/**
* url_parser.php
*
- * Copyright (c) 1999-2005 The SquirrelMail Project Team
- * Licensed under the GNU GPL. For full terms see the file COPYING.
- *
* This code provides various string manipulation functions that are
* used by the rest of the SquirrelMail code.
*
+ * @copyright 1999-2018 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
*/
*/
/* Here's enough: */
global $IP_RegExp_Match, $Host_RegExp_Match, $Email_RegExp_Match;
+//FIXME: these were written for use in an ereg().... they are now being used in preg()... we need to run some tests to make sure they are fully working still
$IP_RegExp_Match = '\\[?[0-9]{1,3}(\\.[0-9]{1,3}){3}\\]?';
$Host_RegExp_Match = '(' . $IP_RegExp_Match .
'|[0-9a-z]([-.]?[0-9a-z])*\\.[a-z][a-z]+)';
-$atext = '([a-z0-9!#$&%*+/=?^_`{|}~-]|&)';
+// NB: the backslash in the following line escapes the forward slash, which assumes that the regular expression will be enclosed in /.../
+$atext = '([a-z0-9!#$&%*+\/=?^_`{|}~-]|&)';
$dot_atom = $atext . '+(\.' . $atext . '+)*';
$Email_RegExp_Match = $dot_atom . '(%' . $Host_RegExp_Match . ')?@' .
$Host_RegExp_Match;
$addresses = array();
/* Find all the email addresses in the body */
- while(eregi($Email_RegExp_Match, $sbody, $regs)) {
+ while (preg_match('/' . $Email_RegExp_Match . '/i', $sbody, $regs)) {
$addresses[$regs[0]] = strtr($regs[0], array('&' => '&'));
$start = strpos($sbody, $regs[0]) + strlen($regs[0]);
$sbody = substr($sbody, $start);
$target_pos = strlen($check_str) + $start;
}
- /* If there was a token to replace, replace it */
- if ($target_token == 'mailto:') { // rfc 2368 (mailto URL)
+ // rfc 2368 (mailto URL)
+ if ($target_token == 'mailto:') {
$target_pos += 7; //skip mailto:
$end = $blength;
if ((preg_match($MailTo_PReg_Match, $mailto, $regs)) && ($regs[0] != '')) {
//sm_print_r($regs);
$mailto_before = $target_token . $regs[0];
- $mailto_params = $regs[10];
+ /**
+ * '+' characters in a mailto URI don't need to be percent-encoded.
+ * However, when mailto URI data is transported via HTTP, '+' must
+ * be percent-encoded as %2B so that when the HTTP data is
+ * percent-decoded, you get '+' back and not a space.
+ */
+ $mailto_params = str_replace("+", "%2B", $regs[10]);
if ($regs[1]) { //if there is an email addr before '?', we need to merge it with the params
- $to = 'to=' . $regs[1];
+ $to = 'to=' . str_replace("+", "%2B", $regs[1]);
if (strpos($mailto_params, 'to=') > -1) //already a 'to='
$mailto_params = str_replace('to=', $to . '%2C%20', $mailto_params);
else {
}
}
else
+ /* If there was a token to replace, replace it */
if ($target_token != '') {
/* Find the end of the URL */
$end = $blength;
}
}
+ /* make sure that there are no 8bit chars between $target_pos and suspected end of URL */
+ if (!is_bool($first8bit=sq_strpos_8bit($body,$target_pos,$end))) {
+ $end = $first8bit;
+ }
+
/* Extract URL */
$url = substr($body, $target_pos, $end-$target_pos);
/* Needed since lines are not passed with \n or \r */
- while ( ereg("[,\.]$", $url) ) {
+ while ( preg_match('/[,.]$/', $url) ) {
$url = substr( $url, 0, -1 );
$end--;
}
$addresses = array();
/* Find all the email addresses in the body */
- while (eregi($Email_RegExp_Match, $string, $regs)) {
+ while (preg_match('/' . $Email_RegExp_Match . '/i', $string, $regs)) {
$addresses[$regs[0]] = strtr($regs[0], array('&' => '&'));
$start = strpos($string, $regs[0]) + strlen($regs[0]);
$string = substr($string, $start);
return (array_key_exists(0, $addresses) ? $addresses[0] : '');
}
-?>
+/**
+ * Finds first occurrence of 8bit data in the string
+ *
+ * Function finds first 8bit symbol or html entity that represents 8bit character.
+ * Search start is defined by $offset argument. Search ends at $maxlength position.
+ * If $maxlength is not defined or bigger than provided string, search ends when
+ * string ends.
+ *
+ * Check returned data type in order to avoid confusion between bool(false)
+ * (not found) and int(0) (first char in the string).
+ * @param string $haystack
+ * @param integer $offset
+ * @param integer $maxlength
+ * @return mixed integer with first 8bit character position or boolean false
+ * @since 1.5.2
+ */
+function sq_strpos_8bit($haystack,$offset=0,$maxlength=false) {
+ $ret = false;
+
+ if ($maxlength===false || strlen($haystack) < $maxlength) {
+ $maxlength=strlen($haystack);
+ }
+
+ for($i=$offset;$i<$maxlength;$i++) {
+ /* rh7-8 compatibility. don't use full 8bit range in regexp */
+ if (preg_match('/[\200-\237]|\240|[\241-\377]/',$haystack[$i])) {
+ /* we have 8bit char. stop here and return position */
+ $ret = $i;
+ break;
+ } elseif ($haystack[$i]=='&') {
+ $substring = substr($haystack,$i);
+ /**
+ * 1. look for "&#(decimal number);" where decimal_number is bigger than 127
+ * 2. look for "&x(hexadecimal number);", where hex number is bigger than x7f
+ * 3. look for any html character entity that is not 7bit html special char. Use
+ * own sq_get_html_translation_table() function with 'utf-8' character set in
+ * order to get all html entities.
+ */
+ if ((preg_match('/^&#(\d+);/',$substring,$match) && $match[1]>127) ||
+ (preg_match('/^&x([0-9a-f]+);/i',$substring,$match) && $match[1]>"\x7f") ||
+ (preg_match('/^&([a-z]+);/i',$substring,$match) &&
+ !in_array($match[0],get_html_translation_table(HTML_SPECIALCHARS)) &&
+ in_array($match[0],sq_get_html_translation_table(HTML_ENTITIES,ENT_COMPAT,'utf-8')))) {
+ $ret = $i;
+ break;
+ }
+ }
+ }
+ return $ret;
+}
projects / squirrelmail.git / blobdiff