X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Fmime.php;h=9573299476485b30265996cdc405c229d91457e2;hb=a9e67ec391e80d1df7fe52c21d7f106ddc3c5583;hp=bca1611490aea34da4004fb137ed98fe94ce6433;hpb=d03c24f441f716ed214a7b8e02820e1c3d168b98;p=squirrelmail.git
diff --git a/functions/mime.php b/functions/mime.php
index bca16114..95732994 100644
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -15,31 +15,6 @@
require_once('../functions/imap.php');
require_once('../functions/attachment_common.php');
-/** Setting up the objects that have the structure for the message **/
-class msg_header {
- /** msg_header contains generic variables for values that **/
- /** could be in a header. **/
-
- var $type0 = '', $type1 = '', $boundary = '', $charset = '',
- $encoding = '', $size = 0, $to = array(), $from = '', $date = '',
- $cc = array(), $bcc = array(), $reply_to = '', $subject = '',
- $id = 0, $mailbox = '', $description = '', $filename = '',
- $entity_id = 0, $message_id = 0, $name = '', $priority = 3;
-}
-
-class message {
- /** message is the object that contains messages. It is a recursive
- object in that through the $entities variable, it can contain
- more objects of type message. See documentation in mime.txt for
- a better description of how this works.
- **/
- var $header = '', $entities = array();
-
- function addEntity ($msg) {
- $this->entities[] = $msg;
- }
-}
-
/* --------------------------------------------------------------------------------- */
/* MIME DECODING */
/* --------------------------------------------------------------------------------- */
@@ -48,38 +23,51 @@ class message {
* It will return this object for use with all relevant header information and
* fully parsed into the standard "message" object format.
*/
-function mime_structure ($imap_stream, $header) {
-
- sqimap_messages_flag ($imap_stream, $header->id, $header->id, 'Seen');
- $ssid = sqimap_session_id();
- $lsid = strlen( $ssid );
- $id = $header->id;
- fputs ($imap_stream, "$ssid FETCH $id BODYSTRUCTURE\r\n");
- //
- // This should use sqimap_read_data instead of reading it itself
- //
- $read = fgets ($imap_stream, 9216);
- $bodystructure = '';
- while ( substr($read, 0, $lsid) <> $ssid &&
- !feof( $imap_stream ) ) {
- $bodystructure .= $read;
- $read = fgets ($imap_stream, 9216);
- }
- $read = $bodystructure;
+
+function mime_structure ($bodystructure, $flags=array()) {
// isolate the body structure and remove beginning and end parenthesis
- $read = trim(substr ($read, strpos(strtolower($read), 'bodystructure') + 13));
+ $read = trim(substr ($bodystructure, strpos(strtolower($bodystructure), 'bodystructure') + 13));
+ $msg = &new message();
$read = trim(substr ($read, 0, -1));
- $end = mime_match_parenthesis(0, $read);
- while ($end == strlen($read)-1) {
- $read = trim(substr ($read, 0, -1));
- $read = trim(substr ($read, 1));
- $end = mime_match_parenthesis(0, $read);
+ $res = $msg->parseStructure($read);
+ $msg = $res[0];
+ $msg->setEnt('0');
+ if (count($flags)) {
+ foreach ($flags as $flag) {
+ $char = strtoupper($flag{1});
+ switch ($char) {
+ case 'S':
+ if (strtolower($flag) == '\\seen') {
+ $msg->is_seen = true;
+ }
+ break;
+ case 'A':
+ if (strtolower($flag) == '\\answered') {
+ $msg->is_answered = true;
+ }
+ break;
+ case 'D':
+ if (strtolower($flag) == '\\deleted') {
+ $msg->is_deleted = true;
+ }
+ break;
+ case 'F':
+ if (strtolower($flag) == '\\flagged') {
+ $msg->is_flagged = true;
+ }
+ break;
+ case 'M':
+ if (strtolower($flag) == '$mdnsent') {
+ $msg->is_mdnsent = true;
+ }
+ break;
+ default:
+ break;
+ }
+ }
}
-
- $msg = mime_parse_structure ($read, 0);
- $msg->header = $header;
-
+ // listEntities($msg);
return( $msg );
}
@@ -91,286 +79,9 @@ function mime_structure ($imap_stream, $header) {
* then it parses it and adds the necessary header information (by calling out
* to mime_get_elements()
*/
-function mime_parse_structure ($structure, $ent_id) {
-
- $msg = new message();
- if ($structure{0} == '(') {
- $ent_id = mime_new_element_level($ent_id);
- $start = $end = -1;
- do {
- $start = $end+1;
- $end = mime_match_parenthesis ($start, $structure);
-
- $element = substr($structure, $start+1, ($end - $start)-1);
- $ent_id = mime_increment_id ($ent_id);
- $newmsg = mime_parse_structure ($element, $ent_id);
- $msg->addEntity ($newmsg);
- } while ($structure{$end+1} == '(');
- } else {
- // parse the elements
- $msg = mime_get_element ($structure, $msg, $ent_id);
- }
- return $msg;
-}
-
-/* Increments the element ID. An element id can look like any of
- * the following: 1, 1.2, 4.3.2.4.1, etc. This function increments
- * the last number of the element id, changing 1.2 to 1.3.
- */
-function mime_increment_id ($id) {
-
- if (strpos($id, '.')) {
- $first = substr($id, 0, strrpos($id, '.'));
- $last = substr($id, strrpos($id, '.')+1);
- $last++;
- $new = $first . '.' .$last;
- } else {
- $new = $id + 1;
- }
-
- return $new;
-}
-
-/*
- * See comment for mime_increment_id().
- * This adds another level on to the entity_id changing 1.3 to 1.3.0
- * NOTE: 1.3.0 is not a valid element ID. It MUST be incremented
- * before it can be used. I left it this way so as not to have
- * to make a special case if it is the first entity_id. It
- * always increments it, and that works fine.
- */
-function mime_new_element_level ($id) {
-
- if (!$id) {
- $id = 0;
- } else {
- $id = $id . '.0';
- }
-
- return( $id );
-}
-
-function mime_get_element (&$structure, $msg, $ent_id) {
-
- $elem_num = 1;
- $msg->header = new msg_header();
- $msg->header->entity_id = $ent_id;
- $properties = array();
-
- while (strlen($structure) > 0) {
- $structure = trim($structure);
- $char = $structure{0};
-
- if (strtolower(substr($structure, 0, 3)) == 'nil') {
- $text = '';
- $structure = substr($structure, 3);
- } else if ($char == '"') {
- // loop through until we find the matching quote, and return that as a string
- $pos = 1;
- $text = '';
- while ( ($char = $structure{$pos} ) <> '"' && $pos < strlen($structure)) {
- $text .= $char;
- $pos++;
- }
- $structure = substr($structure, strlen($text) + 2);
- } else if ($char == '(') {
- // comment me
- $end = mime_match_parenthesis (0, $structure);
- $sub = substr($structure, 1, $end-1);
- $properties = mime_get_props($properties, $sub);
- $structure = substr($structure, strlen($sub) + 2);
- } else {
- // loop through until we find a space or an end parenthesis
- $pos = 0;
- $char = $structure{$pos};
- $text = '';
- while ($char != ' ' && $char != ')' && $pos < strlen($structure)) {
- $text .= $char;
- $pos++;
- $char = $structure{$pos};
- }
- $structure = substr($structure, strlen($text));
- }
-
- // This is where all the text parts get put into the header
- switch ($elem_num) {
- case 1:
- $msg->header->type0 = strtolower($text);
- break;
- case 2:
- $msg->header->type1 = strtolower($text);
- break;
- case 4: // Id
- // Invisimail enclose images with <>
- $msg->header->id = str_replace( '<', '', str_replace( '>', '', $text ) );
- break;
- case 5:
- $msg->header->description = $text;
- break;
- case 6:
- $msg->header->encoding = strtolower($text);
- break;
- case 7:
- $msg->header->size = $text;
- break;
- default:
- if ($msg->header->type0 == 'text' && $elem_num == 8) {
- // This is a plain text message, so lets get the number of lines
- // that it contains.
- $msg->header->num_lines = $text;
-
- } else if ($msg->header->type0 == 'message' && $msg->header->type1 == 'rfc822' && $elem_num == 8) {
- // This is an encapsulated message, so lets start all over again and
- // parse this message adding it on to the existing one.
- $structure = trim($structure);
- if ( $structure{0} == '(' ) {
- $e = mime_match_parenthesis (0, $structure);
- $structure = substr($structure, 0, $e);
- $structure = substr($structure, 1);
- $m = mime_parse_structure($structure, $msg->header->entity_id);
-
- // the following conditional is there to correct a bug that wasn't
- // incrementing the entity IDs correctly because of the special case
- // that message/rfc822 is. This fixes it fine.
- if (substr($structure, 1, 1) != '(')
- $m->header->entity_id = mime_increment_id(mime_new_element_level($ent_id));
-
- // Now we'll go through and reformat the results.
- if ($m->entities) {
- for ($i=0; $i < count($m->entities); $i++) {
- $msg->addEntity($m->entities[$i]);
- }
- } else {
- $msg->addEntity($m);
- }
- $structure = "";
- }
- }
- break;
- }
- $elem_num++;
- $text = "";
- }
- // loop through the additional properties and put those in the various headers
- if ($msg->header->type0 != 'message') {
- for ($i=0; $i < count($properties); $i++) {
- $msg->header->{$properties[$i]['name']} = $properties[$i]['value'];
- }
- }
-
- return $msg;
-}
-
-/*
- * I did most of the MIME stuff yesterday (June 20, 2000), but I couldn't
- * figure out how to do this part, so I decided to go to bed. I woke up
- * in the morning and had a flash of insight. I went to the white-board
- * and scribbled it out, then spent a bit programming it, and this is the
- * result. Nothing complicated, but I think my brain was fried yesterday.
- * Funny how that happens some times.
- *
- * This gets properties in a nested parenthesisized list. For example,
- * this would get passed something like: ("attachment" ("filename" "luke.tar.gz"))
- * This returns an array called $props with all paired up properties.
- * It ignores the "attachment" for now, maybe that should change later
- * down the road. In this case, what is returned is:
- * $props[0]["name"] = "filename";
- * $props[0]["value"] = "luke.tar.gz";
- */
-function mime_get_props ($props, $structure) {
-
- while (strlen($structure) > 0) {
- $structure = trim($structure);
- $char = $structure{0};
-
- if ($char == '"') {
- $pos = 1;
- $tmp = '';
- while ( ( $char = $structure{$pos} ) != '"' &&
- $pos < strlen($structure)) {
- $tmp .= $char;
- $pos++;
- }
- $structure = trim(substr($structure, strlen($tmp) + 2));
- $char = $structure{0};
-
- if ($char == '"') {
- $pos = 1;
- $value = '';
- while ( ( $char = $structure{$pos} ) != '"' &&
- $pos < strlen($structure) ) {
- $value .= $char;
- $pos++;
- }
- $structure = trim(substr($structure, strlen($tmp) + 2));
-
- $k = count($props);
- $props[$k]['name'] = strtolower($tmp);
- $props[$k]['value'] = $value;
- } else if ($char == '(') {
- $end = mime_match_parenthesis (0, $structure);
- $sub = substr($structure, 1, $end-1);
- if (! isset($props))
- $props = array();
- $props = mime_get_props($props, $sub);
- $structure = substr($structure, strlen($sub) + 2);
- }
- return $props;
- } else if ($char == '(') {
- $end = mime_match_parenthesis (0, $structure);
- $sub = substr($structure, 1, $end-1);
- $props = mime_get_props($props, $sub);
- $structure = substr($structure, strlen($sub) + 2);
- return $props;
- } else {
- return $props;
- }
- }
-}
-
-/*
- * Matches parenthesis. It will return the position of the matching
- * parenthesis in $structure. For instance, if $structure was:
- * ("text" "plain" ("val1name", "1") nil ... )
- * x x
- * then this would return 42 to match up those two.
- */
-function mime_match_parenthesis ($pos, $structure) {
-
- $j = strlen( $structure );
-
- // ignore all extra characters
- // If inside of a string, skip string -- Boundary IDs and other
- // things can have ) in them.
- if ( $structure{$pos} != '(' ) {
- return( $j );
- }
-
- while ( $pos < $j ) {
- $pos++;
- if ($structure{$pos} == ')') {
- return $pos;
- } elseif ($structure{$pos} == '"') {
- $pos++;
- while ( $structure{$pos} != '"' &&
- $pos < $j ) {
- if (substr($structure, $pos, 2) == '\\"') {
- $pos++;
- } elseif (substr($structure, $pos, 2) == '\\\\') {
- $pos++;
- }
- $pos++;
- }
- } elseif ( $structure{$pos} == '(' ) {
- $pos = mime_match_parenthesis ($pos, $structure);
- }
- }
- echo _("Error decoding mime structure. Report this as a bug!") . '
';
- return( $pos );
-}
-
-function mime_fetch_body($imap_stream, $id, $ent_id ) {
+function mime_fetch_body($imap_stream, $id, $ent_id) {
+ global $uid_support;
/*
* do a bit of error correction. If we couldn't find the entity id, just guess
* that it is the first one. That is usually the case anyway.
@@ -378,13 +89,13 @@ function mime_fetch_body($imap_stream, $id, $ent_id ) {
if (!$ent_id) {
$ent_id = 1;
}
-
$cmd = "FETCH $id BODY[$ent_id]";
- $data = sqimap_run_command ($imap_stream, $cmd, true, $response, $message);
-
+
+ $data = sqimap_run_command ($imap_stream, $cmd, true, $response, $message, $uid_support);
do {
- $topline = array_shift( $data );
- } while( $topline && $topline == '*' && !preg_match( '/\\* [0-9] FETCH.*/i', $topline )) ;
+ $topline = trim(array_shift( $data ));
+ } while( $topline && $topline[0] == '*' && !preg_match( '/\* [0-9]+ FETCH.*/i', $topline )) ;
+
$wholemessage = implode('', $data);
if (ereg('\\{([^\\}]*)\\}', $topline, $regs)) {
@@ -394,33 +105,7 @@ function mime_fetch_body($imap_stream, $id, $ent_id ) {
in order to parse html messages. Let's get them here.
*/
if ( $ret{0} == '<' ) {
- $data = sqimap_run_command ($imap_stream, "FETCH $id BODY[$ent_id.MIME]", true, $response, $message);
- /* BASE within HTML documents is illegal (see w3 spec)
-* $base = '';
-* $k = 10;
-* foreach( $data as $d ) {
-* if ( substr( $d, 0, 13 ) == 'Content-Base:' ) {
-* $j = strlen( $d );
-* $i = 13;
-* $base = '';
-* while ( $i < $j &&
-* ( !isNoSep( $d{$i} ) || $d{$i} == '"' ) )
-* $i++;
-* while ( $i < $j ) {
-* if ( isNoSep( $d{$i} ) )
-* $base .= $d{$i};
-* $i++;
-* }
-* $k = 0;
-* } elseif ( $k == 1 && !isnosep( $d{0} ) ) {
-* $base .= substr( $d, 1 );
-* }
-* $k++;
-* }
-* if ( $base <> '' ) {
-* $ret = "" . $ret;
-* }
-* */
+ $data = sqimap_run_command ($imap_stream, "FETCH $id BODY[$ent_id.MIME]", true, $response, $message, $uid_support);
}
} else if (ereg('"([^"]*)"', $topline, $regs)) {
$ret = $regs[1];
@@ -449,7 +134,7 @@ function mime_fetch_body($imap_stream, $id, $ent_id ) {
'
' . _("FETCH line:") . " | $topline | " .
"
";
- $data = sqimap_run_command ($imap_stream, "FETCH $passed_id BODY[]", true, $response, $message);
+ $data = sqimap_run_command ($imap_stream, "FETCH $passed_id BODY[]", true, $response, $message, $uid_support);
array_shift($data);
$wholemessage = implode('', $data);
@@ -459,12 +144,13 @@ function mime_fetch_body($imap_stream, $id, $ent_id ) {
}
function mime_print_body_lines ($imap_stream, $id, $ent_id, $encoding) {
+ global $uid_support;
// do a bit of error correction. If we couldn't find the entity id, just guess
// that it is the first one. That is usually the case anyway.
if (!$ent_id) {
$ent_id = 1;
}
- $sid = sqimap_session_id();
+ $sid = sqimap_session_id($uid_support);
// Don't kill the connection if the browser is over a dialup
// and it would take over 30 seconds to download it.
@@ -472,361 +158,394 @@ function mime_print_body_lines ($imap_stream, $id, $ent_id, $encoding) {
if (!ini_get("safe_mode")) {
set_time_limit(0);
}
+ if ($uid_support) {
+ $sid_s = substr($sid,0,strpos($sid, ' '));
+ } else {
+ $sid_s = $sid;
+ }
+ $body = mime_fetch_body ($imap_stream, $id, $ent_id);
+ echo decodeBody($body, $encoding);
+ return;
+/*
fputs ($imap_stream, "$sid FETCH $id BODY[$ent_id]\r\n");
$cnt = 0;
$continue = true;
- $read = fgets ($imap_stream,4096);
+ $read = fgets ($imap_stream,8192);
+
+
// This could be bad -- if the section has sqimap_session_id() . ' OK'
// or similar, it will kill the download.
- while (!ereg("^".$sid." (OK|BAD|NO)(.*)$", $read, $regs)) {
- if (trim($read) == ')==') {
- $read1 = $read;
- $read = fgets ($imap_stream,4096);
- if (ereg("^".$sid." (OK|BAD|NO)(.*)$", $read, $regs)) {
- return;
- } else {
- echo decodeBody($read1, $encoding) .
- decodeBody($read, $encoding);
- }
- } else if ($cnt) {
- echo decodeBody($read, $encoding);
- }
- $read = fgets ($imap_stream,4096);
- $cnt++;
+ while (!ereg("^".$sid_s." (OK|BAD|NO)(.*)$", $read, $regs)) {
+ if (trim($read) == ')==') {
+ $read1 = $read;
+ $read = fgets ($imap_stream,4096);
+ if (ereg("^".$sid." (OK|BAD|NO)(.*)$", $read, $regs)) {
+ return;
+ } else {
+ echo decodeBody($read1, $encoding) .
+ decodeBody($read, $encoding);
+ }
+ } else if ($cnt) {
+ echo decodeBody($read, $encoding);
+ }
+ $read = fgets ($imap_stream,4096);
+ $cnt++;
+// break;
}
+*/
}
/* -[ END MIME DECODING ]----------------------------------------------------------- */
-
-
-/* This is the first function called. It decides if this is a multipart
- message or if it should be handled as a single entity
- */
-function decodeMime ($imap_stream, &$header) {
- global $username, $key, $imapServerAddress, $imapPort;
- return mime_structure ($imap_stream, $header);
-}
-
// This is here for debugging purposese. It will print out a list
// of all the entity IDs that are in the $message object.
-/*
+
function listEntities ($message) {
-if ($message) {
- if ($message->header->entity_id)
- echo "" . $message->header->entity_id . ' : ' . $message->header->type0 . '/' . $message->header->type1 . '
';
- for ($i = 0; $message->entities[$i]; $i++) {
- $msg = listEntities($message->entities[$i], $ent_id);
- if ($msg)
- return $msg;
- }
+ if ($message) {
+ echo "" . $message->entity_id . ' : ' . $message->type0 . '/' . $message->type1 . ' parent = '. $message->parent->entity_id. '
';
+ for ($i = 0;isset($message->entities[$i]); $i++) {
+ echo "$i : ";
+ $msg = listEntities($message->entities[$i]);
+
+ if ($msg) {
+ echo "return: ";
+ return $msg;
+ }
+ }
+ }
}
+
+function getPriorityStr($priority) {
+ $priority_level = substr($priority,0,1);
+
+ switch($priority_level) {
+ /* check for a higher then normal priority. */
+ case '1':
+ case '2':
+ $priority_string = _("High");
+ break;
+
+ /* check for a lower then normal priority. */
+ case '4':
+ case '5':
+ $priority_string = _("Low");
+ break;
+
+ /* check for a normal priority. */
+ case '3':
+ default:
+ $priority_level = '3';
+ $priority_string = _("Normal");
+ break;
+
+ }
+ return $priority_string;
}
-*/
/* returns a $message object for a particular entity id */
function getEntity ($message, $ent_id) {
- if ($message) {
- if ($message->header->entity_id == $ent_id && strlen($ent_id) == strlen($message->header->entity_id)) {
- return $message;
- } else {
- for ($i = 0; isset($message->entities[$i]); $i++) {
- $msg = getEntity ($message->entities[$i], $ent_id);
- if ($msg) {
- return $msg;
- }
- }
- }
- }
+ return $message->getEntity($ent_id);
}
/*
- * figures out what entity to display and returns the $message object
- * for that entity.
+ * translateText
+ * Extracted from strings.php 23/03/2002
*/
-function findDisplayEntity ($message, $textOnly = 1) {
- global $show_html_default;
-
- $entity = 0;
-
- if ($message) {
- if ( $message->header->type0 == 'multipart' &&
- ( $message->header->type1 == 'alternative' ||
- $message->header->type1 == 'related' ) &&
- $show_html_default && ! $textOnly ) {
- $entity = findDisplayEntityHTML($message);
- }
-
- // Show text/plain or text/html -- the first one we find.
- if ( $entity == 0 &&
- $message->header->type0 == 'text' &&
- ( $message->header->type1 == 'plain' ||
- $message->header->type1 == 'html' ) &&
- isset($message->header->entity_id) ) {
- $entity = $message->header->entity_id;
- }
-
- $i = 0;
- while ($entity == 0 && isset($message->entities[$i]) ) {
- $entity = findDisplayEntity($message->entities[$i], $textOnly);
- $i++;
+
+function translateText(&$body, $wrap_at, $charset) {
+ global $where, $what; /* from searching */
+ global $color; /* color theme */
+
+ require_once('../functions/url_parser.php');
+
+ $body_ary = explode("\n", $body);
+ $PriorQuotes = 0;
+ for ($i=0; $i < count($body_ary); $i++) {
+ $line = $body_ary[$i];
+ if (strlen($line) - 2 >= $wrap_at) {
+ sqWordWrap($line, $wrap_at);
}
- }
-
- return( $entity );
-}
+ $line = charset_decode($charset, $line);
+ $line = str_replace("\t", ' ', $line);
-/* Shows the HTML version */
-function findDisplayEntityHTML ($message) {
+ parseUrl ($line);
- if ( $message->header->type0 == 'text' &&
- $message->header->type1 == 'html' &&
- isset($message->header->entity_id)) {
- return $message->header->entity_id;
- }
- for ($i = 0; isset($message->entities[$i]); $i ++) {
- $entity = findDisplayEntityHTML($message->entities[$i]);
- if ($entity != 0) {
- return $entity;
+ $Quotes = 0;
+ $pos = 0;
+ $j = strlen( $line );
+
+ while ( $pos < $j ) {
+ if ($line[$pos] == ' ') {
+ $pos ++;
+ } else if (strpos($line, '>', $pos) === $pos) {
+ $pos += 4;
+ $Quotes ++;
+ } else {
+ break;
+ }
}
+
+ if ($Quotes > 1) {
+ if (! isset($color[14])) {
+ $color[14] = '#FF0000';
+ }
+ $line = '' . $line . '';
+ } elseif ($Quotes) {
+ if (! isset($color[13])) {
+ $color[13] = '#800000';
+ }
+ $line = '' . $line . '';
+ }
+
+ $body_ary[$i] = $line;
}
-
- return 0;
+ $body = '' . implode("\n", $body_ary) . '
';
}
+
/* This returns a parsed string called $body. That string can then
be displayed as the actual message in the HTML. It contains
everything needed, including HTML Tags, Attachments at the
bottom, etc.
*/
-function formatBody($imap_stream, $message, $color, $wrap_at) {
+function formatBody($imap_stream, $message, $color, $wrap_at, $ent_num, $id, $mailbox='INBOX') {
// this if statement checks for the entity to show as the
// primary message. To add more of them, just put them in the
// order that is their priority.
global $startMessage, $username, $key, $imapServerAddress, $imapPort,
$show_html_default, $has_unsafe_images, $view_unsafe_images, $sort;
- $has_unsafe_images = 0;
-
- $id = $message->header->id;
- $urlmailbox = urlencode($message->header->mailbox);
-
- // Get the right entity and redefine message to be this entity
- // Pass the 0 to mean that we want the 'best' viewable one
- $ent_num = findDisplayEntity ($message, 0);
+ $has_unsafe_images= 0;
+ $body = '';
+ $urlmailbox = urlencode($mailbox);
$body_message = getEntity($message, $ent_num);
if (($body_message->header->type0 == 'text') ||
($body_message->header->type0 == 'rfc822')) {
-
- $body = mime_fetch_body ($imap_stream, $id, $ent_num);
+ $body = mime_fetch_body ($imap_stream, $id, $ent_num);
$body = decodeBody($body, $body_message->header->encoding);
$hookResults = do_hook("message_body", $body);
$body = $hookResults[1];
-
+
// If there are other types that shouldn't be formatted, add
// them here
+
if ($body_message->header->type1 == 'html') {
if ( $show_html_default <> 1 ) {
+ $entity_conv = array(' ' => ' ',
+ '>' => '>',
+ '<' => '<');
$body = strip_tags( $body );
- translateText($body, $wrap_at, $body_message->header->charset);
+ $body = strtr($body, $entity_conv);
+ $body = trim($body);
+ translateText($body, $wrap_at,
+ $body_message->header->getParameter('charset'));
} else {
- $body = MagicHTML( $body, $id );
+ $body = magicHTML( $body, $id, $message, $mailbox );
}
} else {
- translateText($body, $wrap_at, $body_message->header->charset);
+ translateText($body, $wrap_at,
+ $body_message->header->getParameter('charset'));
}
- $body .= "". _("Download this as a file") ."
";
- if ($has_unsafe_images) {
- if ($view_unsafe_images) {
- $body .= "". _("Don't view unsafe images") ."
\n";
+ if ($has_unsafe_images) {
+ if ($view_unsafe_images) {
+ $body .= "entity_id."&mailbox=$urlmailbox&sort=$sort&startMessage=$startMessage&show_more=0\">". _("Hide Unsafe Images") ."
\n";
} else {
- $body .= "". _("View unsafe images") ."
\n";
+ $body .= "entity_id."&mailbox=$urlmailbox&sort=$sort&startMessage=$startMessage&show_more=0&view_unsafe_images=1\">". _("View Unsafe Images") ."
\n";
}
- }
-
- /** Display the ATTACHMENTS: message if there's more than one part **/
- if (isset($message->entities[0])) {
- $body .= formatAttachments ($message, $ent_num, $message->header->mailbox, $id);
- }
- } else {
- $body = formatAttachments ($message, -1, $message->header->mailbox, $id);
- }
+ }
+ }
return ($body);
}
-/*
- * A recursive function that returns a list of attachments with links
- * to where to download these attachments
- */
-function formatAttachments($message, $ent_id, $mailbox, $id) {
- global $where, $what;
- global $startMessage, $color;
+
+function formatAttachments($message, $exclude_id, $mailbox, $id) {
+ global $where, $what, $startMessage, $color;
static $ShownHTML = 0;
- $body = '';
- if ($ShownHTML == 0) {
-
- $ShownHTML = 1;
- $body .= "\n" .
- "\n" .
- _("Attachments") . ':' .
- " |
\n" .
- "\n" .
- formatAttachments($message, $ent_id, $mailbox, $id) .
- " |
";
-
- } else if ($message) {
-
- if (!$message->entities) {
-
- $type0 = strtolower($message->header->type0);
- $type1 = strtolower($message->header->type1);
- $name = decodeHeader($message->header->name);
-
- if ($message->header->entity_id != $ent_id) {
- $filename = decodeHeader($message->header->filename);
- if (trim($filename) == '') {
- if (trim($name) == '') {
- if ( trim( $message->header->id ) == '' )
- $display_filename = 'untitled-[' . $message->header->entity_id . ']' ;
- else
- $display_filename = 'cid: ' . $message->header->id;
- // $display_filename = 'untitled-[' . $message->header->entity_id . ']' ;
- } else {
- $display_filename = $name;
- $filename = $name;
- }
- } else {
- $display_filename = $filename;
- }
+ $att_ar = $message->getAttachments($exclude_id);
- $urlMailbox = urlencode($mailbox);
- $ent = urlencode($message->header->entity_id);
+ if (!count($att_ar)) return '';
- $DefaultLink =
- "../src/download.php?startMessage=$startMessage&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent";
- if ($where && $what) {
- $DefaultLink .= '&where=' . urlencode($where) . '&what=' . urlencode($what);
- }
- $Links['download link']['text'] = _("download");
- $Links['download link']['href'] =
- "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent";
- $ImageURL = '';
-
- /* this executes the attachment hook with a specific MIME-type.
- * if that doens't have results, it tries if there's a rule
- * for a more generic type. */
- $HookResults = do_hook("attachment $type0/$type1", $Links,
- $startMessage, $id, $urlMailbox, $ent, $DefaultLink,
- $display_filename, $where, $what);
- if(count($HookResults[1]) <= 1) {
- $HookResults = do_hook("attachment $type0/*", $Links,
- $startMessage, $id, $urlMailbox, $ent, $DefaultLink,
- $display_filename, $where, $what);
+ $attachments = '';
+
+ $urlMailbox = urlencode($mailbox);
+
+ foreach ($att_ar as $att) {
+ $ent = urldecode($att->entity_id);
+ $header = $att->header;
+ $type0 = strtolower($header->type0);
+ $type1 = strtolower($header->type1);
+ $name = '';
+ $Links['download link']['text'] = _("download");
+ $Links['download link']['href'] =
+ "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=$urlMailbox&ent_id=$ent";
+ $ImageURL = '';
+ if ($type0 =='message' && $type1 == 'rfc822') {
+ $default_page = '../src/read_body.php';
+ $rfc822_header = $att->rfc822_header;
+ $filename = decodeHeader($rfc822_header->subject);
+
+ $from_o = $rfc822_header->from;
+ if (is_object($from_o)) {
+ $from_name = $from_o->getAddress(false);
+ } else {
+ $from_name = _("Unknown sender");
}
+ $from_name = decodeHeader(htmlspecialchars($from_name));
+ $description = $from_name;
+ } else {
+ $default_page = '../src/download.php';
+ if (is_object($header->disposition)) {
+ $filename = decodeHeader($header->disposition->getProperty('filename'));
+ if (trim($filename) == '') {
+ $name = decodeHeader($header->disposition->getProperty('name'));
+ if (trim($name) == '') {
+ if ( trim( $header->id ) == '' )
+ $filename = 'untitled-[' . $ent . ']' ;
+ else
+ $filename = 'cid: ' . $header->id;
+ } else {
+ $filename = $name;
+ }
+ }
+ } else {
+ if ( trim( $header->id ) == '' )
+ $filename = 'untitled-[' . $ent . ']' ;
+ else
+ $filename = 'cid: ' . $header->id;
+ }
+
+ if ($header->description) {
+ $description = htmlspecialchars($header->description);
+ } else {
+ $description = '';
+ }
+ }
+
+ $display_filename = $filename;
+ if (isset($passed_ent_id)) {
+ $passed_ent_id_link = '&passed_ent_id='.$passed_ent_id;
+ } else {
+ $passed_ent_id_link = '';
+ }
+ $DefaultLink = $default_page . "?startMessage=$startMessage"
+ . "&passed_id=$id&mailbox=$urlMailbox"
+ . '&ent_id='.$ent.$passed_ent_id_link;
+ if ($where && $what) {
+ $DefaultLink = '&where='. urlencode($where).'&what='.urlencode($what);
+ }
+ /* this executes the attachment hook with a specific MIME-type.
+ * if that doens't have results, it tries if there's a rule
+ * for a more generic type. */
+ $HookResults = do_hook("attachment $type0/$type1", $Links,
+ $startMessage, $id, $urlMailbox, $ent, $DefaultLink,
+ $display_filename, $where, $what);
+ if(count($HookResults[1]) <= 1) {
+ $HookResults = do_hook("attachment $type0/*", $Links,
+ $startMessage, $id, $urlMailbox, $ent, $DefaultLink,
+ $display_filename, $where, $what);
+ }
- $Links = $HookResults[1];
- $DefaultLink = $HookResults[6];
+ $Links = $HookResults[1];
+ $DefaultLink = $HookResults[6];
- $body .= ' | ' .
+ $attachments .= ' |
' .
"$display_filename | " .
- '' . show_readable_size($message->header->size) .
+ '' . show_readable_size($header->size) .
' | ' .
"[ $type0/$type1 ] | " .
'';
- if ($message->header->description) {
- $body .= '' . htmlspecialchars(_($message->header->description)) . '';
- }
- $body .= ' | ';
-
+ $attachments .= '' . $description . '';
+ $attachments .= ' | ';
- $SkipSpaces = 1;
- foreach ($Links as $Val) {
- if ($SkipSpaces) {
- $SkipSpaces = 0;
- } else {
- $body .= ' | ';
- }
- $body .= '' . $Val['text'] . '';
- }
-
- unset($Links);
-
- $body .= " | |
\n";
- }
- } else {
- for ($i = 0; $i < count($message->entities); $i++) {
- $body .= formatAttachments($message->entities[$i], $ent_id, $mailbox, $id);
+ $SkipSpaces = 1;
+ foreach ($Links as $Val) {
+ if ($SkipSpaces) {
+ $SkipSpaces = 0;
+ } else {
+ $attachments .= ' | ';
}
+ $attachments .= '' . $Val['text'] . '';
}
+ unset($Links);
+ $attachments .= "\n";
}
- return( $body );
+ return $attachments;
}
-
/** this function decodes the body depending on the encoding type. **/
function decodeBody($body, $encoding) {
- $body = str_replace("\r\n", "\n", $body);
- $encoding = strtolower($encoding);
+ global $languages, $squirrelmail_language;
- global $show_html_default;
-
- if ($encoding == 'quoted-printable') {
- $body = quoted_printable_decode($body);
-
-
- while (ereg("=\n", $body))
- $body = ereg_replace ("=\n", "", $body);
-
- } else if ($encoding == 'base64') {
- $body = base64_decode($body);
- }
-
- // All other encodings are returned raw.
- return $body;
+ $body = str_replace("\r\n", "\n", $body);
+ $encoding = strtolower($encoding);
+
+ global $show_html_default;
+
+ if ($encoding == 'quoted-printable' ||
+ $encoding == 'quoted_printable') {
+ $body = quoted_printable_decode($body);
+
+ while (ereg("=\n", $body)) {
+ $body = ereg_replace ("=\n", '', $body);
+ }
+
+ } else if ($encoding == 'base64') {
+ $body = base64_decode($body);
+ }
+
+ if (isset($languages[$squirrelmail_language]['XTRA_CODE']) &&
+ function_exists($languages[$squirrelmail_language]['XTRA_CODE'])) {
+ $body = $languages[$squirrelmail_language]['XTRA_CODE']('decode', $body);
+ }
+
+ // All other encodings are returned raw.
+ return( $body );
}
/*
* This functions decode strings that is encoded according to
* RFC1522 (MIME Part Two: Message Header Extensions for Non-ASCII Text).
+ * Patched by Christian Schmidt 23/03/2002
*/
function decodeHeader ($string, $utfencode=true) {
-
-if ( is_array( $string ) ) {
- $string = implode("\n", $string );
-}
-
-if (eregi('=\\?([^?]+)\\?(q|b)\\?([^?]+)\\?=',
- $string, $res)) {
- if (ucfirst($res[2]) == 'B') {
- $replace = base64_decode($res[3]);
- } else {
- $replace = str_replace('_', ' ', $res[3]);
- // Convert lowercase Quoted Printable to uppercase for
- // quoted_printable_decode to understand it.
- while (ereg("(=(([0-9][abcdef])|([abcdef][0-9])|([abcdef][abcdef])))",
- $replace, $res)) {
- $replace = str_replace($res[1], strtoupper($res[1]), $replace);
- }
- $replace = quoted_printable_decode($replace);
- }
- /* Only encode into entities by default. Some places
- don't need the encoding, like the compose form. */
- if ($utfencode){
- $replace = charset_decode ($res[1], $replace);
+ global $languages, $squirrelmail_language;
+ if (is_array($string)) {
+ $string = implode("\n", $string);
}
- // Remove the name of the character set.
- $string = eregi_replace ('=\\?([^?]+)\\?(q|b)\\?([^?]+)\\?=',
- $replace, $string);
+ if (isset($languages[$squirrelmail_language]['XTRA_CODE']) &&
+ function_exists($languages[$squirrelmail_language]['XTRA_CODE'])) {
+ $string = $languages[$squirrelmail_language]['XTRA_CODE']('decodeheader', $string);
+ }
- // In case there should be more encoding in the string: recurse
- $string = decodeHeader($string);
-}
+ $i = 0;
+ while (preg_match('/^(.{' . $i . '})(.*)=\?([^?]*)\?(Q|B)\?([^?]*)\?=/Ui',
+ $string, $res)) {
+ $prefix = $res[1];
+ // Ignore white-space between consecutive encoded-words
+ if (strspn($res[2], " \t") != strlen($res[2])) {
+ $prefix .= $res[2];
+ }
-return ($string);
+ if (ucfirst($res[4]) == 'B') {
+ $replace = base64_decode($res[5]);
+ } else {
+ $replace = str_replace('_', ' ', $res[5]);
+ $replace = preg_replace('/=([0-9a-f]{2})/ie', 'chr(hexdec("\1"))',
+ $replace);
+ /* Only encode into entities by default. Some places
+ don't need the encoding, like the compose form. */
+ if ($utfencode) {
+ $replace = charset_decode($res[3], $replace);
+ }
+ }
+ $string = $prefix . $replace . substr($string, strlen($res[0]));
+ $i = strlen($prefix) + strlen($replace);
+ }
+ return( $string );
}
/*
@@ -835,7 +554,12 @@ return ($string);
* be encoded.
*/
function encodeHeader ($string) {
- global $default_charset;
+ global $default_charset, $languages, $squirrelmail_language;
+
+ if (isset($languages[$squirrelmail_language]['XTRA_CODE']) &&
+ function_exists($languages[$squirrelmail_language]['XTRA_CODE'])) {
+ return $languages[$squirrelmail_language]['XTRA_CODE']('encodeheader', $string);
+ }
// Encode only if the string contains 8-bit characters or =?
$j = strlen( $string );
@@ -872,398 +596,1008 @@ function encodeHeader ($string) {
return( $string );
}
-/*
- Strips dangerous tags from html messages.
-*/
-function MagicHTML( $body, $id ) {
-
- global $message, $HTTP_SERVER_VARS,
- $attachment_common_show_images;
-
- $attachment_common_show_images =
- FALSE; // Don't display attached images in HTML mode
- $j = strlen( $body ); // Legnth of the HTML
- $ret = ''; // Returned string
- $bgcolor = '#ffffff'; // Background style color (defaults to white)
- $textcolor = '#000000'; // Foreground style color (defaults to black)
- $leftmargin = ''; // Left margin style
- $title = ''; // HTML title if any
+/* This function trys to locate the entity_id of a specific mime element */
- $i = 0;
- while ( $i < $j ) {
- if ( $body{$i} == '<' ) {
- $pos = $i + 1;
- $tag = '';
- while ($body{$pos} == ' ' || $body{$pos} == "\t" ||
- $body{$pos} == "\n" ) {
- $pos ++;
- }
- while (strlen($tag) < 4 && $body{$pos} != ' ' &&
- $body{$pos} != "\t" && $body{$pos} != "\n" &&
- $pos < $j ) {
- $tag .= $body{$pos};
- $pos ++;
- }
- switch( strtoupper( $tag ) ) {
- // Strips the entire tag and contents
- case 'APPL':
- case 'EMBB':
- case 'FRAM':
- case 'SCRI':
- case 'OBJE':
- $etg = '/' . $tag;
- while ( $body{$i+1}.$body{$i+2}.$body{$i+3}.$body{$i+4}.$body{$i+5} <> $etg &&
- $i < $j ) $i++;
- while ( $i < $j && $body{++$i} <> '>' );
- // $ret .= "";
- break;
- // Substitute Title
- case 'TITL':
- $i += 5;
- while ( $body{$i} <> '>' && //
- $i < $j )
- $i++;
- $i++;
- $title = '';
- while ( $body{$i} <> '<' && //
- $i < $j ) {
- $title .= $body{$i};
- $i++;
- }
- $i += 7;
- break;
- // Destroy these tags
- case 'HTML':
- case 'HEAD':
- case '/HTM':
- case '/HEA':
- case '!DOC':
- case 'META':
- //case 'DIV ':
- //case '/DIV':
- case '!-- ':
- $i += 4;
- while ( $body{$i} <> '>' &&
- $i < $j )
- $i++;
- // $i++;
- break;
- case 'STYL':
- $i += 5;
- while ( $body{$i} <> '>' && //
- $i < $j )
- $i++;
- $i++;
- // We parse the style to look for interesting stuff
- $styleblk = '';
- while ( $body{$i} <> '>' &&
- $i < $j ) {
- // First we get the name of the style
- $style = '';
- while ( $body{$i} <> '>' &&
- $body{$i} <> '<' &&
- $body{$i} <> '{' &&
- $i < $j ) {
- if ( isnoSep( $body{$i} ) )
- $style .= $body{$i};
- $i++;
- }
- stripComments( $i, $j, $body );
- $style = strtoupper( trim( $style ) );
- if ( $style == 'BODY' ) {
- // Next we look into the definitions of the body style
- while ( $body{$i} <> '>' &&
- $body{$i} <> '}' &&
- $i < $j ) {
- // We look for the background color if any.
- if ( substr( $body, $i, 17 ) == 'BACKGROUND-COLOR:' ) {
- $i += 17;
- $bgcolor = getStyleData( $i, $j, $body );
- } elseif ( substr( $body, $i, 12 ) == 'MARGIN-LEFT:' ) {
- $i += 12;
- $leftmargin = getStyleData( $i, $j, $body );
- }
- $i++;
- }
- } else {
- // Other style are mantained
- $styleblk .= "$style ";
- while ( $body{$i} <> '>' &&
- $body{$i} <> '<' &&
- $body{$i} <> '}' &&
- $i < $j ) {
- $styleblk .= $body{$i};
- $i++;
- }
- $styleblk .= $body{$i};
- }
- stripComments( $i, $j, $body );
- if ( $body{$i} <> '>' )
- $i++;
- }
- if ( $styleblk <> '' )
- $ret .= "
+ * @return a string with edited content.
+ */
+function sq_fixstyle($message, $id, $content){
+ global $view_unsafe_images;
+ $me = 'sq_fixstyle';
+ /**
+ * First look for general BODY style declaration, which would be
+ * like so:
+ * body {background: blah-blah}
+ * and change it to .bodyclass so we can just assign it to a
+ */
+ $content = preg_replace("|body(\s*\{.*?\})|si", ".bodyclass\\1", $content);
+ $secremoveimg = "../images/" . _("sec_remove_eng.png");
+ /**
+ * Fix url('blah') declarations.
+ */
+ $content = preg_replace("|url\(([\'\"])\s*\S+script\s*:.*?([\'\"])\)|si",
+ "url(\\1$secremoveimg\\2)", $content);
+ /**
+ * Fix url('https*://.*) declarations but only if $view_unsafe_images
+ * is false.
+ */
+ if (!$view_unsafe_images){
+ $content = preg_replace("|url\(([\'\"])\s*https*:.*?([\'\"])\)|si",
+ "url(\\1$secremoveimg\\2)", $content);
+ }
+
+ /**
+ * Fix urls that refer to cid:
+ */
+ while (preg_match("|url\(([\'\"]\s*cid:.*?[\'\"])\)|si", $content,
+ $matches)){
+ $cidurl = $matches{1};
+ $httpurl = sq_cid2http($message, $id, $cidurl);
+ $content = preg_replace("|url\($cidurl\)|si",
+ "url($httpurl)", $content);
+ }
-/* This function trys to locate the entity_id of a specific mime element */
+ /**
+ * Fix stupid css declarations which lead to vulnerabilities
+ * in IE.
+ */
+ $match = Array('/expression/si',
+ '/behaviou*r/si',
+ '/binding/si');
+ $replace = Array('idiocy', 'idiocy', 'idiocy');
+ $content = preg_replace($match, $replace, $content);
+ return $content;
+}
-function find_ent_id( $id, $message ) {
+/**
+ * This function converts cid: url's into the ones that can be viewed in
+ * the browser.
+ *
+ * @param $message the message object
+ * @param $id the message id
+ * @param $cidurl the cid: url.
+ * @return a string with a http-friendly url
+ */
+function sq_cid2http($message, $id, $cidurl, $mailbox){
+ /**
+ * Get rid of quotes.
+ */
+ $quotchar = substr($cidurl, 0, 1);
+ $cidurl = str_replace($quotchar, "", $cidurl);
+ $cidurl = substr(trim($cidurl), 4);
+ $linkurl = find_ent_id($cidurl, $message);
+ /* in case of non-save cid links $httpurl should be replaced by a sort of
+ unsave link image */
+ $httpurl = '';
+ if ($linkurl) {
+ $httpurl = $quotchar . "../src/download.php?absolute_dl=true&" .
+ "passed_id=$id&mailbox=" . urlencode($mailbox) .
+ "&ent_id=" . $linkurl . $quotchar;
+ }
+ return $httpurl;
+}
- $ret = '';
- for ($i=0; $ret == '' && $i < count($message->entities); $i++) {
+/**
+ * This function changes the tag into a
tag since we
+ * can't really have a body-within-body.
+ *
+ * @param $attary an array of attributes and values of
+ * @return a modified array of attributes to be set for
+ */
+function sq_body2div($attary){
+ $me = 'sq_body2div';
+ $divattary = Array( 'class' => "'bodyclass'" );
+ $bgcolor = '#ffffff';
+ $text = '#000000';
+ $styledef = '';
+ if (is_array($attary) && sizeof($attary) > 0){
+ foreach ($attary as $attname=>$attvalue){
+ $quotchar = substr($attvalue, 0, 1);
+ $attvalue = str_replace($quotchar, "", $attvalue);
+ switch ($attname){
+ case 'background':
+ $styledef .= "background-image: url('$attvalue'); ";
+ break;
+ case 'bgcolor':
+ $styledef .= "background-color: $attvalue; ";
+ break;
+ case 'text':
+ $styledef .= "color: $attvalue; ";
+ }
+ }
+ if (strlen($styledef) > 0){
+ $divattary{"style"} = "\"$styledef\"";
+ }
+ }
+ return $divattary;
+}
- if ( $message->entities[$i]->header->entity_id == '' ) {
- $ret = find_ent_id( $id, $message->entities[$i] );
+/**
+ * This is the main function and the one you should actually be calling.
+ * There are several variables you should be aware of an which need
+ * special description.
+ *
+ * Since the description is quite lengthy, see it here:
+ * http://www.mricon.com/html/phpfilter.html
+ *
+ * @param $body the string with HTML you wish to filter
+ * @param $tag_list see description above
+ * @param $rm_tags_with_content see description above
+ * @param $self_closing_tags see description above
+ * @param $force_tag_closing see description above
+ * @param $rm_attnames see description above
+ * @param $bad_attvals see description above
+ * @param $add_attr_to_tag see description above
+ * @param $message message object
+ * @param $id message id
+ * @return sanitized html safe to show on your pages.
+ */
+function sq_sanitize($body,
+ $tag_list,
+ $rm_tags_with_content,
+ $self_closing_tags,
+ $force_tag_closing,
+ $rm_attnames,
+ $bad_attvals,
+ $add_attr_to_tag,
+ $message,
+ $id,
+ $mailbox
+ ){
+ $me = 'sq_sanitize';
+ /**
+ * Normalize rm_tags and rm_tags_with_content.
+ */
+ @array_walk($rm_tags, 'sq_casenormalize');
+ @array_walk($rm_tags_with_content, 'sq_casenormalize');
+ @array_walk($self_closing_tags, 'sq_casenormalize');
+ /**
+ * See if tag_list is of tags to remove or tags to allow.
+ * false means remove these tags
+ * true means allow these tags
+ */
+ $rm_tags = array_shift($tag_list);
+ $curpos = 0;
+ $open_tags = Array();
+ $trusted = "\n";
+ $skip_content = false;
+ /**
+ * Take care of netscape's stupid javascript entities like
+ * &{alert('boo')};
+ */
+ $body = preg_replace("/&(\{.*?\};)/si", "&\\1", $body);
+
+ while (($curtag=sq_getnxtag($body, $curpos)) != FALSE){
+ list($tagname, $attary, $tagtype, $lt, $gt) = $curtag;
+ $free_content = substr($body, $curpos, $lt-$curpos);
+ /**
+ * Take care of . Edit the
+ * content before we apply it.
+ */
+ $free_content = sq_fixstyle($message, $id, $free_content);
+ }
+ if ($skip_content == false){
+ $trusted .= $free_content;
} else {
- if ( strcasecmp( $message->entities[$i]->header->id, $id ) == 0 )
- $ret = $message->entities[$i]->header->entity_id;
}
-
+ if ($tagname != FALSE){
+ if ($tagtype == 2){
+ if ($skip_content == $tagname){
+ /**
+ * Got to the end of tag we needed to remove.
+ */
+ $tagname = false;
+ $skip_content = false;
+ } else {
+ if ($skip_content == false){
+ if ($tagname == "body"){
+ $tagname = "div";
+ } else {
+ if (isset($open_tags{$tagname}) &&
+ $open_tags{$tagname} > 0){
+ $open_tags{$tagname}--;
+ } else {
+ $tagname = false;
+ }
+ }
+ } else {
+ }
+ }
+ } else {
+ /**
+ * $rm_tags_with_content
+ */
+ if ($skip_content == false){
+ /**
+ * See if this is a self-closing type and change
+ * tagtype appropriately.
+ */
+ if ($tagtype == 1
+ && in_array($tagname, $self_closing_tags)){
+ $tagtype=3;
+ }
+ /**
+ * See if we should skip this tag and any content
+ * inside it.
+ */
+ if ($tagtype == 1 &&
+ in_array($tagname, $rm_tags_with_content)){
+ $skip_content = $tagname;
+ } else {
+ if (($rm_tags == false
+ && in_array($tagname, $tag_list)) ||
+ ($rm_tags == true &&
+ !in_array($tagname, $tag_list))){
+ $tagname = false;
+ } else {
+ if ($tagtype == 1){
+ if (isset($open_tags{$tagname})){
+ $open_tags{$tagname}++;
+ } else {
+ $open_tags{$tagname}=1;
+ }
+ }
+ /**
+ * This is where we run other checks.
+ */
+ if (is_array($attary) && sizeof($attary) > 0){
+ $attary = sq_fixatts($tagname,
+ $attary,
+ $rm_attnames,
+ $bad_attvals,
+ $add_attr_to_tag,
+ $message,
+ $id,
+ $mailbox
+ );
+ }
+ /**
+ * Convert body into div.
+ */
+ if ($tagname == "body"){
+ $tagname = "div";
+ $attary = sq_body2div($attary, $message, $id);
+ }
+ }
+ }
+ } else {
+ }
+ }
+ if ($tagname != false && $skip_content == false){
+ $trusted .= sq_tagprint($tagname, $attary, $tagtype);
+ }
+ } else {
+ }
+ $curpos = $gt+1;
}
+ $trusted .= substr($body, $curpos, strlen($body)-$curpos);
+ if ($force_tag_closing == true){
+ foreach ($open_tags as $tagname=>$opentimes){
+ while ($opentimes > 0){
+ $trusted .= '' . $tagname . '>';
+ $opentimes--;
+ }
+ }
+ $trusted .= "\n";
+ }
+ $trusted .= "\n";
+ return $trusted;
+}
- return( $ret );
+/**
+ * This is a wrapper function to call html sanitizing routines.
+ *
+ * @param $body the body of the message
+ * @param $id the id of the message
+ * @return a string with html safe to display in the browser.
+ */
+function magicHTML($body, $id, $message, $mailbox = 'INBOX'){
+ global $attachment_common_show_images, $view_unsafe_images,
+ $has_unsafe_images;
+ /**
+ * Don't display attached images in HTML mode.
+ */
+ $attachment_common_show_images = false;
+ $tag_list = Array(
+ false,
+ "object",
+ "meta",
+ "html",
+ "head",
+ "base",
+ "link"
+ );
+
+ $rm_tags_with_content = Array(
+ "script",
+ "applet",
+ "embed",
+ "title"
+ );
+
+ $self_closing_tags = Array(
+ "img",
+ "br",
+ "hr",
+ "input"
+ );
+
+ $force_tag_closing = false;
+
+ $rm_attnames = Array(
+ "/.*/" =>
+ Array(
+ "/target/si",
+ "/^on.*/si",
+ "/^dynsrc/si",
+ "/^data.*/si"
+ )
+ );
+
+ $secremoveimg = "../images/" . _("sec_remove_eng.png");
+ $bad_attvals = Array(
+ "/.*/" =>
+ Array(
+ "/^src|background/i" =>
+ Array(
+ Array(
+ "|^([\'\"])\s*\.\./.*([\'\"])|si",
+ "/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
+ "/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
+ "/^([\'\"])\s*about\s*:.*([\'\"])/si"
+ ),
+ Array(
+ "\\1$secremoveimg\\2",
+ "\\1$secremoveimg\\2",
+ "\\1$secremoveimg\\2",
+ "\\1$secremoveimg\\2"
+ )
+ ),
+ "/^href|action/i" =>
+ Array(
+ Array(
+ "|^([\'\"])\s*\.\./.*([\'\"])|si",
+ "/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
+ "/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
+ "/^([\'\"])\s*about\s*:.*([\'\"])/si"
+ ),
+ Array(
+ "\\1#\\2",
+ "\\1#\\2",
+ "\\1#\\2",
+ "\\1#\\2"
+ )
+ ),
+ "/^style/si" =>
+ Array(
+ Array(
+ "/expression/si",
+ "/binding/si",
+ "/behaviou*r/si",
+ "|url\(([\'\"])\s*\.\./.*([\'\"])\)|si",
+ "/url\(([\'\"])\s*\S+script\s*:.*([\'\"])\)/si",
+ "/url\(([\'\"])\s*mocha\s*:.*([\'\"])\)/si",
+ "/url\(([\'\"])\s*about\s*:.*([\'\"])\)/si"
+ ),
+ Array(
+ "idiocy",
+ "idiocy",
+ "idiocy",
+ "url(\\1#\\2)",
+ "url(\\1#\\2)",
+ "url(\\1#\\2)",
+ "url(\\1#\\2)"
+ )
+ )
+ )
+ );
+ if (!$view_unsafe_images){
+ /**
+ * Remove any references to http/https if view_unsafe_images set
+ * to false.
+ */
+ array_push($bad_attvals{'/.*/'}{'/^src|background/i'}[0],
+ '/^([\'\"])\s*https*:.*([\'\"])/si');
+ array_push($bad_attvals{'/.*/'}{'/^src|background/i'}[1],
+ "\\1$secremoveimg\\2");
+ array_push($bad_attvals{'/.*/'}{'/^style/si'}[0],
+ '/url\(([\'\"])\s*https*:.*([\'\"])\)/si');
+ array_push($bad_attvals{'/.*/'}{'/^style/si'}[1],
+ "url(\\1$secremoveimg\\2)");
+ }
+ $add_attr_to_tag = Array(
+ "/^a$/si" => Array('target'=>'"_new"')
+ );
+ $trusted = sq_sanitize($body,
+ $tag_list,
+ $rm_tags_with_content,
+ $self_closing_tags,
+ $force_tag_closing,
+ $rm_attnames,
+ $bad_attvals,
+ $add_attr_to_tag,
+ $message,
+ $id,
+ $mailbox
+ );
+ if (preg_match("|$secremoveimg|si", $trusted)){
+ $has_unsafe_images = true;
+ }
+ return $trusted;
}
-?>
+
+?>
\ No newline at end of file