From 45f56c1c400ad5b21ddcd4d490f6f6c4ffe0d9fc Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Thu, 29 May 2008 12:10:42 -0400
Subject: [PATCH] Replace our crappy html sanitization with the dom-based washtml script + fix inline message parts + remove old code + add some doc comments
---
program/steps/mail/func.inc | 565 +++++++++++---------------------------------------------
1 files changed, 115 insertions(+), 450 deletions(-)
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index d37a521..0a1e4d4 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -74,7 +74,9 @@
-// return the message list as HTML table
+/**
+ * return the message list as HTML table
+ */
function rcmail_message_list($attrib)
{
global $IMAP, $CONFIG, $COMM_PATH, $OUTPUT;
@@ -295,7 +297,9 @@
}
-// return javascript commands to add rows to the message list
+/**
+ * return javascript commands to add rows to the message list
+ */
function rcmail_js_message_list($a_headers, $insert_top=FALSE)
{
global $CONFIG, $IMAP, $OUTPUT;
@@ -358,7 +362,9 @@
}
-// return an HTML iframe for loading mail content
+/**
+ * return an HTML iframe for loading mail content
+ */
function rcmail_messagecontent_frame($attrib)
{
global $OUTPUT;
@@ -381,6 +387,9 @@
}
+/**
+ *
+ */
function rcmail_messagecount_display($attrib)
{
global $IMAP, $OUTPUT;
@@ -401,6 +410,9 @@
}
+/**
+ *
+ */
function rcmail_quota_display($attrib)
{
global $OUTPUT, $COMM_PATH;
@@ -423,6 +435,9 @@
}
+/**
+ *
+ */
function rcmail_quota_content($quota=NULL)
{
global $IMAP, $COMM_PATH;
@@ -466,6 +481,9 @@
}
+/**
+ *
+ */
function rcmail_get_messagecount_text($count=NULL, $page=NULL)
{
global $IMAP, $MESSAGE;
@@ -495,246 +513,102 @@
}
-/* Stolen from Squirrelmail */
-function sq_deent(&$attvalue, $regex, $hex=false)
- {
- $ret_match = false;
- preg_match_all($regex, $attvalue, $matches);
- if (is_array($matches) && sizeof($matches[0]) > 0)
- {
- $repl = Array();
- for ($i = 0; $i < sizeof($matches[0]); $i++)
- {
- $numval = $matches[1][$i];
- if ($hex)
- $numval = hexdec($numval);
- $repl{$matches[0][$i]} = chr($numval);
- }
- $attvalue = strtr($attvalue, $repl);
- return true;
- }
- else
- return false;
- }
-
-
-/* Stolen verbatim from Squirrelmail */
-function sq_defang(&$attvalue)
- {
- /* Skip this if there aren't ampersands or backslashes. */
- if ((strpos($attvalue, '&') === false) &&
- (strpos($attvalue, '\\') === false))
- return;
- $m = false;
- do
- {
- $m = false;
- $m = $m || sq_deent($attvalue, '/\�*(\d+);*/s');
- $m = $m || sq_deent($attvalue, '/\�*((\d|[a-f])+);*/si', true);
- $m = $m || sq_deent($attvalue, '/\\\\(\d+)/s', true);
- } while ($m == true);
- $attvalue = stripslashes($attvalue);
- }
-
-
-function rcmail_html_filter($html)
- {
- preg_match_all('/<\/?\w+((\s+\w+(\s*=\s*(?:".*?"|\'.*?\'|[^\'">\s]+))?)+\s*|\s*)\/?>/', $html, $tags);
-
- /* From Squirrelmail: Translate all dangerous Unicode or Shift_JIS characters which are accepted by
- * IE as regular characters. */
- $replace = array(array('ʟ', 'ʟ', /* L UNICODE IPA Extension */
- 'ʀ', 'ʀ', /* R UNICODE IPA Extension */
- 'ɴ', 'ɴ', /* N UNICODE IPA Extension */
- 'E', 'E', /* Unicode FULLWIDTH LATIN CAPITAL LETTER E */
- 'e', 'e', /* Unicode FULLWIDTH LATIN SMALL LETTER E */
- 'X', 'X', /* Unicode FULLWIDTH LATIN CAPITAL LETTER X */
- 'x', 'x', /* Unicode FULLWIDTH LATIN SMALL LETTER X */
- 'P', 'P', /* Unicode FULLWIDTH LATIN CAPITAL LETTER P */
- 'p', 'p', /* Unicode FULLWIDTH LATIN SMALL LETTER P */
- 'R', 'R', /* Unicode FULLWIDTH LATIN CAPITAL LETTER R */
- 'r', 'r', /* Unicode FULLWIDTH LATIN SMALL LETTER R */
- 'S', 'S', /* Unicode FULLWIDTH LATIN CAPITAL LETTER S */
- 's', 's', /* Unicode FULLWIDTH LATIN SMALL LETTER S */
- 'I', 'I', /* Unicode FULLWIDTH LATIN CAPITAL LETTER I */
- 'i', 'i', /* Unicode FULLWIDTH LATIN SMALL LETTER I */
- 'O', 'O', /* Unicode FULLWIDTH LATIN CAPITAL LETTER O */
- 'o', 'o', /* Unicode FULLWIDTH LATIN SMALL LETTER O */
- 'N', 'N', /* Unicode FULLWIDTH LATIN CAPITAL LETTER N */
- 'n', 'n', /* Unicode FULLWIDTH LATIN SMALL LETTER N */
- 'L', 'L', /* Unicode FULLWIDTH LATIN CAPITAL LETTER L */
- 'l', 'l', /* Unicode FULLWIDTH LATIN SMALL LETTER L */
- 'U', 'U', /* Unicode FULLWIDTH LATIN CAPITAL LETTER U */
- 'u', 'u', /* Unicode FULLWIDTH LATIN SMALL LETTER U */
- 'ⁿ', 'ⁿ' , /* Unicode SUPERSCRIPT LATIN SMALL LETTER N */
- "\xEF\xBC\xA5", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER E */
- /* in unicode this is some Chinese char range */
- "\xEF\xBD\x85", /* Shift JIS FULLWIDTH LATIN SMALL LETTER E */
- "\xEF\xBC\xB8", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER X */
- "\xEF\xBD\x98", /* Shift JIS FULLWIDTH LATIN SMALL LETTER X */
- "\xEF\xBC\xB0", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER P */
- "\xEF\xBD\x90", /* Shift JIS FULLWIDTH LATIN SMALL LETTER P */
- "\xEF\xBC\xB2", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER R */
- "\xEF\xBD\x92", /* Shift JIS FULLWIDTH LATIN SMALL LETTER R */
- "\xEF\xBC\xB3", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER S */
- "\xEF\xBD\x93", /* Shift JIS FULLWIDTH LATIN SMALL LETTER S */
- "\xEF\xBC\xA9", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER I */
- "\xEF\xBD\x89", /* Shift JIS FULLWIDTH LATIN SMALL LETTER I */
- "\xEF\xBC\xAF", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER O */
- "\xEF\xBD\x8F", /* Shift JIS FULLWIDTH LATIN SMALL LETTER O */
- "\xEF\xBC\xAE", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER N */
- "\xEF\xBD\x8E", /* Shift JIS FULLWIDTH LATIN SMALL LETTER N */
- "\xEF\xBC\xAC", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER L */
- "\xEF\xBD\x8C", /* Shift JIS FULLWIDTH LATIN SMALL LETTER L */
- "\xEF\xBC\xB5", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER U */
- "\xEF\xBD\x95", /* Shift JIS FULLWIDTH LATIN SMALL LETTER U */
- "\xE2\x81\xBF", /* Shift JIS FULLWIDTH SUPERSCRIPT N */
- "\xCA\x9F", /* L UNICODE IPA Extension */
- "\xCA\x80", /* R UNICODE IPA Extension */
- "\xC9\xB4"), /* N UNICODE IPA Extension */
- array('l', 'l', 'r', 'r', 'n', 'n', 'E', 'E', 'e', 'e', 'X', 'X', 'x', 'x',
- 'P', 'P', 'p', 'p', 'R', 'R', 'r', 'r', 'S', 'S', 's', 's', 'I', 'I',
- 'i', 'i', 'O', 'O', 'o', 'o', 'N', 'N', 'n', 'n', 'L', 'L', 'l', 'l',
- 'U', 'U', 'u', 'u', 'n', 'n', 'E', 'e', 'X', 'x', 'P', 'p', 'R', 'r',
- 'S', 's', 'I', 'i', 'O', 'o', 'N', 'n', 'L', 'l', 'U', 'u', 'n', 'l', 'r', 'n'));
- if ((count($tags)>3) && (count($tags[3])>0))
- foreach ($tags[3] as $nr=>$value)
- {
- /* Remove comments */
- $newvalue = preg_replace('/(\/\*.*\*\/)/','$2',$value);
- /* Translate dangerous characters */
- $newvalue = str_replace($replace[0], $replace[1], $newvalue);
- sq_defang($newvalue);
- /* Rename dangerous CSS */
- $newvalue = preg_replace('/expression/i', 'idiocy', $newvalue);
- $newvalue = preg_replace('/url/i', 'idiocy', $newvalue);
- $newattrs = preg_replace('/'.preg_quote($value, '/').'$/', $newvalue, $tags[1][$nr]);
- $newtag = preg_replace('/'.preg_quote($tags[1][$nr], '/').'/', $newattrs, $tags[0][$nr]);
- $html = preg_replace('/'.preg_quote($tags[0][$nr], '/').'/', $newtag, $html);
- }
- return $html;
- }
-
-
+/**
+ *
+ */
function rcmail_print_body($part, $safe=FALSE, $plain=FALSE)
- {
- global $IMAP, $REMOTE_OBJECTS;
+{
+ global $REMOTE_OBJECTS;
- $body = is_array($part->replaces) ? strtr($part->body, $part->replaces) : $part->body;
-
// convert html to text/plain
- if ($part->ctype_secondary=='html' && $plain)
- {
- $txt = new html2text($body, false, true);
+ if ($part->ctype_secondary == 'html' && $plain) {
+ $txt = new html2text($part->body, false, true);
$body = $txt->get_text();
$part->ctype_secondary = 'plain';
- }
-
+ }
// text/html
- if ($part->ctype_secondary=='html')
- {
- // remove charset specification in HTML message
- $body = preg_replace('/charset=[a-z0-9\-]+/i', '', $body);
+ else if ($part->ctype_secondary == 'html') {
+ // clean HTML with washhtml by Frederic Motte
+ $body = washtml::wash($part->body, array(
+ 'show_washed' => false,
+ 'allow_remote' => $safe,
+ 'blocked_src' => "./program/blocked.gif",
+ 'charset' => 'UTF-8',
+ 'cid_map' => $part->replaces,
+ ), $full_inline);
- if (!$safe) // remove remote images and scripts
- {
- $remote_patterns = array('/<img\s+(.*)src=(["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)(\2|\s|>)/Ui',
- '/(src|background)=(["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)(\2|\s|>)/Ui',
- '/(<base.*href=["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)([^<]*>)/i',
- '/(<link.*href=["\']?)([hftps]{3,5}:\/{2}[^"\'\s]+)([^<]*>)/i',
- '/url\s*\(["\']?([hftps]{3,5}:\/{2}[^"\'\s]+)["\']?\)/i',
- '/url\s*\(["\']?([\.\/]+[^"\'\s]+)["\']?\)/i',
- '/<script.+<\/script>/Umis');
+ $REMOTE_OBJECTS = !$full_inline;
- $remote_replaces = array('<img \\1src=\\2./program/blocked.gif\\4',
- '',
- '',
- '',
- 'none',
- 'none',
- '');
-
- // set flag if message containes remote obejcts that where blocked
- foreach ($remote_patterns as $pattern)
- {
- if (preg_match($pattern, $body))
- {
- $REMOTE_OBJECTS = TRUE;
- break;
- }
- }
-
- $body = preg_replace($remote_patterns, $remote_replaces, $body);
- }
-
- return Q(rcmail_html_filter($body), 'show', FALSE);
- }
-
+ return $body;
+ }
// text/enriched
- if ($part->ctype_secondary=='enriched')
- {
+ else if ($part->ctype_secondary=='enriched') {
return Q(enriched_to_html($body), 'show');
- }
+ }
else
- {
- // make links and email-addresses clickable
- $convert_patterns = $convert_replaces = $replace_strings = array();
-
- $url_chars = 'a-z0-9_\-\+\*\$\/&%=@#:;';
- $url_chars_within = '\?\.~,!';
+ $body = $part->body;
- $convert_patterns[] = "/([\w]+):\/\/([a-z0-9\-\.]+[a-z]{2,4}([$url_chars$url_chars_within]*[$url_chars])?)/ie";
- $convert_replaces[] = "rcmail_str_replacement('<a href=\"\\1://\\2\" target=\"_blank\">\\1://\\2</a>', \$replace_strings)";
- $convert_patterns[] = "/([^\/:]|\s)(www\.)([a-z0-9\-]{2,}[a-z]{2,4}([$url_chars$url_chars_within]*[$url_chars])?)/ie";
- $convert_replaces[] = "rcmail_str_replacement('\\1<a href=\"http://\\2\\3\" target=\"_blank\">\\2\\3</a>', \$replace_strings)";
-
- $convert_patterns[] = '/([a-z0-9][a-z0-9\-\.\+\_]*@[a-z0-9]([a-z0-9\-][.]?)*[a-z0-9]\\.[a-z]{2,5})/ie';
- $convert_replaces[] = "rcmail_str_replacement('<a href=\"mailto:\\1\" onclick=\"return ".JS_OBJECT_NAME.".command(\'compose\',\'\\1\',this)\">\\1</a>', \$replace_strings)";
-
+ /**** assert plaintext ****/
+
+ // make links and email-addresses clickable
+ $convert_patterns = $convert_replaces = $replace_strings = array();
+
+ $url_chars = 'a-z0-9_\-\+\*\$\/&%=@#:;';
+ $url_chars_within = '\?\.~,!';
+
+ $convert_patterns[] = "/([\w]+):\/\/([a-z0-9\-\.]+[a-z]{2,4}([$url_chars$url_chars_within]*[$url_chars])?)/ie";
+ $convert_replaces[] = "rcmail_str_replacement('<a href=\"\\1://\\2\" target=\"_blank\">\\1://\\2</a>', \$replace_strings)";
+
+ $convert_patterns[] = "/([^\/:]|\s)(www\.)([a-z0-9\-]{2,}[a-z]{2,4}([$url_chars$url_chars_within]*[$url_chars])?)/ie";
+ $convert_replaces[] = "rcmail_str_replacement('\\1<a href=\"http://\\2\\3\" target=\"_blank\">\\2\\3</a>', \$replace_strings)";
+
+ $convert_patterns[] = '/([a-z0-9][a-z0-9\-\.\+\_]*@[a-z0-9]([a-z0-9\-][.]?)*[a-z0-9]\\.[a-z]{2,5})/ie';
+ $convert_replaces[] = "rcmail_str_replacement('<a href=\"mailto:\\1\" onclick=\"return ".JS_OBJECT_NAME.".command(\'compose\',\'\\1\',this)\">\\1</a>', \$replace_strings)";
+
// if ($part->ctype_parameters['format'] != 'flowed')
// $body = wordwrap(trim($body), 80);
- $body = preg_replace($convert_patterns, $convert_replaces, $body);
+ // search for patterns like links and e-mail addresses
+ $body = preg_replace($convert_patterns, $convert_replaces, $body);
- // split body into single lines
- $a_lines = preg_split('/\r?\n/', $body);
- $quote_level = 0;
+ // split body into single lines
+ $a_lines = preg_split('/\r?\n/', $body);
+ $quote_level = 0;
- // colorize quoted parts
- for($n=0; $n<sizeof($a_lines); $n++)
- {
- $line = $a_lines[$n];
- $quotation = '';
- $q = 0;
-
- if (preg_match('/^(>+\s*)+/', $line, $regs))
- {
- $q = strlen(preg_replace('/\s/', '', $regs[0]));
- $line = substr($line, strlen($regs[0]));
-
- if ($q > $quote_level)
- $quotation = str_repeat('<blockquote>', $q - $quote_level);
- else if ($q < $quote_level)
- $quotation = str_repeat("</blockquote>", $quote_level - $q);
- }
- else if ($quote_level > 0)
- $quotation = str_repeat("</blockquote>", $quote_level);
-
- $quote_level = $q;
- $a_lines[$n] = $quotation . Q($line, 'replace', FALSE);
- }
-
- // insert the links for urls and mailtos
- $body = preg_replace("/##string_replacement\{([0-9]+)\}##/e", "\$replace_strings[\\1]", join("\n", $a_lines));
+ // colorize quoted parts
+ for ($n=0; $n < sizeof($a_lines); $n++) {
+ $line = $a_lines[$n];
+ $quotation = '';
+ $q = 0;
- return "<div class=\"pre\">".$body."\n</div>";
+ if (preg_match('/^(>+\s*)+/', $line, $regs)) {
+ $q = strlen(preg_replace('/\s/', '', $regs[0]));
+ $line = substr($line, strlen($regs[0]));
+
+ if ($q > $quote_level)
+ $quotation = str_repeat('<blockquote>', $q - $quote_level);
+ else if ($q < $quote_level)
+ $quotation = str_repeat("</blockquote>", $quote_level - $q);
}
+ else if ($quote_level > 0)
+ $quotation = str_repeat("</blockquote>", $quote_level);
+
+ $quote_level = $q;
+ $a_lines[$n] = $quotation . Q($line, 'replace', false); // htmlquote plaintext
+ }
+
+ // insert the links for urls and mailtos
+ $body = preg_replace("/##string_replacement\{([0-9]+)\}##/e", "\$replace_strings[\\1]", join("\n", $a_lines));
+
+ return "<div class=\"pre\">".$body."\n</div>";
}
-// add a string to the replacement array and return a replacement string
+/**
+ * add a string to the replacement array and return a replacement string
+ */
function rcmail_str_replacement($str, &$rep)
{
static $count = 0;
@@ -743,200 +617,10 @@
}
-function rcmail_parse_message(&$structure, $arg=array(), $recursive=FALSE)
- {
- global $IMAP;
- static $sa_inline_objects = array();
- // arguments are: (bool)$prefer_html, (string)$get_url
- extract($arg);
-
- $a_attachments = array();
- $a_return_parts = array();
- $out = '';
-
- $message_ctype_primary = strtolower($structure->ctype_primary);
- $message_ctype_secondary = strtolower($structure->ctype_secondary);
-
- // show message headers
- if ($recursive && is_array($structure->headers) && isset($structure->headers['subject']))
- {
- $c = new stdClass;
- $c->type = 'headers';
- $c->headers = &$structure->headers;
- $a_return_parts[] = $c;
- }
-
- // print body if message doesn't have multiple parts
- if ($message_ctype_primary=='text')
- {
- $structure->type = 'content';
- $a_return_parts[] = &$structure;
- }
-
- // message contains alternative parts
- else if ($message_ctype_primary=='multipart' && $message_ctype_secondary=='alternative' && is_array($structure->parts))
- {
- // get html/plaintext parts
- $plain_part = $html_part = $print_part = $related_part = NULL;
-
- foreach ($structure->parts as $p => $sub_part)
- {
- $rel_parts = $attachmnts = null;
- $sub_ctype_primary = strtolower($sub_part->ctype_primary);
- $sub_ctype_secondary = strtolower($sub_part->ctype_secondary);
-
- // check if sub part is
- if ($sub_ctype_primary=='text' && $sub_ctype_secondary=='plain')
- $plain_part = $p;
- else if ($sub_ctype_primary=='text' && $sub_ctype_secondary=='html')
- $html_part = $p;
- else if ($sub_ctype_primary=='text' && $sub_ctype_secondary=='enriched')
- $enriched_part = $p;
- else if ($sub_ctype_primary=='multipart' && ($sub_ctype_secondary=='related' || $sub_ctype_secondary=='mixed'))
- $related_part = $p;
- }
-
- // parse related part (alternative part could be in here)
- if ($related_part!==NULL)
- {
- list($rel_parts, $attachmnts) = rcmail_parse_message($structure->parts[$related_part], $arg, TRUE);
- $a_attachments = array_merge($a_attachments, $attachmnts);
- }
-
- // merge related parts if any
- if ($rel_parts && $prefer_html && !$html_part)
- $a_return_parts = array_merge($a_return_parts, $rel_parts);
-
- // choose html/plain part to print
- else if ($html_part!==NULL && $prefer_html)
- $print_part = &$structure->parts[$html_part];
- else if ($enriched_part!==NULL)
- $print_part = &$structure->parts[$enriched_part];
- else if ($plain_part!==NULL)
- $print_part = &$structure->parts[$plain_part];
-
- // show message body
- if (is_object($print_part))
- {
- $print_part->type = 'content';
- $a_return_parts[] = $print_part;
- }
- // show plaintext warning
- else if ($html_part!==NULL && empty($a_return_parts))
- {
- $c = new stdClass;
- $c->type = 'content';
- $c->body = rcube_label('htmlmessage');
- $c->ctype_primary = 'text';
- $c->ctype_secondary = 'plain';
-
- $a_return_parts[] = $c;
- }
-
- // add html part as attachment
- if ($html_part!==NULL && $structure->parts[$html_part]!==$print_part)
- {
- $html_part = &$structure->parts[$html_part];
- $html_part->filename = rcube_label('htmlmessage');
- $html_part->mimetype = 'text/html';
-
- $a_attachments[] = $html_part;
- }
- }
-
- // message contains multiple parts
- else if (is_array($structure->parts) && !empty($structure->parts))
- {
- for ($i=0; $i<count($structure->parts); $i++)
- {
- $mail_part = &$structure->parts[$i];
- $primary_type = strtolower($mail_part->ctype_primary);
- $secondary_type = strtolower($mail_part->ctype_secondary);
-
- // multipart/alternative
- if ($primary_type=='multipart')
- {
- list($parts, $attachmnts) = rcmail_parse_message($mail_part, $arg, TRUE);
-
- $a_return_parts = array_merge($a_return_parts, $parts);
- $a_attachments = array_merge($a_attachments, $attachmnts);
- }
-
- // part text/[plain|html] OR message/delivery-status
- else if (($primary_type=='text' && ($secondary_type=='plain' || $secondary_type=='html') && $mail_part->disposition!='attachment') ||
- ($primary_type=='message' && ($secondary_type=='delivery-status' || $secondary_type=='disposition-notification')))
- {
- $mail_part->type = 'content';
- $a_return_parts[] = $mail_part;
- }
-
- // part message/*
- else if ($primary_type=='message')
- {
- list($parts, $attachmnts) = rcmail_parse_message($mail_part, $arg, TRUE);
-
- $a_return_parts = array_merge($a_return_parts, $parts);
- $a_attachments = array_merge($a_attachments, $attachmnts);
- }
-
- // ignore "virtual" protocol parts
- else if ($primary_type=='protocol')
- continue;
-
- // part is file/attachment
- else if ($mail_part->disposition=='attachment' || $mail_part->disposition=='inline' || $mail_part->headers['content-id'] ||
- (empty($mail_part->disposition) && $mail_part->filename))
- {
- // skip apple resource forks
- if ($message_ctype_secondary=='appledouble' && $secondary_type=='applefile')
- continue;
-
- // part belongs to a related message
- if ($message_ctype_secondary=='related' && $mail_part->headers['content-id'])
- {
- $mail_part->content_id = preg_replace(array('/^</', '/>$/'), '', $mail_part->headers['content-id']);
- $sa_inline_objects[] = $mail_part;
- }
- // is regular attachment
- else
- {
- if (!$mail_part->filename)
- $mail_part->filename = 'Part '.$mail_part->mime_id;
- $a_attachments[] = $mail_part;
- }
- }
- }
-
- // if this was a related part try to resolve references
- if ($message_ctype_secondary=='related' && sizeof($sa_inline_objects))
- {
- $a_replaces = array();
-
- foreach ($sa_inline_objects as $inline_object)
- $a_replaces['cid:'.$inline_object->content_id] = htmlspecialchars(sprintf($get_url, $inline_object->mime_id));
-
- // add replace array to each content part
- // (will be applied later when part body is available)
- for ($i=0; $i<count($a_return_parts); $i++)
- {
- if ($a_return_parts[$i]->type=='content')
- $a_return_parts[$i]->replaces = $a_replaces;
- }
- }
- }
-
- // message is single part non-text
- else if ($structure->filename)
- $a_attachments[] = $structure;
-
- return array($a_return_parts, $a_attachments);
- }
-
-
-
-
-// return table with message headers
+/**
+ * return table with message headers
+ */
function rcmail_message_headers($attrib, $headers=NULL)
{
global $IMAP, $OUTPUT, $MESSAGE;
@@ -989,7 +673,9 @@
}
-
+/**
+ *
+ */
function rcmail_message_body($attrib)
{
global $CONFIG, $OUTPUT, $MESSAGE, $IMAP, $REMOTE_OBJECTS;
@@ -1028,7 +714,7 @@
$out .= '<div class="message-part">';
if ($part->ctype_secondary != 'plain')
- $out .= rcmail_sanitize_html($body, $attrib['id']);
+ $out .= rcmail_html4inline($body, $attrib['id']);
else
$out .= $body;
@@ -1068,12 +754,11 @@
-// modify a HTML message that it can be displayed inside a HTML page
-function rcmail_sanitize_html($body, $container_id)
+/**
+ * modify a HTML message that it can be displayed inside a HTML page
+ */
+function rcmail_html4inline($body, $container_id)
{
- // remove any null-byte characters before parsing
- $body = preg_replace('/\x00/', '', $body);
-
$base_url = "";
$last_style_pos = 0;
$body_lc = strtolower($body);
@@ -1093,26 +778,6 @@
$body = substr($body, 0, $pos) . $styles . substr($body, $pos2);
$body_lc = strtolower($body);
$last_style_pos = $pos2;
- }
-
-
- // remove SCRIPT tags
- foreach (array('script', 'applet', 'object', 'embed', 'iframe') as $tag)
- {
- while (($pos = strpos($body_lc, '<'.$tag)) && (($pos2 = strpos($body_lc, '</'.$tag.'>', $pos)) || ($pos3 = strpos($body_lc, '>', $pos))))
- {
- $end = $pos2 ? $pos2 + strlen('</'.$tag.'>') : $pos3 + 1;
- $body = substr($body, 0, $pos) . substr($body, $end, strlen($body)-$end);
- $body_lc = strtolower($body);
- }
- }
-
- // replace event handlers on any object
- while ($body != $prev_body)
- {
- $prev_body = $body;
- $body = preg_replace('/(<[^!][^>]*\s)on(?:load|unload|click|dblclick|mousedown|mouseup|mouseover|mousemove|mouseout|focus|blur|keypress|keydown|keyup|submit|reset|select|change)=([^>]+>)/im', '$1__removed=$2', $body);
- $body = preg_replace('/(<[^!][^>]*\shref=["\']?)(javascript:)([^>]*?>)/im', '$1null:$3', $body);
}
// resolve <base href>
@@ -1138,14 +803,8 @@
$body);
$out = preg_replace(
- array(
- '/<body([^>]*)>/i',
- '/<\/body>/i',
- ),
- array(
- '<div class="rcmBody"\\1>',
- '</div>',
- ),
+ array('/<body([^>]*)>/i', '/<\/body>/i'),
+ array('<div class="rcmBody"\\1>', '</div>'),
$out);
// quote <? of php and xml files that are specified as text/html
@@ -1155,7 +814,9 @@
}
-// parse link attributes and set correct target
+/**
+ * parse link attributes and set correct target
+ */
function rcmail_alter_html_link($tag, $attrs, $container_id)
{
$attrib = parse_attrib_string($attrs);
@@ -1176,7 +837,9 @@
}
-// decode address string and re-format it as HTML links
+/**
+ * decode address string and re-format it as HTML links
+ */
function rcmail_address_string($input, $max=NULL, $addicon=NULL)
{
global $IMAP, $PRINT_MODE, $CONFIG, $OUTPUT, $EMAIL_ADDRESS_PATTERN;
@@ -1277,7 +940,9 @@
}
-// clear message composing settings
+/**
+ * clear message composing settings
+ */
function rcmail_compose_cleanup()
{
if (!isset($_SESSION['compose']))
--
Gitblit v1.9.1