X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=plugins%2Fcalendar%2Fcalendar_data.php;h=3a267abae43144d509d935d0d89bab4f73dfd66d;hb=c4faef335b2362c81b8ebf026d4066c12d70536c;hp=1441f513b401ddfd3ac57592075426aa922a9726;hpb=91e0dccca7b2452d8b450791cae3aa4125e8889e;p=squirrelmail.git diff --git a/plugins/calendar/calendar_data.php b/plugins/calendar/calendar_data.php index 1441f513..3a267aba 100644 --- a/plugins/calendar/calendar_data.php +++ b/plugins/calendar/calendar_data.php @@ -1,32 +1,69 @@ - * * functions to operate on calendar data files. * - * $Id$ + * @copyright 2002-2020 The SquirrelMail Project Team + * @license http://opensource.org/licenses/gpl-license.php GNU Public License + * @version $Id$ * @package plugins * @subpackage calendar */ -/** this is array that contains all events - * it is three dimensional array with fallowing structure - * $calendardata[date][time] = array(length,priority,title,message); */ +/** + * this is array that contains all events + * it is three dimensional array with fallowing structure + * $calendardata[date][time] = array(length,priority,title,message,reminder); + */ $calendardata = array(); +/** + * Reads multilined calendar data + * + * Plugin stores multiline texts converted to single line with PHP nl2br(). + * Function undoes nl2br() conversion and html encoding of ASCII vertical bar. + * + * Older plugin versions sanitized data with sm_encode_html_special_chars. Since 1.5.1 calendar + * data is not sanitized. Output functions must make sure that data is correctly + * encoded and sanitized. + * @param string $string calendar string + * @return string calendar string converted to multiline text + * @access private + * @since 1.5.1 + */ +function calendar_readmultiline($string) { + /** + * replace html line breaks with ASCII line feeds + * replace htmlencoded | with ASCII vertical bar + */ + $string = str_replace(array('
','
','|'),array("\n","\n",'|'),$string); + return $string; +} + +/** + * Callback function used to sanitize calendar data before saving it to file + * @param string $sValue array value + * @param string $sKey array key + * @access private + * @since 1.5.1 + */ +function calendar_encodedata(&$sValue, $sKey) { + /** + * add html line breaks + * remove original ASCII line feeds and carriage returns + * replace ASCII vertical bar with html code in order to sanitize field delimiter + */ + $sValue = str_replace(array("\n","\r",'|'),array('','','|'),nl2br($sValue)); +} + /** * read events into array * * data is | delimited, just like addressbook * files are structured like this: * date|time|length|priority|title|message - * files are divided by year for performance increase */ + * files are divided by year for performance increase + */ function readcalendardata() { global $calendardata, $username, $data_dir, $year; @@ -37,11 +74,11 @@ function readcalendardata() { if ($fp){ while ($fdata = fgetcsv ($fp, 4096, '|')) { - $calendardata[$fdata[0]][$fdata[1]] = array( 'length' => $fdata[2], - 'priority' => $fdata[3], - 'title' => htmlspecialchars($fdata[4],ENT_NOQUOTES), - 'message' => htmlspecialchars($fdata[5],ENT_NOQUOTES), - 'reminder' => $fdata[6] ); + $calendardata[$fdata[0]][$fdata[1]] = array( 'length' => $fdata[2], + 'priority' => $fdata[3], + 'title' => str_replace("\n",' ',calendar_readmultiline($fdata[4])), + 'message' => calendar_readmultiline($fdata[5]), + 'reminder' => $fdata[6] ); } fclose ($fp); // this is to sort the events within a day on starttime @@ -55,7 +92,11 @@ function readcalendardata() { } } -//makes events persistant +/** + * Saves calendar data + * @return void + * @access private + */ function writecalendardata() { global $calendardata, $username, $data_dir, $year, $color; @@ -66,9 +107,16 @@ function writecalendardata() { while ( $calfoo = each ($calendardata)) { while ( $calbar = each ($calfoo['value'])) { $calfoobar = $calendardata[$calfoo['key']][$calbar['key']]; + array_walk($calfoobar,'calendar_encodedata'); + /** + * Make sure that reminder field is set. Calendar forms don't implement it, + * but it is still used for calendar data. Backwards compatibility. + */ + if (!isset($calfoobar['reminder'])) $calfoobar['reminder']=''; + $calstr = "$calfoo[key]|$calbar[key]|$calfoobar[length]|$calfoobar[priority]|$calfoobar[title]|$calfoobar[message]|$calfoobar[reminder]\n"; if(sq_fwrite($fp, $calstr, 4096) === FALSE) { - error_box(_("Could not write calendar file %s", "$username.$year.cal.tmp"), $color); + error_box(_("Could not write calendar file %s", "$username.$year.cal.tmp")); } } @@ -79,7 +127,11 @@ function writecalendardata() { } } -//deletes event from file +/** + * deletes event from file + * @return void + * @access private + */ function delete_event($date, $time) { global $calendardata, $username, $data_dir, $year; @@ -88,23 +140,27 @@ function delete_event($date, $time) { if ($fp){ while ($fdata = fgetcsv ($fp, 4096, "|")) { if (($fdata[0]==$date) && ($fdata[1]==$time)){ - // do nothing + // do nothing } else { - $calendardata[$fdata[0]][$fdata[1]] = array( 'length' => $fdata[2], + $calendardata[$fdata[0]][$fdata[1]] = array( 'length' => $fdata[2], 'priority' => $fdata[3], - 'title' => $fdata[4], - 'message' => $fdata[5], + 'title' => $fdata[4], + 'message' => $fdata[5], 'reminder' => $fdata[6] ); } } fclose ($fp); } writecalendardata(); - } -// same as delete but not saves calendar -// saving is done inside event_edit.php +/** + * same as delete but does not save calendar + * saving is done inside event_edit.php + * @return void + * @access private + * @todo code reuse + */ function update_event($date, $time) { global $calendardata, $username, $data_dir, $year; @@ -113,18 +169,15 @@ function update_event($date, $time) { if ($fp){ while ($fdata = fgetcsv ($fp, 4096, '|')) { if (($fdata[0]==$date) && ($fdata[1]==$time)){ - // do nothing + // do nothing } else { - $calendardata[$fdata[0]][$fdata[1]] = array( 'length' => $fdata[2], + $calendardata[$fdata[0]][$fdata[1]] = array( 'length' => $fdata[2], 'priority' => $fdata[3], - 'title' => $fdata[4], - 'message' => $fdata[5], + 'title' => $fdata[4], + 'message' => $fdata[5], 'reminder' => $fdata[6] ); } } fclose ($fp); } } - - -?> \ No newline at end of file