| ';
- $body .= "$display_filename | ";
- $body .= '' . show_readable_size($message->header->size) .
- ' | ';
- $body .= "[ $type0/$type1 ] | ";
- $body .= '';
+ $body .= ' | ' .
+ "$display_filename | " .
+ '' . show_readable_size($message->header->size) .
+ ' | ' .
+ "[ $type0/$type1 ] | " .
+ '';
if ($message->header->description)
$body .= '' . htmlspecialchars($message->header->description) . '';
$body .= ' | ';
-
-
+
+
$SkipSpaces = 1;
- foreach ($Links as $Val)
- {
- if ($SkipSpaces)
- {
+ foreach ($Links as $Val) {
+ if ($SkipSpaces) {
$SkipSpaces = 0;
- }
- else
- {
+ } else {
$body .= ' | ';
}
$body .= '' . $Val['text'] . '';
}
-
+
unset($Links);
-
+
$body .= " | \n";
}
- return $body;
} else {
for ($i = 0; $i < count($message->entities); $i++) {
$body .= formatAttachments ($message->entities[$i], $ent_id, $mailbox, $id);
}
- return $body;
}
+ return( $body );
}
}
@@ -679,12 +719,20 @@
$body = str_replace("\r\n", "\n", $body);
$encoding = strtolower($encoding);
- if ($encoding == "quoted-printable") {
- $body = quoted_printable_decode($body);
+ global $show_html_default;
+ if ($encoding == 'quoted-printable') {
+ $body = quoted_printable_decode($body);
+
+
+ /*
+ Following code has been comented as I see no reason for it.
+ If there is any please tell me a mingo@rotedic.com
+
while (ereg("=\n", $body))
$body = ereg_replace ("=\n", "", $body);
- } else if ($encoding == "base64") {
+ */
+ } else if ($encoding == 'base64') {
$body = base64_decode($body);
}
@@ -693,20 +741,20 @@
}
- // This functions decode strings that is encoded according to
+ // This functions decode strings that is encoded according to
// RFC1522 (MIME Part Two: Message Header Extensions for Non-ASCII Text).
function decodeHeader ($string) {
- if (eregi('=\\?([^?]+)\\?(q|b)\\?([^?]+)\\?=',
+ if (eregi('=\\?([^?]+)\\?(q|b)\\?([^?]+)\\?=',
$string, $res)) {
if (ucfirst($res[2]) == "B") {
$replace = base64_decode($res[3]);
} else {
$replace = ereg_replace("_", " ", $res[3]);
- // Convert lowercase Quoted Printable to uppercase for
- // quoted_printable_decode to understand it.
- while (ereg("(=(([0-9][abcdef])|([abcdef][0-9])|([abcdef][abcdef])))", $replace, $res)) {
- $replace = str_replace($res[1], strtoupper($res[1]), $replace);
- }
+ // Convert lowercase Quoted Printable to uppercase for
+ // quoted_printable_decode to understand it.
+ while (ereg("(=(([0-9][abcdef])|([abcdef][0-9])|([abcdef][abcdef])))", $replace, $res)) {
+ $replace = str_replace($res[1], strtoupper($res[1]), $replace);
+ }
$replace = quoted_printable_decode($replace);
}
@@ -718,7 +766,7 @@
// In case there should be more encoding in the string: recurse
return (decodeHeader($string));
- } else
+ } else
return ($string);
}
@@ -728,27 +776,375 @@
function encodeHeader ($string) {
global $default_charset;
- // Encode only if the string contains 8-bit characters or =?
- if (ereg("([\200-\377]|=\\?)", $string)) {
-
- // First the special characters
- $string = str_replace("=", "=3D", $string);
- $string = str_replace("?", "=3F", $string);
- $string = str_replace("_", "=5F", $string);
- $string = str_replace(" ", "_", $string);
-
- for ( $ch = 127 ; $ch <= 255 ; $ch++ ) {
- $replace = chr($ch);
- $insert = sprintf("=%02X", $ch);
- $string = str_replace($replace, $insert, $string);
- }
+ // Encode only if the string contains 8-bit characters or =?
+ $j = strlen( $string );
+ $l = FALSE; // Must be encoded ?
+ $ret = '';
+ for( $i=0; $i < $j; ++$i) {
+ switch( $string{$i} ) {
+ case '=':
+ $ret .= '=3D';
+ break;
+ case '?':
+ $l = TRUE;
+ $ret .= '=3F';
+ break;
+ case '_':
+ $ret .= '=5F';
+ break;
+ case ' ':
+ $ret .= '_';
+ break;
+ default:
+ $k = ord( $string{$i} );
+ if( $k > 126 ) {
+ $ret .= sprintf("=%02X", $k);
+ $l = TRUE;
+ } else
+ $ret .= $string{$i};
+ }
+ }
- $newstring = "=?$default_charset?Q?".$string."?=";
-
- return $newstring;
- }
+ if( $l )
+ $string = "=?$default_charset?Q?$ret?=";
+
+ return( $string );
+ }
+
+ /*
+ Strips dangerous tags from html messages.
+ */
+
+ function MagicHTML( $body, $id ) {
- return $string;
+ global $message, $PHP_SELF, $HTTP_SERVER_VARS;
+
+ $j = strlen( $body ); // Legnth of the HTML
+ $ret = ''; // Returned string
+ $bgcolor = '#ffffff'; // Background style color (defaults to white)
+ $textcolor = '#000000'; // Foreground style color (defaults to black)
+ $leftmargin = ''; // Left margin style
+ $title = ''; // HTML title if any
+
+ $i = 0;
+ while( $i < $j ) {
+ if( $body{$i} == '<' ) {
+ $pos = $i + 1;
+ $tag = '';
+ while ($body{$pos} == ' ' || $body{$pos} == "\t" ||
+ $body{$pos} == "\n")
+ $pos ++;
+ while (strlen($tag) < 4 && $body{$pos} != ' ' &&
+ $body{$pos} != "\t" && $body{$pos} != "\n") {
+ $tag .= $body{$pos};
+ $pos ++;
+ }
+ switch( strtoupper( $tag ) ) {
+ // Strips the entire tag and contents
+ case 'APPL':
+ case 'EMBB':
+ case 'FRAM':
+ case 'SCRI':
+ case 'OBJE':
+ $etg = '/' . $tag;
+ while( $body{$i+1}.$body{$i+2}.$body{$i+3}.$body{$i+4}.$body{$i+5} <> $etg &&
+ $i < $j ) $i++;
+ while( $i < $j && $body{++$i} <> '>' );
+ // $ret .= "";
+ break;
+ // Substitute Title
+ case 'TITL':
+ $i += 5;
+ while( $body{$i} <> '>' && //
+ $i < $j )
+ $i++;
+ $i++;
+ $title = '';
+ while( $body{$i} <> '<' && //
+ $i < $j ) {
+ $title .= $body{$i};
+ $i++;
+ }
+ $i += 7;
+ break;
+ // Destroy these tags
+ case 'HTML':
+ case 'HEAD':
+ case '/HTM':
+ case '/HEA':
+ case '!DOC':
+ case 'META':
+ case 'DIV ':
+ case '/DIV':
+ case '!-- ':
+ $i += 4;
+ while( $body{$i} <> '>' &&
+ $i < $j )
+ $i++;
+ // $i++;
+ break;
+ case 'STYL':
+ $i += 5;
+ while( $body{$i} <> '>' && //
+ $i < $j )
+ $i++;
+ $i++;
+ // We parse the style to look for interesting stuff
+ $styleblk = '';
+ while( $body{$i} <> '>' &&
+ $i < $j ) {
+ // First we get the name of the style
+ $style = '';
+ while( $body{$i} <> '>' &&
+ $body{$i} <> '<' &&
+ $body{$i} <> '{' &&
+ $i < $j ) {
+ if( isnoSep( $body{$i} ) )
+ $style .= $body{$i};
+ $i++;
+ }
+ stripComments( $i, $j, $body );
+ $style = strtoupper( trim( $style ) );
+ if( $style == 'BODY' ) {
+ // Next we look into the definitions of the body style
+ while( $body{$i} <> '>' &&
+ $body{$i} <> '}' &&
+ $i < $j ) {
+ // We look for the background color if any.
+ if( substr( $body, $i, 17 ) == 'BACKGROUND-COLOR:' ) {
+ $i += 17;
+ $bgcolor = getStyleData( $i, $j, $body );
+ } elseif ( substr( $body, $i, 12 ) == 'MARGIN-LEFT:' ) {
+ $i += 12;
+ $leftmargin = getStyleData( $i, $j, $body );
+ }
+ $i++;
+ }
+ } else {
+ // Other style are mantained
+ $styleblk .= "$style ";
+ while( $body{$i} <> '>' &&
+ $body{$i} <> '<' &&
+ $body{$i} <> '}' &&
+ $i < $j ) {
+ $styleblk .= $body{$i};
+ $i++;
+ }
+ $styleblk .= $body{$i};
+ }
+ stripComments( $i, $j, $body );
+ if( $body{$i} <> '>' )
+ $i++;
+ }
+ if( $styleblk <> '' )
+ $ret .= " |