Changeset 356f749 in github
- Timestamp:
- Feb 14, 2008 3:28:41 AM (5 years ago)
- Branches:
- master, HEAD, courier-fix, dev-browser-capabilities, pdo, release-0.6, release-0.7, release-0.8
- Children:
- 3afd87b
- Parents:
- d722de1
- File:
-
- 1 edited
-
program/steps/mail/func.inc (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
program/steps/mail/func.inc
rd24d208 r356f749 483 483 484 484 485 /* Stolen from Squirrelmail */ 486 function sq_deent(&$attvalue, $regex, $hex=false) 487 { 488 $ret_match = false; 489 preg_match_all($regex, $attvalue, $matches); 490 if (is_array($matches) && sizeof($matches[0]) > 0) 491 { 492 $repl = Array(); 493 for ($i = 0; $i < sizeof($matches[0]); $i++) 494 { 495 $numval = $matches[1][$i]; 496 if ($hex) 497 $numval = hexdec($numval); 498 $repl{$matches[0][$i]} = chr($numval); 499 } 500 $attvalue = strtr($attvalue, $repl); 501 return true; 502 } 503 else 504 return false; 505 } 506 507 508 /* Stolen verbatim from Squirrelmail */ 509 function sq_defang(&$attvalue) 510 { 511 /* Skip this if there aren't ampersands or backslashes. */ 512 if ((strpos($attvalue, '&') === false) && 513 (strpos($attvalue, '\\') === false)) 514 return; 515 $m = false; 516 do 517 { 518 $m = false; 519 $m = $m || sq_deent($attvalue, '/\�*(\d+);*/s'); 520 $m = $m || sq_deent($attvalue, '/\�*((\d|[a-f])+);*/si', true); 521 $m = $m || sq_deent($attvalue, '/\\\\(\d+)/s', true); 522 } while ($m == true); 523 $attvalue = stripslashes($attvalue); 524 } 525 526 527 function rcmail_html_filter($html) 528 { 529 preg_match_all('/<\/?\w+((\s+\w+(\s*=\s*(?:".*?"|\'.*?\'|[^\'">\s]+))?)+\s*|\s*)\/?>/', $html, $tags); 530 531 /* From Squirrelmail: Translate all dangerous Unicode or Shift_JIS characters which are accepted by 532 * IE as regular characters. */ 533 $replace = array(array('ʟ', 'ʟ', /* L UNICODE IPA Extension */ 534 'ʀ', 'ʀ', /* R UNICODE IPA Extension */ 535 'ɴ', 'ɴ', /* N UNICODE IPA Extension */ 536 'E', 'E', /* Unicode FULLWIDTH LATIN CAPITAL LETTER E */ 537 'e', 'e', /* Unicode FULLWIDTH LATIN SMALL LETTER E */ 538 'X', 'X', /* Unicode FULLWIDTH LATIN CAPITAL LETTER X */ 539 'x', 'x', /* Unicode FULLWIDTH LATIN SMALL LETTER X */ 540 'P', 'P', /* Unicode FULLWIDTH LATIN CAPITAL LETTER P */ 541 'p', 'p', /* Unicode FULLWIDTH LATIN SMALL LETTER P */ 542 'R', 'R', /* Unicode FULLWIDTH LATIN CAPITAL LETTER R */ 543 'r', 'r', /* Unicode FULLWIDTH LATIN SMALL LETTER R */ 544 'S', 'S', /* Unicode FULLWIDTH LATIN CAPITAL LETTER S */ 545 's', 's', /* Unicode FULLWIDTH LATIN SMALL LETTER S */ 546 'I', 'I', /* Unicode FULLWIDTH LATIN CAPITAL LETTER I */ 547 'i', 'i', /* Unicode FULLWIDTH LATIN SMALL LETTER I */ 548 'O', 'O', /* Unicode FULLWIDTH LATIN CAPITAL LETTER O */ 549 'o', 'o', /* Unicode FULLWIDTH LATIN SMALL LETTER O */ 550 'N', 'N', /* Unicode FULLWIDTH LATIN CAPITAL LETTER N */ 551 'n', 'n', /* Unicode FULLWIDTH LATIN SMALL LETTER N */ 552 'L', 'L', /* Unicode FULLWIDTH LATIN CAPITAL LETTER L */ 553 'l', 'l', /* Unicode FULLWIDTH LATIN SMALL LETTER L */ 554 'U', 'U', /* Unicode FULLWIDTH LATIN CAPITAL LETTER U */ 555 'u', 'u', /* Unicode FULLWIDTH LATIN SMALL LETTER U */ 556 'ⁿ', 'ⁿ' , /* Unicode SUPERSCRIPT LATIN SMALL LETTER N */ 557 "\xEF\xBC\xA5", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER E */ 558 /* in unicode this is some Chinese char range */ 559 "\xEF\xBD\x85", /* Shift JIS FULLWIDTH LATIN SMALL LETTER E */ 560 "\xEF\xBC\xB8", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER X */ 561 "\xEF\xBD\x98", /* Shift JIS FULLWIDTH LATIN SMALL LETTER X */ 562 "\xEF\xBC\xB0", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER P */ 563 "\xEF\xBD\x90", /* Shift JIS FULLWIDTH LATIN SMALL LETTER P */ 564 "\xEF\xBC\xB2", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER R */ 565 "\xEF\xBD\x92", /* Shift JIS FULLWIDTH LATIN SMALL LETTER R */ 566 "\xEF\xBC\xB3", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER S */ 567 "\xEF\xBD\x93", /* Shift JIS FULLWIDTH LATIN SMALL LETTER S */ 568 "\xEF\xBC\xA9", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER I */ 569 "\xEF\xBD\x89", /* Shift JIS FULLWIDTH LATIN SMALL LETTER I */ 570 "\xEF\xBC\xAF", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER O */ 571 "\xEF\xBD\x8F", /* Shift JIS FULLWIDTH LATIN SMALL LETTER O */ 572 "\xEF\xBC\xAE", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER N */ 573 "\xEF\xBD\x8E", /* Shift JIS FULLWIDTH LATIN SMALL LETTER N */ 574 "\xEF\xBC\xAC", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER L */ 575 "\xEF\xBD\x8C", /* Shift JIS FULLWIDTH LATIN SMALL LETTER L */ 576 "\xEF\xBC\xB5", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER U */ 577 "\xEF\xBD\x95", /* Shift JIS FULLWIDTH LATIN SMALL LETTER U */ 578 "\xE2\x81\xBF", /* Shift JIS FULLWIDTH SUPERSCRIPT N */ 579 "\xCA\x9F", /* L UNICODE IPA Extension */ 580 "\xCA\x80", /* R UNICODE IPA Extension */ 581 "\xC9\xB4"), /* N UNICODE IPA Extension */ 582 array('l', 'l', 'r', 'r', 'n', 'n', 'E', 'E', 'e', 'e', 'X', 'X', 'x', 'x', 583 'P', 'P', 'p', 'p', 'R', 'R', 'r', 'r', 'S', 'S', 's', 's', 'I', 'I', 584 'i', 'i', 'O', 'O', 'o', 'o', 'N', 'N', 'n', 'n', 'L', 'L', 'l', 'l', 585 'U', 'U', 'u', 'u', 'n', 'n', 'E', 'e', 'X', 'x', 'P', 'p', 'R', 'r', 586 'S', 's', 'I', 'i', 'O', 'o', 'N', 'n', 'L', 'l', 'U', 'u', 'n', 'l', 'r', 'n')); 587 if ((count($tags)>3) && (count($tags[3])>0)) 588 foreach ($tags[3] as $nr=>$value) 589 { 590 /* Remove comments */ 591 $newvalue = preg_replace('/(\/\*.*\*\/)/','$2',$value); 592 /* Translate dangerous characters */ 593 $newvalue = str_replace($replace[0], $replace[1], $newvalue); 594 sq_defang($newvalue); 595 /* Rename dangerous CSS */ 596 $newvalue = preg_replace('/expression/i', 'idiocy', $newvalue); 597 $newvalue = preg_replace('/url/i', 'idiocy', $newvalue); 598 $newattrs = preg_replace('/'.preg_quote($value, '/').'$/', $newvalue, $tags[1][$nr]); 599 $newtag = preg_replace('/'.preg_quote($tags[1][$nr], '/').'/', $newattrs, $tags[0][$nr]); 600 $html = preg_replace('/'.preg_quote($tags[0][$nr], '/').'/', $newtag, $html); 601 } 602 return $html; 603 } 604 605 485 606 function rcmail_print_body($part, $safe=FALSE, $plain=FALSE) 486 607 { … … 534 655 } 535 656 536 return Q( $body, 'show', FALSE);657 return Q(rcmail_html_filter($body), 'show', FALSE); 537 658 } 538 659
Note: See TracChangeset
for help on using the changeset viewer.
