X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fstrings.php;h=26d411b5174bbbdbb8af7391be2f513298033616;hp=68ffbe1ed784c64250046c014ccf9d86459632dd;hb=d4e46166df04792c6b939356ea5dfda8e47bba7b;hpb=aa201211dd345d2f21be5bbb02c074d6853d7846 diff --git a/functions/strings.php b/functions/strings.php index 68ffbe1e..26d411b5 100644 --- a/functions/strings.php +++ b/functions/strings.php @@ -6,7 +6,7 @@ * This code provides various string manipulation functions that are * used by the rest of the SquirrelMail code. * - * @copyright © 1999-2006 The SquirrelMail Project Team + * @copyright © 1999-2009 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -470,7 +470,8 @@ function readShortMailboxName($haystack, $needle) { */ function get_location () { - global $imap_server_type, $config_location_base; + global $imap_server_type, $config_location_base, + $is_secure_connection, $sq_ignore_http_x_forwarded_headers; /* Get the path, handle virtual directories */ if(strpos(php_self(), '?')) { @@ -492,21 +493,13 @@ function get_location () { /* Check if this is a HTTPS or regular HTTP request. */ $proto = 'http://'; - - /* - * If you have 'SSLOptions +StdEnvVars' in your apache config - * OR if you have HTTPS=on in your HTTP_SERVER_VARS - * OR if you are on port 443 - */ - $getEnvVar = getenv('HTTPS'); - if ((isset($getEnvVar) && strcasecmp($getEnvVar, 'on') === 0) || - (sqgetGlobalVar('HTTPS', $https_on, SQ_SERVER) && strcasecmp($https_on, 'on') === 0) || - (sqgetGlobalVar('SERVER_PORT', $server_port, SQ_SERVER) && $server_port == 443)) { + if ($is_secure_connection) $proto = 'https://'; - } /* Get the hostname from the Host header or server config. */ - if ( !sqgetGlobalVar('HTTP_X_FORWARDED_HOST', $host, SQ_SERVER) || empty($host) ) { + if ($sq_ignore_http_x_forwarded_headers + || !sqgetGlobalVar('HTTP_X_FORWARDED_HOST', $host, SQ_SERVER) + || empty($host)) { if ( !sqgetGlobalVar('HTTP_HOST', $host, SQ_SERVER) || empty($host) ) { if ( !sqgetGlobalVar('SERVER_NAME', $host, SQ_SERVER) || empty($host) ) { $host = ''; @@ -516,9 +509,20 @@ function get_location () { $port = ''; if (! strstr($host, ':')) { + // Note: HTTP_X_FORWARDED_PROTO could be sent from the client and + // therefore possibly spoofed/hackable. Thus, SquirrelMail + // ignores such headers by default. The administrator + // can tell SM to use such header values by setting + // $sq_ignore_http_x_forwarded_headers to boolean FALSE + // in config/config.php or by using config/conf.pl. + global $sq_ignore_http_x_forwarded_headers; + if ($sq_ignore_http_x_forwarded_headers + || !sqgetGlobalVar('HTTP_X_FORWARDED_PROTO', $forwarded_proto, SQ_SERVER)) + $forwarded_proto = ''; if (sqgetGlobalVar('SERVER_PORT', $server_port, SQ_SERVER)) { if (($server_port != 80 && $proto == 'http://') || - ($server_port != 443 && $proto == 'https://')) { + ($server_port != 443 && $proto == 'https://' && + strcasecmp($forwarded_proto, 'https') !== 0)) { $port = sprintf(':%d', $server_port); } } @@ -540,6 +544,32 @@ function get_location () { } +/** + * Get Message List URI + * + * @param string $mailbox Current mailbox name (unencoded/raw) + * @param string $startMessage The mailbox page offset + * @param string $what Any current search parameters (OPTIONAL; + * default empty string) + * + * @return string The message list URI + * + * @since 1.5.2 + * + */ +function get_message_list_uri($mailbox, $startMessage, $what='') { + + global $base_uri; + + $urlMailbox = urlencode($mailbox); + + $list_xtra = "?where=read_body.php&what=$what&mailbox=" . $urlMailbox. + "&startMessage=$startMessage"; + + return $base_uri .'src/right_main.php'. $list_xtra; +} + + /** * Encrypts password * @@ -604,83 +634,6 @@ function OneTimePadDecrypt ($string, $epad) { return $decrypted; } - -/** - * Randomizes the mt_rand() function. - * - * Toss this in strings or integers and it will seed the generator - * appropriately. With strings, it is better to get them long. - * Use md5() to lengthen smaller strings. - * - * @param mixed $val a value to seed the random number generator. mixed = integer or string. - * @return void - * @since 1.0 - */ -function sq_mt_seed($Val) { - /* if mt_getrandmax() does not return a 2^n - 1 number, - this might not work well. This uses $Max as a bitmask. */ - $Max = mt_getrandmax(); - - if (! is_int($Val)) { - $Val = crc32($Val); - } - - if ($Val < 0) { - $Val *= -1; - } - - if ($Val == 0) { - return; - } - - mt_srand(($Val ^ mt_rand(0, $Max)) & $Max); -} - - -/** - * Init random number generator - * - * This function initializes the random number generator fairly well. - * It also only initializes it once, so you don't accidentally get - * the same 'random' numbers twice in one session. - * - * @return void - * @since 1.0 - */ -function sq_mt_randomize() { - static $randomized; - - if ($randomized) { - return; - } - - /* Global. */ - sqgetGlobalVar('REMOTE_PORT', $remote_port, SQ_SERVER); - sqgetGlobalVar('REMOTE_ADDR', $remote_addr, SQ_SERVER); - sq_mt_seed((int)((double) microtime() * 1000000)); - sq_mt_seed(md5($remote_port . $remote_addr . getmypid())); - - /* getrusage */ - if (function_exists('getrusage')) { - /* Avoid warnings with Win32 */ - $dat = @getrusage(); - if (isset($dat) && is_array($dat)) { - $Str = ''; - foreach ($dat as $k => $v) - { - $Str .= $k . $v; - } - sq_mt_seed(md5($Str)); - } - } - - if(sqgetGlobalVar('UNIQUE_ID', $unique_id, SQ_SERVER)) { - sq_mt_seed(md5($unique_id)); - } - - $randomized = 1; -} - /** * Creates encryption key * @@ -693,8 +646,6 @@ function sq_mt_randomize() { * @since 1.0 */ function OneTimePadCreate ($length=100) { - sq_mt_randomize(); - $pad = ''; for ($i = 0; $i < $length; $i++) { $pad .= chr(mt_rand(0,255)); @@ -712,11 +663,11 @@ function OneTimePadCreate ($length=100) { */ function show_readable_size($bytes) { $bytes /= 1024; - $type = 'KiB'; + $type = _("KiB"); if ($bytes / 1024 > 1) { $bytes /= 1024; - $type = 'MiB'; + $type = _("MiB"); } if ($bytes < 10) { @@ -758,8 +709,6 @@ function GenerateRandomString($size, $chars, $flags = 0) { return ''; } - sq_mt_randomize(); /* Initialize the random number generator */ - $String = ''; $j = strlen( $chars ) - 1; while (strlen($String) < $size) { @@ -785,14 +734,19 @@ function quoteimap($str) { * * Returns a link to the compose-page, taking in consideration * the compose_in_new and javascript settings. - * @param string $url the URL to the compose page - * @param string $text the link text, default "Compose" - * @param string $target (since 1.4.3) url target + * + * @param string $url The URL to the compose page + * @param string $text The link text, default "Compose" + * @param string $target URL target, if any (since 1.4.3) + * @param string $accesskey The access key to be used, if any + * * @return string a link to the compose page + * * @since 1.4.2 */ -function makeComposeLink($url, $text = null, $target='') { - global $compose_new_win,$javascript_on, $compose_width, $compose_height; +function makeComposeLink($url, $text = null, $target='', $accesskey='NONE') { + global $compose_new_win, $compose_width, + $compose_height, $oTemplate; if(!$text) { $text = _("Compose"); @@ -801,21 +755,27 @@ function makeComposeLink($url, $text = null, $target='') { // if not using "compose in new window", make // regular link and be done with it if($compose_new_win != '1') { - return makeInternalLink($url, $text, $target); + return makeInternalLink($url, $text, $target, $accesskey); } // build the compose in new window link... // if javascript is on, use onclick event to handle it - if($javascript_on) { + if(checkForJavascript()) { sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION); $compuri = SM_BASE_URI.$url; - return "$text"; + + return create_hyperlink('javascript:void(0)', $text, '', + "comp_in_new('$compuri','$compose_width','$compose_height')", + '', '', '', + ($accesskey == 'NONE' + ? array() + : array('accesskey' => $accesskey))); } // otherwise, just open new window using regular HTML - return makeInternalLink($url, $text, '_blank'); + return makeInternalLink($url, $text, '_blank', $accesskey); } /** @@ -1136,15 +1096,32 @@ function sq_str_pad($string, $width, $pad, $padtype, $charset='') { */ function sq_substr($string,$start,$length,$charset='auto') { // use automatic charset detection, if function call asks for it + static $charset_auto, $bUse_mb; + if ($charset=='auto') { - global $default_charset, $squirrelmail_language; - set_my_charset(); - $charset=$default_charset; - if ($squirrelmail_language=='ja_JP') $charset='euc-jp'; + if (!isset($charset_auto)) { + global $default_charset, $squirrelmail_language; + set_my_charset(); + $charset=$default_charset; + if ($squirrelmail_language=='ja_JP') $charset='euc-jp'; + $charset_auto = $charset; + } else { + $charset = $charset_auto; + } } $charset = strtolower($charset); - if (function_exists('mb_internal_encoding') && - in_array($charset,sq_mb_list_encodings())) { + + // in_array call is expensive => do it once and use a static var for + // storing the results + if (!isset($bUse_mb)) { + if (in_array($charset,sq_mb_list_encodings())) { + $bUse_mb = true; + } else { + $bUse_mb = false; + } + } + + if ($bUse_mb) { return mb_substr($string,$start,$length,$charset); } // TODO: add mbstring independent code @@ -1167,15 +1144,31 @@ function sq_substr($string,$start,$length,$charset='auto') { */ function sq_strpos($haystack,$needle,$offset,$charset='auto') { // use automatic charset detection, if function call asks for it + static $charset_auto, $bUse_mb; + if ($charset=='auto') { - global $default_charset, $squirrelmail_language; - set_my_charset(); - $charset=$default_charset; - if ($squirrelmail_language=='ja_JP') $charset='euc-jp'; + if (!isset($charset_auto)) { + global $default_charset, $squirrelmail_language; + set_my_charset(); + $charset=$default_charset; + if ($squirrelmail_language=='ja_JP') $charset='euc-jp'; + $charset_auto = $charset; + } else { + $charset = $charset_auto; + } } $charset = strtolower($charset); - if (function_exists('mb_internal_encoding') && - in_array($charset,sq_mb_list_encodings())) { + + // in_array call is expensive => do it once and use a static var for + // storing the results + if (!isset($bUse_mb)) { + if (in_array($charset,sq_mb_list_encodings())) { + $bUse_mb = true; + } else { + $bUse_mb = false; + } + } + if ($bUse_mb) { return mb_strpos($haystack,$needle,$offset,$charset); } // TODO: add mbstring independent code @@ -1196,15 +1189,33 @@ function sq_strpos($haystack,$needle,$offset,$charset='auto') { */ function sq_strtoupper($string,$charset='auto') { // use automatic charset detection, if function call asks for it + static $charset_auto, $bUse_mb; + if ($charset=='auto') { - global $default_charset,$squirrelmail_language; - set_my_charset(); - $charset=$default_charset; - if ($squirrelmail_language=='ja_JP') $charset='euc-jp'; + if (!isset($charset_auto)) { + global $default_charset, $squirrelmail_language; + set_my_charset(); + $charset=$default_charset; + if ($squirrelmail_language=='ja_JP') $charset='euc-jp'; + $charset_auto = $charset; + } else { + $charset = $charset_auto; + } } $charset = strtolower($charset); - if (function_exists('mb_strtoupper') && - in_array($charset,sq_mb_list_encodings())) { + + // in_array call is expensive => do it once and use a static var for + // storing the results + if (!isset($bUse_mb)) { + if (function_exists('mb_strtoupper') && + in_array($charset,sq_mb_list_encodings())) { + $bUse_mb = true; + } else { + $bUse_mb = false; + } + } + + if ($bUse_mb) { return mb_strtoupper($string,$charset); } // TODO: add mbstring independent code