files);
}
if (!empty($this->script_files['foot'])) {
$page_footer .= array_reduce((array) $this->script_files['foot'], $merge_script_files);
}
$page_footer .= $this->footer . "
";
if (!empty($this->scripts['foot'])) {
$page_footer .= array_reduce((array) $this->scripts['foot'], $merge_scripts);
}
// find page header
if ($hpos = stripos($output, '</head>')) {
$page_header .= "
";
} else {
if (!is_numeric($hpos)) {
$hpos = stripos($output, '<body');
}
if (!is_numeric($hpos) && ($hpos = stripos($output, '<html'))) {
// @phpstan-ignore-next-line
while ($output[$hpos] != '>') {
$hpos++;
}
$hpos++;
}
$page_header = "<head>
{$page_header}
</head>
";
}
// add page header
if ($hpos) {
$output = substr_replace($output, $page_header, $hpos, 0);
} else {
$output = $page_header . $output;
}
// add page footer
if (($fpos = strripos($output, '</body>')) || ($fpos = strripos($output, '</html>'))) {
// for Elastic: put footer content before "footer scripts"
while (($npos = strripos($output, "
", -strlen($output) + $fpos - 1))
&& $npos != $fpos
&& ($chunk = substr($output, $npos, $fpos - $npos)) !== ''
&& (trim($chunk) === '' || preg_match('/\s*<script[^>]+><\/script>\s*/', $chunk))
) {
$fpos = $npos;
}
$output = substr_replace($output, $page_footer . "
", $fpos, 0);
} else {
$output .= "
" . $page_footer;
}
// add css files in head, before scripts, for speed up with parallel downloads
if (!empty($this->css_files) && empty($is_empty)
&& (($pos = stripos($output, '<script ')) || ($pos = stripos($output, '</head>')))
) {
$css = '';
foreach ($this->css_files as $file) {
$is_less = substr_compare($file, '.less', -5, 5, true) === 0;
$css .= html::tag('link', [
'rel' => $is_less ? 'stylesheet/less' : 'stylesheet',
'type' => 'text/css',
'href' => $file,
'nl' => true,
]);
}
$output = substr_replace($output, $css, $pos, 0);
}
$output = $this->parse_with_globals($this->fix_paths($output));
if ($this->assets_path) {
$output = $this->fix_assets_paths($output);
}
$output = $this->postrender($output);
// trigger hook with final HTML content to be sent
$hook = $this->app->plugins->exec_hook('send_page', ['content' => $output]);
if (!$hook['abort']) {
if ($this->charset != RCUBE_CHARSET) {
echo rcube_charset::convert($hook['content'], RCUBE_CHARSET, $this->charset);
} else {
echo $hook['content'];
}
}
}
/**
* Returns iframe object, registers some related env variables
*
* @param array $attrib HTML attributes
* @param bool $is_contentframe Register this iframe as the 'contentframe' gui object
*
* @return string IFRAME element
*/
public function frame($attrib, $is_contentframe = false)
{
static $idcount = 0;
if (empty($attrib['id'])) {
$attrib['id'] = 'rcmframe' . ++$idcount;
}
$attrib['name'] = $attrib['id'];
$attrib['src'] = !empty($attrib['src']) ? $this->abs_url($attrib['src'], true) : 'javascript:false;';
// register as 'contentframe' object
if ($is_contentframe || !empty($attrib['contentframe'])) {
$this->set_env('contentframe', !empty($attrib['contentframe']) ? $attrib['contentframe'] : $attrib['name']);
}
return html::iframe($attrib);
}
// common functions delivering gui objects
/**
* Create a form tag with the necessary hidden fields
*
* @param array $attrib Named tag parameters
* @param string $content HTML content of the form
*
* @return string HTML code for the form
*/
public function form_tag($attrib, $content = null)
{
$hidden = '';
if (!empty($this->env['extwin'])) {
$hiddenfield = new html_hiddenfield(['name' => '_extwin', 'value' => '1']);
$hidden = $hiddenfield->show();
} elseif ($this->framed || !empty($this->env['framed'])) {
$hiddenfield = new html_hiddenfield(['name' => '_framed', 'value' => '1']);
$hidden = $hiddenfield->show();
}
if (!$content) {
$attrib['noclose'] = true;
}
return html::tag('form',
$attrib + ['action' => $this->app->comm_path, 'method' => 'get'],
$hidden . $content,
['id', 'class', 'style', 'name', 'method', 'action', 'enctype', 'onsubmit']
);
}
/**
* Build a form tag with a unique request token
*
* @param array $attrib Named tag parameters including 'action' and 'task' values
* which will be put into hidden fields
* @param string $content Form content
*
* @return string HTML code for the form
*/
public function request_form($attrib, $content = '')
{
$hidden = new html_hiddenfield();
if (!empty($attrib['task'])) {
$hidden->add(['name' => '_task', 'value' => $attrib['task']]);
}
if (!empty($attrib['action'])) {
$hidden->add(['name' => '_action', 'value' => $attrib['action']]);
}
// we already have a <form> tag
if (!empty($attrib['form'])) {
if ($this->framed || !empty($this->env['framed'])) {
$hidden->add(['name' => '_framed', 'value' => '1']);
}
return $hidden->show() . $content;
}
unset($attrib['task'], $attrib['request']);
$attrib['action'] = './';
return $this->form_tag($attrib, $hidden->show() . $content);
}
/**
* GUI object 'username'
* Showing IMAP username of the current session
*
* @param array $attrib Named tag parameters (currently not used)
*
* @return string HTML code for the gui object
*/
public function current_username($attrib)
{
static $username;
// already fetched
if (!empty($username)) {
return $username;
}
// Current username is an e-mail address
if (isset($_SESSION['username']) && strpos($_SESSION['username'], '@')) {
$username = $_SESSION['username'];
}
// get e-mail address from default identity
elseif ($sql_arr = $this->app->user->get_identity()) {
$username = $sql_arr['email'];
} else {
$username = $this->app->user->get_username();
}
$username = rcube_utils::idn_to_utf8($username);
return html::quote($username);
}
/**
* GUI object 'loginform'
* Returns code for the webmail login form
*
* @param array $attrib Named parameters
*
* @return string HTML code for the gui object
*/
protected function login_form($attrib)
{
$default_host = $this->config->get('imap_host');
$autocomplete = (int) $this->config->get('login_autocomplete');
$username_filter = $this->config->get('login_username_filter');
$_SESSION['temp'] = true;
// save original url
$url = rcube_utils::get_input_string('_url', rcube_utils::INPUT_POST);
if (
empty($url)
&& !empty($_SERVER['QUERY_STRING'])
&& !preg_match('/_(task|action)=logout/', $_SERVER['QUERY_STRING'])
) {
$url = $_SERVER['QUERY_STRING'];
}
// Disable autocapitalization on iPad/iPhone (#1488609)
$attrib['autocapitalize'] = 'off';
$form_name = !empty($attrib['form']) ? $attrib['form'] : 'form';
// set autocomplete attribute
$user_attrib = $autocomplete > 0 ? [] : ['autocomplete' => 'off'];
$host_attrib = $autocomplete > 0 ? [] : ['autocomplete' => 'off'];
$pass_attrib = $autocomplete > 1 ? [] : ['autocomplete' => 'off'];
if ($username_filter && strtolower($username_filter) == 'email') {
$user_attrib['type'] = 'email';
}
$input_task = new html_hiddenfield(['name' => '_task', 'value' => 'login']);
$input_action = new html_hiddenfield(['name' => '_action', 'value' => 'login']);
$input_tzone = new html_hiddenfield(['name' => '_timezone', 'id' => 'rcmlogintz', 'value' => '_default_']);
$input_url = new html_hiddenfield(['name' => '_url', 'id' => 'rcmloginurl', 'value' => $url]);
$input_user = new html_inputfield(['name' => '_user', 'id' => 'rcmloginuser', 'required' => 'required']
+ $attrib + $user_attrib);
$input_pass = new html_passwordfield(['name' => '_pass', 'id' => 'rcmloginpwd', 'required' => 'required']
+ $attrib + $pass_attrib);
$input_host = null;
$form_content = [
'hidden' => [
'task' => $input_task->show(),
'action' => $input_action->show(),
'tzone' => $input_tzone->show(),
'url' => $input_url->show(),
],
'inputs' => [
'user' => [
'title' => html::label('rcmloginuser', html::quote($this->app->gettext('username'))),
'content' => $input_user->show(rcube_utils::get_input_string('_user', rcube_utils::INPUT_GPC)),
],
'password' => [
'title' => html::label('rcmloginpwd', html::quote($this->app->gettext('password'))),
'content' => $input_pass->show(),
],
],
'buttons' => [],
];
if (is_array($default_host) && count($default_host) > 1) {
$input_host = new html_select(['name' => '_host', 'id' => 'rcmloginhost', 'class' => 'custom-select']);
foreach ($default_host as $key => $value) {
if (!is_array($value)) {
$input_host->add($value, is_numeric($key) ? $value : $key);
} else {
$input_host = null;
break;
}
}
} elseif (is_array($default_host) && ($host = key($default_host)) !== null) {
$val = is_numeric($host) ? $default_host[$host] : $host;
$input_host = new html_hiddenfield(['name' => '_host', 'id' => 'rcmloginhost', 'value' => $val] + $attrib);
$form_content['hidden']['host'] = $input_host->show();
$input_host = null;
} elseif (empty($default_host)) {
$input_host = new html_inputfield(['name' => '_host', 'id' => 'rcmloginhost', 'class' => 'form-control']
+ $attrib + $host_attrib);
}
// add host selection row
if (is_object($input_host)) {
$form_content['inputs']['host'] = [
'title' => html::label('rcmloginhost', html::quote($this->app->gettext('server'))),
'content' => $input_host->show(rcube_utils::get_input_string('_host', rcube_utils::INPUT_GPC)),
];
}
if (rcube_utils::get_boolean($attrib['submit'])) {
$button_attr = ['type' => 'submit', 'id' => 'rcmloginsubmit', 'class' => 'button mainaction submit'];
$button = html::tag('button', $button_attr, $this->app->gettext('login'));
$form_content['buttons']['submit'] = ['outterclass' => 'formbuttons', 'content' => $button];
}
$data = $this->app->plugins->exec_hook('loginform_content', $form_content);
$this->add_gui_object('loginform', $form_name);
// output login form contents
$out = implode('', $data['hidden']);
if (count($data['inputs']) > 0) {
// create HTML table with two cols
$table = new html_table(['cols' => 2]);
foreach ($data['inputs'] as $input) {
if (isset($input['title'])) {
$table->add('title', $input['title']);
$table->add('input', $input['content']);
} else {
$table->add(['colspan' => 2, 'class' => 'input'], $input['content']);
}
}
$out .= $table->show();
}
foreach ($data['buttons'] as $button) {
$out .= html::p($button['outterclass'], $button['content']);
}
// surround html output with a form tag
if (empty($attrib['form'])) {
$out = $this->form_tag(['name' => $form_name, 'method' => 'post'], $out);
}
return $out;
}
/**
* GUI object 'preloader'
* Loads javascript code for images preloading
*
* @param array $attrib Named parameters
*/
protected function preloader($attrib): void
{
$images = preg_split('/[\s
,]+/', $attrib['images'], -1, \PREG_SPLIT_NO_EMPTY);
$images = array_map([$this, 'abs_url'], $images);
$images = array_map([$this, 'asset_url'], $images);
if (empty($images) || (isset($_REQUEST['_task']) && $_REQUEST['_task'] == 'logout')) {
return;
}
$this->add_script('var images = ' . self::json_serialize($images, $this->devel_mode) . ';
for (var i=0; i<images.length; i++) {
img = new Image();
img.src = images[i];
}', 'docready');
}
/**
* GUI object 'searchform'
* Returns code for search function
*
* @param array $attrib Named parameters
*
* @return string HTML code for the gui object
*/
public function search_form($attrib)
{
// add some labels to client
$this->add_label('searching');
$attrib['name'] = '_q';
$attrib['class'] = trim((!empty($attrib['class']) ? $attrib['class'] : '') . ' no-bs');
if (empty($attrib['id'])) {
$attrib['id'] = 'rcmqsearchbox';
}
if (isset($attrib['type']) && $attrib['type'] == 'search' && !$this->browser->khtml) {
unset($attrib['type'], $attrib['results']);
}
if (empty($attrib['placeholder'])) {
$attrib['placeholder'] = $this->app->gettext('searchplaceholder');
}
$label = html::label(['for' => $attrib['id'], 'class' => 'voice'], rcube::Q($this->app->gettext('arialabelsearchterms')));
$input_q = new html_inputfield($attrib);
$out = $label . $input_q->show();
$name = 'qsearchbox';
// Support for multiple searchforms on the same page
if (isset($attrib['gui-object']) && $attrib['gui-object'] !== false && $attrib['gui-object'] !== 'false') {
$name = $attrib['gui-object'];
}
$this->add_gui_object($name, $attrib['id']);
// add form tag around text field
if (empty($attrib['form']) && empty($attrib['no-form'])) {
$out = $this->form_tag([
'name' => !empty($attrib['form-name']) ? $attrib['form-name'] : 'rcmqsearchform',
'onsubmit' => sprintf(
"%s.command('%s'); return false",
self::JS_OBJECT_NAME,
!empty($attrib['command']) ? $attrib['command'] : 'search'
),
// 'style' => "display:inline"
], $out);
}
if (!empty($attrib['wrapper'])) {
$options_button = '';
$ariatag = !empty($attrib['ariatag']) ? $attrib['ariatag'] : 'h2';
$domain = !empty($attrib['label-domain']) ? $attrib['label-domain'] : null;
$options = !empty($attrib['options']) ? $attrib['options'] : null;
$header_label = $this->app->gettext('arialabel' . $attrib['label'], $domain);
$header_attrs = [
'id' => 'aria-label-' . $attrib['label'],
'class' => 'voice',
];
$header = html::tag($ariatag, $header_attrs, rcube::Q($header_label));
if (!empty($attrib['options'])) {
$options_button = $this->button([
'type' => 'link',
'href' => '#search-filter',
'class' => 'button options',
'label' => 'options',
'title' => 'options',
'tabindex' => '0',
'innerclass' => 'inner',
'data-target' => $options,
]);
}
$search_button = $this->button([
'type' => 'link',
'href' => '#search',
'class' => 'button search',
'label' => $attrib['buttontitle'],
'title' => $attrib['buttontitle'],
'tabindex' => '0',
'innerclass' => 'inner',
]);
$reset_button = $this->button([
'type' => 'link',
'command' => !empty($attrib['reset-command']) ? $attrib['reset-command'] : 'reset-search',
'class' => 'button reset',
'label' => 'resetsearch',
'title' => 'resetsearch',
'tabindex' => '0',
'innerclass' => 'inner',
]);
$out = html::div([
'role' => 'search',
'aria-labelledby' => !empty($attrib['label']) ? 'aria-label-' . $attrib['label'] : null,
'class' => $attrib['wrapper'],
],
"{$header}{$out}
{$reset_button}
{$options_button}
{$search_button}"
);
}
return $out;
}
/**
* Builder for GUI object 'message'
*
* @param array $attrib Named tag parameters
*
* @return string HTML code for the gui object
*/
protected function message_container($attrib)
{
if (isset($attrib['id']) === false) {
$attrib['id'] = 'rcmMessageContainer';
}
$this->add_gui_object('message', $attrib['id']);
return html::div($attrib, '');
}
/**
* GUI object 'charsetselector'
*
* @param array $attrib Named parameters for the select tag
*
* @return string HTML code for the gui object
*/
public function charset_selector($attrib)
{
// pass the following attributes to the form class
$field_attrib = ['name' => '_charset'];
foreach ($attrib as $attr => $value) {
if (in_array($attr, ['id', 'name', 'class', 'style', 'size', 'tabindex'])) {
$field_attrib[$attr] = $value;
}
}
$charsets = [
'UTF-8' => 'UTF-8 (' . $this->app->gettext('unicode') . ')',
'US-ASCII' => 'ASCII (' . $this->app->gettext('english') . ')',
'ISO-8859-1' => 'ISO-8859-1 (' . $this->app->gettext('westerneuropean') . ')',
'ISO-8859-2' => 'ISO-8859-2 (' . $this->app->gettext('easterneuropean') . ')',
'ISO-8859-4' => 'ISO-8859-4 (' . $this->app->gettext('baltic') . ')',
'ISO-8859-5' => 'ISO-8859-5 (' . $this->app->gettext('cyrillic') . ')',
'ISO-8859-6' => 'ISO-8859-6 (' . $this->app->gettext('arabic') . ')',
'ISO-8859-7' => 'ISO-8859-7 (' . $this->app->gettext('greek') . ')',
'ISO-8859-8' => 'ISO-8859-8 (' . $this->app->gettext('hebrew') . ')',
'ISO-8859-9' => 'ISO-8859-9 (' . $this->app->gettext('turkish') . ')',
'ISO-8859-10' => 'ISO-8859-10 (' . $this->app->gettext('nordic') . ')',
'ISO-8859-11' => 'ISO-8859-11 (' . $this->app->gettext('thai') . ')',
'ISO-8859-13' => 'ISO-8859-13 (' . $this->app->gettext('baltic') . ')',
'ISO-8859-14' => 'ISO-8859-14 (' . $this->app->gettext('celtic') . ')',
'ISO-8859-15' => 'ISO-8859-15 (' . $this->app->gettext('westerneuropean') . ')',
'ISO-8859-16' => 'ISO-8859-16 (' . $this->app->gettext('southeasterneuropean') . ')',
'WINDOWS-1250' => 'Windows-1250 (' . $this->app->gettext('easterneuropean') . ')',
'WINDOWS-1251' => 'Windows-1251 (' . $this->app->gettext('cyrillic') . ')',
'WINDOWS-1252' => 'Windows-1252 (' . $this->app->gettext('westerneuropean') . ')',
'WINDOWS-1253' => 'Windows-1253 (' . $this->app->gettext('greek') . ')',
'WINDOWS-1254' => 'Windows-1254 (' . $this->app->gettext('turkish') . ')',
'WINDOWS-1255' => 'Windows-1255 (' . $this->app->gettext('hebrew') . ')',
'WINDOWS-1256' => 'Windows-1256 (' . $this->app->gettext('arabic') . ')',
'WINDOWS-1257' => 'Windows-1257 (' . $this->app->gettext('baltic') . ')',
'WINDOWS-1258' => 'Windows-1258 (' . $this->app->gettext('vietnamese') . ')',
'ISO-2022-JP' => 'ISO-2022-JP (' . $this->app->gettext('japanese') . ')',
'ISO-2022-KR' => 'ISO-2022-KR (' . $this->app->gettext('korean') . ')',
'ISO-2022-CN' => 'ISO-2022-CN (' . $this->app->gettext('chinese') . ')',
'EUC-JP' => 'EUC-JP (' . $this->app->gettext('japanese') . ')',
'EUC-KR' => 'EUC-KR (' . $this->app->gettext('korean') . ')',
'EUC-CN' => 'EUC-CN (' . $this->app->gettext('chinese') . ')',
'BIG5' => 'BIG5 (' . $this->app->gettext('chinese') . ')',
'GB2312' => 'GB2312 (' . $this->app->gettext('chinese') . ')',
'KOI8-R' => 'KOI8-R (' . $this->app->gettext('cyrillic') . ')',
];
if ($post = rcube_utils::get_input_string('_charset', rcube_utils::INPUT_POST)) {
$set = $post;
} elseif (!empty($attrib['selected'])) {
$set = $attrib['selected'];
} else {
$set = $this->get_charset();
}
$set = strtoupper($set);
if (!isset($charsets[$set]) && preg_match('/^[A-Z0-9-]+$/', $set)) {
$charsets[$set] = $set;
}
$select = new html_select($field_attrib);
$select->add(array_values($charsets), array_keys($charsets));
return $select->show($set);
}
/**
* Include content from config/about.<LANG>.html if available
*/
protected function about_content($attrib)
{
$content = '';
$filenames = [
'about.' . $_SESSION['language'] . '.html',
'about.' . substr($_SESSION['language'], 0, 2) . '.html',
'about.html',
];
foreach ($filenames as $file) {
$fn = RCUBE_CONFIG_DIR . $file;
if (is_readable($fn)) {
$content = file_get_contents($fn);
$content = $this->parse_conditions($content);
$content = $this->parse_xml($content);
break;
}
}
return $content;
}
/**
* Get logo URL for current template based on skin_logo config option
*
* @param string $type Type of the logo to check for (e.g. 'print' or 'small')
* default is null (no special type)
* @param string $match (optional) 'all' = type, template or wildcard, 'template' = type or template
* Note: when type is specified matches are limited to type only unless $match is defined
*
* @return string|null image URL
*/
protected function get_template_logo($type = null, $match = null)
{
$template_logo = null;
if ($logo = $this->config->get('skin_logo')) {
if (is_array($logo)) {
$template_names = [
$this->skin_name . ':' . $this->template_name . '[' . $type . ']',
$this->skin_name . ':' . $this->template_name,
$this->skin_name . ':*[' . $type . ']',
$this->skin_name . ':[' . $type . ']',
$this->skin_name . ':*',
'*:' . $this->template_name . '[' . $type . ']',
'*:' . $this->template_name,
'*:*[' . $type . ']',
'*:[' . $type . ']',
$this->template_name . '[' . $type . ']',
$this->template_name,
'*[' . $type . ']',
'[' . $type . ']',
'*',
];
if (empty($type)) {
// If no type provided then remove those options from the list
$template_names = preg_grep('/\]$/', $template_names, \PREG_GREP_INVERT);
} elseif ($match === null) {
// Type specified with no special matching requirements so remove all none type specific options from the list
$template_names = preg_grep('/\]$/', $template_names);
}
if ($match == 'template') {
// Match only specific type or template name
$template_names = preg_grep('/\*$/', $template_names, \PREG_GREP_INVERT);
}
foreach ($template_names as $key) {
if (isset($logo[$key])) {
$template_logo = $logo[$key];
break;
}
}
} elseif ($type != 'link') {
$template_logo = $logo;
}
}
return $template_logo;
}
}
?>
Did this file decode correctly?
Original Code
<?php
/*
+-----------------------------------------------------------------------+
| This file is part of the Roundcube Webmail client |
| |
| Copyright (C) The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
| See the README file for a full license statement. |
| |
| PURPOSE: |
| Class to handle HTML page output using a skin template. |
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <[email protected]> |
+-----------------------------------------------------------------------+
*/
/**
* Class to create HTML page output using a skin template
*/
class rcmail_output_html extends rcmail_output
{
public $type = 'html';
protected $message;
protected $template_name;
protected $objects = [];
protected $js_env = [];
protected $js_labels = [];
protected $js_commands = [];
protected $skin_paths = [];
protected $skin_extends = [];
protected $skin_name = '';
protected $scripts_path = '';
protected $script_files = [];
protected $css_files = [];
protected $scripts = [];
protected $task;
protected $meta_tags = [];
protected $link_tags = ['shortcut icon' => ''];
protected $header = '';
protected $footer = '';
protected $body = '';
protected $base_path = '';
protected $assets_path;
protected $assets_dir = RCUBE_INSTALL_PATH;
protected $devel_mode = false;
protected $default_template = "<html>\n<head><meta name='generator' content='Roundcube'></head>\n<body></body>\n</html>";
// deprecated names of templates used before 0.5
protected $deprecated_templates = [
'contact' => 'showcontact',
'contactadd' => 'addcontact',
'contactedit' => 'editcontact',
'identityedit' => 'editidentity',
'messageprint' => 'printmessage',
];
// deprecated names of template objects used before 1.4
protected $deprecated_template_objects = [
'addressframe' => 'contentframe',
'messagecontentframe' => 'contentframe',
'prefsframe' => 'contentframe',
'folderframe' => 'contentframe',
'identityframe' => 'contentframe',
'responseframe' => 'contentframe',
'keyframe' => 'contentframe',
'filterframe' => 'contentframe',
];
/**
* Constructor
*/
public function __construct($task = null, $framed = false)
{
parent::__construct();
$this->task = $task;
$this->init($framed);
}
/**
* Initialization
*/
protected function init($framed = false)
{
$this->set_env('task', $this->task);
$this->set_env('standard_windows', (bool) $this->config->get('standard_windows'));
$this->set_env('locale', !empty($_SESSION['language']) ? $_SESSION['language'] : 'en_US');
$this->set_env('devel_mode', $this->devel_mode);
// Version number e.g. 1.4.2 will be 10402
$version = explode('.', preg_replace('/[^0-9.].*/', '', RCMAIL_VERSION));
$this->set_env('rcversion', intval($version[0]) * 10000 + intval($version[1]) * 100 + ($version[2] ?? 0));
// add cookie info
$this->set_env('cookie_domain', ini_get('session.cookie_domain'));
$this->set_env('cookie_path', ini_get('session.cookie_path'));
$this->set_env('cookie_secure', filter_var(ini_get('session.cookie_secure'), \FILTER_VALIDATE_BOOLEAN));
// Easy way to change skin via GET argument, for developers
if ($this->devel_mode && !empty($_GET['skin']) && preg_match('/^[a-z0-9-_]+$/i', $_GET['skin'])) {
if ($this->check_skin($_GET['skin'])) {
$this->set_skin($_GET['skin']);
$this->app->user->save_prefs(['skin' => $_GET['skin']]);
}
}
// load and setup the skin
$this->set_skin($this->config->get('skin'));
$this->set_assets_path($this->config->get('assets_path'), $this->config->get('assets_dir'));
if (!empty($_REQUEST['_extwin'])) {
$this->set_env('extwin', 1);
}
if ($this->framed || $framed) {
$this->set_env('framed', 1);
}
$lic = <<<'EOF'
/*
@licstart The following is the entire license notice for the
JavaScript code in this page.
Copyright (C) The Roundcube Dev Team
The JavaScript code in this page is free software: you can redistribute
it and/or modify it under the terms of the GNU General Public License
as published by the Free Software Foundation, either version 3 of
the License, or (at your option) any later version.
The code is distributed WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU GPL for more details.
@licend The above is the entire license notice
for the JavaScript code in this page.
*/
EOF;
// add common javascripts
$this->add_script($lic, 'head_top');
$this->add_script('var ' . self::JS_OBJECT_NAME . ' = new rcube_webmail();', 'head_top');
// don't wait for page onload. Call init at the bottom of the page (delayed)
$this->add_script(self::JS_OBJECT_NAME . '.init();', 'docready');
$this->scripts_path = 'program/js/';
$this->include_script('jquery.min.js');
$this->include_script('common.js');
$this->include_script('app.js');
// register common UI objects
$this->add_handlers([
'loginform' => [$this, 'login_form'],
'preloader' => [$this, 'preloader'],
'username' => [$this, 'current_username'],
'message' => [$this, 'message_container'],
'charsetselector' => [$this, 'charset_selector'],
'aboutcontent' => [$this, 'about_content'],
]);
// set blankpage (watermark) url
$blankpage = $this->config->get('blankpage_url', '/watermark.html');
$this->set_env('blankpage', $blankpage);
}
/**
* Set environment variable
*
* @param string $name Property name
* @param mixed $value Property value
* @param bool $addtojs True if this property should be added
* to client environment
*/
#[Override]
public function set_env($name, $value, $addtojs = true)
{
$this->env[$name] = $value;
if ($addtojs || isset($this->js_env[$name])) {
$this->js_env[$name] = $value;
}
}
/**
* Parse and set assets path
*
* @param string $path Assets path URL (relative or absolute)
* @param string $fs_dir Assets path in filesystem
*/
public function set_assets_path($path, $fs_dir = null)
{
// set absolute path for assets if /index.php/foo/bar url is used
if (empty($path) && !empty($_SERVER['PATH_INFO'])) {
$path = preg_replace('/\?_task=[a-z]+/', '', $this->app->url([], true));
}
if (empty($path)) {
return;
}
$path = rtrim($path, '/') . '/';
// handle relative assets path
if (!preg_match('|^https?://|', $path) && $path[0] != '/') {
// save the path to search for asset files later
$this->assets_dir = $path;
$base = preg_replace('/[?#&].*$/', '', $_SERVER['REQUEST_URI']);
$base = rtrim($base, '/');
// remove url token if exists
if ($len = intval($this->config->get('use_secure_urls'))) {
$_base = explode('/', $base);
$last = count($_base) - 1;
$length = $len > 1 ? $len : 16; // as in rcube::get_secure_url_token()
// we can't use real token here because it
// does not exists in unauthenticated state,
// hope this will not produce false-positive matches
if (preg_match('/^[a-f0-9]{' . $length . '}$/', $_base[$last])) {
$path = '../' . $path;
}
}
}
// set filesystem path for assets
if ($fs_dir) {
if ($fs_dir[0] != '/') {
$fs_dir = realpath(RCUBE_INSTALL_PATH . $fs_dir);
}
// ensure the path ends with a slash
$this->assets_dir = rtrim($fs_dir, '/') . '/';
}
$this->assets_path = $path;
$this->set_env('assets_path', $path);
}
/**
* Getter for the current page title
*
* @param bool $full Prepend title with product/user name
*
* @return string The page title
*/
protected function get_pagetitle($full = true)
{
if (!empty($this->pagetitle)) {
$title = $this->pagetitle;
} elseif (isset($this->env['task'])) {
if ($this->env['task'] == 'login') {
$title = $this->app->gettext([
'name' => 'welcome',
'vars' => ['product' => $this->config->get('product_name')],
]);
} else {
$title = ucfirst($this->env['task']);
}
} else {
$title = '';
}
if ($full && $title) {
if ($this->devel_mode && !empty($_SESSION['username'])) {
$title = $_SESSION['username'] . ' :: ' . $title;
} elseif ($prod_name = $this->config->get('product_name')) {
$title = $prod_name . ' :: ' . $title;
}
}
return $title;
}
/**
* Getter for the current skin path property
*/
#[Override]
public function get_skin_path()
{
return $this->skin_paths[0];
}
/**
* Set skin
*
* @param string $skin Skin name
*/
public function set_skin($skin)
{
if (!$this->check_skin($skin)) {
// If the skin does not exist (could be removed or invalid),
// fallback to the skin set in the system configuration (#7271)
$skin = $this->config->system_skin;
}
$skin_path = 'skins/' . $skin;
$this->config->set('skin_path', $skin_path);
$this->base_path = $skin_path;
// register skin path(s)
$this->skin_paths = [];
$this->skins = [];
$this->load_skin($skin);
$this->skin_name = $skin;
$this->set_env('skin', $skin);
}
/**
* Check skin validity/existence
*
* @param string $skin Skin name
*
* @return bool True if the skin exist and is readable, False otherwise
*/
public function check_skin($skin)
{
// Sanity check to prevent from path traversal vulnerability (#1490620)
// @phpstan-ignore-next-line
if (!is_string($skin) || strpos($skin, '/') !== false || strpos($skin, '\\') !== false) {
rcube::raise_error('Invalid skin name', true);
return false;
}
$skins_allowed = $this->config->get('skins_allowed');
if (!empty($skins_allowed) && !in_array($skin, (array) $skins_allowed)) {
return false;
}
$path = RCUBE_INSTALL_PATH . 'skins/';
return !empty($skin) && is_dir($path . $skin) && is_readable($path . $skin);
}
/**
* Helper method to recursively read skin meta files and register search paths
*/
private function load_skin($skin_name)
{
$skin_path = 'skins/' . $skin_name;
$this->skin_paths[] = $skin_path;
// read meta file and check for dependencies
$meta = $this->get_skin_info($skin_name);
$meta['path'] = $skin_path;
$path_elements = explode('/', $skin_path);
$skin_id = end($path_elements);
if (empty($meta['name'])) {
$meta['name'] = $skin_id;
}
$this->skins[$skin_id] = $meta;
// Keep skin config for ajax requests (#6613)
$_SESSION['skin_config'] = [];
if (!empty($meta['extends'])) {
$path = RCUBE_INSTALL_PATH . 'skins/';
if (is_dir($path . $meta['extends']) && is_readable($path . $meta['extends'])) {
$_SESSION['skin_config'] = $this->load_skin($meta['extends']);
$this->skin_extends[] = $meta['extends'];
}
}
if (!empty($meta['config'])) {
foreach ($meta['config'] as $key => $value) {
$this->config->set($key, $value, true);
$_SESSION['skin_config'][$key] = $value;
}
$value = array_merge((array) $this->config->get('dont_override'), array_keys($meta['config']));
$this->config->set('dont_override', $value, true);
}
if (!empty($meta['localization'])) {
$locdir = $meta['localization'] === true ? 'localization' : $meta['localization'];
if ($texts = $this->app->read_localization(RCUBE_INSTALL_PATH . $skin_path . '/' . $locdir)) {
$this->app->load_language($_SESSION['language'], $texts);
}
}
// Use array_merge() here to allow for global default and extended skins
if (!empty($meta['meta'])) {
$this->meta_tags = array_merge($this->meta_tags, (array) $meta['meta']);
}
if (!empty($meta['links'])) {
$this->link_tags = array_merge($this->link_tags, (array) $meta['links']);
}
if (!empty($this->skin_extends)) {
$this->set_env('skin_extends', $this->skin_extends);
}
$this->set_env('dark_mode_support', (bool) $this->config->get('dark_mode_support'));
return $_SESSION['skin_config'];
}
/**
* Check if a specific template exists
*
* @param string $name Template name
*
* @return bool True if template exists, False otherwise
*/
public function template_exists($name)
{
foreach ($this->skin_paths as $skin_path) {
$filename = RCUBE_INSTALL_PATH . $skin_path . '/templates/' . $name . '.html';
if (
(is_file($filename) && is_readable($filename))
|| (!empty($this->deprecated_templates[$name]) && $this->template_exists($this->deprecated_templates[$name]))
) {
return true;
}
}
return false;
}
/**
* Find the given file in the current skin path stack
*
* @param string $file File name/path to resolve (starting with /)
* @param string &$skin_path Reference to the base path of the matching skin
* @param string $add_path Additional path to search in
* @param bool $minified Fallback to a minified version of the file
*
* @return string|false Relative path to the requested file or False if not found
*/
public function get_skin_file($file, &$skin_path = null, $add_path = null, $minified = false)
{
$skin_paths = $this->skin_paths;
if ($add_path) {
array_unshift($skin_paths, $add_path);
$skin_paths = array_unique($skin_paths);
}
if ($file[0] != '/') {
$file = '/' . $file;
}
if ($skin_path = $this->find_file_path($file, $skin_paths)) {
return $skin_path . $file;
}
if ($minified && preg_match('/(?<!\.min)\.(js|css)$/', $file)) {
$file = preg_replace('/\.(js|css)$/', '.min.\1', $file);
if ($skin_path = $this->find_file_path($file, $skin_paths)) {
return $skin_path . $file;
}
}
return false;
}
/**
* Find path of the asset file
*/
protected function find_file_path($file, $skin_paths)
{
foreach ($skin_paths as $skin_path) {
if ($this->assets_dir != RCUBE_INSTALL_PATH) {
if (realpath($this->assets_dir . $skin_path . $file)) {
return $skin_path;
}
}
if (realpath(RCUBE_INSTALL_PATH . $skin_path . $file)) {
return $skin_path;
}
}
}
/**
* Register a GUI object to the client script
*
* @param string $obj Object name
* @param string $id Object ID
*/
public function add_gui_object($obj, $id)
{
$this->add_script(self::JS_OBJECT_NAME . ".gui_object('{$obj}', '{$id}');");
}
/**
* Call a client method
*
* @param string $cmd Method to call
* @param mixed ...$args Method arguments
*/
#[Override]
public function command($cmd, ...$args)
{
if (strpos($cmd, 'plugin.') !== false) {
$this->js_commands[] = ['triggerEvent', $cmd, $args[0]];
} else {
array_unshift($args, $cmd);
$this->js_commands[] = $args;
}
}
/**
* Add a localized label to the client environment
*
* @param mixed ...$args Labels (an array of strings, or many string arguments)
*/
#[Override]
public function add_label(...$args)
{
if (count($args) == 1 && is_array($args[0])) {
$args = $args[0];
}
foreach ($args as $name) {
$this->js_labels[$name] = $this->app->gettext($name);
}
}
/**
* Invoke display_message command
*
* @param string $message Message to display
* @param string $type Message type [notice|confirm|error]
* @param array $vars Key-value pairs to be replaced in localized text
* @param bool $override Override last set message
* @param int $timeout Message display time in seconds
*
* @uses self::command()
*/
#[Override]
public function show_message($message, $type = 'notice', $vars = null, $override = true, $timeout = 0)
{
if ($override || !$this->message) {
if ($this->app->text_exists($message)) {
if (!empty($vars)) {
$vars = array_map(['rcube', 'Q'], $vars);
}
$msgtext = $this->app->gettext(['name' => $message, 'vars' => $vars]);
} else {
$msgtext = $message;
}
$this->message = $message;
$this->command('display_message', $msgtext, $type, $timeout * 1000);
}
}
/**
* Delete all stored env variables and commands
*
* @param bool $all Reset all env variables (including internal)
*/
#[Override]
public function reset($all = false)
{
$framed = $this->framed;
$task = $this->env['task'] ?? '';
$env = $all ? null : array_intersect_key($this->env, ['extwin' => 1, 'framed' => 1]);
// keep jQuery-UI files
$css_files = $script_files = [];
foreach ($this->css_files as $file) {
if (strpos($file, 'plugins/jqueryui') === 0) {
$css_files[] = $file;
}
}
foreach ($this->script_files as $position => $files) {
foreach ($files as $file) {
if (strpos($file, 'plugins/jqueryui') === 0) {
$script_files[$position][] = $file;
}
}
}
parent::reset();
// let some env variables survive
$this->env = $this->js_env = $env;
$this->framed = $framed || !empty($this->env['framed']);
$this->js_labels = [];
$this->js_commands = [];
$this->scripts = [];
$this->header = '';
$this->footer = '';
$this->body = '';
$this->css_files = [];
$this->script_files = [];
// load defaults
if (!$all) {
$this->init();
}
// Note: we merge jQuery-UI scripts after jQuery...
$this->css_files = array_merge($this->css_files, $css_files);
$this->script_files = array_merge_recursive($this->script_files, $script_files);
$this->set_env('orig_task', $task);
}
/**
* Redirect to a certain url
*
* @param mixed $p Either a string with the action or url parameters as key-value pairs
* @param int $delay Delay in seconds
* @param bool $secure Redirect to secure location (see rcmail::url())
*/
#[Override]
public function redirect($p = [], $delay = 1, $secure = false)
{
if (!empty($this->env['extwin']) && !(is_string($p) && preg_match('#^https?://#', $p))) {
if (!is_array($p)) {
$p = ['_action' => $p];
}
$p['_extwin'] = 1;
}
$location = $this->app->url($p, false, false, $secure);
$this->header('Location: ' . $location);
exit;
}
/**
* Send the request output to the client.
* This will either parse a skin template.
*
* @param string $templ Template name
* @param bool $exit True if script should terminate (default)
*/
#[Override]
public function send($templ = null, $exit = true)
{
if ($templ != 'iframe') {
// prevent from endless loops
if ($exit != 'recur' && $this->app->plugins->is_processing('render_page')) {
rcube::raise_error([
'code' => 505,
'message' => 'Recursion alert: ignoring output->send()',
], true, false);
return;
}
$this->parse($templ, false);
} else {
$this->framed = true;
$this->write();
}
// set output asap
ob_flush();
flush();
if ($exit) {
exit;
}
}
/**
* Process template and write to stdOut
*
* @param string $template HTML template content
*/
public function write($template = '')
{
if (!empty($this->script_files)) {
$this->set_env('request_token', $this->app->get_request_token());
}
// Fix assets path on blankpage
if (!empty($this->js_env['blankpage'])) {
$this->js_env['blankpage'] = $this->asset_url($this->js_env['blankpage'], true);
}
$commands = $this->get_js_commands($framed);
// if all js commands go to parent window we can ignore all
// script files and skip rcube_webmail initialization (#1489792)
// but not on error pages where skins may need jQuery, etc.
if ($framed && empty($this->js_env['server_error'])) {
$this->scripts = [];
$this->script_files = [];
$this->header = '';
$this->footer = '';
}
// write all javascript commands
if (!empty($commands)) {
$this->add_script($commands, 'head_top');
}
$this->page_headers();
// call super method
$this->_write($template);
}
/**
* Send common page headers
* For now it only (re)sets X-Frame-Options when needed
*/
public function page_headers()
{
if (headers_sent()) {
return;
}
// allow (legal) iframe content to be loaded
$framed = $this->framed || !empty($this->env['framed']);
if ($framed && ($xopt = $this->app->config->get('x_frame_options', 'sameorigin'))) {
if (strtolower($xopt) === 'deny') {
$this->header('X-Frame-Options: sameorigin', true);
}
}
}
/**
* Parse a specific skin template and deliver to stdout (or return)
*
* @param string $name Template name
* @param bool $exit Exit script
* @param bool $write Don't write to stdout, return parsed content instead
*
* @see http://php.net/manual/en/function.exit.php
*/
public function parse($name = 'main', $exit = true, $write = true)
{
$plugin = false;
$realname = $name;
$skin_dir = '';
$plugin_skin_paths = [];
$this->template_name = $realname;
$temp = explode('.', $name, 2);
if (count($temp) > 1) {
$plugin = $temp[0];
$name = $temp[1];
$skin_dir = $plugin . '/skins/' . $this->config->get('skin');
// apply skin search escalation list to plugin directory
foreach ($this->skin_paths as $skin_path) {
// skin folder in plugin dir
$plugin_skin_paths[] = $this->app->plugins->url . $plugin . '/' . $skin_path;
// plugin folder in skin dir
$plugin_skin_paths[] = $skin_path . '/plugins/' . $plugin;
}
// prepend plugin skin paths to search list
$this->skin_paths = array_merge($plugin_skin_paths, $this->skin_paths);
}
// find skin template
$path = false;
foreach ($this->skin_paths as $skin_path) {
// when requesting a plugin template ignore global skin path(s)
if ($plugin && strpos($skin_path, $this->app->plugins->url) === false) {
continue;
}
$path = RCUBE_INSTALL_PATH . "{$skin_path}/templates/{$name}.html";
// fallback to deprecated template names
if (!is_readable($path) && !empty($this->deprecated_templates[$realname])) {
$dname = $this->deprecated_templates[$realname];
$path = RCUBE_INSTALL_PATH . "{$skin_path}/templates/{$dname}.html";
if (is_readable($path)) {
rcube::raise_error([
'code' => 502,
'message' => "Using deprecated template '{$dname}' in {$skin_path}/templates. Please rename to '{$realname}'",
], true, false);
}
}
if (is_readable($path)) {
$this->config->set('skin_path', $skin_path);
// set base_path to core skin directory (not plugin's skin)
$this->base_path = preg_replace('!plugins/\w+/!', '', $skin_path);
$skin_dir = preg_replace('!^plugins/!', '', $skin_path);
break;
}
$path = false;
}
// read template file
if (!$path || ($templ = @file_get_contents($path)) === false) {
rcube::raise_error([
'code' => 404,
'message' => 'Error loading template for ' . $realname,
], true, $write);
$this->skin_paths = array_slice($this->skin_paths, count($plugin_skin_paths));
return false;
}
// replace all path references to plugins/... with the configured plugins dir
// and /this/ to the current plugin skin directory
if ($plugin) {
$templ = preg_replace(
['/\bplugins\//', '/(["\']?)\/this\//'],
[$this->app->plugins->url, '\1' . $this->app->plugins->url . $skin_dir . '/'],
$templ
);
}
// parse for special tags
$output = $this->parse_conditions($templ);
$output = $this->parse_xml($output);
// trigger generic hook where plugins can put additional content to the page
$hook = $this->app->plugins->exec_hook('render_page', [
'template' => $realname,
'content' => $output,
'write' => $write,
]);
// save some memory
$output = $hook['content'];
unset($hook['content']);
// remove plugin skin paths from current context
$this->skin_paths = array_slice($this->skin_paths, count($plugin_skin_paths));
if (!$write) {
return $this->postrender($output);
}
$this->write(trim($output));
if ($exit) {
exit;
}
}
/**
* Return executable javascript code for all registered commands
*/
protected function get_js_commands(&$framed = null)
{
$out = '';
$parent_commands = 0;
$parent_prefix = '';
$top_commands = [];
// these should be always on top,
// e.g. hide_message() below depends on env.framed
if (!$this->framed && !empty($this->js_env)) {
$top_commands[] = ['set_env', $this->js_env];
}
if (!empty($this->js_labels)) {
$top_commands[] = ['add_label', $this->js_labels];
}
// unlock interface after iframe load
$unlock = isset($_REQUEST['_unlock']) ? preg_replace('/[^a-z0-9]/i', '', $_REQUEST['_unlock']) : 0;
if ($this->framed) {
$top_commands[] = ['iframe_loaded', $unlock];
} elseif ($unlock) {
$top_commands[] = ['hide_message', $unlock];
}
$commands = array_merge($top_commands, $this->js_commands);
foreach ($commands as $args) {
$method = array_shift($args);
$parent = $this->framed || preg_match('/^parent\./', $method);
foreach ($args as $i => $arg) {
$args[$i] = self::json_serialize($arg, $this->devel_mode);
}
if ($parent) {
$parent_commands++;
$method = preg_replace('/^parent\./', '', $method);
$parent_prefix = 'if (window.parent && parent.' . self::JS_OBJECT_NAME . ') parent.';
$method = $parent_prefix . self::JS_OBJECT_NAME . '.' . $method;
} else {
$method = self::JS_OBJECT_NAME . '.' . $method;
}
$out .= sprintf("%s(%s);\n", $method, implode(',', $args));
}
$framed = $parent_prefix && $parent_commands == count($commands);
// make the output more compact if all commands go to parent window
if ($framed) {
$out = 'if (window.parent && parent.' . self::JS_OBJECT_NAME . ") {\n"
. str_replace($parent_prefix, "\tparent.", $out)
. "}\n";
}
return $out;
}
/**
* Make URLs starting with a slash point to skin directory
*
* @param string $str Input string
* @param bool $search_path True if URL should be resolved using the current skin path stack
*
* @return string URL
*/
public function abs_url($str, $search_path = false)
{
if (isset($str[0]) && $str[0] == '/') {
if ($search_path && ($file_url = $this->get_skin_file($str))) {
return $file_url;
}
return $this->base_path . $str;
}
return $str;
}
/**
* Show error page and terminate script execution
*
* @param int $code Error code
* @param string $message Error message
*/
#[Override]
public function raise_error($code, $message)
{
$args = [
'code' => $code,
'message' => $message,
];
$page = new rcmail_action_utils_error();
$page->run($args);
}
/**
* Modify path by adding URL prefix if configured
*
* @param string $path Asset path
* @param bool $abs_url Pass to self::abs_url() first
*
* @return string Asset path
*/
public function asset_url($path, $abs_url = false)
{
// iframe content can't be in a different domain
// @TODO: check if assets are on a different domain
if ($abs_url) {
$path = $this->abs_url($path, true);
}
if (!$this->assets_path || in_array($path[0], ['?', '/', '.']) || strpos($path, '://')) {
return $path;
}
return $this->assets_path . $path;
}
// Template parsing methods
/**
* Replace all strings ($varname)
* with the content of the according global variable.
*/
protected function parse_with_globals($input)
{
$GLOBALS['__version'] = html::quote(RCMAIL_VERSION);
$GLOBALS['__comm_path'] = html::quote($this->app->comm_path);
$GLOBALS['__skin_path'] = html::quote($this->base_path);
return preg_replace_callback('/\$(__[a-z0-9_\-]+)/', [$this, 'globals_callback'], $input);
}
/**
* Callback function for preg_replace_callback() in parse_with_globals()
*/
protected function globals_callback($matches)
{
return $GLOBALS[$matches[1]];
}
/**
* Correct absolute paths in images and other tags (add cache busters)
*/
protected function fix_paths($output)
{
$regexp = '!(src|href|background|data-src-[a-z]+)=(["\']?)([a-z0-9/_.-]+)(["\'\s>])!i';
return preg_replace_callback($regexp, [$this, 'file_callback'], $output);
}
/**
* Callback function for preg_replace_callback in fix_paths()
*
* @return string Parsed string
*/
protected function file_callback($matches)
{
$file = $matches[3];
$file = preg_replace('!^/this/!', '/', $file);
// correct absolute paths
if ($file[0] == '/') {
$this->get_skin_file($file, $skin_path, $this->base_path);
$file = ($skin_path ?: $this->base_path) . $file;
}
// add file modification timestamp
if (preg_match('/\.(js|css|less|ico|png|svg|jpeg)$/', $file)) {
$file = $this->file_mod($file);
}
return $matches[1] . '=' . $matches[2] . $file . $matches[4];
}
/**
* Correct paths of asset files according to assets_path
*/
protected function fix_assets_paths($output)
{
$regexp = '!(src|href|background)=(["\']?)([a-z0-9/_.?=-]+)(["\'\s>])!i';
return preg_replace_callback($regexp, [$this, 'assets_callback'], $output);
}
/**
* Callback function for preg_replace_callback in fix_assets_paths()
*
* @return string Parsed string
*/
protected function assets_callback($matches)
{
$file = $this->asset_url($matches[3]);
return $matches[1] . '=' . $matches[2] . $file . $matches[4];
}
/**
* Modify file by adding mtime indicator
*/
protected function file_mod($file)
{
$fs = false;
$ext = substr($file, strrpos($file, '.') + 1);
// use minified file if exists (not in development mode)
if (!$this->devel_mode && !preg_match('/\.min\.' . $ext . '$/', $file)) {
$minified_file = substr($file, 0, strlen($ext) * -1) . 'min.' . $ext;
if ($fs = @filemtime($this->assets_dir . $minified_file)) {
return $minified_file . '?s=' . $fs;
}
}
if ($fs = @filemtime($this->assets_dir . $file)) {
$file .= '?s=' . $fs;
}
return $file;
}
/**
* Public wrapper to dip into template parsing.
*
* @param string $input Template content
*
* @return string
*
* @uses rcmail_output_html::parse_xml()
*
* @since 0.1-rc1
*/
public function just_parse($input)
{
$input = $this->parse_conditions($input);
$input = $this->parse_xml($input);
$input = $this->postrender($input);
return $input;
}
/**
* Parse for conditional tags
*/
protected function parse_conditions($input)
{
$regexp1 = '/<roundcube:if\s+([^>]+)>/is';
$regexp2 = '/<roundcube:(if|elseif|else|endif)\s*([^>]*)>/is';
$pos = 0;
// Find IF tags and process them
while ($pos < strlen($input) && preg_match($regexp1, $input, $conditions, \PREG_OFFSET_CAPTURE, $pos)) {
$pos = $start = $conditions[0][1];
// Process the 'condition' attribute
$attrib = html::parse_attrib_string($conditions[1][0]);
$condmet = isset($attrib['condition']) && $this->check_condition($attrib['condition']);
// Define start/end position of the content to pass into the output
$content_start = $condmet ? $pos + strlen($conditions[0][0]) : null;
$content_end = null;
$level = 0;
$endif = null;
$n = $pos + 1;
// Process the code until the closing tag (for the processed IF tag)
while (preg_match($regexp2, $input, $matches, \PREG_OFFSET_CAPTURE, $n)) {
$tag_start = $matches[0][1];
$tag_end = $tag_start + strlen($matches[0][0]);
$tag_name = strtolower($matches[1][0]);
switch ($tag_name) {
case 'if':
$level++;
break;
case 'endif':
if (!$level--) {
$endif = $tag_end;
if ($content_end === null) {
$content_end = $tag_start;
}
break 2;
}
break;
case 'elseif':
if (!$level) {
if ($condmet) {
if ($content_end === null) {
$content_end = $tag_start;
}
} else {
// Process the 'condition' attribute
$attrib = html::parse_attrib_string($matches[2][0]);
$condmet = isset($attrib['condition']) && $this->check_condition($attrib['condition']);
if ($condmet) {
$content_start = $tag_end;
}
}
}
break;
case 'else':
if (!$level) {
if ($condmet) {
if ($content_end === null) {
$content_end = $tag_start;
}
} else {
$content_start = $tag_end;
}
}
break;
}
$n = $tag_end;
}
// No ending tag found
if ($endif === null) {
$pos = strlen($input);
if ($content_end === null) {
$content_end = $pos;
}
}
if ($content_start === null) {
$content = '';
} else {
$content = substr($input, $content_start, $content_end - $content_start);
}
// Replace the whole IF statement with the output content
$input = substr_replace($input, $content, $start, max($endif, $content_end, $pos) - $start);
$pos = $start;
}
return $input;
}
/**
* Determines if a given condition is met
*
* @param string $condition Condition statement
*
* @return bool True if condition is met, False if not
*
* @todo Extend this to allow real conditions, not just "set"
*/
protected function check_condition($condition)
{
return $this->eval_expression($condition);
}
/**
* Inserts hidden field with CSRF-prevention-token into POST forms
*/
protected function alter_form_tag($matches)
{
$out = $matches[0];
$attrib = html::parse_attrib_string($matches[1]);
if (!empty($attrib['method']) && strtolower($attrib['method']) == 'post') {
$hidden = new html_hiddenfield(['name' => '_token', 'value' => $this->app->get_request_token()]);
$out .= "\n" . $hidden->show();
}
return $out;
}
/**
* Parse & evaluate a given expression and return its result.
*
* @param string $expression Expression statement
*
* @return mixed Expression result
*/
protected function eval_expression($expression)
{
$expression = preg_replace(
[
'/session:([a-z0-9_]+)/i',
'/config:([a-z0-9_]+)(:([a-z0-9_]+))?/i',
'/env:([a-z0-9_]+)/i',
'/request:([a-z0-9_]+)/i',
'/cookie:([a-z0-9_]+)/i',
'/browser:([a-z0-9_]+)/i',
'/template:name/i',
],
[
"(\$_SESSION['\\1'] ?? null)",
"\$this->app->config->get('\\1',rcube_utils::get_boolean('\\3'))",
"(\$this->env['\\1'] ?? null)",
"rcube_utils::get_input_value('\\1', rcube_utils::INPUT_GPC)",
"(\$_COOKIE['\\1'] ?? null)",
"(\$this->browser->{'\\1'} ?? null)",
"'{$this->template_name}'",
],
$expression
);
// Note: We used create_function() before but it's deprecated in PHP 7.2
// and really it was just a wrapper on eval().
return eval("return ({$expression});");
}
/**
* Parse variable strings
*
* @param string $type Variable type (env, config etc)
* @param string $name Variable name
*
* @return mixed Variable value
*/
protected function parse_variable($type, $name)
{
$value = '';
switch ($type) {
case 'env':
$value = $this->env[$name] ?? null;
break;
case 'config':
$value = $this->config->get($name);
if (is_array($value) && !empty($value[$_SESSION['storage_host']])) {
$value = $value[$_SESSION['storage_host']];
}
break;
case 'request':
$value = rcube_utils::get_input_value($name, rcube_utils::INPUT_GPC);
break;
case 'session':
$value = $_SESSION[$name] ?? '';
break;
case 'cookie':
$value = htmlspecialchars($_COOKIE[$name], \ENT_COMPAT | \ENT_HTML401, RCUBE_CHARSET);
break;
case 'browser':
$value = $this->browser->{$name} ?? '';
break;
}
return $value;
}
/**
* Search for special tags in input and replace them
* with the appropriate content
*
* @param string $input Input string to parse
*
* @return string Altered input string
*
* @todo Use DOM-parser to traverse template HTML
* @todo Maybe a cache.
*/
protected function parse_xml($input)
{
$regexp = '/<roundcube:([-_a-z]+)\s+((?:[^>]|\\\>)+)(?<!\\\)>/Ui';
return preg_replace_callback($regexp, [$this, 'xml_command'], $input);
}
/**
* Callback function for parsing an xml command tag
* and turn it into real html content
*
* @param array $matches Matches array of preg_replace_callback
*
* @return string Tag/Object content
*/
protected function xml_command($matches)
{
$command = strtolower($matches[1]);
$attrib = html::parse_attrib_string($matches[2]);
// empty output if required condition is not met
if (!empty($attrib['condition']) && !$this->check_condition($attrib['condition'])) {
return '';
}
// localize title and summary attributes
if ($command != 'button' && !empty($attrib['title']) && $this->app->text_exists($attrib['title'])) {
$attrib['title'] = $this->app->gettext($attrib['title']);
}
if ($command != 'button' && !empty($attrib['summary']) && $this->app->text_exists($attrib['summary'])) {
$attrib['summary'] = $this->app->gettext($attrib['summary']);
}
// execute command
switch ($command) {
// return a button
case 'button':
if (!empty($attrib['name']) || !empty($attrib['command'])) {
return $this->button($attrib);
}
break;
// frame (<< reindent once https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7179 is fixed)
case 'frame':
return $this->frame($attrib);
// show a label (<< reindent once https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7179 is fixed)
case 'label':
if (!empty($attrib['expression'])) {
$attrib['name'] = $this->eval_expression($attrib['expression']);
}
if (!empty($attrib['name']) || !empty($attrib['command'])) {
$vars = $attrib + ['product' => $this->config->get('product_name')];
unset($vars['name'], $vars['command']);
$label = $this->app->gettext($attrib + ['vars' => $vars]);
$quoting = null;
if (!empty($attrib['quoting'])) {
$quoting = strtolower($attrib['quoting']);
} elseif (isset($attrib['html'])) {
$quoting = rcube_utils::get_boolean((string) $attrib['html']) ? 'no' : '';
}
// 'noshow' can be used in skins to define new labels
if (!empty($attrib['noshow'])) {
return '';
}
switch ($quoting) {
case 'no':
case 'raw':
break;
case 'javascript':
case 'js':
$label = rcube::JQ($label);
break;
default:
$label = html::quote($label);
break;
}
return $label;
}
break;
case 'add_label':
$this->add_label($attrib['name']);
break;
// include a file (<< reindent once https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7179 is fixed)
case 'include':
if (!empty($attrib['condition']) && !$this->check_condition($attrib['condition'])) {
break;
}
if ($attrib['file'][0] != '/') {
$attrib['file'] = '/templates/' . $attrib['file'];
}
$old_base_path = $this->base_path;
$include = '';
$attr_skin_path = !empty($attrib['skinpath']) ? $attrib['skinpath'] : null;
if (!empty($attrib['skin_path'])) {
$attr_skin_path = $attrib['skin_path'];
}
if ($path = $this->get_skin_file($attrib['file'], $skin_path, $attr_skin_path)) {
// set base_path to core skin directory (not plugin's skin)
$this->base_path = preg_replace('!plugins/\w+/!', '', $skin_path);
$path = realpath(RCUBE_INSTALL_PATH . $path);
}
if (is_readable($path)) {
$allow_php = $this->config->get('skin_include_php');
$include = $allow_php ? $this->include_php($path) : file_get_contents($path);
$include = $this->parse_conditions($include);
$include = $this->parse_xml($include);
$include = $this->fix_paths($include);
}
$this->base_path = $old_base_path;
return $include;
case 'plugin.include':
$hook = $this->app->plugins->exec_hook('template_plugin_include', $attrib + ['content' => '']);
return $hook['content'];
// define a container block (<< reindent once https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7179 is fixed)
case 'container':
if (!empty($attrib['name']) && !empty($attrib['id'])) {
$this->command('gui_container', $attrib['name'], $attrib['id']);
// let plugins insert some content here
$hook = $this->app->plugins->exec_hook('template_container', $attrib + ['content' => '']);
return $hook['content'];
}
break;
// return code for a specific application object (<< reindent once https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7179 is fixed)
case 'object':
$object = strtolower($attrib['name']);
$content = '';
$handler = null;
// correct deprecated object names
if (!empty($this->deprecated_template_objects[$object])) {
$object = $this->deprecated_template_objects[$object];
}
if (!empty($this->object_handlers[$object])) {
$handler = $this->object_handlers[$object];
}
// execute object handler function
if (is_callable($handler)) {
$this->prepare_object_attribs($attrib);
// We assume that objects with src attribute are internal (in most
// cases this is a watermark frame). We need this to make sure assets_path
// is added to the internal assets paths
$external = empty($attrib['src']);
$content = call_user_func($handler, $attrib);
} elseif ($object == 'doctype') {
$content = html::doctype($attrib['value']);
} elseif ($object == 'logo') {
$attrib += ['alt' => $this->xml_command(['', 'object', 'name="productname"'])];
// 'type' attribute added in 1.4 was renamed 'logo-type' in 1.5
// check both for backwards compatibility
$logo_type = !empty($attrib['logo-type']) ? $attrib['logo-type'] : null;
$logo_match = !empty($attrib['logo-match']) ? $attrib['logo-match'] : null;
if (!empty($attrib['type']) && empty($logo_type)) {
$logo_type = $attrib['type'];
}
if (($template_logo = $this->get_template_logo($logo_type, $logo_match)) !== null) {
$attrib['src'] = $template_logo;
}
if (($link = $this->get_template_logo('link')) !== null) {
$attrib['onclick'] = "location.href='{$link}';";
$attrib['style'] = 'cursor:pointer;';
}
$additional_logos = [];
$logo_types = (array) $this->config->get('additional_logo_types');
foreach ($logo_types as $type) {
if (($template_logo = $this->get_template_logo($type)) !== null) {
$additional_logos[$type] = $this->abs_url($template_logo);
} elseif (!empty($attrib['data-src-' . $type])) {
$additional_logos[$type] = $this->abs_url($attrib['data-src-' . $type]);
}
}
if (!empty($additional_logos)) {
$this->set_env('additional_logos', $additional_logos);
}
if (!empty($attrib['src'])) {
$content = html::img($attrib);
}
} elseif ($object == 'productname') {
$name = $this->config->get('product_name', 'Roundcube Webmail');
$content = html::quote($name);
} elseif ($object == 'version') {
$ver = (string) RCMAIL_VERSION;
if (is_file(RCUBE_INSTALL_PATH . '.svn/entries')) {
if (function_exists('shell_exec')) {
if (preg_match('/Revision:\s(\d+)/', (string) @shell_exec('svn info'), $regs)) {
$ver .= ' [SVN r' . $regs[1] . ']';
}
} else {
$ver .= ' [SVN]';
}
} elseif (is_file(RCUBE_INSTALL_PATH . '.git/index')) {
if (function_exists('shell_exec')) {
if (preg_match('/Date:\s+([^\n]+)/', (string) @shell_exec('git log -1'), $regs)) {
if ($date = date('Ymd.Hi', strtotime($regs[1]))) {
$ver .= ' [GIT ' . $date . ']';
}
}
} else {
$ver .= ' [GIT]';
}
}
$content = html::quote($ver);
} elseif ($object == 'steptitle') {
$content = html::quote($this->get_pagetitle(false));
} elseif ($object == 'pagetitle') {
// Deprecated, <title> will be added automatically
$content = html::quote($this->get_pagetitle());
} elseif ($object == 'contentframe') {
if (empty($attrib['id'])) {
$attrib['id'] = 'rcm' . $this->env['task'] . 'frame';
}
// parse variables
if (preg_match('/^(config|env):([a-z0-9_]+)$/i', $attrib['src'], $matches)) {
$attrib['src'] = $this->parse_variable($matches[1], $matches[2]);
}
$content = $this->frame($attrib, true);
} elseif ($object == 'meta' || $object == 'links') {
if ($object == 'meta') {
$source = 'meta_tags';
$tag = 'meta';
$key = 'name';
$param = 'content';
} else {
$source = 'link_tags';
$tag = 'link';
$key = 'rel';
$param = 'href';
}
foreach ($this->{$source} as $name => $vars) {
// $vars can be in many forms:
// - string
// - ['key' => 'val']
// - [string, string]
// - [[], string]
// - [['key' => 'val'], ['key' => 'val']]
// normalise this for processing by checking for string array keys
$vars = is_array($vars) ? (count(array_filter(array_keys($vars), 'is_string')) > 0 ? [$vars] : $vars) : [$vars];
foreach ($vars as $args) {
// skip unset headers e.g. when extending a skin and removing a header defined in the parent
if ($args === false) {
continue;
}
$args = is_array($args) ? $args : [$param => $args];
// special handling for favicon
if ($object == 'links' && $name == 'shortcut icon' && empty($args[$param])) {
if ($href = $this->get_template_logo('favicon')) {
$args[$param] = $href;
} elseif ($href = $this->config->get('favicon', '/images/favicon.ico')) {
$args[$param] = $href;
}
}
$content .= html::tag($tag, [$key => $name, 'nl' => true] + $args);
}
}
}
// exec plugin hooks for this template object
$hook = $this->app->plugins->exec_hook("template_object_{$object}", $attrib + ['content' => (string) $content]);
if (strlen($hook['content']) && !empty($external)) {
$object_id = uniqid('TEMPLOBJECT:', true);
$this->objects[$object_id] = $hook['content'];
$hook['content'] = $object_id;
}
return $hook['content'];
// return <link> element (<< reindent once https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7179 is fixed)
case 'link':
if ($attrib['condition'] && !$this->check_condition($attrib['condition'])) {
break;
}
unset($attrib['condition']);
return html::tag('link', $attrib);
// return code for a specified eval expression (<< reindent once https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7179 is fixed)
case 'exp':
return html::quote($this->eval_expression($attrib['expression']));
// return variable (<< reindent once https://github.com/PHP-CS-Fixer/PHP-CS-Fixer/issues/7179 is fixed)
case 'var':
$var = explode(':', $attrib['name']);
$value = $this->parse_variable($var[0], $var[1]);
if (is_array($value)) {
$value = implode(', ', $value);
}
return html::quote($value);
case 'form':
return $this->form_tag($attrib);
}
return '';
}
/**
* Prepares template object attributes
*
* @param array &$attribs Attributes
*/
protected function prepare_object_attribs(&$attribs)
{
foreach ($attribs as $key => &$value) {
if (strpos($key, 'data-label-') === 0) {
// Localize data-label-* attributes
$value = $this->app->gettext($value);
} elseif ($key[0] == ':') {
// Evaluate attributes with expressions and remove special character from attribute name
$attribs[substr($key, 1)] = $this->eval_expression($value);
unset($attribs[$key]);
}
}
}
/**
* Include a specific file and return it's contents
*
* @param string $file File path
*
* @return string Contents of the processed file
*/
protected function include_php($file)
{
ob_start();
include $file;
$out = ob_get_contents();
ob_end_clean();
return $out;
}
/**
* Put objects' content back into template output
*/
protected function postrender($output)
{
// insert objects' contents
foreach ($this->objects as $key => $val) {
$output = str_replace($key, (string) $val, $output, $count);
if ($count) {
$this->objects[$key] = null;
}
}
// make sure all <form> tags have a valid request token
$output = preg_replace_callback('/<form\s+([^>]+)>/Ui', [$this, 'alter_form_tag'], $output);
return $output;
}
/**
* Create and register a button
*
* @param array $attrib Named button attributes
*
* @return string HTML button
*
* @todo Remove all inline JS calls and use jQuery instead.
* @todo Remove all sprintf()'s - they are pretty, but also slow.
*/
public function button($attrib)
{
static $s_button_count = 100;
// these commands can be called directly via url
$a_static_commands = ['compose', 'list', 'preferences', 'folders', 'identities'];
if (empty($attrib['command']) && empty($attrib['name']) && empty($attrib['href'])) {
return '';
}
$command = !empty($attrib['command']) ? $attrib['command'] : null;
$action = $command ?: (!empty($attrib['name']) ? $attrib['name'] : null);
if (!empty($attrib['task'])) {
$command = $attrib['task'] . '.' . $command;
$element = $attrib['task'] . '.' . $action;
} else {
$element = (!empty($this->env['task']) ? $this->env['task'] . '.' : '') . $action;
}
$disabled_actions = (array) $this->config->get('disabled_actions');
// remove buttons for disabled actions
if (in_array($element, $disabled_actions) || in_array($action, $disabled_actions)) {
return '';
}
// try to find out the button type
if (!empty($attrib['type'])) {
$attrib['type'] = strtolower($attrib['type']);
if (strpos($attrib['type'], '-menuitem')) {
$attrib['type'] = substr($attrib['type'], 0, -9);
$menuitem = true;
}
} elseif (!empty($attrib['image']) || !empty($attrib['imagepas']) || !empty($attrib['imageact'])) {
$attrib['type'] = 'image';
} else {
$attrib['type'] = 'button';
}
if (empty($attrib['image'])) {
if (!empty($attrib['imagepas'])) {
$attrib['image'] = $attrib['imagepas'];
} elseif (!empty($attrib['imageact'])) {
$attrib['image'] = $attrib['imageact'];
}
}
if (empty($attrib['id'])) {
// ensure auto generated IDs are unique between main window and content frame
// Elastic skin duplicates buttons between the two on smaller screens (#7618)
$prefix = ($this->framed || !empty($this->env['framed'])) ? 'frm' : '';
$attrib['id'] = sprintf('rcmbtn%s%d', $prefix, $s_button_count++);
}
// get localized text for labels and titles
$domain = !empty($attrib['domain']) ? $attrib['domain'] : null;
if (!empty($attrib['title'])) {
$attrib['title'] = html::quote($this->app->gettext($attrib['title'], $domain));
}
if (!empty($attrib['label'])) {
$attrib['label'] = html::quote($this->app->gettext($attrib['label'], $domain));
}
if (!empty($attrib['alt'])) {
$attrib['alt'] = html::quote($this->app->gettext($attrib['alt'], $domain));
}
// set accessibility attributes
if (empty($attrib['role'])) {
$attrib['role'] = 'button';
}
if (!empty($attrib['class']) && !empty($attrib['classact']) || !empty($attrib['imagepas']) && !empty($attrib['imageact'])) {
if (array_key_exists('tabindex', $attrib)) {
$attrib['data-tabindex'] = $attrib['tabindex'];
}
$attrib['tabindex'] = '-1'; // disable button by default
$attrib['aria-disabled'] = 'true';
}
// set title to alt attribute for IE browsers
if ($this->browser->ie && empty($attrib['title']) && !empty($attrib['alt'])) {
$attrib['title'] = $attrib['alt'];
}
// add empty alt attribute for XHTML compatibility
if (!isset($attrib['alt'])) {
$attrib['alt'] = '';
}
// register button in the system
if (!empty($attrib['command'])) {
$this->add_script(sprintf(
"%s.register_button('%s', '%s', '%s', '%s', '%s', '%s');",
self::JS_OBJECT_NAME,
$command,
$attrib['id'],
$attrib['type'],
!empty($attrib['imageact']) ? $this->abs_url($attrib['imageact']) : (!empty($attrib['classact']) ? $attrib['classact'] : ''),
!empty($attrib['imagesel']) ? $this->abs_url($attrib['imagesel']) : (!empty($attrib['classsel']) ? $attrib['classsel'] : ''),
!empty($attrib['imageover']) ? $this->abs_url($attrib['imageover']) : ''
));
// make valid href to specific buttons
if (in_array($attrib['command'], rcmail::$main_tasks)) {
$attrib['href'] = $this->app->url(['task' => $attrib['command']]);
$attrib['onclick'] = sprintf("return %s.command('switch-task','%s',this,event)", self::JS_OBJECT_NAME, $attrib['command']);
} elseif (!empty($attrib['task']) && in_array($attrib['task'], rcmail::$main_tasks)) {
$attrib['href'] = $this->app->url(['action' => $attrib['command'], 'task' => $attrib['task']]);
} elseif (in_array($attrib['command'], $a_static_commands)) {
$attrib['href'] = $this->app->url(['action' => $attrib['command']]);
} elseif (($attrib['command'] == 'permaurl' || $attrib['command'] == 'extwin') && !empty($this->env['permaurl'])) {
$attrib['href'] = $this->env['permaurl'];
}
}
// overwrite attributes
if (empty($attrib['href'])) {
$attrib['href'] = '#';
}
if (!empty($attrib['task'])) {
if (!empty($attrib['classact'])) {
$attrib['class'] = $attrib['classact'];
}
} elseif ($command && empty($attrib['onclick'])) {
$attrib['onclick'] = sprintf(
"return %s.command('%s','%s',this,event)",
self::JS_OBJECT_NAME,
$command,
!empty($attrib['prop']) ? $attrib['prop'] : ''
);
}
$out = '';
$btn_content = null;
$link_attrib = [];
// generate image tag
if ($attrib['type'] == 'image') {
$attrib_str = html::attrib_string(
$attrib,
[
'style', 'class', 'id', 'width', 'height', 'border', 'hspace',
'vspace', 'align', 'alt', 'tabindex', 'title',
]
);
$btn_content = sprintf('<img src="%s"%s />', $this->abs_url($attrib['image']), $attrib_str);
if (!empty($attrib['label'])) {
$btn_content .= ' ' . $attrib['label'];
}
$link_attrib = ['href', 'onclick', 'onmouseover', 'onmouseout', 'onmousedown', 'onmouseup', 'target'];
} elseif ($attrib['type'] == 'link') {
$btn_content = $attrib['content'] ?? (!empty($attrib['label']) ? $attrib['label'] : $attrib['command']);
$link_attrib = array_merge(html::$common_attrib, ['href', 'onclick', 'tabindex', 'target', 'rel']);
if (!empty($attrib['innerclass'])) {
$btn_content = html::span($attrib['innerclass'], $btn_content);
}
} elseif ($attrib['type'] == 'input') {
$attrib['type'] = 'button';
if (!empty($attrib['label'])) {
$attrib['value'] = $attrib['label'];
}
if (!empty($attrib['command'])) {
$attrib['disabled'] = 'disabled';
}
$out = html::tag('input', $attrib, null, ['type', 'value', 'onclick', 'id', 'class', 'style', 'tabindex', 'disabled']);
} else {
if (!empty($attrib['label'])) {
$attrib['value'] = $attrib['label'];
}
if (!empty($attrib['command'])) {
$attrib['disabled'] = 'disabled';
}
$content = $attrib['content'] ?? $attrib['label'];
$out = html::tag('button', $attrib, $content, ['type', 'value', 'onclick', 'id', 'class', 'style', 'tabindex', 'disabled']);
}
// generate html code for button
if ($btn_content) {
$attrib_str = html::attrib_string($attrib, $link_attrib);
$out = sprintf('<a%s>%s</a>', $attrib_str, $btn_content);
}
if (!empty($attrib['wrapper'])) {
$out = html::tag($attrib['wrapper'], null, $out);
}
if (!empty($menuitem)) {
$class = !empty($attrib['menuitem-class']) ? ' class="' . $attrib['menuitem-class'] . '"' : '';
$out = '<li role="menuitem"' . $class . '>' . $out . '</li>';
}
return $out;
}
/**
* Link an external script file
*
* @param string $file File URL
* @param string $position Target position [head|head_bottom|foot]
*/
public function include_script($file, $position = 'head', $add_path = true)
{
if ($add_path && !preg_match('|^https?://|i', $file) && $file[0] != '/') {
$file = $this->file_mod($this->scripts_path . $file);
}
if (!isset($this->script_files[$position]) || !is_array($this->script_files[$position])) {
$this->script_files[$position] = [];
}
if (!in_array($file, $this->script_files[$position])) {
$this->script_files[$position][] = $file;
}
}
/**
* Add inline javascript code
*
* @param string $script JS code snippet
* @param string $position Target position [head|head_top|foot|docready]
*/
public function add_script($script, $position = 'head')
{
if (!isset($this->scripts[$position])) {
$this->scripts[$position] = rtrim($script);
} else {
$this->scripts[$position] .= "\n" . rtrim($script);
}
}
/**
* Link an external css file
*
* @param string $file File URL
*/
public function include_css($file)
{
$this->css_files[] = $file;
}
/**
* Add HTML code to the page header
*
* @param string $str HTML code
*/
public function add_header($str)
{
$this->header .= "\n" . $str;
}
/**
* Add HTML code to the page footer
* To be added right before </body>
*
* @param string $str HTML code
*/
public function add_footer($str)
{
$this->footer .= "\n" . $str;
}
/**
* Process template and write to stdOut
*
* @param string $output HTML output
*/
protected function _write($output = '')
{
$output = trim($output);
if (empty($output)) {
$output = html::doctype('html5') . "\n" . $this->default_template;
$is_empty = true;
}
$merge_script_files = static function ($output, $script) {
return $output . html::script($script);
};
$merge_scripts = static function ($output, $script) {
return $output . html::script([], $script);
};
// put docready commands into page footer
if (!empty($this->scripts['docready'])) {
$this->add_script("\$(function() {\n" . $this->scripts['docready'] . "\n});", 'foot');
}
$page_header = '';
$page_footer = '';
$meta = '';
// declare page language
if (!empty($_SESSION['language'])) {
$lang = substr($_SESSION['language'], 0, 2);
$output = preg_replace('/<html/', '<html lang="' . html::quote($lang) . '"', $output, 1);
if (!headers_sent()) {
$this->header('Content-Language: ' . $lang);
}
}
// include meta tag with charset
if (!empty($this->charset)) {
if (!headers_sent()) {
$this->header('Content-Type: text/html; charset=' . $this->charset);
}
$meta .= html::tag('meta', [
'http-equiv' => 'content-type',
'content' => "text/html; charset={$this->charset}",
'nl' => true,
]);
}
// include page title (after charset specification)
$meta .= '<title>' . html::quote($this->get_pagetitle()) . "</title>\n";
$output = (string) preg_replace('/(<head[^>]*>)\n*/i', "\\1\n{$meta}", $output, 1, $count);
if (!$count) {
$page_header .= $meta;
}
// include scripts into header/footer
if (!empty($this->script_files['head'])) {
$page_header .= array_reduce((array) $this->script_files['head'], $merge_script_files);
}
$head = $this->scripts['head_top'] ?? '';
$head .= $this->scripts['head'] ?? '';
$page_header .= array_reduce((array) $head, $merge_scripts);
$page_header .= $this->header . "\n";
if (!empty($this->script_files['head_bottom'])) {
$page_header .= array_reduce((array) $this->script_files['head_bottom'], $merge_script_files);
}
if (!empty($this->script_files['foot'])) {
$page_footer .= array_reduce((array) $this->script_files['foot'], $merge_script_files);
}
$page_footer .= $this->footer . "\n";
if (!empty($this->scripts['foot'])) {
$page_footer .= array_reduce((array) $this->scripts['foot'], $merge_scripts);
}
// find page header
if ($hpos = stripos($output, '</head>')) {
$page_header .= "\n";
} else {
if (!is_numeric($hpos)) {
$hpos = stripos($output, '<body');
}
if (!is_numeric($hpos) && ($hpos = stripos($output, '<html'))) {
// @phpstan-ignore-next-line
while ($output[$hpos] != '>') {
$hpos++;
}
$hpos++;
}
$page_header = "<head>\n{$page_header}\n</head>\n";
}
// add page header
if ($hpos) {
$output = substr_replace($output, $page_header, $hpos, 0);
} else {
$output = $page_header . $output;
}
// add page footer
if (($fpos = strripos($output, '</body>')) || ($fpos = strripos($output, '</html>'))) {
// for Elastic: put footer content before "footer scripts"
while (($npos = strripos($output, "\n", -strlen($output) + $fpos - 1))
&& $npos != $fpos
&& ($chunk = substr($output, $npos, $fpos - $npos)) !== ''
&& (trim($chunk) === '' || preg_match('/\s*<script[^>]+><\/script>\s*/', $chunk))
) {
$fpos = $npos;
}
$output = substr_replace($output, $page_footer . "\n", $fpos, 0);
} else {
$output .= "\n" . $page_footer;
}
// add css files in head, before scripts, for speed up with parallel downloads
if (!empty($this->css_files) && empty($is_empty)
&& (($pos = stripos($output, '<script ')) || ($pos = stripos($output, '</head>')))
) {
$css = '';
foreach ($this->css_files as $file) {
$is_less = substr_compare($file, '.less', -5, 5, true) === 0;
$css .= html::tag('link', [
'rel' => $is_less ? 'stylesheet/less' : 'stylesheet',
'type' => 'text/css',
'href' => $file,
'nl' => true,
]);
}
$output = substr_replace($output, $css, $pos, 0);
}
$output = $this->parse_with_globals($this->fix_paths($output));
if ($this->assets_path) {
$output = $this->fix_assets_paths($output);
}
$output = $this->postrender($output);
// trigger hook with final HTML content to be sent
$hook = $this->app->plugins->exec_hook('send_page', ['content' => $output]);
if (!$hook['abort']) {
if ($this->charset != RCUBE_CHARSET) {
echo rcube_charset::convert($hook['content'], RCUBE_CHARSET, $this->charset);
} else {
echo $hook['content'];
}
}
}
/**
* Returns iframe object, registers some related env variables
*
* @param array $attrib HTML attributes
* @param bool $is_contentframe Register this iframe as the 'contentframe' gui object
*
* @return string IFRAME element
*/
public function frame($attrib, $is_contentframe = false)
{
static $idcount = 0;
if (empty($attrib['id'])) {
$attrib['id'] = 'rcmframe' . ++$idcount;
}
$attrib['name'] = $attrib['id'];
$attrib['src'] = !empty($attrib['src']) ? $this->abs_url($attrib['src'], true) : 'javascript:false;';
// register as 'contentframe' object
if ($is_contentframe || !empty($attrib['contentframe'])) {
$this->set_env('contentframe', !empty($attrib['contentframe']) ? $attrib['contentframe'] : $attrib['name']);
}
return html::iframe($attrib);
}
// common functions delivering gui objects
/**
* Create a form tag with the necessary hidden fields
*
* @param array $attrib Named tag parameters
* @param string $content HTML content of the form
*
* @return string HTML code for the form
*/
public function form_tag($attrib, $content = null)
{
$hidden = '';
if (!empty($this->env['extwin'])) {
$hiddenfield = new html_hiddenfield(['name' => '_extwin', 'value' => '1']);
$hidden = $hiddenfield->show();
} elseif ($this->framed || !empty($this->env['framed'])) {
$hiddenfield = new html_hiddenfield(['name' => '_framed', 'value' => '1']);
$hidden = $hiddenfield->show();
}
if (!$content) {
$attrib['noclose'] = true;
}
return html::tag('form',
$attrib + ['action' => $this->app->comm_path, 'method' => 'get'],
$hidden . $content,
['id', 'class', 'style', 'name', 'method', 'action', 'enctype', 'onsubmit']
);
}
/**
* Build a form tag with a unique request token
*
* @param array $attrib Named tag parameters including 'action' and 'task' values
* which will be put into hidden fields
* @param string $content Form content
*
* @return string HTML code for the form
*/
public function request_form($attrib, $content = '')
{
$hidden = new html_hiddenfield();
if (!empty($attrib['task'])) {
$hidden->add(['name' => '_task', 'value' => $attrib['task']]);
}
if (!empty($attrib['action'])) {
$hidden->add(['name' => '_action', 'value' => $attrib['action']]);
}
// we already have a <form> tag
if (!empty($attrib['form'])) {
if ($this->framed || !empty($this->env['framed'])) {
$hidden->add(['name' => '_framed', 'value' => '1']);
}
return $hidden->show() . $content;
}
unset($attrib['task'], $attrib['request']);
$attrib['action'] = './';
return $this->form_tag($attrib, $hidden->show() . $content);
}
/**
* GUI object 'username'
* Showing IMAP username of the current session
*
* @param array $attrib Named tag parameters (currently not used)
*
* @return string HTML code for the gui object
*/
public function current_username($attrib)
{
static $username;
// already fetched
if (!empty($username)) {
return $username;
}
// Current username is an e-mail address
if (isset($_SESSION['username']) && strpos($_SESSION['username'], '@')) {
$username = $_SESSION['username'];
}
// get e-mail address from default identity
elseif ($sql_arr = $this->app->user->get_identity()) {
$username = $sql_arr['email'];
} else {
$username = $this->app->user->get_username();
}
$username = rcube_utils::idn_to_utf8($username);
return html::quote($username);
}
/**
* GUI object 'loginform'
* Returns code for the webmail login form
*
* @param array $attrib Named parameters
*
* @return string HTML code for the gui object
*/
protected function login_form($attrib)
{
$default_host = $this->config->get('imap_host');
$autocomplete = (int) $this->config->get('login_autocomplete');
$username_filter = $this->config->get('login_username_filter');
$_SESSION['temp'] = true;
// save original url
$url = rcube_utils::get_input_string('_url', rcube_utils::INPUT_POST);
if (
empty($url)
&& !empty($_SERVER['QUERY_STRING'])
&& !preg_match('/_(task|action)=logout/', $_SERVER['QUERY_STRING'])
) {
$url = $_SERVER['QUERY_STRING'];
}
// Disable autocapitalization on iPad/iPhone (#1488609)
$attrib['autocapitalize'] = 'off';
$form_name = !empty($attrib['form']) ? $attrib['form'] : 'form';
// set autocomplete attribute
$user_attrib = $autocomplete > 0 ? [] : ['autocomplete' => 'off'];
$host_attrib = $autocomplete > 0 ? [] : ['autocomplete' => 'off'];
$pass_attrib = $autocomplete > 1 ? [] : ['autocomplete' => 'off'];
if ($username_filter && strtolower($username_filter) == 'email') {
$user_attrib['type'] = 'email';
}
$input_task = new html_hiddenfield(['name' => '_task', 'value' => 'login']);
$input_action = new html_hiddenfield(['name' => '_action', 'value' => 'login']);
$input_tzone = new html_hiddenfield(['name' => '_timezone', 'id' => 'rcmlogintz', 'value' => '_default_']);
$input_url = new html_hiddenfield(['name' => '_url', 'id' => 'rcmloginurl', 'value' => $url]);
$input_user = new html_inputfield(['name' => '_user', 'id' => 'rcmloginuser', 'required' => 'required']
+ $attrib + $user_attrib);
$input_pass = new html_passwordfield(['name' => '_pass', 'id' => 'rcmloginpwd', 'required' => 'required']
+ $attrib + $pass_attrib);
$input_host = null;
$form_content = [
'hidden' => [
'task' => $input_task->show(),
'action' => $input_action->show(),
'tzone' => $input_tzone->show(),
'url' => $input_url->show(),
],
'inputs' => [
'user' => [
'title' => html::label('rcmloginuser', html::quote($this->app->gettext('username'))),
'content' => $input_user->show(rcube_utils::get_input_string('_user', rcube_utils::INPUT_GPC)),
],
'password' => [
'title' => html::label('rcmloginpwd', html::quote($this->app->gettext('password'))),
'content' => $input_pass->show(),
],
],
'buttons' => [],
];
if (is_array($default_host) && count($default_host) > 1) {
$input_host = new html_select(['name' => '_host', 'id' => 'rcmloginhost', 'class' => 'custom-select']);
foreach ($default_host as $key => $value) {
if (!is_array($value)) {
$input_host->add($value, is_numeric($key) ? $value : $key);
} else {
$input_host = null;
break;
}
}
} elseif (is_array($default_host) && ($host = key($default_host)) !== null) {
$val = is_numeric($host) ? $default_host[$host] : $host;
$input_host = new html_hiddenfield(['name' => '_host', 'id' => 'rcmloginhost', 'value' => $val] + $attrib);
$form_content['hidden']['host'] = $input_host->show();
$input_host = null;
} elseif (empty($default_host)) {
$input_host = new html_inputfield(['name' => '_host', 'id' => 'rcmloginhost', 'class' => 'form-control']
+ $attrib + $host_attrib);
}
// add host selection row
if (is_object($input_host)) {
$form_content['inputs']['host'] = [
'title' => html::label('rcmloginhost', html::quote($this->app->gettext('server'))),
'content' => $input_host->show(rcube_utils::get_input_string('_host', rcube_utils::INPUT_GPC)),
];
}
if (rcube_utils::get_boolean($attrib['submit'])) {
$button_attr = ['type' => 'submit', 'id' => 'rcmloginsubmit', 'class' => 'button mainaction submit'];
$button = html::tag('button', $button_attr, $this->app->gettext('login'));
$form_content['buttons']['submit'] = ['outterclass' => 'formbuttons', 'content' => $button];
}
$data = $this->app->plugins->exec_hook('loginform_content', $form_content);
$this->add_gui_object('loginform', $form_name);
// output login form contents
$out = implode('', $data['hidden']);
if (count($data['inputs']) > 0) {
// create HTML table with two cols
$table = new html_table(['cols' => 2]);
foreach ($data['inputs'] as $input) {
if (isset($input['title'])) {
$table->add('title', $input['title']);
$table->add('input', $input['content']);
} else {
$table->add(['colspan' => 2, 'class' => 'input'], $input['content']);
}
}
$out .= $table->show();
}
foreach ($data['buttons'] as $button) {
$out .= html::p($button['outterclass'], $button['content']);
}
// surround html output with a form tag
if (empty($attrib['form'])) {
$out = $this->form_tag(['name' => $form_name, 'method' => 'post'], $out);
}
return $out;
}
/**
* GUI object 'preloader'
* Loads javascript code for images preloading
*
* @param array $attrib Named parameters
*/
protected function preloader($attrib): void
{
$images = preg_split('/[\s\t\n,]+/', $attrib['images'], -1, \PREG_SPLIT_NO_EMPTY);
$images = array_map([$this, 'abs_url'], $images);
$images = array_map([$this, 'asset_url'], $images);
if (empty($images) || (isset($_REQUEST['_task']) && $_REQUEST['_task'] == 'logout')) {
return;
}
$this->add_script('var images = ' . self::json_serialize($images, $this->devel_mode) . ';
for (var i=0; i<images.length; i++) {
img = new Image();
img.src = images[i];
}', 'docready');
}
/**
* GUI object 'searchform'
* Returns code for search function
*
* @param array $attrib Named parameters
*
* @return string HTML code for the gui object
*/
public function search_form($attrib)
{
// add some labels to client
$this->add_label('searching');
$attrib['name'] = '_q';
$attrib['class'] = trim((!empty($attrib['class']) ? $attrib['class'] : '') . ' no-bs');
if (empty($attrib['id'])) {
$attrib['id'] = 'rcmqsearchbox';
}
if (isset($attrib['type']) && $attrib['type'] == 'search' && !$this->browser->khtml) {
unset($attrib['type'], $attrib['results']);
}
if (empty($attrib['placeholder'])) {
$attrib['placeholder'] = $this->app->gettext('searchplaceholder');
}
$label = html::label(['for' => $attrib['id'], 'class' => 'voice'], rcube::Q($this->app->gettext('arialabelsearchterms')));
$input_q = new html_inputfield($attrib);
$out = $label . $input_q->show();
$name = 'qsearchbox';
// Support for multiple searchforms on the same page
if (isset($attrib['gui-object']) && $attrib['gui-object'] !== false && $attrib['gui-object'] !== 'false') {
$name = $attrib['gui-object'];
}
$this->add_gui_object($name, $attrib['id']);
// add form tag around text field
if (empty($attrib['form']) && empty($attrib['no-form'])) {
$out = $this->form_tag([
'name' => !empty($attrib['form-name']) ? $attrib['form-name'] : 'rcmqsearchform',
'onsubmit' => sprintf(
"%s.command('%s'); return false",
self::JS_OBJECT_NAME,
!empty($attrib['command']) ? $attrib['command'] : 'search'
),
// 'style' => "display:inline"
], $out);
}
if (!empty($attrib['wrapper'])) {
$options_button = '';
$ariatag = !empty($attrib['ariatag']) ? $attrib['ariatag'] : 'h2';
$domain = !empty($attrib['label-domain']) ? $attrib['label-domain'] : null;
$options = !empty($attrib['options']) ? $attrib['options'] : null;
$header_label = $this->app->gettext('arialabel' . $attrib['label'], $domain);
$header_attrs = [
'id' => 'aria-label-' . $attrib['label'],
'class' => 'voice',
];
$header = html::tag($ariatag, $header_attrs, rcube::Q($header_label));
if (!empty($attrib['options'])) {
$options_button = $this->button([
'type' => 'link',
'href' => '#search-filter',
'class' => 'button options',
'label' => 'options',
'title' => 'options',
'tabindex' => '0',
'innerclass' => 'inner',
'data-target' => $options,
]);
}
$search_button = $this->button([
'type' => 'link',
'href' => '#search',
'class' => 'button search',
'label' => $attrib['buttontitle'],
'title' => $attrib['buttontitle'],
'tabindex' => '0',
'innerclass' => 'inner',
]);
$reset_button = $this->button([
'type' => 'link',
'command' => !empty($attrib['reset-command']) ? $attrib['reset-command'] : 'reset-search',
'class' => 'button reset',
'label' => 'resetsearch',
'title' => 'resetsearch',
'tabindex' => '0',
'innerclass' => 'inner',
]);
$out = html::div([
'role' => 'search',
'aria-labelledby' => !empty($attrib['label']) ? 'aria-label-' . $attrib['label'] : null,
'class' => $attrib['wrapper'],
],
"{$header}{$out}\n{$reset_button}\n{$options_button}\n{$search_button}"
);
}
return $out;
}
/**
* Builder for GUI object 'message'
*
* @param array $attrib Named tag parameters
*
* @return string HTML code for the gui object
*/
protected function message_container($attrib)
{
if (isset($attrib['id']) === false) {
$attrib['id'] = 'rcmMessageContainer';
}
$this->add_gui_object('message', $attrib['id']);
return html::div($attrib, '');
}
/**
* GUI object 'charsetselector'
*
* @param array $attrib Named parameters for the select tag
*
* @return string HTML code for the gui object
*/
public function charset_selector($attrib)
{
// pass the following attributes to the form class
$field_attrib = ['name' => '_charset'];
foreach ($attrib as $attr => $value) {
if (in_array($attr, ['id', 'name', 'class', 'style', 'size', 'tabindex'])) {
$field_attrib[$attr] = $value;
}
}
$charsets = [
'UTF-8' => 'UTF-8 (' . $this->app->gettext('unicode') . ')',
'US-ASCII' => 'ASCII (' . $this->app->gettext('english') . ')',
'ISO-8859-1' => 'ISO-8859-1 (' . $this->app->gettext('westerneuropean') . ')',
'ISO-8859-2' => 'ISO-8859-2 (' . $this->app->gettext('easterneuropean') . ')',
'ISO-8859-4' => 'ISO-8859-4 (' . $this->app->gettext('baltic') . ')',
'ISO-8859-5' => 'ISO-8859-5 (' . $this->app->gettext('cyrillic') . ')',
'ISO-8859-6' => 'ISO-8859-6 (' . $this->app->gettext('arabic') . ')',
'ISO-8859-7' => 'ISO-8859-7 (' . $this->app->gettext('greek') . ')',
'ISO-8859-8' => 'ISO-8859-8 (' . $this->app->gettext('hebrew') . ')',
'ISO-8859-9' => 'ISO-8859-9 (' . $this->app->gettext('turkish') . ')',
'ISO-8859-10' => 'ISO-8859-10 (' . $this->app->gettext('nordic') . ')',
'ISO-8859-11' => 'ISO-8859-11 (' . $this->app->gettext('thai') . ')',
'ISO-8859-13' => 'ISO-8859-13 (' . $this->app->gettext('baltic') . ')',
'ISO-8859-14' => 'ISO-8859-14 (' . $this->app->gettext('celtic') . ')',
'ISO-8859-15' => 'ISO-8859-15 (' . $this->app->gettext('westerneuropean') . ')',
'ISO-8859-16' => 'ISO-8859-16 (' . $this->app->gettext('southeasterneuropean') . ')',
'WINDOWS-1250' => 'Windows-1250 (' . $this->app->gettext('easterneuropean') . ')',
'WINDOWS-1251' => 'Windows-1251 (' . $this->app->gettext('cyrillic') . ')',
'WINDOWS-1252' => 'Windows-1252 (' . $this->app->gettext('westerneuropean') . ')',
'WINDOWS-1253' => 'Windows-1253 (' . $this->app->gettext('greek') . ')',
'WINDOWS-1254' => 'Windows-1254 (' . $this->app->gettext('turkish') . ')',
'WINDOWS-1255' => 'Windows-1255 (' . $this->app->gettext('hebrew') . ')',
'WINDOWS-1256' => 'Windows-1256 (' . $this->app->gettext('arabic') . ')',
'WINDOWS-1257' => 'Windows-1257 (' . $this->app->gettext('baltic') . ')',
'WINDOWS-1258' => 'Windows-1258 (' . $this->app->gettext('vietnamese') . ')',
'ISO-2022-JP' => 'ISO-2022-JP (' . $this->app->gettext('japanese') . ')',
'ISO-2022-KR' => 'ISO-2022-KR (' . $this->app->gettext('korean') . ')',
'ISO-2022-CN' => 'ISO-2022-CN (' . $this->app->gettext('chinese') . ')',
'EUC-JP' => 'EUC-JP (' . $this->app->gettext('japanese') . ')',
'EUC-KR' => 'EUC-KR (' . $this->app->gettext('korean') . ')',
'EUC-CN' => 'EUC-CN (' . $this->app->gettext('chinese') . ')',
'BIG5' => 'BIG5 (' . $this->app->gettext('chinese') . ')',
'GB2312' => 'GB2312 (' . $this->app->gettext('chinese') . ')',
'KOI8-R' => 'KOI8-R (' . $this->app->gettext('cyrillic') . ')',
];
if ($post = rcube_utils::get_input_string('_charset', rcube_utils::INPUT_POST)) {
$set = $post;
} elseif (!empty($attrib['selected'])) {
$set = $attrib['selected'];
} else {
$set = $this->get_charset();
}
$set = strtoupper($set);
if (!isset($charsets[$set]) && preg_match('/^[A-Z0-9-]+$/', $set)) {
$charsets[$set] = $set;
}
$select = new html_select($field_attrib);
$select->add(array_values($charsets), array_keys($charsets));
return $select->show($set);
}
/**
* Include content from config/about.<LANG>.html if available
*/
protected function about_content($attrib)
{
$content = '';
$filenames = [
'about.' . $_SESSION['language'] . '.html',
'about.' . substr($_SESSION['language'], 0, 2) . '.html',
'about.html',
];
foreach ($filenames as $file) {
$fn = RCUBE_CONFIG_DIR . $file;
if (is_readable($fn)) {
$content = file_get_contents($fn);
$content = $this->parse_conditions($content);
$content = $this->parse_xml($content);
break;
}
}
return $content;
}
/**
* Get logo URL for current template based on skin_logo config option
*
* @param string $type Type of the logo to check for (e.g. 'print' or 'small')
* default is null (no special type)
* @param string $match (optional) 'all' = type, template or wildcard, 'template' = type or template
* Note: when type is specified matches are limited to type only unless $match is defined
*
* @return string|null image URL
*/
protected function get_template_logo($type = null, $match = null)
{
$template_logo = null;
if ($logo = $this->config->get('skin_logo')) {
if (is_array($logo)) {
$template_names = [
$this->skin_name . ':' . $this->template_name . '[' . $type . ']',
$this->skin_name . ':' . $this->template_name,
$this->skin_name . ':*[' . $type . ']',
$this->skin_name . ':[' . $type . ']',
$this->skin_name . ':*',
'*:' . $this->template_name . '[' . $type . ']',
'*:' . $this->template_name,
'*:*[' . $type . ']',
'*:[' . $type . ']',
$this->template_name . '[' . $type . ']',
$this->template_name,
'*[' . $type . ']',
'[' . $type . ']',
'*',
];
if (empty($type)) {
// If no type provided then remove those options from the list
$template_names = preg_grep('/\]$/', $template_names, \PREG_GREP_INVERT);
} elseif ($match === null) {
// Type specified with no special matching requirements so remove all none type specific options from the list
$template_names = preg_grep('/\]$/', $template_names);
}
if ($match == 'template') {
// Match only specific type or template name
$template_names = preg_grep('/\*$/', $template_names, \PREG_GREP_INVERT);
}
foreach ($template_names as $key) {
if (isset($logo[$key])) {
$template_logo = $logo[$key];
break;
}
}
} elseif ($type != 'link') {
$template_logo = $logo;
}
}
return $template_logo;
}
}
Function Calls
None |
Stats
MD5 | 7e95228b1b7797029e9603d745b4476a |
Eval Count | 0 |
Decode Time | 139 ms |