From: pdontthink Date: Tue, 15 Mar 2005 06:26:46 +0000 (+0000) Subject: parseUrl was too aggressive; implemented mailto: replacement in magicHTML instead X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=376667f7270c07bb7efb47dfb6bfe9b951b5b76c;p=squirrelmail.git parseUrl was too aggressive; implemented mailto: replacement in magicHTML instead git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@9030 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- diff --git a/functions/mime.php b/functions/mime.php index c13a3668..aaf8c6b9 100644 --- a/functions/mime.php +++ b/functions/mime.php @@ -1846,8 +1846,12 @@ function sq_sanitize($body, * @return a string with html safe to display in the browser. */ function magicHTML($body, $id, $message, $mailbox = 'INBOX') { + + require_once(SM_PATH . 'functions/url_parser.php'); // for $MailTo_PReg_Match + global $attachment_common_show_images, $view_unsafe_images, $has_unsafe_images; + /** * Don't display attached images in HTML mode. */ @@ -1995,8 +1999,56 @@ function magicHTML($body, $id, $message, $mailbox = 'INBOX') { } - // we want to parse mailto's and other URLs in HTML output too - parseUrl($trusted); + // we want to parse mailto's in HTML output, change to SM compose links + // this is a modified version of code from url_parser.php... but Marc is + // right: we need a better filtering implementation; adding this randomly + // here is not a great solution + // + // parseUrl($trusted); // this even parses URLs inside of tags... too aggressive + global $MailTo_PReg_Match; + $MailTo_PReg_Match = '/mailto:' . substr($MailTo_PReg_Match, 1); + if ((preg_match_all($MailTo_PReg_Match, $trusted, $regs)) && ($regs[0][0] != '')) { + foreach ($regs[0] as $i => $mailto_before) { + $mailto_params = $regs[10][$i]; + + // get rid of any tailing quote since we have to add send_to to the end + // + if (substr($mailto_before, strlen($mailto_before) - 1) == '"') + $mailto_before = substr($mailto_before, 0, strlen($mailto_before) - 1); + if (substr($mailto_params, strlen($mailto_params) - 1) == '"') + $mailto_params = substr($mailto_params, 0, strlen($mailto_params) - 1); + + if ($regs[1][$i]) { //if there is an email addr before '?', we need to merge it with the params + $to = 'to=' . $regs[1][$i]; + if (strpos($mailto_params, 'to=') > -1) //already a 'to=' + $mailto_params = str_replace('to=', $to . '%2C%20', $mailto_params); + else { + if ($mailto_params) //already some params, append to them + $mailto_params .= '&' . $to; + else + $mailto_params .= '?' . $to; + } + } + + $url_str = preg_replace(array('/to=/i', '/(?