* if ( $base <> '' ) {
* $ret = "<base href=\"$base\">" . $ret;
* }
-* */
+* */
}
} else if (ereg('"([^"]*)"', $topline, $regs)) {
$ret = $regs[1];
if ($message) {
if ( $message->header->type0 == 'multipart' &&
( $message->header->type1 == 'alternative' ||
+ $message->header->type1 == 'mixed' ||
$message->header->type1 == 'related' ) &&
$show_html_default && ! $textOnly ) {
$entity = findDisplayEntityHTML($message);
// this if statement checks for the entity to show as the
// primary message. To add more of them, just put them in the
// order that is their priority.
- global $startMessage, $username, $key, $imapServerAddress, $imapPort,
- $show_html_default;
-
+ global $startMessage, $username, $key, $imapServerAddress, $imapPort, $body,
+ $show_html_default, $has_unsafe_images, $view_unsafe_images, $sort;
+
+ $has_unsafe_images = 0;
+
$id = $message->header->id;
$urlmailbox = urlencode($message->header->mailbox);
-
+
// Get the right entity and redefine message to be this entity
// Pass the 0 to mean that we want the 'best' viewable one
$ent_num = findDisplayEntity ($message, 0);
$body_message = getEntity($message, $ent_num);
if (($body_message->header->type0 == 'text') ||
($body_message->header->type0 == 'rfc822')) {
-
+
$body = mime_fetch_body ($imap_stream, $id, $ent_num);
$body = decodeBody($body, $body_message->header->encoding);
$hookResults = do_hook("message_body", $body);
$body = $hookResults[1];
-
+
// If there are other types that shouldn't be formatted, add
// them here
if ($body_message->header->type1 == 'html') {
}
$body .= "<CENTER><SMALL><A HREF=\"../src/download.php?absolute_dl=true&passed_id=$id&passed_ent_id=$ent_num&mailbox=$urlmailbox&showHeaders=1\">". _("Download this as a file") ."</A></SMALL></CENTER><BR>";
+ if ($has_unsafe_images) {
+ if ($view_unsafe_images) {
+ $body .= "<CENTER><SMALL><A HREF=\"read_body.php?passed_id=$id&mailbox=$urlmailbox&sort=$sort&startMessage=$startMessage&show_more=0\">". _("Hide Unsafe Images") ."</A></SMALL></CENTER><BR>\n";
+ } else {
+ $body .= "<CENTER><SMALL><A HREF=\"read_body.php?passed_id=$id&mailbox=$urlmailbox&sort=$sort&startMessage=$startMessage&show_more=0&view_unsafe_images=1\">". _("View Unsafe Images") ."</A></SMALL></CENTER><BR>\n";
+ }
+ }
/** Display the ATTACHMENTS: message if there's more than one part **/
if (isset($message->entities[0])) {
$tag .= $body{$pos};
$pos ++;
}
+ /*
+ A comment in HTML is only three characters and isn't
+ guaranteed to have a space after it. This fudges so
+ it will be caught by the switch statement.
+ */
+ if (ereg("!--", $tag)) {
+ $tag = "!-- ";
+ }
switch( strtoupper( $tag ) ) {
// Strips the entire tag and contents
case 'APPL':
- case 'EMBB':
+ case 'EMBE':
case 'FRAM':
case 'SCRI':
case 'OBJE':
$ret .= '<font color=#000000>';
break;
case 'BASE':
- $i += 5;
+ $i += 4;
$base = '';
+ if ( strncasecmp($body{$i}, 'font', 4) ) {
+ $i += 5;
+ while ( !isNoSep( $body{$i} ) && $i < $j ) {
+ $i++;
+ }
+ while ( $body{$i} <> '>' && $i < $j ) {
+ $base .= $body{$i};
+ $i++;
+ }
+ $ret .= "<BASEFONT $base>\n";
+ break;
+ }
+ $i++;
while ( !isNoSep( $body{$i} ) &&
$i < $j ) {
$i++;
return( "\n\n<!-- HTML Output ahead -->\n" .
$ret .
- /* Base is illegal within HTML
+ /* Base is illegal within HTML
"\n<!-- END of HTML Output --><base href=\"".
get_location() . '/'.
"\">\n\n" );
- */
+ */
"\n<!-- END of HTML Output -->\n\n" );
}
function stripEvent( &$i, $j, &$body, $id, $base ) {
- global $message, $base_uri;
+ global $message, $base_uri, $has_unsafe_images, $view_unsafe_images;
$ret = '';
$src .= $body{$k};
$k++;
}
+ $k++;
while( !isNoSep( $body{$k} ) &&
$k < $j ) {
$k++;
}
+ $k++;
if ( strtolower( substr( $src, 0, 4 ) ) == 'cid:' ) {
$src = substr( $src, 4 );
$src = "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=" .
urlencode( $message->header->mailbox ) .
- "&passed_ent_id=" . find_ent_id( $src, $message );
- } else if ( strtolower( substr( $src, 0, 4 ) ) <> 'http' ||
+ "&passed_ent_id=" . find_ent_id( $src, $message );
+ } else if ( strtolower( substr( $src, 0, 4 ) ) <> 'http' ||
stristr( $src, $base_uri ) ) {
/* Javascript and local urls goes out */
- $src = '../images/' . _("sec_remove_eng.png");
+ if (!$view_unsafe_images) {
+ $src = '../images/' . _("sec_remove_eng.png");
+ }
+ $has_unsafe_images = 1;
}
$ret .= 'src="' . $src . '" ';
$i = $k - 2;