- */
+ * First look for general BODY style declaration, which would be
+ * like so:
+ * body {background: blah-blah}
+ * and change it to .bodyclass so we can just assign it to a
+ */
$content = preg_replace("|body(\s*\{.*?\})|si", ".bodyclass\\1", $content);
$secremoveimg = '../images/' . _("sec_remove_eng.png");
/**
- * Fix url('blah') declarations.
- */
+ * Fix url('blah') declarations.
+ */
$content = preg_replace("|url\s*\(\s*([\'\"])\s*\S+script\s*:.*?([\'\"])\s*\)|si",
"url(\\1$secremoveimg\\2)", $content);
/**
- * Fix url('https*://.*) declarations but only if $view_unsafe_images
- * is false.
- */
+ * Fix url('https*://.*) declarations but only if $view_unsafe_images
+ * is false.
+ */
if (!$view_unsafe_images){
$content = preg_replace("|url\s*\(\s*([\'\"])\s*https*:.*?([\'\"])\s*\)|si",
"url(\\1$secremoveimg\\2)", $content);
}
/**
- * Fix urls that refer to cid:
- */
+ * Fix urls that refer to cid:
+ */
while (preg_match("|url\s*\(\s*([\'\"]\s*cid:.*?[\'\"])\s*\)|si",
- $content, $matches)){
+ $content, $matches)){
$cidurl = $matches{1};
$httpurl = sq_cid2http($message, $id, $cidurl, $mailbox);
$content = preg_replace("|url\s*\(\s*$cidurl\s*\)|si",
@@ -1541,32 +1544,32 @@ function sq_fixstyle($body, $pos, $message, $id, $mailbox){
}
/**
- * Fix stupid css declarations which lead to vulnerabilities
- * in IE.
- */
+ * Fix stupid css declarations which lead to vulnerabilities
+ * in IE.
+ */
$match = Array('/expression/i',
- '/behaviou*r/i',
- '/binding/i',
- '/include-source/i');
+ '/behaviou*r/i',
+ '/binding/i',
+ '/include-source/i');
$replace = Array('idiocy', 'idiocy', 'idiocy', 'idiocy');
$content = preg_replace($match, $replace, $content);
return array($content, $newpos);
}
/**
- * This function converts cid: url's into the ones that can be viewed in
- * the browser.
- *
- * @param $message the message object
- * @param $id the message id
- * @param $cidurl the cid: url.
- * @param $mailbox the message mailbox
- * @return a string with a http-friendly url
- */
+* This function converts cid: url's into the ones that can be viewed in
+* the browser.
+*
+* @param $message the message object
+* @param $id the message id
+* @param $cidurl the cid: url.
+* @param $mailbox the message mailbox
+* @return a string with a http-friendly url
+*/
function sq_cid2http($message, $id, $cidurl, $mailbox){
/**
- * Get rid of quotes.
- */
+ * Get rid of quotes.
+ */
$quotchar = substr($cidurl, 0, 1);
if ($quotchar == '"' || $quotchar == "'"){
$cidurl = str_replace($quotchar, "", $cidurl);
@@ -1576,26 +1579,52 @@ function sq_cid2http($message, $id, $cidurl, $mailbox){
$cidurl = substr(trim($cidurl), 4);
$linkurl = find_ent_id($cidurl, $message);
/* in case of non-save cid links $httpurl should be replaced by a sort of
- unsave link image */
+ unsave link image */
$httpurl = '';
- if ($linkurl) {
+
+ /**
+ * This is part of a fix for Outlook Express 6.x generating
+ * cid URLs without creating content-id headers. These images are
+ * not part of the multipart/related html mail. The html contains
+ *
references to
+ * attached images with as goal to render them inline although
+ * the attachment disposition property is not inline.
+ **/
+
+ if (empty($linkurl)) {
+ if (preg_match('/{.*}\//', $cidurl)) {
+ $cidurl = preg_replace('/{.*}\//','', $cidurl);
+ if (!empty($cidurl)) {
+ $linkurl = find_ent_id($cidurl, $message);
+ }
+ }
+ }
+
+ if (!empty($linkurl)) {
$httpurl = $quotchar . SM_PATH . 'src/download.php?absolute_dl=true&' .
"passed_id=$id&mailbox=" . urlencode($mailbox) .
'&ent_id=' . $linkurl . $quotchar;
+ } else {
+ /**
+ * If we couldn't generate a proper img url, drop in a blank image
+ * instead of sending back empty, otherwise it causes unusual behaviour
+ */
+ $httpurl = $quotechar . SM_PATH . 'images/blank.png';
}
+
return $httpurl;
}
/**
- * This function changes the tag into a
tag since we
- * can't really have a body-within-body.
- *
- * @param $attary an array of attributes and values of
- * @param $mailbox mailbox we're currently reading (for cid2http)
- * @param $message current message (for cid2http)
- * @param $id current message id (for cid2http)
- * @return a modified array of attributes to be set for
- */
+* This function changes the tag into a
tag since we
+* can't really have a body-within-body.
+*
+* @param $attary an array of attributes and values of
+* @param $mailbox mailbox we're currently reading (for cid2http)
+* @param $message current message (for cid2http)
+* @param $id current message id (for cid2http)
+* @return a modified array of attributes to be set for
+*/
function sq_body2div($attary, $mailbox, $message, $id){
$me = 'sq_body2div';
$divattary = Array('class' => "'bodyclass'");
@@ -1635,66 +1664,66 @@ function sq_body2div($attary, $mailbox, $message, $id){
}
/**
- * This is the main function and the one you should actually be calling.
- * There are several variables you should be aware of an which need
- * special description.
- *
- * Since the description is quite lengthy, see it here:
- * http://linux.duke.edu/projects/mini/htmlfilter/
- *
- * @param $body the string with HTML you wish to filter
- * @param $tag_list see description above
- * @param $rm_tags_with_content see description above
- * @param $self_closing_tags see description above
- * @param $force_tag_closing see description above
- * @param $rm_attnames see description above
- * @param $bad_attvals see description above
- * @param $add_attr_to_tag see description above
- * @param $message message object
- * @param $id message id
- * @return sanitized html safe to show on your pages.
- */
+* This is the main function and the one you should actually be calling.
+* There are several variables you should be aware of an which need
+* special description.
+*
+* Since the description is quite lengthy, see it here:
+* http://linux.duke.edu/projects/mini/htmlfilter/
+*
+* @param $body the string with HTML you wish to filter
+* @param $tag_list see description above
+* @param $rm_tags_with_content see description above
+* @param $self_closing_tags see description above
+* @param $force_tag_closing see description above
+* @param $rm_attnames see description above
+* @param $bad_attvals see description above
+* @param $add_attr_to_tag see description above
+* @param $message message object
+* @param $id message id
+* @return sanitized html safe to show on your pages.
+*/
function sq_sanitize($body,
- $tag_list,
- $rm_tags_with_content,
- $self_closing_tags,
- $force_tag_closing,
- $rm_attnames,
- $bad_attvals,
- $add_attr_to_tag,
- $message,
- $id,
- $mailbox
- ){
+ $tag_list,
+ $rm_tags_with_content,
+ $self_closing_tags,
+ $force_tag_closing,
+ $rm_attnames,
+ $bad_attvals,
+ $add_attr_to_tag,
+ $message,
+ $id,
+ $mailbox
+ ){
$me = 'sq_sanitize';
$rm_tags = array_shift($tag_list);
/**
- * Normalize rm_tags and rm_tags_with_content.
- */
+ * Normalize rm_tags and rm_tags_with_content.
+ */
@array_walk($tag_list, 'sq_casenormalize');
@array_walk($rm_tags_with_content, 'sq_casenormalize');
@array_walk($self_closing_tags, 'sq_casenormalize');
/**
- * See if tag_list is of tags to remove or tags to allow.
- * false means remove these tags
- * true means allow these tags
- */
+ * See if tag_list is of tags to remove or tags to allow.
+ * false means remove these tags
+ * true means allow these tags
+ */
$curpos = 0;
$open_tags = Array();
$trusted = "\n\n";
$skip_content = false;
/**
- * Take care of netscape's stupid javascript entities like
- * &{alert('boo')};
- */
+ * Take care of netscape's stupid javascript entities like
+ * &{alert('boo')};
+ */
$body = preg_replace("/&(\{.*?\};)/si", "&\\1", $body);
while (($curtag = sq_getnxtag($body, $curpos)) != FALSE){
list($tagname, $attary, $tagtype, $lt, $gt) = $curtag;
$free_content = substr($body, $curpos, $lt-$curpos);
/**
- * Take care of