X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fstrings.php;h=944177d9d1523a3833522df5b89159eadbd0a90e;hp=14015cc0c6716af5d22bfb861cbf27bcea9c6a73;hb=eceb3fe56e7ef548f83797639e9d6d993254695b;hpb=8c64fc5a22414d3c05fd19cc2aa921a8a89559a9

diff --git a/functions/strings.php b/functions/strings.php
index 14015cc0..944177d9 100644
--- a/functions/strings.php
+++ b/functions/strings.php
@@ -6,7 +6,7 @@
  * This code provides various string manipulation functions that are
  * used by the rest of the SquirrelMail code.
  *
- * @copyright &copy; 1999-2007 The SquirrelMail Project Team
+ * @copyright &copy; 1999-2009 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -470,7 +470,8 @@ function readShortMailboxName($haystack, $needle) {
  */
 function get_location () {
 
-    global $imap_server_type, $config_location_base;
+    global $imap_server_type, $config_location_base,
+           $is_secure_connection, $sq_ignore_http_x_forwarded_headers;
 
     /* Get the path, handle virtual directories */
     if(strpos(php_self(), '?')) {
@@ -492,25 +493,13 @@ function get_location () {
 
     /* Check if this is a HTTPS or regular HTTP request. */
     $proto = 'http://';
-
-    /*
-     * If you have 'SSLOptions +StdEnvVars' in your apache config
-     *     OR if you have HTTPS=on in your HTTP_SERVER_VARS
-     *     OR if you have HTTP_X_FORWARDED_PROTO=https in your HTTP_SERVER_VARS
-     *     OR if you are on port 443
-     */
-    $getEnvVar = getenv('HTTPS');
-    if (!sqgetGlobalVar('HTTP_X_FORWARDED_PROTO', $forwarded_proto, SQ_SERVER))
-        $forwarded_proto = '';
-    if ((isset($getEnvVar) && strcasecmp($getEnvVar, 'on') === 0) ||
-        (sqgetGlobalVar('HTTPS', $https_on, SQ_SERVER) && strcasecmp($https_on, 'on') === 0) ||
-        (strcasecmp($forwarded_proto, 'https') === 0) ||
-        (sqgetGlobalVar('SERVER_PORT', $server_port, SQ_SERVER) &&  $server_port == 443)) {
+    if ($is_secure_connection)
         $proto = 'https://';
-    }
 
     /* Get the hostname from the Host header or server config. */
-    if ( !sqgetGlobalVar('HTTP_X_FORWARDED_HOST', $host, SQ_SERVER) || empty($host) ) {
+    if ($sq_ignore_http_x_forwarded_headers
+     || !sqgetGlobalVar('HTTP_X_FORWARDED_HOST', $host, SQ_SERVER)
+     || empty($host)) {
         if ( !sqgetGlobalVar('HTTP_HOST', $host, SQ_SERVER) || empty($host) ) {
             if ( !sqgetGlobalVar('SERVER_NAME', $host, SQ_SERVER) || empty($host) ) {
                 $host = '';
@@ -520,6 +509,16 @@ function get_location () {
 
     $port = '';
     if (! strstr($host, ':')) {
+        // Note: HTTP_X_FORWARDED_PROTO could be sent from the client and
+        //       therefore possibly spoofed/hackable.  Thus, SquirrelMail
+        //       ignores such headers by default.  The administrator
+        //       can tell SM to use such header values by setting
+        //       $sq_ignore_http_x_forwarded_headers to boolean FALSE
+        //       in config/config.php or by using config/conf.pl.
+        global $sq_ignore_http_x_forwarded_headers;
+        if ($sq_ignore_http_x_forwarded_headers
+         || !sqgetGlobalVar('HTTP_X_FORWARDED_PROTO', $forwarded_proto, SQ_SERVER))
+            $forwarded_proto = '';
         if (sqgetGlobalVar('SERVER_PORT', $server_port, SQ_SERVER)) {
             if (($server_port != 80 && $proto == 'http://') ||
                 ($server_port != 443 && $proto == 'https://' &&
@@ -545,6 +544,32 @@ function get_location () {
 }
 
 
+/**
+ * Get Message List URI
+ *
+ * @param string $mailbox      Current mailbox name (unencoded/raw)
+ * @param string $startMessage The mailbox page offset
+ * @param string $what         Any current search parameters (OPTIONAL; 
+ *                             default empty string)
+ *
+ * @return string The message list URI
+ *
+ * @since 1.5.2
+ *
+ */
+function get_message_list_uri($mailbox, $startMessage, $what='') {
+
+    global $base_uri;
+
+    $urlMailbox = urlencode($mailbox);
+
+    $list_xtra = "?where=read_body.php&what=$what&mailbox=" . $urlMailbox.
+                 "&startMessage=$startMessage";
+
+    return $base_uri .'src/right_main.php'. $list_xtra;
+}
+
+
 /**
  * Encrypts password
  *
@@ -609,83 +634,6 @@ function OneTimePadDecrypt ($string, $epad) {
     return $decrypted;
 }
 
-
-/**
- * Randomizes the mt_rand() function.
- *
- * Toss this in strings or integers and it will seed the generator
- * appropriately. With strings, it is better to get them long.
- * Use md5() to lengthen smaller strings.
- *
- * @param mixed $val a value to seed the random number generator. mixed = integer or string.
- * @return void
- * @since 1.0
- */
-function sq_mt_seed($Val) {
-    /* if mt_getrandmax() does not return a 2^n - 1 number,
-       this might not work well.  This uses $Max as a bitmask. */
-    $Max = mt_getrandmax();
-
-    if (! is_int($Val)) {
-            $Val = crc32($Val);
-    }
-
-    if ($Val < 0) {
-        $Val *= -1;
-    }
-
-    if ($Val == 0) {
-        return;
-    }
-
-    mt_srand(($Val ^ mt_rand(0, $Max)) & $Max);
-}
-
-
-/**
- * Init random number generator
- *
- * This function initializes the random number generator fairly well.
- * It also only initializes it once, so you don't accidentally get
- * the same 'random' numbers twice in one session.
- *
- * @return void
- * @since 1.0
- */
-function sq_mt_randomize() {
-    static $randomized;
-
-    if ($randomized) {
-        return;
-    }
-
-    /* Global. */
-    sqgetGlobalVar('REMOTE_PORT', $remote_port, SQ_SERVER);
-    sqgetGlobalVar('REMOTE_ADDR', $remote_addr, SQ_SERVER);
-    sq_mt_seed((int)((double) microtime() * 1000000));
-    sq_mt_seed(md5($remote_port . $remote_addr . getmypid()));
-
-    /* getrusage */
-    if (function_exists('getrusage')) {
-        /* Avoid warnings with Win32 */
-        $dat = @getrusage();
-        if (isset($dat) && is_array($dat)) {
-            $Str = '';
-            foreach ($dat as $k => $v)
-                {
-                    $Str .= $k . $v;
-                }
-            sq_mt_seed(md5($Str));
-        }
-    }
-
-    if(sqgetGlobalVar('UNIQUE_ID', $unique_id, SQ_SERVER)) {
-        sq_mt_seed(md5($unique_id));
-    }
-
-    $randomized = 1;
-}
-
 /**
  * Creates encryption key
  *
@@ -698,8 +646,6 @@ function sq_mt_randomize() {
  * @since 1.0
  */
 function OneTimePadCreate ($length=100) {
-    sq_mt_randomize();
-
     $pad = '';
     for ($i = 0; $i < $length; $i++) {
         $pad .= chr(mt_rand(0,255));
@@ -709,19 +655,23 @@ function OneTimePadCreate ($length=100) {
 }
 
 /**
- * Returns a string showing the size of the message/attachment.
- *
- * @param int $bytes the filesize in bytes
- * @return string the filesize in human readable format
- * @since 1.0
- */
+  * Returns a string showing a byte size figure in
+  * a more easily digested (readable) format
+  *
+  * @param int $bytes the size in bytes
+  *
+  * @return string The size in human readable format
+  *
+  * @since 1.0
+  *
+  */
 function show_readable_size($bytes) {
     $bytes /= 1024;
-    $type = 'KiB';
+    $type = _("KiB");
 
     if ($bytes / 1024 > 1) {
         $bytes /= 1024;
-        $type = 'MiB';
+        $type = _("MiB");
     }
 
     if ($bytes < 10) {
@@ -732,7 +682,8 @@ function show_readable_size($bytes) {
         settype($bytes, 'integer');
     }
 
-    return $bytes . '&nbsp;' . $type;
+    global $nbsp;
+    return $bytes . $nbsp . $type;
 }
 
 /**
@@ -763,8 +714,6 @@ function GenerateRandomString($size, $chars, $flags = 0) {
         return '';
     }
 
-    sq_mt_randomize(); /* Initialize the random number generator */
-
     $String = '';
     $j = strlen( $chars ) - 1;
     while (strlen($String) < $size) {
@@ -790,13 +739,17 @@ function quoteimap($str) {
  *
  * Returns a link to the compose-page, taking in consideration
  * the compose_in_new and javascript settings.
- * @param string $url the URL to the compose page
- * @param string $text the link text, default "Compose"
- * @param string $target (since 1.4.3) url target
+ *
+ * @param string $url       The URL to the compose page
+ * @param string $text      The link text, default "Compose"
+ * @param string $target    URL target, if any (since 1.4.3)
+ * @param string $accesskey The access key to be used, if any
+ *
  * @return string a link to the compose page
+ *
  * @since 1.4.2
  */
-function makeComposeLink($url, $text = null, $target='') {
+function makeComposeLink($url, $text = null, $target='', $accesskey='NONE') {
     global $compose_new_win, $compose_width, 
            $compose_height, $oTemplate;
 
@@ -807,7 +760,7 @@ function makeComposeLink($url, $text = null, $target='') {
     // if not using "compose in new window", make
     // regular link and be done with it
     if($compose_new_win != '1') {
-        return makeInternalLink($url, $text, $target);
+        return makeInternalLink($url, $text, $target, $accesskey);
     }
 
     // build the compose in new window link...
@@ -818,11 +771,16 @@ function makeComposeLink($url, $text = null, $target='') {
         sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION);
         $compuri = SM_BASE_URI.$url;
 
-        return create_hyperlink('javascript:void(0)', $text, '', "comp_in_new('$compuri','$compose_width','$compose_height')");
+        return create_hyperlink('javascript:void(0)', $text, '',
+                                "comp_in_new('$compuri','$compose_width','$compose_height')",
+                                '', '', '',
+                                ($accesskey == 'NONE'
+                                ? array()
+                                : array('accesskey' => $accesskey)));
     }
 
     // otherwise, just open new window using regular HTML
-    return makeInternalLink($url, $text, '_blank');
+    return makeInternalLink($url, $text, '_blank', $accesskey);
 }
 
 /**