projects / squirrelmail.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Minor JavaScript fix when multiple select-style edit lists appear on the same page
[squirrelmail.git] / functions / mime.php
CommitLineData
59177427 1<?php
2ba13803 2
35586184 3/**
8bd0068d 4 * mime.php
5 *
8bd0068d 6 * This contains the functions necessary to detect and decode MIME
7 * messages.
8 *
4b5049de 9 * @copyright &copy; 1999-2007 The SquirrelMail Project Team
4b4abf93 10 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
8bd0068d 11 * @version $Id$
12 * @package squirrelmail
13 */
b74ba498 14
202bcbcc 15/**
16 * dependency information
17 functions dependency
18 mime_structure
19 class/mime/Message.class.php
20 Message::parseStructure
21 functions/page_header.php
22 displayPageHeader
23 functions/display_messages.php
24 plain_error_message
25 mime_fetch_body
26 functions/imap_general.php
27 sqimap_run_command
28 mime_print_body_lines
29
30
31
32functions/imap.php
33functions/attachment_common.php
34functions/display_messages.php
35
36magicHtml => url_parser
37translateText => url_parser
38
39*/
40
8beafbbc 41
7c7b74b3 42/* -------------------------------------------------------------------------- */
43/* MIME DECODING */
44/* -------------------------------------------------------------------------- */
b74ba498 45
d6c32258 46/**
8bd0068d 47 * Get the MIME structure
48 *
49 * This function gets the structure of a message and stores it in the "message" class.
50 * It will return this object for use with all relevant header information and
51 * fully parsed into the standard "message" object format.
52 */
a4a70693 53function mime_structure ($bodystructure, $flags=array()) {
c9d78ab4 54
3d8371be 55 /* Isolate the body structure and remove beginning and end parenthesis. */
a4a70693 56 $read = trim(substr ($bodystructure, strpos(strtolower($bodystructure), 'bodystructure') + 13));
451f74a2 57 $read = trim(substr ($read, 0, -1));
22efa9fb 58 $i = 0;
59 $msg = Message::parseStructure($read,$i);
2b665f28 60
9de42168 61 if (!is_object($msg)) {
3d8371be 62 global $color, $mailbox;
a48eba8f 63 displayPageHeader( $color, $mailbox );
5e8de8b6 64 $errormessage = _("SquirrelMail could not decode the bodystructure of the message");
8bd0068d 65 $errormessage .= '<br />'._("The bodystructure provided by your IMAP server:").'<br /><br />';
472e7acb 66 $errormessage .= '<pre>' . htmlspecialchars($read) . '</pre>';
ce8c6f42 67 plain_error_message( $errormessage );
3d8371be 68 echo '</body></html>';
9de42168 69 exit;
70 }
a4a70693 71 if (count($flags)) {
7a9e9c89 72 foreach ($flags as $flag) {
e1115979 73//FIXME: please document why it is we have to check the first char of the flag but we then go ahead and do a full string comparison anyway. Is this a speed enhancement? If not, let's keep it simple and just compare the full string and forget the switch block.
7a9e9c89 74 $char = strtoupper($flag{1});
75 switch ($char) {
3d8371be 76 case 'S':
77 if (strtolower($flag) == '\\seen') {
78 $msg->is_seen = true;
79 }
80 break;
81 case 'A':
82 if (strtolower($flag) == '\\answered') {
83 $msg->is_answered = true;
84 }
85 break;
86 case 'D':
87 if (strtolower($flag) == '\\deleted') {
88 $msg->is_deleted = true;
89 }
90 break;
91 case 'F':
92 if (strtolower($flag) == '\\flagged') {
93 $msg->is_flagged = true;
94 }
95 break;
96 case 'M':
97 if (strtolower($flag) == '$mdnsent') {
98 $msg->is_mdnsent = true;
99 }
100 break;
101 default:
102 break;
7a9e9c89 103 }
104 }
451f74a2 105 }
7a9e9c89 106 // listEntities($msg);
3d8371be 107 return $msg;
451f74a2 108}
b74ba498 109
22efa9fb 110
111
3d8371be 112/* This starts the parsing of a particular structure. It is called recursively,
8bd0068d 113 * so it can be passed different structures. It returns an object of type
114 * $message.
115 * First, it checks to see if it is a multipart message. If it is, then it
116 * handles that as it sees is necessary. If it is just a regular entity,
117 * then it parses it and adds the necessary header information (by calling out
118 * to mime_get_elements()
119 */
451f74a2 120
4d592352 121function mime_fetch_body($imap_stream, $id, $ent_id=1, $fetch_size=0) {
3d8371be 122 /* Do a bit of error correction. If we couldn't find the entity id, just guess
8bd0068d 123 * that it is the first one. That is usually the case anyway.
124 */
7c7b74b3 125
09a4bde3 126 if (!$ent_id) {
08b7f7cc 127 $cmd = "FETCH $id BODY[]";
1035e159 128 } else {
08b7f7cc 129 $cmd = "FETCH $id BODY[$ent_id]";
09a4bde3 130 }
3d8371be 131
4d592352 132 if ($fetch_size!=0) $cmd .= "<0.$fetch_size>";
da2415c1 133
6201339c 134 $data = sqimap_run_command ($imap_stream, $cmd, true, $response, $message, TRUE);
77b88425 135 do {
3d8371be 136 $topline = trim(array_shift($data));
137 } while($topline && ($topline[0] == '*') && !preg_match('/\* [0-9]+ FETCH.*/i', $topline)) ;
a4a70693 138
451f74a2 139 $wholemessage = implode('', $data);
140 if (ereg('\\{([^\\}]*)\\}', $topline, $regs)) {
3d8371be 141 $ret = substr($wholemessage, 0, $regs[1]);
142 /* There is some information in the content info header that could be important
8bd0068d 143 * in order to parse html messages. Let's get them here.
144 */
0600bdf1 145// if ($ret{0} == '<') {
6201339c 146// $data = sqimap_run_command ($imap_stream, "FETCH $id BODY[$ent_id.MIME]", true, $response, $message, TRUE);
0600bdf1 147// }
451f74a2 148 } else if (ereg('"([^"]*)"', $topline, $regs)) {
149 $ret = $regs[1];
06bcb9c3 150 } else if ((stristr($topline, 'nil') !== false) && (empty($wholemessage))) {
151 $ret = $wholemessage;
451f74a2 152 } else {
153 global $where, $what, $mailbox, $passed_id, $startMessage;
3d8371be 154 $par = 'mailbox=' . urlencode($mailbox) . '&amp;passed_id=' . $passed_id;
451f74a2 155 if (isset($where) && isset($what)) {
3d8371be 156 $par .= '&amp;where=' . urlencode($where) . '&amp;what=' . urlencode($what);
a3daaaf3 157 } else {
3d8371be 158 $par .= '&amp;startMessage=' . $startMessage . '&amp;show_more=0';
451f74a2 159 }
e5ea9327 160 $par .= '&amp;response=' . urlencode($response) .
8bd0068d 161 '&amp;message=' . urlencode($message) .
162 '&amp;topline=' . urlencode($topline);
a019eeb8 163
8bd0068d 164 echo '<tt><br />' .
02474e43 165 '<table width="80%"><tr>' .
166 '<tr><td colspan="2">' .
167 _("Body retrieval error. The reason for this is most probably that the message is malformed.") .
168 '</td></tr>' .
169 '<tr><td><b>' . _("Command:") . "</td><td>$cmd</td></tr>" .
170 '<tr><td><b>' . _("Response:") . "</td><td>$response</td></tr>" .
171 '<tr><td><b>' . _("Message:") . "</td><td>$message</td></tr>" .
172 '<tr><td><b>' . _("FETCH line:") . "</td><td>$topline</td></tr>" .
173 "</table><br /></tt></font><hr />";
346817d4 174
6201339c 175 $data = sqimap_run_command ($imap_stream, "FETCH $passed_id BODY[]", true, $response, $message, TRUE);
451f74a2 176 array_shift($data);
177 $wholemessage = implode('', $data);
a019eeb8 178
346817d4 179 $ret = $wholemessage;
a3daaaf3 180 }
3d8371be 181 return $ret;
451f74a2 182}
d4467150 183
6cc670de 184function mime_print_body_lines ($imap_stream, $id, $ent_id=1, $encoding, $rStream='php://stdout') {
1035e159 185
3d8371be 186 /* Don't kill the connection if the browser is over a dialup
8bd0068d 187 * and it would take over 30 seconds to download it.
188 * Don't call set_time_limit in safe mode.
189 */
b7206e1d 190
3d8371be 191 if (!ini_get('safe_mode')) {
b7206e1d 192 set_time_limit(0);
193 }
7c7b74b3 194 /* in case of base64 encoded attachments, do not buffer them.
8bd0068d 195 Instead, echo the decoded attachment directly to screen */
7c7b74b3 196 if (strtolower($encoding) == 'base64') {
197 if (!$ent_id) {
7591f143 198 $query = "FETCH $id BODY[]";
7c7b74b3 199 } else {
7591f143 200 $query = "FETCH $id BODY[$ent_id]";
7c7b74b3 201 }
7591f143 202 sqimap_run_command($imap_stream,$query,true,$response,$message,TRUE,'sqimap_base64_decode',$rStream,true);
1d142b8d 203 } else {
7591f143 204 $body = mime_fetch_body ($imap_stream, $id, $ent_id);
205 if (is_resource($rStream)) {
206 fputs($rStream,decodeBody($body,$encoding));
207 } else {
208 echo decodeBody($body, $encoding);
209 }
1d142b8d 210 }
346817d4 211
da2415c1 212 /*
8bd0068d 213 TODO, use the same method for quoted printable.
214 However, I assume that quoted printable attachments aren't that large
215 so the performancegain / memory usage drop will be minimal.
216 If we decide to add that then we need to adapt sqimap_fread because
217 we need to split te result on \n and fread doesn't stop at \n. That
218 means we also should provide $results from sqimap_fread (by ref) to
219 te function and set $no_return to false. The $filter function for
220 quoted printable should handle unsetting of $results.
221 */
da2415c1 222 /*
8bd0068d 223 TODO 2: find out how we write to the output stream php://stdout. fwrite
224 doesn't work because 'php://stdout isn't a stream.
225 */
7c7b74b3 226
5d9c6f73 227 return;
451f74a2 228}
beb9e459 229
451f74a2 230/* -[ END MIME DECODING ]----------------------------------------------------------- */
d4467150 231
3d8371be 232/* This is here for debugging purposes. It will print out a list
8bd0068d 233 * of all the entity IDs that are in the $message object.
234 */
451f74a2 235function listEntities ($message) {
3d8371be 236 if ($message) {
3c621ba1 237 echo "<tt>" . $message->entity_id . ' : ' . $message->type0 . '/' . $message->type1 . ' parent = '. $message->parent->entity_id. '<br />';
3d8371be 238 for ($i = 0; isset($message->entities[$i]); $i++) {
239 echo "$i : ";
240 $msg = listEntities($message->entities[$i]);
241
242 if ($msg) {
243 echo "return: ";
244 return $msg;
245 }
246 }
a4a70693 247 }
451f74a2 248}
f0c4dc12 249
f792c641 250function getPriorityStr($priority) {
3d8371be 251 $priority_level = substr($priority,0,1);
252
253 switch($priority_level) {
254 /* Check for a higher then normal priority. */
255 case '1':
256 case '2':
257 $priority_string = _("High");
258 break;
259
260 /* Check for a lower then normal priority. */
261 case '4':
262 case '5':
263 $priority_string = _("Low");
264 break;
265
266 /* Check for a normal priority. */
267 case '3':
268 default:
269 $priority_level = '3';
270 $priority_string = _("Normal");
271 break;
272
273 }
274 return $priority_string;
f792c641 275}
276
451f74a2 277/* returns a $message object for a particular entity id */
278function getEntity ($message, $ent_id) {
a4a70693 279 return $message->getEntity($ent_id);
451f74a2 280}
8beafbbc 281
3d8371be 282/* translateText
8bd0068d 283 * Extracted from strings.php 23/03/2002
284 */
da4c66e8 285
286function translateText(&$body, $wrap_at, $charset) {
3d8371be 287 global $where, $what; /* from searching */
288 global $color; /* color theme */
da4c66e8 289
202bcbcc 290 // require_once(SM_PATH . 'functions/url_parser.php');
da4c66e8 291
292 $body_ary = explode("\n", $body);
da4c66e8 293 for ($i=0; $i < count($body_ary); $i++) {
294 $line = $body_ary[$i];
295 if (strlen($line) - 2 >= $wrap_at) {
c7aff938 296 sqWordWrap($line, $wrap_at, $charset);
da4c66e8 297 }
298 $line = charset_decode($charset, $line);
299 $line = str_replace("\t", ' ', $line);
300
301 parseUrl ($line);
302
3d8371be 303 $quotes = 0;
da4c66e8 304 $pos = 0;
3d8371be 305 $j = strlen($line);
da4c66e8 306
3d8371be 307 while ($pos < $j) {
da4c66e8 308 if ($line[$pos] == ' ') {
3d8371be 309 $pos++;
da4c66e8 310 } else if (strpos($line, '&gt;', $pos) === $pos) {
311 $pos += 4;
3d8371be 312 $quotes++;
da4c66e8 313 } else {
314 break;
315 }
316 }
3d8371be 317
83c94382 318 if ($quotes % 2) {
d0814c02 319 $line = '<span class="quote1">' . $line . '</span>';
4c25967c 320 } elseif ($quotes) {
d0814c02 321 $line = '<span class="quote2">' . $line . '</span>';
da4c66e8 322 }
3d8371be 323
da4c66e8 324 $body_ary[$i] = $line;
325 }
326 $body = '<pre>' . implode("\n", $body_ary) . '</pre>';
327}
328
a2bfcbce 329/**
da1b55ad 330 * This returns a parsed string called $body. That string can then
331 * be displayed as the actual message in the HTML. It contains
332 * everything needed, including HTML Tags, Attachments at the
333 * bottom, etc.
f8a1ed5a 334 *
da1b55ad 335 * Since 1.2.0 function uses message_body hook.
336 * Till 1.3.0 function included output of formatAttachments().
337 *
338 * @param resource $imap_stream imap connection resource
339 * @param object $message squirrelmail message object
340 * @param array $color squirrelmail color theme array
341 * @param integer $wrap_at number of characters per line
342 * @param string $ent_num (since 1.3.0) message part id
343 * @param integer $id (since 1.3.0) message id
344 * @param string $mailbox (since 1.3.0) imap folder name
41f701c1 345 * @param boolean $clean (since 1.5.1) Do not output stuff that's irrelevant for the printable version.
da1b55ad 346 * @return string html formated message text
347 */
a2bfcbce 348function formatBody($imap_stream, $message, $color, $wrap_at, $ent_num, $id, $mailbox='INBOX', $clean=FALSE) {
3d8371be 349 /* This if statement checks for the entity to show as the
8bd0068d 350 * primary message. To add more of them, just put them in the
351 * order that is their priority.
352 */
ce68b76b 353 global $startMessage, $languages, $squirrelmail_language,
40a34e57 354 $show_html_default, $sort, $has_unsafe_images, $passed_ent_id,
14c85e39 355 $use_iframe, $iframe_height, $download_and_unsafe_link,
955bfc8f 356 $download_href, $unsafe_image_toggle_href, $unsafe_image_toggle_text,
551c7b53 357 $oTemplate, $nbsp;
2c25d36a 358
359 // workaround for not updated config.php
360 if (! isset($use_iframe)) $use_iframe = false;
77bfbd2e 361
d31f73f1 362 // If there's no "view_unsafe_images" variable in the URL, turn unsafe
363 // images off by default.
afbf184c 364 sqgetGlobalVar('view_unsafe_images', $view_unsafe_images, SQ_GET, FALSE);
d03c24f4 365
cc34b00d 366 $body = '';
23bcec6f 367 $urlmailbox = urlencode($mailbox);
451f74a2 368 $body_message = getEntity($message, $ent_num);
369 if (($body_message->header->type0 == 'text') ||
8bd0068d 370 ($body_message->header->type0 == 'rfc822')) {
3d8371be 371 $body = mime_fetch_body ($imap_stream, $id, $ent_num);
451f74a2 372 $body = decodeBody($body, $body_message->header->encoding);
e842b215 373
374 if (isset($languages[$squirrelmail_language]['XTRA_CODE']) &&
8bd0068d 375 function_exists($languages[$squirrelmail_language]['XTRA_CODE'] . '_decode')) {
e842b215 376 if (mb_detect_encoding($body) != 'ASCII') {
33a55f5a 377 $body = call_user_func($languages[$squirrelmail_language]['XTRA_CODE'] . '_decode',$body);
e842b215 378 }
379 }
d849b570 380
381 /* As of 1.5.2, $body is passed (and modified) by reference */
382 do_hook('message_body', $body);
23bcec6f 383
3d8371be 384 /* If there are other types that shouldn't be formatted, add
8bd0068d 385 * them here.
386 */
3d8371be 387
451f74a2 388 if ($body_message->header->type1 == 'html') {
3d8371be 389 if ($show_html_default <> 1) {
85015544 390 $entity_conv = array('&nbsp;' => ' ',
8bd0068d 391 '<p>' => "\n",
392 '<P>' => "\n",
393 '<br>' => "\n",
394 '<BR>' => "\n",
395 '<br />' => "\n",
396 '<BR />' => "\n",
397 '&gt;' => '>',
398 '&lt;' => '<');
85015544 399 $body = strtr($body, $entity_conv);
3d8371be 400 $body = strip_tags($body);
85015544 401 $body = trim($body);
402 translateText($body, $wrap_at,
8bd0068d 403 $body_message->header->getParameter('charset'));
2c25d36a 404 } elseif ($use_iframe && ! $clean) {
405 // $clean is used to remove iframe in printable view.
406
84410f31 407 /**
408 * If we don't add html message between iframe tags,
409 * we must detect unsafe images and modify $has_unsafe_images.
f8a1ed5a 410 */
758a7889 411 $html_body = magicHTML($body, $id, $message, $mailbox);
b6c52e61 412 // Convert character set in order to display html mails in different character set
413 $html_body = charset_decode($body_message->header->getParameter('charset'),$html_body,false,true);
84410f31 414
2c25d36a 415 // creating iframe url
416 $iframeurl=sqm_baseuri().'src/view_html.php?'
f8a1ed5a 417 . 'mailbox=' . $urlmailbox
2c25d36a 418 . '&amp;passed_id=' . $id
419 . '&amp;ent_id=' . $ent_num
420 . '&amp;view_unsafe_images=' . (int) $view_unsafe_images;
421
79d58d4c 422 global $oTemplate;
423 $oTemplate->assign('iframe_url', $iframeurl);
51554708 424 $oTemplate->assign('iframe_height', $iframe_height);
79d58d4c 425 $oTemplate->assign('html_body', $html_body);
2b665f28 426
79d58d4c 427 $body = $oTemplate->fetch('read_html_iframe.tpl');
a3daaaf3 428 } else {
2c25d36a 429 // old way of html rendering
b6c52e61 430 /**
758a7889 431 * convert character set. charset_decode does not remove html special chars
b6c52e61 432 * applied by magicHTML functions and does not sanitize them second time if
758a7889 433 * fourth argument is true.
434 */
567dc524 435 $charset = $body_message->header->getParameter('charset');
436 if (!empty($charset)) {
437 $body = charset_decode($charset,$body,false,true);
438 }
439 $body = magicHTML($body, $id, $message, $mailbox);
a3daaaf3 440 }
451f74a2 441 } else {
3d8371be 442 translateText($body, $wrap_at,
8bd0068d 443 $body_message->header->getParameter('charset'));
451f74a2 444 }
a2bfcbce 445
446 // if this is the clean display (i.e. printer friendly), stop here.
447 if ( $clean ) {
448 return $body;
449 }
450
9ebace19 451 /*
452 * Previously the links for downloading and unsafe images were printed
453 * under the mail. By putting the links in a global variable we can
454 * print it in the toolbar where it belongs. Since the original code was
455 * in this place it's left here. It might be possible to move it to some
456 * other place if that makes sense. The possibility to do so has not
457 * been evaluated yet.
458 */
459
460 // Initialize the global variable to an empty string.
461 // FIXME: To have $download_and_unsafe_link as a global variable might not be needed since the use of separate variables ($download_href, $unsafe_image_toggle_href, and $unsafe_image_toggle_text) for the templates was introduced.
40a34e57 462 $download_and_unsafe_link = '';
463
9ebace19 464 // Prepare and build a link for downloading the mail.
83cf04bd 465 $link = 'passed_id=' . $id . '&amp;ent_id='.$ent_num.
8bd0068d 466 '&amp;mailbox=' . $urlmailbox .'&amp;sort=' . $sort .
467 '&amp;startMessage=' . $startMessage . '&amp;show_more=0';
08b7f7cc 468 if (isset($passed_ent_id)) {
469 $link .= '&amp;passed_ent_id='.$passed_ent_id;
470 }
14c85e39 471 $download_href = SM_PATH . 'src/download.php?absolute_dl=true&amp;' . $link;
9ebace19 472
473 // Always add the link for downloading the mail as a file to the global
474 // variable.
955bfc8f 475 $download_and_unsafe_link .= "$nbsp|$nbsp"
476 . create_hyperlink($download_href, _("Download this as a file"));
9ebace19 477
478 // Find out the right text to use in the link depending on the
479 // circumstances. If the unsafe images are displayed the link should
480 // hide them, if they aren't displayed the link should only appear if
481 // the mail really contains unsafe images.
7aad7b77 482 if ($view_unsafe_images) {
23f617b8 483 $text = _("Hide Unsafe Images");
7aad7b77 484 } else {
08b7f7cc 485 if (isset($has_unsafe_images) && $has_unsafe_images) {
486 $link .= '&amp;view_unsafe_images=1';
487 $text = _("View Unsafe Images");
488 } else {
489 $text = '';
490 }
3d8371be 491 }
9ebace19 492
493 // Only create a link for unsafe images if there's need for one. If so:
494 // add it to the global variable.
83cf04bd 495 if($text != '') {
14c85e39 496 $unsafe_image_toggle_href = SM_PATH . 'src/read_body.php?'.$link;
497 $unsafe_image_toggle_text = $text;
955bfc8f 498 $download_and_unsafe_link .= "$nbsp|$nbsp"
499 . create_hyperlink($unsafe_image_toggle_href, $text);
83cf04bd 500 }
3d8371be 501 }
502 return $body;
451f74a2 503}
b74ba498 504
da1b55ad 505/**
d67f519a 506 * Generate attachments array for passing to templates. Separated from
507 * formatAttachments() below so that the same array can be given to the
508 * print-friendly version.
2b665f28 509 *
d67f519a 510 * @since 1.5.2
da1b55ad 511 * @param object $message SquirrelMail message object
512 * @param array $exclude_id message parts that are not attachments.
513 * @param string $mailbox mailbox name
514 * @param integer $id message id
da1b55ad 515 */
d67f519a 516function buildAttachmentArray($message, $exclude_id, $mailbox, $id) {
517 global $where, $what, $startMessage, $color, $passed_ent_id, $base_uri;
451f74a2 518
23bcec6f 519 $att_ar = $message->getAttachments($exclude_id);
23bcec6f 520 $urlMailbox = urlencode($mailbox);
521
d67f519a 522 $attachments = array();
23bcec6f 523 foreach ($att_ar as $att) {
fdc9d9b5 524 $ent = $att->entity_id;
2e25760a 525 $header = $att->header;
f0c4dc12 526 $type0 = strtolower($header->type0);
527 $type1 = strtolower($header->type1);
2e25760a 528 $name = '';
d0187bd6 529 $links = array();
21dab2dc 530 $links['download link']['text'] = _("Download");
202bcbcc 531 $links['download link']['href'] = $base_uri .
8bd0068d 532 "src/download.php?absolute_dl=true&amp;passed_id=$id&amp;mailbox=$urlMailbox&amp;ent_id=$ent";
2b665f28 533
2e25760a 534 if ($type0 =='message' && $type1 == 'rfc822') {
202bcbcc 535 $default_page = $base_uri . 'src/read_body.php';
2e25760a 536 $rfc822_header = $att->rfc822_header;
098ea084 537 $filename = $rfc822_header->subject;
6cc08d8b 538 if (trim( $filename ) == '') {
539 $filename = 'untitled-[' . $ent . ']' ;
08b7f7cc 540 }
2e25760a 541 $from_o = $rfc822_header->from;
542 if (is_object($from_o)) {
04ea844e 543 $from_name = decodeHeader($from_o->getAddress(false));
7e697748 544 } elseif (is_array($from_o) && count($from_o) && is_object($from_o[0])) {
545 // something weird happens when a digest message is opened and you return to the digest
546 // now the from object is part of an array. Probably the parseHeader call overwrites the info
547 // retrieved from the bodystructure in a different way. We need to fix this later.
548 // possible starting point, do not fetch header we already have and inspect how
549 // the rfc822_header object behaves.
550 $from_name = decodeHeader($from_o[0]->getAddress(false));
2e25760a 551 } else {
552 $from_name = _("Unknown sender");
f0c4dc12 553 }
d0187bd6 554 $description = _("From").': '.$from_name;
23bcec6f 555 } else {
202bcbcc 556 $default_page = $base_uri . 'src/download.php';
02474e43 557 $filename = $att->getFilename();
f810c0b2 558 if ($header->description) {
098ea084 559 $description = decodeHeader($header->description);
f810c0b2 560 } else {
3d8371be 561 $description = '';
562 }
2e25760a 563 }
564
565 $display_filename = $filename;
3d8371be 566 if (isset($passed_ent_id)) {
567 $passed_ent_id_link = '&amp;passed_ent_id='.$passed_ent_id;
568 } else {
569 $passed_ent_id_link = '';
570 }
571 $defaultlink = $default_page . "?startMessage=$startMessage"
8bd0068d 572 . "&amp;passed_id=$id&amp;mailbox=$urlMailbox"
573 . '&amp;ent_id='.$ent.$passed_ent_id_link;
2e25760a 574 if ($where && $what) {
8bd0068d 575 $defaultlink .= '&amp;where='. urlencode($where).'&amp;what='.urlencode($what);
2e25760a 576 }
7e2ff844 577 // IE does make use of mime content sniffing. Forcing a download
578 // prohibit execution of XSS inside an application/octet-stream attachment
579 if ($type0 == 'application' && $type1 == 'octet-stream') {
580 $defaultlink .= '&amp;absolute_dl=true';
581 }
2b665f28 582
3d8371be 583 /* This executes the attachment hook with a specific MIME-type.
8bd0068d 584 * If that doesn't have results, it tries if there's a rule
9b94c54d 585 * for a more generic type. Finally, a hook for ALL attachment
586 * types is run as well.
8bd0068d 587 */
8dca4d22 588 // First remember the default link.
589 $defaultlink_orig = $defaultlink;
590
d849b570 591 /* The API for this hook has changed as of 1.5.2 so that all plugin
592 arguments are passed in an array instead of each their own plugin
593 argument, and arguments are passed by reference, so instead of
594 returning any changes, changes should simply be made to the original
595 arguments themselves. */
9c3b2d22 596 $temp = array(&$links, &$startMessage, &$id, &$urlMailbox, &$ent,
597 &$defaultlink, &$display_filename, &$where, &$what);
598 do_hook("attachment $type0/$type1", $temp);
8dca4d22 599 if(count($links) <= 1 && $defaultlink == $defaultlink_orig) {
d849b570 600 /* The API for this hook has changed as of 1.5.2 so that all plugin
601 arguments are passed in an array instead of each their own plugin
602 argument, and arguments are passed by reference, so instead of
603 returning any changes, changes should simply be made to the original
604 arguments themselves. */
9c3b2d22 605 $temp = array(&$links, &$startMessage, &$id, &$urlMailbox, &$ent,
606 &$defaultlink, &$display_filename, &$where, &$what);
607 do_hook("attachment $type0/*", $temp);
2e25760a 608 }
d849b570 609 /* The API for this hook has changed as of 1.5.2 so that all plugin
610 arguments are passed in an array instead of each their own plugin
611 argument, and arguments are passed by reference, so instead of
612 returning any changes, changes should simply be made to the original
613 arguments themselves. */
9c3b2d22 614 $temp = array(&$links, &$startMessage, &$id, &$urlMailbox, &$ent,
615 &$defaultlink, &$display_filename, &$where, &$what);
8dca4d22 616 // Do not let a generic plugin change the default link if a more
617 // specialized one already did it...
618 if ($defaultlink != $defaultlink_orig) {
619 $dummy = '';
620 $temp[5] = &$dummy;
621 }
9c3b2d22 622 do_hook("attachment */*", $temp);
77b88425 623
d67f519a 624 $this_attachment = array();
625 $this_attachment['Name'] = decodeHeader($display_filename);
626 $this_attachment['Description'] = $description;
627 $this_attachment['DefaultHREF'] = $defaultlink;
628 $this_attachment['DownloadHREF'] = $links['download link']['href'];
629 $this_attachment['ViewHREF'] = isset($links['attachment_common']) ? $links['attachment_common']['href'] : '';
630 $this_attachment['Size'] = $header->size;
631 $this_attachment['ContentType'] = htmlspecialchars($type0 .'/'. $type1);
632 $this_attachment['OtherLinks'] = array();
3d8371be 633 foreach ($links as $val) {
d0187bd6 634 if ($val['text']==_("Download") || $val['text'] == _("View"))
635 continue;
636 if (empty($val['text']) && empty($val['extra']))
637 continue;
2b665f28 638
d67f519a 639 $temp = array();
640 $temp['HREF'] = $val['href'];
641 $temp['Text'] = (empty($val['text']) ? '' : $val['text']) . (empty($val['extra']) ? '' : $val['extra']);
642 $this_attachment['OtherLinks'][] = $temp;
2e25760a 643 }
d67f519a 644 $attachments[] = $this_attachment;
2b665f28 645
3d8371be 646 unset($links);
2e25760a 647 }
2b665f28 648
d67f519a 649 return $attachments;
650}
651
652/**
653 * Displays attachment links and information
654 *
655 * Since 1.3.0 function is not included in formatBody() call.
656 *
657 * Since 1.0.2 uses attachment $type0/$type1 hook.
658 * Since 1.2.5 uses attachment $type0/* hook.
659 * Since 1.5.0 uses attachments_bottom hook.
660 * Since 1.5.2 uses templates and does *not* return a value.
661 *
662 * @param object $message SquirrelMail message object
663 * @param array $exclude_id message parts that are not attachments.
664 * @param string $mailbox mailbox name
665 * @param integer $id message id
666 */
667function formatAttachments($message, $exclude_id, $mailbox, $id) {
668 global $oTemplate;
2b665f28 669
d67f519a 670 $attach = buildAttachmentArray($message, $exclude_id, $mailbox, $id);
d0187bd6 671
672 $oTemplate->assign('attachments', $attach);
673 $oTemplate->display('read_attachments.tpl');
451f74a2 674}
b74ba498 675
7c7b74b3 676function sqimap_base64_decode(&$string) {
7c0ec1d8 677
b17a8968 678 // Base64 encoded data goes in pairs of 4 bytes. To achieve on the
7c0ec1d8 679 // fly decoding (to reduce memory usage) you have to check if the
680 // data has incomplete pairs
681
b17a8968 682 // Remove the noise in order to check if the 4 bytes pairs are complete
7c0ec1d8 683 $string = str_replace(array("\r\n","\n", "\r", " "),array('','','',''),$string);
684
42ce44f8 685 $sStringRem = '';
7c0ec1d8 686 $iMod = strlen($string) % 4;
687 if ($iMod) {
688 $sStringRem = substr($string,-$iMod);
b17a8968 689 // Check if $sStringRem contains padding characters
7c0ec1d8 690 if (substr($sStringRem,-1) != '=') {
691 $string = substr($string,0,-$iMod);
692 } else {
693 $sStringRem = '';
694 }
695 }
7c7b74b3 696 $string = base64_decode($string);
7c0ec1d8 697 return $sStringRem;
7c7b74b3 698}
699
fdf7cef1 700/**
701 * Decodes encoded message body
702 *
703 * This function decodes the body depending on the encoding type.
704 * Currently quoted-printable and base64 encodings are supported.
705 * decode_body hook was added to this function in 1.4.2/1.5.0
706 * @param string $body encoded message body
707 * @param string $encoding used encoding
708 * @return string decoded string
709 * @since 1.0
710 */
451f74a2 711function decodeBody($body, $encoding) {
83be314a 712
b583c3e8 713 $body = str_replace("\r\n", "\n", $body);
714 $encoding = strtolower($encoding);
3d8371be 715
d849b570 716 $encoding_handler = do_hook('decode_body', $encoding);
5166f86a 717
718
719 // plugins get first shot at decoding the body
720 //
721 if (!empty($encoding_handler) && function_exists($encoding_handler)) {
722 $body = $encoding_handler('decode', $body);
723
fdf7cef1 724 } elseif ($encoding == 'quoted-printable' ||
8bd0068d 725 $encoding == 'quoted_printable') {
fdf7cef1 726 /**
727 * quoted_printable_decode() function is broken in older
728 * php versions. Text with \r\n decoding was fixed only
758a7889 729 * in php 4.3.0. Minimal code requirement 4.0.4 +
fdf7cef1 730 * str_replace("\r\n", "\n", $body); call.
731 */
b583c3e8 732 $body = quoted_printable_decode($body);
fdf7cef1 733 } elseif ($encoding == 'base64') {
b583c3e8 734 $body = base64_decode($body);
735 }
3d8371be 736
b583c3e8 737 // All other encodings are returned raw.
3d8371be 738 return $body;
451f74a2 739}
740
9f7f68c3 741/**
8bd0068d 742 * Decodes headers
743 *
e1115979 744 * This function decodes strings that are encoded according to
8bd0068d 745 * RFC1522 (MIME Part Two: Message Header Extensions for Non-ASCII Text).
746 * Patched by Christian Schmidt <christian@ostenfeld.dk> 23/03/2002
747 *
748 * @param string $string header string that has to be made readable
749 * @param boolean $utfencode change message in order to be readable on user's charset. defaults to true
bcae324b 750 * @param boolean $htmlsafe preserve spaces and sanitize html special characters. defaults to true
8bd0068d 751 * @param boolean $decide decide if string can be utfencoded. defaults to false
752 * @return string decoded header string
753 */
bcae324b 754function decodeHeader ($string, $utfencode=true,$htmlsafe=true,$decide=false) {
d6f584fc 755 global $languages, $squirrelmail_language,$default_charset;
79e07c7e 756 if (is_array($string)) {
757 $string = implode("\n", $string);
758 }
da2415c1 759
10dec454 760 if (isset($languages[$squirrelmail_language]['XTRA_CODE']) &&
8bd0068d 761 function_exists($languages[$squirrelmail_language]['XTRA_CODE'] . '_decodeheader')) {
33a55f5a 762 $string = call_user_func($languages[$squirrelmail_language]['XTRA_CODE'] . '_decodeheader', $string);
08b7f7cc 763 // Do we need to return at this point?
764 // return $string;
83be314a 765 }
79e07c7e 766 $i = 0;
08b7f7cc 767 $iLastMatch = -2;
db65b6b0 768 $encoded = true;
0a06275a 769
098ea084 770 $aString = explode(' ',$string);
08b7f7cc 771 $ret = '';
098ea084 772 foreach ($aString as $chunk) {
358a78a1 773 if ($encoded && $chunk === '') {
08b7f7cc 774 continue;
358a78a1 775 } elseif ($chunk === '') {
08b7f7cc 776 $ret .= ' ';
777 continue;
778 }
098ea084 779 $encoded = false;
08b7f7cc 780 /* if encoded words are not separated by a linear-space-white we still catch them */
781 $j = $i-1;
7e6ca3e8 782
08b7f7cc 783 while ($match = preg_match('/^(.*)=\?([^?]*)\?(Q|B)\?([^?]*)\?=(.*)$/Ui',$chunk,$res)) {
784 /* if the last chunk isn't an encoded string then put back the space, otherwise don't */
785 if ($iLastMatch !== $j) {
bcae324b 786 if ($htmlsafe) {
9f7f68c3 787 $ret .= '&#32;';
08b7f7cc 788 } else {
789 $ret .= ' ';
790 }
791 }
792 $iLastMatch = $i;
793 $j = $i;
bcae324b 794 if ($htmlsafe) {
cb718de0 795 $ret .= htmlspecialchars($res[1]);
796 } else {
797 $ret .= $res[1];
798 }
098ea084 799 $encoding = ucfirst($res[3]);
d6f584fc 800
801 /* decide about valid decoding */
802 if ($decide && is_conversion_safe($res[2])) {
8bd0068d 803 $utfencode=true;
804 $can_be_encoded=true;
d6f584fc 805 } else {
8bd0068d 806 $can_be_encoded=false;
d6f584fc 807 }
098ea084 808 switch ($encoding)
809 {
8bd0068d 810 case 'B':
811 $replace = base64_decode($res[4]);
812 if ($utfencode) {
813 if ($can_be_encoded) {
814 /* convert string to different charset,
815 * if functions asks for it (usually in compose)
816 */
bcae324b 817 $ret .= charset_convert($res[2],$replace,$default_charset,$htmlsafe);
8bd0068d 818 } else {
819 // convert string to html codes in order to display it
820 $ret .= charset_decode($res[2],$replace);
821 }
fab65ca9 822 } else {
bcae324b 823 if ($htmlsafe) {
8bd0068d 824 $replace = htmlspecialchars($replace);
825 }
826 $ret.= $replace;
fab65ca9 827 }
8bd0068d 828 break;
829 case 'Q':
830 $replace = str_replace('_', ' ', $res[4]);
831 $replace = preg_replace('/=([0-9a-f]{2})/ie', 'chr(hexdec("\1"))',
832 $replace);
833 if ($utfencode) {
834 if ($can_be_encoded) {
835 /* convert string to different charset,
836 * if functions asks for it (usually in compose)
837 */
bcae324b 838 $replace = charset_convert($res[2], $replace,$default_charset,$htmlsafe);
8bd0068d 839 } else {
840 // convert string to html codes in order to display it
841 $replace = charset_decode($res[2], $replace);
842 }
843 } else {
bcae324b 844 if ($htmlsafe) {
8bd0068d 845 $replace = htmlspecialchars($replace);
846 }
098ea084 847 }
8bd0068d 848 $ret .= $replace;
849 break;
850 default:
851 break;
79e07c7e 852 }
098ea084 853 $chunk = $res[5];
854 $encoded = true;
08b7f7cc 855 }
856 if (!$encoded) {
bcae324b 857 if ($htmlsafe) {
9f7f68c3 858 $ret .= '&#32;';
08b7f7cc 859 } else {
860 $ret .= ' ';
da2415c1 861 }
08b7f7cc 862 }
dc3d13a7 863
bcae324b 864 if (!$encoded && $htmlsafe) {
dc3d13a7 865 $ret .= htmlspecialchars($chunk);
866 } else {
867 $ret .= $chunk;
868 }
098ea084 869 ++$i;
870 }
fd81e884 871 /* remove the first added space */
872 if ($ret) {
bcae324b 873 if ($htmlsafe) {
9f7f68c3 874 $ret = substr($ret,5);
fd81e884 875 } else {
876 $ret = substr($ret,1);
877 }
878 }
da2415c1 879
08b7f7cc 880 return $ret;
451f74a2 881}
882
9f7f68c3 883/**
a24cf710 884 * Encodes header
8bd0068d 885 *
a24cf710 886 * Function uses XTRA_CODE _encodeheader function, if such function exists.
a24cf710 887 *
758a7889 888 * Function uses Q encoding by default and encodes a string according to RFC
889 * 1522 for use in headers if it contains 8-bit characters or anything that
a24cf710 890 * looks like it should be encoded.
8bd0068d 891 *
758a7889 892 * Function switches to B encoding and encodeHeaderBase64() function, if
893 * string is 8bit and multibyte character set supported by mbstring extension
894 * is used. It can cause E_USER_NOTICE errors, if interface is used with
f270a6eb 895 * multibyte character set unsupported by mbstring extension.
896 *
8bd0068d 897 * @param string $string header string, that has to be encoded
898 * @return string quoted-printable encoded string
f270a6eb 899 * @todo make $mb_charsets system wide constant
8bd0068d 900 */
451f74a2 901function encodeHeader ($string) {
6fbd125b 902 global $default_charset, $languages, $squirrelmail_language;
83be314a 903
10dec454 904 if (isset($languages[$squirrelmail_language]['XTRA_CODE']) &&
8bd0068d 905 function_exists($languages[$squirrelmail_language]['XTRA_CODE'] . '_encodeheader')) {
33a55f5a 906 return call_user_func($languages[$squirrelmail_language]['XTRA_CODE'] . '_encodeheader', $string);
83be314a 907 }
793cc001 908
a24cf710 909 // Use B encoding for multibyte charsets
f270a6eb 910 $mb_charsets = array('utf-8','big5','gb2313','euc-kr');
911 if (in_array($default_charset,$mb_charsets) &&
912 in_array($default_charset,sq_mb_list_encodings()) &&
913 sq_is8bit($string)) {
914 return encodeHeaderBase64($string,$default_charset);
915 } elseif (in_array($default_charset,$mb_charsets) &&
916 sq_is8bit($string) &&
917 ! in_array($default_charset,sq_mb_list_encodings())) {
918 // Add E_USER_NOTICE error here (can cause 'Cannot add header information' warning in compose.php)
919 // trigger_error('encodeHeader: Multibyte character set unsupported by mbstring extension.',E_USER_NOTICE);
920 }
a24cf710 921
451f74a2 922 // Encode only if the string contains 8-bit characters or =?
3d8371be 923 $j = strlen($string);
098ea084 924 $max_l = 75 - strlen($default_charset) - 7;
925 $aRet = array();
451f74a2 926 $ret = '';
c96c32f4 927 $iEncStart = $enc_init = false;
0d53f0f9 928 $cur_l = $iOffset = 0;
3d8371be 929 for($i = 0; $i < $j; ++$i) {
c96c32f4 930 switch($string{$i})
931 {
8bd0068d 932 case '=':
933 case '<':
934 case '>':
935 case ',':
936 case '?':
937 case '_':
938 if ($iEncStart === false) {
939 $iEncStart = $i;
940 }
941 $cur_l+=3;
942 if ($cur_l > ($max_l-2)) {
943 /* if there is an stringpart that doesn't need encoding, add it */
08b7f7cc 944 $aRet[] = substr($string,$iOffset,$iEncStart-$iOffset);
c96c32f4 945 $aRet[] = "=?$default_charset?Q?$ret?=";
946 $iOffset = $i;
947 $cur_l = 0;
948 $ret = '';
949 $iEncStart = false;
08b7f7cc 950 } else {
8bd0068d 951 $ret .= sprintf("=%02X",ord($string{$i}));
c96c32f4 952 }
8bd0068d 953 break;
954 case '(':
955 case ')':
956 if ($iEncStart !== false) {
08b7f7cc 957 $aRet[] = substr($string,$iOffset,$iEncStart-$iOffset);
8bd0068d 958 $aRet[] = "=?$default_charset?Q?$ret?=";
c96c32f4 959 $iOffset = $i;
8bd0068d 960 $cur_l = 0;
961 $ret = '';
962 $iEncStart = false;
c96c32f4 963 }
8bd0068d 964 break;
965 case ' ':
c96c32f4 966 if ($iEncStart !== false) {
098ea084 967 $cur_l++;
968 if ($cur_l > $max_l) {
08b7f7cc 969 $aRet[] = substr($string,$iOffset,$iEncStart-$iOffset);
c96c32f4 970 $aRet[] = "=?$default_charset?Q?$ret?=";
c96c32f4 971 $iOffset = $i;
972 $cur_l = 0;
098ea084 973 $ret = '';
8bd0068d 974 $iEncStart = false;
08b7f7cc 975 } else {
8bd0068d 976 $ret .= '_';
c96c32f4 977 }
3d8371be 978 }
8bd0068d 979 break;
980 default:
981 $k = ord($string{$i});
982 if ($k > 126) {
983 if ($iEncStart === false) {
984 // do not start encoding in the middle of a string, also take the rest of the word.
985 $sLeadString = substr($string,0,$i);
986 $aLeadString = explode(' ',$sLeadString);
987 $sToBeEncoded = array_pop($aLeadString);
988 $iEncStart = $i - strlen($sToBeEncoded);
989 $ret .= $sToBeEncoded;
990 $cur_l += strlen($sToBeEncoded);
991 }
992 $cur_l += 3;
993 /* first we add the encoded string that reached it's max size */
994 if ($cur_l > ($max_l-2)) {
995 $aRet[] = substr($string,$iOffset,$iEncStart-$iOffset);
996 $aRet[] = "=?$default_charset?Q?$ret?= "; /* the next part is also encoded => separate by space */
997 $cur_l = 3;
998 $ret = '';
999 $iOffset = $i;
1000 $iEncStart = $i;
1001 }
1002 $enc_init = true;
1003 $ret .= sprintf("=%02X", $k);
1004 } else {
1005 if ($iEncStart !== false) {
1006 $cur_l++;
1007 if ($cur_l > $max_l) {
1008 $aRet[] = substr($string,$iOffset,$iEncStart-$iOffset);
1009 $aRet[] = "=?$default_charset?Q?$ret?=";
1010 $iEncStart = false;
1011 $iOffset = $i;
1012 $cur_l = 0;
1013 $ret = '';
1014 } else {
1015 $ret .= $string{$i};
1016 }
1017 }
1018 }
1019 break;
f7b3ba37 1020 }
451f74a2 1021 }
793cc001 1022
c96c32f4 1023 if ($enc_init) {
1024 if ($iEncStart !== false) {
1025 $aRet[] = substr($string,$iOffset,$iEncStart-$iOffset);
1026 $aRet[] = "=?$default_charset?Q?$ret?=";
1027 } else {
1028 $aRet[] = substr($string,$iOffset);
1029 }
1030 $string = implode('',$aRet);
451f74a2 1031 }
3d8371be 1032 return $string;
451f74a2 1033}
b74ba498 1034
f270a6eb 1035/**
1036 * Encodes string according to rfc2047 B encoding header formating rules
1037 *
758a7889 1038 * It is recommended way to encode headers with character sets that store
f270a6eb 1039 * symbols in more than one byte.
1040 *
1041 * Function requires mbstring support. If required mbstring functions are missing,
1042 * function returns false and sets E_USER_WARNING level error message.
1043 *
758a7889 1044 * Minimal requirements - php 4.0.6 with mbstring extension. Please note,
1045 * that mbstring functions will generate E_WARNING errors, if unsupported
f270a6eb 1046 * character set is used. mb_encode_mimeheader function provided by php
1047 * mbstring extension is not used in order to get better control of header
1048 * encoding.
1049 *
758a7889 1050 * Used php code functions - function_exists(), trigger_error(), strlen()
1051 * (is used with charset names and base64 strings). Used php mbstring
f270a6eb 1052 * functions - mb_strlen and mb_substr.
1053 *
758a7889 1054 * Related documents: rfc 2045 (BASE64 encoding), rfc 2047 (mime header
f270a6eb 1055 * encoding), rfc 2822 (header folding)
1056 *
1057 * @param string $string header string that must be encoded
758a7889 1058 * @param string $charset character set. Must be supported by mbstring extension.
f270a6eb 1059 * Use sq_mb_list_encodings() to detect supported charsets.
1060 * @return string string encoded according to rfc2047 B encoding formating rules
1061 * @since 1.5.1
1062 * @todo First header line can be wrapped to $iMaxLength - $HeaderFieldLength - 1
1063 * @todo Do we want to control max length of header?
1064 * @todo Do we want to control EOL (end-of-line) marker?
1065 * @todo Do we want to translate error message?
1066 */
1067function encodeHeaderBase64($string,$charset) {
1068 /**
1069 * Check mbstring function requirements.
1070 */
1071 if (! function_exists('mb_strlen') ||
1072 ! function_exists('mb_substr')) {
1073 // set E_USER_WARNING
1074 trigger_error('encodeHeaderBase64: Required mbstring functions are missing.',E_USER_WARNING);
1075 // return false
1076 return false;
1077 }
1078
1079 // initial return array
1080 $aRet = array();
1081
1082 /**
1083 * header length = 75 symbols max (same as in encodeHeader)
1084 * remove $charset length
1085 * remove =? ? ?= (5 chars)
1086 * remove 2 more chars (\r\n ?)
1087 */
1088 $iMaxLength = 75 - strlen($charset) - 7;
1089
1090 // set first character position
1091 $iStartCharNum = 0;
1092
1093 // loop through all characters. count characters and not bytes.
1094 for ($iCharNum=1; $iCharNum<=mb_strlen($string,$charset); $iCharNum++) {
1095 // encode string from starting character to current character.
1096 $encoded_string = base64_encode(mb_substr($string,$iStartCharNum,$iCharNum-$iStartCharNum,$charset));
1097
1098 // Check encoded string length
1099 if(strlen($encoded_string)>$iMaxLength) {
1100 // if string exceeds max length, reduce number of encoded characters and add encoded string part to array
1101 $aRet[] = base64_encode(mb_substr($string,$iStartCharNum,$iCharNum-$iStartCharNum-1,$charset));
1102
1103 // set new starting character
1104 $iStartCharNum = $iCharNum-1;
1105
1106 // encode last char (in case it is last character in string)
1107 $encoded_string = base64_encode(mb_substr($string,$iStartCharNum,$iCharNum-$iStartCharNum,$charset));
1108 } // if string is shorter than max length - add next character
1109 }
1110
1111 // add last encoded string to array
1112 $aRet[] = $encoded_string;
1113
1114 // set initial return string
1115 $sRet = '';
1116
1117 // loop through encoded strings
1118 foreach($aRet as $string) {
1119 // TODO: Do we want to control EOL (end-of-line) marker
1120 if ($sRet!='') $sRet.= " ";
1121
1122 // add header tags and encoded string to return string
1123 $sRet.= '=?'.$charset.'?B?'.$string.'?=';
1124 }
1125
1126 return $sRet;
1127}
1128
691a2d25 1129/* This function trys to locate the entity_id of a specific mime element */
3d8371be 1130function find_ent_id($id, $message) {
a171b359 1131 for ($i = 0, $ret = ''; $ret == '' && $i < count($message->entities); $i++) {
1132 if ($message->entities[$i]->header->type0 == 'multipart') {
3d8371be 1133 $ret = find_ent_id($id, $message->entities[$i]);
451f74a2 1134 } else {
3d8371be 1135 if (strcasecmp($message->entities[$i]->header->id, $id) == 0) {
d8cffbab 1136// if (sq_check_save_extension($message->entities[$i])) {
8bd0068d 1137 return $message->entities[$i]->entity_id;
da2415c1 1138// }
c8f5f606 1139 } elseif (!empty($message->entities[$i]->header->parameters['name'])) {
1140 /**
1141 * This is part of a fix for Outlook Express 6.x generating
1142 * cid URLs without creating content-id headers
1143 * @@JA - 20050207
1144 */
1145 if (strcasecmp($message->entities[$i]->header->parameters['name'], $id) == 0) {
1146 return $message->entities[$i]->entity_id;
1147 }
3d8371be 1148 }
a3daaaf3 1149 }
451f74a2 1150 }
3d8371be 1151 return $ret;
451f74a2 1152}
a3daaaf3 1153
e5e9381a 1154function sq_check_save_extension($message) {
1155 $filename = $message->getFilename();
1156 $ext = substr($filename, strrpos($filename,'.')+1);
1157 $save_extensions = array('jpg','jpeg','gif','png','bmp');
3d8371be 1158 return in_array($ext, $save_extensions);
e5e9381a 1159}
1160
1161
691a2d25 1162/**
8bd0068d 1163 ** HTMLFILTER ROUTINES
1164 */
451f74a2 1165
2dd879b8 1166/**
0493ed11 1167 * This function checks attribute values for entity-encoded values
1168 * and returns them translated into 8-bit strings so we can run
1169 * checks on them.
8bd0068d 1170 *
0493ed11 1171 * @param $attvalue A string to run entity check against.
1172 * @return Nothing, modifies a reference value.
8bd0068d 1173 */
0493ed11 1174function sq_defang(&$attvalue){
1175 $me = 'sq_defang';
2dd879b8 1176 /**
0493ed11 1177 * Skip this if there aren't ampersands or backslashes.
8bd0068d 1178 */
0493ed11 1179 if (strpos($attvalue, '&') === false
1180 && strpos($attvalue, '\\') === false){
1181 return;
2dd879b8 1182 }
0493ed11 1183 $m = false;
2b665f28 1184 // before deent, translate the dangerous unicode characters and ... to safe values
1185 // otherwise the regular expressions do not match.
1186
1187
1188
0493ed11 1189 do {
1190 $m = false;
1191 $m = $m || sq_deent($attvalue, '/\&#0*(\d+);*/s');
1192 $m = $m || sq_deent($attvalue, '/\&#x0*((\d|[a-f])+);*/si', true);
1193 $m = $m || sq_deent($attvalue, '/\\\\(\d+)/s', true);
1194 } while ($m == true);
1195 $attvalue = stripslashes($attvalue);
2dd879b8 1196}
1197
1198/**
8bd0068d 1199 * Kill any tabs, newlines, or carriage returns. Our friends the
1200 * makers of the browser with 95% market value decided that it'd
1201 * be funny to make "java[tab]script" be just as good as "javascript".
1202 *
1203 * @param attvalue The attribute value before extraneous spaces removed.
0493ed11 1204 * @return attvalue Nothing, modifies a reference value.
8bd0068d 1205 */
0493ed11 1206function sq_unspace(&$attvalue){
1207 $me = 'sq_unspace';
1208 if (strcspn($attvalue, "\t\r\n\0 ") != strlen($attvalue)){
1209 $attvalue = str_replace(Array("\t", "\r", "\n", "\0", " "),
1210 Array('', '', '', '', ''), $attvalue);
2dd879b8 1211 }
2dd879b8 1212}
1213
2b665f28 1214/**
88de4926 1215 * Translate all dangerous Unicode or Shift_JIS characters which are accepted by
2b665f28 1216 * IE as regular characters.
1217 *
1218 * @param attvalue The attribute value before dangerous characters are translated.
1219 * @return attvalue Nothing, modifies a reference value.
1220 * @author Marc Groot Koerkamp.
1221 */
1222function sq_fixIE_idiocy(&$attvalue) {
1223 // remove NUL
1224 $attvalue = str_replace("\0", "", $attvalue);
1225 // remove comments
1226 $attvalue = preg_replace("/(\/\*.*?\*\/)/","",$attvalue);
1227
88de4926 1228 // IE has the evil habit of accepting every possible value for the attribute expression.
1229 // The table below contains characters which are parsed by IE if they are used in the "expression"
2b665f28 1230 // attribute value.
1231 $aDangerousCharsReplacementTable = array(
1232 array('&#x029F;', '&#0671;' ,/* L UNICODE IPA Extension */
1233 '&#x0280;', '&#0640;' ,/* R UNICODE IPA Extension */
1234 '&#x0274;', '&#0628;' ,/* N UNICODE IPA Extension */
567dc524 1235 '&#xFF25;', '&#65317;' ,/* Unicode FULLWIDTH LATIN CAPITAL LETTER E */
1236 '&#xFF45;', '&#65349;' ,/* Unicode FULLWIDTH LATIN SMALL LETTER E */
2b665f28 1237 '&#xFF38;', '&#65336;',/* Unicode FULLWIDTH LATIN CAPITAL LETTER X */
1238 '&#xFF58;', '&#65368;',/* Unicode FULLWIDTH LATIN SMALL LETTER X */
1239 '&#xFF30;', '&#65328;',/* Unicode FULLWIDTH LATIN CAPITAL LETTER P */
1240 '&#xFF50;', '&#65360;',/* Unicode FULLWIDTH LATIN SMALL LETTER P */
1241 '&#xFF32;', '&#65330;',/* Unicode FULLWIDTH LATIN CAPITAL LETTER R */
1242 '&#xFF52;', '&#65362;',/* Unicode FULLWIDTH LATIN SMALL LETTER R */
1243 '&#xFF33;', '&#65331;',/* Unicode FULLWIDTH LATIN CAPITAL LETTER S */
1244 '&#xFF53;', '&#65363;',/* Unicode FULLWIDTH LATIN SMALL LETTER S */
1245 '&#xFF29;', '&#65321;',/* Unicode FULLWIDTH LATIN CAPITAL LETTER I */
1246 '&#xFF49;', '&#65353;',/* Unicode FULLWIDTH LATIN SMALL LETTER I */
1247 '&#xFF2F;', '&#65327;',/* Unicode FULLWIDTH LATIN CAPITAL LETTER O */
1248 '&#xFF4F;', '&#65359;',/* Unicode FULLWIDTH LATIN SMALL LETTER O */
1249 '&#xFF2E;', '&#65326;',/* Unicode FULLWIDTH LATIN CAPITAL LETTER N */
1250 '&#xFF4E;', '&#65358;',/* Unicode FULLWIDTH LATIN SMALL LETTER N */
1251 '&#xFF2C;', '&#65324;',/* Unicode FULLWIDTH LATIN CAPITAL LETTER L */
1252 '&#xFF4C;', '&#65356;',/* Unicode FULLWIDTH LATIN SMALL LETTER L */
1253 '&#xFF35;', '&#65333;',/* Unicode FULLWIDTH LATIN CAPITAL LETTER U */
1254 '&#xFF55;', '&#65365;',/* Unicode FULLWIDTH LATIN SMALL LETTER U */
1255 '&#x207F;', '&#8319;' ,/* Unicode SUPERSCRIPT LATIN SMALL LETTER N */
567dc524 1256 "\xEF\xBC\xA5", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER E */ // in unicode this is some Chinese char range
1257 "\xEF\xBD\x85", /* Shift JIS FULLWIDTH LATIN SMALL LETTER E */
1258 "\xEF\xBC\xB8", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER X */
1259 "\xEF\xBD\x98", /* Shift JIS FULLWIDTH LATIN SMALL LETTER X */
1260 "\xEF\xBC\xB0", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER P */
1261 "\xEF\xBD\x90", /* Shift JIS FULLWIDTH LATIN SMALL LETTER P */
1262 "\xEF\xBC\xB2", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER R */
1263 "\xEF\xBD\x92", /* Shift JIS FULLWIDTH LATIN SMALL LETTER R */
1264 "\xEF\xBC\xB3", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER S */
1265 "\xEF\xBD\x93", /* Shift JIS FULLWIDTH LATIN SMALL LETTER S */
1266 "\xEF\xBC\xA9", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER I */
1267 "\xEF\xBD\x89", /* Shift JIS FULLWIDTH LATIN SMALL LETTER I */
1268 "\xEF\xBC\xAF", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER O */
1269 "\xEF\xBD\x8F", /* Shift JIS FULLWIDTH LATIN SMALL LETTER O */
1270 "\xEF\xBC\xAE", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER N */
1271 "\xEF\xBD\x8E", /* Shift JIS FULLWIDTH LATIN SMALL LETTER N */
1272 "\xEF\xBC\xAC", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER L */
1273 "\xEF\xBD\x8C", /* Shift JIS FULLWIDTH LATIN SMALL LETTER L */
1274 "\xEF\xBC\xB5", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER U */
1275 "\xEF\xBD\x95", /* Shift JIS FULLWIDTH LATIN SMALL LETTER U */
1276 "\xE2\x81\xBF", /* Shift JIS FULLWIDTH SUPERSCRIPT N */
1277 "\xCA\x9F", /* L UNICODE IPA Extension */
1278 "\xCA\x80", /* R UNICODE IPA Extension */
1279 "\xC9\xB4"), /* N UNICODE IPA Extension */
2b665f28 1280 array('l', 'l', 'r','r','n','n',
567dc524 1281 'E','E','e','e','X','X','x','x','P','P','p','p','R','R','r','r','S','S','s','s','I','I',
1282 'i','i','O','O','o','o','N','N','n','n','L','L','l','l','U','U','u','u','n','n',
1283 'E','e','X','x','P','p','R','r','S','s','I','i','O','o','N','n','L','l','U','u','n','l','r','n'));
2b665f28 1284 $attvalue = str_replace($aDangerousCharsReplacementTable[0],$aDangerousCharsReplacementTable[1],$attvalue);
1285
88de4926 1286 // Escapes are useful for special characters like "{}[]()'&. In other cases they are
1287 // used for XSS.
2b665f28 1288 $attvalue = preg_replace("/(\\\\)([a-zA-Z]{1})/",'$2',$attvalue);
1289}
1290
691a2d25 1291/**
8bd0068d 1292 * This function returns the final tag out of the tag name, an array
1293 * of attributes, and the type of the tag. This function is called by
1294 * sq_sanitize internally.
1295 *
1296 * @param $tagname the name of the tag.
1297 * @param $attary the array of attributes and their values
1298 * @param $tagtype The type of the tag (see in comments).
1299 * @return a string with the final tag representation.
1300 */
691a2d25 1301function sq_tagprint($tagname, $attary, $tagtype){
b583c3e8 1302 $me = 'sq_tagprint';
3d8371be 1303
691a2d25 1304 if ($tagtype == 2){
1305 $fulltag = '</' . $tagname . '>';
1306 } else {
1307 $fulltag = '<' . $tagname;
1308 if (is_array($attary) && sizeof($attary)){
1309 $atts = Array();
1310 while (list($attname, $attvalue) = each($attary)){
1311 array_push($atts, "$attname=$attvalue");
1312 }
1313 $fulltag .= ' ' . join(" ", $atts);
1314 }
1315 if ($tagtype == 3){
b583c3e8 1316 $fulltag .= ' /';
691a2d25 1317 }
b583c3e8 1318 $fulltag .= '>';
451f74a2 1319 }
691a2d25 1320 return $fulltag;
451f74a2 1321}
a3daaaf3 1322
691a2d25 1323/**
8bd0068d 1324 * A small helper function to use with array_walk. Modifies a by-ref
1325 * value and makes it lowercase.
1326 *
1327 * @param $val a value passed by-ref.
1328 * @return void since it modifies a by-ref value.
1329 */
691a2d25 1330function sq_casenormalize(&$val){
1331 $val = strtolower($val);
1332}
451f74a2 1333
691a2d25 1334/**
8bd0068d 1335 * This function skips any whitespace from the current position within
1336 * a string and to the next non-whitespace value.
1337 *
1338 * @param $body the string
1339 * @param $offset the offset within the string where we should start
1340 * looking for the next non-whitespace character.
1341 * @return the location within the $body where the next
1342 * non-whitespace char is located.
1343 */
691a2d25 1344function sq_skipspace($body, $offset){
b583c3e8 1345 $me = 'sq_skipspace';
3d8371be 1346 preg_match('/^(\s*)/s', substr($body, $offset), $matches);
691a2d25 1347 if (sizeof($matches{1})){
1348 $count = strlen($matches{1});
1349 $offset += $count;
451f74a2 1350 }
691a2d25 1351 return $offset;
451f74a2 1352}
a3daaaf3 1353
691a2d25 1354/**
8bd0068d 1355 * This function looks for the next character within a string. It's
1356 * really just a glorified "strpos", except it catches if failures
1357 * nicely.
1358 *
1359 * @param $body The string to look for needle in.
1360 * @param $offset Start looking from this position.
1361 * @param $needle The character/string to look for.
1362 * @return location of the next occurance of the needle, or
1363 * strlen($body) if needle wasn't found.
1364 */
691a2d25 1365function sq_findnxstr($body, $offset, $needle){
3d8371be 1366 $me = 'sq_findnxstr';
691a2d25 1367 $pos = strpos($body, $needle, $offset);
1368 if ($pos === FALSE){
1369 $pos = strlen($body);
451f74a2 1370 }
691a2d25 1371 return $pos;
451f74a2 1372}
a3daaaf3 1373
691a2d25 1374/**
8bd0068d 1375 * This function takes a PCRE-style regexp and tries to match it
1376 * within the string.
1377 *
1378 * @param $body The string to look for needle in.
1379 * @param $offset Start looking from here.
1380 * @param $reg A PCRE-style regex to match.
1381 * @return Returns a false if no matches found, or an array
1382 * with the following members:
1383 * - integer with the location of the match within $body
1384 * - string with whatever content between offset and the match
1385 * - string with whatever it is we matched
1386 */
691a2d25 1387function sq_findnxreg($body, $offset, $reg){
b583c3e8 1388 $me = 'sq_findnxreg';
691a2d25 1389 $matches = Array();
1390 $retarr = Array();
7d06541f 1391 preg_match("%^(.*?)($reg)%si", substr($body, $offset), $matches);
1392 if (!isset($matches{0}) || !$matches{0}){
691a2d25 1393 $retarr = false;
1394 } else {
1395 $retarr{0} = $offset + strlen($matches{1});
1396 $retarr{1} = $matches{1};
1397 $retarr{2} = $matches{2};
1398 }
1399 return $retarr;
1400}
a3daaaf3 1401
691a2d25 1402/**
8bd0068d 1403 * This function looks for the next tag.
1404 *
1405 * @param $body String where to look for the next tag.
1406 * @param $offset Start looking from here.
1407 * @return false if no more tags exist in the body, or
1408 * an array with the following members:
1409 * - string with the name of the tag
1410 * - array with attributes and their values
1411 * - integer with tag type (1, 2, or 3)
1412 * - integer where the tag starts (starting "<")
1413 * - integer where the tag ends (ending ">")
1414 * first three members will be false, if the tag is invalid.
1415 */
691a2d25 1416function sq_getnxtag($body, $offset){
b583c3e8 1417 $me = 'sq_getnxtag';
691a2d25 1418 if ($offset > strlen($body)){
1419 return false;
1420 }
1421 $lt = sq_findnxstr($body, $offset, "<");
1422 if ($lt == strlen($body)){
1423 return false;
1424 }
1425 /**
8bd0068d 1426 * We are here:
1427 * blah blah <tag attribute="value">
1428 * \---------^
1429 */
691a2d25 1430 $pos = sq_skipspace($body, $lt+1);
1431 if ($pos >= strlen($body)){
1432 return Array(false, false, false, $lt, strlen($body));
1433 }
1434 /**
8bd0068d 1435 * There are 3 kinds of tags:
1436 * 1. Opening tag, e.g.:
1437 * <a href="blah">
1438 * 2. Closing tag, e.g.:
1439 * </a>
1440 * 3. XHTML-style content-less tag, e.g.:
1441 * <img src="blah" />
1442 */
691a2d25 1443 $tagtype = false;
1444 switch (substr($body, $pos, 1)){
3d8371be 1445 case '/':
1446 $tagtype = 2;
1447 $pos++;
1448 break;
1449 case '!':
1450 /**
8bd0068d 1451 * A comment or an SGML declaration.
1452 */
3d8371be 1453 if (substr($body, $pos+1, 2) == "--"){
1454 $gt = strpos($body, "-->", $pos);
1455 if ($gt === false){
1456 $gt = strlen($body);
1457 } else {
1458 $gt += 2;
1459 }
1460 return Array(false, false, false, $lt, $gt);
bb8d0799 1461 } else {
3d8371be 1462 $gt = sq_findnxstr($body, $pos, ">");
1463 return Array(false, false, false, $lt, $gt);
1464 }
1465 break;
1466 default:
1467 /**
8bd0068d 1468 * Assume tagtype 1 for now. If it's type 3, we'll switch values
1469 * later.
1470 */
3d8371be 1471 $tagtype = 1;
1472 break;
691a2d25 1473 }
a3daaaf3 1474
0493ed11 1475 $tag_start = $pos;
691a2d25 1476 $tagname = '';
1477 /**
8bd0068d 1478 * Look for next [\W-_], which will indicate the end of the tag name.
1479 */
691a2d25 1480 $regary = sq_findnxreg($body, $pos, "[^\w\-_]");
1481 if ($regary == false){
1482 return Array(false, false, false, $lt, strlen($body));
1483 }
1484 list($pos, $tagname, $match) = $regary;
1485 $tagname = strtolower($tagname);
1486
1487 /**
8bd0068d 1488 * $match can be either of these:
1489 * '>' indicating the end of the tag entirely.
1490 * '\s' indicating the end of the tag name.
1491 * '/' indicating that this is type-3 xhtml tag.
1492 *
1493 * Whatever else we find there indicates an invalid tag.
1494 */
691a2d25 1495 switch ($match){
3d8371be 1496 case '/':
691a2d25 1497 /**
8bd0068d 1498 * This is an xhtml-style tag with a closing / at the
1499 * end, like so: <img src="blah" />. Check if it's followed
1500 * by the closing bracket. If not, then this tag is invalid
1501 */
3d8371be 1502 if (substr($body, $pos, 2) == "/>"){
1503 $pos++;
1504 $tagtype = 3;
1505 } else {
1506 $gt = sq_findnxstr($body, $pos, ">");
1507 $retary = Array(false, false, false, $lt, $gt);
1508 return $retary;
1509 }
1510 case '>':
1511 return Array($tagname, false, $tagtype, $lt, $pos);
1512 break;
1513 default:
1514 /**
8bd0068d 1515 * Check if it's whitespace
1516 */
3d8371be 1517 if (!preg_match('/\s/', $match)){
1518 /**
8bd0068d 1519 * This is an invalid tag! Look for the next closing ">".
1520 */
7d06541f 1521 $gt = sq_findnxstr($body, $lt, ">");
3d8371be 1522 return Array(false, false, false, $lt, $gt);
1523 }
1524 break;
691a2d25 1525 }
3d8371be 1526
691a2d25 1527 /**
8bd0068d 1528 * At this point we're here:
1529 * <tagname attribute='blah'>
1530 * \-------^
1531 *
1532 * At this point we loop in order to find all attributes.
1533 */
691a2d25 1534 $attname = '';
0493ed11 1535 $atttype = false;
691a2d25 1536 $attary = Array();
1537
1538 while ($pos <= strlen($body)){
1539 $pos = sq_skipspace($body, $pos);
1540 if ($pos == strlen($body)){
1541 /**
8bd0068d 1542 * Non-closed tag.
1543 */
691a2d25 1544 return Array(false, false, false, $lt, $pos);
1545 }
1546 /**
8bd0068d 1547 * See if we arrived at a ">" or "/>", which means that we reached
1548 * the end of the tag.
1549 */
691a2d25 1550 $matches = Array();
164800ad 1551 if (preg_match("%^(\s*)(>|/>)%s", substr($body, $pos), $matches)) {
c828931c 1552 /**
8bd0068d 1553 * Yep. So we did.
1554 */
c828931c 1555 $pos += strlen($matches{1});
1556 if ($matches{2} == "/>"){
1557 $tagtype = 3;
1558 $pos++;
1559 }
1560 return Array($tagname, $attary, $tagtype, $lt, $pos);
1561 }
a3daaaf3 1562
cca46357 1563 /**
8bd0068d 1564 * There are several types of attributes, with optional
1565 * [:space:] between members.
1566 * Type 1:
1567 * attrname[:space:]=[:space:]'CDATA'
1568 * Type 2:
1569 * attrname[:space:]=[:space:]"CDATA"
1570 * Type 3:
1571 * attr[:space:]=[:space:]CDATA
1572 * Type 4:
1573 * attrname
1574 *
1575 * We leave types 1 and 2 the same, type 3 we check for
1576 * '"' and convert to "&quot" if needed, then wrap in
1577 * double quotes. Type 4 we convert into:
1578 * attrname="yes".
1579 */
3f7c623f 1580 $regary = sq_findnxreg($body, $pos, "[^:\w\-_]");
691a2d25 1581 if ($regary == false){
1582 /**
8bd0068d 1583 * Looks like body ended before the end of tag.
1584 */
691a2d25 1585 return Array(false, false, false, $lt, strlen($body));
cca46357 1586 }
691a2d25 1587 list($pos, $attname, $match) = $regary;
1588 $attname = strtolower($attname);
1589 /**
8bd0068d 1590 * We arrived at the end of attribute name. Several things possible
1591 * here:
1592 * '>' means the end of the tag and this is attribute type 4
1593 * '/' if followed by '>' means the same thing as above
1594 * '\s' means a lot of things -- look what it's followed by.
1595 * anything else means the attribute is invalid.
1596 */
691a2d25 1597 switch($match){
3d8371be 1598 case '/':
691a2d25 1599 /**
8bd0068d 1600 * This is an xhtml-style tag with a closing / at the
1601 * end, like so: <img src="blah" />. Check if it's followed
1602 * by the closing bracket. If not, then this tag is invalid
1603 */
3d8371be 1604 if (substr($body, $pos, 2) == "/>"){
691a2d25 1605 $pos++;
3d8371be 1606 $tagtype = 3;
691a2d25 1607 } else {
3d8371be 1608 $gt = sq_findnxstr($body, $pos, ">");
1609 $retary = Array(false, false, false, $lt, $gt);
1610 return $retary;
1611 }
1612 case '>':
1613 $attary{$attname} = '"yes"';
1614 return Array($tagname, $attary, $tagtype, $lt, $pos);
1615 break;
1616 default:
1617 /**
8bd0068d 1618 * Skip whitespace and see what we arrive at.
1619 */
3d8371be 1620 $pos = sq_skipspace($body, $pos);
1621 $char = substr($body, $pos, 1);
1622 /**
8bd0068d 1623 * Two things are valid here:
1624 * '=' means this is attribute type 1 2 or 3.
1625 * \w means this was attribute type 4.
1626 * anything else we ignore and re-loop. End of tag and
1627 * invalid stuff will be caught by our checks at the beginning
1628 * of the loop.
1629 */
3d8371be 1630 if ($char == "="){
1631 $pos++;
1632 $pos = sq_skipspace($body, $pos);
691a2d25 1633 /**
8bd0068d 1634 * Here are 3 possibilities:
1635 * "'" attribute type 1
1636 * '"' attribute type 2
1637 * everything else is the content of tag type 3
1638 */
3d8371be 1639 $quot = substr($body, $pos, 1);
1640 if ($quot == "'"){
1641 $regary = sq_findnxreg($body, $pos+1, "\'");
1642 if ($regary == false){
1643 return Array(false, false, false, $lt, strlen($body));
1644 }
1645 list($pos, $attval, $match) = $regary;
1646 $pos++;
1647 $attary{$attname} = "'" . $attval . "'";
1648 } else if ($quot == '"'){
1649 $regary = sq_findnxreg($body, $pos+1, '\"');
1650 if ($regary == false){
1651 return Array(false, false, false, $lt, strlen($body));
1652 }
1653 list($pos, $attval, $match) = $regary;
1654 $pos++;
1655 $attary{$attname} = '"' . $attval . '"';
1656 } else {
1657 /**
8bd0068d 1658 * These are hateful. Look for \s, or >.
1659 */
3d8371be 1660 $regary = sq_findnxreg($body, $pos, "[\s>]");
1661 if ($regary == false){
1662 return Array(false, false, false, $lt, strlen($body));
1663 }
1664 list($pos, $attval, $match) = $regary;
1665 /**
8bd0068d 1666 * If it's ">" it will be caught at the top.
1667 */
3d8371be 1668 $attval = preg_replace("/\"/s", "&quot;", $attval);
1669 $attary{$attname} = '"' . $attval . '"';
7e235a1a 1670 }
3d8371be 1671 } else if (preg_match("|[\w/>]|", $char)) {
691a2d25 1672 /**
8bd0068d 1673 * That was attribute type 4.
1674 */
3d8371be 1675 $attary{$attname} = '"yes"';
1676 } else {
1677 /**
8bd0068d 1678 * An illegal character. Find next '>' and return.
1679 */
3d8371be 1680 $gt = sq_findnxstr($body, $pos, ">");
1681 return Array(false, false, false, $lt, $gt);
451f74a2 1682 }
3d8371be 1683 break;
691a2d25 1684 }
1685 }
1686 /**
8bd0068d 1687 * The fact that we got here indicates that the tag end was never
1688 * found. Return invalid tag indication so it gets stripped.
1689 */
691a2d25 1690 return Array(false, false, false, $lt, strlen($body));
1691}
1692
1693/**
0493ed11 1694 * Translates entities into literal values so they can be checked.
8bd0068d 1695 *
0493ed11 1696 * @param $attvalue the by-ref value to check.
1697 * @param $regex the regular expression to check against.
1698 * @param $hex whether the entites are hexadecimal.
1699 * @return True or False depending on whether there were matches.
8bd0068d 1700 */
0493ed11 1701function sq_deent(&$attvalue, $regex, $hex=false){
b583c3e8 1702 $me = 'sq_deent';
0493ed11 1703 $ret_match = false;
2b665f28 1704 // remove comments
1705 //$attvalue = preg_replace("/(\/\*.*\*\/)/","",$attvalue);
0493ed11 1706 preg_match_all($regex, $attvalue, $matches);
1707 if (is_array($matches) && sizeof($matches[0]) > 0){
1708 $repl = Array();
1709 for ($i = 0; $i < sizeof($matches[0]); $i++){
1710 $numval = $matches[1][$i];
1711 if ($hex){
1712 $numval = hexdec($numval);
a3daaaf3 1713 }
0493ed11 1714 $repl{$matches[0][$i]} = chr($numval);
691a2d25 1715 }
0493ed11 1716 $attvalue = strtr($attvalue, $repl);
1717 return true;
1718 } else {
1719 return false;
691a2d25 1720 }
691a2d25 1721}
1722
1723/**
8bd0068d 1724 * This function runs various checks against the attributes.
1725 *
1726 * @param $tagname String with the name of the tag.
1727 * @param $attary Array with all tag attributes.
1728 * @param $rm_attnames See description for sq_sanitize
1729 * @param $bad_attvals See description for sq_sanitize
1730 * @param $add_attr_to_tag See description for sq_sanitize
1731 * @param $message message object
1732 * @param $id message id
1733 * @return Array with modified attributes.
1734 */
da2415c1 1735function sq_fixatts($tagname,
1736 $attary,
691a2d25 1737 $rm_attnames,
1738 $bad_attvals,
1739 $add_attr_to_tag,
1740 $message,
b3af12ef 1741 $id,
3d8371be 1742 $mailbox
691a2d25 1743 ){
b583c3e8 1744 $me = 'sq_fixatts';
691a2d25 1745 while (list($attname, $attvalue) = each($attary)){
1746 /**
8bd0068d 1747 * See if this attribute should be removed.
1748 */
691a2d25 1749 foreach ($rm_attnames as $matchtag=>$matchattrs){
1750 if (preg_match($matchtag, $tagname)){
1751 foreach ($matchattrs as $matchattr){
1752 if (preg_match($matchattr, $attname)){
1753 unset($attary{$attname});
1754 continue;
1755 }
451f74a2 1756 }
451f74a2 1757 }
691a2d25 1758 }
2b665f28 1759 /**
1760 * Workaround for IE quirks
1761 */
1762 sq_fixIE_idiocy($attvalue);
1763
691a2d25 1764 /**
8bd0068d 1765 * Remove any backslashes, entities, and extraneous whitespace.
1766 */
2b665f28 1767
1768 $oldattvalue = $attvalue;
0493ed11 1769 sq_defang($attvalue);
2b665f28 1770 if ($attname == 'style' && $attvalue !== $oldattvalue) {
1771 // entities are used in the attribute value. In 99% of the cases it's there as XSS
1772 // i.e.<div style="{ left:exp&#x0280;essio&#x0274;( alert('XSS') ) }">
1773 $attvalue = "idiocy";
1774 $attary{$attname} = $attvalue;
1775 }
0493ed11 1776 sq_unspace($attvalue);
af861a34 1777
691a2d25 1778 /**
8bd0068d 1779 * Now let's run checks on the attvalues.
1780 * I don't expect anyone to comprehend this. If you do,
1781 * get in touch with me so I can drive to where you live and
1782 * shake your hand personally. :)
1783 */
691a2d25 1784 foreach ($bad_attvals as $matchtag=>$matchattrs){
1785 if (preg_match($matchtag, $tagname)){
1786 foreach ($matchattrs as $matchattr=>$valary){
1787 if (preg_match($matchattr, $attname)){
1788 /**
8bd0068d 1789 * There are two arrays in valary.
1790 * First is matches.
1791 * Second one is replacements
1792 */
691a2d25 1793 list($valmatch, $valrepl) = $valary;
da2415c1 1794 $newvalue =
691a2d25 1795 preg_replace($valmatch, $valrepl, $attvalue);
1796 if ($newvalue != $attvalue){
1797 $attary{$attname} = $newvalue;
567dc524 1798 $attvalue = $newvalue;
691a2d25 1799 }
1800 }
1801 }
451f74a2 1802 }
a3daaaf3 1803 }
567dc524 1804 if ($attname == 'style') {
1805 if (preg_match('/[\0-\37\200-\377]+/',$attvalue)) {
1806 // 8bit and control characters in style attribute values can be used for XSS, remove them
1807 $attary{$attname} = '"disallowed character"';
1808 }
1809 preg_match_all("/url\s*\((.+)\)/si",$attvalue,$aMatch);
1810 if (count($aMatch)) {
1811 foreach($aMatch[1] as $sMatch) {
1812 // url value
1813 $urlvalue = $sMatch;
1814 sq_fix_url($attname, $urlvalue, $message, $id, $mailbox,"'");
1815 $attary{$attname} = str_replace($sMatch,$urlvalue,$attvalue);
1816 }
1817 }
691a2d25 1818 }
ff940ebc 1819 /**
567dc524 1820 * Use white list based filtering on attributes which can contain url's
ff940ebc 1821 */
567dc524 1822 else if ($attname == 'href' || $attname == 'src' || $attname == 'background') {
1823 sq_fix_url($attname, $attvalue, $message, $id, $mailbox);
1824 $attary{$attname} = $attvalue;
ff940ebc 1825 }
a3daaaf3 1826 }
691a2d25 1827 /**
8bd0068d 1828 * See if we need to append any attributes to this tag.
1829 */
691a2d25 1830 foreach ($add_attr_to_tag as $matchtag=>$addattary){
1831 if (preg_match($matchtag, $tagname)){
1832 $attary = array_merge($attary, $addattary);
1833 }
1834 }
1835 return $attary;
451f74a2 1836}
a3daaaf3 1837
567dc524 1838/**
1839 * This function filters url's
1840 *
1841 * @param $attvalue String with attribute value to filter
1842 * @param $message message object
1843 * @param $id message id
1844 * @param $mailbox mailbox
1845 * @param $sQuote quoting characters around url's
1846 */
1847function sq_fix_url($attname, &$attvalue, $message, $id, $mailbox,$sQuote = '"') {
1848 $attvalue = trim($attvalue);
1849 if ($attvalue && ($attvalue[0] =='"'|| $attvalue[0] == "'")) {
1850 // remove the double quotes
1851 $sQuote = $attvalue[0];
1852 $attvalue = trim(substr($attvalue,1,-1));
1853 }
1854
d31f73f1 1855 // If there's no "view_unsafe_images" variable in the URL, turn unsafe
1856 // images off by default.
afbf184c 1857 sqgetGlobalVar('view_unsafe_images', $view_unsafe_images, SQ_GET, FALSE);
d31f73f1 1858
567dc524 1859 $secremoveimg = '../images/' . _("sec_remove_eng.png");
1860
1861 /**
1862 * Replace empty src tags with the blank image. src is only used
1863 * for frames, images, and image inputs. Doing a replace should
1864 * not affect them working as should be, however it will stop
1865 * IE from being kicked off when src for img tags are not set
1866 */
1867 if ($attvalue == '') {
1868 $attvalue = '"' . SM_PATH . 'images/blank.png"';
1869 } else {
1870 // first, disallow 8 bit characters and control characters
1871 if (preg_match('/[\0-\37\200-\377]+/',$attvalue)) {
1872 switch ($attname) {
1873 case 'href':
1874 $attvalue = $sQuote . 'http://invalid-stuff-detected.example.com' . $sQuote;
1875 break;
1876 default:
1877 $attvalue = $sQuote . SM_PATH . 'images/blank.png'. $sQuote;
1878 break;
1879 }
1880 } else {
1881 $aUrl = parse_url($attvalue);
1882 if (isset($aUrl['scheme'])) {
1883 switch(strtolower($aUrl['scheme'])) {
d75e755b 1884 case 'mailto':
567dc524 1885 case 'http':
1886 case 'https':
1887 case 'ftp':
1888 if ($attname != 'href') {
1889 if ($view_unsafe_images == false) {
1890 $attvalue = $sQuote . $secremoveimg . $sQuote;
1891 } else {
1892 if (isset($aUrl['path'])) {
1893 // validate image extension.
1894 $ext = strtolower(substr($aUrl['path'],strrpos($aUrl['path'],'.')));
1895 if (!in_array($ext,array('.jpeg','.jpg','xjpeg','.gif','.bmp','.jpe','.png','.xbm'))) {
1896 $attvalue = $sQuote . SM_PATH . 'images/blank.png'. $sQuote;
1897 }
1898 } else {
1899 $attvalue = $sQuote . SM_PATH . 'images/blank.png'. $sQuote;
1900 }
1901 }
1902 }
1903 break;
1904 case 'outbind':
1905 /**
1906 * "Hack" fix for Outlook using propriatary outbind:// protocol in img tags.
1907 * One day MS might actually make it match something useful, for now, falling
1908 * back to using cid2http, so we can grab the blank.png.
1909 */
1910 $attvalue = sq_cid2http($message, $id, $attvalue, $mailbox);
1911 break;
1912 case 'cid':
1913 /**
1914 * Turn cid: urls into http-friendly ones.
1915 */
1916 $attvalue = sq_cid2http($message, $id, $attvalue, $mailbox);
1917 break;
1918 default:
1919 $attvalue = $sQuote . SM_PATH . 'images/blank.png' . $sQuote;
1920 break;
1921 }
1922 } else {
1923 if (!(isset($aUrl['path']) && $aUrl['path'] == $secremoveimg)) {
1924 // parse_url did not lead to satisfying result
1925 $attvalue = $sQuote . SM_PATH . 'images/blank.png' . $sQuote;
1926 }
1927 }
1928 }
1929 }
1930}
1931
691a2d25 1932/**
8bd0068d 1933 * This function edits the style definition to make them friendly and
1934 * usable in SquirrelMail.
1935 *
1936 * @param $message the message object
1937 * @param $id the message id
1938 * @param $content a string with whatever is between <style> and </style>
1939 * @param $mailbox the message mailbox
1940 * @return a string with edited content.
1941 */
e60a299a 1942function sq_fixstyle($body, $pos, $message, $id, $mailbox){
b583c3e8 1943 $me = 'sq_fixstyle';
7e2ff844 1944 // workaround for </style> in between comments
1945 $iCurrentPos = $pos;
1946 $content = '';
1947 $sToken = '';
1948 $bSucces = false;
1949 $bEndTag = false;
1950 for ($i=$pos,$iCount=strlen($body);$i<$iCount;++$i) {
1951 $char = $body{$i};
1952 switch ($char) {
1953 case '<':
10c0caeb 1954 $sToken = $char;
7e2ff844 1955 break;
1956 case '/':
1957 if ($sToken == '<') {
1958 $sToken .= $char;
1959 $bEndTag = true;
1960 } else {
1961 $content .= $char;
1962 }
1963 break;
1964 case '>':
1965 if ($bEndTag) {
1966 $sToken .= $char;
1967 if (preg_match('/\<\/\s*style\s*\>/i',$sToken,$aMatch)) {
1968 $newpos = $i + 1;
1969 $bSucces = true;
1970 break 2;
1971 } else {
1972 $content .= $sToken;
1973 }
1974 $bEndTag = false;
1975 } else {
1976 $content .= $char;
1977 }
1978 break;
1979 case '!':
1980 if ($sToken == '<') {
1981 // possible comment
1982 if (isset($body{$i+2}) && substr($body,$i,3) == '!--') {
1983 $i = strpos($body,'-->',$i+3);
2b665f28 1984 if ($i === false) { // no end comment
1985 $i = strlen($body);
1986 }
7e2ff844 1987 $sToken = '';
1988 }
1989 } else {
1990 $content .= $char;
1991 }
1992 break;
1993 default:
1994 if ($bEndTag) {
1995 $sToken .= $char;
1996 } else {
1997 $content .= $char;
1998 }
1999 break;
2000 }
2001 }
2002 if ($bSucces == FALSE){
7d06541f 2003 return array(FALSE, strlen($body));
2004 }
7e2ff844 2005
2b665f28 2006
2007
691a2d25 2008 /**
9ebace19 2009 * First look for general BODY style declaration, which would be
2010 * like so:
2011 * body {background: blah-blah}
2012 * and change it to .bodyclass so we can just assign it to a <div>
2013 */
691a2d25 2014 $content = preg_replace("|body(\s*\{.*?\})|si", ".bodyclass\\1", $content);
3d8371be 2015 $secremoveimg = '../images/' . _("sec_remove_eng.png");
691a2d25 2016 /**
0493ed11 2017 * Fix url('blah') declarations.
2018 */
2019 // $content = preg_replace("|url\s*\(\s*([\'\"])\s*\S+script\s*:.*?([\'\"])\s*\)|si",
2020 // "url(\\1$secremoveimg\\2)", $content);
2b665f28 2021
567dc524 2022 // first check for 8bit sequences and disallowed control characters
2023 if (preg_match('/[\16-\37\200-\377]+/',$content)) {
2024 $content = '<!-- style block removed by html filter due to presence of 8bit characters -->';
2025 return array($content, $newpos);
2026 }
2027
2b665f28 2028 // IE Sucks hard. We have a special function for it.
2029 sq_fixIE_idiocy($content);
2030
2031 // remove @import line
2032 $content = preg_replace("/^\s*(@import.*)$/mi","\n<!-- @import rules forbidden -->\n",$content);
2033
5b4884be 2034 // translate ur\l and variations (IE parses that)
2b665f28 2035 // TODO check if the sq_fixIE_idiocy function already handles this.
5b4884be 2036 $content = preg_replace("/(\\\\)?u(\\\\)?r(\\\\)?l(\\\\)?/i", 'url', $content);
567dc524 2037 preg_match_all("/url\s*\((.+)\)/si",$content,$aMatch);
2038 if (count($aMatch)) {
2039 $aValue = $aReplace = array();
2040 foreach($aMatch[1] as $sMatch) {
2041 // url value
2042 $urlvalue = $sMatch;
2043 sq_fix_url('style',$urlvalue, $message, $id, $mailbox,"'");
2044 $aValue[] = $sMatch;
2045 $aReplace[] = $urlvalue;
0493ed11 2046 }
567dc524 2047 $content = str_replace($aValue,$aReplace,$content);
691a2d25 2048 }
567dc524 2049
9ebace19 2050 /**
2051 * Remove any backslashes, entities, and extraneous whitespace.
2052 */
0493ed11 2053 $contentTemp = $content;
2054 sq_defang($contentTemp);
2055 sq_unspace($contentTemp);
a3daaaf3 2056
691a2d25 2057 /**
8bd0068d 2058 * Fix stupid css declarations which lead to vulnerabilities
2059 * in IE.
2060 */
5db90261 2061 $match = Array('/\/\*.*\*\//',
2062 '/expression/i',
0493ed11 2063 '/behaviou*r/i',
2064 '/binding/i',
2b665f28 2065 '/include-source/i',
2066 '/javascript/i',
2067 '/script/i');
2068 $replace = Array('','idiocy', 'idiocy', 'idiocy', 'idiocy', 'idiocy', 'idiocy');
0493ed11 2069 $contentNew = preg_replace($match, $replace, $contentTemp);
2070 if ($contentNew !== $contentTemp) {
2071 // insecure css declarations are used. From now on we don't care
2072 // anymore if the css is destroyed by sq_deent, sq_unspace or sq_unbackslash
2073 $content = $contentNew;
2074 }
7d06541f 2075 return array($content, $newpos);
691a2d25 2076}
a3daaaf3 2077
0493ed11 2078
691a2d25 2079/**
8bd0068d 2080 * This function converts cid: url's into the ones that can be viewed in
2081 * the browser.
2082 *
2083 * @param $message the message object
2084 * @param $id the message id
2085 * @param $cidurl the cid: url.
2086 * @param $mailbox the message mailbox
2087 * @return a string with a http-friendly url
2088 */
b3af12ef 2089function sq_cid2http($message, $id, $cidurl, $mailbox){
691a2d25 2090 /**
8bd0068d 2091 * Get rid of quotes.
2092 */
691a2d25 2093 $quotchar = substr($cidurl, 0, 1);
2dd879b8 2094 if ($quotchar == '"' || $quotchar == "'"){
2095 $cidurl = str_replace($quotchar, "", $cidurl);
2096 } else {
2097 $quotchar = '';
2098 }
691a2d25 2099 $cidurl = substr(trim($cidurl), 4);
0493ed11 2100
2101 $match_str = '/\{.*?\}\//';
2102 $str_rep = '';
2103 $cidurl = preg_replace($match_str, $str_rep, $cidurl);
2104
e5e9381a 2105 $linkurl = find_ent_id($cidurl, $message);
9ebace19 2106 /* in case of non-safe cid links $httpurl should be replaced by a sort of
2107 unsafe link image */
e5e9381a 2108 $httpurl = '';
c8f5f606 2109
8bd0068d 2110 /**
2111 * This is part of a fix for Outlook Express 6.x generating
2112 * cid URLs without creating content-id headers. These images are
2113 * not part of the multipart/related html mail. The html contains
2114 * <img src="cid:{some_id}/image_filename.ext"> references to
2115 * attached images with as goal to render them inline although
2116 * the attachment disposition property is not inline.
2117 */
c8f5f606 2118
2119 if (empty($linkurl)) {
2120 if (preg_match('/{.*}\//', $cidurl)) {
2121 $cidurl = preg_replace('/{.*}\//','', $cidurl);
2122 if (!empty($cidurl)) {
2123 $linkurl = find_ent_id($cidurl, $message);
2124 }
2125 }
2126 }
f8a1ed5a 2127
c8f5f606 2128 if (!empty($linkurl)) {
6b04287c 2129 $httpurl = $quotchar . SM_PATH . 'src/download.php?absolute_dl=true&amp;' .
8bd0068d 2130 "passed_id=$id&amp;mailbox=" . urlencode($mailbox) .
2131 '&amp;ent_id=' . $linkurl . $quotchar;
c8f5f606 2132 } else {
2133 /**
2134 * If we couldn't generate a proper img url, drop in a blank image
2135 * instead of sending back empty, otherwise it causes unusual behaviour
2136 */
bc017c1d 2137 $httpurl = $quotchar . SM_PATH . 'images/blank.png' . $quotchar;
e5e9381a 2138 }
f8a1ed5a 2139
691a2d25 2140 return $httpurl;
2141}
2142
2143/**
8bd0068d 2144 * This function changes the <body> tag into a <div> tag since we
2145 * can't really have a body-within-body.
2146 *
2147 * @param $attary an array of attributes and values of <body>
2148 * @param $mailbox mailbox we're currently reading (for cid2http)
2149 * @param $message current message (for cid2http)
2150 * @param $id current message id (for cid2http)
2151 * @return a modified array of attributes to be set for <div>
2152 */
2dd879b8 2153function sq_body2div($attary, $mailbox, $message, $id){
b583c3e8 2154 $me = 'sq_body2div';
3d8371be 2155 $divattary = Array('class' => "'bodyclass'");
b583c3e8 2156 $text = '#000000';
c189a963 2157 $has_bgc_stl = $has_txt_stl = false;
b583c3e8 2158 $styledef = '';
691a2d25 2159 if (is_array($attary) && sizeof($attary) > 0){
2160 foreach ($attary as $attname=>$attvalue){
2161 $quotchar = substr($attvalue, 0, 1);
2162 $attvalue = str_replace($quotchar, "", $attvalue);
2163 switch ($attname){
3d8371be 2164 case 'background':
8bd0068d 2165 $attvalue = sq_cid2http($message, $id, $attvalue, $mailbox);
3d8371be 2166 $styledef .= "background-image: url('$attvalue'); ";
2167 break;
2168 case 'bgcolor':
c189a963 2169 $has_bgc_stl = true;
3d8371be 2170 $styledef .= "background-color: $attvalue; ";
2171 break;
2172 case 'text':
c189a963 2173 $has_txt_stl = true;
3d8371be 2174 $styledef .= "color: $attvalue; ";
2175 break;
691a2d25 2176 }
a3daaaf3 2177 }
c189a963 2178 // Outlook defines a white bgcolor and no text color. This can lead to
2179 // white text on a white bg with certain themes.
2180 if ($has_bgc_stl && !$has_txt_stl) {
2181 $styledef .= "color: $text; ";
2182 }
691a2d25 2183 if (strlen($styledef) > 0){
2184 $divattary{"style"} = "\"$styledef\"";
2185 }
2186 }
2187 return $divattary;
2188}
a3daaaf3 2189
691a2d25 2190/**
8bd0068d 2191 * This is the main function and the one you should actually be calling.
2192 * There are several variables you should be aware of an which need
2193 * special description.
2194 *
2195 * Since the description is quite lengthy, see it here:
2196 * http://linux.duke.edu/projects/mini/htmlfilter/
2197 *
2198 * @param $body the string with HTML you wish to filter
2199 * @param $tag_list see description above
2200 * @param $rm_tags_with_content see description above
2201 * @param $self_closing_tags see description above
2202 * @param $force_tag_closing see description above
2203 * @param $rm_attnames see description above
2204 * @param $bad_attvals see description above
2205 * @param $add_attr_to_tag see description above
2206 * @param $message message object
2207 * @param $id message id
2208 * @return sanitized html safe to show on your pages.
2209 */
da2415c1 2210function sq_sanitize($body,
8bd0068d 2211 $tag_list,
2212 $rm_tags_with_content,
2213 $self_closing_tags,
2214 $force_tag_closing,
2215 $rm_attnames,
2216 $bad_attvals,
2217 $add_attr_to_tag,
2218 $message,
2219 $id,
2220 $mailbox
2221 ){
b583c3e8 2222 $me = 'sq_sanitize';
7d06541f 2223 $rm_tags = array_shift($tag_list);
691a2d25 2224 /**
8bd0068d 2225 * Normalize rm_tags and rm_tags_with_content.
2226 */
7d06541f 2227 @array_walk($tag_list, 'sq_casenormalize');
691a2d25 2228 @array_walk($rm_tags_with_content, 'sq_casenormalize');
2229 @array_walk($self_closing_tags, 'sq_casenormalize');
2230 /**
8bd0068d 2231 * See if tag_list is of tags to remove or tags to allow.
2232 * false means remove these tags
2233 * true means allow these tags
2234 */
691a2d25 2235 $curpos = 0;
2236 $open_tags = Array();
2dd879b8 2237 $trusted = "\n<!-- begin sanitized html -->\n";
691a2d25 2238 $skip_content = false;
bb8d0799 2239 /**
8bd0068d 2240 * Take care of netscape's stupid javascript entities like
2241 * &{alert('boo')};
2242 */
bb8d0799 2243 $body = preg_replace("/&(\{.*?\};)/si", "&amp;\\1", $body);
691a2d25 2244
7d06541f 2245 while (($curtag = sq_getnxtag($body, $curpos)) != FALSE){
691a2d25 2246 list($tagname, $attary, $tagtype, $lt, $gt) = $curtag;
2247 $free_content = substr($body, $curpos, $lt-$curpos);
2248 /**
8bd0068d 2249 * Take care of <style>
2250 */
7d06541f 2251 if ($tagname == "style" && $tagtype == 1){
da2415c1 2252 list($free_content, $curpos) =
e60a299a 2253 sq_fixstyle($body, $gt+1, $message, $id, $mailbox);
7d06541f 2254 if ($free_content != FALSE){
2255 $trusted .= sq_tagprint($tagname, $attary, $tagtype);
2256 $trusted .= $free_content;
2257 $trusted .= sq_tagprint($tagname, false, 2);
2258 }
2259 continue;
691a2d25 2260 }
2261 if ($skip_content == false){
2262 $trusted .= $free_content;
691a2d25 2263 }
2264 if ($tagname != FALSE){
2265 if ($tagtype == 2){
2266 if ($skip_content == $tagname){
2267 /**
8bd0068d 2268 * Got to the end of tag we needed to remove.
2269 */
691a2d25 2270 $tagname = false;
2271 $skip_content = false;
2272 } else {
2273 if ($skip_content == false){
c828931c 2274 if ($tagname == "body"){
2275 $tagname = "div";
2dd879b8 2276 }
da2415c1 2277 if (isset($open_tags{$tagname}) &&
8bd0068d 2278 $open_tags{$tagname} > 0){
2dd879b8 2279 $open_tags{$tagname}--;
691a2d25 2280 } else {
2dd879b8 2281 $tagname = false;
691a2d25 2282 }
691a2d25 2283 }
2284 }
2285 } else {
2286 /**
8bd0068d 2287 * $rm_tags_with_content
2288 */
691a2d25 2289 if ($skip_content == false){
2290 /**
8bd0068d 2291 * See if this is a self-closing type and change
2292 * tagtype appropriately.
2293 */
691a2d25 2294 if ($tagtype == 1
8bd0068d 2295 && in_array($tagname, $self_closing_tags)){
2dd879b8 2296 $tagtype = 3;
691a2d25 2297 }
2298 /**
8bd0068d 2299 * See if we should skip this tag and any content
2300 * inside it.
2301 */
691a2d25 2302 if ($tagtype == 1 &&
8bd0068d 2303 in_array($tagname, $rm_tags_with_content)){
691a2d25 2304 $skip_content = $tagname;
2305 } else {
da2415c1 2306 if (($rm_tags == false
8bd0068d 2307 && in_array($tagname, $tag_list)) ||
2308 ($rm_tags == true &&
2309 !in_array($tagname, $tag_list))){
691a2d25 2310 $tagname = false;
2311 } else {
2dd879b8 2312 /**
8bd0068d 2313 * Convert body into div.
2314 */
2dd879b8 2315 if ($tagname == "body"){
2316 $tagname = "div";
da2415c1 2317 $attary = sq_body2div($attary, $mailbox,
8bd0068d 2318 $message, $id);
2dd879b8 2319 }
691a2d25 2320 if ($tagtype == 1){
2321 if (isset($open_tags{$tagname})){
2322 $open_tags{$tagname}++;
2323 } else {
2324 $open_tags{$tagname}=1;
2325 }
2326 }
2327 /**
8bd0068d 2328 * This is where we run other checks.
2329 */
691a2d25 2330 if (is_array($attary) && sizeof($attary) > 0){
2331 $attary = sq_fixatts($tagname,
8bd0068d 2332 $attary,
2333 $rm_attnames,
2334 $bad_attvals,
2335 $add_attr_to_tag,
2336 $message,
2337 $id,
2338 $mailbox
2339 );
691a2d25 2340 }
2341 }
2342 }
691a2d25 2343 }
2344 }
2345 if ($tagname != false && $skip_content == false){
2346 $trusted .= sq_tagprint($tagname, $attary, $tagtype);
2347 }
691a2d25 2348 }
2349 $curpos = $gt+1;
a3daaaf3 2350 }
691a2d25 2351 $trusted .= substr($body, $curpos, strlen($body)-$curpos);
2352 if ($force_tag_closing == true){
2353 foreach ($open_tags as $tagname=>$opentimes){
2354 while ($opentimes > 0){
2355 $trusted .= '</' . $tagname . '>';
2356 $opentimes--;
2357 }
2358 }
2359 $trusted .= "\n";
2360 }
2361 $trusted .= "<!-- end sanitized html -->\n";
2362 return $trusted;
2363}
451f74a2 2364
691a2d25 2365/**
8bd0068d 2366 * This is a wrapper function to call html sanitizing routines.
2367 *
2368 * @param $body the body of the message
2369 * @param $id the id of the message
c189a963 2370
2371 * @param $message
2372 * @param $mailbox
2373 * @param boolean $take_mailto_links When TRUE, converts mailto: links
2374 * into internal SM compose links
2375 * (optional; default = TRUE)
8bd0068d 2376 * @return a string with html safe to display in the browser.
2377 */
c189a963 2378function magicHTML($body, $id, $message, $mailbox = 'INBOX', $take_mailto_links =true) {
2379
202bcbcc 2380 // require_once(SM_PATH . 'functions/url_parser.php'); // for $MailTo_PReg_Match
c189a963 2381
691a2d25 2382 global $attachment_common_show_images, $view_unsafe_images,
8bd0068d 2383 $has_unsafe_images;
691a2d25 2384 /**
8bd0068d 2385 * Don't display attached images in HTML mode.
2b665f28 2386 *
d0187bd6 2387 * SB: why?
8bd0068d 2388 */
691a2d25 2389 $attachment_common_show_images = false;
2390 $tag_list = Array(
8bd0068d 2391 false,
2392 "object",
2393 "meta",
2394 "html",
2395 "head",
2396 "base",
2397 "link",
2398 "frame",
2399 "iframe",
2400 "plaintext",
2401 "marquee"
2402 );
691a2d25 2403
2404 $rm_tags_with_content = Array(
8bd0068d 2405 "script",
2406 "applet",
2407 "embed",
2408 "title",
2409 "frameset",
0493ed11 2410 "xmp",
8bd0068d 2411 "xml"
2412 );
691a2d25 2413
2414 $self_closing_tags = Array(
8bd0068d 2415 "img",
2416 "br",
2417 "hr",
2418 "input",
2419 "outbind"
2420 );
691a2d25 2421
2dd879b8 2422 $force_tag_closing = true;
691a2d25 2423
2424 $rm_attnames = Array(
8bd0068d 2425 "/.*/" =>
2426 Array(
2427 "/target/i",
2428 "/^on.*/i",
2429 "/^dynsrc/i",
2430 "/^data.*/i",
2431 "/^lowsrc.*/i"
2432 )
2433 );
691a2d25 2434
2435 $secremoveimg = "../images/" . _("sec_remove_eng.png");
2436 $bad_attvals = Array(
8bd0068d 2437 "/.*/" =>
691a2d25 2438 Array(
0a6ec9b5 2439 "/^src|background/i" =>
8bd0068d 2440 Array(
691a2d25 2441 Array(
8bd0068d 2442 "/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
2443 "/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
2444 "/^([\'\"])\s*about\s*:.*([\'\"])/si"
691a2d25 2445 ),
8bd0068d 2446 Array(
2447 "\\1$secremoveimg\\2",
2448 "\\1$secremoveimg\\2",
2449 "\\1$secremoveimg\\2",
8bd0068d 2450 )
2451 ),
0a6ec9b5 2452 "/^href|action/i" =>
8bd0068d 2453 Array(
0a6ec9b5 2454 Array(
8bd0068d 2455 "/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
2456 "/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
2457 "/^([\'\"])\s*about\s*:.*([\'\"])/si"
0a6ec9b5 2458 ),
691a2d25 2459 Array(
8bd0068d 2460 "\\1#\\1",
2461 "\\1#\\1",
2462 "\\1#\\1"
02474e43 2463 )
8bd0068d 2464 ),
2465 "/^style/i" =>
2466 Array(
2467 Array(
5db90261 2468 "/\/\*.*\*\//",
8bd0068d 2469 "/expression/i",
2470 "/binding/i",
2471 "/behaviou*r/i",
2472 "/include-source/i",
2473 "/position\s*:\s*absolute/i",
1d935bc2 2474 "/(\\\\)?u(\\\\)?r(\\\\)?l(\\\\)?/i",
8bd0068d 2475 "/url\s*\(\s*([\'\"])\s*\S+script\s*:.*([\'\"])\s*\)/si",
2476 "/url\s*\(\s*([\'\"])\s*mocha\s*:.*([\'\"])\s*\)/si",
2477 "/url\s*\(\s*([\'\"])\s*about\s*:.*([\'\"])\s*\)/si",
2478 "/(.*)\s*:\s*url\s*\(\s*([\'\"]*)\s*\S+script\s*:.*([\'\"]*)\s*\)/si"
2479 ),
2480 Array(
5db90261 2481 "",
8bd0068d 2482 "idiocy",
2483 "idiocy",
2484 "idiocy",
2485 "idiocy",
567dc524 2486 "idiocy",
5b4884be 2487 "url",
8bd0068d 2488 "url(\\1#\\1)",
2489 "url(\\1#\\1)",
2490 "url(\\1#\\1)",
8bd0068d 2491 "\\1:url(\\2#\\3)"
2492 )
691a2d25 2493 )
8bd0068d 2494 )
691a2d25 2495 );
9ebace19 2496
d31f73f1 2497 // If there's no "view_unsafe_images" variable in the URL, turn unsafe
2498 // images off by default.
afbf184c 2499 sqgetGlobalVar('view_unsafe_images', $view_unsafe_images, SQ_GET, FALSE);
9ebace19 2500
691a2d25 2501 if (!$view_unsafe_images){
2502 /**
8bd0068d 2503 * Remove any references to http/https if view_unsafe_images set
2504 * to false.
2505 */
02474e43 2506 array_push($bad_attvals{'/.*/'}{'/^src|background/i'}[0],
8bd0068d 2507 '/^([\'\"])\s*https*:.*([\'\"])/si');
02474e43 2508 array_push($bad_attvals{'/.*/'}{'/^src|background/i'}[1],
8bd0068d 2509 "\\1$secremoveimg\\1");
02474e43 2510 array_push($bad_attvals{'/.*/'}{'/^style/i'}[0],
7ef0b415 2511 '/url\([\'\"]?https?:[^\)]*[\'\"]?\)/si');
02474e43 2512 array_push($bad_attvals{'/.*/'}{'/^style/i'}[1],
8bd0068d 2513 "url(\\1$secremoveimg\\1)");
691a2d25 2514 }
451f74a2 2515
691a2d25 2516 $add_attr_to_tag = Array(
8bd0068d 2517 "/^a$/i" =>
c25f2fbb 2518 Array('target'=>'"_blank"',
02474e43 2519 'title'=>'"'._("This external link will open in a new window").'"'
8bd0068d 2520 )
2521 );
da2415c1 2522 $trusted = sq_sanitize($body,
8bd0068d 2523 $tag_list,
2524 $rm_tags_with_content,
2525 $self_closing_tags,
2526 $force_tag_closing,
2527 $rm_attnames,
2528 $bad_attvals,
2529 $add_attr_to_tag,
2530 $message,
2531 $id,
2532 $mailbox
2533 );
567dc524 2534 if (strpos($trusted,$secremoveimg)){
691a2d25 2535 $has_unsafe_images = true;
da2415c1 2536 }
c189a963 2537
2538 // we want to parse mailto's in HTML output, change to SM compose links
2539 // this is a modified version of code from url_parser.php... but Marc is
2540 // right: we need a better filtering implementation; adding this randomly
2541 // here is not a great solution
2542 //
2543 if ($take_mailto_links) {
2544 // parseUrl($trusted); // this even parses URLs inside of tags... too aggressive
2545 global $MailTo_PReg_Match;
202bcbcc 2546 $MailTo_PReg_Match = '/mailto:' . substr($MailTo_PReg_Match, 1) ;
c189a963 2547 if ((preg_match_all($MailTo_PReg_Match, $trusted, $regs)) && ($regs[0][0] != '')) {
2548 foreach ($regs[0] as $i => $mailto_before) {
2549 $mailto_params = $regs[10][$i];
2550 // get rid of any tailing quote since we have to add send_to to the end
2551 //
2552 if (substr($mailto_before, strlen($mailto_before) - 1) == '"')
2553 $mailto_before = substr($mailto_before, 0, strlen($mailto_before) - 1);
2554 if (substr($mailto_params, strlen($mailto_params) - 1) == '"')
2555 $mailto_params = substr($mailto_params, 0, strlen($mailto_params) - 1);
2556
2557 if ($regs[1][$i]) { //if there is an email addr before '?', we need to merge it with the params
2558 $to = 'to=' . $regs[1][$i];
2559 if (strpos($mailto_params, 'to=') > -1) //already a 'to='
2560 $mailto_params = str_replace('to=', $to . '%2C%20', $mailto_params);
2561 else {
2562 if ($mailto_params) //already some params, append to them
2563 $mailto_params .= '&amp;' . $to;
2564 else
2565 $mailto_params .= '?' . $to;
2566 }
2567 }
2568
2569 $url_str = preg_replace(array('/to=/i', '/(?<!b)cc=/i', '/bcc=/i'), array('send_to=', 'send_to_cc=', 'send_to_bcc='), $mailto_params);
2570
2571 // we'll already have target=_blank, no need to allow comp_in_new
2572 // here (which would be a lot more work anyway)
2573 //
2574 global $compose_new_win;
2575 $temp_comp_in_new = $compose_new_win;
2576 $compose_new_win = 0;
2577 $comp_uri = makeComposeLink('src/compose.php' . $url_str, $mailto_before);
2578 $compose_new_win = $temp_comp_in_new;
2579
2580 // remove <a href=" and anything after the next quote (we only
2581 // need the uri, not the link HTML) in compose uri
2582 //
2583 $comp_uri = substr($comp_uri, 9);
2584 $comp_uri = substr($comp_uri, 0, strpos($comp_uri, '"', 1));
2585 $trusted = str_replace($mailto_before, $comp_uri, $trusted);
2586 }
2587 }
2588 }
2589
691a2d25 2590 return $trusted;
451f74a2 2591}
a4a70693 2592
da2415c1 2593/**
8bd0068d 2594 * function SendDownloadHeaders - send file to the browser
2595 *
2596 * Original Source: SM core src/download.php
2597 * moved here to make it available to other code, and separate
2598 * front end from back end functionality.
2599 *
2600 * @param string $type0 first half of mime type
2601 * @param string $type1 second half of mime type
2602 * @param string $filename filename to tell the browser for downloaded file
2603 * @param boolean $force whether to force the download dialog to pop
2604 * @param optional integer $filesize send the Content-Header and length to the browser
2605 * @return void
2606 */
02474e43 2607function SendDownloadHeaders($type0, $type1, $filename, $force, $filesize=0) {
2608 global $languages, $squirrelmail_language;
cfffd60b 2609 $isIE = $isIE6plus = false;
02474e43 2610
2611 sqgetGlobalVar('HTTP_USER_AGENT', $HTTP_USER_AGENT, SQ_SERVER);
2612
2613 if (strstr($HTTP_USER_AGENT, 'compatible; MSIE ') !== false &&
8bd0068d 2614 strstr($HTTP_USER_AGENT, 'Opera') === false) {
cfffd60b 2615 $isIE = true;
02474e43 2616 }
2617
cfffd60b 2618 if (preg_match('/compatible; MSIE ([0-9]+)/', $HTTP_USER_AGENT, $match) &&
2619 ((int)$match[1]) >= 6 && strstr($HTTP_USER_AGENT, 'Opera') === false) {
2620 $isIE6plus = true;
02474e43 2621 }
2622
2623 if (isset($languages[$squirrelmail_language]['XTRA_CODE']) &&
8bd0068d 2624 function_exists($languages[$squirrelmail_language]['XTRA_CODE'] . '_downloadfilename')) {
02474e43 2625 $filename =
8bd0068d 2626 call_user_func($languages[$squirrelmail_language]['XTRA_CODE'] . '_downloadfilename', $filename, $HTTP_USER_AGENT);
02474e43 2627 } else {
2628 $filename = ereg_replace('[\\/:\*\?"<>\|;]', '_', str_replace('&nbsp;', ' ', $filename));
2629 }
2630
2631 // A Pox on Microsoft and it's Internet Explorer!
2632 //
2633 // IE has lots of bugs with file downloads.
2634 // It also has problems with SSL. Both of these cause problems
2635 // for us in this function.
2636 //
2637 // See this article on Cache Control headers and SSL
2638 // http://support.microsoft.com/default.aspx?scid=kb;en-us;323308
2639 //
2640 // The best thing you can do for IE is to upgrade to the latest
2641 // version
2642 //set all the Cache Control Headers for IE
2643 if ($isIE) {
2644 $filename=rawurlencode($filename);
2645 header ("Pragma: public");
8bd0068d 2646 header ("Cache-Control: no-store, max-age=0, no-cache, must-revalidate"); // HTTP/1.1
02474e43 2647 header ("Cache-Control: post-check=0, pre-check=0", false);
8bd0068d 2648 header ("Cache-Control: private");
02474e43 2649
2650 //set the inline header for IE, we'll add the attachment header later if we need it
2651 header ("Content-Disposition: inline; filename=$filename");
2652 }
2653
2654 if (!$force) {
2655 // Try to show in browser window
2656 header ("Content-Disposition: inline; filename=\"$filename\"");
2657 header ("Content-Type: $type0/$type1; name=\"$filename\"");
2658 } else {
2659 // Try to pop up the "save as" box
2660
2661 // IE makes this hard. It pops up 2 save boxes, or none.
2662 // http://support.microsoft.com/support/kb/articles/Q238/5/88.ASP
2663 // http://support.microsoft.com/default.aspx?scid=kb;EN-US;260519
2664 // But, according to Microsoft, it is "RFC compliant but doesn't
2665 // take into account some deviations that allowed within the
2666 // specification." Doesn't that mean RFC non-compliant?
2667 // http://support.microsoft.com/support/kb/articles/Q258/4/52.ASP
2668
2669 // all browsers need the application/octet-stream header for this
2670 header ("Content-Type: application/octet-stream; name=\"$filename\"");
2671
2672 // http://support.microsoft.com/support/kb/articles/Q182/3/15.asp
2673 // Do not have quotes around filename, but that applied to
2674 // "attachment"... does it apply to inline too?
2675 header ("Content-Disposition: attachment; filename=\"$filename\"");
2676
cfffd60b 2677 if ($isIE && !$isIE6plus) {
02474e43 2678 // This combination seems to work mostly. IE 5.5 SP 1 has
2679 // known issues (see the Microsoft Knowledge Base)
2680
2681 // This works for most types, but doesn't work with Word files
2682 header ("Content-Type: application/download; name=\"$filename\"");
7e2ff844 2683 header ("Content-Type: application/force-download; name=\"$filename\"");
02474e43 2684 // These are spares, just in case. :-)
2685 //header("Content-Type: $type0/$type1; name=\"$filename\"");
2686 //header("Content-Type: application/x-msdownload; name=\"$filename\"");
2687 //header("Content-Type: application/octet-stream; name=\"$filename\"");
7e2ff844 2688 } else if ($isIE) {
2689 // This is to prevent IE for MIME sniffing and auto open a file in IE
2690 header ("Content-Type: application/force-download; name=\"$filename\"");
02474e43 2691 } else {
2692 // another application/octet-stream forces download for Netscape
2693 header ("Content-Type: application/octet-stream; name=\"$filename\"");
2694 }
2695 }
2696
2697 //send the content-length header if the calling function provides it
2698 if ($filesize > 0) {
2699 header("Content-Length: $filesize");
2700 }
07c49f57 2701
8d863f64 2702} // end fn SendDownloadHeaders
Unnamed repository; edit this file 'description' to name the repository.