From: philippe_mingo Date: Wed, 24 Oct 2001 09:17:56 +0000 (+0000) Subject: Parses HTML documents to make them more readable and more secure. X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=commitdiff_plain;h=a3daaaf398ca4ec329ffb3b9eea641809848cd0b Parses HTML documents to make them more readable and more secure. git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@1602 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- diff --git a/functions/mime.php b/functions/mime.php index 3bdfedf2..5874a7ff 100644 --- a/functions/mime.php +++ b/functions/mime.php @@ -357,35 +357,66 @@ return( $pos ); } - function mime_fetch_body ($imap_stream, $id, $ent_id) { - // do a bit of error correction. If we couldn't find the entity id, just guess - // that it is the first one. That is usually the case anyway. - if (!$ent_id) $ent_id = 1; - - fputs ($imap_stream, sqimap_session_id() . " FETCH $id BODY[$ent_id]\r\n"); - $data = sqimap_read_data ($imap_stream, sqimap_session_id(), true, $response, $message); - $topline = array_shift($data); - while (! ereg('\\* [0-9]+ FETCH ', $topline) && $data) - $topline = array_shift($data); - $wholemessage = implode('', $data); - - if (ereg('\\{([^\\}]*)\\}', $topline, $regs)) { - return substr($wholemessage, 0, $regs[1]); - } - else if (ereg('"([^"]*)"', $topline, $regs)) { - return $regs[1]; - } - - $str = "Body retrieval error. Please report this bug!\n" . - "Response: $response\n" . - "Message: $message\n" . - "FETCH line: $topline" . - "---------------\n$wholemessage"; - foreach ($data as $d) { - $str .= htmlspecialchars($d) . "\n"; - } - return $str; - } + function mime_fetch_body ($imap_stream, $id, $ent_id ) { + // do a bit of error correction. If we couldn't find the entity id, just guess + // that it is the first one. That is usually the case anyway. + if (!$ent_id) + $ent_id = 1; + $sid = sqimap_session_id(); + fputs ($imap_stream, "$sid FETCH $id BODY[$ent_id]\r\n"); + $data = sqimap_read_data ($imap_stream, $sid, true, $response, $message); + $topline = array_shift($data); + while (! ereg('\\* [0-9]+ FETCH ', $topline) && $data) + $topline = array_shift($data); + $wholemessage = implode('', $data); + if (ereg('\\{([^\\}]*)\\}', $topline, $regs)) { + $ret = substr( $wholemessage, 0, $regs[1] ); + /* + There is some information in the content info header that could be important + in order to parse html messages. Let's get them here. + */ + if( $ret{0} == '<' ) { + fputs ($imap_stream, "$sid FETCH $id BODY[$ent_id.MIME]\r\n"); + $data = sqimap_read_data ($imap_stream, $sid, true, $response, $message); + $base = ''; + $k = 10; + foreach( $data as $d ) { + if( substr( $d, 0, 13 ) == 'Content-Base:' ) { + $j = strlen( $d ); + $i = 13; + $base = ''; + while( $i < $j && + ( !isNoSep( $d{$i} ) || $d{$i} == '"' ) ) + $i++; + while( $i < $j ) { + if( isNoSep( $d{$i} ) ) + $base .= $d{$i}; + $i++; + } + $k = 0; + } elseif( $k == 1 && !isnosep( $d{0} ) ) { + $base .= substr( $d, 1 ); + } + $k++; + } + if( $base <> '' ) + $ret = "" . $ret; + } + } else if (ereg('"([^"]*)"', $topline, $regs)) { + $ret = $regs[1]; + } else { + $ret = "Body retrival error. Please report this bug!\n" . + "Response: $response\n" . + "Message: $message\n" . + "FETCH line: $topline" . + "---------------\n$wholemessage"; + + foreach ($data as $d) { + $ret .= htmlspecialchars($d) . "\n"; + } + } + return( $ret ); + } function mime_print_body_lines ($imap_stream, $id, $ent_id, $encoding) { // do a bit of error correction. If we couldn't find the entity id, just guess @@ -463,38 +494,39 @@ } } - // figures out what entity to display and returns the $message object - // for that entity. - function findDisplayEntity ($message, $textOnly = 1) - { - global $show_html_default; - - if (! $message) - return 0; - - if ($message->header->type0 == 'multipart' && - $message->header->type1 == 'alternative' && - $show_html_default && ! $textOnly) { - $entity = findDisplayEntityHTML($message); - if ($entity != 0) - return $entity; - } - - // Show text/plain or text/html -- the first one we find. - if ( $message->header->type0 == 'text' && - ( $message->header->type1 == 'plain' || - $message->header->type1 == 'html' ) && - isset($message->header->entity_id) ) - return $message->header->entity_id; - - for ($i=0; isset($message->entities[$i]); $i++) { - $entity = findDisplayEntity($message->entities[$i], $textOnly); - if ($entity != 0) - return $entity; - } - - return 0; - } + // figures out what entity to display and returns the $message object + // for that entity. + function findDisplayEntity ($message, $textOnly = 1) { + global $show_html_default; + + $entity = 0; + + if ($message) { + if ( $message->header->type0 == 'multipart' && + ( $message->header->type1 == 'alternative' || + $message->header->type1 == 'related' ) && + $show_html_default && ! $textOnly ) { + $entity = findDisplayEntityHTML($message); + } + + // Show text/plain or text/html -- the first one we find. + if ( $entity == 0 && + $message->header->type0 == 'text' && + ( $message->header->type1 == 'plain' || + $message->header->type1 == 'html' ) && + isset($message->header->entity_id) ) { + $entity = $message->header->entity_id; + } + + $i = 0; + while ($entity == 0 && isset($message->entities[$i]) ) { + $entity = findDisplayEntity($message->entities[$i], $textOnly); + $i++; + } + } + + return( $entity ); + } // Shows the HTML version function findDisplayEntityHTML ($message) { @@ -539,7 +571,14 @@ // If there are other types that shouldn't be formatted, add // them here - if ($body_message->header->type1 != "html" || ! $show_html_default) { + if ($body_message->header->type1 == 'html') { + if( $show_html_default <> 1 ) { + $body = strip_tags( $body ); + translateText($body, $wrap_at, $body_message->header->charset); + } else { + $body = MagicHTML( $body, $id ); + } + } else { translateText($body, $wrap_at, $body_message->header->charset); } @@ -753,4 +792,325 @@ return( $string ); } -?> + /* + Strips dangerous tags from html messages. + */ + + function MagicHTML( $body, $id ) { + + global $message, $PHP_SELF, $HTTP_SERVER_VARS; + + $j = strlen( $body ); // Legnth of the HTML + $ret = ''; // Returned string + $bgcolor = '#ffffff'; // Background style color (defaults to white) + $leftmargin = ''; // Left margin style + $title = ''; // HTML title if any + + $i = 0; + while( $i < $j ) { + if( $body{$i} == '<' ) { + $tag = $body{$i+1}.$body{$i+2}.$body{$i+3}.$body{$i+4}; + switch( strtoupper( $tag ) ) { + // Strips the entire tag and contents + case 'APPL': + case 'EMBB': + case 'FRAM': + case 'SCRI': + case 'OBJE': + $etg = '/' . $tag; + while( $body{$i+1}.$body{$i+2}.$body{$i+3}.$body{$i+4}.$body{$i+5} <> $etg && + $i < $j ) $i++; + while( $i < $j && $body{++$i} <> '>' ); + // $ret .= ""; + break; + // Substitute Title + case 'TITL': + $i += 5; + while( $body{$i} <> '>' && // + $i < $j ) + $i++; + $i++; + $title = ''; + while( $body{$i} <> '<' && // + $i < $j ) { + $title .= $body{$i}; + $i++; + } + $i += 7; + break; + // Destroy these tags + case 'HTML': + case 'HEAD': + case '/HTM': + case '/HEA': + case '!DOC': + case 'META': + case 'DIV ': + case '/DIV': + case '!-- ': + $i += 4; + while( $body{$i} <> '>' && + $i < $j ) + $i++; + // $i++; + break; + case 'STYL': + $i += 5; + while( $body{$i} <> '>' && // + $i < $j ) + $i++; + $i++; + // We parse the style to look for interesting stuff + $styleblk = ''; + while( $body{$i} <> '>' && + $i < $j ) { + // First we get the name of the style + $style = ''; + while( $body{$i} <> '>' && + $body{$i} <> '<' && + $body{$i} <> '{' && + $i < $j ) { + if( isnoSep( $body{$i} ) ) + $style .= $body{$i}; + $i++; + } + stripComments( &$i, $j, &$body ); + $style = strtoupper( trim( $style ) ); + if( $style == 'BODY' ) { + // Next we look into the definitions of the body style + while( $body{$i} <> '>' && + $body{$i} <> '}' && + $i < $j ) { + // We look for the background color if any. + if( substr( $body, $i, 17 ) == 'BACKGROUND-COLOR:' ) { + $i += 17; + $bgcolor = getStyleData( $i, $j, $body ); + } elseif ( substr( $body, $i, 12 ) == 'MARGIN-LEFT:' ) { + $i += 12; + $leftmargin = getStyleData( $i, $j, $body ); + } + $i++; + } + } else { + // Other style are mantained + $styleblk .= "$style "; + while( $body{$i} <> '>' && + $body{$i} <> '<' && + $body{$i} <> '}' && + $i < $j ) { + $styleblk .= $body{$i}; + $i++; + } + $styleblk .= $body{$i}; + } + stripComments( &$i, $j, &$body ); + if( $body{$i} <> '>' ) + $i++; + } + if( $styleblk <> '' ) + $ret .= "