// workaround for not updated config.php
if (! isset($use_iframe)) $use_iframe = false;
+ // If there's no "view_unsafe_images" variable in the URL, turn unsafe
+ // images off by default.
+ // FIXME: Update this code to use the default value FALSE.
if( !sqgetGlobalVar('view_unsafe_images', $view_unsafe_images, SQ_GET) ) {
$view_unsafe_images = false;
}
return $body;
}
+ /*
+ * Previously the links for downloading and unsafe images were printed
+ * under the mail. By putting the links in a global variable we can
+ * print it in the toolbar where it belongs. Since the original code was
+ * in this place it's left here. It might be possible to move it to some
+ * other place if that makes sense. The possibility to do so has not
+ * been evaluated yet.
+ */
+
+ // Initialize the global variable to an empty string.
+ // FIXME: To have $download_and_unsafe_link as a global variable might not be needed since the use of separate variables ($download_href, $unsafe_image_toggle_href, and $unsafe_image_toggle_text) for the templates was introduced.
$download_and_unsafe_link = '';
+ // Prepare and build a link for downloading the mail.
$link = 'passed_id=' . $id . '&ent_id='.$ent_num.
'&mailbox=' . $urlmailbox .'&sort=' . $sort .
'&startMessage=' . $startMessage . '&show_more=0';
$link .= '&passed_ent_id='.$passed_ent_id;
}
$download_href = SM_PATH . 'src/download.php?absolute_dl=true&' . $link;
+
+ // Always add the link for downloading the mail as a file to the global
+ // variable.
$download_and_unsafe_link .= "$nbsp|$nbsp"
. create_hyperlink($download_href, _("Download this as a file"));
+
+ // Find out the right text to use in the link depending on the
+ // circumstances. If the unsafe images are displayed the link should
+ // hide them, if they aren't displayed the link should only appear if
+ // the mail really contains unsafe images.
if ($view_unsafe_images) {
$text = _("Hide Unsafe Images");
} else {
$text = '';
}
}
+
+ // Only create a link for unsafe images if there's need for one. If so:
+ // add it to the global variable.
if($text != '') {
$unsafe_image_toggle_href = SM_PATH . 'src/read_body.php?'.$link;
$unsafe_image_toggle_text = $text;
*
* @param string $string header string that has to be made readable
* @param boolean $utfencode change message in order to be readable on user's charset. defaults to true
- * @param boolean $htmlsave preserve spaces and sanitize html special characters. defaults to true
+ * @param boolean $htmlsafe preserve spaces and sanitize html special characters. defaults to true
* @param boolean $decide decide if string can be utfencoded. defaults to false
* @return string decoded header string
*/
-function decodeHeader ($string, $utfencode=true,$htmlsave=true,$decide=false) {
+function decodeHeader ($string, $utfencode=true,$htmlsafe=true,$decide=false) {
global $languages, $squirrelmail_language,$default_charset;
if (is_array($string)) {
$string = implode("\n", $string);
while ($match = preg_match('/^(.*)=\?([^?]*)\?(Q|B)\?([^?]*)\?=(.*)$/Ui',$chunk,$res)) {
/* if the last chunk isn't an encoded string then put back the space, otherwise don't */
if ($iLastMatch !== $j) {
- if ($htmlsave) {
+ if ($htmlsafe) {
$ret .= ' ';
} else {
$ret .= ' ';
}
$iLastMatch = $i;
$j = $i;
- if ($htmlsave) {
+ if ($htmlsafe) {
$ret .= htmlspecialchars($res[1]);
} else {
$ret .= $res[1];
/* convert string to different charset,
* if functions asks for it (usually in compose)
*/
- $ret .= charset_convert($res[2],$replace,$default_charset,$htmlsave);
+ $ret .= charset_convert($res[2],$replace,$default_charset,$htmlsafe);
} else {
// convert string to html codes in order to display it
$ret .= charset_decode($res[2],$replace);
}
} else {
- if ($htmlsave) {
+ if ($htmlsafe) {
$replace = htmlspecialchars($replace);
}
$ret.= $replace;
/* convert string to different charset,
* if functions asks for it (usually in compose)
*/
- $replace = charset_convert($res[2], $replace,$default_charset,$htmlsave);
+ $replace = charset_convert($res[2], $replace,$default_charset,$htmlsafe);
} else {
// convert string to html codes in order to display it
$replace = charset_decode($res[2], $replace);
}
} else {
- if ($htmlsave) {
+ if ($htmlsafe) {
$replace = htmlspecialchars($replace);
}
}
$encoded = true;
}
if (!$encoded) {
- if ($htmlsave) {
+ if ($htmlsafe) {
$ret .= ' ';
} else {
$ret .= ' ';
}
}
- if (!$encoded && $htmlsave) {
+ if (!$encoded && $htmlsafe) {
$ret .= htmlspecialchars($chunk);
} else {
$ret .= $chunk;
}
/* remove the first added space */
if ($ret) {
- if ($htmlsave) {
+ if ($htmlsafe) {
$ret = substr($ret,5);
} else {
$ret = substr($ret,1);
$attvalue = trim(substr($attvalue,1,-1));
}
+ // If there's no "view_unsafe_images" variable in the URL, turn unsafe
+ // images off by default.
+ // FIXME: Update this code to use the default value FALSE.
if( !sqgetGlobalVar('view_unsafe_images', $view_unsafe_images, SQ_GET) ) {
$view_unsafe_images = false;
}
+
$secremoveimg = '../images/' . _("sec_remove_eng.png");
/**
$char = $body{$i};
switch ($char) {
case '<':
- $sToken .= $char;
+ $sToken = $char;
break;
case '/':
if ($sToken == '<') {
/**
- * First look for general BODY style declaration, which would be
- * like so:
- * body {background: blah-blah}
- * and change it to .bodyclass so we can just assign it to a <div>
- */
+ * First look for general BODY style declaration, which would be
+ * like so:
+ * body {background: blah-blah}
+ * and change it to .bodyclass so we can just assign it to a <div>
+ */
$content = preg_replace("|body(\s*\{.*?\})|si", ".bodyclass\\1", $content);
$secremoveimg = '../images/' . _("sec_remove_eng.png");
/**
$content = str_replace($aValue,$aReplace,$content);
}
- /**
- * Remove any backslashes, entities, and extraneous whitespace.
- */
+ /**
+ * Remove any backslashes, entities, and extraneous whitespace.
+ */
$contentTemp = $content;
sq_defang($contentTemp);
sq_unspace($contentTemp);
$cidurl = preg_replace($match_str, $str_rep, $cidurl);
$linkurl = find_ent_id($cidurl, $message);
- /* in case of non-save cid links $httpurl should be replaced by a sort of
- unsave link image */
+ /* in case of non-safe cid links $httpurl should be replaced by a sort of
+ unsafe link image */
$httpurl = '';
/**
)
)
);
+
+ // If there's no "view_unsafe_images" variable in the URL, turn unsafe
+ // images off by default.
+ // FIXME: Update this code to use the default value FALSE.
if( !sqgetGlobalVar('view_unsafe_images', $view_unsafe_images, SQ_GET) ) {
$view_unsafe_images = false;
}
+
if (!$view_unsafe_images){
/**
* Remove any references to http/https if view_unsafe_images set