X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fmime.php;h=5874a7ff20a19242754685148222a6d8924b3596;hp=3bdfedf234fe7053e834aa3a38db7f0c01992f08;hb=a3daaaf398ca4ec329ffb3b9eea641809848cd0b;hpb=f2ac56aff94eaf0e985e6fcfe182a38f96bec4e5
diff --git a/functions/mime.php b/functions/mime.php
index 3bdfedf2..5874a7ff 100644
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -357,35 +357,66 @@
return( $pos );
}
- function mime_fetch_body ($imap_stream, $id, $ent_id) {
- // do a bit of error correction. If we couldn't find the entity id, just guess
- // that it is the first one. That is usually the case anyway.
- if (!$ent_id) $ent_id = 1;
-
- fputs ($imap_stream, sqimap_session_id() . " FETCH $id BODY[$ent_id]\r\n");
- $data = sqimap_read_data ($imap_stream, sqimap_session_id(), true, $response, $message);
- $topline = array_shift($data);
- while (! ereg('\\* [0-9]+ FETCH ', $topline) && $data)
- $topline = array_shift($data);
- $wholemessage = implode('', $data);
-
- if (ereg('\\{([^\\}]*)\\}', $topline, $regs)) {
- return substr($wholemessage, 0, $regs[1]);
- }
- else if (ereg('"([^"]*)"', $topline, $regs)) {
- return $regs[1];
- }
-
- $str = "Body retrieval error. Please report this bug!\n" .
- "Response: $response\n" .
- "Message: $message\n" .
- "FETCH line: $topline" .
- "---------------\n$wholemessage";
- foreach ($data as $d) {
- $str .= htmlspecialchars($d) . "\n";
- }
- return $str;
- }
+ function mime_fetch_body ($imap_stream, $id, $ent_id ) {
+ // do a bit of error correction. If we couldn't find the entity id, just guess
+ // that it is the first one. That is usually the case anyway.
+ if (!$ent_id)
+ $ent_id = 1;
+ $sid = sqimap_session_id();
+ fputs ($imap_stream, "$sid FETCH $id BODY[$ent_id]\r\n");
+ $data = sqimap_read_data ($imap_stream, $sid, true, $response, $message);
+ $topline = array_shift($data);
+ while (! ereg('\\* [0-9]+ FETCH ', $topline) && $data)
+ $topline = array_shift($data);
+ $wholemessage = implode('', $data);
+ if (ereg('\\{([^\\}]*)\\}', $topline, $regs)) {
+ $ret = substr( $wholemessage, 0, $regs[1] );
+ /*
+ There is some information in the content info header that could be important
+ in order to parse html messages. Let's get them here.
+ */
+ if( $ret{0} == '<' ) {
+ fputs ($imap_stream, "$sid FETCH $id BODY[$ent_id.MIME]\r\n");
+ $data = sqimap_read_data ($imap_stream, $sid, true, $response, $message);
+ $base = '';
+ $k = 10;
+ foreach( $data as $d ) {
+ if( substr( $d, 0, 13 ) == 'Content-Base:' ) {
+ $j = strlen( $d );
+ $i = 13;
+ $base = '';
+ while( $i < $j &&
+ ( !isNoSep( $d{$i} ) || $d{$i} == '"' ) )
+ $i++;
+ while( $i < $j ) {
+ if( isNoSep( $d{$i} ) )
+ $base .= $d{$i};
+ $i++;
+ }
+ $k = 0;
+ } elseif( $k == 1 && !isnosep( $d{0} ) ) {
+ $base .= substr( $d, 1 );
+ }
+ $k++;
+ }
+ if( $base <> '' )
+ $ret = "" . $ret;
+ }
+ } else if (ereg('"([^"]*)"', $topline, $regs)) {
+ $ret = $regs[1];
+ } else {
+ $ret = "Body retrival error. Please report this bug!\n" .
+ "Response: $response\n" .
+ "Message: $message\n" .
+ "FETCH line: $topline" .
+ "---------------\n$wholemessage";
+
+ foreach ($data as $d) {
+ $ret .= htmlspecialchars($d) . "\n";
+ }
+ }
+ return( $ret );
+ }
function mime_print_body_lines ($imap_stream, $id, $ent_id, $encoding) {
// do a bit of error correction. If we couldn't find the entity id, just guess
@@ -463,38 +494,39 @@
}
}
- // figures out what entity to display and returns the $message object
- // for that entity.
- function findDisplayEntity ($message, $textOnly = 1)
- {
- global $show_html_default;
-
- if (! $message)
- return 0;
-
- if ($message->header->type0 == 'multipart' &&
- $message->header->type1 == 'alternative' &&
- $show_html_default && ! $textOnly) {
- $entity = findDisplayEntityHTML($message);
- if ($entity != 0)
- return $entity;
- }
-
- // Show text/plain or text/html -- the first one we find.
- if ( $message->header->type0 == 'text' &&
- ( $message->header->type1 == 'plain' ||
- $message->header->type1 == 'html' ) &&
- isset($message->header->entity_id) )
- return $message->header->entity_id;
-
- for ($i=0; isset($message->entities[$i]); $i++) {
- $entity = findDisplayEntity($message->entities[$i], $textOnly);
- if ($entity != 0)
- return $entity;
- }
-
- return 0;
- }
+ // figures out what entity to display and returns the $message object
+ // for that entity.
+ function findDisplayEntity ($message, $textOnly = 1) {
+ global $show_html_default;
+
+ $entity = 0;
+
+ if ($message) {
+ if ( $message->header->type0 == 'multipart' &&
+ ( $message->header->type1 == 'alternative' ||
+ $message->header->type1 == 'related' ) &&
+ $show_html_default && ! $textOnly ) {
+ $entity = findDisplayEntityHTML($message);
+ }
+
+ // Show text/plain or text/html -- the first one we find.
+ if ( $entity == 0 &&
+ $message->header->type0 == 'text' &&
+ ( $message->header->type1 == 'plain' ||
+ $message->header->type1 == 'html' ) &&
+ isset($message->header->entity_id) ) {
+ $entity = $message->header->entity_id;
+ }
+
+ $i = 0;
+ while ($entity == 0 && isset($message->entities[$i]) ) {
+ $entity = findDisplayEntity($message->entities[$i], $textOnly);
+ $i++;
+ }
+ }
+
+ return( $entity );
+ }
// Shows the HTML version
function findDisplayEntityHTML ($message) {
@@ -539,7 +571,14 @@
// If there are other types that shouldn't be formatted, add
// them here
- if ($body_message->header->type1 != "html" || ! $show_html_default) {
+ if ($body_message->header->type1 == 'html') {
+ if( $show_html_default <> 1 ) {
+ $body = strip_tags( $body );
+ translateText($body, $wrap_at, $body_message->header->charset);
+ } else {
+ $body = MagicHTML( $body, $id );
+ }
+ } else {
translateText($body, $wrap_at, $body_message->header->charset);
}
@@ -753,4 +792,325 @@
return( $string );
}
-?>
+ /*
+ Strips dangerous tags from html messages.
+ */
+
+ function MagicHTML( $body, $id ) {
+
+ global $message, $PHP_SELF, $HTTP_SERVER_VARS;
+
+ $j = strlen( $body ); // Legnth of the HTML
+ $ret = ''; // Returned string
+ $bgcolor = '#ffffff'; // Background style color (defaults to white)
+ $leftmargin = ''; // Left margin style
+ $title = ''; // HTML title if any
+
+ $i = 0;
+ while( $i < $j ) {
+ if( $body{$i} == '<' ) {
+ $tag = $body{$i+1}.$body{$i+2}.$body{$i+3}.$body{$i+4};
+ switch( strtoupper( $tag ) ) {
+ // Strips the entire tag and contents
+ case 'APPL':
+ case 'EMBB':
+ case 'FRAM':
+ case 'SCRI':
+ case 'OBJE':
+ $etg = '/' . $tag;
+ while( $body{$i+1}.$body{$i+2}.$body{$i+3}.$body{$i+4}.$body{$i+5} <> $etg &&
+ $i < $j ) $i++;
+ while( $i < $j && $body{++$i} <> '>' );
+ // $ret .= "";
+ break;
+ // Substitute Title
+ case 'TITL':
+ $i += 5;
+ while( $body{$i} <> '>' && //
+ $i < $j )
+ $i++;
+ $i++;
+ $title = '';
+ while( $body{$i} <> '<' && //
+ $i < $j ) {
+ $title .= $body{$i};
+ $i++;
+ }
+ $i += 7;
+ break;
+ // Destroy these tags
+ case 'HTML':
+ case 'HEAD':
+ case '/HTM':
+ case '/HEA':
+ case '!DOC':
+ case 'META':
+ case 'DIV ':
+ case '/DIV':
+ case '!-- ':
+ $i += 4;
+ while( $body{$i} <> '>' &&
+ $i < $j )
+ $i++;
+ // $i++;
+ break;
+ case 'STYL':
+ $i += 5;
+ while( $body{$i} <> '>' && //
+ $i < $j )
+ $i++;
+ $i++;
+ // We parse the style to look for interesting stuff
+ $styleblk = '';
+ while( $body{$i} <> '>' &&
+ $i < $j ) {
+ // First we get the name of the style
+ $style = '';
+ while( $body{$i} <> '>' &&
+ $body{$i} <> '<' &&
+ $body{$i} <> '{' &&
+ $i < $j ) {
+ if( isnoSep( $body{$i} ) )
+ $style .= $body{$i};
+ $i++;
+ }
+ stripComments( &$i, $j, &$body );
+ $style = strtoupper( trim( $style ) );
+ if( $style == 'BODY' ) {
+ // Next we look into the definitions of the body style
+ while( $body{$i} <> '>' &&
+ $body{$i} <> '}' &&
+ $i < $j ) {
+ // We look for the background color if any.
+ if( substr( $body, $i, 17 ) == 'BACKGROUND-COLOR:' ) {
+ $i += 17;
+ $bgcolor = getStyleData( $i, $j, $body );
+ } elseif ( substr( $body, $i, 12 ) == 'MARGIN-LEFT:' ) {
+ $i += 12;
+ $leftmargin = getStyleData( $i, $j, $body );
+ }
+ $i++;
+ }
+ } else {
+ // Other style are mantained
+ $styleblk .= "$style ";
+ while( $body{$i} <> '>' &&
+ $body{$i} <> '<' &&
+ $body{$i} <> '}' &&
+ $i < $j ) {
+ $styleblk .= $body{$i};
+ $i++;
+ }
+ $styleblk .= $body{$i};
+ }
+ stripComments( &$i, $j, &$body );
+ if( $body{$i} <> '>' )
+ $i++;
+ }
+ if( $styleblk <> '' )
+ $ret .= "