Changeset 86df152 in github for program/include/rcube_shared.inc

Timestamp:

Dec 29, 2006 4:06:39 PM (6 years ago)

Author:

thomascube <thomas@…>

Branches:

master, HEAD, courier-fix, dev-browser-capabilities, pdo, release-0.6, release-0.7, release-0.8

Children:

e93a2d7

Parents:

3b12aee

Message:

Error handling for attachment uploads; multibyte-safe string functions; XSS improvements

File:

• program/include/rcube_shared.inc (modified) (14 diffs)

program/include/rcube_shared.inc

@@ -6 +6 @@
  |                                                                       |
  | This file is part of the RoundCube PHP suite                          |
- | Copyright (C) 2005, RoundCube Dev. - Switzerland                      |
+ | Copyright (C) 2005-2006, RoundCube Dev. - Switzerland                 |
  | Licensed under the GNU GPL                                            |
  |                                                                       |
@@ -130 +130 @@
     
     // set default page title
-    if (!strlen($this->title))
+    if (empty($this->title))
       $this->title = 'RoundCube Mail';
   
@@ -159 +159 @@
    }
 
-    if (strlen($this->scripts['head']))
+    if (!empty($this->scripts['head']))
       $__page_header .= sprintf($this->script_tag, $this->scripts['head']);
           
@@ -168 +168 @@
       }
 
-    if (strlen($this->scripts['foot']))
+    if (!empty($this->scripts['foot']))
       $__page_footer .= sprintf($this->script_tag, $this->scripts['foot']);
       
@@ -177 +177 @@
   
     // find page header
-    if($hpos = strpos(strtolower($output), '</head>'))
+    if($hpos = rc_strpos(rc_strtolower($output), '</head>'))
       $__page_header .= "\n";
     else 
       {
       if (!is_numeric($hpos))
-        $hpos = strpos(strtolower($output), '<body');
-      if (!is_numeric($hpos) && ($hpos = strpos(strtolower($output), '<html')))
+        $hpos = rc_strpos(rc_strtolower($output), '<body');
+      if (!is_numeric($hpos) && ($hpos = rc_strpos(rc_strtolower($output), '<html')))
         {
         while($output[$hpos]!='>')
@@ -195 +195 @@
     // add page hader
     if($hpos)
-      $output = substr($output,0,$hpos) . $__page_header . substr($output,$hpos,strlen($output));
+      $output = rc_substr($output,0,$hpos) . $__page_header . rc_substr($output,$hpos,rc_strlen($output));
     else
       $output = $__page_header . $output;
@@ -201 +201 @@
   
     // find page body
-    if($bpos = strpos(strtolower($output), '<body'))
+    if($bpos = rc_strpos(rc_strtolower($output), '<body'))
       {
       while($output[$bpos]!='>') $bpos++;
@@ -207 +207 @@
       }
     else
-      $bpos = strpos(strtolower($output), '</head>')+7;
+      $bpos = rc_strpos(rc_strtolower($output), '</head>')+7;
   
     // add page body
     if($bpos && $__page_body)
-      $output = substr($output,0,$bpos) . "\n$__page_body\n" . substr($output,$bpos,strlen($output));
+      $output = rc_substr($output,0,$bpos) . "\n$__page_body\n" . rc_substr($output,$bpos,rc_strlen($output));
   
   
     // find and add page footer
-    $output_lc = strtolower($output);
+    $output_lc = rc_strtolower($output);
     if(($fpos = strrstr($output_lc, '</body>')) ||
        ($fpos = strrstr($output_lc, '</html>')))
-      $output = substr($output,0,$fpos) . "$__page_footer\n" . substr($output,$fpos);
+      $output = rc_substr($output,0,$fpos) . "$__page_footer\n" . rc_substr($output,$fpos);
     else
       $output .= "\n$__page_footer";
@@ -879 +879 @@
       unset($this->attrib['value']);
 
-    if (strlen($value) && !isset($this->attrib['mce_editable']))
+    if (!empty($value) && !isset($this->attrib['mce_editable']))
       $value = Q($value, 'strict', FALSE);
 
@@ -1013 +1013 @@
     foreach ($this->options as $option)
       {
-      $selected = ((strlen($option['value']) && in_array($option['value'], $select, TRUE)) ||
+      $selected = ((!empty($option['value']) && in_array($option['value'], $select, TRUE)) ||
                    (in_array($option['text'], $select, TRUE))) ? $this->_conv_case(' selected', 'attrib') : '';
                   
       $options_str .= sprintf("<%s%s%s>%s</%s>\n",
                              $this->_conv_case('option', 'tag'),
-                             strlen($option['value']) ? sprintf($value_str, $option['value']) : '',
+                             !empty($option['value']) ? sprintf($value_str, $option['value']) : '',
                              $selected, 
                              Q($option['text'], 'strict', FALSE),
@@ -1105 +1105 @@
   $vars = isset($attrib['vars']) ? $attrib['vars'] : '';
 
-  $command_name = strlen($attrib['command']) ? $attrib['command'] : NULL;
+  $command_name = !empty($attrib['command']) ? $attrib['command'] : NULL;
   $alias = $attrib['name'] ? $attrib['name'] : ($command_name && $command_label_map[$command_name] ? $command_label_map[$command_name] : '');
 
@@ -1278 +1278 @@
             $value = $value ? "true" : "false";
             }
-          else if ((($type=='mixed' && is_numeric($value)) || $type=='int') && strlen($value)<16)   // js interprets numbers with digits >15 as ...e+... 
+          else if ((($type=='mixed' && is_numeric($value)) || $type=='int') && rc_strlen($value)<16)   // js interprets numbers with digits >15 as ...e+... 
             $is_string = FALSE;
           else
@@ -1335 +1335 @@
 
 
+// parse a human readable string for a number of bytes
+function parse_bytes($str)
+  {
+  if (is_numeric($str))
+    return intval($str);
+    
+  if (preg_match('/([0-9]+)([a-z])/i', $str, $regs))
+    {
+      $bytes = floatval($regs[1]);
+      switch (strtolower($regs[2]))
+      {
+        case 'g':
+          $bytes *= 1073741824;
+          break;
+        case 'm':
+          $bytes *= 1048576;
+          break;
+        case 'k':
+          $bytes *= 1024;
+          break;
+      }
+    }
+
+  return intval($bytes);
+  }
+    
 // create a human readable string for a number of bytes
 function show_bytes($bytes)
@@ -1394 +1420 @@
 
 
+// wrapper function for strlen
+function rc_strlen($str)
+  {
+    if (function_exists('mb_strlen'))
+      return mb_strlen($str);
+    else
+      return strlen($str);
+  }
+  
+// wrapper function for strtolower
+function rc_strtolower($str)
+  {
+    if (function_exists('mb_strtolower'))
+      return mb_strtolower($str);
+    else
+      return strtolower($str);
+  }
+
+// wrapper function for substr
+function rc_substr($str, $start, $len)
+  {
+  if (function_exists('mb_substr'))
+    return mb_substr($str, $start, $len);
+  else
+    return substr($str, $start, $len);
+  }
+
+// wrapper function for strpos
+function rc_strpos($haystack, $needle, $offset=0)
+  {
+  if (function_exists('mb_strpos'))
+    return mb_strpos($haystack, $needle, $offset);
+  else
+    return strpos($haystack, $needle, $offset);
+  }
+
+// wrapper function for strrpos
+function rc_strrpos($haystack, $needle, $offset=0)
+  {
+  if (function_exists('mb_strrpos'))
+    return mb_strrpos($haystack, $needle, $offset);
+  else
+    return strrpos($haystack, $needle, $offset);
+  }
+
+
 // replace the middle part of a string with ...
 // if it is longer than the allowed length
 function abbrevate_string($str, $maxlength, $place_holder='...')
   {
-  $length = strlen($str);
-  $first_part_length = floor($maxlength/2) - strlen($place_holder);
+  $length = rc_strlen($str);
+  $first_part_length = floor($maxlength/2) - rc_strlen($place_holder);
   
   if ($length > $maxlength)
     {
     $second_starting_location = $length - $maxlength + $first_part_length + 1;
-    $str = substr($str, 0, $first_part_length) . $place_holder . substr($str, $second_starting_location, $length);
+    $str = rc_substr($str, 0, $first_part_length) . $place_holder . rc_substr($str, $second_starting_location, $length);
     }