X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Fmime.php;h=0a7326c491a9cbd2ca5db47d95df84aa3764cb26;hb=7e235a1a75c0544d1b41270f54568990b3af112a;hp=3c2f125c06367bec354e033a0db0c41ba7e48ce0;hpb=e5ea9327e412368d6a51ee814b1ff7869b2bfd9d;p=squirrelmail.git
diff --git a/functions/mime.php b/functions/mime.php
index 3c2f125c..0a7326c4 100644
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -420,7 +420,7 @@ function mime_fetch_body($imap_stream, $id, $ent_id ) {
* if ( $base <> '' ) {
* $ret = "" . $ret;
* }
-* */
+* */
}
} else if (ereg('"([^"]*)"', $topline, $regs)) {
$ret = $regs[1];
@@ -553,6 +553,7 @@ function findDisplayEntity ($message, $textOnly = 1) {
if ($message) {
if ( $message->header->type0 == 'multipart' &&
( $message->header->type1 == 'alternative' ||
+ $message->header->type1 == 'mixed' ||
$message->header->type1 == 'related' ) &&
$show_html_default && ! $textOnly ) {
$entity = findDisplayEntityHTML($message);
@@ -604,24 +605,26 @@ function formatBody($imap_stream, $message, $color, $wrap_at) {
// this if statement checks for the entity to show as the
// primary message. To add more of them, just put them in the
// order that is their priority.
- global $startMessage, $username, $key, $imapServerAddress, $imapPort,
- $show_html_default;
-
+ global $startMessage, $username, $key, $imapServerAddress, $imapPort, $body,
+ $show_html_default, $has_unsafe_images, $view_unsafe_images, $sort;
+
+ $has_unsafe_images = 0;
+
$id = $message->header->id;
$urlmailbox = urlencode($message->header->mailbox);
-
+
// Get the right entity and redefine message to be this entity
// Pass the 0 to mean that we want the 'best' viewable one
$ent_num = findDisplayEntity ($message, 0);
$body_message = getEntity($message, $ent_num);
if (($body_message->header->type0 == 'text') ||
($body_message->header->type0 == 'rfc822')) {
-
+
$body = mime_fetch_body ($imap_stream, $id, $ent_num);
$body = decodeBody($body, $body_message->header->encoding);
$hookResults = do_hook("message_body", $body);
$body = $hookResults[1];
-
+
// If there are other types that shouldn't be formatted, add
// them here
if ($body_message->header->type1 == 'html') {
@@ -636,6 +639,13 @@ function formatBody($imap_stream, $message, $color, $wrap_at) {
}
$body .= "". _("Download this as a file") ."
";
+ if ($has_unsafe_images) {
+ if ($view_unsafe_images) {
+ $body .= "". _("Hide Unsafe Images") ."
\n";
+ } else {
+ $body .= "". _("View Unsafe Images") ."
\n";
+ }
+ }
/** Display the ATTACHMENTS: message if there's more than one part **/
if (isset($message->entities[0])) {
@@ -895,10 +905,18 @@ function MagicHTML( $body, $id ) {
$tag .= $body{$pos};
$pos ++;
}
+ /*
+ A comment in HTML is only three characters and isn't
+ guaranteed to have a space after it. This fudges so
+ it will be caught by the switch statement.
+ */
+ if (ereg("!--", $tag)) {
+ $tag = "!-- ";
+ }
switch( strtoupper( $tag ) ) {
// Strips the entire tag and contents
case 'APPL':
- case 'EMBB':
+ case 'EMBE':
case 'FRAM':
case 'SCRI':
case 'OBJE':
@@ -1013,8 +1031,21 @@ function MagicHTML( $body, $id ) {
$ret .= '';
break;
case 'BASE':
- $i += 5;
+ $i += 4;
$base = '';
+ if ( strncasecmp($body{$i}, 'font', 4) ) {
+ $i += 5;
+ while ( !isNoSep( $body{$i} ) && $i < $j ) {
+ $i++;
+ }
+ while ( $body{$i} <> '>' && $i < $j ) {
+ $base .= $body{$i};
+ $i++;
+ }
+ $ret .= "\n";
+ break;
+ }
+ $i++;
while ( !isNoSep( $body{$i} ) &&
$i < $j ) {
$i++;
@@ -1059,11 +1090,11 @@ function MagicHTML( $body, $id ) {
return( "\n\n\n" .
$ret .
- /* Base is illegal within HTML
+ /* Base is illegal within HTML
"\n\n\n" );
- */
+ */
"\n\n\n" );
}
@@ -1131,7 +1162,7 @@ change on with no (onload -> noload)
function stripEvent( &$i, $j, &$body, $id, $base ) {
- global $message, $base_uri;
+ global $message, $base_uri, $has_unsafe_images, $view_unsafe_images;
$ret = '';
@@ -1158,19 +1189,24 @@ function stripEvent( &$i, $j, &$body, $id, $base ) {
$src .= $body{$k};
$k++;
}
+ $k++;
while( !isNoSep( $body{$k} ) &&
$k < $j ) {
$k++;
}
+ $k++;
if ( strtolower( substr( $src, 0, 4 ) ) == 'cid:' ) {
$src = substr( $src, 4 );
$src = "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=" .
urlencode( $message->header->mailbox ) .
- "&passed_ent_id=" . find_ent_id( $src, $message );
- } else if ( strtolower( substr( $src, 0, 4 ) ) <> 'http' ||
+ "&passed_ent_id=" . find_ent_id( $src, $message );
+ } else if ( strtolower( substr( $src, 0, 4 ) ) <> 'http' ||
stristr( $src, $base_uri ) ) {
/* Javascript and local urls goes out */
- $src = '../images/' . _("sec_remove_eng.png");
+ if (!$view_unsafe_images) {
+ $src = '../images/' . _("sec_remove_eng.png");
+ }
+ $has_unsafe_images = 1;
}
$ret .= 'src="' . $src . '" ';
$i = $k - 2;