Adds XSRF protection to the Carnet module.

[platal.git] / include / vcard.inc.php

diff --git a/include/vcard.inc.php b/include/vcard.inc.php
index 52d6905..ebda6af 100644 (file)
--- a/include/vcard.inc.php
+++ b/include/vcard.inc.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2007 Polytechnique.org                              *
+ *  Copyright (C) 2003-2008 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -87,7 +87,7 @@ class VCardIterator implements PlIterator
                 S::v('uid'),
                 $user['forlife'].'@'.$globals->mail->domain,
                 $user['forlife'].'@'.$globals->mail->domain2);
-        
+
         $user['virtualalias'] = $res->fetchOneCell();
         $user['gpxs_vcardjoin'] = join(',', array_map(array('VCard', 'text_encode'), $user['gpxs_name']));
         $user['binets_vcardjoin'] = join(',', array_map(array('VCard', 'text_encode'), $user['binets']));
@@ -108,11 +108,13 @@ class VCardIterator implements PlIterator
 
 class VCard
 {
+    static private $windows = false;
     private $iterator = null;
 
     public function __construct($users, $photos = true, $freetext = null)
     {
         $this->iterator = new VCardIterator($photos, $freetext);
+        VCard::$windows  = (strpos($_SERVER['HTTP_USER_AGENT'], 'Windows') !== false);
         if (is_array($users)) {
             foreach ($users as $user) {
                 $this->iterator->add_user($user);
@@ -124,7 +126,11 @@ class VCard
 
     public static function escape($text)
     {
-        return preg_replace('/[,;]/', '\\\\$0', $text);
+        if (VCard::$windows) {
+            return str_replace(';', '\\\\;', $text);
+        } else {
+            return str_replace(array(';', ','), array('\\\\;', '\\\\,'), $text);
+        }
     }
 
     public static function format_adr($params, &$smarty)
@@ -135,11 +141,11 @@ class VCard
         $adr = trim("$adr\n$adr2");
         $adr = trim("$adr\n$adr3");
         return VCard::text_encode(';;'
-                . VCard::escape($adr) . ';'
-                . VCard::escape($city) . ';'
-                . VCard::escape($region) . ';'
-                . VCard::escape($postcode) . ';'
-                . VCard::escape($country), false);
+                . (VCard::$windows ? VCard::escape($adr) : $adr) . ';'
+                . (VCard::$windows ? VCard::escape($city) : $city) . ';'
+                . (VCard::$windows ? VCard::escape($region) : $region) . ';'
+                . (VCard::$windows ? VCard::escape($postcode) : $postcode) . ';'
+                . (VCard::$windows ? VCard::escape($country) : $country), false);
     }
 
     public static function text_encode($text, $escape = true)
@@ -150,7 +156,10 @@ class VCard
         if ($escape) {
             $text = VCard::escape($text);
         }
-        return preg_replace("/(\r\n|\n|\r)/", '\n', $text);
+        if (VCard::$windows) {
+            $text = utf8_decode($text);
+        }
+        return str_replace(array("\r\n", "\n", "\r"), '\n', $text);
     }
 
     public function do_page(&$page)