X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;ds=sidebyside;f=functions%2Fmime.php;h=48866d6dff9a16853b566c7fe8d7612458cc48aa;hb=4c25967cf60837ef60fcc73321d10a08db5488f0;hp=d2e88463ce6da95afb4fcdd2fa908fca19838fd4;hpb=a171b3591163cb893aa084582fa2a1fc76676dcd;p=squirrelmail.git diff --git a/functions/mime.php b/functions/mime.php index d2e88463..48866d6d 100644 --- a/functions/mime.php +++ b/functions/mime.php @@ -3,7 +3,7 @@ /** * mime.php * - * Copyright (c) 1999-2002 The SquirrelMail Project Team + * Copyright (c) 1999-2003 The SquirrelMail Project Team * Licensed under the GNU GPL. For full terms see the file COPYING. * * This contains the functions necessary to detect and decode MIME @@ -12,8 +12,8 @@ * $Id$ */ -require_once('../functions/imap.php'); -require_once('../functions/attachment_common.php'); +require_once(SM_PATH . 'functions/imap.php'); +require_once(SM_PATH . 'functions/attachment_common.php'); /* --------------------------------------------------------------------------------- */ /* MIME DECODING */ @@ -29,23 +29,21 @@ function mime_structure ($bodystructure, $flags=array()) { /* Isolate the body structure and remove beginning and end parenthesis. */ $read = trim(substr ($bodystructure, strpos(strtolower($bodystructure), 'bodystructure') + 13)); $read = trim(substr ($read, 0, -1)); - $msg =& new Message(); - $res = $msg->parseStructure($read); - $msg = $res[0]; + $i = 0; + $msg = Message::parseStructure($read,$i); if (!is_object($msg)) { - include_once( '../functions/display_messages.php' ); + include_once(SM_PATH . 'functions/display_messages.php'); global $color, $mailbox; displayPageHeader( $color, urldecode($mailbox) ); echo "\n\n" . '
'; - $errormessage = _("Squirrelmail could not decode the bodystructure of the message"); + $errormessage = _("SquirrelMail could not decode the bodystructure of the message"); $errormessage .= '
'._("the provided bodystructure by your imap-server").':

'; $errormessage .= '
' . htmlspecialchars($read) . '
'; plain_error_message( $errormessage, $color ); echo ''; exit; } - $msg->setEnt('0'); if (count($flags)) { foreach ($flags as $flag) { $char = strtoupper($flag{1}); @@ -84,6 +82,8 @@ function mime_structure ($bodystructure, $flags=array()) { return $msg; } + + /* This starts the parsing of a particular structure. It is called recursively, * so it can be passed different structures. It returns an object of type * $message. @@ -93,15 +93,16 @@ function mime_structure ($bodystructure, $flags=array()) { * to mime_get_elements() */ -function mime_fetch_body($imap_stream, $id, $ent_id) { +function mime_fetch_body($imap_stream, $id, $ent_id=1) { global $uid_support; /* Do a bit of error correction. If we couldn't find the entity id, just guess * that it is the first one. That is usually the case anyway. */ if (!$ent_id) { - $ent_id = 1; + $cmd = "FETCH $id BODY[]"; + } else { + $cmd = "FETCH $id BODY[$ent_id]"; } - $cmd = "FETCH $id BODY[$ent_id]"; $data = sqimap_run_command ($imap_stream, $cmd, true, $response, $message, $uid_support); do { @@ -134,14 +135,12 @@ function mime_fetch_body($imap_stream, $id, $ent_id) { echo '
' . '' . '' . - '" . - '" . - '" . - '" . + '" . + '" . + '" . + '" . "
' . - _("Body retrieval error. The reason for this is most probably that the message is malformed. Please help us making future versions better by submitting this message to the developers knowledgebase!") . - "
" . - _("Submit message") . '
 ' . + _("Body retrieval error. The reason for this is most probably that the message is malformed.") . '
' . _("Command:") . "$cmd
' . _("Response:") . "$response
' . _("Message:") . "$message
' . _("FETCH line:") . "$topline
' . _("Command:") . "$cmd
' . _("Response:") . "$response
' . _("Message:") . "$message
' . _("FETCH line:") . "$topline

"; $data = sqimap_run_command ($imap_stream, "FETCH $passed_id BODY[]", true, $response, $message, $uid_support); @@ -153,14 +152,9 @@ function mime_fetch_body($imap_stream, $id, $ent_id) { return $ret; } -function mime_print_body_lines ($imap_stream, $id, $ent_id, $encoding) { +function mime_print_body_lines ($imap_stream, $id, $ent_id=1, $encoding) { global $uid_support; - /* Do a bit of error correction. If we couldn't find the entity id, just guess - * that it is the first one. That is usually the case anyway. - */ - if (!$ent_id) { - $ent_id = 1; - } + $sid = sqimap_session_id($uid_support); /* Don't kill the connection if the browser is over a dialup * and it would take over 30 seconds to download it. @@ -268,7 +262,7 @@ function translateText(&$body, $wrap_at, $charset) { global $where, $what; /* from searching */ global $color; /* color theme */ - require_once('../functions/url_parser.php'); + require_once(SM_PATH . 'functions/url_parser.php'); $body_ary = explode("\n", $body); for ($i=0; $i < count($body_ary); $i++) { @@ -277,6 +271,7 @@ function translateText(&$body, $wrap_at, $charset) { sqWordWrap($line, $wrap_at); } $line = charset_decode($charset, $line); + $line = htmlspecialchars($line); $line = str_replace("\t", ' ', $line); parseUrl ($line); @@ -296,16 +291,16 @@ function translateText(&$body, $wrap_at, $charset) { } } - if ($quotes > 1) { - if (!isset($color[14])) { - $color[14] = '#FF0000'; - } - $line = '' . $line . ''; - } elseif ($quotes) { + if ($quotes % 2) { if (!isset($color[13])) { $color[13] = '#800000'; } - $line = '' . $line . ''; + $line = '' . $line . ''; + } elseif ($quotes) { + if (!isset($color[14])) { + $color[14] = '#FF0000'; + } + $line = '' . $line . ''; } $body_ary[$i] = $line; @@ -325,9 +320,12 @@ function formatBody($imap_stream, $message, $color, $wrap_at, $ent_num, $id, $ma * order that is their priority. */ global $startMessage, $username, $key, $imapServerAddress, $imapPort, - $show_html_default, $has_unsafe_images, $view_unsafe_images, $sort; + $show_html_default, $sort, $has_unsafe_images, $passed_ent_id; + + if( !sqgetGlobalVar('view_unsafe_images', $view_unsafe_images, SQ_GET) ) { + $view_unsafe_images = false; + } - $has_unsafe_images= 0; $body = ''; $urlmailbox = urlencode($mailbox); $body_message = getEntity($message, $ent_num); @@ -363,18 +361,24 @@ function formatBody($imap_stream, $message, $color, $wrap_at, $ent_num, $id, $ma translateText($body, $wrap_at, $body_message->header->getParameter('charset')); } - - if ($has_unsafe_images) { - if ($view_unsafe_images) { - $untext = '">' . _("Hide Unsafe Images"); - } else { - $untext = '&view_unsafe_images=1">' . _("View Unsafe Images"); - } - $body .= '
'.$text. + '

' . "\n"; } return $body; } @@ -406,7 +410,9 @@ function formatAttachments($message, $exclude_id, $mailbox, $id) { $default_page = '../src/read_body.php'; $rfc822_header = $att->rfc822_header; $filename = decodeHeader($rfc822_header->subject); - + if (trim( $filename ) == '') { + $filename = 'untitled-[' . $ent . ']' ; + } $from_o = $rfc822_header->from; if (is_object($from_o)) { $from_name = $from_o->getAddress(false); @@ -422,23 +428,30 @@ function formatAttachments($message, $exclude_id, $mailbox, $id) { if (trim($filename) == '') { $name = decodeHeader($header->disposition->getProperty('name')); if (trim($name) == '') { - if (trim( $header->id ) == '') { - $filename = 'untitled-[' . $ent . ']' ; + $name = decodeHeader($header->getParameter('name')); + if(trim($name) == '') { + if (trim( $header->id ) == '') { + $filename = 'untitled-[' . $ent . ']' ; + } else { + $filename = 'cid: ' . $header->id; + } } else { - $filename = 'cid: ' . $header->id; + $filename = $name; } } else { $filename = $name; } } } else { - if (trim( $header->id ) == '') { - $filename = 'untitled-[' . $ent . ']' ; - } else { - $filename = 'cid: ' . $header->id; - } - } - + $filename = decodeHeader($header->getParameter('name')); + if (!trim($filename)) { + if (trim( $header->id ) == '') { + $filename = 'untitled-[' . $ent . ']' ; + } else { + $filename = 'cid: ' . $header->id; + } + } + } if ($header->description) { $description = htmlspecialchars($header->description); } else { @@ -454,9 +467,9 @@ function formatAttachments($message, $exclude_id, $mailbox, $id) { } $defaultlink = $default_page . "?startMessage=$startMessage" . "&passed_id=$id&mailbox=$urlMailbox" - . '&ent_id='.$ent.$passed_ent_id_link; + . '&ent_id='.$ent.$passed_ent_id_link.'&absolute_dl=true'; if ($where && $what) { - $defaultlink = '&where='. urlencode($where).'&what='.urlencode($what); + $defaultlink .= '&where='. urlencode($where).'&what='.urlencode($what); } /* This executes the attachment hook with a specific MIME-type. * If that doesn't have results, it tries if there's a rule @@ -475,7 +488,7 @@ function formatAttachments($message, $exclude_id, $mailbox, $id) { $defaultlink = $hookresults[6]; $attachments .= '' . - "$display_filename " . + ''.htmlspecialchars($display_filename).' ' . '' . show_readable_size($header->size) . '  ' . "[ $type0/$type1 ] " . @@ -554,6 +567,8 @@ function decodeHeader ($string, $utfencode=true) { if (ucfirst($res[4]) == 'B') { $replace = base64_decode($res[5]); + $replace = charset_decode($res[3],$replace); + } else { $replace = str_replace('_', ' ', $res[5]); $replace = preg_replace('/=([0-9a-f]{2})/ie', 'chr(hexdec("\1"))', @@ -628,9 +643,9 @@ function find_ent_id($id, $message) { $ret = find_ent_id($id, $message->entities[$i]); } else { if (strcasecmp($message->entities[$i]->header->id, $id) == 0) { - if (sq_check_save_extension($message->entities[$i])) { +// if (sq_check_save_extension($message->entities[$i])) { return $message->entities[$i]->entity_id; - } +// } } } } @@ -1482,7 +1497,7 @@ function sq_sanitize($body, * @param $id the id of the message * @return a string with html safe to display in the browser. */ -function magicHTML($body, $id, $message, $mailbox = 'INBOX'){ +function magicHTML($body, $id, $message, $mailbox = 'INBOX') { global $attachment_common_show_images, $view_unsafe_images, $has_unsafe_images; /** @@ -1496,7 +1511,9 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX'){ "html", "head", "base", - "link" + "link", + "frame", + "iframe" ); $rm_tags_with_content = Array( @@ -1582,6 +1599,9 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX'){ ) ) ); + if( !sqgetGlobalVar('view_unsafe_images', $view_unsafe_images, SQ_GET) ) { + $view_unsafe_images = false; + } if (!$view_unsafe_images){ /** * Remove any references to http/https if view_unsafe_images set