From e5ea9327e412368d6a51ee814b1ff7869b2bfd9d Mon Sep 17 00:00:00 2001 From: brong Date: Tue, 19 Feb 2002 01:47:55 +0000 Subject: [PATCH 1/1] Fix & in URLs to & for correctness of HTML, also 100% to "100%" in table definitions. Remove two cases of in formatBody, moving the bit back into src/read_body.php to match the
before the function call, and removing the excessive close tags problem. The possibly controversial bit: remove all outputting of tags within the message body. I refer you to: http://www.w3.org/TR/1998/REC-html40-19980424/struct/links.html#h-12.4 specifically, When present, the BASE element must appear in the HEAD section of an HTML document, before any element that refers to an external source. git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@2461 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- functions/mime.php | 83 ++++++++++++++++++++++++---------------------- 1 file changed, 43 insertions(+), 40 deletions(-) diff --git a/functions/mime.php b/functions/mime.php index bae0fd9a..3c2f125c 100644 --- a/functions/mime.php +++ b/functions/mime.php @@ -395,44 +395,46 @@ function mime_fetch_body($imap_stream, $id, $ent_id ) { */ if ( $ret{0} == '<' ) { $data = sqimap_run_command ($imap_stream, "FETCH $id BODY[$ent_id.MIME]", true, $response, $message); - $base = ''; - $k = 10; - foreach( $data as $d ) { - if ( substr( $d, 0, 13 ) == 'Content-Base:' ) { - $j = strlen( $d ); - $i = 13; - $base = ''; - while ( $i < $j && - ( !isNoSep( $d{$i} ) || $d{$i} == '"' ) ) - $i++; - while ( $i < $j ) { - if ( isNoSep( $d{$i} ) ) - $base .= $d{$i}; - $i++; - } - $k = 0; - } elseif ( $k == 1 && !isnosep( $d{0} ) ) { - $base .= substr( $d, 1 ); - } - $k++; - } - if ( $base <> '' ) { - $ret = "" . $ret; - } + /* BASE within HTML documents is illegal (see w3 spec) +* $base = ''; +* $k = 10; +* foreach( $data as $d ) { +* if ( substr( $d, 0, 13 ) == 'Content-Base:' ) { +* $j = strlen( $d ); +* $i = 13; +* $base = ''; +* while ( $i < $j && +* ( !isNoSep( $d{$i} ) || $d{$i} == '"' ) ) +* $i++; +* while ( $i < $j ) { +* if ( isNoSep( $d{$i} ) ) +* $base .= $d{$i}; +* $i++; +* } +* $k = 0; +* } elseif ( $k == 1 && !isnosep( $d{0} ) ) { +* $base .= substr( $d, 1 ); +* } +* $k++; +* } +* if ( $base <> '' ) { +* $ret = "" . $ret; +* } +* */ } } else if (ereg('"([^"]*)"', $topline, $regs)) { $ret = $regs[1]; } else { global $where, $what, $mailbox, $passed_id, $startMessage; - $par = 'mailbox=' . urlencode($mailbox) . "&passed_id=$passed_id"; + $par = 'mailbox=' . urlencode($mailbox) . "&passed_id=$passed_id"; if (isset($where) && isset($what)) { - $par .= '&where='. urlencode($where) . "&what=" . urlencode($what); + $par .= '&where='. urlencode($where) . "&what=" . urlencode($what); } else { - $par .= "&startMessage=$startMessage&show_more=0"; + $par .= "&startMessage=$startMessage&show_more=0"; } - $par .= '&response=' . urlencode($response) . - '&message=' . urlencode($message). - '&topline=' . urlencode($topline); + $par .= '&response=' . urlencode($response) . + '&message=' . urlencode($message). + '&topline=' . urlencode($topline); echo '
' . '' . @@ -633,14 +635,12 @@ function formatBody($imap_stream, $message, $color, $wrap_at) { translateText($body, $wrap_at, $body_message->header->charset); } - $body .= "
". _("Download this as a file") ."

"; + $body .= "
". _("Download this as a file") ."

"; /** Display the ATTACHMENTS: message if there's more than one part **/ - $body .= "
"; if (isset($message->entities[0])) { $body .= formatAttachments ($message, $ent_num, $message->header->mailbox, $id); } - $body .= "
"; } else { $body = formatAttachments ($message, -1, $message->header->mailbox, $id); } @@ -697,13 +697,13 @@ function formatAttachments($message, $ent_id, $mailbox, $id) { $ent = urlencode($message->header->entity_id); $DefaultLink = - "../src/download.php?startMessage=$startMessage&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent"; + "../src/download.php?startMessage=$startMessage&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent"; if ($where && $what) { - $DefaultLink .= '&where=' . urlencode($where) . '&what=' . urlencode($what); + $DefaultLink .= '&where=' . urlencode($where) . '&what=' . urlencode($what); } $Links['download link']['text'] = _("download"); $Links['download link']['href'] = - "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent"; + "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=$urlMailbox&passed_ent_id=$ent"; $ImageURL = ''; /* this executes the attachment hook with a specific MIME-type. @@ -1059,9 +1059,12 @@ function MagicHTML( $body, $id ) { return( "\n\n\n" . $ret . + /* Base is illegal within HTML "\n\n\n" ); + */ + "\n\n\n" ); } function isNoSep( $char ) { @@ -1161,9 +1164,9 @@ function stripEvent( &$i, $j, &$body, $id, $base ) { } if ( strtolower( substr( $src, 0, 4 ) ) == 'cid:' ) { $src = substr( $src, 4 ); - $src = "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=" . + $src = "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=" . urlencode( $message->header->mailbox ) . - "&passed_ent_id=" . find_ent_id( $src, $message ); + "&passed_ent_id=" . find_ent_id( $src, $message ); } else if ( strtolower( substr( $src, 0, 4 ) ) <> 'http' || stristr( $src, $base_uri ) ) { /* Javascript and local urls goes out */ @@ -1196,9 +1199,9 @@ function stripEvent( &$i, $j, &$body, $id, $base ) { $name .= $body{$i++}; } if ( $name <> '' ) { - $ret .= "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=" . + $ret .= "../src/download.php?absolute_dl=true&passed_id=$id&mailbox=" . urlencode( $message->header->mailbox ) . - "&passed_ent_id=" . find_ent_id( $name, $message ); + "&passed_ent_id=" . find_ent_id( $name, $message ); if ( $body{$k} == '"' ) $ret .= '" '; else -- 2.25.1