XSS fixes
[squirrelmail.git] / functions / url_parser.php
1 <?php
3 /**
4 * url_parser.php
5 *
6 * Copyright (c) 1999-2005 The SquirrelMail Project Team
7 * Licensed under the GNU GPL. For full terms see the file COPYING.
8 *
9 * This code provides various string manipulation functions that are
10 * used by the rest of the SquirrelMail code.
11 *
12 * @version $Id$
13 * @package squirrelmail
14 */
16 /**
17 * Undocumented - complain, then patch.
18 */
19 function replaceBlock (&$in, $replace, $start, $end) {
20 $begin = substr($in,0,$start);
21 $end = substr($in,$end,strlen($in)-$end);
22 $in = $begin.$replace.$end;
23 }
25 /* Having this defined in just one spot could help when changes need
26 * to be made to the pattern
27 * Make sure that the expression is evaluated case insensitively
28 *
29 * RFC2822 (and RFC822) defines the left side of an email address as (roughly):
30 * 1*atext *("." 1*atext)
31 * where atext is: a-zA-Z0-9!#$%&'*+-/=?^_`{|}~
32 *
33 * Here's pretty sophisticated IP matching:
34 * $IPMatch = '(2[0-5][0-9]|1?[0-9]{1,2})';
35 * $IPMatch = '\[?' . $IPMatch . '(\.' . $IPMatch . '){3}\]?';
36 */
37 /* Here's enough: */
38 global $IP_RegExp_Match, $Host_RegExp_Match, $Email_RegExp_Match;
39 $IP_RegExp_Match = '\\[?[0-9]{1,3}(\\.[0-9]{1,3}){3}\\]?';
40 $Host_RegExp_Match = '(' . $IP_RegExp_Match .
41 '|[0-9a-z]([-.]?[0-9a-z])*\\.[a-z][a-z]+)';
42 $atext = '([a-z0-9!#$&%*+/=?^_`{|}~-]|&amp;)';
43 $dot_atom = $atext . '+(\.' . $atext . '+)*';
44 $Email_RegExp_Match = $dot_atom . '(%' . $Host_RegExp_Match . ')?@' .
45 $Host_RegExp_Match;
47 /**
48 * Parses a body and converts all found email addresses to clickable links.
49 *
50 * @param string body the body to process, by ref
51 * @return int the number of unique addresses found
52 */
53 function parseEmail (&$body) {
54 global $Email_RegExp_Match;
55 $sbody = $body;
56 $addresses = array();
58 /* Find all the email addresses in the body */
59 while(eregi($Email_RegExp_Match, $sbody, $regs)) {
60 $addresses[$regs[0]] = strtr($regs[0], array('&amp;' => '&'));
61 $start = strpos($sbody, $regs[0]) + strlen($regs[0]);
62 $sbody = substr($sbody, $start);
63 }
65 /* Replace each email address with a compose URL */
66 foreach ($addresses as $text => $email) {
67 $comp_uri = makeComposeLink('src/compose.php?send_to='.urlencode($email), $text);
68 $body = str_replace($text, $comp_uri, $body);
69 }
71 /* Return number of unique addresses found */
72 return count($addresses);
73 }
76 /* We don't want to re-initialize this stuff for every line. Save work
77 * and just do it once here.
78 */
79 global $url_parser_url_tokens;
80 $url_parser_url_tokens = array(
81 'http://',
82 'https://',
83 'ftp://',
84 'telnet:', // Special case -- doesn't need the slashes
85 'mailto:', // Special case -- doesn't use the slashes
86 'gopher://',
87 'news://');
89 global $url_parser_poss_ends;
90 $url_parser_poss_ends = array(' ', "\n", "\r", '<', '>', ".\r", ".\n",
91 '.&nbsp;', '&nbsp;', ')', '(', '&quot;', '&lt;', '&gt;', '.<',
92 ']', '[', '{', '}', "\240", ', ', '. ', ",\n", ",\r");
95 /**
96 * rfc 2368 (mailto URL) preg_match() regexp
97 * @link http://www.ietf.org/rfc/rfc2368.txt
98 * @global string MailTo_PReg_Match the encapsulated regexp for preg_match()
99 */
100 global $MailTo_PReg_Match;
101 $Mailto_Email_RegExp = '[0-9a-z%]([-_.+%]?[0-9a-z])*(%' . $Host_RegExp_Match . ')?@' . $Host_RegExp_Match;
102 $MailTo_PReg_Match = '/((?:' . $Mailto_Email_RegExp . ')*)((?:\?(?:to|cc|bcc|subject|body)=[^\s\?&=,()]+)?(?:&amp;(?:to|cc|bcc|subject|body)=[^\s\?&=,()]+)*)/i';
104 /**
105 * Parses a body and converts all found URLs to clickable links.
106 *
107 * @param string body the body to process, by ref
108 * @return void
109 */
110 function parseUrl (&$body) {
111 global $url_parser_poss_ends, $url_parser_url_tokens;
112 $start = 0;
113 $blength = strlen($body);
115 while ($start < $blength) {
116 $target_token = '';
117 $target_pos = $blength;
119 /* Find the first token to replace */
120 foreach ($url_parser_url_tokens as $the_token) {
121 $pos = strpos(strtolower($body), $the_token, $start);
122 if (is_int($pos) && $pos < $target_pos) {
123 $target_pos = $pos;
124 $target_token = $the_token;
125 }
126 }
128 /* Look for email addresses between $start and $target_pos */
129 $check_str = substr($body, $start, $target_pos-$start);
131 if (parseEmail($check_str)) {
132 replaceBlock($body, $check_str, $start, $target_pos);
133 $blength = strlen($body);
134 $target_pos = strlen($check_str) + $start;
135 }
137 /* If there was a token to replace, replace it */
138 if ($target_token == 'mailto:') { // rfc 2368 (mailto URL)
139 $target_pos += 7; //skip mailto:
140 $end = $blength;
142 $mailto = substr($body, $target_pos, $end-$target_pos);
144 global $MailTo_PReg_Match;
145 if ((preg_match($MailTo_PReg_Match, $mailto, $regs)) && ($regs[0] != '')) {
146 //sm_print_r($regs);
147 $mailto_before = $target_token . $regs[0];
148 $mailto_params = $regs[10];
149 if ($regs[1]) { //if there is an email addr before '?', we need to merge it with the params
150 $to = 'to=' . $regs[1];
151 if (strpos($mailto_params, 'to=') > -1) //already a 'to='
152 $mailto_params = str_replace('to=', $to . '%2C%20', $mailto_params);
153 else {
154 if ($mailto_params) //already some params, append to them
155 $mailto_params .= '&amp;' . $to;
156 else
157 $mailto_params .= '?' . $to;
158 }
159 }
160 $url_str = preg_replace(array('/to=/i', '/(?<!b)cc=/i', '/bcc=/i'), array('send_to=', 'send_to_cc=', 'send_to_bcc='), $mailto_params);
161 $comp_uri = makeComposeLink('src/compose.php' . $url_str, $mailto_before);
162 replaceBlock($body, $comp_uri, $target_pos - 7, $target_pos + strlen($regs[0]));
163 $target_pos += strlen($comp_uri) - 7;
164 }
165 }
166 else
167 if ($target_token != '') {
168 /* Find the end of the URL */
169 $end = $blength;
170 foreach ($url_parser_poss_ends as $val) {
171 $enda = strpos($body, $val, $target_pos);
172 if (is_int($enda) && $enda < $end) {
173 $end = $enda;
174 }
175 }
177 /* Extract URL */
178 $url = substr($body, $target_pos, $end-$target_pos);
180 /* Needed since lines are not passed with \n or \r */
181 while ( ereg("[,\.]$", $url) ) {
182 $url = substr( $url, 0, -1 );
183 $end--;
184 }
186 /* Replace URL with HyperLinked Url, requires 1 char in link */
187 if ($url != '' && $url != $target_token) {
188 $url_str = "<a href=\"$url\" target=\"_blank\">$url</a>";
189 replaceBlock($body,$url_str,$target_pos,$end);
190 $target_pos += strlen($url_str);
191 }
192 else {
193 // Not quite a valid link, skip ahead to next chance
194 $target_pos += strlen($target_token);
195 }
196 }
198 /* Move forward */
199 $start = $target_pos;
200 $blength = strlen($body);
201 }
202 }
204 /**
205 * Parses a string and returns the first e-mail address found.
206 *
207 * @param string string the string to process
208 * @return string the first e-mail address found
209 */
210 function getEmail($string) {
211 global $Email_RegExp_Match;
212 $addresses = array();
214 /* Find all the email addresses in the body */
215 while (eregi($Email_RegExp_Match, $string, $regs)) {
216 $addresses[$regs[0]] = strtr($regs[0], array('&amp;' => '&'));
217 $start = strpos($string, $regs[0]) + strlen($regs[0]);
218 $string = substr($string, $start);
219 }
221 /* Return the first address, or an empty string if no address was found */
222 $addresses = array_values($addresses);
223 return (array_key_exists(0, $addresses) ? $addresses[0] : '');
224 }
226 ?>