| | |
|---|
| | | $js_row_arr['unread'] = true; |
|---|
| | | if ($header->answered) |
|---|
| | | $js_row_arr['replied'] = true; |
|---|
| | | if ($header->forwarded) |
|---|
| | | $js_row_arr['forwarded'] = true; |
|---|
| | | if ($header->flagged) |
|---|
| | | $js_row_arr['flagged'] = true; |
|---|
| | | |
|---|
| | | // set message icon |
|---|
| | | if ($attrib['deletedicon'] && $header->deleted) |
|---|
| | | $message_icon = $attrib['deletedicon']; |
|---|
| | | else if ($attrib['repliedicon'] && $header->answered) |
|---|
| | | { |
|---|
| | | if ($attrib['forwardedrepliedicon'] && $header->forwarded) |
|---|
| | | $message_icon = $attrib['forwardedrepliedicon']; |
|---|
| | | else |
|---|
| | | $message_icon = $attrib['repliedicon']; |
|---|
| | | } |
|---|
| | | else if ($attrib['forwardedicon'] && $header->forwarded) |
|---|
| | | $message_icon = $attrib['forwardedicon']; |
|---|
| | | else if ($attrib['unreadicon'] && !$header->seen) |
|---|
| | | $message_icon = $attrib['unreadicon']; |
|---|
| | | else if ($attrib['repliedicon'] && $header->answered) |
|---|
| | | $message_icon = $attrib['repliedicon']; |
|---|
| | | else if ($attrib['messageicon']) |
|---|
| | | $message_icon = $attrib['messageicon']; |
|---|
| | | |
|---|
| | |
|---|
| | | $OUTPUT->set_env('unreadicon', $skin_path . $attrib['unreadicon']); |
|---|
| | | if ($attrib['repliedicon']) |
|---|
| | | $OUTPUT->set_env('repliedicon', $skin_path . $attrib['repliedicon']); |
|---|
| | | if ($attrib['forwardedicon']) |
|---|
| | | $OUTPUT->set_env('forwardedicon', $skin_path . $attrib['forwardedicon']); |
|---|
| | | if ($attrib['forwardedrepliedicon']) |
|---|
| | | $OUTPUT->set_env('forwardedrepliedicon', $skin_path . $attrib['forwardedrepliedicon']); |
|---|
| | | if ($attrib['attachmenticon']) |
|---|
| | | $OUTPUT->set_env('attachmenticon', $skin_path . $attrib['attachmenticon']); |
|---|
| | | if ($attrib['flaggedicon']) |
|---|
| | |
|---|
| | | $a_msg_flags['deleted'] = $header->deleted ? 1 : 0; |
|---|
| | | $a_msg_flags['unread'] = $header->seen ? 0 : 1; |
|---|
| | | $a_msg_flags['replied'] = $header->answered ? 1 : 0; |
|---|
| | | $a_msg_flags['forwarded'] = $header->forwarded ? 1 : 0; |
|---|
| | | $a_msg_flags['flagged'] = $header->flagged ? 1 : 0; |
|---|
| | | |
|---|
| | | $OUTPUT->command('add_message_row', |
|---|
| | |
|---|
| | | $attrib_str = create_attrib_string($attrib, array('style', 'class', 'id', 'display')); |
|---|
| | | |
|---|
| | | $out = '<span' . $attrib_str . '>'; |
|---|
| | | $out .= rcmail_quota_content(); |
|---|
| | | $out .= rcmail_quota_content(NULL, $attrib); |
|---|
| | | $out .= '</span>'; |
|---|
| | | return $out; |
|---|
| | | } |
|---|
| | |
|---|
| | | /** |
|---|
| | | * |
|---|
| | | */ |
|---|
| | | function rcmail_quota_content($quota=NULL) |
|---|
| | | function rcmail_quota_content($quota=NULL, $attrib=NULL) |
|---|
| | | { |
|---|
| | | global $IMAP, $COMM_PATH, $RCMAIL; |
|---|
| | | |
|---|
| | |
|---|
| | | // show quota as image (by Brett Patterson) |
|---|
| | | if ($display == 'image' && function_exists('imagegif')) |
|---|
| | | { |
|---|
| | | $attrib = array('width' => 100, 'height' => 14); |
|---|
| | | if (!$attrib['width']) |
|---|
| | | $attrib['width'] = isset($_SESSION['quota_width']) ? $_SESSION['quota_width'] : 100; |
|---|
| | | else |
|---|
| | | $_SESSION['quota_width'] = $attrib['width']; |
|---|
| | | |
|---|
| | | if (!$attrib['height']) |
|---|
| | | $attrib['height'] = isset($_SESSION['quota_height']) ? $_SESSION['quota_height'] : 14; |
|---|
| | | else |
|---|
| | | $_SESSION['quota_height'] = $attrib['height']; |
|---|
| | | |
|---|
| | | $quota_text = sprintf('<img src="./bin/quotaimg.php?u=%s&q=%d&w=%d&h=%d" width="%d" height="%d" alt="%s" title="%s / %s" />', |
|---|
| | | $quota['used'], $quota['total'], |
|---|
| | | $attrib['width'], $attrib['height'], |
|---|
| | | $attrib['width'], $attrib['height'], |
|---|
| | | $quota_text, |
|---|
| | | show_bytes($quota["used"] * 1024), |
|---|
| | | show_bytes($quota["total"] * 1024)); |
|---|
| | | show_bytes($quota['used'] * 1024), |
|---|
| | | show_bytes($quota['total'] * 1024)); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | else |
|---|
| | |
|---|
| | | } |
|---|
| | | // text/html |
|---|
| | | else if ($part->ctype_secondary == 'html') { |
|---|
| | | $html = $part->body; |
|---|
| | | |
|---|
| | | // special replacements (not properly handled by washtml class) |
|---|
| | | $html_search = array( |
|---|
| | | '/(<\/nobr>)(\s+)(<nobr>)/i', // space(s) between <NOBR> |
|---|
| | | '/(<[\/]*st1:[^>]+>)/i', // Microsoft's Smart Tags <ST1> |
|---|
| | | '/<title>.*<\/title>/i', // PHP bug #32547 workaround: remove title tag |
|---|
| | | '/<html[^>]*>/im', // malformed html: remove html tags (#1485139) |
|---|
| | | '/<\/html>/i', // malformed html: remove html tags (#1485139) |
|---|
| | | ); |
|---|
| | | $html_replace = array( |
|---|
| | | '\\1'.' '.'\\3', |
|---|
| | | '', |
|---|
| | | '', |
|---|
| | | '', |
|---|
| | | '', |
|---|
| | | ); |
|---|
| | | $html = preg_replace($html_search, $html_replace, $html); |
|---|
| | | |
|---|
| | | // charset was converted to UTF-8 in rcube_imap::get_message_part() -> change charset specification in HTML accordingly |
|---|
| | | $html = $part->body; |
|---|
| | | if (preg_match('/(\s+content=[\'"]\w+\/\w+;\s*charset)=([a-z0-9-_]+)/i', $html)) |
|---|
| | | $html = preg_replace('/(\s+content=[\'"]\w+\/\w+;\s*charset)=([a-z0-9-_]+)/i', '\\1='.RCMAIL_CHARSET, $html); |
|---|
| | | else { |
|---|
| | | // add <head> for malformed messages, washtml cannot work without that |
|---|
| | | if (!preg_match('/<head>(.*)<\\/head>/Uims', $html)) |
|---|
| | | $html = '<head></head>' . $html; |
|---|
| | | // add head for malformed messages, washtml cannot work without that |
|---|
| | | if (!preg_match('/<head[^>]*>(.*)<\/head>/Uims', $html)) |
|---|
| | | $html = '<head></head>'. $html; |
|---|
| | | $html = substr_replace($html, '<meta http-equiv="Content-Type" content="text/html; charset='.RCMAIL_CHARSET.'" />', intval(stripos($html, '</head>')), 0); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // PHP bug #32547 workaround: remove title tag |
|---|
| | | $html = preg_replace('/<title>.*<\/title>/', '', $html); |
|---|
| | | |
|---|
| | | // clean HTML with washhtml by Frederic Motte |
|---|
| | | $wash_opts = array( |
|---|
| | |
|---|
| | | $wash_opts['html_elements'] = array('html','head','title','body'); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // allow CSS styles, will be sanitized by rcmail_washtml_callback() |
|---|
| | | if ($p['safe']) { |
|---|
| | | $wash_opts['html_elements'][] = 'style'; |
|---|
| | | } |
|---|
| | | |
|---|
| | | $washer = new washtml($wash_opts); |
|---|
| | | $washer->add_callback('form', 'rcmail_washtml_callback'); |
|---|
| | | $washer->add_callback('style', 'rcmail_washtml_callback'); |
|---|
| | | |
|---|
| | | if ($p['safe']) { // allow CSS styles, will be sanitized by rcmail_washtml_callback() |
|---|
| | | $washer->add_callback('style', 'rcmail_washtml_callback'); |
|---|
| | | } |
|---|
| | | |
|---|
| | | $body = $washer->wash($html); |
|---|
| | | $REMOTE_OBJECTS = $washer->extlinks; |
|---|
| | | |
|---|
| | |
|---|
| | | |
|---|
| | | case 'style': |
|---|
| | | // decode all escaped entities and reduce to ascii strings |
|---|
| | | $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entitiy_decode($source)); |
|---|
| | | $stripped = preg_replace('/[^a-zA-Z\(:]/', '', rcmail_xss_entitiy_decode($content)); |
|---|
| | | |
|---|
| | | // now check for evli strings like expression, behavior or url() |
|---|
| | | if (!preg_match('/expression|behavior|url\(|import/', $css)) { |
|---|
| | | // now check for evil strings like expression, behavior or url() |
|---|
| | | if (!preg_match('/expression|behavior|url\(|import/', $stripped)) { |
|---|
| | | $out = html::tag('style', array('type' => 'text/css'), $content); |
|---|
| | | break; |
|---|
| | | } |
|---|
