X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fmime.php;h=92927d68f7a89cc5fa3f0a795397c9127694b5d2;hp=61ee7357139860568ce2628c0a83ac0f4e20c7e9;hb=f9cabaf874993959d6cc26095e153b074ffcb375;hpb=6ab1bd9e63bd717eef40fcd9b39439c368a546eb
diff --git a/functions/mime.php b/functions/mime.php
index 61ee7357..92927d68 100644
--- a/functions/mime.php
+++ b/functions/mime.php
@@ -395,44 +395,46 @@ function mime_fetch_body($imap_stream, $id, $ent_id ) {
*/
if ( $ret{0} == '<' ) {
$data = sqimap_run_command ($imap_stream, "FETCH $id BODY[$ent_id.MIME]", true, $response, $message);
- $base = '';
- $k = 10;
- foreach( $data as $d ) {
- if ( substr( $d, 0, 13 ) == 'Content-Base:' ) {
- $j = strlen( $d );
- $i = 13;
- $base = '';
- while ( $i < $j &&
- ( !isNoSep( $d{$i} ) || $d{$i} == '"' ) )
- $i++;
- while ( $i < $j ) {
- if ( isNoSep( $d{$i} ) )
- $base .= $d{$i};
- $i++;
- }
- $k = 0;
- } elseif ( $k == 1 && !isnosep( $d{0} ) ) {
- $base .= substr( $d, 1 );
- }
- $k++;
- }
- if ( $base <> '' ) {
- $ret = "" . $ret;
- }
+ /* BASE within HTML documents is illegal (see w3 spec)
+* $base = '';
+* $k = 10;
+* foreach( $data as $d ) {
+* if ( substr( $d, 0, 13 ) == 'Content-Base:' ) {
+* $j = strlen( $d );
+* $i = 13;
+* $base = '';
+* while ( $i < $j &&
+* ( !isNoSep( $d{$i} ) || $d{$i} == '"' ) )
+* $i++;
+* while ( $i < $j ) {
+* if ( isNoSep( $d{$i} ) )
+* $base .= $d{$i};
+* $i++;
+* }
+* $k = 0;
+* } elseif ( $k == 1 && !isnosep( $d{0} ) ) {
+* $base .= substr( $d, 1 );
+* }
+* $k++;
+* }
+* if ( $base <> '' ) {
+* $ret = "" . $ret;
+* }
+* */
}
} else if (ereg('"([^"]*)"', $topline, $regs)) {
$ret = $regs[1];
} else {
global $where, $what, $mailbox, $passed_id, $startMessage;
- $par = 'mailbox=' . urlencode($mailbox) . "&passed_id=$passed_id";
+ $par = 'mailbox=' . urlencode($mailbox) . "&passed_id=$passed_id";
if (isset($where) && isset($what)) {
- $par .= '&where='. urlencode($where) . "&what=" . urlencode($what);
+ $par .= '&where='. urlencode($where) . "&what=" . urlencode($what);
} else {
- $par .= "&startMessage=$startMessage&show_more=0";
+ $par .= "&startMessage=$startMessage&show_more=0";
}
- $par .= '&response=' . urlencode($response) .
- '&message=' . urlencode($message).
- '&topline=' . urlencode($topline);
+ $par .= '&response=' . urlencode($response) .
+ '&message=' . urlencode($message).
+ '&topline=' . urlencode($topline);
echo '
' .
'' .
@@ -551,6 +553,7 @@ function findDisplayEntity ($message, $textOnly = 1) {
if ($message) {
if ( $message->header->type0 == 'multipart' &&
( $message->header->type1 == 'alternative' ||
+ $message->header->type1 == 'mixed' ||
$message->header->type1 == 'related' ) &&
$show_html_default && ! $textOnly ) {
$entity = findDisplayEntityHTML($message);
@@ -603,7 +606,9 @@ function formatBody($imap_stream, $message, $color, $wrap_at) {
// primary message. To add more of them, just put them in the
// order that is their priority.
global $startMessage, $username, $key, $imapServerAddress, $imapPort,
- $show_html_default;
+ $show_html_default, $has_unsafe_images, $view_unsafe_images, $sort;
+
+ $has_unsafe_images = 0;
$id = $message->header->id;
$urlmailbox = urlencode($message->header->mailbox);
@@ -632,15 +637,20 @@ function formatBody($imap_stream, $message, $color, $wrap_at) {
} else {
translateText($body, $wrap_at, $body_message->header->charset);
}
-
- $body .= "". _("Download this as a file") ."
";
+
+ $body .= "". _("Download this as a file") ."
";
+ if ($has_unsafe_images) {
+ if ($view_unsafe_images) {
+ $body .= "". _("Hide Unsafe Images") ."
\n";
+ } else {
+ $body .= "". _("View Unsafe Images") ."
\n";
+ }
+ }
/** Display the ATTACHMENTS: message if there's more than one part **/
- $body .= "
";
if (isset($message->entities[0])) {
$body .= formatAttachments ($message, $ent_num, $message->header->mailbox, $id);
}
- $body .= "";
} else {
$body = formatAttachments ($message, -1, $message->header->mailbox, $id);
}
@@ -697,13 +707,13 @@ function formatAttachments($message, $ent_id, $mailbox, $id) {
$ent = urlencode($message->header->entity_id);
$DefaultLink =
- "../src/download.php?startMessage=$startMessage&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent";
+ "../src/download.php?startMessage=$startMessage&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent";
if ($where && $what) {
- $DefaultLink .= '&where=' . urlencode($where) . '&what=' . urlencode($what);
+ $DefaultLink .= '&where=' . urlencode($where) . '&what=' . urlencode($what);
}
$Links['download link']['text'] = _("download");
$Links['download link']['href'] =
- "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent";
+ "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent";
$ImageURL = '';
/* this executes the attachment hook with a specific MIME-type.
@@ -827,7 +837,7 @@ return ($string);
*/
function encodeHeader ($string) {
global $default_charset;
-
+
// Encode only if the string contains 8-bit characters or =?
$j = strlen( $string );
$l = strstr($string, '=?'); // Must be encoded ?
@@ -855,7 +865,7 @@ function encodeHeader ($string) {
$ret .= $string{$i};
}
}
-
+
if ( $l ) {
$string = "=?$default_charset?Q?$ret?=";
}
@@ -868,7 +878,7 @@ function encodeHeader ($string) {
*/
function MagicHTML( $body, $id ) {
- global $message, $HTTP_SERVER_VARS,
+ global $message, $HTTP_SERVER_VARS,
$attachment_common_show_images;
$attachment_common_show_images =
@@ -886,11 +896,12 @@ function MagicHTML( $body, $id ) {
$pos = $i + 1;
$tag = '';
while ($body{$pos} == ' ' || $body{$pos} == "\t" ||
- $body{$pos} == "\n") {
+ $body{$pos} == "\n" ) {
$pos ++;
}
while (strlen($tag) < 4 && $body{$pos} != ' ' &&
- $body{$pos} != "\t" && $body{$pos} != "\n") {
+ $body{$pos} != "\t" && $body{$pos} != "\n" &&
+ $pos < $j ) {
$tag .= $body{$pos};
$pos ++;
}
@@ -1058,9 +1069,12 @@ function MagicHTML( $body, $id ) {
return( "\n\n\n" .
$ret .
+ /* Base is illegal within HTML
"\n\n\n" );
+ */
+ "\n\n\n" );
}
function isNoSep( $char ) {
@@ -1127,7 +1141,7 @@ change on with no (onload -> noload)
function stripEvent( &$i, $j, &$body, $id, $base ) {
- global $message, $base_uri;
+ global $message, $base_uri, $has_unsafe_images, $view_unsafe_images;
$ret = '';
@@ -1154,19 +1168,24 @@ function stripEvent( &$i, $j, &$body, $id, $base ) {
$src .= $body{$k};
$k++;
}
+ $k++;
while( !isNoSep( $body{$k} ) &&
$k < $j ) {
$k++;
}
+ $k++;
if ( strtolower( substr( $src, 0, 4 ) ) == 'cid:' ) {
$src = substr( $src, 4 );
- $src = "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=" .
+ $src = "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=" .
urlencode( $message->header->mailbox ) .
- "&passed_ent_id=" . find_ent_id( $src, $message );
+ "&passed_ent_id=" . find_ent_id( $src, $message );
} else if ( strtolower( substr( $src, 0, 4 ) ) <> 'http' ||
stristr( $src, $base_uri ) ) {
/* Javascript and local urls goes out */
- $src = '../images/' . _("sec_remove_eng.png");
+ if (!$view_unsafe_images) {
+ $src = '../images/' . _("sec_remove_eng.png");
+ }
+ $has_unsafe_images = 1;
}
$ret .= 'src="' . $src . '" ';
$i = $k - 2;
@@ -1195,9 +1214,9 @@ function stripEvent( &$i, $j, &$body, $id, $base ) {
$name .= $body{$i++};
}
if ( $name <> '' ) {
- $ret .= "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=" .
+ $ret .= "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=" .
urlencode( $message->header->mailbox ) .
- "&passed_ent_id=" . find_ent_id( $name, $message );
+ "&passed_ent_id=" . find_ent_id( $name, $message );
if ( $body{$k} == '"' )
$ret .= '" ';
else