X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=lib%2Fhtmloutputter.php;h=b1aae16fad7a0819b634c4069b60d85837a92c52;hb=7220b3ddd4a32b947e851c946cb6ad6146bebf7d;hp=7eccd6cc0e56cddd9ed745fc20cd2e35b17bf733;hpb=2196d00b1b9a97b498897099c6993383c43b1d44;p=quix0rs-gnu-social.git

diff --git a/lib/htmloutputter.php b/lib/htmloutputter.php
index 7eccd6cc0e..b1aae16fad 100644
--- a/lib/htmloutputter.php
+++ b/lib/htmloutputter.php
@@ -108,10 +108,17 @@ class HTMLOutputter extends XMLOutputter
 
         header('Content-Type: '.$type);
 
+	// Output anti-framing headers to prevent clickjacking (respected by newer
+        // browsers).
+	if (common_config('javascript', 'bustframes')) {
+            header('X-XSS-Protection: 1; mode=block'); // detect XSS Reflection attacks
+            header('X-Frame-Options: SAMEORIGIN'); // no rendering if origin mismatch
+        }
+
         $this->extraHeaders();
         if (preg_match("/.*\/.*xml/", $type)) {
             // Required for XML documents
-            $this->xw->startDocument('1.0', 'UTF-8');
+            $this->startXML();
         }
         $this->xw->writeDTD('html',
                             '-//W3C//DTD XHTML 1.0 Strict//EN',
@@ -119,9 +126,16 @@ class HTMLOutputter extends XMLOutputter
 
         $language = $this->getLanguage();
 
-        $this->elementStart('html', array('xmlns' => 'http://www.w3.org/1999/xhtml',
-                                          'xml:lang' => $language,
-                                          'lang' => $language));
+        $attrs = array(
+            'xmlns' => 'http://www.w3.org/1999/xhtml',
+            'xml:lang' => $language,
+            'lang' => $language
+        );
+
+        if (Event::handle('StartHtmlElement', array($this, &$attrs))) {
+            $this->elementStart('html', $attrs);
+            Event::handle('EndHtmlElement', array($this, &$attrs));
+        }
     }
 
     function getLanguage()
@@ -159,27 +173,37 @@ class HTMLOutputter extends XMLOutputter
      * a cluster of elements, including a <label> and an associated
      * instructions span.
      *
+     * If $attrs['type'] does not exist it will be set to 'text'.
+     *
      * @param string $id           element ID, must be unique on page
      * @param string $label        text of label for the element
      * @param string $value        value of the element, default null
      * @param string $instructions instructions for valid input
+     * @param string $name         name of the element; if null, the id will
+     *                             be used
+     * @param bool   $required     HTML5 required attribute (exclude when false)
+     * @param array  $attrs        Initial attributes manually set in an array (overwritten by previous options)
      *
-     * @todo add a $name parameter
      * @todo add a $maxLength parameter
      * @todo add a $size parameter
      *
      * @return void
      */
 
-    function input($id, $label, $value=null, $instructions=null)
+    function input($id, $label, $value=null, $instructions=null, $name=null, $required=false, array $attrs=array())
     {
         $this->element('label', array('for' => $id), $label);
-        $attrs = array('name' => $id,
-                       'type' => 'text',
-                       'id' => $id);
+        if (!array_key_exists('type', $attrs)) {
+            $attrs['type'] = 'text';
+        }
+        $attrs['id'] = $id;
+        $attrs['name'] = is_null($name) ? $id : $name;
         if (!is_null($value)) { // value can be 0 or ''
             $attrs['value'] = $value;
         }
+        if (!empty($required)) {
+            $attrs['required'] = 'required';
+        }
         $this->element('input', $attrs);
         if ($instructions) {
             $this->element('p', 'form_guide', $instructions);
@@ -287,7 +311,7 @@ class HTMLOutputter extends XMLOutputter
 
     function hidden($id, $value, $name=null)
     {
-        $this->element('input', array('name' => ($name) ? $name : $id,
+        $this->element('input', array('name' => $name ?: $id,
                                       'type' => 'hidden',
                                       'id' => $id,
                                       'value' => $value));
@@ -325,6 +349,7 @@ class HTMLOutputter extends XMLOutputter
      * @param string $label text of the button
      * @param string $cls   class of the button, default 'submit'
      * @param string $name  name, if different than ID
+     * @param string $title  title text for the submit button
      *
      * @return void
      *
@@ -335,7 +360,7 @@ class HTMLOutputter extends XMLOutputter
     {
         $this->element('input', array('type' => 'submit',
                                       'id' => $id,
-                                      'name' => ($name) ? $name : $id,
+                                      'name'  => $name ?: $id,
                                       'class' => $cls,
                                       'value' => $label,
                                       'title' => $title));
@@ -351,58 +376,74 @@ class HTMLOutputter extends XMLOutputter
      */
     function script($src, $type='text/javascript')
     {
-        if(Event::handle('StartScriptElement', array($this,&$src,&$type))) {
+        if (Event::handle('StartScriptElement', array($this,&$src,&$type))) {
 
             $url = parse_url($src);
 
-            if( empty($url['scheme']) && empty($url['host']) && empty($url['query']) && empty($url['fragment']))
-            {
+            if (empty($url['scheme']) && empty($url['host']) && empty($url['query']) && empty($url['fragment'])) {
+
+                // XXX: this seems like a big assumption
+
                 if (strpos($src, 'plugins/') === 0 || strpos($src, 'local/') === 0) {
 
-                    $src = common_path($src) . '?version=' . STATUSNET_VERSION;
+                    $src = common_path($src, StatusNet::isHTTPS()) . '?version=' . GNUSOCIAL_VERSION;
 
-                }else{
+                } else {
 
-                    $path = common_config('javascript', 'path');
+                    if (StatusNet::isHTTPS()) {
 
-                    if (empty($path)) {
-                        $path = common_config('site', 'path') . '/js/';
-                    }
+                        $sslserver = common_config('javascript', 'sslserver');
 
-                    if ($path[strlen($path)-1] != '/') {
-                        $path .= '/';
-                    }
+                        if (empty($sslserver)) {
+                            if (is_string(common_config('site', 'sslserver')) &&
+                                mb_strlen(common_config('site', 'sslserver')) > 0) {
+                                $server = common_config('site', 'sslserver');
+                            } else if (common_config('site', 'server')) {
+                                $server = common_config('site', 'server');
+                            }
+                            $path   = common_config('site', 'path') . '/js/';
+                        } else {
+                            $server = $sslserver;
+                            $path   = common_config('javascript', 'sslpath');
+                            if (empty($path)) {
+                                $path = common_config('javascript', 'path');
+                            }
+                        }
 
-                    if ($path[0] != '/') {
-                        $path = '/'.$path;
-                    }
+                        $protocol = 'https';
 
-                    $server = common_config('javascript', 'server');
+                    } else {
 
-                    if (empty($server)) {
-                        $server = common_config('site', 'server');
-                    }
+                        $path = common_config('javascript', 'path');
 
-                    $ssl = common_config('javascript', 'ssl');
+                        if (empty($path)) {
+                            $path = common_config('site', 'path') . '/js/';
+                        }
 
-                    if (is_null($ssl)) { // null -> guess
-                        if (common_config('site', 'ssl') == 'always' &&
-                            !common_config('javascript', 'server')) {
-                            $ssl = true;
-                        } else {
-                            $ssl = false;
+                        $server = common_config('javascript', 'server');
+
+                        if (empty($server)) {
+                            $server = common_config('site', 'server');
                         }
+
+                        $protocol = 'http';
+                    }
+
+                    if ($path[strlen($path)-1] != '/') {
+                        $path .= '/';
                     }
 
-                    $protocol = ($ssl) ? 'https' : 'http';
+                    if ($path[0] != '/') {
+                        $path = '/'.$path;
+                    }
 
-                    $src = $protocol.'://'.$server.$path.$src . '?version=' . STATUSNET_VERSION;
+                    $src = $protocol.'://'.$server.$path.$src . '?version=' . GNUSOCIAL_VERSION;
                 }
             }
 
             $this->element('script', array('type' => $type,
-                                                   'src' => $src),
-                                   ' ');
+                                           'src' => $src),
+                           ' ');
 
             Event::handle('EndScriptElement', array($this,$src,$type));
         }
@@ -452,9 +493,9 @@ class HTMLOutputter extends XMLOutputter
                 if(file_exists(Theme::file($src,$theme))){
                    $src = Theme::path($src, $theme);
                 }else{
-                   $src = common_path($src);
+                    $src = common_path($src, StatusNet::isHTTPS());
                 }
-                $src.= '?version=' . STATUSNET_VERSION;
+                $src.= '?version=' . GNUSOCIAL_VERSION;
             }
             $this->element('link', array('rel' => 'stylesheet',
                                     'type' => 'text/css',
@@ -492,28 +533,50 @@ class HTMLOutputter extends XMLOutputter
      * @param string $label        text of label for the element
      * @param string $content      content of the textarea, default none
      * @param string $instructions instructions for valid input
+     * @param string $name         name of textarea; if null, $id will be used
+     * @param int    $cols         number of columns
+     * @param int    $rows         number of rows
+     * @param bool   $required     HTML5 required attribute (exclude when false)
      *
      * @return void
-     *
-     * @todo add a $name parameter
-     * @todo add a $cols parameter
-     * @todo add a $rows parameter
      */
 
-    function textarea($id, $label, $content=null, $instructions=null)
-    {
+    function textarea(
+        $id,
+        $label,
+        $content      = null,
+        $instructions = null,
+        $name         = null,
+        $cols         = null,
+        $rows         = null,
+        $required     = false
+    ) {
         $this->element('label', array('for' => $id), $label);
-        $this->element('textarea', array('rows' => 3,
-                                         'cols' => 40,
-                                         'name' => $id,
-                                         'id' => $id),
-                       ($content) ? $content : '');
+        $attrs = array(
+            'rows' => 3,
+            'cols' => 40,
+            'id' => $id
+        );
+        $attrs['name'] = is_null($name) ? $id : $name;
+
+        if ($cols != null) {
+            $attrs['cols'] = $cols;
+
+        }
+        if ($rows != null) {
+            $attrs['rows'] = $rows;
+        }
+        $this->element(
+            'textarea',
+            $attrs,
+            is_null($content) ? '' : $content
+        );
         if ($instructions) {
             $this->element('p', 'form_guide', $instructions);
         }
     }
 
-    /**
+   /**
     * Internal script to autofocus the given element on page onload.
     *
     * @param string $id element ID, must refer to an existing element