59177427 |
1 | <?php |
7350889b |
2 | |
35586184 |
3 | /** |
4 | * page_header.php |
5 | * |
35586184 |
6 | * Prints the page header (duh) |
7 | * |
c0d96801 |
8 | * @copyright 1999-2012 The SquirrelMail Project Team |
4b4abf93 |
9 | * @license http://opensource.org/licenses/gpl-license.php GNU Public License |
31841a9e |
10 | * @version $Id$ |
d6c32258 |
11 | * @package squirrelmail |
35586184 |
12 | */ |
13 | |
d6c32258 |
14 | /** Include required files from SM */ |
202bcbcc |
15 | include_once(SM_PATH . 'functions/imap_mailbox.php'); |
b68edc75 |
16 | |
d6c32258 |
17 | /** |
8b096f0a |
18 | * Output a SquirrelMail page header, from <!doctype> to </head> |
19 | * Always set up the language before calling these functions. |
20 | * |
81132de8 |
21 | * Since 1.5.1 function sends http headers. Function should be called |
22 | * before any output is started. |
8b096f0a |
23 | * @param string title the page title, default SquirrelMail. |
24 | * @param string xtra extra HTML to insert into the header |
25 | * @param bool do_hook whether to execute hooks, default true |
62b9c984 |
26 | * @param bool frames generate html frameset doctype (since 1.5.1) |
03478654 |
27 | * @param bool $browser_cache_ok When TRUE, it's OK to leave out the |
28 | * no-cache browser headers (OPTIONAL; |
29 | * default = FALSE, send no-cache headers) |
8b096f0a |
30 | * @return void |
d6c32258 |
31 | */ |
03478654 |
32 | function displayHtmlHeader( $title = 'SquirrelMail', $xtra = '', $do_hook = TRUE, $frames = FALSE, $browser_cache_ok=FALSE ) { |
b8292491 |
33 | global $squirrelmail_language, $sTemplateID, $oErrorHandler, $oTemplate; |
692155b7 |
34 | |
0365891c |
35 | if ( !sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION) ) { |
0b97a708 |
36 | global $base_uri; |
37 | } |
ab034e59 |
38 | global $custom_css, $pageheader_sent, $theme, $theme_default, $text_direction, |
acd7fdf2 |
39 | $default_fontset, $chosen_fontset, $default_fontsize, $chosen_fontsize, |
40 | $chosen_theme, $chosen_theme_path, $user_themes, $user_theme_default; |
81132de8 |
41 | |
03478654 |
42 | // add no cache headers here |
43 | // |
44 | if (!$browser_cache_ok) { |
b8292491 |
45 | //FIXME: should change all header() calls in SM core to use $oTemplate->header()!! |
03478654 |
46 | $oTemplate->header('Pragma: no-cache'); // http 1.0 (rfc1945) |
47 | $oTemplate->header('Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0'); // http 1.1 (rfc2616) |
48 | $oTemplate->header('Expires: Sat, 1 Jan 2000 00:00:00 GMT'); |
49 | //TODO: is this needed? $oTemplate->header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . 'GMT'); |
50 | } |
82d6de25 |
51 | /* prevent information leakage about read emails by forbidding Firefox |
52 | * to do preemptive DNS requests for any links in the message body. */ |
53 | $oTemplate->header('X-DNS-Prefetch-Control: off'); |
2c21ef20 |
54 | |
1f2f93e6 |
55 | // don't show version as a security measure |
56 | //$oTemplate->header('X-Powered-By: SquirrelMail/' . SM_VERSION, FALSE); |
57 | $oTemplate->header('X-Powered-By: SquirrelMail', FALSE); |
58 | |
ba6d2a96 |
59 | // prevent clickjack attempts |
60 | // FIXME: should we use DENY instead? We can also make this a configurable value, including giving the admin the option of removing this entirely in case they WANT to be framed by an external domain |
61 | $oTemplate->header('X-Frame-Options: SAMEORIGIN'); |
62 | |
63 | // prevent clickjack attempts using JavaScript for browsers that |
64 | // don't support the X-Frame-Options header... |
65 | // we check to see if we are *not* the top page, and if not, check |
66 | // whether or not the top page is in the same domain as we are... |
67 | // if not, log out immediately -- this is an attempt to do the same |
68 | // thing that the X-Frame-Options does using JavaScript (never a good |
69 | // idea to rely on JavaScript-based solutions, though) |
70 | //FIXME: is it a problem that we still force the clickjack protection code whether or not JavaScript is supported or desired by the user? |
71 | $header_tags = '<script type="text/javascript" language="JavaScript">' |
72 | . "\n<!--\n" |
73 | . 'if (self != top) { try { if (document.domain != top.document.domain) {' |
74 | . ' throw "Clickjacking security violation! Please log out immediately!"; /* this code should never execute - exception should already have been thrown since it\'s a security violation in this case to even try to access top.document.domain (but it\'s left here just to be extra safe) */ } } catch (e) { self.location = "' |
75 | . sqm_baseuri() . 'src/signout.php"; top.location = "' |
76 | . sqm_baseuri() . 'src/signout.php" } }' |
77 | . "\n// -->\n</script>\n"; |
78 | |
b8292491 |
79 | $oTemplate->assign('frames', $frames); |
80 | $oTemplate->assign('lang', $squirrelmail_language); |
81 | |
b116fd78 |
82 | $header_tags .= "<meta name=\"robots\" content=\"noindex,nofollow\" />\n"; |
2c21ef20 |
83 | |
d88941c7 |
84 | $used_fontset = (!empty($chosen_fontset) ? $chosen_fontset : $default_fontset); |
85 | $used_fontsize = (!empty($chosen_fontsize) ? $chosen_fontsize : $default_fontsize); |
8757c848 |
86 | $used_theme = !isset($chosen_theme) && $user_theme_default != 'none' && is_dir($chosen_theme) && is_readable($chosen_theme)? $user_themes[$user_theme_default]['PATH'].'/default.css' : $chosen_theme_path; |
acd7fdf2 |
87 | |
d6a6f46b |
88 | /** |
89 | * Stylesheets are loaded in the following order: |
90 | * 1) All stylesheets provided by the template. Normally, these are |
e2048f8e |
91 | * stylsheets in templates/<template>/css/. This is accomplished by calling |
d6a6f46b |
92 | * $oTemplate->fetch_standard_stylesheet_links(). |
93 | * 2) An optional user-defined stylesheet. This is set in the Display |
94 | * Preferences. |
95 | * 3) src/style.php which sets some basic font prefs. |
96 | * 4) If we are dealing with an RTL language, we load rtl.css from the |
97 | * template set. |
e2048f8e |
98 | */ |
99 | |
d6a6f46b |
100 | // 1. Stylesheets from the template. |
b8292491 |
101 | $header_tags .= $oTemplate->fetch_standard_stylesheet_links(); |
d6a6f46b |
102 | |
b8292491 |
103 | $aUserStyles = array(); |
e2048f8e |
104 | |
d6a6f46b |
105 | // 2. Option user-defined stylesheet from preferences. |
cd81f956 |
106 | if (!empty($used_theme) && $used_theme != 'none') { |
83fc5c5e |
107 | /** |
2d2acf5e |
108 | * All styles (except "none" - ugh) just point to a directory, |
109 | * so we need to include all .css files in that directory. |
83fc5c5e |
110 | */ |
2d2acf5e |
111 | //FIXME: rid ourselves of "none" strings! I didn't do it here because I think the problem is that the theme itself should never be "none" (? well, what else would it be? if "none" theme is actually OK, then is there a constant to use below in stead of a hard-coded string?) |
112 | $styles = $used_theme == 'none' ? array() |
113 | : list_files($used_theme, '.css'); |
8757c848 |
114 | foreach ($styles as $sheet) { |
115 | $aUserStyles[] = $used_theme .'/'.$sheet; |
f9376f0b |
116 | } |
deb25c8f |
117 | } |
d6a6f46b |
118 | |
119 | // 3. src/style.php |
120 | $aUserStyles[] = $base_uri .'src/style.php?' |
b8292491 |
121 | . (!empty($used_fontset) ? '&fontset='.$used_fontset : '') |
d6a6f46b |
122 | . (!empty($used_fontsize) ? '&fontsize='.$used_fontsize : ''); |
f9376f0b |
123 | |
124 | // 3.1. Load the stylesheets we have already |
b8292491 |
125 | $header_tags .= $oTemplate->fetch_external_stylesheet_links($aUserStyles); |
6182ab4d |
126 | |
d6a6f46b |
127 | // 4. Optional rtl.css stylesheet |
6182ab4d |
128 | if ($text_direction == 'rtl') { |
129 | $header_tags .= $oTemplate->fetch_right_to_left_stylesheet_link(); |
130 | } |
62f7daa5 |
131 | |
2ad37738 |
132 | // 5. Printer friendly stylesheet |
133 | $header_tags .= create_css_link($base_uri . 'css/print.css', 'printerfriendly', false, 'print'); |
134 | |
e842b215 |
135 | if ($squirrelmail_language == 'ja_JP') { |
683b7853 |
136 | /* |
cbd8c251 |
137 | * force correct detection of charset, when browser does not follow |
138 | * http content-type and tries to detect charset from page content. |
139 | * Shooting of browser's creator can't be implemented in php. |
140 | * We might get rid of it, if we follow http://www.w3.org/TR/japanese-xml/ |
141 | * recommendations and switch to unicode. |
142 | */ |
b8292491 |
143 | $header_tags .= "<!-- \xfd\xfe -->\n"; |
0d56053e |
144 | $header_tags .= '<meta http-equiv="Content-type" content="' . $oTemplate->get_content_type() . '; charset=euc-jp" />' . "\n"; |
e842b215 |
145 | } |
237470b4 |
146 | if ($do_hook) { |
ed1c151d |
147 | // NOTE! plugins here MUST assign output to template |
148 | // and NOT echo anything directly!! A common |
149 | // approach is if a plugin decides it needs to |
150 | // put something at page-top after the standard |
151 | // SM page header, to dynamically add itself to |
152 | // the page_header_bottom and/or compose_header_bottom |
153 | // hooks for the current page request. See |
154 | // the Sent Confirmation v1.7 or Restrict Senders v1.2 |
155 | // plugins for examples of this approach. |
ed1c151d |
156 | ob_start(); |
c0071a26 |
157 | $temp = array(&$header_tags); |
158 | do_hook('generic_header', $temp); |
ed1c151d |
159 | $output = ob_get_contents(); |
160 | ob_end_clean(); |
161 | // plugin authors can debug their errors with one of the following: |
162 | //sm_print_r($output); |
163 | //echo $output; |
164 | if (!empty($output)) trigger_error('A plugin on the "generic_header" hook has attempted to output directly to the browser', E_USER_ERROR); |
237470b4 |
165 | } |
62f7daa5 |
166 | |
b8292491 |
167 | $header_tags .= $xtra; |
168 | $oTemplate->assign('page_title', $title); |
5ca4b1ee |
169 | |
170 | /* work around IE6's scrollbar bug */ |
b8292491 |
171 | $header_tags .= <<<EOS |
292a9c32 |
172 | <!--[if IE 6]> |
5ca4b1ee |
173 | <style type="text/css"> |
5fe8257d |
174 | /* avoid stupid IE6 bug with frames and scrollbars */ |
175 | body { |
5fe8257d |
176 | width: expression(document.documentElement.clientWidth - 30); |
177 | } |
5ca4b1ee |
178 | </style> |
292a9c32 |
179 | <![endif]--> |
5ca4b1ee |
180 | |
b8292491 |
181 | EOS; |
5ca4b1ee |
182 | |
4bf6fc19 |
183 | $oTemplate->assign('header_tags', $header_tags); |
b8292491 |
184 | $oTemplate->display('protocol_header.tpl'); |
b6c283c4 |
185 | |
186 | /* this is used to check elsewhere whether we should call this function */ |
187 | $pageheader_sent = TRUE; |
81de00c0 |
188 | if (isset($oErrorHandler)) { |
e6c4caae |
189 | $oErrorHandler->HeaderSent(); |
81de00c0 |
190 | } |
b8292491 |
191 | |
a07cd1a4 |
192 | } |
193 | |
8b096f0a |
194 | /** |
195 | * Given a path to a SquirrelMail file, return a HTML link to it |
196 | * |
e740a582 |
197 | * @param string $path The SquirrelMail file to link to |
198 | * (should start with something like "src/..." or |
199 | * "functions/..." or "plugins/..." etc.) |
200 | * @param string $text The link text |
201 | * @param string $target The target frame for this link |
202 | * @param string $accesskey The access key to be used, if any |
8b096f0a |
203 | */ |
c12535f6 |
204 | function makeInternalLink($path, $text, $target='', $accesskey='NONE') { |
f7b996c3 |
205 | global $base_uri, $oTemplate; |
202bcbcc |
206 | // sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION); |
4910106a |
207 | |
e50f5ac2 |
208 | // This is an inefficient hook and is only used by |
4910106a |
209 | // one plugin that still needs to patch this code, |
e50f5ac2 |
210 | // plus if we are templat-izing SM, visual hooks |
211 | // are not needed. However, I am leaving the code |
212 | // here just in case we find a good (non-visual?) |
4910106a |
213 | // use for the internal_link hook. |
214 | // |
d849b570 |
215 | //do_hook('internal_link', $text); |
4910106a |
216 | |
e740a582 |
217 | return create_hyperlink($base_uri . $path, $text, $target, |
218 | '', '', '', '', |
c12535f6 |
219 | ($accesskey == 'NONE' |
220 | ? array() |
221 | : array('accesskey' => $accesskey))); |
d62c4938 |
222 | } |
223 | |
8b096f0a |
224 | /** |
225 | * Outputs a complete SquirrelMail page header, starting with <!doctype> and |
226 | * including the default menu bar. Uses displayHtmlHeader and takes |
227 | * JavaScript and locale settings into account. |
228 | * |
229 | * @param array color the array of theme colors |
230 | * @param string mailbox the current mailbox name to display |
91c27aee |
231 | * @param string sHeaderJs javascipt code to be inserted in a script block in the header |
ca14ebb7 |
232 | * @param string sOnload JavaScript code to be added inside the body's onload handler |
233 | * as of 1.5.2, this replaces $sBodyTagJs argument |
8b096f0a |
234 | * @return void |
235 | */ |
ca14ebb7 |
236 | function displayPageHeader($color, $mailbox='', $sHeaderJs='', $sOnload = '') { |
10bf80c0 |
237 | |
238 | global $reply_focus, $hide_sm_attributions, $frame_top, |
5fe8257d |
239 | $provider_name, $provider_uri, $startMessage, |
d8ca5ea3 |
240 | $action, $oTemplate, $org_title, $base_uri, |
241 | $data_dir, $username; |
10bf80c0 |
242 | |
ca14ebb7 |
243 | if (empty($sOnload)) { |
10bf80c0 |
244 | if (strpos($action, 'reply') !== FALSE && $reply_focus) { |
ca14ebb7 |
245 | if ($reply_focus == 'select') |
246 | $sOnload = 'checkForm(\'select\');'; |
247 | else if ($reply_focus == 'focus') |
248 | $sOnload = 'checkForm(\'focus\');'; |
249 | else if ($reply_focus != 'none') |
250 | $sOnload = 'checkForm();'; |
10bf80c0 |
251 | } |
252 | else |
ca14ebb7 |
253 | $sOnload = 'checkForm();'; |
10bf80c0 |
254 | } |
255 | |
5fe8257d |
256 | $startMessage = (int)$startMessage; |
257 | |
0365891c |
258 | sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION ); |
91c27aee |
259 | |
d03f3582 |
260 | if (!isset($frame_top)) { |
261 | $frame_top = '_top'; |
262 | } |
715225af |
263 | |
ca14ebb7 |
264 | //FIXME: does checkForJavascript() make the 2nd part of the if() below unneccessary?? (that is, I think checkForJavascript() might already look for new_js_autodetect_results...(?)) |
83aff890 |
265 | if( checkForJavascript() || strpos($sHeaderJs, 'new_js_autodetect_results.value') ) { |
b8292491 |
266 | $js_includes = $oTemplate->get_javascript_includes(TRUE); |
6373ad12 |
267 | $sJsBlock = ''; |
268 | foreach ($js_includes as $js_file) { |
269 | $sJsBlock .= '<script src="'.$js_file.'" type="text/javascript"></script>' ."\n"; |
270 | } |
91c27aee |
271 | if ($sHeaderJs) { |
2c92ea9d |
272 | $sJsBlock .= "\n<script type=\"text/javascript\">" . |
91c27aee |
273 | "\n<!--\n" . |
a3d59ec3 |
274 | $sHeaderJs . "\n\n// -->\n</script>\n"; |
d62c4938 |
275 | } |
e9e5a322 |
276 | displayHtmlHeader ($org_title, $sJsBlock); |
5fe8257d |
277 | } else { |
d62c4938 |
278 | /* do not use JavaScript */ |
e9e5a322 |
279 | displayHtmlHeader ($org_title); |
ca14ebb7 |
280 | $sOnload = ''; |
715225af |
281 | } |
d8ca5ea3 |
282 | if ($mailbox) { |
283 | /* |
284 | * this explains the imap_mailbox.php dependency. We should instead store |
285 | * the selected mailbox in the session and fallback to the session var. |
286 | */ |
3047e291 |
287 | $shortBoxName = sm_encode_html_special_chars(imap_utf7_decode_local( |
d8ca5ea3 |
288 | readShortMailboxName($mailbox, $delimiter))); |
289 | if (getPref($data_dir, $username, 'translate_special_folders')) { |
0038893a |
290 | global $sent_folder, $trash_folder, $draft_folder; |
291 | if ($mailbox == $sent_folder) |
292 | $shortBoxName = _("Sent"); |
293 | else if ($mailbox == $trash_folder) |
294 | $shortBoxName = _("Trash"); |
295 | else if ($mailbox == $sent_folder) |
296 | $shortBoxName = _("Drafts"); |
d8ca5ea3 |
297 | } |
298 | $urlMailbox = urlencode($mailbox); |
299 | } else { |
300 | $shortBoxName = ''; |
301 | $urlMailbox = ''; |
7da23762 |
302 | } |
0493ed11 |
303 | |
5810acfa |
304 | $provider_link = ''; |
305 | if (!empty($provider_uri) && !empty($provider_name) && $provider_name != 'SquirrelMail') { |
306 | $provider_link = create_hyperlink($provider_uri, $provider_name, '_blank'); |
99ea51d3 |
307 | } |
5fe8257d |
308 | |
ca14ebb7 |
309 | $oTemplate->assign('onload', $sOnload); |
5fe8257d |
310 | $oTemplate->assign('shortBoxName', $shortBoxName); |
4bf6fc19 |
311 | $oTemplate->assign('provider_link', $provider_link); |
5fe8257d |
312 | $oTemplate->assign('frame_top', $frame_top); |
313 | $oTemplate->assign('urlMailbox', $urlMailbox); |
314 | $oTemplate->assign('startMessage', $startMessage); |
315 | $oTemplate->assign('hide_sm_attributions', $hide_sm_attributions); |
fbffe024 |
316 | |
317 | // access keys |
318 | // |
319 | global $accesskey_menubar_compose, $accesskey_menubar_addresses, |
320 | $accesskey_menubar_folders, $accesskey_menubar_options, |
321 | $accesskey_menubar_search, $accesskey_menubar_help, |
322 | $accesskey_menubar_signout; |
323 | $oTemplate->assign('accesskey_menubar_compose', $accesskey_menubar_compose); |
324 | $oTemplate->assign('accesskey_menubar_addresses', $accesskey_menubar_addresses); |
325 | $oTemplate->assign('accesskey_menubar_folders', $accesskey_menubar_folders); |
326 | $oTemplate->assign('accesskey_menubar_options', $accesskey_menubar_options); |
327 | $oTemplate->assign('accesskey_menubar_search', $accesskey_menubar_search); |
328 | $oTemplate->assign('accesskey_menubar_help', $accesskey_menubar_help); |
329 | $oTemplate->assign('accesskey_menubar_signout', $accesskey_menubar_signout); |
330 | |
5fe8257d |
331 | $oTemplate->display('page_header.tpl'); |
c5634692 |
332 | |
333 | global $null; |
334 | do_hook('page_header_bottom', $null); |
a07cd1a4 |
335 | } |
2ba13803 |
336 | |
8b096f0a |
337 | /** |
338 | * Blatantly copied/truncated/modified from displayPageHeader. |
339 | * Outputs a page header specifically for the compose_in_new popup window |
340 | * |
341 | * @param array color the array of theme colors |
342 | * @param string mailbox the current mailbox name to display |
91c27aee |
343 | * @param string sHeaderJs javascipt code to be inserted in a script block in the header |
5bcce050 |
344 | * @param string sOnload JavaScript code to be added inside the body's onload handler |
345 | * as of 1.5.2, this replaces $sBodyTagJs argument |
8b096f0a |
346 | * @return void |
347 | */ |
5bcce050 |
348 | function compose_Header($color, $mailbox, $sHeaderJs='', $sOnload = '') { |
10bf80c0 |
349 | |
83aff890 |
350 | global $reply_focus, $action, $oTemplate; |
10bf80c0 |
351 | |
5bcce050 |
352 | if (empty($sOnload)) { |
10bf80c0 |
353 | if (strpos($action, 'reply') !== FALSE && $reply_focus) { |
5bcce050 |
354 | if ($reply_focus == 'select') |
355 | $sOnload = 'checkForm(\'select\');'; |
356 | else if ($reply_focus == 'focus') |
357 | $sOnload = 'checkForm(\'focus\');'; |
358 | else if ($reply_focus != 'none') |
359 | $sOnload = 'checkForm();'; |
10bf80c0 |
360 | } |
361 | else |
ca14ebb7 |
362 | $sOnload = 'checkForm();'; |
10bf80c0 |
363 | } |
364 | |
365 | |
9c3e6cd4 |
366 | /* |
d62c4938 |
367 | * Locate the first displayable form element (only when JavaScript on) |
368 | */ |
83aff890 |
369 | if(checkForJavascript()) { |
91c27aee |
370 | if ($sHeaderJs) { |
2c92ea9d |
371 | $sJsBlock = "\n<script type=\"text/javascript\">" . |
91c27aee |
372 | "\n<!--\n" . |
a3d59ec3 |
373 | $sHeaderJs . "\n\n// -->\n</script>\n"; |
91c27aee |
374 | } else { |
5fe8257d |
375 | $sJsBlock = ''; |
d62c4938 |
376 | } |
6373ad12 |
377 | $sJsBlock .= "\n"; |
378 | |
b8292491 |
379 | $js_includes = $oTemplate->get_javascript_includes(TRUE); |
6373ad12 |
380 | foreach ($js_includes as $js_file) { |
381 | $sJsBlock .= '<script src="'.$js_file.'" type="text/javascript"></script>' ."\n"; |
382 | } |
383 | |
91c27aee |
384 | displayHtmlHeader (_("Compose"), $sJsBlock); |
d62c4938 |
385 | } else { |
386 | /* javascript off */ |
387 | displayHtmlHeader(_("Compose")); |
ca14ebb7 |
388 | $sOnload = ''; |
9c3e6cd4 |
389 | } |
5bcce050 |
390 | |
391 | // FIXME: change the colorization attributes below to a CSS class! |
392 | $class = ''; |
393 | $aAttribs = array('text' => $color[8], 'bgcolor' => $color[4], |
394 | 'link' => $color[7], 'vlink' => $color[7], |
395 | 'alink' => $color[7]); |
ed1c151d |
396 | |
397 | // this is template-safe (see create_body() function) |
5bcce050 |
398 | echo create_body($sOnload, $class, $aAttribs); |
399 | |
6f4b6b68 |
400 | global $null; |
401 | do_hook('compose_header_bottom', $null); |
9c3e6cd4 |
402 | } |