X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=plugins%2Fsquirrelspell%2Fsqspell_functions.php;h=d73e0197394e5c1e91bd73da9bc5e7efbcb4a59a;hp=23f0bed79708963997158764b9e45f5258144028;hb=9837b0a5afee61309027869b117a406defc2f437;hpb=2b5a715784c5414a95c4eba8b20e3dd47f45131b;ds=sidebyside
diff --git a/plugins/squirrelspell/sqspell_functions.php b/plugins/squirrelspell/sqspell_functions.php
index 23f0bed7..d73e0197 100644
--- a/plugins/squirrelspell/sqspell_functions.php
+++ b/plugins/squirrelspell/sqspell_functions.php
@@ -1,311 +1,526 @@
($Author$)
+ * @version $Date$
+ */
- /**
- ** sqspell_functions.php -- All SquirrelSpell-wide functions are in this file.
- **
- ** Copyright (c) 1999-2001 The SquirrelMail development team
- ** Licensed under the GNU GPL. For full terms see the file COPYING.
- **
- **
- **
- ** $Id$
- **/
-
- function sqspell_makePage($title, $scriptsrc, $body){
- /*
- ** GUI wrap-around for the OPTIONS page.
- */
- global $color, $SQSPELL_VERSION, $MOD;
- displayPageHeader($color, 'None');
-
- echo "
\n";
- if($scriptsrc) {
- echo "\n";
- }
- echo '
". - "$title". - ' | '. - '
$body |
' . - _("Back to "SpellChecker Options" page") . ' |
". - "SquirrelSpell $SQSPELL_VERSION". - ' | '. - '
". - "$title". - ' | '. - '
$body | ". - '
". - "SquirrelSpell $SQSPELL_VERSION". - ' | '. - '
'.
- '' . _("ATTENTION:") . '
' .
- _("SquirrelSpell was unable to decrypt your personal dictionary. This is most likely due to the fact that you have changed your mailbox password. In order to proceed, you will have to supply your old password so that SquirrelSpell can decrypt your personal dictionary. It will be re-encrypted with your new password after this.
If you haven't encrypted your dictionary, then it got mangled and is no longer valid. You will have to delete it and start anew. This is also true if you don't remember your old password -- without it, the encrypted data is no longer accessible.").
- '
'. - ''. - ''. - ''; - // See if this happened in the pop-up window or when accessing - // the SpellChecker options page. - global $SCRIPT_NAME; - if (strstr($SCRIPT_NAME, "sqspell_options")) - sqspell_makePage( _("Error Decrypting Dictionary"), "decrypt_error.js", $msg); - else - sqspell_makeWindow(null, _("Error Decrypting Dictionary"), "decrypt_error.js", $msg); - exit; - } else { - // OK! Phew. Set the encryption flag to true so we can later on - // encrypt it again before saving to HDD. - $SQSPELL_CRYPTO=true; - } - } else { - // No encryption is used. Set $SQSPELL_CRYPTO to false, in case we have to - // save the dictionary later. - $SQSPELL_CRYPTO=false; - } - // Check if we need to upgrade the dictionary from version 0.2.x - if (strstr($words, "Dictionary v0.2")) $words=sqspell_upgradeWordsFile($words); - return $words; + if ($words){ + /** + * This user has a ".words" file. + * Find which dictionaries s/he wants to use and load them into + * the $langs array. + */ + preg_match("/# LANG: (.*)/i", $words, $matches); + $langs=explode(", ", $matches[1]); + } else { + /** + * User doesn't have a personal dictionary. Grab the default + * system setting. + */ + $langs[0]=$SQSPELL_APP_DEFAULT; } - - function sqspell_writeWords($words){ - // - // Writes user dictionary into the $username.words file, then changes mask - // to 0600. If encryption is needed -- does that, too. - // - global $SQSPELL_WORDS_FILE, $SQSPELL_CRYPTO; - // if $words is empty, create a template entry. - if (!$words) $words=sqspell_makeDummy(); - if ($SQSPELL_CRYPTO){ - // User wants to encrypt the file. So be it. - // get his password to use as a key. - global $key, $onetimepad; - $clear_key=OneTimePadDecrypt($key, $onetimepad); - // Try encrypting it. If fails, scream bloody hell. - $save_words = sqspell_crypto("encrypt", $clear_key, $words); - if ($save_words == 'PANIC'){ - /* - ** AAAAAAAAH! I'm not handling this yet, since obviously - ** the admin of the site forgot to compile the MCRYPT support in. - ** I will add a handler for this case later, when I can come up - ** with some work-around... Right now, do nothing. Let the Admin's - ** head hurt.. ;))) - */ - } - } else { - $save_words = $words; - } - $fp=fopen($SQSPELL_WORDS_FILE, "w"); - fwrite($fp, $save_words); - fclose($fp); - chmod($SQSPELL_WORDS_FILE, 0600); + } else { + /** + * There is no need to read the ".words" file as there is only one + * dictionary defined system-wide. + */ + $langs[0]=$SQSPELL_APP_DEFAULT; + } + return $langs; +} + +/** + * This function returns only user-defined dictionary words that correspond + * to the requested language. + * + * @param $words The contents of the user's ".words" file. + * @param $lang Which language words to return, e.g. requesting + * "English" will return ONLY the words from user's + * English dictionary, disregarding any others. + * @return The list of words corresponding to the language + * requested. + */ +function sqspell_getLang($words, $lang){ + $start=strpos($words, "# $lang\n"); + /** + * strpos() will return -1 if no # $lang\n string was found. + * Use this to return a zero-length value and indicate that no + * words are present in the requested dictionary. + */ + if (!$start) return ''; + /** + * The words list will end with a new directive, which will start + * with "#". Locate the next "#" and thus find out where the + * words end. + */ + $end=strpos($words, "#", $start+1); + $lang_words = substr($words, $start, $end-$start); + return $lang_words; +} + +/** + * This function operates the user dictionary. If the format is + * clear-text, then it just reads the file and returns it. However, if + * the file is encrypted (well, "garbled"), then it tries to decrypt + * it, checks whether the decryption was successful, troubleshoots if + * not, then returns the clear-text dictionary to the app. + * + * @return the contents of the user's ".words" file, decrypted if + * necessary. + */ +function sqspell_getWords(){ + global $SQSPELL_WORDS_FILE, $SQSPELL_CRYPTO; + $words=""; + if (file_exists($SQSPELL_WORDS_FILE)){ + /** + * Gobble it up. + */ + $fp=fopen($SQSPELL_WORDS_FILE, 'r'); + $words=fread($fp, filesize($SQSPELL_WORDS_FILE)); + fclose($fp); + } + /** + * Check if this is an encrypted file by looking for + * the string "# SquirrelSpell" in it (the crypto + * function does that). + */ + if ($words && !strstr($words, "# SquirrelSpell")){ + /** + * This file is encrypted or mangled. Try to decrypt it. + * If fails, complain loudly. + * + * $old_key would be a value submitted by one of the modules with + * the user's old mailbox password. I admin, this is rather dirty, + * but efficient. ;) + */ + global $key, $onetimepad, $old_key; + if ($old_key) { + $clear_key=$old_key; + } else { + /** + * Get user's password (the key). + */ + $clear_key = OneTimePadDecrypt($key, $onetimepad); } - - function sqspell_deleteWords(){ - /* - ** so I open the door to my enemies, - ** and I ask can we wipe the slate clean, - ** but they tell me to please go... - ** uhm... Well, this just erases the user dictionary file. - */ - global $SQSPELL_WORDS_FILE; - if (file_exists($SQSPELL_WORDS_FILE)) unlink($SQSPELL_WORDS_FILE); + /** + * Invoke the decryption routines. + */ + $words=sqspell_crypto("decrypt", $clear_key, $words); + /** + * See if decryption failed. + */ + if ($words=="PANIC"){ + /** + * AAAAAAAAAAAH!!!!! OK, ok, breathe! + * Let's hope the decryption failed because the user changed his + * password. Bring up the option to key in the old password + * or wipe the file and start over if everything else fails. + * + * The _("SquirrelSpell...) line has to be on one line, otherwise + * gettext will bork. ;( + */ + $msg = html_tag( 'p', "\n" . + '' . _("ATTENTION:") . '
' . "\n" + . '' . "\n" + . html_tag( 'p', "\n" . + '' , + 'center' ) . "\n" + . '' . "\n"; + /** + * Add some string vars so they can be i18n'd. + */ + $msg .= "\n"; + /** + * See if this happened in the pop-up window or when accessing + * the SpellChecker options page. + * This is a dirty solution, I agree. TODO: make this prettier. + */ + global $SCRIPT_NAME; + if (strstr($SCRIPT_NAME, "sqspell_options")){ + sqspell_makePage(_("Error Decrypting Dictionary"), + "decrypt_error.js", $msg); + } else { + sqspell_makeWindow(null, _("Error Decrypting Dictionary"), + "decrypt_error.js", $msg); + } + exit; + } else { + /** + * OK! Phew. Set the encryption flag to true so we can later on + * encrypt it again before saving to HDD. + */ + $SQSPELL_CRYPTO=true; } - - function sqspell_makeDummy(){ - // - // Creates an empty user dictionary for the sake of saving prefs or - // whatever. - // - global $SQSPELL_VERSION, $SQSPELL_APP_DEFAULT; - $words="# SquirrelSpell User Dictionary $SQSPELL_VERSION\n# Last Revision: " . date('Y-m-d') . "\n# LANG: $SQSPELL_APP_DEFAULT\n# End\n"; - return $words; + } else { + /** + * No encryption is/was used. Set $SQSPELL_CRYPTO to false, + * in case we have to save the dictionary later. + */ + $SQSPELL_CRYPTO=false; + } + /** + * Check if we need to upgrade the dictionary from version 0.2.x + * This is going away soon. + */ + if (strstr($words, "Dictionary v0.2")){ + $words=sqspell_upgradeWordsFile($words); + } + return $words; +} + +/** + * Writes user dictionary into the $username.words file, then changes mask + * to 0600. If encryption is needed -- does that, too. + * + * @param $words The contents of the ".words" file to write. + * @return void + */ +function sqspell_writeWords($words){ + global $SQSPELL_WORDS_FILE, $SQSPELL_CRYPTO; + /** + * if $words is empty, create a template entry by calling the + * sqspell_makeDummy() function. + */ + if (!$words){ + $words=sqspell_makeDummy(); + } + if ($SQSPELL_CRYPTO){ + /** + * User wants to encrypt the file. So be it. + * Get the user's password to use as a key. + */ + global $key, $onetimepad; + $clear_key=OneTimePadDecrypt($key, $onetimepad); + /** + * Try encrypting it. If fails, scream bloody hell. + */ + $save_words = sqspell_crypto("encrypt", $clear_key, $words); + if ($save_words == 'PANIC'){ + /** + * AAAAAAAAH! I'm not handling this yet, since obviously + * the admin of the site forgot to compile the MCRYPT support in + * when upgrading an existing PHP installation. + * I will add a handler for this case later, when I can come up + * with some work-around... Right now, do nothing. Let the Admin's + * head hurt.. ;))) + */ } + } else { + $save_words = $words; + } + /** + * Do the actual writing. + */ + $fp=fopen($SQSPELL_WORDS_FILE, "w"); + fwrite($fp, $save_words); + fclose($fp); + chmod($SQSPELL_WORDS_FILE, 0600); +} - /** - VERSION: - --------- - SquirrelSpell version. Don't modify, since it identifies the format - of the user dictionary files and messing with this can do ugly - stuff. :) - **/ - $SQSPELL_VERSION="v0.3.5"; - -?> \ No newline at end of file +function sqspell_deleteWords(){ + /** + * So I open the door to my enemies, + * and I ask can we wipe the slate clean, + * but they tell me to please go... + * uhm... Well, this just erases the user dictionary file. + */ + global $SQSPELL_WORDS_FILE; + if (file_exists($SQSPELL_WORDS_FILE)){ + unlink($SQSPELL_WORDS_FILE); + } +} +/** + * Creates an empty user dictionary for the sake of saving prefs or + * whatever. + * + * @return The template to use when storing the user dictionary. + */ +function sqspell_makeDummy(){ + global $SQSPELL_VERSION, $SQSPELL_APP_DEFAULT; + $words = "# SquirrelSpell User Dictionary $SQSPELL_VERSION\n" + . "# Last Revision: " . date('Y-m-d') + . "\n# LANG: $SQSPELL_APP_DEFAULT\n# End\n"; + return $words; +} + +/** + * This function checks for security attacks. A $MOD variable is + * provided in the QUERY_STRING and includes one of the files from the + * modules directory ($MOD.mod). See if someone is trying to get out + * of the modules directory by providing dots, unicode strings, or + * slashes. + * + * @param $rMOD the name of the module requested to include. + * @return void, since it bails out with an access error if needed. + */ +function sqspell_ckMOD($rMOD){ + if (strstr($rMOD, '.') + || strstr($rMOD, '/') + || strstr($rMOD, '%') + || strstr($rMOD, "\\")){ + echo _("Cute."); + exit; + } +} + +/** + * SquirrelSpell version. Don't modify, since it identifies the format + * of the user dictionary files and messing with this can do ugly + * stuff. :) + */ +$SQSPELL_VERSION="v0.3.8"; +?>