Happy New Year
[squirrelmail.git] / functions / page_header.php
CommitLineData
59177427 1<?php
7350889b 2
35586184 3/**
4 * page_header.php
5 *
35586184 6 * Prints the page header (duh)
7 *
c4faef33 8 * @copyright 1999-2020 The SquirrelMail Project Team
4b4abf93 9 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
31841a9e 10 * @version $Id$
d6c32258 11 * @package squirrelmail
35586184 12 */
13
d6c32258 14/** Include required files from SM */
202bcbcc 15include_once(SM_PATH . 'functions/imap_mailbox.php');
b68edc75 16
d6c32258 17/**
8b096f0a 18 * Output a SquirrelMail page header, from <!doctype> to </head>
19 * Always set up the language before calling these functions.
20 *
81132de8 21 * Since 1.5.1 function sends http headers. Function should be called
22 * before any output is started.
8b096f0a 23 * @param string title the page title, default SquirrelMail.
24 * @param string xtra extra HTML to insert into the header
25 * @param bool do_hook whether to execute hooks, default true
62b9c984 26 * @param bool frames generate html frameset doctype (since 1.5.1)
03478654 27 * @param bool $browser_cache_ok When TRUE, it's OK to leave out the
28 * no-cache browser headers (OPTIONAL;
29 * default = FALSE, send no-cache headers)
8b096f0a 30 * @return void
d6c32258 31 */
03478654 32function displayHtmlHeader( $title = 'SquirrelMail', $xtra = '', $do_hook = TRUE, $frames = FALSE, $browser_cache_ok=FALSE ) {
b8292491 33 global $squirrelmail_language, $sTemplateID, $oErrorHandler, $oTemplate;
692155b7 34
0365891c 35 if ( !sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION) ) {
0b97a708 36 global $base_uri;
37 }
ab034e59 38 global $custom_css, $pageheader_sent, $theme, $theme_default, $text_direction,
acd7fdf2 39 $default_fontset, $chosen_fontset, $default_fontsize, $chosen_fontsize,
c552d9d2 40 $chosen_theme, $chosen_theme_path, $user_themes, $user_theme_default,
41 $head_tag_extra;
81132de8 42
03478654 43 // add no cache headers here
44 //
45 if (!$browser_cache_ok) {
b8292491 46//FIXME: should change all header() calls in SM core to use $oTemplate->header()!!
03478654 47 $oTemplate->header('Pragma: no-cache'); // http 1.0 (rfc1945)
48 $oTemplate->header('Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0'); // http 1.1 (rfc2616)
49 $oTemplate->header('Expires: Sat, 1 Jan 2000 00:00:00 GMT');
50//TODO: is this needed? $oTemplate->header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . 'GMT');
51 }
82d6de25 52 /* prevent information leakage about read emails by forbidding Firefox
53 * to do preemptive DNS requests for any links in the message body. */
54 $oTemplate->header('X-DNS-Prefetch-Control: off');
2c21ef20 55
1f2f93e6 56 // don't show version as a security measure
57 //$oTemplate->header('X-Powered-By: SquirrelMail/' . SM_VERSION, FALSE);
58 $oTemplate->header('X-Powered-By: SquirrelMail', FALSE);
59
ba6d2a96 60 // prevent clickjack attempts
61// FIXME: should we use DENY instead? We can also make this a configurable value, including giving the admin the option of removing this entirely in case they WANT to be framed by an external domain
62 $oTemplate->header('X-Frame-Options: SAMEORIGIN');
63
64 // prevent clickjack attempts using JavaScript for browsers that
65 // don't support the X-Frame-Options header...
66 // we check to see if we are *not* the top page, and if not, check
67 // whether or not the top page is in the same domain as we are...
68 // if not, log out immediately -- this is an attempt to do the same
69 // thing that the X-Frame-Options does using JavaScript (never a good
70 // idea to rely on JavaScript-based solutions, though)
71//FIXME: is it a problem that we still force the clickjack protection code whether or not JavaScript is supported or desired by the user?
72 $header_tags = '<script type="text/javascript" language="JavaScript">'
73 . "\n<!--\n"
74 . 'if (self != top) { try { if (document.domain != top.document.domain) {'
75 . ' throw "Clickjacking security violation! Please log out immediately!"; /* this code should never execute - exception should already have been thrown since it\'s a security violation in this case to even try to access top.document.domain (but it\'s left here just to be extra safe) */ } } catch (e) { self.location = "'
76 . sqm_baseuri() . 'src/signout.php"; top.location = "'
77 . sqm_baseuri() . 'src/signout.php" } }'
78 . "\n// -->\n</script>\n";
79
b8292491 80 $oTemplate->assign('frames', $frames);
81 $oTemplate->assign('lang', $squirrelmail_language);
82
c552d9d2 83 $header_tags .= "<meta name=\"robots\" content=\"noindex,nofollow\" />\n"
84
85 // For adding a favicon or anything else that should be inserted in *ALL* <head> for *ALL* documents,
86 // define $head_tag_extra in config/config_local.php
87 // The string "###SM BASEURI###" will be replaced with the base URI for this SquirrelMail installation.
88 // When not defined, a default is provided that displays the default favicon.ico.
89 // If you override this and still want to use the default favicon.ico, you'll have to include the following
90 // following in your $head_tag_extra string:
d7d9e676 91 // $head_tag_extra = '<link rel="shortcut icon" href="###SM BASEURI###favicon.ico" />...<YOUR CONTENT HERE>...';
c552d9d2 92 //
d7d9e676 93 . (empty($head_tag_extra) ? '<link rel="shortcut icon" href="' . sqm_baseuri() . 'favicon.ico" />'
c552d9d2 94 : str_replace('###SM BASEURI###', sqm_baseuri(), $head_tag_extra));
2c21ef20 95
d88941c7 96 $used_fontset = (!empty($chosen_fontset) ? $chosen_fontset : $default_fontset);
97 $used_fontsize = (!empty($chosen_fontsize) ? $chosen_fontsize : $default_fontsize);
8757c848 98 $used_theme = !isset($chosen_theme) && $user_theme_default != 'none' && is_dir($chosen_theme) && is_readable($chosen_theme)? $user_themes[$user_theme_default]['PATH'].'/default.css' : $chosen_theme_path;
acd7fdf2 99
d6a6f46b 100 /**
101 * Stylesheets are loaded in the following order:
102 * 1) All stylesheets provided by the template. Normally, these are
e2048f8e 103 * stylsheets in templates/<template>/css/. This is accomplished by calling
d6a6f46b 104 * $oTemplate->fetch_standard_stylesheet_links().
105 * 2) An optional user-defined stylesheet. This is set in the Display
106 * Preferences.
107 * 3) src/style.php which sets some basic font prefs.
108 * 4) If we are dealing with an RTL language, we load rtl.css from the
109 * template set.
e2048f8e 110 */
111
d6a6f46b 112 // 1. Stylesheets from the template.
b8292491 113 $header_tags .= $oTemplate->fetch_standard_stylesheet_links();
d6a6f46b 114
b8292491 115 $aUserStyles = array();
e2048f8e 116
d6a6f46b 117 // 2. Option user-defined stylesheet from preferences.
cd81f956 118 if (!empty($used_theme) && $used_theme != 'none') {
83fc5c5e 119 /**
2d2acf5e 120 * All styles (except "none" - ugh) just point to a directory,
121 * so we need to include all .css files in that directory.
83fc5c5e 122 */
2d2acf5e 123//FIXME: rid ourselves of "none" strings! I didn't do it here because I think the problem is that the theme itself should never be "none" (? well, what else would it be? if "none" theme is actually OK, then is there a constant to use below in stead of a hard-coded string?)
124 $styles = $used_theme == 'none' ? array()
125 : list_files($used_theme, '.css');
8757c848 126 foreach ($styles as $sheet) {
127 $aUserStyles[] = $used_theme .'/'.$sheet;
f9376f0b 128 }
deb25c8f 129 }
d6a6f46b 130
131 // 3. src/style.php
132 $aUserStyles[] = $base_uri .'src/style.php?'
b8292491 133 . (!empty($used_fontset) ? '&amp;fontset='.$used_fontset : '')
d6a6f46b 134 . (!empty($used_fontsize) ? '&amp;fontsize='.$used_fontsize : '');
f9376f0b 135
136 // 3.1. Load the stylesheets we have already
b8292491 137 $header_tags .= $oTemplate->fetch_external_stylesheet_links($aUserStyles);
6182ab4d 138
d6a6f46b 139 // 4. Optional rtl.css stylesheet
6182ab4d 140 if ($text_direction == 'rtl') {
141 $header_tags .= $oTemplate->fetch_right_to_left_stylesheet_link();
142 }
62f7daa5 143
2ad37738 144 // 5. Printer friendly stylesheet
145 $header_tags .= create_css_link($base_uri . 'css/print.css', 'printerfriendly', false, 'print');
146
e842b215 147 if ($squirrelmail_language == 'ja_JP') {
683b7853 148 /*
cbd8c251 149 * force correct detection of charset, when browser does not follow
150 * http content-type and tries to detect charset from page content.
151 * Shooting of browser's creator can't be implemented in php.
152 * We might get rid of it, if we follow http://www.w3.org/TR/japanese-xml/
153 * recommendations and switch to unicode.
154 */
b8292491 155 $header_tags .= "<!-- \xfd\xfe -->\n";
0d56053e 156 $header_tags .= '<meta http-equiv="Content-type" content="' . $oTemplate->get_content_type() . '; charset=euc-jp" />' . "\n";
e842b215 157 }
237470b4 158 if ($do_hook) {
ed1c151d 159 // NOTE! plugins here MUST assign output to template
160 // and NOT echo anything directly!! A common
161 // approach is if a plugin decides it needs to
162 // put something at page-top after the standard
163 // SM page header, to dynamically add itself to
164 // the page_header_bottom and/or compose_header_bottom
165 // hooks for the current page request. See
166 // the Sent Confirmation v1.7 or Restrict Senders v1.2
167 // plugins for examples of this approach.
ed1c151d 168 ob_start();
c0071a26 169 $temp = array(&$header_tags);
170 do_hook('generic_header', $temp);
ed1c151d 171 $output = ob_get_contents();
172 ob_end_clean();
173 // plugin authors can debug their errors with one of the following:
174 //sm_print_r($output);
175 //echo $output;
176 if (!empty($output)) trigger_error('A plugin on the "generic_header" hook has attempted to output directly to the browser', E_USER_ERROR);
237470b4 177 }
62f7daa5 178
b8292491 179 $header_tags .= $xtra;
180 $oTemplate->assign('page_title', $title);
5ca4b1ee 181
182 /* work around IE6's scrollbar bug */
b8292491 183 $header_tags .= <<<EOS
292a9c32 184<!--[if IE 6]>
5ca4b1ee 185<style type="text/css">
5fe8257d 186/* avoid stupid IE6 bug with frames and scrollbars */
187body {
5fe8257d 188 width: expression(document.documentElement.clientWidth - 30);
189}
5ca4b1ee 190</style>
292a9c32 191<![endif]-->
5ca4b1ee 192
b8292491 193EOS;
5ca4b1ee 194
4bf6fc19 195 $oTemplate->assign('header_tags', $header_tags);
b8292491 196 $oTemplate->display('protocol_header.tpl');
b6c283c4 197
198 /* this is used to check elsewhere whether we should call this function */
199 $pageheader_sent = TRUE;
81de00c0 200 if (isset($oErrorHandler)) {
e6c4caae 201 $oErrorHandler->HeaderSent();
81de00c0 202 }
b8292491 203
a07cd1a4 204}
205
8b096f0a 206/**
207 * Given a path to a SquirrelMail file, return a HTML link to it
208 *
e740a582 209 * @param string $path The SquirrelMail file to link to
210 * (should start with something like "src/..." or
211 * "functions/..." or "plugins/..." etc.)
212 * @param string $text The link text
213 * @param string $target The target frame for this link
214 * @param string $accesskey The access key to be used, if any
8b096f0a 215 */
c12535f6 216function makeInternalLink($path, $text, $target='', $accesskey='NONE') {
f7b996c3 217 global $base_uri, $oTemplate;
202bcbcc 218// sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION);
4910106a 219
e50f5ac2 220 // This is an inefficient hook and is only used by
4910106a 221 // one plugin that still needs to patch this code,
e50f5ac2 222 // plus if we are templat-izing SM, visual hooks
223 // are not needed. However, I am leaving the code
224 // here just in case we find a good (non-visual?)
4910106a 225 // use for the internal_link hook.
226 //
d849b570 227 //do_hook('internal_link', $text);
4910106a 228
e740a582 229 return create_hyperlink($base_uri . $path, $text, $target,
230 '', '', '', '',
c12535f6 231 ($accesskey == 'NONE'
232 ? array()
233 : array('accesskey' => $accesskey)));
d62c4938 234}
235
8b096f0a 236/**
8b096f0a 237 * Outputs a complete SquirrelMail page header, starting with <!doctype> and
238 * including the default menu bar. Uses displayHtmlHeader and takes
239 * JavaScript and locale settings into account.
240 *
241 * @param array color the array of theme colors
242 * @param string mailbox the current mailbox name to display
91c27aee 243 * @param string sHeaderJs javascipt code to be inserted in a script block in the header
ca14ebb7 244 * @param string sOnload JavaScript code to be added inside the body's onload handler
245 * as of 1.5.2, this replaces $sBodyTagJs argument
8b096f0a 246 * @return void
247 */
ca14ebb7 248function displayPageHeader($color, $mailbox='', $sHeaderJs='', $sOnload = '') {
10bf80c0 249
250 global $reply_focus, $hide_sm_attributions, $frame_top,
5fe8257d 251 $provider_name, $provider_uri, $startMessage,
d8ca5ea3 252 $action, $oTemplate, $org_title, $base_uri,
253 $data_dir, $username;
10bf80c0 254
ca14ebb7 255 if (empty($sOnload)) {
10bf80c0 256 if (strpos($action, 'reply') !== FALSE && $reply_focus) {
ca14ebb7 257 if ($reply_focus == 'select')
258 $sOnload = 'checkForm(\'select\');';
259 else if ($reply_focus == 'focus')
260 $sOnload = 'checkForm(\'focus\');';
261 else if ($reply_focus != 'none')
262 $sOnload = 'checkForm();';
10bf80c0 263 }
264 else
ca14ebb7 265 $sOnload = 'checkForm();';
10bf80c0 266 }
267
5fe8257d 268 $startMessage = (int)$startMessage;
269
0365891c 270 sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION );
91c27aee 271
d03f3582 272 if (!isset($frame_top)) {
273 $frame_top = '_top';
274 }
715225af 275
ca14ebb7 276//FIXME: does checkForJavascript() make the 2nd part of the if() below unneccessary?? (that is, I think checkForJavascript() might already look for new_js_autodetect_results...(?))
83aff890 277 if( checkForJavascript() || strpos($sHeaderJs, 'new_js_autodetect_results.value') ) {
b8292491 278 $js_includes = $oTemplate->get_javascript_includes(TRUE);
6373ad12 279 $sJsBlock = '';
280 foreach ($js_includes as $js_file) {
281 $sJsBlock .= '<script src="'.$js_file.'" type="text/javascript"></script>' ."\n";
282 }
91c27aee 283 if ($sHeaderJs) {
2c92ea9d 284 $sJsBlock .= "\n<script type=\"text/javascript\">" .
91c27aee 285 "\n<!--\n" .
a3d59ec3 286 $sHeaderJs . "\n\n// -->\n</script>\n";
d62c4938 287 }
e9e5a322 288 displayHtmlHeader ($org_title, $sJsBlock);
5fe8257d 289 } else {
d62c4938 290 /* do not use JavaScript */
e9e5a322 291 displayHtmlHeader ($org_title);
ca14ebb7 292 $sOnload = '';
715225af 293 }
d8ca5ea3 294 if ($mailbox) {
295 /*
296 * this explains the imap_mailbox.php dependency. We should instead store
297 * the selected mailbox in the session and fallback to the session var.
298 */
3047e291 299 $shortBoxName = sm_encode_html_special_chars(imap_utf7_decode_local(
d8ca5ea3 300 readShortMailboxName($mailbox, $delimiter)));
301 if (getPref($data_dir, $username, 'translate_special_folders')) {
0038893a 302 global $sent_folder, $trash_folder, $draft_folder;
303 if ($mailbox == $sent_folder)
304 $shortBoxName = _("Sent");
305 else if ($mailbox == $trash_folder)
306 $shortBoxName = _("Trash");
307 else if ($mailbox == $sent_folder)
308 $shortBoxName = _("Drafts");
d8ca5ea3 309 }
310 $urlMailbox = urlencode($mailbox);
311 } else {
312 $shortBoxName = '';
313 $urlMailbox = '';
7da23762 314 }
0493ed11 315
5810acfa 316 $provider_link = '';
317 if (!empty($provider_uri) && !empty($provider_name) && $provider_name != 'SquirrelMail') {
318 $provider_link = create_hyperlink($provider_uri, $provider_name, '_blank');
99ea51d3 319 }
5fe8257d 320
ca14ebb7 321 $oTemplate->assign('onload', $sOnload);
5fe8257d 322 $oTemplate->assign('shortBoxName', $shortBoxName);
4bf6fc19 323 $oTemplate->assign('provider_link', $provider_link);
5fe8257d 324 $oTemplate->assign('frame_top', $frame_top);
325 $oTemplate->assign('urlMailbox', $urlMailbox);
326 $oTemplate->assign('startMessage', $startMessage);
327 $oTemplate->assign('hide_sm_attributions', $hide_sm_attributions);
fbffe024 328
329 // access keys
330 //
331 global $accesskey_menubar_compose, $accesskey_menubar_addresses,
332 $accesskey_menubar_folders, $accesskey_menubar_options,
333 $accesskey_menubar_search, $accesskey_menubar_help,
334 $accesskey_menubar_signout;
335 $oTemplate->assign('accesskey_menubar_compose', $accesskey_menubar_compose);
336 $oTemplate->assign('accesskey_menubar_addresses', $accesskey_menubar_addresses);
337 $oTemplate->assign('accesskey_menubar_folders', $accesskey_menubar_folders);
338 $oTemplate->assign('accesskey_menubar_options', $accesskey_menubar_options);
339 $oTemplate->assign('accesskey_menubar_search', $accesskey_menubar_search);
340 $oTemplate->assign('accesskey_menubar_help', $accesskey_menubar_help);
341 $oTemplate->assign('accesskey_menubar_signout', $accesskey_menubar_signout);
342
5fe8257d 343 $oTemplate->display('page_header.tpl');
c5634692 344
345 global $null;
346 do_hook('page_header_bottom', $null);
a07cd1a4 347}
2ba13803 348
8b096f0a 349/**
350 * Blatantly copied/truncated/modified from displayPageHeader.
351 * Outputs a page header specifically for the compose_in_new popup window
352 *
353 * @param array color the array of theme colors
354 * @param string mailbox the current mailbox name to display
91c27aee 355 * @param string sHeaderJs javascipt code to be inserted in a script block in the header
5bcce050 356 * @param string sOnload JavaScript code to be added inside the body's onload handler
357 * as of 1.5.2, this replaces $sBodyTagJs argument
8b096f0a 358 * @return void
359 */
5bcce050 360function compose_Header($color, $mailbox, $sHeaderJs='', $sOnload = '') {
10bf80c0 361
83aff890 362 global $reply_focus, $action, $oTemplate;
10bf80c0 363
5bcce050 364 if (empty($sOnload)) {
10bf80c0 365 if (strpos($action, 'reply') !== FALSE && $reply_focus) {
5bcce050 366 if ($reply_focus == 'select')
367 $sOnload = 'checkForm(\'select\');';
368 else if ($reply_focus == 'focus')
369 $sOnload = 'checkForm(\'focus\');';
370 else if ($reply_focus != 'none')
371 $sOnload = 'checkForm();';
10bf80c0 372 }
373 else
ca14ebb7 374 $sOnload = 'checkForm();';
10bf80c0 375 }
376
377
9c3e6cd4 378 /*
d62c4938 379 * Locate the first displayable form element (only when JavaScript on)
380 */
83aff890 381 if(checkForJavascript()) {
91c27aee 382 if ($sHeaderJs) {
2c92ea9d 383 $sJsBlock = "\n<script type=\"text/javascript\">" .
91c27aee 384 "\n<!--\n" .
a3d59ec3 385 $sHeaderJs . "\n\n// -->\n</script>\n";
91c27aee 386 } else {
5fe8257d 387 $sJsBlock = '';
d62c4938 388 }
6373ad12 389 $sJsBlock .= "\n";
390
b8292491 391 $js_includes = $oTemplate->get_javascript_includes(TRUE);
6373ad12 392 foreach ($js_includes as $js_file) {
393 $sJsBlock .= '<script src="'.$js_file.'" type="text/javascript"></script>' ."\n";
394 }
395
91c27aee 396 displayHtmlHeader (_("Compose"), $sJsBlock);
d62c4938 397 } else {
398 /* javascript off */
399 displayHtmlHeader(_("Compose"));
ca14ebb7 400 $sOnload = '';
9c3e6cd4 401 }
5bcce050 402
403// FIXME: change the colorization attributes below to a CSS class!
404 $class = '';
405 $aAttribs = array('text' => $color[8], 'bgcolor' => $color[4],
406 'link' => $color[7], 'vlink' => $color[7],
407 'alink' => $color[7]);
ed1c151d 408
409 // this is template-safe (see create_body() function)
5bcce050 410 echo create_body($sOnload, $class, $aAttribs);
411
6f4b6b68 412 global $null;
413 do_hook('compose_header_bottom', $null);
9c3e6cd4 414}