From: tokul Date: Sat, 14 Jan 2006 14:21:21 +0000 (+0000) Subject: Plugin update: X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=1c7143ad75c08368ea25ec57b3242d762cee31ca;p=squirrelmail.git Plugin update: 1. use of sqGetGlobalVar instead of accessing $_POST and $_GET directly 2. event sanitizing update. Storage functions don't sanitize html. Event text is sanitized on display 3. fix possible data loss when vertical bar is used in event text 4. updates in README and phpdoc blocks git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@10537 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- diff --git a/plugins/calendar/README b/plugins/calendar/README index 942f7635..33123d3d 100644 --- a/plugins/calendar/README +++ b/plugins/calendar/README @@ -1,28 +1,25 @@ -SQCalendar $Id$ +SquirrelMail Calendar Plugin +$Id$ ********** DESCRIPTION ************ -Simple calendar plugin for Squirrel Mail (squirrelmail.org). As of now it has -month view and day view. Events can be created, deleted and updated. +Simple calendar plugin for Squirrel Mail. As of now it has month view and +day view. Events can be created, deleted and updated. ********** REQUIREMENTS ********** -It works with SquirrelMail 1.0.6 and 1.2.0-rc2 which are latest at the time -of writing - -********** INSTALLATION ********** - -SEE INSTALL +SquirrelMail 1.4.3 or later (1.5.0 version excluded) +Write access to data directory (plugin uses own data files) *************** TODO ************** -- single entry of repetitve events (ex. birthday repeats every year) +- single entry of recurring events (ex. birthday repeats every year) - reminder email/javascript/etc - weekly view ************ CREDITS ************** -This plugin has been originally created by Michal Szczotka, and is now -maintained by the SquirrelMail Project Team. +This plugin has been originally created by Michal Szczotka , +and is now maintained by the SquirrelMail Project Team. diff --git a/plugins/calendar/calendar.php b/plugins/calendar/calendar.php index 8cc4b25d..389503ae 100644 --- a/plugins/calendar/calendar.php +++ b/plugins/calendar/calendar.php @@ -1,57 +1,41 @@ - * * Displays the main calendar page (month view). * - * @copyright © 2002-2005 The SquirrelMail Project Team + * @copyright © 2002-2006 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package plugins * @subpackage calendar */ -/** -*/ +/** @ignore */ define('SM_PATH','../../'); -/* Calender plugin required files. */ -require_once(SM_PATH . 'plugins/calendar/calendar_data.php'); -require_once(SM_PATH . 'plugins/calendar/functions.php'); - /* SquirrelMail required files. */ -require_once(SM_PATH . 'include/validate.php'); -require_once(SM_PATH . 'functions/strings.php'); -require_once(SM_PATH . 'functions/date.php'); -require_once(SM_PATH . 'config/config.php'); -require_once(SM_PATH . 'functions/page_header.php'); -require_once(SM_PATH . 'include/load_prefs.php'); -require_once(SM_PATH . 'functions/html.php'); +include_once(SM_PATH . 'include/validate.php'); +/* load date_intl() */ +include_once(SM_PATH . 'functions/date.php'); -/* get globals */ - -// undo rg = on effects -if (isset($month)) unset($month); -if (isset($year)) unset($year); +/* Calendar plugin required files. */ +include_once(SM_PATH . 'plugins/calendar/calendar_data.php'); +include_once(SM_PATH . 'plugins/calendar/functions.php'); -if (isset($_GET['month']) && is_numeric($_GET['month'])) { - $month = $_GET['month']; -} -if (isset($_GET['year']) && is_numeric($_GET['year'])) { - $year = $_GET['year']; -} -if (isset($_POST['year']) && is_numeric($_POST['year'])) { - $year = $_POST['year']; +/* get globals */ +if (! sqgetGlobalVar('month',$month,SQ_FORM) || ! is_numeric($month)) { + unset($month); } -if (isset($_POST['month']) && is_numeric($_POST['month'])) { - $month = $_POST['month']; +if (! sqgetGlobalVar('year',$year,SQ_FORM) || ! is_numeric($year)) { + unset($year); } /* got 'em */ -//display upper part of month calendar view +/** + * display upper part of month calendar view + * @return void + * @access private + */ function startcalendar() { global $year, $month, $color; @@ -97,7 +81,11 @@ function startcalendar() { '', $color[0] ) ."\n"; } -//main logic for month view of calendar +/** + * main logic for month view of calendar + * @return void + * @access private + */ function drawmonthview() { global $year, $month, $color, $calendardata, $todayis; @@ -124,8 +112,13 @@ function drawmonthview() { $i=0; while ($calfoo = each($calendardata[$cdate])) { $calbar = $calendardata[$cdate][$calfoo['key']]; - $title = '['. $calfoo['key']. '] ' .$calbar['message']; - echo ($calbar['priority']==1) ? "$calbar[title]
\n" : "$calbar[title]
\n"; + // FIXME: how to display multiline task + $title = '['. $calfoo['key']. '] ' . + str_replace(array("\r","\n"),array(' ',' '),htmlspecialchars($calbar['message'])); + // FIXME: link to nowhere + echo "".htmlspecialchars($calbar['title'])."
\n"; $i=$i+1; if($i==2){ break; @@ -139,7 +132,12 @@ function drawmonthview() { } } -//end of monthly view and form to jump to any month and year +/** + * end of monthly view and form to jump to any month and year + * @return void + * @ + * @access private + */ function endcalendar() { global $year, $month, $day, $color; diff --git a/plugins/calendar/calendar_data.php b/plugins/calendar/calendar_data.php index 7128841d..3422f760 100644 --- a/plugins/calendar/calendar_data.php +++ b/plugins/calendar/calendar_data.php @@ -1,38 +1,42 @@ - * * functions to operate on calendar data files. * - * @copyright © 2002-2005 The SquirrelMail Project Team + * @copyright © 2002-2006 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package plugins * @subpackage calendar */ -/** this is array that contains all events - * it is three dimensional array with fallowing structure - * $calendardata[date][time] = array(length,priority,title,message); */ +/** + * this is array that contains all events + * it is three dimensional array with fallowing structure + * $calendardata[date][time] = array(length,priority,title,message,reminder); + */ $calendardata = array(); /** * Reads multilined calendar data * * Plugin stores multiline texts converted to single line with PHP nl2br(). - * Function undoes nl2br() conversion and sanitizes data with htmlspecialchars(). + * Function undoes nl2br() conversion and html encoding of ASCII vertical bar. + * + * Older plugin versions sanitized data with htmlspecialchars. Since 1.5.1 calendar + * data is not sanitized. Output functions must make sure that data is correctly + * encoded and sanitized. * @param string $string calendar string * @return string calendar string converted to multiline text + * @access private * @since 1.5.1 */ function calendar_readmultiline($string) { - // replace html line breaks with ASCII line feeds - $string = str_replace(array('
','
'),array("\n","\n"),$string); - // FIXME: don't sanitize data. Storage backend should not care about html data safety - $string = htmlspecialchars($string,ENT_NOQUOTES); + /** + * replace html line breaks with ASCII line feeds + * replace htmlencoded | with ASCII vertical bar + */ + $string = str_replace(array('
','
','|'),array("\n","\n",'|'),$string); return $string; } @@ -40,11 +44,16 @@ function calendar_readmultiline($string) { * Callback function used to sanitize calendar data before saving it to file * @param string $sValue array value * @param string $sKey array key + * @access private * @since 1.5.1 */ function calendar_encodedata(&$sValue, $sKey) { - // add html line breaks and remove original ASCII line feeds and carriage returns - $sValue = str_replace(array("\n","\r"),array('',''),nl2br($sValue)); + /** + * add html line breaks + * remove original ASCII line feeds and carriage returns + * replace ASCII vertical bar with html code in order to sanitize field delimiter + */ + $sValue = str_replace(array("\n","\r",'|'),array('','','|'),nl2br($sValue)); } /** @@ -53,7 +62,8 @@ function calendar_encodedata(&$sValue, $sKey) { * data is | delimited, just like addressbook * files are structured like this: * date|time|length|priority|title|message - * files are divided by year for performance increase */ + * files are divided by year for performance increase + */ function readcalendardata() { global $calendardata, $username, $data_dir, $year; @@ -64,11 +74,11 @@ function readcalendardata() { if ($fp){ while ($fdata = fgetcsv ($fp, 4096, '|')) { - $calendardata[$fdata[0]][$fdata[1]] = array( 'length' => $fdata[2], - 'priority' => $fdata[3], - 'title' => htmlspecialchars($fdata[4],ENT_NOQUOTES), - 'message' => calendar_readmultiline($fdata[5]), - 'reminder' => $fdata[6] ); + $calendardata[$fdata[0]][$fdata[1]] = array( 'length' => $fdata[2], + 'priority' => $fdata[3], + 'title' => $fdata[4], + 'message' => calendar_readmultiline($fdata[5]), + 'reminder' => $fdata[6] ); } fclose ($fp); // this is to sort the events within a day on starttime @@ -82,7 +92,11 @@ function readcalendardata() { } } -//makes events persistant +/** + * Saves calendar data + * @return void + * @access private + */ function writecalendardata() { global $calendardata, $username, $data_dir, $year, $color; @@ -94,9 +108,15 @@ function writecalendardata() { while ( $calbar = each ($calfoo['value'])) { $calfoobar = $calendardata[$calfoo['key']][$calbar['key']]; array_walk($calfoobar,'calendar_encodedata'); + /** + * Make sure that reminder field is set. Calendar forms don't implement it, + * but it is still used for calendar data. Backwards compatibility. + */ + if (!isset($calfoobar['reminder'])) $calfoobar['reminder']=''; + $calstr = "$calfoo[key]|$calbar[key]|$calfoobar[length]|$calfoobar[priority]|$calfoobar[title]|$calfoobar[message]|$calfoobar[reminder]\n"; if(sq_fwrite($fp, $calstr, 4096) === FALSE) { - error_box(_("Could not write calendar file %s", "$username.$year.cal.tmp"), $color); + error_box(_("Could not write calendar file %s", "$username.$year.cal.tmp"), $color); } } @@ -107,7 +127,11 @@ function writecalendardata() { } } -//deletes event from file +/** + * deletes event from file + * @return void + * @access private + */ function delete_event($date, $time) { global $calendardata, $username, $data_dir, $year; @@ -116,23 +140,27 @@ function delete_event($date, $time) { if ($fp){ while ($fdata = fgetcsv ($fp, 4096, "|")) { if (($fdata[0]==$date) && ($fdata[1]==$time)){ - // do nothing + // do nothing } else { - $calendardata[$fdata[0]][$fdata[1]] = array( 'length' => $fdata[2], + $calendardata[$fdata[0]][$fdata[1]] = array( 'length' => $fdata[2], 'priority' => $fdata[3], - 'title' => $fdata[4], - 'message' => $fdata[5], + 'title' => $fdata[4], + 'message' => $fdata[5], 'reminder' => $fdata[6] ); } } fclose ($fp); } writecalendardata(); - } -// same as delete but not saves calendar -// saving is done inside event_edit.php +/** + * same as delete but not saves calendar + * saving is done inside event_edit.php + * @return void + * @access private + * @todo code reuse + */ function update_event($date, $time) { global $calendardata, $username, $data_dir, $year; @@ -141,12 +169,12 @@ function update_event($date, $time) { if ($fp){ while ($fdata = fgetcsv ($fp, 4096, '|')) { if (($fdata[0]==$date) && ($fdata[1]==$time)){ - // do nothing + // do nothing } else { - $calendardata[$fdata[0]][$fdata[1]] = array( 'length' => $fdata[2], + $calendardata[$fdata[0]][$fdata[1]] = array( 'length' => $fdata[2], 'priority' => $fdata[3], - 'title' => $fdata[4], - 'message' => $fdata[5], + 'title' => $fdata[4], + 'message' => $fdata[5], 'reminder' => $fdata[6] ); } } diff --git a/plugins/calendar/day.php b/plugins/calendar/day.php index a1816c61..58cdcd1a 100644 --- a/plugins/calendar/day.php +++ b/plugins/calendar/day.php @@ -1,13 +1,9 @@ - * * Displays the day page (day view). * - * @copyright © 2002-2005 The SquirrelMail Project Team + * @copyright © 2002-2006 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package plugins @@ -17,48 +13,32 @@ /** @ignore */ define('SM_PATH','../../'); -/* Calender plugin required files. */ -require_once(SM_PATH . 'plugins/calendar/calendar_data.php'); -require_once(SM_PATH . 'plugins/calendar/functions.php'); - /* SquirrelMail required files. */ -require_once(SM_PATH . 'include/validate.php'); -require_once(SM_PATH . 'functions/strings.php'); -require_once(SM_PATH . 'functions/date.php'); -require_once(SM_PATH . 'config/config.php'); -require_once(SM_PATH . 'functions/page_header.php'); -require_once(SM_PATH . 'include/load_prefs.php'); -require_once(SM_PATH . 'functions/html.php'); - -/* get globals */ +include_once(SM_PATH . 'include/validate.php'); +/* date_intl() */ +include_once(SM_PATH . 'functions/date.php'); -// undo rg = on effects -if (isset($month)) unset($month); -if (isset($year)) unset($year); -if (isset($day)) unset($day); +/* Calendar plugin required files. */ +include_once(SM_PATH . 'plugins/calendar/calendar_data.php'); +include_once(SM_PATH . 'plugins/calendar/functions.php'); -if (isset($_GET['year']) && is_numeric($_GET['year'])) { - $year = $_GET['year']; -} -elseif (isset($_POST['year']) && is_numeric($_POST['year'])) { - $year = $_POST['year']; -} -if (isset($_GET['month']) && is_numeric($_GET['month'])) { - $month = $_GET['month']; -} -elseif (isset($_POST['month']) && is_numeric($_POST['month'])) { - $month = $_POST['month']; +/* get globals */ +if (! sqGetGlobalVar('year',$year,SQ_FORM) || ! is_numeric($year)) { + unset($year); } -if (isset($_GET['day']) && is_numeric($_GET['day'])) { - $day = $_GET['day']; +if (! sqGetGlobalVar('month',$month,SQ_FORM) || ! is_numeric($month)) { + unset($month); } -elseif (isset($_POST['day']) && is_numeric($_POST['day'])) { - $day = $_POST['day']; +if (! sqGetGlobalVar('day',$day,SQ_FORM) || ! is_numeric($day)) { + unset($day); } - /* got 'em */ -//displays head of day calendar view +/** + * displays head of day calendar view + * @return void + * @access private + */ function day_header() { global $color, $month, $day, $year, $prev_year, $prev_month, $prev_day, $prev_date, $next_month, $next_day, $next_year, $next_date; @@ -80,7 +60,11 @@ function day_header() { ); } -//events for specific day are inserted into "daily" array +/** + * events for specific day are inserted into "daily" array + * @return void + * @access private + */ function initialize_events() { global $daily_events, $calendardata, $month, $day, $year; @@ -102,7 +86,11 @@ function initialize_events() { } } -//main loop for displaying daily events +/** + * main loop for displaying daily events + * @return void + * @access private + */ function display_events() { global $daily_events, $month, $day, $year, $color; @@ -122,7 +110,8 @@ function display_events() { html_tag( 'td', $ehour . ':' . $eminute, 'left' ) . html_tag( 'td', ' ', 'left' ) . html_tag( 'td', - "". + "". _("ADD") . "" , 'center' ) , '', $color[$eo]); @@ -137,21 +126,25 @@ function display_events() { echo html_tag( 'tr', '', '', $color[$eo] ) . html_tag( 'td', $ehour . ':' . $eminute . $elength, 'left' ) . html_tag( 'td', '', 'left' ) . '['; - echo ($calbar['priority']==1) ? "$calbar[title]" : "$calbar[title]"; - echo']
'.nl2br($calbar['message']).'
' . + echo ($calbar['priority']==1) ? + "".htmlspecialchars($calbar['title']).'' : + htmlspecialchars($calbar['title']); + echo']
'.nl2br(htmlspecialchars($calbar['message'])).'
' . html_tag( 'td', "\n" . - "". + "". _("EDIT") . " | \n" . - "" . + "" . _("DEL") . '' . "\n" , 'center' ); + } } } - - -} +/* end of day functions */ if ($month <= 0){ $month = date( 'm'); diff --git a/plugins/calendar/event_create.php b/plugins/calendar/event_create.php index d74d2d56..c7583da9 100644 --- a/plugins/calendar/event_create.php +++ b/plugins/calendar/event_create.php @@ -1,97 +1,57 @@ - * * functions to create a event for calendar. * - * @copyright © 2002-2005 The SquirrelMail Project Team + * @copyright © 2002-2006 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package plugins * @subpackage calendar */ -/** - * @ignore - */ +/** @ignore */ define('SM_PATH','../../'); -/* Calender plugin required files. */ -require_once(SM_PATH . 'plugins/calendar/calendar_data.php'); -require_once(SM_PATH . 'plugins/calendar/functions.php'); - /* SquirrelMail required files. */ -require_once(SM_PATH . 'include/validate.php'); -require_once(SM_PATH . 'functions/strings.php'); -require_once(SM_PATH . 'functions/date.php'); -require_once(SM_PATH . 'config/config.php'); -require_once(SM_PATH . 'functions/page_header.php'); -require_once(SM_PATH . 'include/load_prefs.php'); -require_once(SM_PATH . 'functions/html.php'); - -/* get globals */ - -// undo rg = on effects -if (isset($month)) unset($month); -if (isset($year)) unset($year); -if (isset($day)) unset($day); -if (isset($hour)) unset($hour); -if (isset($minute)) unset($minute); -if (isset($event_hour)) unset($event_hour); -if (isset($event_minute)) unset($event_minute); -if (isset($event_length)) unset($event_length); -if (isset($event_priority)) unset($event_priority); +include_once(SM_PATH . 'include/validate.php'); +/* date_intl() */ +include_once(SM_PATH . 'functions/date.php'); +/* Calendar plugin required files. */ +include_once(SM_PATH . 'plugins/calendar/calendar_data.php'); +include_once(SM_PATH . 'plugins/calendar/functions.php'); -if (isset($_GET['year']) && is_numeric($_GET['year'])) { - $year = $_GET['year']; -} -elseif (isset($_POST['year']) && is_numeric($_POST['year'])) { - $year = $_POST['year']; -} -if (isset($_GET['month']) && is_numeric($_GET['month'])) { - $month = $_GET['month']; -} -elseif (isset($_POST['month']) && is_numeric($_POST['month'])) { - $month = $_POST['month']; -} -if (isset($_GET['day']) && is_numeric($_GET['day'])) { - $day = $_GET['day']; -} -elseif (isset($_POST['day']) && is_numeric($_POST['day'])) { - $day = $_POST['day']; -} - -if (isset($_POST['hour']) && is_numeric($_POST['hour'])) { - $hour = $_POST['hour']; -} -elseif (isset($_GET['hour']) && is_numeric($_GET['hour'])) { - $hour = $_GET['hour']; +/* get globals */ +if (! sqGetGlobalVar('year',$year,SQ_FORM) || ! is_numeric($year)) { + unset($year); } -if (isset($_POST['event_hour']) && is_numeric($_POST['event_hour'])) { - $event_hour = $_POST['event_hour']; +if (! sqGetGlobalVar('month',$month,SQ_FORM) || ! is_numeric($month)) { + unset($month); } -if (isset($_POST['event_minute']) && is_numeric($_POST['event_minute'])) { - $event_minute = $_POST['event_minute']; +if (! sqGetGlobalVar('day',$day,SQ_FORM) || ! is_numeric($day)) { + unset($day); } -if (isset($_POST['event_length']) && is_numeric($_POST['event_length'])) { - $event_length = $_POST['event_length']; +if (! sqGetGlobalVar('hour',$hour,SQ_FORM) || ! is_numeric($hour)) { + unset($hour); } -if (isset($_POST['event_priority']) && is_numeric($_POST['event_priority'])) { - $event_priority = $_POST['event_priority']; +if (! sqGetGlobalVar('event_hour',$event_hour,SQ_POST) || ! is_numeric($event_hour)) { + unset($event_hour); } -if (isset($_POST['event_title'])) { - $event_title = $_POST['event_title']; +if (! sqGetGlobalVar('event_minute',$event_minute,SQ_POST) || ! is_numeric($event_minute)) { + unset($event_minute); } -if (isset($_POST['event_text'])) { - $event_text = $_POST['event_text']; +if (! sqGetGlobalVar('event_length',$event_length,SQ_POST) || ! is_numeric($event_length)) { + unset($event_length); } -if (isset($_POST['send'])) { - $send = $_POST['send']; +if (! sqGetGlobalVar('event_priority',$event_priority,SQ_POST) || ! is_numeric($event_priority)) { + unset($event_priority); } + +sqGetGlobalVar('event_title',$event_title,SQ_POST); +sqGetGlobalVar('event_text',$event_text,SQ_POST); +sqGetGlobalVar('send',$send,SQ_POST); + /* got 'em */ //main form to gather event info @@ -178,15 +138,11 @@ if(!isset($event_text)){ show_event_form(); } else { readcalendardata(); - //make sure that event text is fittting in one line - $event_text=nl2br($event_text); - $event_text=ereg_replace ("\n", "", $event_text); - $event_text=ereg_replace ("\r", "", $event_text); $calendardata["$month$day$year"]["$event_hour$event_minute"] = - array( 'length' => $event_length, + array( 'length' => $event_length, 'priority' => $event_priority, - 'title' => $event_title, - 'message' => $event_text, + 'title' => $event_title, + 'message' => $event_text, 'reminder' => '' ); //save writecalendardata(); @@ -208,7 +164,7 @@ if(!isset($event_text)){ ) . html_tag( 'tr', html_tag( 'td', _("Message:"), 'right', $color[4] ) . "\n" . - html_tag( 'td', htmlspecialchars($event_text,ENT_NOQUOTES), 'left', $color[4] ) . "\n" + html_tag( 'td', nl2br(htmlspecialchars($event_text,ENT_NOQUOTES)), 'left', $color[4] ) . "\n" ) . html_tag( 'tr', html_tag( 'td', diff --git a/plugins/calendar/event_delete.php b/plugins/calendar/event_delete.php index 250ea2d5..ee31521e 100644 --- a/plugins/calendar/event_delete.php +++ b/plugins/calendar/event_delete.php @@ -1,92 +1,61 @@ - * * Functions to delete a event. * - * @copyright © 2002-2005 The SquirrelMail Project Team + * @copyright © 2002-2006 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package plugins * @subpackage calendar */ -/** - * @ignore - */ +/** @ignore */ define('SM_PATH','../../'); -/* Calender plugin required files. */ -require_once(SM_PATH . 'plugins/calendar/calendar_data.php'); -require_once(SM_PATH . 'plugins/calendar/functions.php'); - /* SquirrelMail required files. */ -require_once(SM_PATH . 'include/validate.php'); -require_once(SM_PATH . 'functions/strings.php'); -require_once(SM_PATH . 'functions/date.php'); -require_once(SM_PATH . 'config/config.php'); -require_once(SM_PATH . 'functions/page_header.php'); -require_once(SM_PATH . 'include/load_prefs.php'); -require_once(SM_PATH . 'functions/html.php'); +include_once(SM_PATH . 'include/validate.php'); +/* date_intl() */ +include_once(SM_PATH . 'functions/date.php'); + +/* Calendar plugin required files. */ +include_once(SM_PATH . 'plugins/calendar/calendar_data.php'); +include_once(SM_PATH . 'plugins/calendar/functions.php'); + /* get globals */ -if (isset($_GET['month']) && is_numeric($_GET['month'])) { - $month = $_GET['month']; -} -elseif (isset($_POST['month']) && is_numeric($_GET['month'])) { - $month = $_POST['month']; -} -if (isset($_GET['year']) && is_numeric($_GET['year'])) { - $year = $_GET['year']; -} -elseif (isset($_POST['year']) && is_numeric($_POST['year'])) { - $year = $_POST['year']; +if (! sqGetGlobalVar('month',$month,SQ_FORM) || ! is_numeric($month)) { + unset($month); } -if (isset($_GET['day']) && is_numeric($_GET['day'])) { - $day = $_GET['day']; +if (! sqGetGlobalVar('year',$year,SQ_FORM) || ! is_numeric($year)) { + unset($year); } -elseif (isset($_POST['day']) && is_numeric($_POST['day'])) { - $day = $_POST['day']; +if (! sqGetGlobalVar('day',$day,SQ_FORM) || ! is_numeric($day)) { + unset($day); } -if (isset($_GET['dyear']) && is_numeric($_GET['dyear'])) { - $dyear = $_GET['dyear']; +if (! sqGetGlobalVar('dyear',$dyear,SQ_FORM) || ! is_numeric($dyear)) { + unset($dyear); } -elseif (isset($_POST['dyear']) && is_numeric($_POST['dyear'])) { - $dyear = $_POST['dyear']; +if (! sqGetGlobalVar('dmonth',$dmonth,SQ_FORM) || ! is_numeric($dmonth)) { + unset($dmonth); } -if (isset($_GET['dmonth']) && is_numeric($_GET['dmonth'])) { - $dmonth = $_GET['dmonth']; +if (! sqGetGlobalVar('dday',$dday,SQ_FORM) || ! is_numeric($dday)) { + unset($dday); } -elseif (isset($_POST['dmonth']) && is_numeric($_POST['dmonth'])) { - $dmonth = $_POST['dmonth']; +if (! sqGetGlobalVar('dhour',$dhour,SQ_FORM) || ! is_numeric($dhour)) { + unset($dhour); } -if (isset($_GET['dday']) && is_numeric($_GET['dday'])) { - $dday = $_GET['dday']; -} -elseif (isset($_POST['dday']) && is_numeric($_POST['dday'])) { - $dday = $_POST['dday']; -} -if (isset($_GET['dhour']) && is_numeric($_GET['dhour'])) { - $dhour = $_GET['dhour']; -} -elseif (isset($_POST['dhour']) && is_numeric($_POST['dhour'])) { - $dhour = $_POST['dhour']; -} -if (isset($_GET['dminute']) && is_numeric($_GET['dminute'])) { - $dminute = $_GET['dminute']; -} -elseif (isset($_POST['dminute']) && is_numeric($_POST['dminute'])) { - $dminute = $_POST['dminute']; -} -if (isset($_POST['confirmed'])) { - $confirmed = $_POST['confirmed']; +if (! sqGetGlobalVar('dminute',$dminute,SQ_FORM) || ! is_numeric($dminute)) { + unset($dminute); } +sqGetGlobalVar('confirmed',$confirmed,SQ_POST); + /* got 'em */ -function confirm_deletion() -{ +/** + * Displays confirmation form when event is deleted + * @return void + */ +function confirm_deletion() { global $calself, $dyear, $dmonth, $dday, $dhour, $dminute, $calendardata, $color, $year, $month, $day; $tmparray = $calendardata["$dmonth$dday$dyear"]["$dhour$dminute"]; @@ -105,11 +74,11 @@ function confirm_deletion() ) . html_tag( 'tr', html_tag( 'td', _("Title:"), 'right', $color[4] ) . - html_tag( 'td', $tmparray['title'], 'left', $color[4] ) + html_tag( 'td', htmlspecialchars($tmparray['title']), 'left', $color[4] ) ) . html_tag( 'tr', html_tag( 'td', _("Message:"), 'right', $color[4] ) . - html_tag( 'td', $tmparray['message'], 'left', $color[4] ) + html_tag( 'td', nl2br(htmlspecialchars($tmparray['message'])), 'left', $color[4] ) ) . html_tag( 'tr', html_tag( 'td', diff --git a/plugins/calendar/event_edit.php b/plugins/calendar/event_edit.php index f2a7b4b6..21623584 100644 --- a/plugins/calendar/event_edit.php +++ b/plugins/calendar/event_edit.php @@ -1,13 +1,9 @@ - * * Functions to edit an event. * - * @copyright © 2002-2005 The SquirrelMail Project Team + * @copyright © 2002-2006 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package plugins @@ -17,114 +13,84 @@ /** @ignore */ define('SM_PATH','../../'); -/* Calender plugin required files. */ -require_once(SM_PATH . 'plugins/calendar/calendar_data.php'); -require_once(SM_PATH . 'plugins/calendar/functions.php'); - /* SquirrelMail required files. */ -require_once(SM_PATH . 'include/validate.php'); -require_once(SM_PATH . 'functions/strings.php'); -require_once(SM_PATH . 'functions/date.php'); -require_once(SM_PATH . 'config/config.php'); -require_once(SM_PATH . 'functions/page_header.php'); -require_once(SM_PATH . 'include/load_prefs.php'); -require_once(SM_PATH . 'functions/html.php'); +include_once(SM_PATH . 'include/validate.php'); +/* date_intl() */ +include_once(SM_PATH . 'functions/date.php'); +/* form functions */ +include_once(SM_PATH . 'functions/forms.php'); +/* Calendar plugin required files. */ +include_once(SM_PATH . 'plugins/calendar/calendar_data.php'); +include_once(SM_PATH . 'plugins/calendar/functions.php'); /* get globals */ -// undo rg = on effects -if (isset($month)) unset($month); -if (isset($year)) unset($year); -if (isset($day)) unset($day); -if (isset($hour)) unset($hour); -if (isset($minute)) unset($minute); -if (isset($event_year)) unset($event_year); -if (isset($event_month)) unset($event_month); -if (isset($event_day)) unset($event_day); -if (isset($event_hour)) unset($event_hour); -if (isset($event_minute)) unset($event_minute); -if (isset($event_length)) unset($event_length); -if (isset($event_priority)) unset($event_priority); - -if (isset($_POST['updated'])) { - $updated = $_POST['updated']; -} +sqGetGlobalVar('updated',$updated,SQ_POST); -if (isset($_POST['event_year']) && is_numeric($_POST['event_year'])) { - $event_year = $_POST['event_year']; -} -if (isset($_POST['event_month']) && is_numeric($_POST['event_month'])) { - $event_month = $_POST['event_month']; -} -if (isset($_POST['event_day']) && is_numeric($_POST['event_day'])) { - $event_day = $_POST['event_day']; -} -if (isset($_POST['event_hour']) && is_numeric($_POST['event_hour'])) { - $event_hour = $_POST['event_hour']; -} -if (isset($_POST['event_minute']) && is_numeric($_POST['event_minute'])) { - $event_minute = $_POST['event_minute']; -} -if (isset($_POST['event_length']) && is_numeric($_POST['event_length'])) { - $event_length = $_POST['event_length']; +/* get date values and make sure that they are numeric */ +if (! sqGetGlobalVar('event_year',$event_year,SQ_POST) || ! is_numeric($event_year)) { + unset($event_year); } -if (isset($_POST['event_title'])) { - $event_title = $_POST['event_title']; +if (! sqGetGlobalVar('event_month',$event_month,SQ_POST) || ! is_numeric($event_month)) { + unset($event_month); } -if (isset($_POST['event_text'])) { - $event_text = $_POST['event_text']; +if (! sqGetGlobalVar('event_day',$event_day,SQ_POST) || ! is_numeric($event_day)) { + unset($event_day); } -if (isset($_POST['send'])) { - $send = $_POST['send']; +if (! sqGetGlobalVar('event_hour',$event_hour,SQ_POST) || ! is_numeric($event_hour)) { + unset($event_hour); } -if (isset($_POST['event_priority']) && is_numeric($_POST['event_priority'])) { - $event_priority = $_POST['event_priority']; +if (! sqGetGlobalVar('event_minute',$event_minute,SQ_POST) || ! is_numeric($event_minute)) { + unset($event_minute); } -if (isset($_POST['confirmed'])) { - $confirmed = $_POST['confirmed']; +if (! sqGetGlobalVar('event_length',$event_length,SQ_POST) || ! is_numeric($event_length)) { + unset($event_length); } +sqGetGlobalVar('event_title',$event_title,SQ_POST); +sqGetGlobalVar('event_text',$event_text,SQ_POST); +sqGetGlobalVar('send',$send,SQ_POST); -if (isset($_POST['year']) && is_numeric($_POST['year'])) { - $year = $_POST['year']; -} elseif (isset($_GET['year']) && is_numeric($_GET['year'])) { - $year = $_GET['year']; +if (! sqGetGlobalVar('event_priority',$event_priority,SQ_POST) || ! is_numeric($event_priority)) { + unset($event_priority); } -if (isset($_POST['month']) && is_numeric($_POST['month'])) { - $month = $_POST['month']; -} elseif (isset($_GET['month']) && is_numeric($_GET['month'])) { - $month = $_GET['month']; + +sqGetGlobalVar('confirmed',$confirmed,SQ_POST); + +if (! sqGetGlobalVar('year',$year,SQ_FORM) || ! is_numeric($year)) { + unset($year); } -if (isset($_POST['day']) && is_numeric($_POST['day'])) { - $day = $_POST['day']; -} elseif (isset($_GET['day']) && is_numeric($_GET['day'])) { - $day = $_GET['day']; +if (! sqGetGlobalVar('month',$month,SQ_FORM) || ! is_numeric($month)) { + unset($month); } -if (isset($_POST['hour']) && is_numeric($_POST['hour'])) { - $hour = $_POST['hour']; -} elseif (isset($_GET['hour']) && is_numeric($_GET['hour'])) { - $hour = $_GET['hour']; +if (! sqGetGlobalVar('day',$day,SQ_FORM) || ! is_numeric($day)) { + unset($day); } -if (isset($_POST['minute']) && is_numeric($_POST['minute'])) { - $minute = $_POST['minute']; +if (! sqGetGlobalVar('hour',$hour,SQ_FORM) || ! is_numeric($hour)) { + unset($hour); } -elseif (isset($_GET['minute']) && is_numeric($_GET['minute'])) { - $minute = $_GET['minute']; +if (! sqGetGlobalVar('minute',$minute,SQ_FORM) || ! is_numeric($minute)) { + unset($minute); } /* got 'em */ -// update event info +/** + * update event info + * @return void + * @access private + */ function update_event_form() { global $color, $editor_size, $year, $day, $month, $hour, $minute, $calendardata; $tmparray = $calendardata["$month$day$year"]["$hour$minute"]; + $tab = ' '; echo "\n
\n". - " \n". - " \n". - " \n". - " \n". - " \n". - " \n". + $tab . addHidden('year',$year). + $tab . addHidden('month',$month). + $tab . addHidden('day',$day). + $tab . addHidden('hour',$hour). + $tab . addHidden('minute',$minute). + $tab . addHidden('updated','yes'). html_tag( 'tr' ) . html_tag( 'td', _("Date:"), 'right', $color[4] ) . "\n" . html_tag( 'td', '', 'left', $color[4] ) . @@ -167,25 +133,28 @@ function update_event_form() { " \n". html_tag( 'tr' ) . html_tag( 'td', _("Title:"), 'right', $color[4] ) . "\n" . - html_tag( 'td', '', 'left', $color[4] ) . - "
\n". - " \n". - html_tag( 'td', - " \n" , - 'left', $color[4], 'colspan="2"' ) . + html_tag( 'td', addInput('event_title',$tmparray['title'],30,50), 'left', $color[4]) . + "\n\n". + html_tag( 'tr' ) . + html_tag( 'td', addTextArea('event_text',$tmparray['message'],$editor_size,5), + 'left', $color[4], 'colspan="2"' ) . '' . html_tag( 'tr' ) . - html_tag( 'td', - '\n" , - 'left', $color[4], 'colspan="2"' ) . + html_tag( 'td', addSubmit(_("Update Event"),'send'), 'left', $color[4], 'colspan="2"' ) . "
\n"; } -// self explenatory +/** + * Confirms event update + * @return void + * @access private + */ function confirm_update() { - global $calself, $year, $month, $day, $hour, $minute, $calendardata, $color, $event_year, $event_month, $event_day, $event_hour, $event_minute, $event_length, $event_priority, $event_title, $event_text; + global $calself, $year, $month, $day, $hour, $minute, $calendardata, + $color, $event_year, $event_month, $event_day, $event_hour, + $event_minute, $event_length, $event_priority, $event_title, $event_text; $tmparray = $calendardata["$month$day$year"]["$hour$minute"]; + $tab = ' '; echo html_tag( 'table', html_tag( 'tr', @@ -205,11 +174,11 @@ function confirm_update() { ) . html_tag( 'tr', html_tag( 'td', _("Title:") , 'right', $color[4] ) ."\n" . - html_tag( 'td', $tmparray['title'] , 'left', $color[4] ) ."\n" + html_tag( 'td', htmlspecialchars($tmparray['title']) , 'left', $color[4] ) ."\n" ) . html_tag( 'tr', html_tag( 'td', _("Message:") , 'right', $color[4] ) ."\n" . - html_tag( 'td', $tmparray['message'] , 'left', $color[4] ) ."\n" + html_tag( 'td', nl2br(htmlspecialchars($tmparray['message'])) , 'left', $color[4] ) ."\n" ) . html_tag( 'tr', html_tag( 'th', _("to:") . "
\n", '', $color[4], 'colspan="2"' ) ."\n" @@ -229,41 +198,41 @@ function confirm_update() { ) . html_tag( 'tr', html_tag( 'td', _("Title:") , 'right', $color[4] ) ."\n" . - html_tag( 'td', $event_title , 'left', $color[4] ) ."\n" + html_tag( 'td', htmlspecialchars($event_title) , 'left', $color[4] ) ."\n" ) . html_tag( 'tr', html_tag( 'td', _("Message:") , 'right', $color[4] ) ."\n" . - html_tag( 'td', $event_text , 'left', $color[4] ) ."\n" + html_tag( 'td', nl2br(htmlspecialchars($event_text)) , 'left', $color[4] ) ."\n" ) . html_tag( 'tr', html_tag( 'td', - "
\n". - " \n". - " \n". - " \n". - " \n". - " \n". - " \n". - " \n". - " \n". - " \n". - " \n". - " \n". - " \n". - " \n". - " \n". - " \n". - " \n". - ' \n". - "
\n" , + "
\n". + $tab . addHidden('year',$year). + $tab . addHidden('month',$month). + $tab . addHidden('day',$day). + $tab . addHidden('hour',$hour). + $tab . addHidden('minute',$minute). + $tab . addHidden('event_year',$event_year). + $tab . addHidden('event_month',$event_month). + $tab . addHidden('event_day',$event_day). + $tab . addHidden('event_hour',$event_hour). + $tab . addHidden('event_minute',$event_minute). + $tab . addHidden('event_priority',$event_priority). + $tab . addHidden('event_length',$event_length). + $tab . addHidden('event_title',$event_title). + $tab . addHidden('event_text',$event_text). + $tab . addHidden('updated','yes'). + $tab . addHidden('confirmed','yes'). + $tab . addSubmit(_("Yes")). + "
\n" , 'right', $color[4] ) ."\n" . html_tag( 'td', - "
\n". - " \n". - " \n". - " \n". - ' \n". - "
\n" , + "
\n". + $tab . addHidden('year',$year). + $tab . addHidden('month',$month). + $tab . addHidden('day',$day). + $tab . addSubmit(_("No")). + "
\n" , 'left', $color[4] ) ."\n" ) , '', $color[0], 'border="0" cellpadding="2" cellspacing="1"' ); @@ -303,10 +272,6 @@ if (!isset($updated)){ if (!isset($confirmed)){ //confirm changes readcalendardata(); - // strip event text so it fits in one line - $event_text=nl2br($event_text); - $event_text=ereg_replace ("\n", '', $event_text); - $event_text=ereg_replace ("\r", '', $event_text); confirm_update(); } else { update_event("$month$day$year", "$hour$minute"); @@ -323,14 +288,20 @@ if (!isset($updated)){ $fixdate = date( 'mdY', mktime(0, 0, 0, $event_month, $event_day, $event_year)); //if event has been moved to different year then act accordingly if ($year==$event_year){ - $calendardata["$fixdate"]["$event_hour$event_minute"] = array("length"=>"$event_length","priority"=>"$event_priority","title"=>"$event_title","message"=>"$event_text"); + $calendardata["$fixdate"]["$event_hour$event_minute"] = array('length' => $event_length, + 'priority' => $event_priority, + 'title' => $event_title, + 'message' => $event_text); writecalendardata(); } else { writecalendardata(); $year=$event_year; $calendardata = array(); readcalendardata(); - $calendardata["$fixdate"]["$event_hour$event_minute"] = array("length"=>"$event_length","priority"=>"$event_priority","title"=>"$event_title","message"=>"$event_text"); + $calendardata["$fixdate"]["$event_hour$event_minute"] = array('length' => $event_length, + 'priority' => $event_priority, + 'title' => $event_title, + 'message' => $event_text); writecalendardata(); } } diff --git a/plugins/calendar/functions.php b/plugins/calendar/functions.php index 0dd8ee2e..dedeb8ee 100644 --- a/plugins/calendar/functions.php +++ b/plugins/calendar/functions.php @@ -1,13 +1,9 @@ - * - * miscelenous functions. - * - * @copyright © 2002-2005 The SquirrelMail Project Team + * @copyright © 2002-2006 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package plugins @@ -15,10 +11,10 @@ */ /** + * Adds second layer of calendar links to upper menu * @return void */ function calendar_header() { - //Add Second layer ofCalendar links to upper menu global $color,$year,$day,$month; echo html_tag( 'table', '', '', $color[0], 'border="0" width="100%" cellspacing="0" cellpadding="2"' ) . @@ -35,8 +31,14 @@ function calendar_header() { } +/** + * Generates html option tags with length values + * + * Hardcoded values from 0 minutes to 6 hours + * @param integer $selected selected option length + * @return void + */ function select_option_length($selected) { - $eventlength = array( '0' => _("0 min."), '15' => _("15 min."), @@ -54,39 +56,52 @@ function select_option_length($selected) { ); while( $bar = each($eventlength)) { - if($selected==$bar['key']){ - echo ' \n"; + if($bar['key']==$selected){ + echo ' \n"; } else { - echo ' \n"; + echo ' \n"; } } } +/** + * Generates html option tags with minute values + * + * Hardcoded values in 5 minute intervals + * @param integer $selected selected value + * @return void + */ function select_option_minute($selected) { $eventminute = array( - '00'=>'00', - '05'=>'05', - '10'=>'10', - '15'=>'15', - '20'=>'20', - '25'=>'25', - '30'=>'30', - '35'=>'35', - '40'=>'40', - '45'=>'45', - '50'=>'50', - '55'=>'55' + '00'=>'00', + '05'=>'05', + '10'=>'10', + '15'=>'15', + '20'=>'20', + '25'=>'25', + '30'=>'30', + '35'=>'35', + '40'=>'40', + '45'=>'45', + '50'=>'50', + '55'=>'55' ); while ( $bar = each($eventminute)) { - if ($selected==$bar['key']){ - echo ' \n"; + if ($bar['key']==$selected){ + echo ' \n"; } else { - echo ' \n"; + echo ' \n"; } } } +/** + * Generates html option tags with hour values + * @param integer $selected selected value + * @return void + * @todo 12/24 hour format + */ function select_option_hour($selected) { for ($i=0;$i<24;$i++){ @@ -99,6 +114,11 @@ function select_option_hour($selected) { } } +/** + * Generates html option tags with priority values + * @param integer $selected selected value + * @return void + */ function select_option_priority($selected) { $eventpriority = array( '0' => _("Normal"), @@ -106,14 +126,21 @@ function select_option_priority($selected) { ); while( $bar = each($eventpriority)) { - if($selected==$bar['key']){ - echo ' \n"; + if($bar['key']==$selected){ + echo ' \n"; } else { - echo ' \n"; + echo ' \n"; } } } +/** + * Generates html option tags with year values + * + * Hardcoded values from 1902 to 2037 + * @param integer $selected selected value + * @return void + */ function select_option_year($selected) { for ($i=1902;$i<2038;$i++){ @@ -125,6 +152,11 @@ function select_option_year($selected) { } } +/** + * Generates html option tags with month values + * @param integer $selected selected value + * @return void + */ function select_option_month($selected) { for ($i=1;$i<13;$i++){ @@ -138,6 +170,13 @@ function select_option_month($selected) { } } +/** + * Generates html option tags with day of month values + * + * Hardcoded values from 1 to 31 + * @param integer $selected selected value + * @return void + */ function select_option_day($selected) { for ($i=1;$i<32;$i++){ diff --git a/plugins/calendar/index.php b/plugins/calendar/index.php index 1c23964d..6f2fa021 100644 --- a/plugins/calendar/index.php +++ b/plugins/calendar/index.php @@ -7,7 +7,7 @@ * people to the login screen. At this point no attempt is made to see if the * person is logged in or not. * - * @copyright © 1999-2005 The SquirrelMail Project Team + * @copyright © 1999-2006 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package plugins diff --git a/plugins/calendar/setup.php b/plugins/calendar/setup.php index 0b2f041c..ec9ec128 100644 --- a/plugins/calendar/setup.php +++ b/plugins/calendar/setup.php @@ -1,13 +1,9 @@ - * - * Init plugin into SquirrelMail - * - * @copyright © 2002-2005 The SquirrelMail Project Team + * @copyright © 2002-2006 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package plugins @@ -23,8 +19,11 @@ function squirrelmail_plugin_init_calendar() { $squirrelmail_plugin_hooks['menuline']['calendar'] = 'calendar'; } +/** + * Adds Calendar link to upper menu + * @return void + */ function calendar() { - /* Add Calendar link to upper menu */ displayInternalLink('plugins/calendar/calendar.php',_("Calendar"),'right'); echo "  \n"; }