X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Fmime.php;h=8f232695cf8c902030d2fd44d52b36373c42141a;hb=ca885a4ff4cc1175af8db97bab02f7aa74ced73a;hp=682d3cb3ec330311ef9ad5ed67a3080e63788243;hpb=758a7889b6548017a46017278d03e812658d71c1;p=squirrelmail.git
diff --git a/functions/mime.php b/functions/mime.php
index 682d3cb3..8f232695 100644
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -6,7 +6,7 @@
* This contains the functions necessary to detect and decode MIME
* messages.
*
- * @copyright © 1999-2005 The SquirrelMail Project Team
+ * @copyright © 1999-2006 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
@@ -334,7 +334,8 @@ function formatBody($imap_stream, $message, $color, $wrap_at, $ent_num, $id, $ma
* order that is their priority.
*/
global $startMessage, $languages, $squirrelmail_language,
- $show_html_default, $sort, $has_unsafe_images, $passed_ent_id, $use_iframe,$iframe_height;
+ $show_html_default, $sort, $has_unsafe_images, $passed_ent_id,
+ $use_iframe, $iframe_height, $download_and_unsafe_link;
// workaround for not updated config.php
if (! isset($use_iframe)) $use_iframe = false;
@@ -445,13 +446,15 @@ function formatBody($imap_stream, $message, $color, $wrap_at, $ent_num, $id, $ma
return $body;
}
+ $download_and_unsafe_link = '';
+
$link = 'passed_id=' . $id . '&ent_id='.$ent_num.
'&mailbox=' . $urlmailbox .'&sort=' . $sort .
'&startMessage=' . $startMessage . '&show_more=0';
if (isset($passed_ent_id)) {
$link .= '&passed_ent_id='.$passed_ent_id;
}
- $body .= '' . _("Download this as a file") . '';
if ($view_unsafe_images) {
$text = _("Hide Unsafe Images");
@@ -464,9 +467,8 @@ function formatBody($imap_stream, $message, $color, $wrap_at, $ent_num, $id, $ma
}
}
if($text != '') {
- $body .= ' | ' . $text . '';
+ $download_and_unsafe_link .= ' | ' . $text . '';
}
- $body .= '
' . "\n";
}
return $body;
}
@@ -516,6 +518,13 @@ function formatAttachments($message, $exclude_id, $mailbox, $id) {
$from_o = $rfc822_header->from;
if (is_object($from_o)) {
$from_name = decodeHeader($from_o->getAddress(false));
+ } elseif (is_array($from_o) && count($from_o) && is_object($from_o[0])) {
+ // something weird happens when a digest message is opened and you return to the digest
+ // now the from object is part of an array. Probably the parseHeader call overwrites the info
+ // retrieved from the bodystructure in a different way. We need to fix this later.
+ // possible starting point, do not fetch header we already have and inspect how
+ // the rfc822_header object behaves.
+ $from_name = decodeHeader($from_o[0]->getAddress(false));
} else {
$from_name = _("Unknown sender");
}
@@ -1692,7 +1701,8 @@ function sq_fixstyle($body, $pos, $message, $id, $mailbox){
// "url(\\1$secremoveimg\\2)", $content);
// remove NUL
$content = str_replace("\0", "", $content);
-
+ // translate ur\l and variations (IE parses that)
+ $content = preg_replace("/(\\\\)?u(\\\\)?r(\\\\)?l(\\\\)?/i", 'url', $content);
// NB I insert NUL characters to keep to avoid an infinite loop. They are removed after the loop.
while (preg_match("/url\s*\(\s*[\'\"]?([^:]+):(.*)?[\'\"]?\s*\)/si", $content, $matches)) {
$sProto = strtolower($matches[1]);
@@ -1746,11 +1756,12 @@ function sq_fixstyle($body, $pos, $message, $id, $mailbox){
* Fix stupid css declarations which lead to vulnerabilities
* in IE.
*/
- $match = Array('/expression/i',
+ $match = Array('/\/\*.*\*\//',
+ '/expression/i',
'/behaviou*r/i',
'/binding/i',
'/include-source/i');
- $replace = Array('idiocy', 'idiocy', 'idiocy', 'idiocy');
+ $replace = Array('','idiocy', 'idiocy', 'idiocy', 'idiocy');
$contentNew = preg_replace($match, $replace, $contentTemp);
if ($contentNew !== $contentTemp) {
// insecure css declarations are used. From now on we don't care
@@ -2148,22 +2159,26 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX', $take_mailto_links
"/^style/i" =>
Array(
Array(
+ "/\/\*.*\*\//",
"/expression/i",
"/binding/i",
"/behaviou*r/i",
"/include-source/i",
"/position\s*:\s*absolute/i",
+ "/(\\\\)?u(\\\\)?r(\\\\)?l(\\\\)?/i",
"/url\s*\(\s*([\'\"])\s*\S+script\s*:.*([\'\"])\s*\)/si",
"/url\s*\(\s*([\'\"])\s*mocha\s*:.*([\'\"])\s*\)/si",
"/url\s*\(\s*([\'\"])\s*about\s*:.*([\'\"])\s*\)/si",
"/(.*)\s*:\s*url\s*\(\s*([\'\"]*)\s*\S+script\s*:.*([\'\"]*)\s*\)/si"
),
Array(
+ "",
"idiocy",
"idiocy",
"idiocy",
"idiocy",
"",
+ "url",
"url(\\1#\\1)",
"url(\\1#\\1)",
"url(\\1#\\1)",
@@ -2283,18 +2298,18 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX', $take_mailto_links
*/
function SendDownloadHeaders($type0, $type1, $filename, $force, $filesize=0) {
global $languages, $squirrelmail_language;
- $isIE = $isIE6 = 0;
+ $isIE = $isIE6plus = false;
sqgetGlobalVar('HTTP_USER_AGENT', $HTTP_USER_AGENT, SQ_SERVER);
if (strstr($HTTP_USER_AGENT, 'compatible; MSIE ') !== false &&
strstr($HTTP_USER_AGENT, 'Opera') === false) {
- $isIE = 1;
+ $isIE = true;
}
- if (strstr($HTTP_USER_AGENT, 'compatible; MSIE 6') !== false &&
- strstr($HTTP_USER_AGENT, 'Opera') === false) {
- $isIE6 = 1;
+ if (preg_match('/compatible; MSIE ([0-9]+)/', $HTTP_USER_AGENT, $match) &&
+ ((int)$match[1]) >= 6 && strstr($HTTP_USER_AGENT, 'Opera') === false) {
+ $isIE6plus = true;
}
if (isset($languages[$squirrelmail_language]['XTRA_CODE']) &&
@@ -2351,7 +2366,7 @@ function SendDownloadHeaders($type0, $type1, $filename, $force, $filesize=0) {
// "attachment"... does it apply to inline too?
header ("Content-Disposition: attachment; filename=\"$filename\"");
- if ($isIE && !$isIE6) {
+ if ($isIE && !$isIE6plus) {
// This combination seems to work mostly. IE 5.5 SP 1 has
// known issues (see the Microsoft Knowledge Base)