X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Fmime.php;h=b307e56025316998fd45f149ef768551adab4568;hb=7d931c2866fd42dc33caa12004b225ac653868d9;hp=c28ba03ac28919e12e155d5180a6e30e62946327;hpb=c9d78ab426643e10c76057873f6a4a284595473a;p=squirrelmail.git
diff --git a/functions/mime.php b/functions/mime.php
index c28ba03a..b307e560 100644
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -15,31 +15,6 @@
require_once('../functions/imap.php');
require_once('../functions/attachment_common.php');
-/** Setting up the objects that have the structure for the message **/
-class msg_header {
- /** msg_header contains generic variables for values that **/
- /** could be in a header. **/
-
- var $type0 = '', $type1 = '', $boundary = '', $charset = '',
- $encoding = '', $size = 0, $to = array(), $from = '', $date = '',
- $cc = array(), $bcc = array(), $reply_to = '', $subject = '',
- $id = 0, $mailbox = '', $description = '', $filename = '',
- $entity_id = 0, $message_id = 0, $name = '', $priority = 3, $type = '';
-}
-
-class message {
- /** message is the object that contains messages. It is a recursive
- object in that through the $entities variable, it can contain
- more objects of type message. See documentation in mime.txt for
- a better description of how this works.
- **/
- var $header = '', $entities = array();
-
- function addEntity ($msg) {
- $this->entities[] = $msg;
- }
-}
-
/* --------------------------------------------------------------------------------- */
/* MIME DECODING */
/* --------------------------------------------------------------------------------- */
@@ -48,38 +23,51 @@ class message {
* It will return this object for use with all relevant header information and
* fully parsed into the standard "message" object format.
*/
-function mime_structure ($imap_stream, $header) {
-
- $ssid = sqimap_session_id();
- $lsid = strlen( $ssid );
- $id = $header->id;
- fputs ($imap_stream, "$ssid FETCH $id BODYSTRUCTURE\r\n");
- //
- // This should use sqimap_read_data instead of reading it itself
- //
- $read = fgets ($imap_stream, 9216);
- $bodystructure = '';
- while ( substr($read, 0, $lsid) <> $ssid &&
- !feof( $imap_stream ) ) {
- $bodystructure .= $read;
- $read = fgets ($imap_stream, 9216);
- }
- $read = $bodystructure;
- // isolate the body structure and remove beginning and end parenthesis
- $read = trim(substr ($read, strpos(strtolower($read), 'bodystructure') + 13));
+function mime_structure ($bodystructure, $flags=array()) {
+ // isolate the body structure and remove beginning and end parenthesis
+ $read = trim(substr ($bodystructure, strpos(strtolower($bodystructure), 'bodystructure') + 13));
+ $msg = &new message();
$read = trim(substr ($read, 0, -1));
- $end = mime_match_parenthesis(0, $read);
- while ($end == strlen($read)-1) {
- $read = trim(substr ($read, 0, -1));
- $read = trim(substr ($read, 1));
- $end = mime_match_parenthesis(0, $read);
+ $res = $msg->parseStructure($read);
+ $msg = $res[0];
+ $msg->setEnt('0');
+ if (count($flags)) {
+ foreach ($flags as $flag) {
+ $char = strtoupper($flag{1});
+ switch ($char) {
+ case 'S':
+ if (strtolower($flag) == '\\seen') {
+ $msg->is_seen = true;
+ }
+ break;
+ case 'A':
+ if (strtolower($flag) == '\\answered') {
+ $msg->is_answered = true;
+ }
+ break;
+ case 'D':
+ if (strtolower($flag) == '\\deleted') {
+ $msg->is_deleted = true;
+ }
+ break;
+ case 'F':
+ if (strtolower($flag) == '\\flagged') {
+ $msg->is_flagged = true;
+ }
+ break;
+ case 'M':
+ if (strtolower($flag) == '$mdnsent') {
+ $msg->is_mdnsent = true;
+ }
+ break;
+ default:
+ break;
+ }
+ }
}
-
- $msg = mime_parse_structure ($read, 0);
- $msg->header = $header;
-
+// listEntities($msg);
return( $msg );
}
@@ -91,314 +79,9 @@ function mime_structure ($imap_stream, $header) {
* then it parses it and adds the necessary header information (by calling out
* to mime_get_elements()
*/
-function mime_parse_structure ($structure, $ent_id) {
- $properties = array();
- $msg = new message();
- if ($structure{0} == '(') {
- $old_ent_id = $ent_id;
- $ent_id = mime_new_element_level($ent_id);
- $start = $end = -1;
- do {
- $start = $end+1;
- $end = mime_match_parenthesis ($start, $structure);
- /* add "forgotten" parent entities (alternative and relative) */
- if (strpos($ent_id, '0') || strpos($ent_id) == 0) {
- $str = substr($structure, $end+1 );
- $startprop = strrpos($str,'(');
- $endprop = strrpos($str,')');
- $propstr = substr($str, $startprop + 1, ($endprop - $startprop)-1);
-
- $type1 = trim(substr($str,0, $startprop));
- $pos = strrpos($type1,' ');
- $type1 = strtolower(trim(substr($type1,$pos +1)));
- $cnt = strlen($type1);
- $type1 = substr($type1,0,$cnt-1);
-
- $properties = mime_get_props($properties, $propstr);
- if (count($properties)>0) {
- $msg->header->entity_id = $old_ent_id;
- $msg->header->type0 = 'multipart';
- $msg->header->type1 = $type1;
- }
- for ($i=0; $i < count($properties); $i++) {
- $msg->header->{$properties[$i]['name']} = $properties[$i]['value'];
- $name = $properties[$i]['name'];
- $value = $properties[$i]['value'];
- }
- }
-
- $element = substr($structure, $start+1, ($end - $start)-1);
-
- $ent_id = mime_increment_id ($ent_id);
- $newmsg = mime_parse_structure ($element, $ent_id);
- $msg->addEntity ($newmsg);
-
- } while ($structure{$end+1} == '(');
- } else {
- // parse the elements
- $msg = mime_get_element ($structure, $msg, $ent_id);
- }
- return $msg;
-}
-
-/* Increments the element ID. An element id can look like any of
- * the following: 1, 1.2, 4.3.2.4.1, etc. This function increments
- * the last number of the element id, changing 1.2 to 1.3.
- */
-function mime_increment_id ($id) {
-
- if (strpos($id, '.')) {
- $first = substr($id, 0, strrpos($id, '.'));
- $last = substr($id, strrpos($id, '.')+1);
- $last++;
- $new = $first . '.' .$last;
- } else {
- $new = $id + 1;
- }
-
- return $new;
-}
-
-/*
- * See comment for mime_increment_id().
- * This adds another level on to the entity_id changing 1.3 to 1.3.0
- * NOTE: 1.3.0 is not a valid element ID. It MUST be incremented
- * before it can be used. I left it this way so as not to have
- * to make a special case if it is the first entity_id. It
- * always increments it, and that works fine.
- */
-function mime_new_element_level ($id) {
-
- if (!$id) {
- $id = 0;
- } else {
- $id = $id . '.0';
- }
-
- return( $id );
-}
-
-function mime_get_element (&$structure, $msg, $ent_id) {
-
- $elem_num = 1;
- $msg->header = new msg_header();
- $msg->header->entity_id = $ent_id;
- $properties = array();
- while (strlen($structure) > 0) {
- $structure = trim($structure);
- $char = $structure{0};
-
- if (strtolower(substr($structure, 0, 3)) == 'nil') {
- $text = '';
- $structure = substr($structure, 3);
- } else if ($char == '"') {
- // loop through until we find the matching quote, and return that as a string
- $pos = 1;
- $text = '';
- while ( ($char = $structure{$pos} ) <> '"' && $pos < strlen($structure)) {
- $text .= $char;
- $pos++;
- }
- $structure = substr($structure, strlen($text) + 2);
- } else if ($char == '(') {
- // comment me
- $end = mime_match_parenthesis (0, $structure);
- $sub = substr($structure, 1, $end-1);
- $properties = mime_get_props($properties, $sub);
- $structure = substr($structure, strlen($sub) + 2);
- } else {
- // loop through until we find a space or an end parenthesis
- $pos = 0;
- $char = $structure{$pos};
- $text = '';
- while ($char != ' ' && $char != ')' && $pos < strlen($structure)) {
- $text .= $char;
- $pos++;
- $char = $structure{$pos};
- }
- $structure = substr($structure, strlen($text));
- }
-
- // This is where all the text parts get put into the header
- switch ($elem_num) {
- case 1:
- $msg->header->type0 = strtolower($text);
- break;
- case 2:
- $msg->header->type1 = strtolower($text);
- break;
- case 4: // Id
- // Invisimail enclose images with <>
- $msg->header->id = str_replace( '<', '', str_replace( '>', '', $text ) );
- break;
- case 5:
- $msg->header->description = $text;
- break;
- case 6:
- $msg->header->encoding = strtolower($text);
- break;
- case 7:
- $msg->header->size = $text;
- break;
- default:
- if ($msg->header->type0 == 'text' && $elem_num == 8) {
- // This is a plain text message, so lets get the number of lines
- // that it contains.
- $msg->header->num_lines = $text;
-
- } else if ($msg->header->type0 == 'message' && $msg->header->type1 == 'rfc822' && $elem_num == 8) {
- // This is an encapsulated message, so lets start all over again and
- // parse this message adding it on to the existing one.
- $structure = trim($structure);
- if ( $structure{0} == '(' ) {
- $e = mime_match_parenthesis (0, $structure);
- $structure = substr($structure, 0, $e);
- $structure = substr($structure, 1);
- $m = mime_parse_structure($structure, $msg->header->entity_id);
-
- // the following conditional is there to correct a bug that wasn't
- // incrementing the entity IDs correctly because of the special case
- // that message/rfc822 is. This fixes it fine.
- if (substr($structure, 1, 1) != '(')
- $m->header->entity_id = mime_increment_id(mime_new_element_level($ent_id));
-
- // Now we'll go through and reformat the results.
- if ($m->entities) {
- for ($i=0; $i < count($m->entities); $i++) {
- $msg->addEntity($m->entities[$i]);
- }
- } else {
- $msg->addEntity($m);
- }
- $structure = "";
- }
- }
- break;
- }
- $elem_num++;
- $text = "";
- }
- // loop through the additional properties and put those in the various headers
- for ($i=0; $i < count($properties); $i++) {
- $msg->header->{$properties[$i]['name']} = $properties[$i]['value'];
- }
-
- return $msg;
-}
-
-/*
- * I did most of the MIME stuff yesterday (June 20, 2000), but I couldn't
- * figure out how to do this part, so I decided to go to bed. I woke up
- * in the morning and had a flash of insight. I went to the white-board
- * and scribbled it out, then spent a bit programming it, and this is the
- * result. Nothing complicated, but I think my brain was fried yesterday.
- * Funny how that happens some times.
- *
- * This gets properties in a nested parenthesisized list. For example,
- * this would get passed something like: ("attachment" ("filename" "luke.tar.gz"))
- * This returns an array called $props with all paired up properties.
- * It ignores the "attachment" for now, maybe that should change later
- * down the road. In this case, what is returned is:
- * $props[0]["name"] = "filename";
- * $props[0]["value"] = "luke.tar.gz";
- */
-function mime_get_props ($props, $structure) {
-
- while (strlen($structure) > 0) {
- $structure = trim($structure);
- $char = $structure{0};
- if ($char == '"') {
- $pos = 1;
- $tmp = '';
- while ( ( $char = $structure{$pos} ) != '"' &&
- $pos < strlen($structure)) {
- $tmp .= $char;
- $pos++;
- }
- $structure = trim(substr($structure, strlen($tmp) + 2));
- $char = $structure{0};
-
- if ($char == '"') {
- $pos = 1;
- $value = '';
- while ( ( $char = $structure{$pos} ) != '"' &&
- $pos < strlen($structure) ) {
- $value .= $char;
- $pos++;
- }
- $structure = trim(substr($structure, strlen($value) + 2));
- $k = count($props);
- $props[$k]['name'] = strtolower($tmp);
- $props[$k]['value'] = $value;
- if ($structure != '') {
- mime_get_props($props, $structure);
- } else {
- return $props;
- }
- } else if ($char == '(') {
- $end = mime_match_parenthesis (0, $structure);
- $sub = substr($structure, 1, $end-1);
- if (! isset($props))
- $props = array();
- $props = mime_get_props($props, $sub);
- $structure = substr($structure, strlen($sub) + 2);
- return $props;
- }
- } else if ($char == '(') {
- $end = mime_match_parenthesis (0, $structure);
- $sub = substr($structure, 1, $end-1);
- $props = mime_get_props($props, $sub);
- $structure = substr($structure, strlen($sub) + 2);
- return $props;
- } else {
- return $props;
- }
- }
-}
-
-/*
- * Matches parenthesis. It will return the position of the matching
- * parenthesis in $structure. For instance, if $structure was:
- * ("text" "plain" ("val1name", "1") nil ... )
- * x x
- * then this would return 42 to match up those two.
- */
-function mime_match_parenthesis ($pos, $structure) {
-
- $j = strlen( $structure );
-
- // ignore all extra characters
- // If inside of a string, skip string -- Boundary IDs and other
- // things can have ) in them.
- if ( $structure{$pos} != '(' ) {
- return( $j );
- }
-
- while ( $pos < $j ) {
- $pos++;
- if ($structure{$pos} == ')') {
- return $pos;
- } elseif ($structure{$pos} == '"') {
- $pos++;
- while ( $structure{$pos} != '"' &&
- $pos < $j ) {
- if (substr($structure, $pos, 2) == '\\"') {
- $pos++;
- } elseif (substr($structure, $pos, 2) == '\\\\') {
- $pos++;
- }
- $pos++;
- }
- } elseif ( $structure{$pos} == '(' ) {
- $pos = mime_match_parenthesis ($pos, $structure);
- }
- }
- echo _("Error decoding mime structure. Report this as a bug!") . '
';
- return( $pos );
-}
-
-function mime_fetch_body($imap_stream, $id, $ent_id ) {
+function mime_fetch_body($imap_stream, $id, $ent_id) {
+ global $uid_support;
/*
* do a bit of error correction. If we couldn't find the entity id, just guess
* that it is the first one. That is usually the case anyway.
@@ -406,13 +89,13 @@ function mime_fetch_body($imap_stream, $id, $ent_id ) {
if (!$ent_id) {
$ent_id = 1;
}
-
$cmd = "FETCH $id BODY[$ent_id]";
- $data = sqimap_run_command ($imap_stream, $cmd, true, $response, $message);
-
+
+ $data = sqimap_run_command ($imap_stream, $cmd, true, $response, $message, $uid_support);
do {
$topline = trim(array_shift( $data ));
} while( $topline && $topline[0] == '*' && !preg_match( '/\* [0-9]+ FETCH.*/i', $topline )) ;
+
$wholemessage = implode('', $data);
if (ereg('\\{([^\\}]*)\\}', $topline, $regs)) {
@@ -422,33 +105,7 @@ function mime_fetch_body($imap_stream, $id, $ent_id ) {
in order to parse html messages. Let's get them here.
*/
if ( $ret{0} == '<' ) {
- $data = sqimap_run_command ($imap_stream, "FETCH $id BODY[$ent_id.MIME]", true, $response, $message);
- /* BASE within HTML documents is illegal (see w3 spec)
-* $base = '';
-* $k = 10;
-* foreach( $data as $d ) {
-* if ( substr( $d, 0, 13 ) == 'Content-Base:' ) {
-* $j = strlen( $d );
-* $i = 13;
-* $base = '';
-* while ( $i < $j &&
-* ( !isNoSep( $d{$i} ) || $d{$i} == '"' ) )
-* $i++;
-* while ( $i < $j ) {
-* if ( isNoSep( $d{$i} ) )
-* $base .= $d{$i};
-* $i++;
-* }
-* $k = 0;
-* } elseif ( $k == 1 && !isnosep( $d{0} ) ) {
-* $base .= substr( $d, 1 );
-* }
-* $k++;
-* }
-* if ( $base <> '' ) {
-* $ret = "" . $ret;
-* }
-* */
+ $data = sqimap_run_command ($imap_stream, "FETCH $id BODY[$ent_id.MIME]", true, $response, $message, $uid_support);
}
} else if (ereg('"([^"]*)"', $topline, $regs)) {
$ret = $regs[1];
@@ -477,7 +134,7 @@ function mime_fetch_body($imap_stream, $id, $ent_id ) {
'
' . _("FETCH line:") . " | $topline | " .
"
";
- $data = sqimap_run_command ($imap_stream, "FETCH $passed_id BODY[]", true, $response, $message);
+ $data = sqimap_run_command ($imap_stream, "FETCH $passed_id BODY[]", true, $response, $message, $uid_support);
array_shift($data);
$wholemessage = implode('', $data);
@@ -487,147 +144,126 @@ function mime_fetch_body($imap_stream, $id, $ent_id ) {
}
function mime_print_body_lines ($imap_stream, $id, $ent_id, $encoding) {
+ global $uid_support;
// do a bit of error correction. If we couldn't find the entity id, just guess
// that it is the first one. That is usually the case anyway.
if (!$ent_id) {
$ent_id = 1;
}
- $sid = sqimap_session_id();
+ $sid = sqimap_session_id($uid_support);
// Don't kill the connection if the browser is over a dialup
// and it would take over 30 seconds to download it.
- // don´t call set_time_limit in safe mode.
+ // don´t call set_time_limit in safe mode.
if (!ini_get("safe_mode")) {
set_time_limit(0);
}
+ if ($uid_support) {
+ $sid_s = substr($sid,0,strpos($sid, ' '));
+ } else {
+ $sid_s = $sid;
+ }
+ $body = mime_fetch_body ($imap_stream, $id, $ent_id);
+ echo decodeBody($body, $encoding);
+ return;
+/*
fputs ($imap_stream, "$sid FETCH $id BODY[$ent_id]\r\n");
$cnt = 0;
$continue = true;
- $read = fgets ($imap_stream,4096);
+ $read = fgets ($imap_stream,8192);
+
+
// This could be bad -- if the section has sqimap_session_id() . ' OK'
// or similar, it will kill the download.
- while (!ereg("^".$sid." (OK|BAD|NO)(.*)$", $read, $regs)) {
- if (trim($read) == ')==') {
- $read1 = $read;
- $read = fgets ($imap_stream,4096);
- if (ereg("^".$sid." (OK|BAD|NO)(.*)$", $read, $regs)) {
- return;
- } else {
- echo decodeBody($read1, $encoding) .
- decodeBody($read, $encoding);
- }
- } else if ($cnt) {
- echo decodeBody($read, $encoding);
- }
- $read = fgets ($imap_stream,4096);
- $cnt++;
+ while (!ereg("^".$sid_s." (OK|BAD|NO)(.*)$", $read, $regs)) {
+ if (trim($read) == ')==') {
+ $read1 = $read;
+ $read = fgets ($imap_stream,4096);
+ if (ereg("^".$sid." (OK|BAD|NO)(.*)$", $read, $regs)) {
+ return;
+ } else {
+ echo decodeBody($read1, $encoding) .
+ decodeBody($read, $encoding);
+ }
+ } else if ($cnt) {
+ echo decodeBody($read, $encoding);
+ }
+ $read = fgets ($imap_stream,4096);
+ $cnt++;
+// break;
}
+*/
}
/* -[ END MIME DECODING ]----------------------------------------------------------- */
-
-
-/* This is the first function called. It decides if this is a multipart
- message or if it should be handled as a single entity
+/* findDisplayEntity
+ * Checks to see if $message contains content of type $type0/$type1
+ * returns the first entity number it finds of that type, or NULL if
+ * none is found. Takes optional argument $start to allow the caller
+ * to continue where they left off
*/
-function decodeMime ($imap_stream, &$header) {
- global $username, $key, $imapServerAddress, $imapPort;
- return mime_structure ($imap_stream, $header);
-}
-
-// This is here for debugging purposese. It will print out a list
-// of all the entity IDs that are in the $message object.
-
-function listEntities ($message) {
-if ($message) {
- if ($message->header->entity_id)
- echo "" . $message->header->entity_id . ' : ' . $message->header->type0 . '/' . $message->header->type1 . '
';
- for ($i = 0; $message->entities[$i]; $i++) {
- $msg = listEntities($message->entities[$i], $ent_id);
- if ($msg)
- return $msg;
- }
-}
-}
-
-
-/* returns a $message object for a particular entity id */
-function getEntity ($message, $ent_id) {
+function findDisplayEntity($message, $type0, $type1, $start=0) {
if ($message) {
- if ($message->header->entity_id == $ent_id && strlen($ent_id) == strlen($message->header->entity_id))
- {
- return $message;
- } else {
- for ($i = 0; isset($message->entities[$i]); $i++) {
- $msg = getEntity ($message->entities[$i], $ent_id);
- if ($msg) {
- return $msg;
- }
+ for ($i = $start;isset($message->entities[$i]); $i++) {
+ $entity = $message->entities[$i];
+ if ($entity->type0 == $type0 && $entity->type1 == $type1) {
+ return $i;
}
}
}
+ return NULL;
}
-/*
- * figures out what entity to display and returns the $message object
- * for that entity.
- */
-function findDisplayEntity ($msg, $textOnly = 1) {
- global $show_html_default;
-
- $entity = 0;
-
- if ($msg) {
- if ( $msg->header->type0 == 'multipart' &&
- ( $msg->header->type1 == 'alternative' ||
- $msg->header->type1 == 'mixed' ||
- $msg->header->type1 == 'related' ) &&
- $show_html_default && ! $textOnly ) {
- $entity = findDisplayEntityHTML($msg);
- }
+// This is here for debugging purposese. It will print out a list
+// of all the entity IDs that are in the $message object.
- // Show text/plain or text/html -- the first one we find.
- if ( $entity == 0 &&
- $msg->header->type0 == 'text' &&
- ( $msg->header->type1 == 'plain' ||
- $msg->header->type1 == 'html' ) &&
- isset($msg->header->entity_id) ) {
- $entity = $msg->header->entity_id;
- }
+function listEntities ($message) {
+ if ($message) {
+ echo "" . $message->entity_id . ' : ' . $message->type0 . '/' . $message->type1 . ' parent = '. $message->parent->entity_id. '
';
+ for ($i = 0;isset($message->entities[$i]); $i++) {
+ echo "$i : ";
+ $msg = listEntities($message->entities[$i]);
- $i = 0;
- while ($entity == 0 && isset($msg->entities[$i]) ) {
- $entity = findDisplayEntity($msg->entities[$i], $textOnly);
- $i++;
- }
+ if ($msg) {
+ echo "return: ";
+ return $msg;
+ }
}
-
- return( $entity );
+ }
}
-/* Shows the HTML version */
-function findDisplayEntityHTML ($message) {
+function getPriorityStr($priority) {
+ $priority_level = substr($priority,0,1);
- if ( $message->header->type0 == 'text' &&
- $message->header->type1 == 'html' &&
- isset($message->header->entity_id)) {
- return $message->header->entity_id;
- }
- for ($i = 0; isset($message->entities[$i]); $i ++) {
- if ( $message->header->type0 == 'message' &&
- $message->header->type1 == 'rfc822' &&
- isset($message->header->entity_id)) {
- return 0;
- }
- $entity = findDisplayEntityHTML($message->entities[$i]);
- if ($entity != 0) {
- return $entity;
- }
- }
+ switch($priority_level) {
+ /* check for a higher then normal priority. */
+ case '1':
+ case '2':
+ $priority_string = _("High");
+ break;
+
+ /* check for a lower then normal priority. */
+ case '4':
+ case '5':
+ $priority_string = _("Low");
+ break;
+
+ /* check for a normal priority. */
+ case '3':
+ default:
+ $priority_level = '3';
+ $priority_string = _("Normal");
+ break;
+
+ }
+ return $priority_string;
+}
- return 0;
+/* returns a $message object for a particular entity id */
+function getEntity ($message, $ent_id) {
+ return $message->getEntity($ent_id);
}
/*
@@ -685,291 +321,186 @@ function translateText(&$body, $wrap_at, $charset) {
$body = '' . implode("\n", $body_ary) . '
';
}
-/* debugfunction for looping through entities and displaying correct entities */
-function listMyEntities ($message) {
-
-if ($message) {
- if ($message->header->entity_id) {
- echo "" . $message->header->entity_id . ' : ' . $message->header->type0 . '/' . $message->header->type1 . '
';
- }
- if (!($message->header->type0 == 'message' && $message->header->type1 == 'rfc822')) {
- if (isset($message->header->boundary) ) {
- $ent_id = $message->header->entity_id;
- $var = $message->header->boundary;
- if ($var !='')
- echo "$ent_id boundary = $var
";
- }
- if (isset($message->header->type) ) {
- $var = $message->header->type;
- if ($var !='')
- echo "$ent_id type = $var
";
- }
- for ($i = 0; $message->entities[$i]; $i++) {
- $msg = listMyEntities($message->entities[$i]);
- }
-
- if ($msg ) return $msg;
- }
-}
-
-}
-
-
/* This returns a parsed string called $body. That string can then
be displayed as the actual message in the HTML. It contains
everything needed, including HTML Tags, Attachments at the
bottom, etc.
*/
-function formatBody($imap_stream, $message, $color, $wrap_at) {
+function formatBody($imap_stream, $message, $color, $wrap_at, $ent_num, $id, $mailbox='INBOX') {
// this if statement checks for the entity to show as the
// primary message. To add more of them, just put them in the
// order that is their priority.
- global $startMessage, $username, $key, $imapServerAddress, $imapPort, $body,
+ global $startMessage, $username, $key, $imapServerAddress, $imapPort,
$show_html_default, $has_unsafe_images, $view_unsafe_images, $sort;
- $has_unsafe_images = 0;
-
- $id = $message->header->id;
-
- $urlmailbox = urlencode($message->header->mailbox);
-// ListMyEntities($message);
- // Get the right entity and redefine message to be this entity
- // Pass the 0 to mean that we want the 'best' viewable one
- $ent_num = findDisplayEntity ($message, 0);
+ $has_unsafe_images= 0;
+ $body = '';
+ $urlmailbox = urlencode($mailbox);
$body_message = getEntity($message, $ent_num);
if (($body_message->header->type0 == 'text') ||
($body_message->header->type0 == 'rfc822')) {
- $body = mime_fetch_body ($imap_stream, $id, $ent_num);
+ $body = mime_fetch_body ($imap_stream, $id, $ent_num);
$body = decodeBody($body, $body_message->header->encoding);
$hookResults = do_hook("message_body", $body);
$body = $hookResults[1];
+
// If there are other types that shouldn't be formatted, add
// them here
if ($body_message->header->type1 == 'html') {
+ $body = charset_decode_japanese($body);
if ( $show_html_default <> 1 ) {
$body = strip_tags( $body );
- translateText($body, $wrap_at, $body_message->header->charset);
+ translateText($body, $wrap_at,
+ $body_message->header->getParameter['charset']);
} else {
- $body = MagicHTML( $body, $id );
+ $body = magicHTML( $body, $id, $message, $mailbox );
}
} else {
- translateText($body, $wrap_at, $body_message->header->charset);
+ translateText($body, $wrap_at,
+ $body_message->header->getParameter('charset'));
}
- $body .= "". _("Download this as a file") ."
";
if ($has_unsafe_images) {
if ($view_unsafe_images) {
- $body .= "". _("Hide Unsafe Images") ."
\n";
+ $body .= "entity_id."&mailbox=$urlmailbox&sort=$sort&startMessage=$startMessage&show_more=0\">". _("Hide Unsafe Images") ."
\n";
} else {
- $body .= "". _("View Unsafe Images") ."
\n";
+ $body .= "entity_id."&mailbox=$urlmailbox&sort=$sort&startMessage=$startMessage&show_more=0&view_unsafe_images=1\">". _("View Unsafe Images") ."
\n";
}
- }
-
- /** Display the ATTACHMENTS: message if there's more than one part **/
- if (isset($message->entities[0])) {
- $body .= formatAttachments ($message, $ent_num, $message->header->mailbox, $id);
- }
- } else {
- $body = formatAttachments ($message, -1, $message->header->mailbox, $id);
- }
+ }
+ }
return ($body);
}
-/*
- * A recursive function that returns a list of attachments with links
- * to where to download these attachments
- */
-function formatAttachments($message, $ent_id, $mailbox, $id) {
+
+function formatAttachments($message, $exclude_id, $mailbox, $id) {
global $where, $what;
global $startMessage, $color;
static $ShownHTML = 0;
- $body = '';
- if ($ShownHTML == 0) {
-
- $ShownHTML = 1;
- $body .= "\n" .
- "\n" .
- _("Attachments") . ':' .
- " |
\n" .
- "\n" .
- formatAttachments($message, $ent_id, $mailbox, $id) .
- " |
";
-
- } else if ($message) {
- $header = $message->header;
- $type0 = strtolower($header->type0);
- $type1 = strtolower($header->type1);
- $name = decodeHeader($header->name);
-
- if ($type0 =='message' && $type1 == 'rfc822') {
-
- $filename = decodeHeader($message->header->filename);
- if (trim($filename) == '') {
- if (trim($name) == '') {
- $display_filename = 'untitled-[' . $message->header->entity_id . ']' ;
- } else {
- $display_filename = $name;
- $filename = $name;
- }
- } else {
- $display_filename = $filename;
- }
+ $att_ar = $message->getAttachments($exclude_id);
- $urlMailbox = urlencode($mailbox);
- $ent = urlencode($message->header->entity_id);
+ if (!count($att_ar)) return '';
- $DefaultLink =
- "../src/download.php?startMessage=$startMessage&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent";
- if ($where && $what) {
- $DefaultLink .= '&where=' . urlencode($where) . '&what=' . urlencode($what);
- }
- $Links['download link']['text'] = _("download");
- $Links['download link']['href'] =
- "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent";
- $ImageURL = '';
-
- /* this executes the attachment hook with a specific MIME-type.
- * if that doens't have results, it tries if there's a rule
- * for a more generic type. */
- $HookResults = do_hook("attachment $type0/$type1", $Links,
- $startMessage, $id, $urlMailbox, $ent, $DefaultLink, $display_filename, $where, $what);
- if(count($HookResults[1]) <= 1) {
- $HookResults = do_hook("attachment $type0/*", $Links,
- $startMessage, $id, $urlMailbox, $ent, $DefaultLink,
- $display_filename, $where, $what);
- }
+ $attachments = '';
- $Links = $HookResults[1];
- $DefaultLink = $HookResults[6];
+ $urlMailbox = urlencode($mailbox);
- $body .= ' | ' .
- "$display_filename | " .
- '' . show_readable_size($message->header->size) .
- ' | ' .
- "[ $type0/$type1 ] | " .
- '';
- if ($message->header->description) {
- $body .= '' . htmlspecialchars(_($message->header->description)) . '';
- }
- $body .= ' | ';
-
-
- $SkipSpaces = 1;
- foreach ($Links as $Val) {
- if ($SkipSpaces) {
- $SkipSpaces = 0;
- } else {
- $body .= ' | ';
- }
- $body .= '' . $Val['text'] . '';
- }
-
- unset($Links);
-
- $body .= " |
\n";
-
- return( $body );
-
- } elseif (!$message->entities) {
-
- $type0 = strtolower($message->header->type0);
- $type1 = strtolower($message->header->type1);
- $name = decodeHeader($message->header->name);
-
- if ($message->header->entity_id != $ent_id) {
- $filename = decodeHeader($message->header->filename);
- if (trim($filename) == '') {
- if (trim($name) == '') {
- if ( trim( $message->header->id ) == '' )
- $display_filename = 'untitled-[' . $message->header->entity_id . ']' ;
- else
- $display_filename = 'cid: ' . $message->header->id;
- // $display_filename = 'untitled-[' . $message->header->entity_id . ']' ;
- } else {
- $display_filename = $name;
- $filename = $name;
- }
+ foreach ($att_ar as $att) {
+ $ent = urldecode($att->entity_id);
+ $header = $att->header;
+ $type0 = strtolower($header->type0);
+ $type1 = strtolower($header->type1);
+ $name = '';
+ $Links['download link']['text'] = _("download");
+ $Links['download link']['href'] =
+ "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=$urlMailbox&ent_id=$ent";
+ $ImageURL = '';
+ if ($type0 =='message' && $type1 == 'rfc822') {
+ $default_page = '../src/read_body.php';
+ $rfc822_header = $att->rfc822_header;
+ $filename = decodeHeader($rfc822_header->subject);
+
+ $from_o = $rfc822_header->from;
+ if (is_object($from_o)) {
+ $from_name = $from_o->getAddress(false);
} else {
- $display_filename = $filename;
+ $from_name = _("Unknown sender");
}
+ $from_name = decodeHeader(htmlspecialchars($from_name));
+ $description = $from_name;
+ } else {
+ $default_page = '../src/download.php';
+ if (is_object($header->disposition)) {
+ $filename = decodeHeader($header->disposition->getProperty('filename'));
+ if (trim($filename) == '') {
+ $name = decodeHeader($header->disposition->getProperty('name'));
+ if (trim($name) == '') {
+ if ( trim( $header->id ) == '' )
+ $filename = 'untitled-[' . $ent . ']' ;
+ else
+ $filename = 'cid: ' . $header->id;
+ } else {
+ $filename = $name;
+ }
+ }
+ } else {
+ if ( trim( $header->id ) == '' )
+ $filename = 'untitled-[' . $ent . ']' ;
+ else
+ $filename = 'cid: ' . $header->id;
+ }
- $urlMailbox = urlencode($mailbox);
- $ent = urlencode($message->header->entity_id);
+ if ($header->description) {
+ $description = htmlspecialchars($header->description);
+ } else {
+ $description = '';
+ }
+ }
- $DefaultLink =
- "../src/download.php?startMessage=$startMessage&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent";
- if ($where && $what) {
- $DefaultLink .= '&where=' . urlencode($where) . '&what=' . urlencode($what);
- }
- $Links['download link']['text'] = _("download");
- $Links['download link']['href'] =
- "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent";
- $ImageURL = '';
-
- /* this executes the attachment hook with a specific MIME-type.
- * if that doens't have results, it tries if there's a rule
- * for a more generic type. */
- $HookResults = do_hook("attachment $type0/$type1", $Links,
- $startMessage, $id, $urlMailbox, $ent, $DefaultLink,
- $display_filename, $where, $what);
- if(count($HookResults[1]) <= 1) {
- $HookResults = do_hook("attachment $type0/*", $Links,
- $startMessage, $id, $urlMailbox, $ent, $DefaultLink,
- $display_filename, $where, $what);
- }
+ $display_filename = $filename;
+ if (isset($passed_ent_id)) {
+ $passed_ent_id_link = '&passed_ent_id='.$passed_ent_id;
+ } else {
+ $passed_ent_id_link = '';
+ }
+ $DefaultLink = $default_page . "?startMessage=$startMessage"
+ . "&passed_id=$id&mailbox=$urlMailbox"
+ . '&ent_id='.$ent.$passed_ent_id_link;
+ if ($where && $what) {
+ $DefaultLink = '&where='. urlencode($where).'&what='.urlencode($what);
+ }
+ /* this executes the attachment hook with a specific MIME-type.
+ * if that doens't have results, it tries if there's a rule
+ * for a more generic type. */
+ $HookResults = do_hook("attachment $type0/$type1", $Links,
+ $startMessage, $id, $urlMailbox, $ent, $DefaultLink,
+ $display_filename, $where, $what);
+ if(count($HookResults[1]) <= 1) {
+ $HookResults = do_hook("attachment $type0/*", $Links,
+ $startMessage, $id, $urlMailbox, $ent, $DefaultLink,
+ $display_filename, $where, $what);
+ }
- $Links = $HookResults[1];
- $DefaultLink = $HookResults[6];
+ $Links = $HookResults[1];
+ $DefaultLink = $HookResults[6];
- $body .= ' | ' .
+ $attachments .= ' |
' .
"$display_filename | " .
- '' . show_readable_size($message->header->size) .
+ '' . show_readable_size($header->size) .
' | ' .
"[ $type0/$type1 ] | " .
'';
- if ($message->header->description) {
- $body .= '' . htmlspecialchars(_($message->header->description)) . '';
- }
- $body .= ' | ';
-
+ $attachments .= '' . $description . '';
+ $attachments .= ' | ';
- $SkipSpaces = 1;
- foreach ($Links as $Val) {
- if ($SkipSpaces) {
- $SkipSpaces = 0;
- } else {
- $body .= ' | ';
- }
- $body .= '' . $Val['text'] . '';
- }
-
- unset($Links);
-
- $body .= " | |
\n";
- }
- } else {
- for ($i = 0; $i < count($message->entities); $i++) {
- $body .= formatAttachments($message->entities[$i], $ent_id, $mailbox, $id);
+ $SkipSpaces = 1;
+ foreach ($Links as $Val) {
+ if ($SkipSpaces) {
+ $SkipSpaces = 0;
+ } else {
+ $attachments .= ' | ';
}
+ $attachments .= '' . $Val['text'] . '';
}
+ unset($Links);
+ $attachments .= "\n";
}
- return( $body );
+ return $attachments;
}
-
/** this function decodes the body depending on the encoding type. **/
function decodeBody($body, $encoding) {
+
$body = str_replace("\r\n", "\n", $body);
$encoding = strtolower($encoding);
global $show_html_default;
- if ($encoding == 'quoted-printable') {
+ if ($encoding == 'quoted-printable' ||
+ $encoding == 'quoted_printable') {
$body = quoted_printable_decode($body);
-
while (ereg("=\n", $body))
$body = ereg_replace ("=\n", "", $body);
@@ -987,9 +518,18 @@ function decodeBody($body, $encoding) {
* Patched by Christian Schmidt 23/03/2002
*/
function decodeHeader ($string, $utfencode=true) {
+ global $squirrelmail_language;
if (is_array($string)) {
$string = implode("\n", $string);
}
+
+ if ($squirrelmail_language == 'ja_JP' && function_exists('mb_convert_encoding')) {
+ $string = str_replace("\t", "", $string);
+ if (eregi('=\\?([^?]+)\\?(q|b)\\?([^?]+)\\?=', $string))
+ $string = mb_decode_mimeheader($string);
+ return @mb_convert_encoding($string, 'EUC-JP', 'AUTO');
+ }
+
$i = 0;
while (preg_match('/^(.{' . $i . '})(.*)=\?([^?]*)\?(Q|B)\?([^?]*)\?=/Ui',
$string, $res)) {
@@ -1023,7 +563,11 @@ function decodeHeader ($string, $utfencode=true) {
* be encoded.
*/
function encodeHeader ($string) {
- global $default_charset;
+ global $default_charset, $squirrelmail_language;
+
+ if ($squirrelmail_language == 'ja_JP' && function_exists('mb_encode_mimeheader')) {
+ return mb_encode_mimeheader($string);
+ }
// Encode only if the string contains 8-bit characters or =?
$j = strlen( $string );
@@ -1060,419 +604,987 @@ function encodeHeader ($string) {
return( $string );
}
-/*
- Strips dangerous tags from html messages.
-*/
-function MagicHTML( $body, $id ) {
-
- global $message, $HTTP_SERVER_VARS,
- $attachment_common_show_images;
-
- $attachment_common_show_images =
- FALSE; // Don't display attached images in HTML mode
- $j = strlen( $body ); // Legnth of the HTML
- $ret = ''; // Returned string
- $bgcolor = '#ffffff'; // Background style color (defaults to white)
- $textcolor = '#000000'; // Foreground style color (defaults to black)
- $leftmargin = ''; // Left margin style
- $title = ''; // HTML title if any
+/* This function trys to locate the entity_id of a specific mime element */
- $i = 0;
- while ( $i < $j ) {
- if ( $body{$i} == '<' ) {
- $pos = $i + 1;
- $tag = '';
- while ($body{$pos} == ' ' || $body{$pos} == "\t" ||
- $body{$pos} == "\n" ) {
- $pos ++;
- }
- while (strlen($tag) < 4 && $body{$pos} != ' ' &&
- $body{$pos} != "\t" && $body{$pos} != "\n" &&
- $pos < $j ) {
- $tag .= $body{$pos};
- $pos ++;
- }
- /*
- A comment in HTML is only three characters and isn't
- guaranteed to have a space after it. This fudges so
- it will be caught by the switch statement.
- */
- if (ereg("!--", $tag)) {
- $tag = "!-- ";
- }
- switch( strtoupper( $tag ) ) {
- // Strips the entire tag and contents
- case 'APPL':
- case 'EMBE':
- case 'FRAM':
- case 'SCRI':
- case 'OBJE':
- $etg = '/' . $tag;
- while ( $body{$i+1}.$body{$i+2}.$body{$i+3}.$body{$i+4}.$body{$i+5} <> $etg &&
- $i < $j ) $i++;
- while ( $i < $j && $body{++$i} <> '>' );
- // $ret .= "";
- break;
- // Substitute Title
- case 'TITL':
- $i += 5;
- while ( $body{$i} <> '>' && //
- $i < $j )
- $i++;
- $i++;
- $title = '';
- while ( $body{$i} <> '<' && //
- $i < $j ) {
- $title .= $body{$i};
- $i++;
- }
- $i += 7;
- break;
- // Destroy these tags
- case 'HTML':
- case 'HEAD':
- case '/HTM':
- case '/HEA':
- case '!DOC':
- case 'META':
- //case 'DIV ':
- //case '/DIV':
- case '!-- ':
- $i += 4;
- while ( $body{$i} <> '>' &&
- $i < $j )
- $i++;
- // $i++;
- break;
- case 'STYL':
- $i += 5;
- while ( $body{$i} <> '>' && //
- $i < $j )
- $i++;
- $i++;
- // We parse the style to look for interesting stuff
- $styleblk = '';
- while ( $body{$i} <> '>' &&
- $i < $j ) {
- // First we get the name of the style
- $style = '';
- while ( $body{$i} <> '>' &&
- $body{$i} <> '<' &&
- $body{$i} <> '{' &&
- $i < $j ) {
- if ( isnoSep( $body{$i} ) )
- $style .= $body{$i};
- $i++;
- }
- stripComments( $i, $j, $body );
- $style = strtoupper( trim( $style ) );
- if ( $style == 'BODY' ) {
- // Next we look into the definitions of the body style
- while ( $body{$i} <> '>' &&
- $body{$i} <> '}' &&
- $i < $j ) {
- // We look for the background color if any.
- if ( substr( $body, $i, 17 ) == 'BACKGROUND-COLOR:' ) {
- $i += 17;
- $bgcolor = getStyleData( $i, $j, $body );
- } elseif ( substr( $body, $i, 12 ) == 'MARGIN-LEFT:' ) {
- $i += 12;
- $leftmargin = getStyleData( $i, $j, $body );
- }
- $i++;
- }
- } else {
- // Other style are mantained
- $styleblk .= "$style ";
- while ( $body{$i} <> '>' &&
- $body{$i} <> '<' &&
- $body{$i} <> '}' &&
- $i < $j ) {
- $styleblk .= $body{$i};
- $i++;
- }
- $styleblk .= $body{$i};
- }
- stripComments( $i, $j, $body );
- if ( $body{$i} <> '>' )
- $i++;
- }
- if ( $styleblk <> '' )
- $ret .= "
+ * @return a string with edited content.
+ */
+function sq_fixstyle($message, $id, $content){
+ global $view_unsafe_images;
+ $me = "sq_fixstyle";
+ /**
+ * First look for general BODY style declaration, which would be
+ * like so:
+ * body {background: blah-blah}
+ * and change it to .bodyclass so we can just assign it to a
+ */
+ $content = preg_replace("|body(\s*\{.*?\})|si", ".bodyclass\\1", $content);
+ $secremoveimg = "../images/" . _("sec_remove_eng.png");
+ /**
+ * Fix url('blah') declarations.
+ */
+ $content = preg_replace("|url\(([\'\"])\s*\S+script\s*:.*?([\'\"])\)|si",
+ "url(\\1$secremoveimg\\2)", $content);
+ /**
+ * Fix url('https*://.*) declarations but only if $view_unsafe_images
+ * is false.
+ */
+ if (!$view_unsafe_images){
+ $content = preg_replace("|url\(([\'\"])\s*https*:.*?([\'\"])\)|si",
+ "url(\\1$secremoveimg\\2)", $content);
+ }
+
+ /**
+ * Fix urls that refer to cid:
+ */
+ while (preg_match("|url\(([\'\"]\s*cid:.*?[\'\"])\)|si", $content,
+ $matches)){
+ $cidurl = $matches{1};
+ $httpurl = sq_cid2http($message, $id, $cidurl);
+ $content = preg_replace("|url\($cidurl\)|si",
+ "url($httpurl)", $content);
+ }
-/* This function trys to locate the entity_id of a specific mime element */
+ /**
+ * Fix stupid css declarations which lead to vulnerabilities
+ * in IE.
+ */
+ $match = Array('/expression/si',
+ '/behaviou*r/si',
+ '/binding/si');
+ $replace = Array('idiocy', 'idiocy', 'idiocy');
+ $content = preg_replace($match, $replace, $content);
+ return $content;
+}
-function find_ent_id( $id, $message ) {
- $ret = '';
- for ($i=0; $ret == '' && $i < count($message->entities); $i++) {
- if ( $message->entities[$i]->header->entity_id == '' || $message->entities[$i]->header->type ) {
- $ret = find_ent_id( $id, $message->entities[$i] );
- } else {
- if ( strcasecmp( $message->entities[$i]->header->id, $id ) == 0 )
- $ret = $message->entities[$i]->header->entity_id;
+/**
+ * This function converts cid: url's into the ones that can be viewed in
+ * the browser.
+ *
+ * @param $message the message object
+ * @param $id the message id
+ * @param $cidurl the cid: url.
+ * @return a string with a http-friendly url
+ */
+function sq_cid2http($message, $id, $cidurl, $mailbox){
+ /**
+ * Get rid of quotes.
+ */
+ $quotchar = substr($cidurl, 0, 1);
+ $cidurl = str_replace($quotchar, "", $cidurl);
+ $cidurl = substr(trim($cidurl), 4);
+ $httpurl = $quotchar . "../src/download.php?absolute_dl=true&" .
+ "passed_id=$id&mailbox=" . urlencode($mailbox) .
+ "&ent_id=" . find_ent_id($cidurl, $message) . $quotchar;
+ return $httpurl;
+}
+
+/**
+ * This function changes the tag into a
tag since we
+ * can't really have a body-within-body.
+ *
+ * @param $attary an array of attributes and values of
+ * @return a modified array of attributes to be set for
+ */
+function sq_body2div($attary){
+ $me = "sq_body2div";
+ $divattary = Array("class"=>"'bodyclass'");
+ $bgcolor="#ffffff";
+ $text="#000000";
+ $styledef="";
+ if (is_array($attary) && sizeof($attary) > 0){
+ foreach ($attary as $attname=>$attvalue){
+ $quotchar = substr($attvalue, 0, 1);
+ $attvalue = str_replace($quotchar, "", $attvalue);
+ switch ($attname){
+ case "background":
+ $styledef .= "background-image: url('$attvalue'); ";
+ break;
+ case "bgcolor":
+ $styledef .= "background-color: $attvalue; ";
+ break;
+ case "text":
+ $styledef .= "color: $attvalue; ";
+ }
+ }
+ if (strlen($styledef) > 0){
+ $divattary{"style"} = "\"$styledef\"";
}
+ }
+ return $divattary;
+}
+/**
+ * This is the main function and the one you should actually be calling.
+ * There are several variables you should be aware of an which need
+ * special description.
+ *
+ * Since the description is quite lengthy, see it here:
+ * http://www.mricon.com/html/phpfilter.html
+ *
+ * @param $body the string with HTML you wish to filter
+ * @param $tag_list see description above
+ * @param $rm_tags_with_content see description above
+ * @param $self_closing_tags see description above
+ * @param $force_tag_closing see description above
+ * @param $rm_attnames see description above
+ * @param $bad_attvals see description above
+ * @param $add_attr_to_tag see description above
+ * @param $message message object
+ * @param $id message id
+ * @return sanitized html safe to show on your pages.
+ */
+function sq_sanitize($body,
+ $tag_list,
+ $rm_tags_with_content,
+ $self_closing_tags,
+ $force_tag_closing,
+ $rm_attnames,
+ $bad_attvals,
+ $add_attr_to_tag,
+ $message,
+ $id,
+ $mailbox
+ ){
+ $me = "sq_sanitize";
+ /**
+ * Normalize rm_tags and rm_tags_with_content.
+ */
+ @array_walk($rm_tags, 'sq_casenormalize');
+ @array_walk($rm_tags_with_content, 'sq_casenormalize');
+ @array_walk($self_closing_tags, 'sq_casenormalize');
+ /**
+ * See if tag_list is of tags to remove or tags to allow.
+ * false means remove these tags
+ * true means allow these tags
+ */
+ $rm_tags = array_shift($tag_list);
+ $curpos = 0;
+ $open_tags = Array();
+ $trusted = "\n";
+ $skip_content = false;
+ /**
+ * Take care of netscape's stupid javascript entities like
+ * &{alert('boo')};
+ */
+ $body = preg_replace("/&(\{.*?\};)/si", "&\\1", $body);
+
+ while (($curtag=sq_getnxtag($body, $curpos)) != FALSE){
+ list($tagname, $attary, $tagtype, $lt, $gt) = $curtag;
+ $free_content = substr($body, $curpos, $lt-$curpos);
+ /**
+ * Take care of . Edit the
+ * content before we apply it.
+ */
+ $free_content = sq_fixstyle($message, $id, $free_content);
+ }
+ if ($skip_content == false){
+ $trusted .= $free_content;
+ } else {
+ }
+ if ($tagname != FALSE){
+ if ($tagtype == 2){
+ if ($skip_content == $tagname){
+ /**
+ * Got to the end of tag we needed to remove.
+ */
+ $tagname = false;
+ $skip_content = false;
+ } else {
+ if ($skip_content == false){
+ if ($tagname == "body"){
+ $tagname = "div";
+ } else {
+ if (isset($open_tags{$tagname}) &&
+ $open_tags{$tagname} > 0){
+ $open_tags{$tagname}--;
+ } else {
+ $tagname = false;
+ }
+ }
+ } else {
+ }
+ }
+ } else {
+ /**
+ * $rm_tags_with_content
+ */
+ if ($skip_content == false){
+ /**
+ * See if this is a self-closing type and change
+ * tagtype appropriately.
+ */
+ if ($tagtype == 1
+ && in_array($tagname, $self_closing_tags)){
+ $tagtype=3;
+ }
+ /**
+ * See if we should skip this tag and any content
+ * inside it.
+ */
+ if ($tagtype == 1 &&
+ in_array($tagname, $rm_tags_with_content)){
+ $skip_content = $tagname;
+ } else {
+ if (($rm_tags == false
+ && in_array($tagname, $tag_list)) ||
+ ($rm_tags == true &&
+ !in_array($tagname, $tag_list))){
+ $tagname = false;
+ } else {
+ if ($tagtype == 1){
+ if (isset($open_tags{$tagname})){
+ $open_tags{$tagname}++;
+ } else {
+ $open_tags{$tagname}=1;
+ }
+ }
+ /**
+ * This is where we run other checks.
+ */
+ if (is_array($attary) && sizeof($attary) > 0){
+ $attary = sq_fixatts($tagname,
+ $attary,
+ $rm_attnames,
+ $bad_attvals,
+ $add_attr_to_tag,
+ $message,
+ $id,
+ $mailbox
+ );
+ }
+ /**
+ * Convert body into div.
+ */
+ if ($tagname == "body"){
+ $tagname = "div";
+ $attary = sq_body2div($attary, $message, $id);
+ }
+ }
+ }
+ } else {
+ }
+ }
+ if ($tagname != false && $skip_content == false){
+ $trusted .= sq_tagprint($tagname, $attary, $tagtype);
+ }
+ } else {
+ }
+ $curpos = $gt+1;
+ }
+ $trusted .= substr($body, $curpos, strlen($body)-$curpos);
+ if ($force_tag_closing == true){
+ foreach ($open_tags as $tagname=>$opentimes){
+ while ($opentimes > 0){
+ $trusted .= '' . $tagname . '>';
+ $opentimes--;
+ }
+ }
+ $trusted .= "\n";
}
+ $trusted .= "\n";
+ return $trusted;
+}
- return( $ret );
+/**
+ * This is a wrapper function to call html sanitizing routines.
+ *
+ * @param $body the body of the message
+ * @param $id the id of the message
+ * @return a string with html safe to display in the browser.
+ */
+function magicHTML($body, $id, $message, $mailbox = 'INBOX'){
+ global $attachment_common_show_images, $view_unsafe_images,
+ $has_unsafe_images;
+ /**
+ * Don't display attached images in HTML mode.
+ */
+ $attachment_common_show_images = false;
+ $tag_list = Array(
+ false,
+ "object",
+ "meta",
+ "html",
+ "head",
+ "base",
+ "link"
+ );
+
+ $rm_tags_with_content = Array(
+ "script",
+ "applet",
+ "embed",
+ "title"
+ );
+
+ $self_closing_tags = Array(
+ "img",
+ "br",
+ "hr",
+ "input"
+ );
+
+ $force_tag_closing = false;
+
+ $rm_attnames = Array(
+ "/.*/" =>
+ Array(
+ "/target/si",
+ "/^on.*/si",
+ "/^dynsrc/si",
+ "/^data.*/si"
+ )
+ );
+
+ $secremoveimg = "../images/" . _("sec_remove_eng.png");
+ $bad_attvals = Array(
+ "/.*/" =>
+ Array(
+ "/^src|background/i" =>
+ Array(
+ Array(
+ "|^([\'\"])\s*\.\./.*([\'\"])|si",
+ "/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
+ "/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
+ "/^([\'\"])\s*about\s*:.*([\'\"])/si"
+ ),
+ Array(
+ "\\1$secremoveimg\\2",
+ "\\1$secremoveimg\\2",
+ "\\1$secremoveimg\\2",
+ "\\1$secremoveimg\\2"
+ )
+ ),
+ "/^href|action/i" =>
+ Array(
+ Array(
+ "|^([\'\"])\s*\.\./.*([\'\"])|si",
+ "/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
+ "/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
+ "/^([\'\"])\s*about\s*:.*([\'\"])/si"
+ ),
+ Array(
+ "\\1#\\2",
+ "\\1#\\2",
+ "\\1#\\2",
+ "\\1#\\2"
+ )
+ ),
+ "/^style/si" =>
+ Array(
+ Array(
+ "/expression/si",
+ "/binding/si",
+ "/behaviou*r/si",
+ "|url\(([\'\"])\s*\.\./.*([\'\"])\)|si",
+ "/url\(([\'\"])\s*\S+script\s*:.*([\'\"])\)/si",
+ "/url\(([\'\"])\s*mocha\s*:.*([\'\"])\)/si",
+ "/url\(([\'\"])\s*about\s*:.*([\'\"])\)/si"
+ ),
+ Array(
+ "idiocy",
+ "idiocy",
+ "idiocy",
+ "url(\\1#\\2)",
+ "url(\\1#\\2)",
+ "url(\\1#\\2)",
+ "url(\\1#\\2)"
+ )
+ )
+ )
+ );
+ if (!$view_unsafe_images){
+ /**
+ * Remove any references to http/https if view_unsafe_images set
+ * to false.
+ */
+ array_push($bad_attvals{'/.*/'}{'/^src|background/i'}[0],
+ '/^([\'\"])\s*https*:.*([\'\"])/si');
+ array_push($bad_attvals{'/.*/'}{'/^src|background/i'}[1],
+ "\\1$secremoveimg\\2");
+ array_push($bad_attvals{'/.*/'}{'/^style/si'}[0],
+ '/url\(([\'\"])\s*https*:.*([\'\"])\)/si');
+ array_push($bad_attvals{'/.*/'}{'/^style/si'}[1],
+ "url(\\1$secremoveimg\\2)");
+ }
+ $add_attr_to_tag = Array(
+ "/^a$/si" => Array('target'=>'"_new"')
+ );
+ $trusted = sq_sanitize($body,
+ $tag_list,
+ $rm_tags_with_content,
+ $self_closing_tags,
+ $force_tag_closing,
+ $rm_attnames,
+ $bad_attvals,
+ $add_attr_to_tag,
+ $message,
+ $id,
+ $mailbox
+ );
+ if (preg_match("|$secremoveimg|si", $trusted)){
+ $has_unsafe_images = true;
+ }
+ return $trusted;
}
+
?>