Replacing deprecated HTML "center" element.

[squirrelmail.git] / functions / mime.php

diff --git a/functions/mime.php b/functions/mime.php
index 682d3cb3ec330311ef9ad5ed67a3080e63788243..d8ab3cbdbe31f1c0ef590343b4c92ec1ff30f501 100644 (file)
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -6,7 +6,7 @@
  * This contains the functions necessary to detect and decode MIME
  * messages.
  *
- * @copyright © 1999-2005 The SquirrelMail Project Team
+ * @copyright © 1999-2006 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -451,7 +451,7 @@ function formatBody($imap_stream, $message, $color, $wrap_at, $ent_num, $id, $ma
         if (isset($passed_ent_id)) {
             $link .= '&passed_ent_id='.$passed_ent_id;
         }
-        $body .= '<center><small><a href="download.php?absolute_dl=true&amp;' .
+        $body .= '<div style="text-align: center;"><small><a href="download.php?absolute_dl=true&amp;' .
             $link . '">' . _("Download this as a file") .  '</a>';
         if ($view_unsafe_images) {
             $text = _("Hide Unsafe Images");
@@ -466,7 +466,7 @@ function formatBody($imap_stream, $message, $color, $wrap_at, $ent_num, $id, $ma
         if($text != '') {
             $body .= '&nbsp;|&nbsp;<a href="read_body.php?' . $link . '">' . $text . '</a>';
         }
-        $body .= '</small></center><br />' . "\n";
+        $body .= '</small></div><br />' . "\n";
     }
     return $body;
 }
@@ -1746,11 +1746,12 @@ function sq_fixstyle($body, $pos, $message, $id, $mailbox){
      * Fix stupid css declarations which lead to vulnerabilities
      * in IE.
      */
-    $match   = Array('/expression/i',
+    $match   = Array('/\/\*.*\*\//',
+                    '/expression/i',
                     '/behaviou*r/i',
                     '/binding/i',
                     '/include-source/i');
-    $replace = Array('idiocy', 'idiocy', 'idiocy', 'idiocy');
+    $replace = Array('','idiocy', 'idiocy', 'idiocy', 'idiocy');
     $contentNew = preg_replace($match, $replace, $contentTemp);
     if ($contentNew !== $contentTemp) {
         // insecure css declarations are used. From now on we don't care
@@ -2148,6 +2149,7 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX', $take_mailto_links
         "/^style/i" =>
             Array(
                 Array(
+                    "/\/\*.*\*\//",
                     "/expression/i",
                     "/binding/i",
                     "/behaviou*r/i",
@@ -2159,6 +2161,7 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX', $take_mailto_links
                     "/(.*)\s*:\s*url\s*\(\s*([\'\"]*)\s*\S+script\s*:.*([\'\"]*)\s*\)/si"
                     ),
                 Array(
+                    "",
                     "idiocy",
                     "idiocy",
                     "idiocy",
@@ -2283,18 +2286,18 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX', $take_mailto_links
  */
 function SendDownloadHeaders($type0, $type1, $filename, $force, $filesize=0) {
     global $languages, $squirrelmail_language;
-    $isIE = $isIE6 = 0;
+    $isIE = $isIE6plus = false;
 
     sqgetGlobalVar('HTTP_USER_AGENT', $HTTP_USER_AGENT, SQ_SERVER);
 
     if (strstr($HTTP_USER_AGENT, 'compatible; MSIE ') !== false &&
             strstr($HTTP_USER_AGENT, 'Opera') === false) {
-        $isIE = 1;
+        $isIE = true;
     }
 
-    if (strstr($HTTP_USER_AGENT, 'compatible; MSIE 6') !== false &&
-            strstr($HTTP_USER_AGENT, 'Opera') === false) {
-        $isIE6 = 1;
+    if (preg_match('/compatible; MSIE ([0-9]+)/', $HTTP_USER_AGENT, $match) &&
+        ((int)$match[1]) >= 6 && strstr($HTTP_USER_AGENT, 'Opera') === false) {
+        $isIE6plus = true;
     }
 
     if (isset($languages[$squirrelmail_language]['XTRA_CODE']) &&
@@ -2351,7 +2354,7 @@ function SendDownloadHeaders($type0, $type1, $filename, $force, $filesize=0) {
         // "attachment"... does it apply to inline too?
         header ("Content-Disposition: attachment; filename=\"$filename\"");
 
-        if ($isIE && !$isIE6) {
+        if ($isIE && !$isIE6plus) {
             // This combination seems to work mostly.  IE 5.5 SP 1 has
             // known issues (see the Microsoft Knowledge Base)