Happy New Year
[squirrelmail.git] / functions / page_header.php
1 <?php
2
3 /**
4 * page_header.php
5 *
6 * Prints the page header (duh)
7 *
8 * @copyright 1999-2018 The SquirrelMail Project Team
9 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
10 * @version $Id$
11 * @package squirrelmail
12 */
13
14 /** Include required files from SM */
15 include_once(SM_PATH . 'functions/imap_mailbox.php');
16
17 /**
18 * Output a SquirrelMail page header, from <!doctype> to </head>
19 * Always set up the language before calling these functions.
20 *
21 * Since 1.5.1 function sends http headers. Function should be called
22 * before any output is started.
23 * @param string title the page title, default SquirrelMail.
24 * @param string xtra extra HTML to insert into the header
25 * @param bool do_hook whether to execute hooks, default true
26 * @param bool frames generate html frameset doctype (since 1.5.1)
27 * @param bool $browser_cache_ok When TRUE, it's OK to leave out the
28 * no-cache browser headers (OPTIONAL;
29 * default = FALSE, send no-cache headers)
30 * @return void
31 */
32 function displayHtmlHeader( $title = 'SquirrelMail', $xtra = '', $do_hook = TRUE, $frames = FALSE, $browser_cache_ok=FALSE ) {
33 global $squirrelmail_language, $sTemplateID, $oErrorHandler, $oTemplate;
34
35 if ( !sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION) ) {
36 global $base_uri;
37 }
38 global $custom_css, $pageheader_sent, $theme, $theme_default, $text_direction,
39 $default_fontset, $chosen_fontset, $default_fontsize, $chosen_fontsize,
40 $chosen_theme, $chosen_theme_path, $user_themes, $user_theme_default;
41
42 // add no cache headers here
43 //
44 if (!$browser_cache_ok) {
45 //FIXME: should change all header() calls in SM core to use $oTemplate->header()!!
46 $oTemplate->header('Pragma: no-cache'); // http 1.0 (rfc1945)
47 $oTemplate->header('Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0'); // http 1.1 (rfc2616)
48 $oTemplate->header('Expires: Sat, 1 Jan 2000 00:00:00 GMT');
49 //TODO: is this needed? $oTemplate->header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . 'GMT');
50 }
51 /* prevent information leakage about read emails by forbidding Firefox
52 * to do preemptive DNS requests for any links in the message body. */
53 $oTemplate->header('X-DNS-Prefetch-Control: off');
54
55 // don't show version as a security measure
56 //$oTemplate->header('X-Powered-By: SquirrelMail/' . SM_VERSION, FALSE);
57 $oTemplate->header('X-Powered-By: SquirrelMail', FALSE);
58
59 // prevent clickjack attempts
60 // FIXME: should we use DENY instead? We can also make this a configurable value, including giving the admin the option of removing this entirely in case they WANT to be framed by an external domain
61 $oTemplate->header('X-Frame-Options: SAMEORIGIN');
62
63 // prevent clickjack attempts using JavaScript for browsers that
64 // don't support the X-Frame-Options header...
65 // we check to see if we are *not* the top page, and if not, check
66 // whether or not the top page is in the same domain as we are...
67 // if not, log out immediately -- this is an attempt to do the same
68 // thing that the X-Frame-Options does using JavaScript (never a good
69 // idea to rely on JavaScript-based solutions, though)
70 //FIXME: is it a problem that we still force the clickjack protection code whether or not JavaScript is supported or desired by the user?
71 $header_tags = '<script type="text/javascript" language="JavaScript">'
72 . "\n<!--\n"
73 . 'if (self != top) { try { if (document.domain != top.document.domain) {'
74 . ' throw "Clickjacking security violation! Please log out immediately!"; /* this code should never execute - exception should already have been thrown since it\'s a security violation in this case to even try to access top.document.domain (but it\'s left here just to be extra safe) */ } } catch (e) { self.location = "'
75 . sqm_baseuri() . 'src/signout.php"; top.location = "'
76 . sqm_baseuri() . 'src/signout.php" } }'
77 . "\n// -->\n</script>\n";
78
79 $oTemplate->assign('frames', $frames);
80 $oTemplate->assign('lang', $squirrelmail_language);
81
82 $header_tags .= "<meta name=\"robots\" content=\"noindex,nofollow\" />\n";
83
84 $used_fontset = (!empty($chosen_fontset) ? $chosen_fontset : $default_fontset);
85 $used_fontsize = (!empty($chosen_fontsize) ? $chosen_fontsize : $default_fontsize);
86 $used_theme = !isset($chosen_theme) && $user_theme_default != 'none' && is_dir($chosen_theme) && is_readable($chosen_theme)? $user_themes[$user_theme_default]['PATH'].'/default.css' : $chosen_theme_path;
87
88 /**
89 * Stylesheets are loaded in the following order:
90 * 1) All stylesheets provided by the template. Normally, these are
91 * stylsheets in templates/<template>/css/. This is accomplished by calling
92 * $oTemplate->fetch_standard_stylesheet_links().
93 * 2) An optional user-defined stylesheet. This is set in the Display
94 * Preferences.
95 * 3) src/style.php which sets some basic font prefs.
96 * 4) If we are dealing with an RTL language, we load rtl.css from the
97 * template set.
98 */
99
100 // 1. Stylesheets from the template.
101 $header_tags .= $oTemplate->fetch_standard_stylesheet_links();
102
103 $aUserStyles = array();
104
105 // 2. Option user-defined stylesheet from preferences.
106 if (!empty($used_theme) && $used_theme != 'none') {
107 /**
108 * All styles (except "none" - ugh) just point to a directory,
109 * so we need to include all .css files in that directory.
110 */
111 //FIXME: rid ourselves of "none" strings! I didn't do it here because I think the problem is that the theme itself should never be "none" (? well, what else would it be? if "none" theme is actually OK, then is there a constant to use below in stead of a hard-coded string?)
112 $styles = $used_theme == 'none' ? array()
113 : list_files($used_theme, '.css');
114 foreach ($styles as $sheet) {
115 $aUserStyles[] = $used_theme .'/'.$sheet;
116 }
117 }
118
119 // 3. src/style.php
120 $aUserStyles[] = $base_uri .'src/style.php?'
121 . (!empty($used_fontset) ? '&amp;fontset='.$used_fontset : '')
122 . (!empty($used_fontsize) ? '&amp;fontsize='.$used_fontsize : '');
123
124 // 3.1. Load the stylesheets we have already
125 $header_tags .= $oTemplate->fetch_external_stylesheet_links($aUserStyles);
126
127 // 4. Optional rtl.css stylesheet
128 if ($text_direction == 'rtl') {
129 $header_tags .= $oTemplate->fetch_right_to_left_stylesheet_link();
130 }
131
132 // 5. Printer friendly stylesheet
133 $header_tags .= create_css_link($base_uri . 'css/print.css', 'printerfriendly', false, 'print');
134
135 if ($squirrelmail_language == 'ja_JP') {
136 /*
137 * force correct detection of charset, when browser does not follow
138 * http content-type and tries to detect charset from page content.
139 * Shooting of browser's creator can't be implemented in php.
140 * We might get rid of it, if we follow http://www.w3.org/TR/japanese-xml/
141 * recommendations and switch to unicode.
142 */
143 $header_tags .= "<!-- \xfd\xfe -->\n";
144 $header_tags .= '<meta http-equiv="Content-type" content="' . $oTemplate->get_content_type() . '; charset=euc-jp" />' . "\n";
145 }
146 if ($do_hook) {
147 // NOTE! plugins here MUST assign output to template
148 // and NOT echo anything directly!! A common
149 // approach is if a plugin decides it needs to
150 // put something at page-top after the standard
151 // SM page header, to dynamically add itself to
152 // the page_header_bottom and/or compose_header_bottom
153 // hooks for the current page request. See
154 // the Sent Confirmation v1.7 or Restrict Senders v1.2
155 // plugins for examples of this approach.
156 ob_start();
157 $temp = array(&$header_tags);
158 do_hook('generic_header', $temp);
159 $output = ob_get_contents();
160 ob_end_clean();
161 // plugin authors can debug their errors with one of the following:
162 //sm_print_r($output);
163 //echo $output;
164 if (!empty($output)) trigger_error('A plugin on the "generic_header" hook has attempted to output directly to the browser', E_USER_ERROR);
165 }
166
167 $header_tags .= $xtra;
168 $oTemplate->assign('page_title', $title);
169
170 /* work around IE6's scrollbar bug */
171 $header_tags .= <<<EOS
172 <!--[if IE 6]>
173 <style type="text/css">
174 /* avoid stupid IE6 bug with frames and scrollbars */
175 body {
176 width: expression(document.documentElement.clientWidth - 30);
177 }
178 </style>
179 <![endif]-->
180
181 EOS;
182
183 $oTemplate->assign('header_tags', $header_tags);
184 $oTemplate->display('protocol_header.tpl');
185
186 /* this is used to check elsewhere whether we should call this function */
187 $pageheader_sent = TRUE;
188 if (isset($oErrorHandler)) {
189 $oErrorHandler->HeaderSent();
190 }
191
192 }
193
194 /**
195 * Given a path to a SquirrelMail file, return a HTML link to it
196 *
197 * @param string $path The SquirrelMail file to link to
198 * (should start with something like "src/..." or
199 * "functions/..." or "plugins/..." etc.)
200 * @param string $text The link text
201 * @param string $target The target frame for this link
202 * @param string $accesskey The access key to be used, if any
203 */
204 function makeInternalLink($path, $text, $target='', $accesskey='NONE') {
205 global $base_uri, $oTemplate;
206 // sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION);
207
208 // This is an inefficient hook and is only used by
209 // one plugin that still needs to patch this code,
210 // plus if we are templat-izing SM, visual hooks
211 // are not needed. However, I am leaving the code
212 // here just in case we find a good (non-visual?)
213 // use for the internal_link hook.
214 //
215 //do_hook('internal_link', $text);
216
217 return create_hyperlink($base_uri . $path, $text, $target,
218 '', '', '', '',
219 ($accesskey == 'NONE'
220 ? array()
221 : array('accesskey' => $accesskey)));
222 }
223
224 /**
225 * Outputs a complete SquirrelMail page header, starting with <!doctype> and
226 * including the default menu bar. Uses displayHtmlHeader and takes
227 * JavaScript and locale settings into account.
228 *
229 * @param array color the array of theme colors
230 * @param string mailbox the current mailbox name to display
231 * @param string sHeaderJs javascipt code to be inserted in a script block in the header
232 * @param string sOnload JavaScript code to be added inside the body's onload handler
233 * as of 1.5.2, this replaces $sBodyTagJs argument
234 * @return void
235 */
236 function displayPageHeader($color, $mailbox='', $sHeaderJs='', $sOnload = '') {
237
238 global $reply_focus, $hide_sm_attributions, $frame_top,
239 $provider_name, $provider_uri, $startMessage,
240 $action, $oTemplate, $org_title, $base_uri,
241 $data_dir, $username;
242
243 if (empty($sOnload)) {
244 if (strpos($action, 'reply') !== FALSE && $reply_focus) {
245 if ($reply_focus == 'select')
246 $sOnload = 'checkForm(\'select\');';
247 else if ($reply_focus == 'focus')
248 $sOnload = 'checkForm(\'focus\');';
249 else if ($reply_focus != 'none')
250 $sOnload = 'checkForm();';
251 }
252 else
253 $sOnload = 'checkForm();';
254 }
255
256 $startMessage = (int)$startMessage;
257
258 sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION );
259
260 if (!isset($frame_top)) {
261 $frame_top = '_top';
262 }
263
264 //FIXME: does checkForJavascript() make the 2nd part of the if() below unneccessary?? (that is, I think checkForJavascript() might already look for new_js_autodetect_results...(?))
265 if( checkForJavascript() || strpos($sHeaderJs, 'new_js_autodetect_results.value') ) {
266 $js_includes = $oTemplate->get_javascript_includes(TRUE);
267 $sJsBlock = '';
268 foreach ($js_includes as $js_file) {
269 $sJsBlock .= '<script src="'.$js_file.'" type="text/javascript"></script>' ."\n";
270 }
271 if ($sHeaderJs) {
272 $sJsBlock .= "\n<script type=\"text/javascript\">" .
273 "\n<!--\n" .
274 $sHeaderJs . "\n\n// -->\n</script>\n";
275 }
276 displayHtmlHeader ($org_title, $sJsBlock);
277 } else {
278 /* do not use JavaScript */
279 displayHtmlHeader ($org_title);
280 $sOnload = '';
281 }
282 if ($mailbox) {
283 /*
284 * this explains the imap_mailbox.php dependency. We should instead store
285 * the selected mailbox in the session and fallback to the session var.
286 */
287 $shortBoxName = sm_encode_html_special_chars(imap_utf7_decode_local(
288 readShortMailboxName($mailbox, $delimiter)));
289 if (getPref($data_dir, $username, 'translate_special_folders')) {
290 global $sent_folder, $trash_folder, $draft_folder;
291 if ($mailbox == $sent_folder)
292 $shortBoxName = _("Sent");
293 else if ($mailbox == $trash_folder)
294 $shortBoxName = _("Trash");
295 else if ($mailbox == $sent_folder)
296 $shortBoxName = _("Drafts");
297 }
298 $urlMailbox = urlencode($mailbox);
299 } else {
300 $shortBoxName = '';
301 $urlMailbox = '';
302 }
303
304 $provider_link = '';
305 if (!empty($provider_uri) && !empty($provider_name) && $provider_name != 'SquirrelMail') {
306 $provider_link = create_hyperlink($provider_uri, $provider_name, '_blank');
307 }
308
309 $oTemplate->assign('onload', $sOnload);
310 $oTemplate->assign('shortBoxName', $shortBoxName);
311 $oTemplate->assign('provider_link', $provider_link);
312 $oTemplate->assign('frame_top', $frame_top);
313 $oTemplate->assign('urlMailbox', $urlMailbox);
314 $oTemplate->assign('startMessage', $startMessage);
315 $oTemplate->assign('hide_sm_attributions', $hide_sm_attributions);
316
317 // access keys
318 //
319 global $accesskey_menubar_compose, $accesskey_menubar_addresses,
320 $accesskey_menubar_folders, $accesskey_menubar_options,
321 $accesskey_menubar_search, $accesskey_menubar_help,
322 $accesskey_menubar_signout;
323 $oTemplate->assign('accesskey_menubar_compose', $accesskey_menubar_compose);
324 $oTemplate->assign('accesskey_menubar_addresses', $accesskey_menubar_addresses);
325 $oTemplate->assign('accesskey_menubar_folders', $accesskey_menubar_folders);
326 $oTemplate->assign('accesskey_menubar_options', $accesskey_menubar_options);
327 $oTemplate->assign('accesskey_menubar_search', $accesskey_menubar_search);
328 $oTemplate->assign('accesskey_menubar_help', $accesskey_menubar_help);
329 $oTemplate->assign('accesskey_menubar_signout', $accesskey_menubar_signout);
330
331 $oTemplate->display('page_header.tpl');
332
333 global $null;
334 do_hook('page_header_bottom', $null);
335 }
336
337 /**
338 * Blatantly copied/truncated/modified from displayPageHeader.
339 * Outputs a page header specifically for the compose_in_new popup window
340 *
341 * @param array color the array of theme colors
342 * @param string mailbox the current mailbox name to display
343 * @param string sHeaderJs javascipt code to be inserted in a script block in the header
344 * @param string sOnload JavaScript code to be added inside the body's onload handler
345 * as of 1.5.2, this replaces $sBodyTagJs argument
346 * @return void
347 */
348 function compose_Header($color, $mailbox, $sHeaderJs='', $sOnload = '') {
349
350 global $reply_focus, $action, $oTemplate;
351
352 if (empty($sOnload)) {
353 if (strpos($action, 'reply') !== FALSE && $reply_focus) {
354 if ($reply_focus == 'select')
355 $sOnload = 'checkForm(\'select\');';
356 else if ($reply_focus == 'focus')
357 $sOnload = 'checkForm(\'focus\');';
358 else if ($reply_focus != 'none')
359 $sOnload = 'checkForm();';
360 }
361 else
362 $sOnload = 'checkForm();';
363 }
364
365
366 /*
367 * Locate the first displayable form element (only when JavaScript on)
368 */
369 if(checkForJavascript()) {
370 if ($sHeaderJs) {
371 $sJsBlock = "\n<script type=\"text/javascript\">" .
372 "\n<!--\n" .
373 $sHeaderJs . "\n\n// -->\n</script>\n";
374 } else {
375 $sJsBlock = '';
376 }
377 $sJsBlock .= "\n";
378
379 $js_includes = $oTemplate->get_javascript_includes(TRUE);
380 foreach ($js_includes as $js_file) {
381 $sJsBlock .= '<script src="'.$js_file.'" type="text/javascript"></script>' ."\n";
382 }
383
384 displayHtmlHeader (_("Compose"), $sJsBlock);
385 } else {
386 /* javascript off */
387 displayHtmlHeader(_("Compose"));
388 $sOnload = '';
389 }
390
391 // FIXME: change the colorization attributes below to a CSS class!
392 $class = '';
393 $aAttribs = array('text' => $color[8], 'bgcolor' => $color[4],
394 'link' => $color[7], 'vlink' => $color[7],
395 'alink' => $color[7]);
396
397 // this is template-safe (see create_body() function)
398 echo create_body($sOnload, $class, $aAttribs);
399
400 global $null;
401 do_hook('compose_header_bottom', $null);
402 }