htmlspecialvars bodystructure

[squirrelmail.git] / functions / mime.php

diff --git a/functions/mime.php b/functions/mime.php
index 3240888424e2deca38004b1261e9cad76f76b27f..7b63a0e60251b6131f62a35eafd5cf25ab45c588 100644 (file)
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -32,6 +32,19 @@ function mime_structure ($bodystructure, $flags=array()) {
     $read = trim(substr ($read, 0, -1));
     $res = $msg->parseStructure($read);
     $msg = $res[0];
+    if (!is_object($msg)) {
+        include_once( '../functions/display_messages.php' );
+       global $color, $mailbox;
+        displayPageHeader( $color, urldecode($mailbox) );
+        echo "<BODY TEXT=\"$color[8]\" BGCOLOR=\"$color[4]\" LINK=\"$color[7]\" VLINK=\"$color[7]\" ALINK=\"$color[7]\">\n\n" .
+         '<CENTER>';
+       $errormessage = _("Squirrelmail could not decode the bodystructure of the message");
+       $errormessage .= '<BR>'._("the provided bodystructure by your imap-server").':<BR><BR>';
+        $errormessage .= '<table><tr><td>'.htmlspecialchars($read).'</td></tr></table>';
+        plain_error_message( $errormessage, $color );
+       echo '</body></html>';
+        exit;
+    }
     $msg->setEnt('0');
     if (count($flags)) {
         foreach ($flags as $flag) {
@@ -339,7 +352,7 @@ function formatBody($imap_stream, $message, $color, $wrap_at, $ent_num, $id, $ma
                 $body = strtr($body, $entity_conv);
                 $body = trim($body);
                 translateText($body, $wrap_at,
-                              $body_message->header->getParameter['charset']);
+                              $body_message->header->getParameter('charset'));
             } else {
                 $body = magicHTML( $body, $id, $message, $mailbox );
             }
@@ -604,13 +617,26 @@ function find_ent_id( $id, $message ) {
        if ( $message->entities[$i]->header->type0 == 'multipart')  {    
            $ret = find_ent_id( $id, $message->entities[$i] );
         } else {
-            if ( strcasecmp( $message->entities[$i]->header->id, $id ) == 0 )
-                $ret = $message->entities[$i]->entity_id;
+            if ( strcasecmp( $message->entities[$i]->header->id, $id ) == 0 ) {
+               if (sq_check_save_extension($message->entities[$i])) {
+                   $ret = $message->entities[$i]->entity_id;
+               } else {
+                   $ret = '';
+               }
+           }
         }
     }
     return( $ret );
 }
 
+function sq_check_save_extension($message) {
+    $filename = $message->getFilename();
+    $ext = substr($filename, strrpos($filename,'.')+1);
+    $save_extensions = array('jpg','jpeg','gif','png','bmp');
+    return (in_array($ext, $save_extensions));
+}
+
+
 /**
  ** HTMLFILTER ROUTINES
  */
@@ -1221,9 +1247,15 @@ function sq_cid2http($message, $id, $cidurl, $mailbox){
     $quotchar = substr($cidurl, 0, 1);
     $cidurl = str_replace($quotchar, "", $cidurl);
     $cidurl = substr(trim($cidurl), 4);
-    $httpurl = $quotchar . "../src/download.php?absolute_dl=true&amp;" .
-        "passed_id=$id&amp;mailbox=" . urlencode($mailbox) .
-        "&amp;ent_id=" . find_ent_id($cidurl, $message) . $quotchar;
+    $linkurl = find_ent_id($cidurl, $message);
+    /* in case of non-save cid links $httpurl should be replaced by a sort of
+       unsave link image */
+    $httpurl = '';
+    if ($linkurl) {
+        $httpurl = $quotchar . "../src/download.php?absolute_dl=true&amp;" .
+                   "passed_id=$id&amp;mailbox=" . urlencode($mailbox) .
+                   "&amp;ent_id=" . $linkurl . $quotchar;
+    }
     return $httpurl;
 }