*
* Functions needed to display the options pages.
*
- * @copyright © 1999-2009 The SquirrelMail Project Team
+ * @copyright 1999-2018 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
* @var string
*/
var $trailing_text;
+ /**
+ * Indicates that the widget's "trailing text"
+ * should be displayed in a smaller sized font
+ *
+ * @var boolean
+ */
+ var $trailing_text_small;
+ /**
+ * Indicates that the widget's "trailing text"
+ * contains HTML and should not thus be
+ * sanitized (encoded)
+ *
+ * @var boolean
+ */
+ var $trailing_text_is_html;
/**
* Text that overrides the "Yes" label for boolean
* radio option widgets
* @var boolean
*/
var $use_delete_widget;
+ /**
+ * associative array, treated the same as $possible_values
+ * (see its documentation below), but usually expected to
+ * have its first value contain a list of IMAP folders, an
+ * array itself in the format as passed back by
+ * sqimap_mailbox_list(). Used to display folder selector
+ * for possible values of an associative edit list option
+ * widget
+ *
+ * @since 1.5.2
+ * @var array
+ */
+ var $poss_value_folders;
/**
* text displayed to the user
*
var $htmlencoded=false;
/**
* Controls folder list limits in SMOPT_TYPE_FLDRLIST and
- * SMOPT_TYPE_FLDRLIST_MULTI widgets.
+ * SMOPT_TYPE_FLDRLIST_MULTI widgets as well as the optional
+ * embedded folder lists provided for inputting values for
+ * the SMOPT_TYPE_EDIT_LIST and SMOPT_TYPE_EDIT_LIST_ASSOCIATIVE
+ * :idgets.
* See $flag argument in sqimap_mailbox_option_list() function.
* @var string
* @since 1.5.1
var $folder_filter='noselect';
/**
- * Constructor function
+ * Constructor (PHP5 style, required in some future version of PHP)
* @param array $raw_option_array
* @param string $name
* @param string $caption
* @param array $possible_values
* @param bool $htmlencoded
*/
- function SquirrelOption
+ function __construct
($raw_option_array, $name, $caption, $type, $refresh_level, $initial_value = '', $possible_values = '', $htmlencoded = false) {
/* Set the basic stuff. */
$this->raw_option_array = $raw_option_array;
$this->htmlencoded = $htmlencoded;
$this->size = SMOPT_SIZE_NORMAL;
$this->trailing_text = '';
+ $this->trailing_text_small = FALSE;
+ $this->trailing_text_is_html = FALSE;
$this->yes_text = '';
$this->no_text = '';
$this->comment = '';
$this->layout_type = 0;
$this->use_add_widget = TRUE;
$this->use_delete_widget = TRUE;
+ $this->poss_value_folders = '';
$this->aExtraAttribs = array();
$this->post_script = '';
//Check for a current value.
if (isset($GLOBALS[$name])) {
$this->value = $GLOBALS[$name];
+ // TODO: This code should be something more like the following, but who knows what would break if it was changed at this point
+ // } else if (initial_value !== '') {
} else if (!empty($initial_value)) {
$this->value = $initial_value;
} else {
}
}
+ /**
+ * Constructor (PHP4 style, kept for compatibility reasons)
+ * @param array $raw_option_array
+ * @param string $name
+ * @param string $caption
+ * @param integer $type
+ * @param integer $refresh_level
+ * @param mixed $initial_value
+ * @param array $possible_values
+ * @param bool $htmlencoded
+ */
+ function SquirrelOption
+ ($raw_option_array, $name, $caption, $type, $refresh_level, $initial_value = '', $possible_values = '', $htmlencoded = false) {
+ self::__construct($raw_option_array, $name, $caption, $type, $refresh_level, $initial_value, $possible_values, $htmlencoded);
+ }
+
/** Convenience function that identifies which types of
widgets are stored as (serialized) array values. */
function is_multiple_valued() {
return ($this->type == SMOPT_TYPE_FLDRLIST_MULTI
|| $this->type == SMOPT_TYPE_STRLIST_MULTI
- || $this->type == SMOPT_TYPE_EDIT_LIST);
+ || $this->type == SMOPT_TYPE_EDIT_LIST
+ || $this->type == SMOPT_TYPE_EDIT_LIST_ASSOCIATIVE);
}
/**
$this->trailing_text = $trailing_text;
}
+ /**
+ * Set the trailing_text_small for this option.
+ * @param boolean $trailing_text_small
+ */
+ function setTrailingTextSmall($trailing_text_small) {
+ $this->trailing_text_small = $trailing_text_small;
+ }
+
+ /**
+ * Set the trailing_text_is_html for this option.
+ * @param boolean $trailing_text_is_html
+ */
+ function setTrailingTextIsHtml($trailing_text_is_html) {
+ $this->trailing_text_is_html = $trailing_text_is_html;
+ }
+
/**
* Set the yes_text for this option.
* @param string $yes_text
$this->use_delete_widget = $use_delete_widget;
}
+ /* Set the "poss value folders" value for this option.
+ See the associative edit list widget, which uses this
+ to offer folder list selection for the values */
+ function setPossValueFolders($poss_value_folders) {
+ $this->poss_value_folders = $poss_value_folders;
+ }
+
/**
* Set the layout type for this option.
* @param int $layout_type
case SMOPT_TYPE_EDIT_LIST:
$result = $this->createWidget_EditList();
break;
+ case SMOPT_TYPE_EDIT_LIST_ASSOCIATIVE:
+ $result = $this->createWidget_EditListAssociative();
+ break;
case SMOPT_TYPE_STRLIST_MULTI:
$result = $this->createWidget_StrList(TRUE);
break;
* @return string html formated output
*/
function createWidget_Info() {
- return sq_htmlspecialchars($this->value);
+ // return sq_htmlspecialchars($this->value);
+ // like COMMENT, allow HTML here
+ return $this->value;
}
/**
$width = 25;
}
-//TODO: might be better to have a separate template file for all widgets, because then the layout of the widget and the "trailing text" can be customized - they are still hard coded here
+//TODO: might be better to have a separate template file for all widgets, because then the layout of the widget and the "trailing text" can be customized - they are still hard coded here (also, we have <small> tags here; don't want HTML here!)
if ($password)
- return addPwField('new_' . $this->name, $this->value, $width, 0, $this->aExtraAttribs) . ' ' . htmlspecialchars($this->trailing_text);
+ return addPwField('new_' . $this->name, $this->value, $width, 0, $this->aExtraAttribs) . ' ' . ($this->trailing_text_small ? '<small>' : '') . ($this->trailing_text_is_html ? $this->trailing_text : sm_encode_html_special_chars($this->trailing_text)) . ($this->trailing_text_small ? '</small>' : '');
else
- return addInput('new_' . $this->name, $this->value, $width, 0, $this->aExtraAttribs) . ' ' . htmlspecialchars($this->trailing_text);
+ return addInput('new_' . $this->name, $this->value, $width, 0, $this->aExtraAttribs) . ' ' . ($this->trailing_text_small ? '<small>' : '') . ($this->trailing_text_is_html ? $this->trailing_text : sm_encode_html_special_chars($this->trailing_text)) . ($this->trailing_text_small ? '</small>' : '');
}
/**
$height = 5;
}
- return addSelect('new_' . $this->name, $this->possible_values, $this->value, TRUE, $this->aExtraAttribs, $multiple_select, $height, !$this->htmlencoded) . htmlspecialchars($this->trailing_text);
+ return addSelect('new_' . $this->name, $this->possible_values, $this->value, TRUE, $this->aExtraAttribs, $multiple_select, $height, !$this->htmlencoded) . ($this->trailing_text_small ? '<small>' : '') . ($this->trailing_text_is_html ? $this->trailing_text : sm_encode_html_special_chars($this->trailing_text)) . ($this->trailing_text_small ? '</small>' : '');
}
$option_list = array('ignore' => _("unavailable"));
- return addSelect('new_' . $this->name, $option_list, $this->value, TRUE, $this->aExtraAttribs, $multiple_select, $height) . htmlspecialchars($this->trailing_text);
+ return addSelect('new_' . $this->name, $option_list, $this->value, TRUE, $this->aExtraAttribs, $multiple_select, $height) . ($this->trailing_text_small ? '<small>' : '') . ($this->trailing_text_is_html ? $this->trailing_text : sm_encode_html_special_chars($this->trailing_text)) . ($this->trailing_text_small ? '</small>' : '');
}
// checkbox...
//
if ($checkbox) {
- $result = addCheckbox('new_' . $this->name, ($this->value != SMPREF_NO), SMPREF_YES, array_merge(array('id' => 'new_' . $this->name), $this->aExtraAttribs)) . $nbsp . create_label($this->trailing_text, 'new_' . $this->name);
+//TODO: Why isn't trailing_text being sanitized with sm_encode_special_chars()??? If this is a bug, add that, then add the option to display unsanitized if $this->trailing_text_is_html is enabled
+ $result = addCheckbox('new_' . $this->name, ($this->value != SMPREF_NO), SMPREF_YES, array_merge(array('id' => 'new_' . $this->name), $this->aExtraAttribs)) . $nbsp . create_label(($this->trailing_text_small ? '<small>' : '') . $this->trailing_text . ($this->trailing_text_small ? '</small>' : ''), 'new_' . $this->name);
}
// radio buttons...
$no_option = addRadioBox('new_' . $this->name, ($this->value == SMPREF_NO), SMPREF_NO, array_merge(array('id' => 'new_' . $this->name . '_no'), $this->aExtraAttribs)) . $nbsp . create_label((!empty($this->no_text) ? $this->no_text : _("No")), 'new_' . $this->name . '_no');
/* Build the combined "boolean widget". */
- $result = "$yes_option$nbsp$nbsp$nbsp$nbsp$no_option";
+ $result = "$yes_option$nbsp$nbsp$nbsp$nbsp$no_option " . ($this->trailing_text_small ? '<small>' : '') . ($this->trailing_text_is_html ? $this->trailing_text : sm_encode_html_special_chars($this->trailing_text)) . ($this->trailing_text_small ? '</small>' : '');
}
}
/**
- * Creates an edit list
+ * Creates a (non-associative) edit list
*
* Note that multiple layout types are supported for this widget.
* $this->layout_type must be one of the SMOPT_EDIT_LIST_LAYOUT_*
$oTemplate->assign('use_delete_widget', $this->use_delete_widget);
$oTemplate->assign('trailing_text', $this->trailing_text);
+ $oTemplate->assign('trailing_text_small', $this->trailing_text_small);
+ $oTemplate->assign('trailing_text_is_html', $this->trailing_text_is_html);
$oTemplate->assign('possible_values', $this->possible_values);
- $oTemplate->assign('select_widget', addSelect('new_' . $this->name, $this->possible_values, $this->value, FALSE, !checkForJavascript() ? $this->aExtraAttribs : array_merge(array('onchange' => 'if (typeof(window.addinput_' . $this->name . ') == \'undefined\') { var f = document.forms.length; var i = 0; var pos = -1; while( pos == -1 && i < f ) { var e = document.forms[i].elements.length; var j = 0; while( pos == -1 && j < e ) { if ( document.forms[i].elements[j].type == \'text\' && document.forms[i].elements[j].name == \'add_' . $this->name . '\' ) { pos = j; } j++; } i++; } if( pos >= 0 ) { window.addinput_' . $this->name . ' = document.forms[i-1].elements[pos]; } } for (x = 0; x < this.length; x++) { if (this.options[x].selected) { window.addinput_' . $this->name . '.value = this.options[x].value; break; } }'), $this->aExtraAttribs), TRUE, $height));
+ $oTemplate->assign('current_value', $this->value);
+ $oTemplate->assign('select_widget', addSelect('new_' . $this->name, $this->possible_values, $this->value, FALSE, !checkForJavascript() ? $this->aExtraAttribs : array_merge(array('onchange' => 'if (typeof(window.addinput_' . $this->name . ') == \'undefined\') { var f = document.forms.length; var i = 0; var pos = -1; while( pos == -1 && i < f ) { var e = document.forms[i].elements.length; var j = 0; while( pos == -1 && j < e ) { if ( document.forms[i].elements[j].type == \'text\' && document.forms[i].elements[j].name == \'add_' . $this->name . '\' ) { pos = j; i=f-1; j=e-1; } j++; } i++; } if( pos >= 0 ) { window.addinput_' . $this->name . ' = document.forms[i-1].elements[pos]; } } for (x = 0; x < this.length; x++) { if (this.options[x].selected) { window.addinput_' . $this->name . '.value = this.options[x].text; break; } }'), $this->aExtraAttribs), TRUE, $height));
+// NOTE: i=f-1; j=e-1 is in lieu of break 2
$oTemplate->assign('checkbox_widget', addCheckBox('delete_' . $this->name, FALSE, SMPREF_YES, array_merge(array('id' => 'delete_' . $this->name), $this->aExtraAttribs)));
$oTemplate->assign('name', $this->name);
case SMOPT_EDIT_LIST_LAYOUT_LIST:
return $oTemplate->fetch('edit_list_widget_list_style.tpl');
default:
- error_box(sprintf(_("Edit List Layout Type '%s' Not Found"), $layout_type));
+ error_box(sprintf(_("Edit List Layout Type '%s' Not Found"), $this->layout_type));
+ }
+
+ }
+
+ /**
+ * Creates an associative edit list
+ *
+ * Note that multiple layout types are supported for this widget.
+ * $this->layout_type must be one of the SMOPT_EDIT_LIST_LAYOUT_*
+ * constants.
+ *
+ * @return string html formated list of edit fields and
+ * their associated controls
+ */
+ function createWidget_EditListAssociative() {
+
+ global $oTemplate;
+
+ switch ($this->size) {
+ case SMOPT_SIZE_TINY:
+ $height = 3;
+ break;
+ case SMOPT_SIZE_SMALL:
+ $height = 8;
+ break;
+ case SMOPT_SIZE_MEDIUM:
+ $height = 15;
+ break;
+ case SMOPT_SIZE_LARGE:
+ $height = 25;
+ break;
+ case SMOPT_SIZE_HUGE:
+ $height = 40;
+ break;
+ case SMOPT_SIZE_NORMAL:
+ default:
+ $height = 5;
+ }
+
+
+ // ensure correct format of current value(s)
+ //
+ if (empty($this->possible_values)) $this->possible_values = array();
+ if (!is_array($this->possible_values)) $this->possible_values = array($this->possible_values);
+
+
+ $oTemplate->assign('name', $this->name);
+ $oTemplate->assign('current_value', $this->value);
+ $oTemplate->assign('possible_values', $this->possible_values);
+ $oTemplate->assign('poss_value_folders', $this->poss_value_folders);
+ $oTemplate->assign('folder_filter', $this->folder_filter);
+
+ $oTemplate->assign('use_input_widget', $this->use_add_widget);
+ $oTemplate->assign('use_delete_widget', $this->use_delete_widget);
+
+ $oTemplate->assign('checkbox_widget', addCheckBox('delete_' . $this->name, FALSE, SMPREF_YES, array_merge(array('id' => 'delete_' . $this->name), $this->aExtraAttribs)));
+
+//FIXME: $this->aExtraAttribs probably should only be used in one place
+ $oTemplate->assign('input_key_widget', addInput('add_' . $this->name . '_key', '', 22, 0, $this->aExtraAttribs));
+ $oTemplate->assign('input_value_widget', addInput('add_' . $this->name . '_value', '', 12, 0, $this->aExtraAttribs));
+
+ $oTemplate->assign('select_height', $height);
+
+ $oTemplate->assign('aAttribs', $this->aExtraAttribs);
+
+ $oTemplate->assign('trailing_text', $this->trailing_text);
+ $oTemplate->assign('trailing_text_small', $this->trailing_text_small);
+ $oTemplate->assign('trailing_text_is_html', $this->trailing_text_is_html);
+
+ switch ($this->layout_type) {
+ case SMOPT_EDIT_LIST_LAYOUT_SELECT:
+ return $oTemplate->fetch('edit_list_associative_widget.tpl');
+ case SMOPT_EDIT_LIST_LAYOUT_LIST:
+ return $oTemplate->fetch('edit_list_associative_widget_list_style.tpl');
+ default:
+ error_box(sprintf(_("Associative Edit List Layout Type '%s' Not Found"), $this->layout_type));
}
}
*/
function createWidget_Submit() {
- return addSubmit($this->comment, $this->name, $this->aExtraAttribs) . htmlspecialchars($this->trailing_text);
+ return addSubmit($this->comment, $this->name, $this->aExtraAttribs) . ($this->trailing_text_small ? '<small>' : '') . ($this->trailing_text_is_html ? $this->trailing_text : sm_encode_html_special_chars($this->trailing_text)) . ($this->trailing_text_small ? '</small>' : '');
}
// edit lists have a lot going on, so we'll always process them
//
- if ($this->type == SMOPT_TYPE_EDIT_LIST) return TRUE;
+ if ($this->type == SMOPT_TYPE_EDIT_LIST
+ || $this->type == SMOPT_TYPE_EDIT_LIST_ASSOCIATIVE)
+ return TRUE;
return ($this->value != $this->new_value);
}
return;
}
+ // if the widget is a selection list, make sure the new
+ // value is actually in the selection list and is not an
+ // injection attack
+ //
+ if ($option->type == SMOPT_TYPE_STRLIST
+ && !array_key_exists($option->new_value, $option->possible_values))
+ return;
+
+
+ // all other widgets except TEXTAREAs should never be allowed to have newlines
+ //
+ else if ($option->type != SMOPT_TYPE_TEXTAREA)
+ $option->new_value = str_replace(array("\r", "\n"), '', $option->new_value);
+
+
global $data_dir;
// edit lists: first add new elements to list, then
//
setPref($data_dir, $username, $option->name, serialize($option->possible_values));
+ // associative edit lists are handled similar to
+ // non-associative ones
+ //
+ } else if ($option->type == SMOPT_TYPE_EDIT_LIST_ASSOCIATIVE) {
+
+ if (empty($option->possible_values)) $option->possible_values = array();
+ if (!is_array($option->possible_values)) $option->possible_values = array($option->possible_values);
+
+ // add element if given
+ //
+ $new_element_key = '';
+ $new_element_value = '';
+ $retrieve_key = sqGetGlobalVar('add_' . $option->name . '_key', $new_element_key, SQ_POST);
+ $retrieve_value = sqGetGlobalVar('add_' . $option->name . '_value', $new_element_value, SQ_POST);
+
+ if ((isset($option->use_add_widget) && $option->use_add_widget)
+ && ($retrieve_key || $retrieve_value)) {
+ $new_element_key = trim($new_element_key);
+ $new_element_value = trim($new_element_value);
+ if ($option->poss_value_folders && empty($new_element_key))
+ $new_element_value = '';
+ if (!empty($new_element_key) || !empty($new_element_value)) {
+ if (empty($new_element_key)) $new_element_key = '0';
+ $option->possible_values[$new_element_key] = $new_element_value;
+ }
+ }
+
+ // delete selected elements if needed
+ //
+ if ((isset($option->use_delete_widget) && $option->use_delete_widget)
+ && is_array($option->new_value)
+ && sqGetGlobalVar('delete_' . $option->name, $ignore, SQ_POST)) {
+
+ if ($option->layout_type == SMOPT_EDIT_LIST_LAYOUT_SELECT) {
+ foreach ($option->new_value as $key)
+ unset($option->possible_values[urldecode($key)]);
+ }
+ else
+ $option->possible_values = array_diff($option->possible_values, $option->new_value);
+ }
+
+ // save full list (stored in "possible_values")
+ //
+ setPref($data_dir, $username, $option->name, serialize($option->possible_values));
+
// Certain option types need to be serialized because
// they are not scalar
//
&& empty($option->new_value))
setPref($data_dir, $username, $option->name, SMPREF_OFF);
+ // For integer fields, make sure we only have digits...
+ // We'll be nice and instead of just converting to an integer,
+ // we'll physically remove each non-digit in the string.
+ //
+ else if ($option->type == SMOPT_TYPE_INTEGER) {
+ $option->new_value = preg_replace('/[^0-9]/', '', $option->new_value);
+ setPref($data_dir, $username, $option->name, $option->new_value);
+ }
+
else
setPref($data_dir, $username, $option->name, $option->new_value);
$next_option->setTrailingText($optset['trailing_text']);
}
+ /* If provided, set the trailing_text_small for this option. */
+ if (isset($optset['trailing_text_small'])) {
+ $next_option->setTrailingTextSmall($optset['trailing_text_small']);
+ }
+
+ /* If provided, set the trailing_text_is_html for this option. */
+ if (isset($optset['trailing_text_is_html'])) {
+ $next_option->setTrailingTextIsHtml($optset['trailing_text_is_html']);
+ }
+
/* If provided, set the yes_text for this option. */
if (isset($optset['yes_text'])) {
$next_option->setYesText($optset['yes_text']);
$next_option->setNoText($optset['no_text']);
}
+ /* If provided, set the poss_value_folders value for this option. */
+ if (isset($optset['poss_value_folders'])) {
+ $next_option->setPossValueFolders($optset['poss_value_folders']);
+ }
+
/* If provided, set the layout type for this option. */
if (isset($optset['layout_type'])) {
$next_option->setLayoutType($optset['layout_type']);