require_once(SM_PATH . 'functions/imap.php');
require_once(SM_PATH . 'functions/attachment_common.php');
-/* --------------------------------------------------------------------------------- */
-/* MIME DECODING */
-/* --------------------------------------------------------------------------------- */
+/* -------------------------------------------------------------------------- */
+/* MIME DECODING */
+/* -------------------------------------------------------------------------- */
/* This function gets the structure of a message and stores it in the "message" class.
* It will return this object for use with all relevant header information and
global $color, $mailbox;
/* removed urldecode because $_GET is auto urldecoded ??? */
displayPageHeader( $color, $mailbox );
- echo "<BODY TEXT=\"$color[8]\" BGCOLOR=\"$color[4]\" LINK=\"$color[7]\" VLINK=\"$color[7]\" ALINK=\"$color[7]\">\n\n" .
- '<CENTER>';
$errormessage = _("SquirrelMail could not decode the bodystructure of the message");
$errormessage .= '<BR>'._("the provided bodystructure by your imap-server").':<BR><BR>';
- $errormessage .= '<table><tr><td>' . htmlspecialchars($read) . '</td></tr></table>';
+ $errormessage .= '<pre>' . htmlspecialchars($read) . '</pre>';
plain_error_message( $errormessage, $color );
echo '</body></html>';
exit;
/* Do a bit of error correction. If we couldn't find the entity id, just guess
* that it is the first one. That is usually the case anyway.
*/
+
if (!$ent_id) {
$cmd = "FETCH $id BODY[]";
} else {
function mime_print_body_lines ($imap_stream, $id, $ent_id=1, $encoding) {
global $uid_support;
- $sid = sqimap_session_id($uid_support);
/* Don't kill the connection if the browser is over a dialup
* and it would take over 30 seconds to download it.
* DonĀ“t call set_time_limit in safe mode.
if (!ini_get('safe_mode')) {
set_time_limit(0);
}
- if ($uid_support) {
- $sid_s = substr($sid,0,strpos($sid, ' '));
+ /* in case of base64 encoded attachments, do not buffer them.
+ Instead, echo the decoded attachment directly to screen */
+ if (strtolower($encoding) == 'base64') {
+ if (!$ent_id) {
+ $query = "FETCH $id BODY[]";
+ } else {
+ $query = "FETCH $id BODY[$ent_id]";
+ }
+ sqimap_run_command($imap_stream,$query,true,$response,$message,$uid_support,'sqimap_base64_decode','php://stdout',true);
} else {
- $sid_s = $sid;
+ $body = mime_fetch_body ($imap_stream, $id, $ent_id);
+ echo decodeBody($body, $encoding);
}
- $body = mime_fetch_body ($imap_stream, $id, $ent_id);
- echo decodeBody($body, $encoding);
+ /*
+ TODO, use the same method for quoted printable.
+ However, I assume that quoted printable attachments aren't that large
+ so the performancegain / memory usage drop will be minimal.
+ If we decide to add that then we need to adapt sqimap_fread because
+ we need to split te result on \n and fread doesn't stop at \n. That
+ means we also should provide $results from sqimap_fread (by ref) to
+ te function and set $no_return to false. The $filter function for
+ quoted printable should handle unsetting of $results.
+ */
+ /*
+ TODO 2: find out how we write to the output stream php://stdout. fwrite
+ doesn't work because 'php://stdout isn't a stream.
+ */
+
return;
/*
fputs ($imap_stream, "$sid FETCH $id BODY[$ent_id]\r\n");
return $attachments;
}
+function sqimap_base64_decode(&$string) {
+ $string = str_replace("\r\n", "\n", $string);
+ $string = base64_decode($string);
+}
+
/* This function decodes the body depending on the encoding type. */
function decodeBody($body, $encoding) {
global $show_html_default;
* Patched by Christian Schmidt <christian@ostenfeld.dk> 23/03/2002
*/
function decodeHeader ($string, $utfencode=true,$htmlsave=true) {
- global $default_charset, $languages, $squirrelmail_language;
+ global $languages, $squirrelmail_language;
if (is_array($string)) {
$string = implode("\n", $string);
}
$iLastMatch = -2;
$encoded = false;
- if (strtolower($default_charset) == 'iso-8859-1') {
- $string = str_replace("\240",' ',$string);
- }
-
$aString = explode(' ',$string);
$ret = '';
foreach ($aString as $chunk) {
$encoded = false;
/* if encoded words are not separated by a linear-space-white we still catch them */
$j = $i-1;
+// if ($chunk{0} === '=') { /* performance, saves an unnessecarry preg call */
while ($match = preg_match('/^(.*)=\?([^?]*)\?(Q|B)\?([^?]*)\?=(.*)$/Ui',$chunk,$res)) {
/* if the last chunk isn't an encoded string then put back the space, otherwise don't */
if ($iLastMatch !== $j) {
$chunk = $res[5];
$encoded = true;
}
+// }
if (!$encoded) {
if ($htmlsave) {
$ret .= ' ';
$k = ord($string{$i});
if ($k > 126) {
if ($iEncStart === false) {
- $iEncStart = $i;
+ // do not start encoding in the middle of a string, also take the rest of the word.
+ $sLeadString = substr($string,0,$i);
+ $aLeadString = explode(' ',$sLeadString);
+ $sToBeEncoded = array_pop($aLeadString);
+ $iEncStart = $i - strlen($sToBeEncoded);
+ $ret .= $sToBeEncoded;
+ $cur_l += strlen($sToBeEncoded);
}
$cur_l += 3;
/* first we add the encoded string that reached it's max size */
$me = 'sq_findnxreg';
$matches = Array();
$retarr = Array();
- preg_match("%^(.*?)($reg)%s", substr($body, $offset), $matches);
- if (!$matches{0}){
+ preg_match("%^(.*?)($reg)%si", substr($body, $offset), $matches);
+ if (!isset($matches{0}) || !$matches{0}){
$retarr = false;
} else {
$retarr{0} = $offset + strlen($matches{1});
/**
* This is an invalid tag! Look for the next closing ">".
*/
- $gt = sq_findnxstr($body, $offset, ">");
+ $gt = sq_findnxstr($body, $lt, ">");
return Array(false, false, false, $lt, $gt);
}
break;
* @param $content a string with whatever is between <style> and </style>
* @return a string with edited content.
*/
-function sq_fixstyle($message, $id, $content){
+function sq_fixstyle($body, $pos, $message, $id){
global $view_unsafe_images;
$me = 'sq_fixstyle';
+ $ret = sq_findnxreg($body, $pos, '</\s*style\s*>');
+ if ($ret == FALSE){
+ return array(FALSE, strlen($body));
+ }
+ $newpos = $ret[0] + strlen($ret[2]);
+ $content = $ret[1];
/**
* First look for general BODY style declaration, which would be
* like so:
/**
* Fix url('blah') declarations.
*/
- $content = preg_replace("|url\(([\'\"])\s*\S+script\s*:.*?([\'\"])\)|si",
+ $content = preg_replace("|url\s*\(\s*([\'\"])\s*\S+script\s*:.*?([\'\"])\s*\)|si",
"url(\\1$secremoveimg\\2)", $content);
/**
* Fix url('https*://.*) declarations but only if $view_unsafe_images
* is false.
*/
if (!$view_unsafe_images){
- $content = preg_replace("|url\(([\'\"])\s*https*:.*?([\'\"])\)|si",
+ $content = preg_replace("|url\s*\(\s*([\'\"])\s*https*:.*?([\'\"])\s*\)|si",
"url(\\1$secremoveimg\\2)", $content);
}
/**
* Fix urls that refer to cid:
*/
- while (preg_match("|url\(([\'\"]\s*cid:.*?[\'\"])\)|si", $content,
- $matches)){
+ while (preg_match("|url\s*\(\s*([\'\"]\s*cid:.*?[\'\"])\s*\)|si",
+ $content, $matches)){
$cidurl = $matches{1};
$httpurl = sq_cid2http($message, $id, $cidurl);
- $content = preg_replace("|url\($cidurl\)|si",
+ $content = preg_replace("|url\s*\(\s*$cidurl\s*\)|si",
"url($httpurl)", $content);
}
'/binding/i');
$replace = Array('idiocy', 'idiocy', 'idiocy');
$content = preg_replace($match, $replace, $content);
- return $content;
+ return array($content, $newpos);
}
/**
$mailbox
){
$me = 'sq_sanitize';
+ $rm_tags = array_shift($tag_list);
/**
* Normalize rm_tags and rm_tags_with_content.
*/
- @array_walk($rm_tags, 'sq_casenormalize');
+ @array_walk($tag_list, 'sq_casenormalize');
@array_walk($rm_tags_with_content, 'sq_casenormalize');
@array_walk($self_closing_tags, 'sq_casenormalize');
/**
* false means remove these tags
* true means allow these tags
*/
- $rm_tags = array_shift($tag_list);
$curpos = 0;
$open_tags = Array();
$trusted = "<!-- begin sanitized html -->\n";
*/
$body = preg_replace("/&(\{.*?\};)/si", "&\\1", $body);
- while (($curtag=sq_getnxtag($body, $curpos)) != FALSE){
+ while (($curtag = sq_getnxtag($body, $curpos)) != FALSE){
list($tagname, $attary, $tagtype, $lt, $gt) = $curtag;
$free_content = substr($body, $curpos, $lt-$curpos);
/**
* Take care of <style>
*/
- if ($tagname == "style" && $tagtype == 2){
- /**
- * This is a closing </style>. Edit the
- * content before we apply it.
- */
- $free_content = sq_fixstyle($message, $id, $free_content);
+ if ($tagname == "style" && $tagtype == 1){
+ list($free_content, $curpos) =
+ sq_fixstyle($body, $gt+1, $message, $id);
+ if ($free_content != FALSE){
+ $trusted .= sq_tagprint($tagname, $attary, $tagtype);
+ $trusted .= $free_content;
+ $trusted .= sq_tagprint($tagname, false, 2);
+ }
+ continue;
}
if ($skip_content == false){
$trusted .= $free_content;
"/expression/i",
"/binding/i",
"/behaviou*r/i",
- "|url\(([\'\"])\s*\.\./.*([\'\"])\)|si",
- "/url\(([\'\"])\s*\S+script\s*:.*([\'\"])\)/si",
- "/url\(([\'\"])\s*mocha\s*:.*([\'\"])\)/si",
- "/url\(([\'\"])\s*about\s*:.*([\'\"])\)/si"
+ "|url\s*\(\s*([\'\"])\s*\.\./.*([\'\"])\s*\)|si",
+ "/url\s*\(\s*([\'\"])\s*\S+script\s*:.*([\'\"])\s*\)/si",
+ "/url\s*\(\s*([\'\"])\s*mocha\s*:.*([\'\"])\s*\)/si",
+ "/url\s*\(\s*([\'\"])\s*about\s*:.*([\'\"])\s*\)/si"
),
Array(
"idiocy",