/**
* page_header.php
*
- * Copyright (c) 1999-2005 The SquirrelMail Project Team
- * Licensed under the GNU GPL. For full terms see the file COPYING.
- *
* Prints the page header (duh)
*
+ * @copyright 1999-2018 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
*/
/** Include required files from SM */
-require_once(SM_PATH . 'functions/strings.php');
-require_once(SM_PATH . 'functions/html.php');
-require_once(SM_PATH . 'functions/imap_mailbox.php');
-require_once(SM_PATH . 'functions/global.php');
+include_once(SM_PATH . 'functions/imap_mailbox.php');
/**
* Output a SquirrelMail page header, from <!doctype> to </head>
* Always set up the language before calling these functions.
*
+ * Since 1.5.1 function sends http headers. Function should be called
+ * before any output is started.
* @param string title the page title, default SquirrelMail.
* @param string xtra extra HTML to insert into the header
* @param bool do_hook whether to execute hooks, default true
* @param bool frames generate html frameset doctype (since 1.5.1)
+ * @param bool $browser_cache_ok When TRUE, it's OK to leave out the
+ * no-cache browser headers (OPTIONAL;
+ * default = FALSE, send no-cache headers)
* @return void
*/
-function displayHtmlHeader( $title = 'SquirrelMail', $xtra = '', $do_hook = true, $frames = false ) {
- global $squirrelmail_language;
+function displayHtmlHeader( $title = 'SquirrelMail', $xtra = '', $do_hook = TRUE, $frames = FALSE, $browser_cache_ok=FALSE ) {
+ global $squirrelmail_language, $sTemplateID, $oErrorHandler, $oTemplate;
if ( !sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION) ) {
global $base_uri;
}
- global $theme_css, $custom_css, $pageheader_sent;
+ global $custom_css, $pageheader_sent, $theme, $theme_default, $text_direction,
+ $default_fontset, $chosen_fontset, $default_fontsize, $chosen_fontsize,
+ $chosen_theme, $chosen_theme_path, $user_themes, $user_theme_default;
- if ($frames) {
- echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN">';
- } else {
- echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">';
+ // add no cache headers here
+ //
+ if (!$browser_cache_ok) {
+//FIXME: should change all header() calls in SM core to use $oTemplate->header()!!
+ $oTemplate->header('Pragma: no-cache'); // http 1.0 (rfc1945)
+ $oTemplate->header('Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0'); // http 1.1 (rfc2616)
+ $oTemplate->header('Expires: Sat, 1 Jan 2000 00:00:00 GMT');
+//TODO: is this needed? $oTemplate->header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . 'GMT');
}
- echo "\n" . html_tag( 'html' ,'' , '', '', 'lang="'.$squirrelmail_language.'"' ) .
- "<head>\n<meta name=\"robots\" content=\"noindex,nofollow\">\n";
+ /* prevent information leakage about read emails by forbidding Firefox
+ * to do preemptive DNS requests for any links in the message body. */
+ $oTemplate->header('X-DNS-Prefetch-Control: off');
- /*
- * Add closing / to link and meta elements only after switching to xhtml 1.0 Transitional.
- * It is not compatible with html 4.01 Transitional
+ // don't show version as a security measure
+ //$oTemplate->header('X-Powered-By: SquirrelMail/' . SM_VERSION, FALSE);
+ $oTemplate->header('X-Powered-By: SquirrelMail', FALSE);
+
+ // prevent clickjack attempts
+// FIXME: should we use DENY instead? We can also make this a configurable value, including giving the admin the option of removing this entirely in case they WANT to be framed by an external domain
+ $oTemplate->header('X-Frame-Options: SAMEORIGIN');
+
+ // prevent clickjack attempts using JavaScript for browsers that
+ // don't support the X-Frame-Options header...
+ // we check to see if we are *not* the top page, and if not, check
+ // whether or not the top page is in the same domain as we are...
+ // if not, log out immediately -- this is an attempt to do the same
+ // thing that the X-Frame-Options does using JavaScript (never a good
+ // idea to rely on JavaScript-based solutions, though)
+//FIXME: is it a problem that we still force the clickjack protection code whether or not JavaScript is supported or desired by the user?
+ $header_tags = '<script type="text/javascript" language="JavaScript">'
+ . "\n<!--\n"
+ . 'if (self != top) { try { if (document.domain != top.document.domain) {'
+ . ' throw "Clickjacking security violation! Please log out immediately!"; /* this code should never execute - exception should already have been thrown since it\'s a security violation in this case to even try to access top.document.domain (but it\'s left here just to be extra safe) */ } } catch (e) { self.location = "'
+ . sqm_baseuri() . 'src/signout.php"; top.location = "'
+ . sqm_baseuri() . 'src/signout.php" } }'
+ . "\n// -->\n</script>\n";
+
+ $oTemplate->assign('frames', $frames);
+ $oTemplate->assign('lang', $squirrelmail_language);
+
+ $header_tags .= "<meta name=\"robots\" content=\"noindex,nofollow\" />\n";
+
+ $used_fontset = (!empty($chosen_fontset) ? $chosen_fontset : $default_fontset);
+ $used_fontsize = (!empty($chosen_fontsize) ? $chosen_fontsize : $default_fontsize);
+ $used_theme = !isset($chosen_theme) && $user_theme_default != 'none' && is_dir($chosen_theme) && is_readable($chosen_theme)? $user_themes[$user_theme_default]['PATH'].'/default.css' : $chosen_theme_path;
+
+ /**
+ * Stylesheets are loaded in the following order:
+ * 1) All stylesheets provided by the template. Normally, these are
+ * stylsheets in templates/<template>/css/. This is accomplished by calling
+ * $oTemplate->fetch_standard_stylesheet_links().
+ * 2) An optional user-defined stylesheet. This is set in the Display
+ * Preferences.
+ * 3) src/style.php which sets some basic font prefs.
+ * 4) If we are dealing with an RTL language, we load rtl.css from the
+ * template set.
*/
- if ( !isset( $custom_css ) || $custom_css == 'none' ) {
- if ($theme_css != '') {
- echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"$theme_css\">";
+
+ // 1. Stylesheets from the template.
+ $header_tags .= $oTemplate->fetch_standard_stylesheet_links();
+
+ $aUserStyles = array();
+
+ // 2. Option user-defined stylesheet from preferences.
+ if (!empty($used_theme) && $used_theme != 'none') {
+ /**
+ * All styles (except "none" - ugh) just point to a directory,
+ * so we need to include all .css files in that directory.
+ */
+//FIXME: rid ourselves of "none" strings! I didn't do it here because I think the problem is that the theme itself should never be "none" (? well, what else would it be? if "none" theme is actually OK, then is there a constant to use below in stead of a hard-coded string?)
+ $styles = $used_theme == 'none' ? array()
+ : list_files($used_theme, '.css');
+ foreach ($styles as $sheet) {
+ $aUserStyles[] = $used_theme .'/'.$sheet;
}
- } else {
- echo '<link rel="stylesheet" type="text/css" href="' .
- $base_uri . 'themes/css/'.$custom_css.'">';
}
+ // 3. src/style.php
+ $aUserStyles[] = $base_uri .'src/style.php?'
+ . (!empty($used_fontset) ? '&fontset='.$used_fontset : '')
+ . (!empty($used_fontsize) ? '&fontsize='.$used_fontsize : '');
+
+ // 3.1. Load the stylesheets we have already
+ $header_tags .= $oTemplate->fetch_external_stylesheet_links($aUserStyles);
+
+ // 4. Optional rtl.css stylesheet
+ if ($text_direction == 'rtl') {
+ $header_tags .= $oTemplate->fetch_right_to_left_stylesheet_link();
+ }
+
+ // 5. Printer friendly stylesheet
+ $header_tags .= create_css_link($base_uri . 'css/print.css', 'printerfriendly', false, 'print');
+
if ($squirrelmail_language == 'ja_JP') {
/*
* force correct detection of charset, when browser does not follow
* We might get rid of it, if we follow http://www.w3.org/TR/japanese-xml/
* recommendations and switch to unicode.
*/
- echo "<!-- \xfd\xfe -->\n";
- echo '<meta http-equiv="Content-type" content="text/html; charset=euc-jp">' . "\n";
+ $header_tags .= "<!-- \xfd\xfe -->\n";
+ $header_tags .= '<meta http-equiv="Content-type" content="' . $oTemplate->get_content_type() . '; charset=euc-jp" />' . "\n";
}
if ($do_hook) {
- do_hook('generic_header');
+ // NOTE! plugins here MUST assign output to template
+ // and NOT echo anything directly!! A common
+ // approach is if a plugin decides it needs to
+ // put something at page-top after the standard
+ // SM page header, to dynamically add itself to
+ // the page_header_bottom and/or compose_header_bottom
+ // hooks for the current page request. See
+ // the Sent Confirmation v1.7 or Restrict Senders v1.2
+ // plugins for examples of this approach.
+ ob_start();
+ $temp = array(&$header_tags);
+ do_hook('generic_header', $temp);
+ $output = ob_get_contents();
+ ob_end_clean();
+ // plugin authors can debug their errors with one of the following:
+ //sm_print_r($output);
+ //echo $output;
+ if (!empty($output)) trigger_error('A plugin on the "generic_header" hook has attempted to output directly to the browser', E_USER_ERROR);
}
- echo "<title>$title</title>\n$xtra\n";
+ $header_tags .= $xtra;
+ $oTemplate->assign('page_title', $title);
/* work around IE6's scrollbar bug */
- echo <<<ECHO
+ $header_tags .= <<<EOS
+<!--[if IE 6]>
<style type="text/css">
-<!--
- /* avoid stupid IE6 bug with frames and scrollbars */
- body {
- voice-family: "\"}\"";
- voice-family: inherit;
- width: expression(document.documentElement.clientWidth - 30);
- }
--->
+/* avoid stupid IE6 bug with frames and scrollbars */
+body {
+ width: expression(document.documentElement.clientWidth - 30);
+}
</style>
+<![endif]-->
-ECHO;
+EOS;
- echo "\n</head>\n\n";
+ $oTemplate->assign('header_tags', $header_tags);
+ $oTemplate->display('protocol_header.tpl');
/* this is used to check elsewhere whether we should call this function */
$pageheader_sent = TRUE;
+ if (isset($oErrorHandler)) {
+ $oErrorHandler->HeaderSent();
+ }
+
}
/**
* Given a path to a SquirrelMail file, return a HTML link to it
*
- * @param string path the SquirrelMail file to link to
- * @param string text the link text
- * @param string target the target frame for this link
+ * @param string $path The SquirrelMail file to link to
+ * (should start with something like "src/..." or
+ * "functions/..." or "plugins/..." etc.)
+ * @param string $text The link text
+ * @param string $target The target frame for this link
+ * @param string $accesskey The access key to be used, if any
*/
-function makeInternalLink($path, $text, $target='') {
- sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION);
- if ($target != '') {
- $target = " target=\"$target\"";
- }
+function makeInternalLink($path, $text, $target='', $accesskey='NONE') {
+ global $base_uri, $oTemplate;
+// sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION);
// This is an inefficient hook and is only used by
// one plugin that still needs to patch this code,
// here just in case we find a good (non-visual?)
// use for the internal_link hook.
//
- //$hooktext = do_hook_function('internal_link',$text);
- //if ($hooktext != '')
- // $text = $hooktext;
+ //do_hook('internal_link', $text);
- return '<a href="'.$base_uri.$path.'"'.$target.'>'.$text.'</a>';
-}
-
-/**
- * Same as makeInternalLink, but echoes it too
- */
-function displayInternalLink($path, $text, $target='') {
- echo makeInternalLink($path, $text, $target);
+ return create_hyperlink($base_uri . $path, $text, $target,
+ '', '', '', '',
+ ($accesskey == 'NONE'
+ ? array()
+ : array('accesskey' => $accesskey)));
}
/**
* @param array color the array of theme colors
* @param string mailbox the current mailbox name to display
* @param string sHeaderJs javascipt code to be inserted in a script block in the header
- * @param string sBodyTagJs js events to be inserted in the body tag
+ * @param string sOnload JavaScript code to be added inside the body's onload handler
+ * as of 1.5.2, this replaces $sBodyTagJs argument
* @return void
*/
+function displayPageHeader($color, $mailbox='', $sHeaderJs='', $sOnload = '') {
+
+ global $reply_focus, $hide_sm_attributions, $frame_top,
+ $provider_name, $provider_uri, $startMessage,
+ $action, $oTemplate, $org_title, $base_uri,
+ $data_dir, $username;
+
+ if (empty($sOnload)) {
+ if (strpos($action, 'reply') !== FALSE && $reply_focus) {
+ if ($reply_focus == 'select')
+ $sOnload = 'checkForm(\'select\');';
+ else if ($reply_focus == 'focus')
+ $sOnload = 'checkForm(\'focus\');';
+ else if ($reply_focus != 'none')
+ $sOnload = 'checkForm();';
+ }
+ else
+ $sOnload = 'checkForm();';
+ }
-function displayPageHeader($color, $mailbox, $sHeaderJs='', $sBodyTagJs = 'onload="checkForm();"') {
- global $hide_sm_attributions, $frame_top,
- $provider_name, $provider_uri, $startMessage,
- $javascript_on;
+ $startMessage = (int)$startMessage;
sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION );
$frame_top = '_top';
}
- if( $javascript_on || strpos($sHeaderJs, 'new_js_autodetect_results.value') ) {
- $sJsBlock = '<script src="'. SM_PATH .'templates/default/js/default.js" type="text/javascript" language="JavaScript"></script>' ."\n";
+//FIXME: does checkForJavascript() make the 2nd part of the if() below unneccessary?? (that is, I think checkForJavascript() might already look for new_js_autodetect_results...(?))
+ if( checkForJavascript() || strpos($sHeaderJs, 'new_js_autodetect_results.value') ) {
+ $js_includes = $oTemplate->get_javascript_includes(TRUE);
+ $sJsBlock = '';
+ foreach ($js_includes as $js_file) {
+ $sJsBlock .= '<script src="'.$js_file.'" type="text/javascript"></script>' ."\n";
+ }
if ($sHeaderJs) {
- $sJsBlock .= "\n<script language=\"JavaScript\" type=\"text/javascript\">" .
+ $sJsBlock .= "\n<script type=\"text/javascript\">" .
"\n<!--\n" .
$sHeaderJs . "\n\n// -->\n</script>\n";
}
- displayHtmlHeader ('SquirrelMail', $sJsBlock);
- } else {
+ displayHtmlHeader ($org_title, $sJsBlock);
+ } else {
/* do not use JavaScript */
- displayHtmlHeader ('SquirrelMail');
- $sBodyTagJs = '';
+ displayHtmlHeader ($org_title);
+ $sOnload = '';
}
-
- echo "<body text=\"$color[8]\" bgcolor=\"$color[4]\" link=\"$color[7]\" vlink=\"$color[7]\" alink=\"$color[7]\" $sBodyTagJs>\n\n";
-
- /** Here is the header and wrapping table **/
- $shortBoxName = htmlspecialchars(imap_utf7_decode_local(
- readShortMailboxName($mailbox, $delimiter)));
- if ( $shortBoxName == 'INBOX' ) {
- $shortBoxName = _("INBOX");
- }
- echo "<a name=\"pagetop\"></a>\n"
- . html_tag( 'table', '', '', $color[4], 'border="0" width="100%" cellspacing="0" cellpadding="2"' ) ."\n"
- . html_tag( 'tr', '', '', $color[9] ) ."\n"
- . html_tag( 'td', '', 'left' ) ."\n";
- if ( $shortBoxName <> '' && strtolower( $shortBoxName ) <> 'none' ) {
- echo ' ' . _("Current Folder") . ": <b>$shortBoxName </b>\n";
+ if ($mailbox) {
+ /*
+ * this explains the imap_mailbox.php dependency. We should instead store
+ * the selected mailbox in the session and fallback to the session var.
+ */
+ $shortBoxName = sm_encode_html_special_chars(imap_utf7_decode_local(
+ readShortMailboxName($mailbox, $delimiter)));
+ if (getPref($data_dir, $username, 'translate_special_folders')) {
+ global $sent_folder, $trash_folder, $draft_folder;
+ if ($mailbox == $sent_folder)
+ $shortBoxName = _("Sent");
+ else if ($mailbox == $trash_folder)
+ $shortBoxName = _("Trash");
+ else if ($mailbox == $sent_folder)
+ $shortBoxName = _("Drafts");
+ }
+ $urlMailbox = urlencode($mailbox);
} else {
- echo ' ';
+ $shortBoxName = '';
+ $urlMailbox = '';
}
- echo " </td>\n"
- . html_tag( 'td', '', 'right' ) ."<b>\n";
- displayInternalLink ('src/signout.php', _("Sign Out"), $frame_top);
- echo "</b></td>\n"
- . " </tr>\n"
- . html_tag( 'tr', '', '', $color[4] ) ."\n"
- . ($hide_sm_attributions ? html_tag( 'td', '', 'left', '', 'colspan="2"' )
- : html_tag( 'td', '', 'left' ) )
- . "\n";
- $urlMailbox = urlencode($mailbox);
- echo makeComposeLink('src/compose.php?mailbox='.$urlMailbox.'&startMessage='.$startMessage);
- echo " \n";
- displayInternalLink ('src/addressbook.php', _("Addresses"));
- echo " \n";
- displayInternalLink ('src/folders.php', _("Folders"));
- echo " \n";
- displayInternalLink ('src/options.php', _("Options"));
- echo " \n";
- displayInternalLink ("src/search.php?mailbox=$urlMailbox", _("Search"));
- echo " \n";
- displayInternalLink ('src/help.php', _("Help"));
- echo " \n";
-
- do_hook('menuline');
-
- echo " </td>\n";
-
- if (!$hide_sm_attributions)
- {
- echo html_tag( 'td', '', 'right' ) ."\n";
- if (empty($provider_uri)) {
- echo '<a href="about.php">SquirrelMail</a>';
- } else {
- if (empty($provider_name)) $provider_name= 'SquirrelMail';
- echo '<a href="'.$provider_uri.'" target="_blank">'.$provider_name.'</a>';
- }
- echo "</td>\n";
+
+ $provider_link = '';
+ if (!empty($provider_uri) && !empty($provider_name) && $provider_name != 'SquirrelMail') {
+ $provider_link = create_hyperlink($provider_uri, $provider_name, '_blank');
}
- echo " </tr>\n".
- "</table><br />\n\n";
+
+ $oTemplate->assign('onload', $sOnload);
+ $oTemplate->assign('shortBoxName', $shortBoxName);
+ $oTemplate->assign('provider_link', $provider_link);
+ $oTemplate->assign('frame_top', $frame_top);
+ $oTemplate->assign('urlMailbox', $urlMailbox);
+ $oTemplate->assign('startMessage', $startMessage);
+ $oTemplate->assign('hide_sm_attributions', $hide_sm_attributions);
+
+ // access keys
+ //
+ global $accesskey_menubar_compose, $accesskey_menubar_addresses,
+ $accesskey_menubar_folders, $accesskey_menubar_options,
+ $accesskey_menubar_search, $accesskey_menubar_help,
+ $accesskey_menubar_signout;
+ $oTemplate->assign('accesskey_menubar_compose', $accesskey_menubar_compose);
+ $oTemplate->assign('accesskey_menubar_addresses', $accesskey_menubar_addresses);
+ $oTemplate->assign('accesskey_menubar_folders', $accesskey_menubar_folders);
+ $oTemplate->assign('accesskey_menubar_options', $accesskey_menubar_options);
+ $oTemplate->assign('accesskey_menubar_search', $accesskey_menubar_search);
+ $oTemplate->assign('accesskey_menubar_help', $accesskey_menubar_help);
+ $oTemplate->assign('accesskey_menubar_signout', $accesskey_menubar_signout);
+
+ $oTemplate->display('page_header.tpl');
+
+ global $null;
+ do_hook('page_header_bottom', $null);
}
/**
* @param array color the array of theme colors
* @param string mailbox the current mailbox name to display
* @param string sHeaderJs javascipt code to be inserted in a script block in the header
- * @param string sBodyTagJs js events to be inserted in the body tag
+ * @param string sOnload JavaScript code to be added inside the body's onload handler
+ * as of 1.5.2, this replaces $sBodyTagJs argument
* @return void
*/
-function compose_Header($color, $mailbox, $sHeaderJs='', $sBodyTagJs = 'onload="checkForm();"') {
- global $javascript_on;
+function compose_Header($color, $mailbox, $sHeaderJs='', $sOnload = '') {
+
+ global $reply_focus, $action, $oTemplate;
+
+ if (empty($sOnload)) {
+ if (strpos($action, 'reply') !== FALSE && $reply_focus) {
+ if ($reply_focus == 'select')
+ $sOnload = 'checkForm(\'select\');';
+ else if ($reply_focus == 'focus')
+ $sOnload = 'checkForm(\'focus\');';
+ else if ($reply_focus != 'none')
+ $sOnload = 'checkForm();';
+ }
+ else
+ $sOnload = 'checkForm();';
+ }
+
+
/*
* Locate the first displayable form element (only when JavaScript on)
*/
- if($javascript_on) {
+ if(checkForJavascript()) {
if ($sHeaderJs) {
- $sJsBlock = "\n<script language=\"JavaScript\" type=\"text/javascript\">" .
+ $sJsBlock = "\n<script type=\"text/javascript\">" .
"\n<!--\n" .
$sHeaderJs . "\n\n// -->\n</script>\n";
} else {
- $sJsBlock = '';
+ $sJsBlock = '';
+ }
+ $sJsBlock .= "\n";
+
+ $js_includes = $oTemplate->get_javascript_includes(TRUE);
+ foreach ($js_includes as $js_file) {
+ $sJsBlock .= '<script src="'.$js_file.'" type="text/javascript"></script>' ."\n";
}
- $sJsBlock .= "\n" . '<script src="'. SM_PATH .'templates/default/js/default.js" type="text/javascript" language="JavaScript"></script>' ."\n";
+
displayHtmlHeader (_("Compose"), $sJsBlock);
} else {
/* javascript off */
displayHtmlHeader(_("Compose"));
- $onload = '';
+ $sOnload = '';
}
- echo "<body text=\"$color[8]\" bgcolor=\"$color[4]\" link=\"$color[7]\" vlink=\"$color[7]\" alink=\"$color[7]\" $sBodyTagJs>\n\n";
+
+// FIXME: change the colorization attributes below to a CSS class!
+ $class = '';
+ $aAttribs = array('text' => $color[8], 'bgcolor' => $color[4],
+ 'link' => $color[7], 'vlink' => $color[7],
+ 'alink' => $color[7]);
+
+ // this is template-safe (see create_body() function)
+ echo create_body($sOnload, $class, $aAttribs);
+
+ global $null;
+ do_hook('compose_header_bottom', $null);
}
-?>
\ No newline at end of file
projects / squirrelmail.git / blobdiff