[squirrelmail.git] / functions / page_header.php

<?php

/**
 * page_header.php
 *
 * Prints the page header (duh)
 *
 * @copyright 1999-2022 The SquirrelMail Project Team
 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
 * @version $Id$
 * @package squirrelmail
 */

/** Include required files from SM */
include_once(SM_PATH . 'functions/imap_mailbox.php');

/**
 * Output a SquirrelMail page header, from <!doctype> to </head>
 * Always set up the language before calling these functions.
 *
 * Since 1.5.1 function sends http headers. Function should be called
 * before any output is started.
 * @param string title the page title, default SquirrelMail.
 * @param string xtra extra HTML to insert into the header
 * @param bool do_hook whether to execute hooks, default true
 * @param bool frames generate html frameset doctype (since 1.5.1)
 * @param bool $browser_cache_ok When TRUE, it's OK to leave out the
 *                               no-cache browser headers (OPTIONAL;
 *                               default = FALSE, send no-cache headers)
 * @return void
 */
function displayHtmlHeader( $title = 'SquirrelMail', $xtra = '', $do_hook = TRUE, $frames = FALSE, $browser_cache_ok=FALSE ) {
    global $squirrelmail_language, $sTemplateID, $oErrorHandler, $oTemplate;

    if ( !sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION) ) {
        global $base_uri;
    }
    global $custom_css, $pageheader_sent, $theme, $theme_default, $text_direction,
        $default_fontset, $chosen_fontset, $default_fontsize, $chosen_fontsize, 
        $chosen_theme, $chosen_theme_path, $user_themes, $user_theme_default,
        $head_tag_extra;

    // add no cache headers here
    //
    if (!$browser_cache_ok) {
//FIXME: should change all header() calls in SM core to use $oTemplate->header()!!
        $oTemplate->header('Pragma: no-cache'); // http 1.0 (rfc1945)
        $oTemplate->header('Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0'); // http 1.1 (rfc2616)
        $oTemplate->header('Expires: Sat, 1 Jan 2000 00:00:00 GMT');
//TODO: is this needed? $oTemplate->header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . 'GMT');
    }
    /* prevent information leakage about read emails by forbidding Firefox
     * to do preemptive DNS requests for any links in the message body. */
    $oTemplate->header('X-DNS-Prefetch-Control: off');

    // don't show version as a security measure
    //$oTemplate->header('X-Powered-By: SquirrelMail/' . SM_VERSION, FALSE);
    $oTemplate->header('X-Powered-By: SquirrelMail', FALSE);

    // prevent clickjack attempts
// FIXME: should we use DENY instead?  We can also make this a configurable value, including giving the admin the option of removing this entirely in case they WANT to be framed by an external domain
    $oTemplate->header('X-Frame-Options: SAMEORIGIN');

    // prevent clickjack attempts using JavaScript for browsers that
    // don't support the X-Frame-Options header...
    // we check to see if we are *not* the top page, and if not, check
    // whether or not the top page is in the same domain as we are...
    // if not, log out immediately -- this is an attempt to do the same
    // thing that the X-Frame-Options does using JavaScript (never a good
    // idea to rely on JavaScript-based solutions, though)
//FIXME: is it a problem that we still force the clickjack protection code whether or not JavaScript is supported or desired by the user?
    $header_tags = '<script type="text/javascript" language="JavaScript">'
       . "\n<!--\n"
       . 'if (self != top) { try { if (document.domain != top.document.domain) {'
       . ' throw "Clickjacking security violation! Please log out immediately!"; /* this code should never execute - exception should already have been thrown since it\'s a security violation in this case to even try to access top.document.domain (but it\'s left here just to be extra safe) */ } } catch (e) { self.location = "'
       . sqm_baseuri() . 'src/signout.php"; top.location = "'
       . sqm_baseuri() . 'src/signout.php" } }'
       . "\n// -->\n</script>\n";

    $oTemplate->assign('frames', $frames);
    $oTemplate->assign('lang', $squirrelmail_language);

    $header_tags .= "<meta name=\"robots\" content=\"noindex,nofollow\" />\n"

    // For adding a favicon or anything else that should be inserted in *ALL* <head> for *ALL* documents,
    // define $head_tag_extra in config/config_local.php
    // The string "###SM BASEURI###" will be replaced with the base URI for this SquirrelMail installation.
    // When not defined, a default is provided that displays the default favicon.ico.
    // If you override this and still want to use the default favicon.ico, you'll have to include the following
    // following in your $head_tag_extra string:
    // $head_tag_extra = '<link rel="shortcut icon" href="###SM BASEURI###favicon.ico" />...<YOUR CONTENT HERE>...';
    //
    . (empty($head_tag_extra) ? '<link rel="shortcut icon" href="' . sqm_baseuri() . 'favicon.ico" />'
    : str_replace('###SM BASEURI###', sqm_baseuri(), $head_tag_extra));

    $used_fontset = (!empty($chosen_fontset) ? $chosen_fontset : $default_fontset);
    $used_fontsize = (!empty($chosen_fontsize) ? $chosen_fontsize : $default_fontsize);
    if (!empty($chosen_theme) && is_dir($chosen_theme) && is_readable($chosen_theme))
        $used_theme = $chosen_theme_path;
    else if ($user_theme_default != 'none')
        $used_theme = $user_themes[$user_theme_default]['PATH'];
    else
        $used_theme = 'none';

    
    /**
     * Stylesheets are loaded in the following order:
     *    1) All stylesheets provided by the template.  Normally, these are
     *       stylsheets in templates/<template>/css/.  This is accomplished by calling
     *       $oTemplate->fetch_standard_stylesheet_links().
     *    2) An optional user-defined stylesheet.  This is set in the Display
     *       Preferences.
     *    3) src/style.php which sets some basic font prefs.
     *    4) If we are dealing with an RTL language, we load rtl.css from the
     *       template set.
     */

    // 1. Stylesheets from the template.
    $header_tags .= $oTemplate->fetch_standard_stylesheet_links();

    $aUserStyles = array();

    // 2. Option user-defined stylesheet from preferences.
    if ($used_theme != 'none') {
//FIXME: rid ourselves of "none" strings!  I didn't do it here because I think the problem is that the theme itself should never be "none" (? well, what else would it be?  if "none" theme is actually OK, then is there a constant to use below instead of a hard-coded string?)
        /**
         * All styles (except "none" - ugh) just point to a directory,
         * so we need to include all .css files in that directory.
         */
        $styles = list_files($used_theme, '.css');
        foreach ($styles as $sheet) { 
            $aUserStyles[] = $used_theme .'/'.$sheet;
        }
    }

    // 3. src/style.php
    $aUserStyles[] = $base_uri .'src/style.php?'
                   . (!empty($used_fontset) ? '&amp;fontset='.$used_fontset : '')
                   . (!empty($used_fontsize) ? '&amp;fontsize='.$used_fontsize : '');

    // 3.1.  Load the stylesheets we have already  
    $header_tags .= $oTemplate->fetch_external_stylesheet_links($aUserStyles);

    // 4. Optional rtl.css stylesheet
    if ($text_direction == 'rtl') {
        $header_tags .= $oTemplate->fetch_right_to_left_stylesheet_link();
    }

    // 5. Printer friendly stylesheet
    $header_tags .= create_css_link($base_uri . 'css/print.css', 'printerfriendly', false, 'print');

    if ($squirrelmail_language == 'ja_JP') {
        /*
         * force correct detection of charset, when browser does not follow
         * http content-type and tries to detect charset from page content.
         * Shooting of browser's creator can't be implemented in php.
         * We might get rid of it, if we follow http://www.w3.org/TR/japanese-xml/
         * recommendations and switch to unicode.
         */
        $header_tags .= "<!-- \xfd\xfe -->\n";
        $header_tags .= '<meta http-equiv="Content-type" content="' . $oTemplate->get_content_type() . '; charset=euc-jp" />' . "\n";
    }
    if ($do_hook) {
        // NOTE! plugins here MUST assign output to template 
        //       and NOT echo anything directly!!  A common
        //       approach is if a plugin decides it needs to
        //       put something at page-top after the standard
        //       SM page header, to dynamically add itself to
        //       the page_header_bottom and/or compose_header_bottom
        //       hooks for the current page request.  See 
        //       the Sent Confirmation v1.7 or Restrict Senders v1.2
        //       plugins for examples of this approach.
        ob_start();
        $temp = array(&$header_tags);
        do_hook('generic_header', $temp);
        $output = ob_get_contents();
        ob_end_clean();
        // plugin authors can debug their errors with one of the following:
        //sm_print_r($output);
        //echo $output;
        if (!empty($output)) trigger_error('A plugin on the "generic_header" hook has attempted to output directly to the browser', E_USER_ERROR);
    }

    // Add message subject to page title (should only have an effect when loaded in its own browser window/tab)
    // TODO: For search page, could add " - Search: $what" or something like that
    global $message;
    if (!empty($message) && !empty($message->rfc822_header) && !empty($message->rfc822_header->subject))
        // decodeHeader() should already encode the output, so no sm_encode_html_special_chars()
        $title .= ' - ' . decodeHeader($message->rfc822_header->subject);

    $header_tags .= $xtra;
    $oTemplate->assign('page_title', $title);

    /* work around IE6's scrollbar bug */
    $header_tags .= <<<EOS
<!--[if IE 6]>
<style type="text/css">
/* avoid stupid IE6 bug with frames and scrollbars */
body {
    width: expression(document.documentElement.clientWidth - 30);
}
</style>
<![endif]-->

EOS;

    $oTemplate->assign('header_tags', $header_tags);
    $oTemplate->display('protocol_header.tpl');

    /* this is used to check elsewhere whether we should call this function */
    $pageheader_sent = TRUE;
    if (isset($oErrorHandler)) {
        $oErrorHandler->HeaderSent();
    }

}

/**
 * Given a path to a SquirrelMail file, return a HTML link to it
 *
 * @param string $path      The SquirrelMail file to link to
 *                          (should start with something like "src/..." or
 *                          "functions/..." or "plugins/..." etc.)
 * @param string $text      The link text
 * @param string $target    The target frame for this link
 * @param string $accesskey The access key to be used, if any
 */
function makeInternalLink($path, $text, $target='', $accesskey='NONE') {
    global $base_uri, $oTemplate;
//    sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION);

    // This is an inefficient hook and is only used by
    // one plugin that still needs to patch this code,
    // plus if we are templat-izing SM, visual hooks
    // are not needed.  However, I am leaving the code
    // here just in case we find a good (non-visual?)
    // use for the internal_link hook.
    //
    //do_hook('internal_link', $text);

    return create_hyperlink($base_uri . $path, $text, $target,
                            '', '', '', '',
                            ($accesskey == 'NONE'
                            ? array()
                            : array('accesskey' => $accesskey)));
}

/**
 * Outputs a complete SquirrelMail page header, starting with <!doctype> and
 * including the default menu bar. Uses displayHtmlHeader and takes
 * JavaScript and locale settings into account.
 *
 * @param array color the array of theme colors
 * @param string mailbox the current mailbox name to display
 * @param string sHeaderJs javascipt code to be inserted in a script block in the header
 * @param string sOnload JavaScript code to be added inside the body's onload handler
 *                       as of 1.5.2, this replaces $sBodyTagJs argument
 * @return void
 */
function displayPageHeader($color, $mailbox='', $sHeaderJs='', $sOnload = '') {

    global $reply_focus, $hide_sm_attributions, $frame_top,
        $provider_name, $provider_uri, $startMessage,
        $action, $oTemplate, $org_title, $base_uri,
        $data_dir, $username;

    if (empty($sOnload)) {
        if (strpos($action, 'reply') !== FALSE && $reply_focus) {
            if ($reply_focus == 'select')
                $sOnload = 'checkForm(\'select\');';
            else if ($reply_focus == 'focus')
                $sOnload = 'checkForm(\'focus\');';
            else if ($reply_focus != 'none')
                $sOnload = 'checkForm();';
        }
        else
            $sOnload = 'checkForm();';
    }

    $startMessage = (int)$startMessage;

    sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION );

    if (!isset($frame_top)) {
        $frame_top = '_top';
    }

//FIXME: does checkForJavascript() make the 2nd part of the if() below unneccessary?? (that is, I think checkForJavascript() might already look for new_js_autodetect_results...(?))
    if( checkForJavascript() || strpos($sHeaderJs, 'new_js_autodetect_results.value') ) {
        $js_includes = $oTemplate->get_javascript_includes(TRUE);
        $sJsBlock = '';
        foreach ($js_includes as $js_file) {
            $sJsBlock .= '<script src="'.$js_file.'" type="text/javascript"></script>' ."\n";
        }
        if ($sHeaderJs) {
            $sJsBlock .= "\n<script type=\"text/javascript\">" .
                        "\n<!--\n" .
                        $sHeaderJs . "\n\n// -->\n</script>\n";
        }
        displayHtmlHeader ($org_title, $sJsBlock);
    } else {
        /* do not use JavaScript */
        displayHtmlHeader ($org_title);
        $sOnload = '';
    }
    if ($mailbox) {
        /*
        * this explains the imap_mailbox.php dependency. We should instead store
        * the selected mailbox in the session and fallback to the session var.
        */
        $shortBoxName = sm_encode_html_special_chars(imap_utf7_decode_local(
                    readShortMailboxName($mailbox, $delimiter)));
        if (getPref($data_dir, $username, 'translate_special_folders')) {
            global $sent_folder, $trash_folder, $draft_folder;
            if ($mailbox == $sent_folder)
                $shortBoxName = _("Sent");
            else if ($mailbox == $trash_folder)
                $shortBoxName = _("Trash");
            else if ($mailbox == $sent_folder)
                $shortBoxName = _("Drafts");
        }
        $urlMailbox = urlencode($mailbox);
    } else {
        $shortBoxName = '';
        $urlMailbox = '';
    }

    $provider_link = '';
    if (!empty($provider_uri) && !empty($provider_name) && $provider_name != 'SquirrelMail') {
        $provider_link = create_hyperlink($provider_uri, $provider_name, '_blank');
    }

    $oTemplate->assign('onload', $sOnload);
    $oTemplate->assign('shortBoxName', $shortBoxName);
    $oTemplate->assign('provider_link', $provider_link);
    $oTemplate->assign('frame_top', $frame_top);
    $oTemplate->assign('urlMailbox', $urlMailbox);
    $oTemplate->assign('startMessage', $startMessage);
    $oTemplate->assign('hide_sm_attributions', $hide_sm_attributions);

    // access keys
    //
    global $accesskey_menubar_compose, $accesskey_menubar_addresses,
           $accesskey_menubar_folders, $accesskey_menubar_options,
           $accesskey_menubar_search, $accesskey_menubar_help,
           $accesskey_menubar_signout;
    $oTemplate->assign('accesskey_menubar_compose', $accesskey_menubar_compose);
    $oTemplate->assign('accesskey_menubar_addresses', $accesskey_menubar_addresses);
    $oTemplate->assign('accesskey_menubar_folders', $accesskey_menubar_folders);
    $oTemplate->assign('accesskey_menubar_options', $accesskey_menubar_options);
    $oTemplate->assign('accesskey_menubar_search', $accesskey_menubar_search);
    $oTemplate->assign('accesskey_menubar_help', $accesskey_menubar_help);
    $oTemplate->assign('accesskey_menubar_signout', $accesskey_menubar_signout);

    $oTemplate->display('page_header.tpl');

    global $null;
    do_hook('page_header_bottom', $null);
}

/**
 * Blatantly copied/truncated/modified from displayPageHeader.
 * Outputs a page header specifically for the compose_in_new popup window
 *
 * @param array color the array of theme colors
 * @param string mailbox the current mailbox name to display
 * @param string sHeaderJs javascipt code to be inserted in a script block in the header
 * @param string sOnload JavaScript code to be added inside the body's onload handler
 *                       as of 1.5.2, this replaces $sBodyTagJs argument
 * @return void
 */
function compose_Header($color, $mailbox, $sHeaderJs='', $sOnload = '') {

    global $reply_focus, $action, $oTemplate;

    if (empty($sOnload)) {
        if (strpos($action, 'reply') !== FALSE && $reply_focus) {
            if ($reply_focus == 'select')
                $sOnload = 'checkForm(\'select\');';
            else if ($reply_focus == 'focus')
                $sOnload = 'checkForm(\'focus\');';
            else if ($reply_focus != 'none')
                $sOnload = 'checkForm();';
        }
        else
            $sOnload = 'checkForm();';
    }


    /*
     * Locate the first displayable form element (only when JavaScript on)
     */
    if(checkForJavascript()) {
        if ($sHeaderJs) {
            $sJsBlock = "\n<script type=\"text/javascript\">" .
                        "\n<!--\n" .
                        $sHeaderJs . "\n\n// -->\n</script>\n";
        } else {
        $sJsBlock = '';
        }
        $sJsBlock .= "\n";

        $js_includes = $oTemplate->get_javascript_includes(TRUE);
        foreach ($js_includes as $js_file) {
            $sJsBlock .= '<script src="'.$js_file.'" type="text/javascript"></script>' ."\n";
        }

        displayHtmlHeader (_("Compose"), $sJsBlock);
    } else {
        /* javascript off */
        displayHtmlHeader(_("Compose"));
        $sOnload = '';
    }

// FIXME: change the colorization attributes below to a CSS class!
    $class = '';
    $aAttribs = array('text' => $color[8], 'bgcolor' => $color[4],
                      'link' => $color[7], 'vlink' => $color[7],
                      'alink' => $color[7]);

    // this is template-safe (see create_body() function)
    echo create_body($sOnload, $class, $aAttribs);

    global $null;
    do_hook('compose_header_bottom', $null);
}
Commit	Line	Data
59177427	1	<?php
7350889b	2
35586184	3	/**
	4	* page_header.php
	5	*
35586184	6	* Prints the page header (duh)
35586184	7	*
77a1e3d1	8	* @copyright 1999-2022 The SquirrelMail Project Team
4b4abf93	9	* @license http://opensource.org/licenses/gpl-license.php GNU Public License
31841a9e	10	* @version $Id$
d6c32258	11	* @package squirrelmail
35586184	12	*/
35586184	13
d6c32258	14	/** Include required files from SM */
202bcbcc	15	include_once(SM_PATH . 'functions/imap_mailbox.php');
b68edc75	16
d6c32258	17	/**
8b096f0a	18	* Output a SquirrelMail page header, from <!doctype> to </head>
	19	* Always set up the language before calling these functions.
	20	*
81132de8	21	* Since 1.5.1 function sends http headers. Function should be called
81132de8	22	* before any output is started.
8b096f0a	23	* @param string title the page title, default SquirrelMail.
	24	* @param string xtra extra HTML to insert into the header
	25	* @param bool do_hook whether to execute hooks, default true
62b9c984	26	* @param bool frames generate html frameset doctype (since 1.5.1)
03478654	27	* @param bool $browser_cache_ok When TRUE, it's OK to leave out the
	28	* no-cache browser headers (OPTIONAL;
	29	* default = FALSE, send no-cache headers)
8b096f0a	30	* @return void
d6c32258	31	*/
03478654	32	function displayHtmlHeader( $title = 'SquirrelMail', $xtra = '', $do_hook = TRUE, $frames = FALSE, $browser_cache_ok=FALSE ) {
b8292491	33	global $squirrelmail_language, $sTemplateID, $oErrorHandler, $oTemplate;
692155b7	34
0365891c	35	if ( !sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION) ) {
0b97a708	36	global $base_uri;
0b97a708	37	}
ab034e59	38	global $custom_css, $pageheader_sent, $theme, $theme_default, $text_direction,
acd7fdf2	39	$default_fontset, $chosen_fontset, $default_fontsize, $chosen_fontsize,
c552d9d2	40	$chosen_theme, $chosen_theme_path, $user_themes, $user_theme_default,
c552d9d2	41	$head_tag_extra;
81132de8	42
03478654	43	// add no cache headers here
	44	//
	45	if (!$browser_cache_ok) {
b8292491	46	//FIXME: should change all header() calls in SM core to use $oTemplate->header()!!
03478654	47	$oTemplate->header('Pragma: no-cache'); // http 1.0 (rfc1945)
	48	$oTemplate->header('Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0'); // http 1.1 (rfc2616)
	49	$oTemplate->header('Expires: Sat, 1 Jan 2000 00:00:00 GMT');
	50	//TODO: is this needed? $oTemplate->header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . 'GMT');
	51	}
82d6de25	52	/* prevent information leakage about read emails by forbidding Firefox
	53	* to do preemptive DNS requests for any links in the message body. */
	54	$oTemplate->header('X-DNS-Prefetch-Control: off');
2c21ef20	55
1f2f93e6	56	// don't show version as a security measure
	57	//$oTemplate->header('X-Powered-By: SquirrelMail/' . SM_VERSION, FALSE);
	58	$oTemplate->header('X-Powered-By: SquirrelMail', FALSE);
	59
ba6d2a96	60	// prevent clickjack attempts
	61	// FIXME: should we use DENY instead? We can also make this a configurable value, including giving the admin the option of removing this entirely in case they WANT to be framed by an external domain
	62	$oTemplate->header('X-Frame-Options: SAMEORIGIN');
	63
	64	// prevent clickjack attempts using JavaScript for browsers that
	65	// don't support the X-Frame-Options header...
	66	// we check to see if we are not the top page, and if not, check
	67	// whether or not the top page is in the same domain as we are...
	68	// if not, log out immediately -- this is an attempt to do the same
	69	// thing that the X-Frame-Options does using JavaScript (never a good
	70	// idea to rely on JavaScript-based solutions, though)
	71	//FIXME: is it a problem that we still force the clickjack protection code whether or not JavaScript is supported or desired by the user?
	72	$header_tags = '<script type="text/javascript" language="JavaScript">'
	73	. "\n<!--\n"
	74	. 'if (self != top) { try { if (document.domain != top.document.domain) {'
	75	. ' throw "Clickjacking security violation! Please log out immediately!"; /* this code should never execute - exception should already have been thrown since it\'s a security violation in this case to even try to access top.document.domain (but it\'s left here just to be extra safe) */ } } catch (e) { self.location = "'
	76	. sqm_baseuri() . 'src/signout.php"; top.location = "'
	77	. sqm_baseuri() . 'src/signout.php" } }'
	78	. "\n// -->\n</script>\n";
	79
b8292491	80	$oTemplate->assign('frames', $frames);
	81	$oTemplate->assign('lang', $squirrelmail_language);
	82
c552d9d2	83	$header_tags .= "<meta name=\"robots\" content=\"noindex,nofollow\" />\n"
	84
	85	// For adding a favicon or anything else that should be inserted in ALL <head> for ALL documents,
	86	// define $head_tag_extra in config/config_local.php
	87	// The string "###SM BASEURI###" will be replaced with the base URI for this SquirrelMail installation.
	88	// When not defined, a default is provided that displays the default favicon.ico.
	89	// If you override this and still want to use the default favicon.ico, you'll have to include the following
	90	// following in your $head_tag_extra string:
d7d9e676	91	// $head_tag_extra = '<link rel="shortcut icon" href="###SM BASEURI###favicon.ico" />...<YOUR CONTENT HERE>...';
c552d9d2	92	//
d7d9e676	93	. (empty($head_tag_extra) ? '<link rel="shortcut icon" href="' . sqm_baseuri() . 'favicon.ico" />'
c552d9d2	94	: str_replace('###SM BASEURI###', sqm_baseuri(), $head_tag_extra));
2c21ef20	95
d88941c7	96	$used_fontset = (!empty($chosen_fontset) ? $chosen_fontset : $default_fontset);
d88941c7	97	$used_fontsize = (!empty($chosen_fontsize) ? $chosen_fontsize : $default_fontsize);
b0f92bfe	98	if (!empty($chosen_theme) && is_dir($chosen_theme) && is_readable($chosen_theme))
	99	$used_theme = $chosen_theme_path;
	100	else if ($user_theme_default != 'none')
	101	$used_theme = $user_themes[$user_theme_default]['PATH'];
	102	else
	103	$used_theme = 'none';
	104
acd7fdf2	105
d6a6f46b	106	/**
	107	* Stylesheets are loaded in the following order:
	108	* 1) All stylesheets provided by the template. Normally, these are
e2048f8e	109	* stylsheets in templates/<template>/css/. This is accomplished by calling
d6a6f46b	110	* $oTemplate->fetch_standard_stylesheet_links().
	111	* 2) An optional user-defined stylesheet. This is set in the Display
	112	* Preferences.
	113	* 3) src/style.php which sets some basic font prefs.
	114	* 4) If we are dealing with an RTL language, we load rtl.css from the
	115	* template set.
e2048f8e	116	*/
e2048f8e	117
d6a6f46b	118	// 1. Stylesheets from the template.
b8292491	119	$header_tags .= $oTemplate->fetch_standard_stylesheet_links();
d6a6f46b	120
b8292491	121	$aUserStyles = array();
e2048f8e	122
d6a6f46b	123	// 2. Option user-defined stylesheet from preferences.
b0f92bfe	124	if ($used_theme != 'none') {
b0f92bfe	125	//FIXME: rid ourselves of "none" strings! I didn't do it here because I think the problem is that the theme itself should never be "none" (? well, what else would it be? if "none" theme is actually OK, then is there a constant to use below instead of a hard-coded string?)
83fc5c5e	126	/**
2d2acf5e	127	* All styles (except "none" - ugh) just point to a directory,
2d2acf5e	128	* so we need to include all .css files in that directory.
83fc5c5e	129	*/
b0f92bfe	130	$styles = list_files($used_theme, '.css');
8757c848	131	foreach ($styles as $sheet) {
8757c848	132	$aUserStyles[] = $used_theme .'/'.$sheet;
f9376f0b	133	}
deb25c8f	134	}
d6a6f46b	135
	136	// 3. src/style.php
	137	$aUserStyles[] = $base_uri .'src/style.php?'
b8292491	138	. (!empty($used_fontset) ? '&fontset='.$used_fontset : '')
d6a6f46b	139	. (!empty($used_fontsize) ? '&fontsize='.$used_fontsize : '');
f9376f0b	140
f9376f0b	141	// 3.1. Load the stylesheets we have already
b8292491	142	$header_tags .= $oTemplate->fetch_external_stylesheet_links($aUserStyles);
6182ab4d	143
d6a6f46b	144	// 4. Optional rtl.css stylesheet
6182ab4d	145	if ($text_direction == 'rtl') {
	146	$header_tags .= $oTemplate->fetch_right_to_left_stylesheet_link();
	147	}
62f7daa5	148
2ad37738	149	// 5. Printer friendly stylesheet
	150	$header_tags .= create_css_link($base_uri . 'css/print.css', 'printerfriendly', false, 'print');
	151
e842b215	152	if ($squirrelmail_language == 'ja_JP') {
683b7853	153	/*
cbd8c251	154	* force correct detection of charset, when browser does not follow
	155	* http content-type and tries to detect charset from page content.
	156	* Shooting of browser's creator can't be implemented in php.
	157	* We might get rid of it, if we follow http://www.w3.org/TR/japanese-xml/
	158	* recommendations and switch to unicode.
	159	*/
b8292491	160	$header_tags .= "<!-- \xfd\xfe -->\n";
0d56053e	161	$header_tags .= '<meta http-equiv="Content-type" content="' . $oTemplate->get_content_type() . '; charset=euc-jp" />' . "\n";
e842b215	162	}
237470b4	163	if ($do_hook) {
ed1c151d	164	// NOTE! plugins here MUST assign output to template
	165	// and NOT echo anything directly!! A common
	166	// approach is if a plugin decides it needs to
	167	// put something at page-top after the standard
	168	// SM page header, to dynamically add itself to
	169	// the page_header_bottom and/or compose_header_bottom
	170	// hooks for the current page request. See
	171	// the Sent Confirmation v1.7 or Restrict Senders v1.2
	172	// plugins for examples of this approach.
ed1c151d	173	ob_start();
c0071a26	174	$temp = array(&$header_tags);
c0071a26	175	do_hook('generic_header', $temp);
ed1c151d	176	$output = ob_get_contents();
	177	ob_end_clean();
	178	// plugin authors can debug their errors with one of the following:
	179	//sm_print_r($output);
	180	//echo $output;
	181	if (!empty($output)) trigger_error('A plugin on the "generic_header" hook has attempted to output directly to the browser', E_USER_ERROR);
237470b4	182	}
62f7daa5	183
660a647f	184	// Add message subject to page title (should only have an effect when loaded in its own browser window/tab)
	185	// TODO: For search page, could add " - Search: $what" or something like that
	186	global $message;
	187	if (!empty($message) && !empty($message->rfc822_header) && !empty($message->rfc822_header->subject))
	188	// decodeHeader() should already encode the output, so no sm_encode_html_special_chars()
	189	$title .= ' - ' . decodeHeader($message->rfc822_header->subject);
	190
b8292491	191	$header_tags .= $xtra;
b8292491	192	$oTemplate->assign('page_title', $title);
5ca4b1ee	193
5ca4b1ee	194	/* work around IE6's scrollbar bug */
b8292491	195	$header_tags .= <<<EOS
292a9c32	196	<!--[if IE 6]>
5ca4b1ee	197	<style type="text/css">
5fe8257d	198	/* avoid stupid IE6 bug with frames and scrollbars */
5fe8257d	199	body {
5fe8257d	200	width: expression(document.documentElement.clientWidth - 30);
5fe8257d	201	}
5ca4b1ee	202	</style>
292a9c32	203	<![endif]-->
5ca4b1ee	204
b8292491	205	EOS;
5ca4b1ee	206
4bf6fc19	207	$oTemplate->assign('header_tags', $header_tags);
b8292491	208	$oTemplate->display('protocol_header.tpl');
b6c283c4	209
	210	/* this is used to check elsewhere whether we should call this function */
	211	$pageheader_sent = TRUE;
81de00c0	212	if (isset($oErrorHandler)) {
e6c4caae	213	$oErrorHandler->HeaderSent();
81de00c0	214	}
b8292491	215
a07cd1a4	216	}
a07cd1a4	217
8b096f0a	218	/**
	219	* Given a path to a SquirrelMail file, return a HTML link to it
	220	*
e740a582	221	* @param string $path The SquirrelMail file to link to
	222	* (should start with something like "src/..." or
	223	* "functions/..." or "plugins/..." etc.)
	224	* @param string $text The link text
	225	* @param string $target The target frame for this link
	226	* @param string $accesskey The access key to be used, if any
8b096f0a	227	*/
c12535f6	228	function makeInternalLink($path, $text, $target='', $accesskey='NONE') {
f7b996c3	229	global $base_uri, $oTemplate;
202bcbcc	230	// sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION);
4910106a	231
e50f5ac2	232	// This is an inefficient hook and is only used by
4910106a	233	// one plugin that still needs to patch this code,
e50f5ac2	234	// plus if we are templat-izing SM, visual hooks
	235	// are not needed. However, I am leaving the code
	236	// here just in case we find a good (non-visual?)
4910106a	237	// use for the internal_link hook.
4910106a	238	//
d849b570	239	//do_hook('internal_link', $text);
4910106a	240
e740a582	241	return create_hyperlink($base_uri . $path, $text, $target,
e740a582	242	'', '', '', '',
c12535f6	243	($accesskey == 'NONE'
	244	? array()
	245	: array('accesskey' => $accesskey)));
d62c4938	246	}
d62c4938	247
8b096f0a	248	/**
	249	* Outputs a complete SquirrelMail page header, starting with <!doctype> and
	250	* including the default menu bar. Uses displayHtmlHeader and takes
	251	* JavaScript and locale settings into account.
	252	*
	253	* @param array color the array of theme colors
	254	* @param string mailbox the current mailbox name to display
91c27aee	255	* @param string sHeaderJs javascipt code to be inserted in a script block in the header
ca14ebb7	256	* @param string sOnload JavaScript code to be added inside the body's onload handler
ca14ebb7	257	* as of 1.5.2, this replaces $sBodyTagJs argument
8b096f0a	258	* @return void
8b096f0a	259	*/
ca14ebb7	260	function displayPageHeader($color, $mailbox='', $sHeaderJs='', $sOnload = '') {
10bf80c0	261
10bf80c0	262	global $reply_focus, $hide_sm_attributions, $frame_top,
5fe8257d	263	$provider_name, $provider_uri, $startMessage,
d8ca5ea3	264	$action, $oTemplate, $org_title, $base_uri,
d8ca5ea3	265	$data_dir, $username;
10bf80c0	266
ca14ebb7	267	if (empty($sOnload)) {
10bf80c0	268	if (strpos($action, 'reply') !== FALSE && $reply_focus) {
ca14ebb7	269	if ($reply_focus == 'select')
	270	$sOnload = 'checkForm(\'select\');';
	271	else if ($reply_focus == 'focus')
	272	$sOnload = 'checkForm(\'focus\');';
	273	else if ($reply_focus != 'none')
	274	$sOnload = 'checkForm();';
10bf80c0	275	}
10bf80c0	276	else
ca14ebb7	277	$sOnload = 'checkForm();';
10bf80c0	278	}
10bf80c0	279
5fe8257d	280	$startMessage = (int)$startMessage;
5fe8257d	281
0365891c	282	sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION );
91c27aee	283
d03f3582	284	if (!isset($frame_top)) {
	285	$frame_top = '_top';
	286	}
715225af	287
ca14ebb7	288	//FIXME: does checkForJavascript() make the 2nd part of the if() below unneccessary?? (that is, I think checkForJavascript() might already look for new_js_autodetect_results...(?))
83aff890	289	if( checkForJavascript() \|\| strpos($sHeaderJs, 'new_js_autodetect_results.value') ) {
b8292491	290	$js_includes = $oTemplate->get_javascript_includes(TRUE);
6373ad12	291	$sJsBlock = '';
	292	foreach ($js_includes as $js_file) {
	293	$sJsBlock .= '<script src="'.$js_file.'" type="text/javascript"></script>' ."\n";
	294	}
91c27aee	295	if ($sHeaderJs) {
2c92ea9d	296	$sJsBlock .= "\n<script type=\"text/javascript\">" .
91c27aee	297	"\n<!--\n" .
a3d59ec3	298	$sHeaderJs . "\n\n// -->\n</script>\n";
d62c4938	299	}
e9e5a322	300	displayHtmlHeader ($org_title, $sJsBlock);
5fe8257d	301	} else {
d62c4938	302	/* do not use JavaScript */
e9e5a322	303	displayHtmlHeader ($org_title);
ca14ebb7	304	$sOnload = '';
715225af	305	}
d8ca5ea3	306	if ($mailbox) {
	307	/*
	308	* this explains the imap_mailbox.php dependency. We should instead store
	309	* the selected mailbox in the session and fallback to the session var.
	310	*/
3047e291	311	$shortBoxName = sm_encode_html_special_chars(imap_utf7_decode_local(
d8ca5ea3	312	readShortMailboxName($mailbox, $delimiter)));
d8ca5ea3	313	if (getPref($data_dir, $username, 'translate_special_folders')) {
0038893a	314	global $sent_folder, $trash_folder, $draft_folder;
	315	if ($mailbox == $sent_folder)
	316	$shortBoxName = _("Sent");
	317	else if ($mailbox == $trash_folder)
	318	$shortBoxName = _("Trash");
	319	else if ($mailbox == $sent_folder)
	320	$shortBoxName = _("Drafts");
d8ca5ea3	321	}
	322	$urlMailbox = urlencode($mailbox);
	323	} else {
	324	$shortBoxName = '';
	325	$urlMailbox = '';
7da23762	326	}
0493ed11	327
5810acfa	328	$provider_link = '';
	329	if (!empty($provider_uri) && !empty($provider_name) && $provider_name != 'SquirrelMail') {
	330	$provider_link = create_hyperlink($provider_uri, $provider_name, '_blank');
99ea51d3	331	}
5fe8257d	332
ca14ebb7	333	$oTemplate->assign('onload', $sOnload);
5fe8257d	334	$oTemplate->assign('shortBoxName', $shortBoxName);
4bf6fc19	335	$oTemplate->assign('provider_link', $provider_link);
5fe8257d	336	$oTemplate->assign('frame_top', $frame_top);
	337	$oTemplate->assign('urlMailbox', $urlMailbox);
	338	$oTemplate->assign('startMessage', $startMessage);
	339	$oTemplate->assign('hide_sm_attributions', $hide_sm_attributions);
fbffe024	340
	341	// access keys
	342	//
	343	global $accesskey_menubar_compose, $accesskey_menubar_addresses,
	344	$accesskey_menubar_folders, $accesskey_menubar_options,
	345	$accesskey_menubar_search, $accesskey_menubar_help,
	346	$accesskey_menubar_signout;
	347	$oTemplate->assign('accesskey_menubar_compose', $accesskey_menubar_compose);
	348	$oTemplate->assign('accesskey_menubar_addresses', $accesskey_menubar_addresses);
	349	$oTemplate->assign('accesskey_menubar_folders', $accesskey_menubar_folders);
	350	$oTemplate->assign('accesskey_menubar_options', $accesskey_menubar_options);
	351	$oTemplate->assign('accesskey_menubar_search', $accesskey_menubar_search);
	352	$oTemplate->assign('accesskey_menubar_help', $accesskey_menubar_help);
	353	$oTemplate->assign('accesskey_menubar_signout', $accesskey_menubar_signout);
	354
5fe8257d	355	$oTemplate->display('page_header.tpl');
c5634692	356
	357	global $null;
	358	do_hook('page_header_bottom', $null);
a07cd1a4	359	}
2ba13803	360
8b096f0a	361	/**
	362	* Blatantly copied/truncated/modified from displayPageHeader.
	363	* Outputs a page header specifically for the compose_in_new popup window
	364	*
	365	* @param array color the array of theme colors
	366	* @param string mailbox the current mailbox name to display
91c27aee	367	* @param string sHeaderJs javascipt code to be inserted in a script block in the header
5bcce050	368	* @param string sOnload JavaScript code to be added inside the body's onload handler
5bcce050	369	* as of 1.5.2, this replaces $sBodyTagJs argument
8b096f0a	370	* @return void
8b096f0a	371	*/
5bcce050	372	function compose_Header($color, $mailbox, $sHeaderJs='', $sOnload = '') {
10bf80c0	373
83aff890	374	global $reply_focus, $action, $oTemplate;
10bf80c0	375
5bcce050	376	if (empty($sOnload)) {
10bf80c0	377	if (strpos($action, 'reply') !== FALSE && $reply_focus) {
5bcce050	378	if ($reply_focus == 'select')
	379	$sOnload = 'checkForm(\'select\');';
	380	else if ($reply_focus == 'focus')
	381	$sOnload = 'checkForm(\'focus\');';
	382	else if ($reply_focus != 'none')
	383	$sOnload = 'checkForm();';
10bf80c0	384	}
10bf80c0	385	else
ca14ebb7	386	$sOnload = 'checkForm();';
10bf80c0	387	}
	388
	389
9c3e6cd4	390	/*
d62c4938	391	* Locate the first displayable form element (only when JavaScript on)
d62c4938	392	*/
83aff890	393	if(checkForJavascript()) {
91c27aee	394	if ($sHeaderJs) {
2c92ea9d	395	$sJsBlock = "\n<script type=\"text/javascript\">" .
91c27aee	396	"\n<!--\n" .
a3d59ec3	397	$sHeaderJs . "\n\n// -->\n</script>\n";
91c27aee	398	} else {
5fe8257d	399	$sJsBlock = '';
d62c4938	400	}
6373ad12	401	$sJsBlock .= "\n";
6373ad12	402
b8292491	403	$js_includes = $oTemplate->get_javascript_includes(TRUE);
6373ad12	404	foreach ($js_includes as $js_file) {
	405	$sJsBlock .= '<script src="'.$js_file.'" type="text/javascript"></script>' ."\n";
	406	}
	407
91c27aee	408	displayHtmlHeader (_("Compose"), $sJsBlock);
d62c4938	409	} else {
	410	/* javascript off */
	411	displayHtmlHeader(_("Compose"));
ca14ebb7	412	$sOnload = '';
9c3e6cd4	413	}
5bcce050	414
	415	// FIXME: change the colorization attributes below to a CSS class!
	416	$class = '';
	417	$aAttribs = array('text' => $color[8], 'bgcolor' => $color[4],
	418	'link' => $color[7], 'vlink' => $color[7],
	419	'alink' => $color[7]);
ed1c151d	420
ed1c151d	421	// this is template-safe (see create_body() function)
5bcce050	422	echo create_body($sOnload, $class, $aAttribs);
5bcce050	423
6f4b6b68	424	global $null;
6f4b6b68	425	do_hook('compose_header_bottom', $null);
9c3e6cd4	426	}