4) XSS in help.php:
[squirrelmail.git] / src / help.php
1 <?php
2
3 /**
4 * help.php
5 *
6 * Copyright (c) 1999-2002 The SquirrelMail Project Team
7 * Licensed under the GNU GPL. For full terms see the file COPYING.
8 *
9 * Displays help for the user
10 *
11 * $Id$
12 */
13
14 /* Path for SquirrelMail required files. */
15 define('SM_PATH','../');
16
17 /* SquirrelMail required files. */
18 require_once(SM_PATH . 'include/validate.php');
19 require_once(SM_PATH . 'functions/display_messages.php');
20 require_once(SM_PATH . 'functions/imap.php');
21 require_once(SM_PATH . 'functions/array.php');
22
23 displayPageHeader($color, 'None' );
24
25 $helpdir[0] = 'basic.hlp';
26 $helpdir[1] = 'main_folder.hlp';
27 $helpdir[2] = 'read_mail.hlp';
28 $helpdir[3] = 'compose.hlp';
29 $helpdir[4] = 'addresses.hlp';
30 $helpdir[5] = 'folders.hlp';
31 $helpdir[6] = 'options.hlp';
32 $helpdir[7] = 'search.hlp';
33 $helpdir[8] = 'FAQ.hlp';
34
35 /****************[ HELP FUNCTIONS ]********************/
36
37 /**
38 * parses through and gets the information from the different documents.
39 * this returns one section at a time. You must keep track of the position
40 * so that it knows where to start to look for the next section.
41 */
42
43 function get_info($doc, $pos) {
44
45 for ($n=$pos; $n < count($doc); $n++) {
46 if (trim(strtolower($doc[$n])) == '<chapter>'
47 || trim(strtolower($doc[$n])) == '<section>') {
48 for ($n++;$n < count($doc)
49 && (trim(strtolower($doc[$n])) != '</section>')
50 && (trim(strtolower($doc[$n])) != '</chapter>'); $n++) {
51 if (trim(strtolower($doc[$n])) == '<title>') {
52 $n++;
53 $ary[0] = trim($doc[$n]);
54 }
55 if (trim(strtolower($doc[$n])) == '<description>') {
56 $ary[1] = '';
57 for ($n++;$n < count($doc)
58 && (trim(strtolower($doc[$n])) != '</description>');
59 $n++) {
60 $ary[1] .= $doc[$n];
61 }
62 }
63 if (trim(strtolower($doc[$n])) == '<summary>') {
64 $ary[2] = '';
65 for ($n++; $n < count($doc)
66 && (trim(strtolower($doc[$n])) != '</summary>');
67 $n++) {
68 $ary[2] .= $doc[$n];
69 }
70 }
71 }
72 if (isset($ary)) {
73 $ary[3] = $n;
74 } else {
75 $ary[0] = _("ERROR: Help files are not in the right format!");
76 $ary[1] = $ary[0];
77 $ary[2] = $ary[0];
78 }
79 return( $ary );
80 }
81 }
82
83 $ary[0] = _("ERROR: Help files are not in the right format!");
84 $ary[1] = $ary[0];
85
86 return( $ary );
87 }
88
89 /**************[ END HELP FUNCTIONS ]******************/
90
91
92
93 echo html_tag( 'table',
94 html_tag( 'tr',
95 html_tag( 'td','<center><b>' . _("Help") .'</b></center>', 'center', $color[0] )
96 ) ,
97 'center', '', 'width="95%" cellpadding="1" cellspacing="2" border="0"' );
98
99 do_hook("help_top");
100
101 echo html_tag( 'table', '', 'center', '', 'width="90%" cellpadding="0" cellspacing="10" border="0"' ) .
102 html_tag( 'tr' ) .
103 html_tag( 'td' );
104
105 if (isset($HTTP_REFERER)) {
106 $ref = strtolower($HTTP_REFERER);
107 if (strpos($ref, 'src/compose')){
108 $context = 'compose';
109 } else if (strpos($ref, 'src/addr')){
110 $context = 'address';
111 } else if (strpos($ref, 'src/folders')){
112 $context = 'folders';
113 } else if (strpos($ref, 'src/options')){
114 $context = 'options';
115 } else if (strpos($ref, 'src/right_main')){
116 $context = 'index';
117 } else if (strpos($ref, 'src/read_body')){
118 $context = 'read';
119 } else if (strpos($ref, 'src/search')){
120 $context = 'search';
121 }
122 }
123
124 if (!isset($squirrelmail_language)) {
125 $squirrelmail_language = 'en_US';
126 }
127
128 if (file_exists("../help/$squirrelmail_language")) {
129 $help_exists = true;
130 $user_language = $squirrelmail_language;
131 } else if (file_exists('../help/en_US')) {
132 $help_exists = true;
133 echo "<center><font color=\"$color[2]\">";
134 printf (_("The help has not been translated to %s. It will be displayed in English instead."), $languages[$squirrelmail_language]['NAME']);
135 echo '</font></center><br>';
136 $user_language = 'en_US';
137 } else {
138 $help_exists = false;
139 echo "<br><center><font color=\"$color[2]\">" .
140 _("Some or all of the help documents are not present!").
141 '</font></center>'.
142 '</td></tr></table>';
143 /* this is really silly, because there may be some
144 * footers. What about them.
145 * TODO: Fix this so it's not just "exit".
146 */
147 exit;
148 }
149
150 if ($help_exists == true) {
151 if (!isset($context)){
152 $context = '';
153 }
154 if ($context == 'compose'){
155 $chapter = 4;
156 } else if ($context == 'address'){
157 $chapter = 5;
158 } else if ($context == 'folders'){
159 $chapter = 6;
160 } else if ($context == 'options'){
161 $chapter = 7;
162 } else if ($context == 'index'){
163 $chapter = 2;
164 } else if ($context == 'read'){
165 $chapter = 3;
166 } else if ($context == 'search'){
167 $chapter = 8;
168 } else if ( isset( $_GET['chapter'] ) ) {
169 $chapter = intval( $_GET['chapter']);
170 } else {
171 $chapter = 0;
172 }
173
174 if ( $chapter == 0 || !isset( $helpdir[$chapter] ) ) {
175 echo html_tag( 'table', '', 'center', '', 'cellpadding="0" cellspacing="0" border="0"' );
176 html_tag( 'tr' ) .
177 html_tag( 'td' ) .
178 '<b><center>' . _("Table of Contents") . '</center></b><br>';
179 do_hook('help_chapter');
180 echo html_tag( 'ol' );
181 for ($i=0; $i < count($helpdir); $i++) {
182 $doc = file("../help/$user_language/$helpdir[$i]");
183 $help_info = get_info($doc, 0);
184 echo '<li><a href="../src/help.php?chapter=' . ($i+1)
185 . '">' . $help_info[0] . '</a>' .
186 html_tag( 'ul', $help_info[2] );
187 }
188 echo '</ol></td></tr></table>';
189 } else {
190 $doc = file("../help/$user_language/" . $helpdir[$chapter-1]);
191 $help_info = get_info($doc, 0);
192 echo '<small><center>';
193 if ($chapter <= 1){
194 echo '<font color="' . $color[9] . '">' . _("Previous")
195 . '</font> | ';
196 } else {
197 echo '<a href="../src/help.php?chapter=' . ($chapter-1)
198 . '">' . _("Previous") . '</a> | ';
199 }
200 echo '<a href="../src/help.php">' . _("Table of Contents") . '</a>';
201 if ($chapter >= count($helpdir)){
202 echo ' | <font color="$color[9]">' . _("Next") . '</font>';
203 } else {
204 echo ' | <a href="../src/help.php?chapter=' . ($chapter+1)
205 . '">' . _("Next") . '</a>';
206 }
207 echo '</center></small><br>';
208
209 echo '<font size="5"><b>' . $chapter . ' - ' . $help_info[0]
210 . '</b></font><br><br>';
211 if (isset($help_info[1])){
212 echo $help_info[1];
213 } else {
214 echo html_tag( 'p', $help_info[2], 'left' );
215 }
216
217 $section = 0;
218 for ($n = $help_info[3]; $n < count($doc); $n++) {
219 $section++;
220 $help_info = get_info($doc, $n);
221 echo "<b>$chapter.$section - $help_info[0]</b>" .
222 html_tag( 'ul', $help_info[1] );
223 $n = $help_info[3];
224 }
225
226 echo '<br><center><a href="#pagetop">' . _("Top") . '</a></center>';
227 }
228 }
229 do_hook('help_bottom');
230
231 echo html_tag( 'tr',
232 html_tag( 'td', '&nbsp;', 'left', $color[0] )
233 ).
234 '</table></body></html>';
235 ?>