[pkg-horde] [COMMIT lionel mnemo--upstream--2--patch-1] Import upstream Mnemo 2.0.3

Lionel Elie Mamane lmamane at costa.debian.org
Sat Dec 24 17:15:12 UTC 2005


A/ js/.arch-ids
A/ js
A/ locale/tr_TR
A/ locale/tr_TR/.arch-ids
A  js/.arch-ids/=id
A  js/.arch-ids/tables.js.id
A  locale/tr_TR/.arch-ids/help.xml.id
A  themes/.arch-ids/screen.css.id
A  themes/graphics/.arch-ids/az.png.id
A  js/fixUnstyledOptions.js
A  themes/graphics/.arch-ids/za.png.id
A  scripts/import_vnotes.php
A  js/.arch-ids/fixUnstyledOptions.js.id
A  themes/screen.css
A  locale/tr_TR/help.xml
A  locale/tr_TR/.arch-ids/=id
A  scripts/.arch-ids/import_vnotes.php.id
A  themes/graphics/az.png
A  themes/graphics/za.png
A  {arch}/mnemo/mnemo--upstream/mnemo--upstream--2/pkg-horde-hackers at lists.alioth.debian.org--2006/patch-log/patch-1
A  js/tables.js
M  docs/CHANGES
M  po/de_DE.po
M  templates/view/memo.inc
M  templates/prefs/showsummaryselect.inc
M  templates/data/import.inc
M  templates/menu.inc
M  templates/search/search.inc
M  lib/Block/summary.php
M  lib/version.php
M  templates/prefs/notepadselect.inc
M  templates/memo/memo.inc
M  templates/notepads/notepads.inc
M  docs/RELEASE_NOTES

--- /dev/null
+++ js/.arch-ids/=id
@@ -0,0 +1,1 @@
+Lionel Elie Mamane <lionel at mamane.lu> Sat Dec 24 18:14:33 2005 1149.0


--- /dev/null
+++ js/.arch-ids/tables.js.id
@@ -0,0 +1,1 @@
+Lionel Elie Mamane <lionel at mamane.lu> Sat Dec 24 18:14:33 2005 1151.0


--- /dev/null
+++ locale/tr_TR/.arch-ids/help.xml.id
@@ -0,0 +1,1 @@
+Lionel Elie Mamane <lionel at mamane.lu> Sat Dec 24 18:14:33 2005 1153.0


--- /dev/null
+++ themes/.arch-ids/screen.css.id
@@ -0,0 +1,1 @@
+Lionel Elie Mamane <lionel at mamane.lu> Sat Dec 24 18:14:33 2005 1157.0


--- /dev/null
+++ themes/graphics/.arch-ids/az.png.id
@@ -0,0 +1,1 @@
+Lionel Elie Mamane <lionel at mamane.lu> Sat Dec 24 18:14:33 2005 1155.0


--- /dev/null
+++ js/fixUnstyledOptions.js
@@ -0,0 +1,37 @@
+/**
+ * Safari and Konqueror don't style select lists. Find them and add a
+ * "*" to options with class="selected" so that the user has an
+ * indication of which shares are chosen.
+ *
+ * $Horde: mnemo/js/fixUnstyledOptions.js,v 1.1 2005/09/09 03:20:05 chuck Exp $
+ */
+
+/* We do everything onload so that the entire document is present
+ * before we start searching it for <option> elements. */
+if (window.addEventListener) {
+    window.addEventListener('load', mark_selected_options, false);
+} else if (window.attachEvent) {
+    window.attachEvent('onload', mark_selected_options);
+} else if (window.onload != null) {
+    var old_onload = window.onload;
+    window.onload = function(e)
+    {
+        old_onload(e);
+        mark_selected_options();
+    };
+} else {
+    window.onload = mark_selected_options;
+}
+
+function mark_selected_options()
+{
+    if (!document.getElementsByTagName) {
+        return;
+    }
+    options = document.getElementsByTagName('option');
+    for (i = 0; i < options.length; i++) {
+        if (options[i].className.indexOf('selected') != -1) {
+            options[i].innerHTML = "* " + options[i].innerHTML;
+        }
+    }
+}


--- /dev/null
+++ themes/graphics/.arch-ids/za.png.id
@@ -0,0 +1,1 @@
+Lionel Elie Mamane <lionel at mamane.lu> Sat Dec 24 18:14:33 2005 1156.0


--- /dev/null
+++ scripts/import_vnotes.php
@@ -0,0 +1,69 @@
+#!/usr/bin/php
+<?php
+/**
+ * This script imports vNote data into Mnemo notepads.
+ * The data is read from standard input, the notepad and user name passed as
+ * parameters.
+ *
+ * $Horde: mnemo/scripts/import_vnotes.php,v 1.3 2005/10/12 15:34:55 jan Exp $
+ *
+ * Copyright 2005 Jan Schneider <jan at horde.org>
+ *
+ * See the enclosed file LICENSE for license information (ASL). If you
+ * did not receive this file, see http://www.horde.org/licenses/asl.php.
+ */
+
+ at define('AUTH_HANDLER', true);
+ at define('HORDE_BASE', dirname(__FILE__) . '/../..');
+
+// Do CLI checks and environment setup first.
+require_once HORDE_BASE . '/lib/core.php';
+require_once 'Horde/CLI.php';
+
+// Make sure no one runs this from the web.
+if (!Horde_CLI::runningFromCLI()) {
+    exit("Must be run from the command line\n");
+}
+
+// Load the CLI environment - make sure there's no time limit, init some
+// variables, etc.
+$cli = &Horde_CLI::singleton();
+$cli->init();
+
+// Read command line parameters.
+if (count($argv) != 3) {
+    $cli->message('Too many or too few parameters.', 'cli.error');
+    usage();
+}
+$notepad = $argv[1];
+$user = $argv[2];
+
+// Read standard input.
+$vnote = $cli->readStdin();
+if (empty($vnote)) {
+    $cli->message('No import data provided.', 'cli.error');
+    usage();
+}
+
+// Registry.
+$registry = &Registry::singleton();
+
+// Set user.
+$auth = &Auth::singleton($conf['auth']['driver']);
+$auth->setAuth($user, array());
+
+// Import data.
+$result = $registry->call('notes/import',
+                          array($vnote, 'text/x-vnote', $notepad));
+if (is_a($result, 'PEAR_Error')) {
+    $cli->fatal($result->toString());
+}
+
+$cli->message('Imported successfully ' . count($result) . ' notes', 'cli.success');
+
+function usage()
+{
+    $GLOBALS['cli']->writeln('Usage: import_vnotes.php notepad user');
+    exit;
+}
+


--- /dev/null
+++ js/.arch-ids/fixUnstyledOptions.js.id
@@ -0,0 +1,1 @@
+Lionel Elie Mamane <lionel at mamane.lu> Sat Dec 24 18:14:33 2005 1150.0


--- /dev/null
+++ themes/screen.css
@@ -0,0 +1,45 @@
+/**
+ * $Horde: mnemo/themes/screen.css,v 1.4 2005/10/02 15:19:42 chuck Exp $
+ */
+
+/* Menu bottom margin, added for BC. */
+#menu {
+    margin-bottom: 8px;
+}
+
+/* Image alignment, added for BC. */
+img {
+    vertical-align: middle;
+}
+
+/* Sort arrow styles, added for BC. */
+.sortup {
+    background: #bbcbff url("graphics/za.png") center left no-repeat;
+    padding-left: 10px;
+}
+.sortdown {
+    background: #bbcbff url("graphics/az.png") center left no-repeat;
+    padding-left: 10px;
+}
+
+/* Table CSS, added for BC. */
+th {
+    color: #333;
+    font-family: Verdana,Helvetica,sans-serif;
+    font-size: 11px;
+    border-bottom: 1px solid #999;
+}
+
+/* RTL styles, added for BC. */
+.leftAlign {
+    text-align: left;
+}
+.rightAlign {
+    text-align: right;
+}
+.leftFloat {
+    float: left;
+}
+.rightFloat {
+    float: right;
+}


--- /dev/null
+++ locale/tr_TR/help.xml
@@ -0,0 +1,119 @@
+<?xml version="1.0" encoding="iso-8859-9"?>
+<!-- $Horde: mnemo/locale/tr_TR/help.xml,v 1.1 2005/04/13 21:20:23 jan Exp $ -->
+<help>
+
+<!-- English entry:
+<entry id="Overview">
+    <title>Overview</title>
+    <heading>Introduction</heading>
+    <para>
+    <i>Notes</i> is an application which allows you to create the computer equivalent of sticky notes.  Notes can be created, modified, deleted, and printed.  You can also search on your notes to locate information.   Support for importing and exporting notes is also available.
+    </para>
+    <para>
+    Unlike real sticky notes, your computer notes can be shared with others in different physical locations.  Notes can be organized into different notepads, and assigned categories.
+    </para>
+</entry>
+-->
+
+<entry id="Overview" md5="50ee76138fb08b04b029006053bbadbc" state="uptodate">
+<title>Genel Bakýþ</title>
+<heading>Tanýtým</heading>
+<para>
+Notlar yönetimi zor olan notlarýnýzý bilgisayarýnýzda oluþturmanýzý saðlayan bir uygulamadýr. Notlar oluþturulabilir, deðiþtirilebilir, silinebilir, ve yazdýrýlabilir. Ayrýca bilgi yerleþtirmek için notlarýnýzda arama da yapabilirsiniz. Dýþardan not almak ve dýþarýya not vermek de desteklenmektedir.
+</para>
+</entry>
+
+<!-- English entry:
+<entry id="list-actions">
+    <title>Notes List: Actions</title>
+    <heading>Actions</heading>
+    <para>
+    <i>Delete Note</i> permanently deletes the selected note.
+    </para>
+    <para>
+    <i>Modify Note</i> allows you to modify an existing note.
+    </para>
+    <para>
+    <i>Back to Notepad</i> takes you back from note view to the notepad that contains the current note.
+    </para>
+</entry>
+-->
+
+<entry id="list-actions" md5="6d592f153bfb5c296de5dfebb428e1ba" state="uptodate">
+<title>Notlar Listesi: Ýþlemler</title>
+<heading>Ýþlemler</heading>
+<para>
+Notu Sil seçili notu sürekli siler.
+</para>
+<para>
+Notu Deðiþtir varolan bir notta deðiþiklik yapmanýzý saðlar.
+</para>
+<para>
+Notdefterine Dönüþ sizi not gösteriminden alýp o notun olduðu notdefterine götürür.
+</para>
+</entry>
+
+<!-- English entry:
+<entry id="menu-actions">
+    <title>Menu Items</title>
+    <heading>Menu Items</heading>
+    <para>
+    <i>List Notes</i> lists all the notes in the current notepad.
+    </para>
+    <para>
+    <i>New Note</i> allows you to create a new note in the current notepad.
+    </para>
+    <para>
+    <i>Search</i> allows you to search for text in your notes.  You can search the description field only, or the full text of the notes.
+    </para>
+    <para>
+    <i>Import/Export</i> allows you to import or export notes.  Currently CSV
+    formatted and vNote files are supported.
+    </para>
+    <para>
+    <i>Print</i> allows you to print a note.  The <i>Print</i> icons is only in the menu bar when a note is being viewed.
+    </para>
+</entry>
+-->
+
+<entry id="menu-actions" md5="715a853d93cd3330e4d730b9112c8a82" state="uptodate">
+<title>Menü Öðeleri</title>
+<heading>Menü Öðeleri</heading>
+<para>
+Notlarý Listele kullanýlan not defterindeki bütün notlarý gösterir
+</para>
+<para>
+Yeni Not not defterinde yeni not oluþturmanýzý saðlar
+</para>
+<para>
+Arama özelliði ,notlarýnýzda metin aramasý yapmanýzý saðlar. Sadece açýklama alanýný, ya da tüm metni notlarda arayabilirsiniz.
+</para>
+<para>
+Al/Ver notlarýnýzý dýþardan alýp dýþarýya vermeyi saðlar. Kullanýlan CSV biçimindeki ve vNote dosyalarý desteklenir.
+</para>
+<para>
+Yazdýr notlarý yazdýrýr. Yazdýr simgesi sadece bir not görüntülendiðinde menü çubuðunda belirir.
+</para>
+</entry>
+
+
+
+<!-- English entry:
+<entry id="sorting">
+    <title>Sorting Entries</title>
+    <heading>Sorting Entries</heading>
+    <para>
+    When viewing a list of entries, you can sort the entries by any column by clicking on the appropriate column heading title.  To switch a column between ascending and descending sorting order, click on the arrow icon in the column heading.
+    </para>
+</entry>
+-->
+
+<entry id="sorting" md5="cca3b1d1c9ed0ec5ab385f82469ddc8f" state="uptodate">
+<title>Giriþlerin Sýnýflandýrýlmasý</title>
+<heading>Giriþlerin Sýnýflandýrýlmasý</heading>
+<para>
+Giriþlerin listesini görüntülerken, giriþleri herhangi bir sütuna göre o sütunun baþlýðýna týklayarak sýnýflandýrabilirsiniz. Sütunu yükselen ve alçalan sýnýflandýrma arasýnda deðiþtirmek için, sütun baþlýðýndaki ok simgesini týklayýn.
+</para>
+</entry>
+
+</help>


--- /dev/null
+++ locale/tr_TR/.arch-ids/=id
@@ -0,0 +1,1 @@
+Lionel Elie Mamane <lionel at mamane.lu> Sat Dec 24 18:14:33 2005 1152.0


--- /dev/null
+++ scripts/.arch-ids/import_vnotes.php.id
@@ -0,0 +1,1 @@
+Lionel Elie Mamane <lionel at mamane.lu> Sat Dec 24 18:14:33 2005 1154.0


‰PNG


,

‰PNG



--- /dev/null
+++ {arch}/mnemo/mnemo--upstream/mnemo--upstream--2/pkg-horde-hackers at lists.alioth.debian.org--2006/patch-log/patch-1
@@ -0,0 +1,36 @@
+Revision: mnemo--upstream--2--patch-1
+Archive: pkg-horde-hackers at lists.alioth.debian.org--2006
+Creator: Lionel Elie Mamane <lionel at mamane.lu>
+Date: Sat Dec 24 18:14:35 CET 2005
+Standard-date: 2005-12-24 17:14:35 GMT
+New-files: js/.arch-ids/=id
+    js/.arch-ids/fixUnstyledOptions.js.id
+    js/.arch-ids/tables.js.id js/fixUnstyledOptions.js
+    js/tables.js locale/tr_TR/.arch-ids/=id
+    locale/tr_TR/.arch-ids/help.xml.id
+    locale/tr_TR/help.xml
+    scripts/.arch-ids/import_vnotes.php.id
+    scripts/import_vnotes.php
+    themes/.arch-ids/screen.css.id
+    themes/graphics/.arch-ids/az.png.id
+    themes/graphics/.arch-ids/za.png.id
+    themes/graphics/az.png themes/graphics/za.png
+    themes/screen.css
+New-directories: js js/.arch-ids locale/tr_TR
+    locale/tr_TR/.arch-ids
+Modified-files: docs/CHANGES docs/RELEASE_NOTES
+    lib/Block/summary.php lib/version.php
+    locale/de_DE/LC_MESSAGES/mnemo.mo po/de_DE.po
+    templates/data/import.inc templates/memo/memo.inc
+    templates/menu.inc templates/notepads/notepads.inc
+    templates/prefs/notepadselect.inc
+    templates/prefs/showsummaryselect.inc
+    templates/search/search.inc templates/view/memo.inc
+New-patches: pkg-horde-hackers at lists.alioth.debian.org--2006/mnemo--upstream--2--patch-1
+Summary: Import upstream Mnemo 2.0.3
+Keywords: 
+
+Imported mnemo-h3-2.0.3
+into pkg-horde-hackers at lists.alioth.debian.org--2006/mnemo--upstream--2
+
+


--- /dev/null
+++ js/tables.js
@@ -0,0 +1,360 @@
+/**
+ * Javascript code for finding all tables with classname "striped" and
+ * dynamically striping their row colors, and finding all tables with
+ * classname "sortable" and making them dynamically sortable.
+ *
+ * $Horde: mnemo/js/tables.js,v 1.3 2005/10/04 17:27:47 chuck Exp $
+ *
+ * See the enclosed file COPYING for license information (LGPL). If you did not
+ * receive this file, see http://www.fsf.org/copyleft/lgpl.html.
+ */
+
+/* We do everything onload so that the entire document is present
+ * before we start searching it for tables. */
+if (window.addEventListener) {
+    window.addEventListener('load', table_init, false);
+} else if (window.attachEvent) {
+    window.attachEvent('onload', table_init);
+} else if (window.onload != null) {
+    var old_onload = window.onload;
+    window.onload = function(e)
+    {
+        old_onload(e);
+        table_init();
+    };
+} else {
+    window.onload = table_init;
+}
+
+var SORT_COLUMN_INDEX;
+
+function table_init()
+{
+    if (!document.getElementsByTagName) {
+        return;
+    }
+    tables = document.getElementsByTagName('table');
+    for (i = 0; i < tables.length; i++) {
+        if (hasClass(tables[i], 'striped')) {
+            table_stripe(tables[i]);
+        }
+        if (hasClass(tables[i], 'sortable') && tables[i].id) {
+            table_makeSortable(tables[i]);
+        }
+    }
+}
+
+function table_stripe(table)
+{
+    // The flag we'll use to keep track of whether the current row is
+    // odd or even.
+    var even = false;
+
+    // Tables can have more than one tbody element; get all child
+    // tbody tags and interate through them.
+    var tbodies = table.childNodes;
+    for (var c = 0; c < tbodies.length; c++) {
+        if (tbodies[c].tagName != 'TBODY') {
+            continue;
+        }
+
+        var trs = tbodies[c].childNodes;
+        for (var i = 0; i < trs.length; i++) {
+            if (trs[i].tagName == 'TR') {
+                removeClass(trs[i], 'rowEven');
+                removeClass(trs[i], 'rowOdd');
+                addClass(trs[i], even ? 'rowEven' : 'rowOdd');
+
+                // Flip from odd to even, or vice-versa.
+                even = !even;
+            }
+        }
+    }
+}
+
+function table_makeSortable(table)
+{
+    if (table.rows && table.rows.length > 0) {
+        var firstRow = table.rows[0];
+    }
+    if (!firstRow) {
+        return;
+    }
+
+    // We have a first row: assume it's the header, and make its
+    // contents clickable links.
+    for (var i = 0; i < firstRow.cells.length; i++) {
+        var cell = firstRow.cells[i];
+        cell.onclick = function(e)
+        {
+            var e = e || window.event;
+
+            if (e.target) {
+                if (e.target.nodeType == 3) {
+                    e.target = e.target.parentNode;
+                }
+            } else if (e.srcElement) {
+                e.target = e.srcElement;
+            }
+
+            el = hasParent(e.target, 'A', 'TH');
+            if (el && !hasClass(el, 'sortlink')) {
+                return true;
+            }
+
+            th = getParent(e.target, 'TH');
+            if (hasClass(th, 'nosort')) {
+                return true;
+            }
+
+            table_resortTable(th);
+            return false;
+        }
+    }
+}
+
+function table_getInnerText(el)
+{
+    if (typeof el == 'string') {
+        return el;
+    }
+    if (typeof el == 'undefined') {
+        return el;
+    }
+    if (el.innerText) {
+        // Not needed but it is faster.
+        return el.innerText;
+    }
+
+    var str = "";
+    var cs = el.childNodes;
+    var l = cs.length;
+    for (var i = 0; i < l; i++) {
+        switch (cs[i].nodeType) {
+        case 1:
+            // ELEMENT_NODE
+            str += table_getInnerText(cs[i]);
+            break;
+
+        case 3:
+            // TEXT_NODE
+            str += cs[i].nodeValue;
+            break;
+        }
+    }
+
+    return str;
+}
+
+function table_resortTable(th)
+{
+    table = getParent(th, 'TABLE');
+    sortColumn = th.cellIndex;
+    sortDown = 0;
+
+    // Loop through <thead> to find the current sort column and
+    // direction.
+    theads = table.tHead.getElementsByTagName('th');
+    for (i = 0; i < theads.length; i++) {
+        if (th == theads[i]) {
+            if (hasClass(theads[i], 'sortup')) {
+                removeClass(theads[i], 'sortup');
+                addClass(theads[i], 'sortdown');
+            } else if (hasClass(theads[i], 'sortdown')) {
+                removeClass(theads[i], 'sortdown');
+                addClass(theads[i], 'sortup');
+                sortDown = 1;
+            } else {
+                addClass(theads[i], 'sortdown');
+            }
+        } else {
+            removeClass(theads[i], 'sortup');
+            removeClass(theads[i], 'sortdown');
+        }
+    }
+
+    // Work out a type for the column
+    if (table.rows.length <= 1) {
+        return;
+    }
+
+    var itm = table_getInnerText(table.rows[1].cells[sortColumn]);
+    sortfn = table_sort_caseinsensitive;
+    if (itm.match(/^\d\d[\/-]\d\d[\/-]\d\d\d\d$/)) {
+        sortfn = table_sort_date;
+    }
+    if (itm.match(/^\d\d[\/-]\d\d[\/-]\d\d$/)) {
+        sortfn = table_sort_date;
+    }
+    if (itm.match(/^[£$]/)) {
+        sortfn = table_sort_currency;
+    }
+    if (itm.match(/^[\d\.]+$/)) {
+        sortfn = table_sort_numeric;
+    }
+
+    SORT_COLUMN_INDEX = sortColumn;
+
+    // Don't mix up seperate tbodies; sort each in turn.
+    for (i = 0; i < table.tBodies.length; i++) {
+        trs = table.tBodies[i].getElementsByTagName('tr');
+        newRows = new Array();
+        for (j = 0; j < trs.length; j++) {
+            newRows[j] = trs[j];
+        }
+
+        newRows.sort(sortfn);
+        if (sortDown) {
+            newRows.reverse();
+        }
+
+        // We appendChild rows that already exist to the tbody, so it
+        // moves them rather than creating new ones. Don't do
+        // sortbottom rows.
+        for (j = 0; j < newRows.length; j++) {
+            if (!hasClass(newRows[j], 'sortbottom')) {
+                table.tBodies[i].appendChild(newRows[j]);
+            }
+        }
+
+        // Do sortbottom rows only.
+        for (j = 0; j < newRows.length; j++) {
+            if (hasClass(newRows[j], 'sortbottom')) {
+                table.tBodies[i].appendChild(newRows[j]);
+            }
+        }
+    }
+
+    // If we just resorted a striped table, re-stripe it.
+    if (hasClass(table, 'striped')) {
+        table_stripe(table);
+    }
+
+    // Finally, see if we have a callback function to trigger.
+    if (typeof(table_sortCallback) == 'function') {
+        table_sortCallback(table.id, th.id, sortDown);
+    }
+}
+
+function getParent(el, pTagName)
+{
+    if (el == null) {
+        return null;
+    } else if (pTagName == null) {
+        return el.parentNode;
+    } else if (el.nodeType == 1 && el.tagName.toLowerCase() == pTagName.toLowerCase()) {
+        // Gecko bug, supposed to be uppercase.
+        return el;
+    } else {
+        return getParent(el.parentNode, pTagName);
+    }
+}
+
+function table_sort_date(a, b)
+{
+    // Two digit years less than 50 are treated as 20XX, greater than
+    // 50 are treated as 19XX.
+    aa = table_getInnerText(a.cells[SORT_COLUMN_INDEX]);
+    bb = table_getInnerText(b.cells[SORT_COLUMN_INDEX]);
+    if (aa.length == 10) {
+        dt1 = aa.substr(6, 4) + aa.substr(3, 2) + aa.substr(0, 2);
+    } else {
+        yr = aa.substr(6, 2);
+        if (parseInt(yr) < 50) {
+            yr = '20' + yr;
+        } else {
+            yr = '19' + yr;
+        }
+        dt1 = yr+aa.substr(3, 2) + aa.substr(0, 2);
+    }
+    if (bb.length == 10) {
+        dt2 = bb.substr(6, 4) + bb.substr(3, 2) + bb.substr(0, 2);
+    } else {
+        yr = bb.substr(6, 2);
+        if (parseInt(yr) < 50) {
+            yr = '20' + yr;
+        } else {
+            yr = '19' + yr;
+        }
+        dt2 = yr + bb.substr(3, 2) + bb.substr(0, 2);
+    }
+    if (dt1 == dt2) {
+        return 0;
+    } else if (dt1 < dt2) {
+        return -1;
+    }
+    return 1;
+}
+
+function table_sort_currency(a, b)
+{
+    aa = table_getInnerText(a.cells[SORT_COLUMN_INDEX]).replace(/[^0-9.]/g, '');
+    bb = table_getInnerText(b.cells[SORT_COLUMN_INDEX]).replace(/[^0-9.]/g, '');
+    return parseFloat(aa) - parseFloat(bb);
+}
+
+function table_sort_numeric(a, b)
+{
+    aa = parseFloat(table_getInnerText(a.cells[SORT_COLUMN_INDEX]));
+    if (isNaN(aa)) {
+        aa = 0;
+    }
+    bb = parseFloat(table_getInnerText(b.cells[SORT_COLUMN_INDEX]));
+    if (isNaN(bb)) {
+        bb = 0;
+    }
+    return aa - bb;
+}
+
+function table_sort_caseinsensitive(a, b)
+{
+    aa = table_getInnerText(a.cells[SORT_COLUMN_INDEX]).toLowerCase();
+    bb = table_getInnerText(b.cells[SORT_COLUMN_INDEX]).toLowerCase();
+    if (aa == bb) {
+        return 0;
+    } else if (aa < bb) {
+        return -1;
+    }
+    return 1;
+}
+
+function table_sort_default(a,b)
+{
+    aa = table_getInnerText(a.cells[SORT_COLUMN_INDEX]);
+    bb = table_getInnerText(b.cells[SORT_COLUMN_INDEX]);
+    if (aa == bb) {
+        return 0;
+    } else if (aa < bb) {
+        return -1;
+    }
+    return 1;
+}
+
+/**
+ * DOM utility functions.
+ */
+function hasParent(el, tagName, tagStop)
+{
+    if (el.tagName == tagName) {
+        return el;
+    } else if (tagStop != null && el.tagName == tagStop) {
+        return false;
+    } else {
+        return hasParent(getParent(el), tagName, tagStop);
+    }
+}
+
+function addClass(el, className)
+{
+    el.className += el.className ? ' ' + className : className;
+}
+
+function removeClass(el, className)
+{
+    el.className = el.className.replace(new RegExp(' ?' + className + ' ?'), '');
+}
+
+function hasClass(el, className)
+{
+    return (el.className.indexOf(className) != -1);
+}


--- orig/docs/CHANGES
+++ mod/docs/CHANGES
@@ -1,4 +1,11 @@
 ------
+v2.0.3
+------
+
+[cjh] Close several XSS vulnerabilities with note and notepad data.
+
+
+------
 v2.0.2
 ------
 


--- orig/po/de_DE.po
+++ mod/po/de_DE.po
@@ -6,7 +6,7 @@
 msgstr ""
 "Project-Id-Version: Mnemo 2.0-cvs\n"
 "Report-Msgid-Bugs-To: dev at lists.horde.org\n"
-"POT-Creation-Date: 2005-09-16 22:17+0200\n"
+"POT-Creation-Date: 2005-10-13 17:13+0200\n"
 "PO-Revision-Date: 2005-03-11 21:19+0100\n"
 "Last-Translator: Jan Schneider <jan at horde.org>\n"
 "Language-Team: German <dev at horde.org>\n"
@@ -213,6 +213,10 @@
 msgid "Next"
 msgstr "Weiter"
 
+#: lib/api.php:148
+msgid "No iCalendar data was found."
+msgstr "Es wurden keine iCalendar-Daten gefunden."
+
 #: templates/menu.inc:7
 msgid "No notepads are available to guests."
 msgstr "Es sind keine Notizblöcke für Gäste verfügbar."
@@ -281,7 +285,7 @@
 msgid "Other Options"
 msgstr "Andere Einstellungen"
 
-#: lib/api.php:125 lib/api.php:196 lib/api.php:267 lib/api.php:296
+#: lib/api.php:125 lib/api.php:216 lib/api.php:287 lib/api.php:316
 msgid "Permission Denied"
 msgstr "Zugriff verweigert"
 
@@ -403,7 +407,11 @@
 msgid "There was an error importing the data: %s"
 msgstr "Beim Importieren der Daten ist ein Fehler aufgetreten: %s"
 
-#: lib/api.php:149 lib/api.php:315
+#: lib/api.php:142
+msgid "There was an error importing the iCalendar data."
+msgstr "Beim Importieren der iCalendar Daten ist ein Fehler aufgetreten."
+
+#: lib/api.php:335
 msgid "There was an error importing the vNote data."
 msgstr "Beim Importieren der vNote-Daten ist ein Fehler aufgetreten."
 
@@ -444,7 +452,7 @@
 msgid "Unfiled"
 msgstr "Nicht zugeordnet"
 
-#: lib/api.php:158 lib/api.php:231 lib/api.php:323
+#: lib/api.php:178 lib/api.php:251 lib/api.php:343
 msgid "Unsupported Content-Type."
 msgstr "Nicht unterstützter Inhaltstyp."
 


--- orig/templates/view/memo.inc
+++ mod/templates/view/memo.inc
@@ -1,6 +1,6 @@
 <?php
-$memourl = Util::addParameter('memo.php', 'memo', $memo_id);
-$memourl = Util::addParameter($memourl, 'memolist', $memolist_id);
+$memourl = Util::addParameter('memo.php', array('memo' => $memo_id,
+                                                'memolist' => $memolist_id));
 
 $share = $GLOBALS['mnemo_shares']->getShare($memolist_id);
 ?>


--- orig/templates/prefs/showsummaryselect.inc
+++ mod/templates/prefs/showsummaryselect.inc
@@ -15,9 +15,9 @@
 $column_count = 0;
 foreach ($cManager->get() as $id => $name) {
     if (in_array($id, $categories)) {
-        $js .= "categories[$column_count] = new Array('$id', '$name', true);\n";
+        $js .= "categories[$column_count] = new Array(decodeURIComponent('" . rawurlencode($id) . "'), decodeURIComponent('" . rawurlencode($name) . "'), true);\n";
 	} else {
-        $js .= "categories[$column_count] = new Array('$id', '$name', false);\n";
+        $js .= "categories[$column_count] = new Array(decodeURIComponent('" . rawurlencode($id) . "'), decodeURIComponent('" . rawurlencode($name) . "'), false);\n";
     }
     $column_count++;
 }
@@ -91,7 +91,7 @@
 // -->
 </script>
 <?php echo _("Choose the memo categories to list in the summary view.") ?><br />
-<input type="hidden" name="summary_categories" value="<?php echo $prefs->getValue('summary_categories') ?>" />
+<input type="hidden" name="summary_categories" value="<?php echo htmlspecialchars($prefs->getValue('summary_categories')) ?>" />
 <table>
   <tr>
     <td>
@@ -100,9 +100,9 @@
       </select>
     </td>
     <td>
-      <a href="" onclick="addColumn(); return false;"><?php echo Horde::img('rhand.png', _("Add category"), '', $registry->getImageDir('horde')) ?></a>
+      <a href="#" onclick="addColumn(); return false;"><?php echo Horde::img('rhand.png', _("Add category"), '', $registry->getImageDir('horde')) ?></a>
       <br />
-      <a href="" onclick="removeColumn(); return false;"><?php echo Horde::img('lhand.png', _("Remove category"), '', $registry->getImageDir('horde')) ?></a>
+      <a href="#" onclick="removeColumn(); return false;"><?php echo Horde::img('lhand.png', _("Remove category"), '', $registry->getImageDir('horde')) ?></a>
     </td>
     <td>
       <select name="selected_categories" multiple="multiple" size="10" width="30" onchange="deselectHeaders();">


--- orig/templates/data/import.inc
+++ mod/templates/data/import.inc
@@ -1,11 +1,11 @@
 <form method="post" name="import_form" enctype="multipart/form-data" action="<?php echo Horde::applicationUrl('data.php') ?>">
-<input type="hidden" name="actionID" value="<?php echo $next_step ?>" />
-<input type="hidden" name="import_step" value="<?php echo $import_step ?>" />
+<input type="hidden" name="actionID" value="<?php echo htmlspecialchars($next_step) ?>" />
+<input type="hidden" name="import_step" value="<?php echo (int)$import_step ?>" />
 <table cellspacing="0" cellpadding="0" border="0" width="100%">
 <tr>
     <td>
         <table cellpadding="3" cellspacing="0" border="0" width="100%">
-        <tr><td class="header" align="center"><?php echo sprintf(_("Import Notes, Step %d"), $import_step) ?></td>
+        <tr><td class="header" align="center"><?php echo sprintf(_("Import Notes, Step %d"), (int)$import_step) ?></td>
         </tr></table>
     </td>
 </tr>
@@ -26,7 +26,7 @@
         foreach ($notepads as $id => $notepad) {
             $sel = ($id == $default) ? ' selected="selected"' : '';
             printf('<option value="%s"%s>%s</option>',
-                   $id, $sel, $notepad->get('name')) . "\n";
+                   htmlspecialchars($id), $sel, htmlspecialchars($notepad->get('name'))) . "\n";
         } ?>
         </select><br />
 <?php else: ?>


--- orig/templates/menu.inc
+++ mod/templates/menu.inc
@@ -11,22 +11,22 @@
 <?php echo Util::formInput() ?>
 <div id="menu">
 <?php if (!$prefs->isLocked('default_notepad') && (count($notepads) > 1 || !count($GLOBALS['display_notepads']))): ?>
- <span style="float:right">
+ <div style="float:right">
 <select name="display_notepad" onchange="notepadSubmit();">
   <option value=""><?php echo _("Show Notepads:") ?></option>
 <?php foreach ($notepads as $id => $notepad): ?>
-  <option value="<?php echo $id ?>"><?php echo (in_array($id, $GLOBALS['display_notepads']) ? '* ' : '') . $notepad->get('name') ?></option>
+  <option value="<?php echo htmlspecialchars($id) ?>"><?php echo (in_array($id, $GLOBALS['display_notepads']) ? '* ' : '') . htmlspecialchars($notepad->get('name')) ?></option>
 <?php endforeach; ?>
 </select>
- </span>
- <span style="float:right">
+ </div>
+ <div style="float:right">
 <?php
 require_once 'Horde/Menu.php';
 $cmenu = &new Menu(HORDE_MENU_MASK_NONE);
 $cmenu->add('#', _("Show"), 'notepads.png', null, null, 'return notepadSubmit()', '__noselection');
 echo $cmenu->render();
 ?>
- </span>
+ </div>
 <?php endif; ?>
 
  <?php echo Mnemo::getMenu('string') ?>


--- orig/templates/search/search.inc
+++ mod/templates/search/search.inc
@@ -1,9 +1,9 @@
 <form method="post" name="memo" enctype="multipart/form-data" action="<?php echo Horde::applicationUrl('list.php') ?>">
 <input type="hidden" name="actionID" value="search_memos" />
-<table border="0" cellpadding="2" cellspacing="0" width="100%">
+<table cellspacing="0" width="100%">
 <tr><td align="left" class="header"><b><?php echo _("Search") ?></b></td></tr></table>
 
-<table border="0" cellpadding="2" cellspacing="0" width="100%">
+<table cellspacing="0" width="100%">
 <tr>
   <td class="item" align="right" valign="top" nowrap="nowrap">
     <b><?php echo Horde::label('search_pattern', _("Search _Text")) ?>:</b>&nbsp;
@@ -25,7 +25,7 @@
 
 <br />
 
-<table border="0" align="center" width="100%" cellspacing="0" cellpadding="0">
+<table width="100%" cellspacing="0">
 <tr>
   <td>
     <input type="submit" class="button" value="<?php echo _("Search") ?>" />&nbsp;


--- orig/lib/Block/summary.php
+++ mod/lib/Block/summary.php
@@ -5,7 +5,7 @@
 /**
  * Implementation of Horde_Block api to show notes summary.
  *
- * $Horde: mnemo/lib/Block/summary.php,v 1.22.8.1 2005/05/10 04:32:34 chuck Exp $
+ * $Horde: mnemo/lib/Block/summary.php,v 1.22.8.1.2.1 2005/12/10 22:08:31 chuck Exp $
  *
  * @package Horde_Block
  */
@@ -89,8 +89,8 @@
                 if (!is_a($share, 'PEAR_Error')) {
                     $owner = $share->get('name');
                 }
-                $html .= '<td align="center" class="nowrap">';
-                $html .= $owner . '</td>';
+                $html .= '<td align="center" class="nowrap">' .
+                    htmlspecialchars($owner) . '</td>';
             }
 
             $html .= '<td>';


--- orig/lib/version.php
+++ mod/lib/version.php
@@ -1 +1 @@
-<?php define('MNEMO_VERSION', 'H3 (2.0.2)') ?>
+<?php define('MNEMO_VERSION', 'H3 (2.0.3)') ?>


--- orig/templates/prefs/notepadselect.inc
+++ mod/templates/prefs/notepadselect.inc
@@ -8,9 +8,9 @@
 ?>
 
 <?php echo _("Your default notepad:") ?><br />
-<select name="default_notepad" class="fixed">
+<select name="default_notepad">
 <?php foreach ($notepads as $id => $notepad): ?>
-    <option value="<?php echo $id ?>"<?php if ($id == $default_notepad) echo ' selected="selected"' ?>><?php echo $notepad->get('name') ?></option>
+    <option value="<?php echo htmlspecialchars($id) ?>"<?php if ($id == $default_notepad) echo ' selected="selected"' ?>><?php echo htmlspecialchars($notepad->get('name')) ?></option>
 <?php endforeach; ?>
 </select><br /><br />
 <?php endif; ?>


--- orig/templates/memo/memo.inc
+++ mod/templates/memo/memo.inc
@@ -2,9 +2,9 @@
 <form method="post" name="memo" action="memo.php">
 <?php Util::pFormInput() ?>
 <input type="hidden" name="actionID" value="save_memo" />
-<input type="hidden" name="memo" value="<?php echo $memo_id ?>" />
+<input type="hidden" name="memo" value="<?php echo htmlspecialchars($memo_id) ?>" />
 <input type="hidden" name="new_category" value="" />
-<input type="hidden" name="memolist_original" value="<?php echo $memolist_id ?>" />
+<input type="hidden" name="memolist_original" value="<?php echo htmlspecialchars($memolist_id) ?>" />
 <?php if ($prefs->isLocked('default_notepad') || count($notepads) <= 1): ?>
 <input type="hidden" name="notepad_target" value="<?php echo htmlspecialchars($memolist_id) ?>" />
 <?php endif; ?>
@@ -28,7 +28,7 @@
     foreach ($notepads as $id => $notepad) {
         $sel = ($id == $memolist_id) ? ' selected="selected"' : '';
         printf('<option value="%s"%s>%s</option>',
-               $id, $sel, $notepad->get('name')) . "\n";
+               htmlspecialchars($id), $sel, htmlspecialchars($notepad->get('name'))) . "\n";
     } ?>
     </select>
 


--- orig/templates/notepads/notepads.inc
+++ mod/templates/notepads/notepads.inc
@@ -1,13 +1,13 @@
 <script language="JavaScript" type="text/javascript">
 <!--
 
-var editURL = '<?php echo str_replace('&amp;', '&', Util::addParameter(Horde::url($registry->get('webroot', 'horde') . '/services/shares/edit.php?app=mnemo'), 'share', '@ID@')) ?>';
+var editURL = decodeURIComponent('<?php echo rawurlencode(Util::addParameter(Horde::url($registry->get('webroot', 'horde') . '/services/shares/edit.php?app=mnemo', true), 'share', '@ID@', false)) ?>');
 var cancelSubmit = false;
 var fields = new Array();
 <?php foreach ($personal_notepads as $id => $notepads): ?>
-fields['<?php echo addslashes($id) ?>'] = new Array(
-        "<?php echo addslashes($notepads->get('name')) ?>",
-        "<?php echo preg_replace('(\r\n|\n|\r)', '\n', addslashes($notepads->get('desc'))) ?>");
+fields['<?php echo rawurlencode($id) ?>'] = new Array(
+        "<?php echo rawurlencode($notepads->get('name')) ?>",
+        "<?php echo rawurlencode($notepads->get('desc')) ?>");
 <?php endforeach; ?>
 
 function newChoice()
@@ -28,8 +28,8 @@
 function updateForm(share)
 {
     document.shares.edit_share.value = share;
-    document.shares.id.value = fields[share][0];
-    document.shares.description.value = fields[share][1];
+    document.shares.id.value = decodeURIComponent(fields[share][0]);
+    document.shares.description.value = decodeURIComponent(fields[share][1]);
 }
 
 function clearForm()
@@ -55,7 +55,7 @@
 </script>
 
 <form method="post" name="shares" action="<?php echo Horde::applicationUrl('notepads.php') ?>" onsubmit="return checkSubmit()">
-<input type="hidden" name="actionID" value="save"/>
+<input type="hidden" name="actionID" value="save" />
 
 <table width="100%" cellspacing="0">
 <tr><td class="header" align="left"><b><?php echo _("Notepads") ?></b></td></tr>
@@ -66,7 +66,7 @@
 <select name="share" onchange="javascript:newChoice()">
   <option value="-1"><?php echo _("Select a notepad") ?></option>
 <?php foreach ($personal_notepads as $id => $notepad): ?>
-  <option value="<?php echo $id ?>"><?php echo $notepad->get('name') ?></option>
+  <option value="<?php echo htmlspecialchars($id) ?>"><?php echo htmlspecialchars($notepad->get('name')) ?></option>
 <?php endforeach; ?>
 </select>
 </td></tr>
@@ -75,7 +75,7 @@
 
 <tr valign="top"><td class="item">
 
-<input type="hidden" name="edit_share" value="<?php echo isset($to_edit) ? $to_edit : '' ?>" />
+<input type="hidden" name="edit_share" value="<?php echo isset($to_edit) ? htmlspecialchars($to_edit) : '' ?>" />
 <?php echo _("Notepad's name:") ?><br />
 <input name="id" size="30" maxlength="60" /><br />
 
@@ -83,11 +83,11 @@
 <br />
 
 <?php echo _("Description:") ?><br />
-<textarea wrap="hard" name="description" rows="6" cols="80"></textarea><br />
+<textarea name="description" rows="6" cols="80"></textarea><br />
 
 </td></tr></table></td></tr>
 <tr>
-  <td valign="middle">
+  <td>
     <table width="100%">
     <tr>
       <td>


--- orig/docs/RELEASE_NOTES
+++ mod/docs/RELEASE_NOTES
@@ -12,41 +12,36 @@
  * 8 - Minor security fixes
  * 9 - Major security fixes
  */
-$this->notes['fm']['focus'] = 4;
+$this->notes['fm']['focus'] = 8;
 
 /* Mailing list release notes. */
 $this->notes['ml']['changes'] = <<<ML
 The Horde Team is pleased to announce the final release of the Mnemo Note
-Manager version H3 (2.0.2).
+Manager version H3 (2.0.3).
+
+This is a security release that fixes cross site scripting
+vulnerabilities in several of the notepad name and note data
+fields. None of the vulnerabilities can be exploited by
+unauthenticated users; however, we strongly recommend that all users
+of Mnemo 2.0.2 upgrade to 2.0.3 as soon as possible.
+
+Many thanks to Johannes Greil of SEC Consult
+(http://www.sec-consult.com/) for reporting these problems and working
+with us to test the fixes.
 
 The Mnemo Note Manager is the Horde notes/memos application.  It provides
 web-based notes and freeform text, similar to the PalmOS Note application and
 shared notepads.  It requires the Horde Application Framework and an SQL
 database for backend storage.
 
-Major changes compared to the Mnemo version H3 (2.0.2-RC1) are:
-    * Allow to import more than one note from vNote data at once.
-    * Fixed warnings with PHP 4.4.0 and 5.0.5.
-    * Updated Finnish, Hungarian, Slovak, and Traditional Chinese
-      translations.
-
-Major changes compared to the Mnemo version H3 (2.0.1) are:
-    * Added PostgreSQL upgrade script.
-    * Use bind variables in SQL driver.
-    * Added Japanese translation.
-    * Updated Brazilian Portuguese, Dutch, Finnish, German, Hungarian,
-      Italian, Norwegian, Polish, Swedish, and Traditional Chinese
-      translations.
+Major changes compared to the Mnemo version H3 (2.0.2) are:
+    * Close several XSS vulnerabilities with note and notepad data.
 ML;
 
 /* Freshmeat release notes. */
 $this->notes['fm']['changes'] = <<<FM
-A PostgreSQL upgrade script has been added.
-More than one note can be imported from vNote data at once now.
-Bind variables are used now in the SQL driver.
-A Japanese translation has been added and Brazilian Portuguese, Dutch,
-Finnish, German, Hungarian, Italian, Norwegian, Polish, Slovak, Swedish, and
-Traditional Chinese translations have been updated.
+Several XSS vulnerabilities with note and notepad data have been
+closed. The holes closed were only exploitable by authenticated users.
 FM;
 
 $this->notes['name'] = 'Mnemo';




More information about the pkg-horde-hackers mailing list