} else {
$attachments .= ' | ';
}
- $attachments .= '<a href="' . $val['href'] . '">' . $val['text'] . '</a>';
+ $attachments .= '<a href="' . $val['href'] . '">' . (isset($val['text']) && !empty($val['text']) ? $val['text'] : '') . (isset($val['extra']) && !empty($val['extra']) ? $val['extra'] : '') . '</a>';
}
unset($links);
$attachments .= "</td></tr>\n";
* not affect them working as should be, however it will stop
* IE from being kicked off when src for img tags are not set
*/
- if (($attname == 'src') && ($attvalue = '""')) {
+ if (($attname == 'src') && ($attvalue == '""')) {
$attary{$attname} = '"' . SM_PATH . 'images/blank.png"';
}
* If we couldn't generate a proper img url, drop in a blank image
* instead of sending back empty, otherwise it causes unusual behaviour
*/
- $httpurl = $quotechar . SM_PATH . 'images/blank.png';
+ $httpurl = $quotchar . SM_PATH . 'images/blank.png';
}
return $httpurl;
*
* @param $body the body of the message
* @param $id the id of the message
+* @param $message
+* @param $mailbox
+* @param boolean $take_mailto_links When TRUE, converts mailto: links
+* into internal SM compose links
+* (optional; default = TRUE)
* @return a string with html safe to display in the browser.
*/
-function magicHTML($body, $id, $message, $mailbox = 'INBOX') {
+function magicHTML($body, $id, $message, $mailbox = 'INBOX', $take_mailto_links = true) {
+
+ require_once(SM_PATH . 'functions/url_parser.php'); // for $MailTo_PReg_Match
+
global $attachment_common_show_images, $view_unsafe_images,
$has_unsafe_images;
+
/**
* Don't display attached images in HTML mode.
*/
"/binding/i",
"/behaviou*r/i",
"/include-source/i",
+ "/position\s*:\s*absolute/i",
"/url\s*\(\s*([\'\"])\s*\S+script\s*:.*([\'\"])\s*\)/si",
"/url\s*\(\s*([\'\"])\s*mocha\s*:.*([\'\"])\s*\)/si",
"/url\s*\(\s*([\'\"])\s*about\s*:.*([\'\"])\s*\)/si",
"idiocy",
"idiocy",
"idiocy",
+ "",
"url(\\1#\\1)",
"url(\\1#\\1)",
"url(\\1#\\1)",
$add_attr_to_tag = Array(
"/^a$/i" =>
- Array('target'=>'"_new"',
+ Array('target'=>'"_blank"',
'title'=>'"'._("This external link will open in a new window").'"'
)
);
if (preg_match("|$secremoveimg|i", $trusted)){
$has_unsafe_images = true;
}
+
+
+ // we want to parse mailto's in HTML output, change to SM compose links
+ // this is a modified version of code from url_parser.php... but Marc is
+ // right: we need a better filtering implementation; adding this randomly
+ // here is not a great solution
+ //
+ if ($take_mailto_links) {
+ // parseUrl($trusted); // this even parses URLs inside of tags... too aggressive
+ global $MailTo_PReg_Match;
+ $MailTo_PReg_Match = '/mailto:' . substr($MailTo_PReg_Match, 1);
+ if ((preg_match_all($MailTo_PReg_Match, $trusted, $regs)) && ($regs[0][0] != '')) {
+ foreach ($regs[0] as $i => $mailto_before) {
+ $mailto_params = $regs[10][$i];
+
+ // get rid of any tailing quote since we have to add send_to to the end
+ //
+ if (substr($mailto_before, strlen($mailto_before) - 1) == '"')
+ $mailto_before = substr($mailto_before, 0, strlen($mailto_before) - 1);
+ if (substr($mailto_params, strlen($mailto_params) - 1) == '"')
+ $mailto_params = substr($mailto_params, 0, strlen($mailto_params) - 1);
+
+ if ($regs[1][$i]) { //if there is an email addr before '?', we need to merge it with the params
+ $to = 'to=' . $regs[1][$i];
+ if (strpos($mailto_params, 'to=') > -1) //already a 'to='
+ $mailto_params = str_replace('to=', $to . '%2C%20', $mailto_params);
+ else {
+ if ($mailto_params) //already some params, append to them
+ $mailto_params .= '&' . $to;
+ else
+ $mailto_params .= '?' . $to;
+ }
+ }
+
+ $url_str = preg_replace(array('/to=/i', '/(?<!b)cc=/i', '/bcc=/i'), array('send_to=', 'send_to_cc=', 'send_to_bcc='), $mailto_params);
+
+ // we'll already have target=_blank, no need to allow comp_in_new
+ // here (which would be a lot more work anyway)
+ //
+ global $compose_new_win;
+ $temp_comp_in_new = $compose_new_win;
+ $compose_new_win = 0;
+ $comp_uri = makeComposeLink('src/compose.php' . $url_str, $mailto_before);
+ $compose_new_win = $temp_comp_in_new;
+
+ // remove <a href=" and anything after the next quote (we only
+ // need the uri, not the link HTML) in compose uri
+ //
+ $comp_uri = substr($comp_uri, 9);
+ $comp_uri = substr($comp_uri, 0, strpos($comp_uri, '"', 1));
+ $trusted = str_replace($mailto_before, $comp_uri, $trusted);
+ }
+ }
+ }
+
return $trusted;
}