Fix for accesskey getting set to 'NONE' in somem cases

[squirrelmail.git] / functions / strings.php

diff --git a/functions/strings.php b/functions/strings.php
index 1fcbd6dc9b7bfc5c8484e4d87f69cb12755f1fde..d582cdc060938951d1141556824ded429a5d3a81 100644 (file)
--- a/functions/strings.php
+++ b/functions/strings.php
@@ -509,6 +509,17 @@ function get_location () {
 
     $port = '';
     if (! strstr($host, ':')) {
+        // Note: HTTP_X_FORWARDED_PROTO could be sent from the client and
+        //       therefore possibly spoofed/hackable - for now, the
+        //       administrator can tell SM to ignore this value by setting
+        //       $sq_ignore_http_x_forwarded_headers to boolean TRUE in
+        //       config/config_local.php, but in the future we may
+        //       want to default this to TRUE and make administrators
+        //       who use proxy systems turn it off (see 1.5.2+).
+        global $sq_ignore_http_x_forwarded_headers;
+        if ($sq_ignore_http_x_forwarded_headers
+         || !sqgetGlobalVar('HTTP_X_FORWARDED_PROTO', $forwarded_proto, SQ_SERVER))
+            $forwarded_proto = '';
         if (sqgetGlobalVar('SERVER_PORT', $server_port, SQ_SERVER)) {
             if (($server_port != 80 && $proto == 'http://') ||
                 ($server_port != 443 && $proto == 'https://' &&
@@ -724,13 +735,17 @@ function quoteimap($str) {
  *
  * Returns a link to the compose-page, taking in consideration
  * the compose_in_new and javascript settings.
- * @param string $url the URL to the compose page
- * @param string $text the link text, default "Compose"
- * @param string $target (since 1.4.3) url target
+ *
+ * @param string $url       The URL to the compose page
+ * @param string $text      The link text, default "Compose"
+ * @param string $target    URL target, if any (since 1.4.3)
+ * @param string $accesskey The access key to be used, if any
+ *
  * @return string a link to the compose page
+ *
  * @since 1.4.2
  */
-function makeComposeLink($url, $text = null, $target='') {
+function makeComposeLink($url, $text = null, $target='', $accesskey='NONE') {
     global $compose_new_win, $compose_width, 
            $compose_height, $oTemplate;
 
@@ -741,7 +756,7 @@ function makeComposeLink($url, $text = null, $target='') {
     // if not using "compose in new window", make
     // regular link and be done with it
     if($compose_new_win != '1') {
-        return makeInternalLink($url, $text, $target);
+        return makeInternalLink($url, $text, $target, $accesskey);
     }
 
     // build the compose in new window link...
@@ -752,11 +767,16 @@ function makeComposeLink($url, $text = null, $target='') {
         sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION);
         $compuri = SM_BASE_URI.$url;
 
-        return create_hyperlink('javascript:void(0)', $text, '', "comp_in_new('$compuri','$compose_width','$compose_height')");
+        return create_hyperlink('javascript:void(0)', $text, '',
+                                "comp_in_new('$compuri','$compose_width','$compose_height')",
+                                '', '', '',
+                                ($accesskey == 'NONE'
+                                ? array()
+                                : array('accesskey' => $accesskey)));
     }
 
     // otherwise, just open new window using regular HTML
-    return makeInternalLink($url, $text, '_blank');
+    return makeInternalLink($url, $text, '_blank', $accesskey);
 }
 
 /**