|
squirrelmail-webmail
1.4.22
About: SquirrelMail is a standards-based webmail package with strong MIME support, address books, and folder manipulation (written in PHP4).
 Fossies Dox: squirrelmail-webmail-1.4.22.tar.gz ("inofficial" and yet experimental doxygen-generated source code documentation)  |
Go to the source code of this file.
Namespaces | |
| squirrelmail | |
Functions | |
| mime_structure ($bodystructure, $flags=array()) | |
| mime_fetch_body ($imap_stream, $id, $ent_id=1, $fetch_size=0) | |
| mime_print_body_lines ($imap_stream, $id, $ent_id=1, $encoding, $rStream='php://stdout') | |
| listEntities ($message) | |
| getPriorityStr ($priority) | |
| getEntity ($message, $ent_id) | |
| translateText (&$body, $wrap_at, $charset) | |
| formatBody ($imap_stream, $message, $color, $wrap_at, $ent_num, $id, $mailbox='INBOX', $clean=false) | |
| formatAttachments ($message, $exclude_id, $mailbox, $id) | |
| sqimap_base64_decode (&$string) | |
| decodeBody ($body, $encoding) | |
| decodeHeader ($string, $utfencode=true, $htmlsave=true, $decide=false) | |
| encodeHeader ($string) | |
| encodeHeaderBase64 ($string, $charset) | |
| find_ent_id ($id, $message) | |
| sq_check_save_extension ($message) | |
| sq_defang (&$attvalue) | |
| sq_unspace (&$attvalue) | |
| sq_fixIE_idiocy (&$attvalue) | |
| sq_tagprint ($tagname, $attary, $tagtype) | |
| sq_casenormalize (&$val) | |
| sq_skipspace ($body, $offset) | |
| sq_findnxstr ($body, $offset, $needle) | |
| sq_findnxreg ($body, $offset, $reg) | |
| sq_getnxtag ($body, $offset) | |
| sq_deent (&$attvalue, $regex, $hex=false) | |
| sq_fixatts ($tagname, $attary, $rm_attnames, $bad_attvals, $add_attr_to_tag, $message, $id, $mailbox) | |
| sq_fix_url ($attname, &$attvalue, $message, $id, $mailbox, $sQuote='"') | |
| sq_fixstyle ($body, $pos, $message, $id, $mailbox) | |
| sq_cid2http ($message, $id, $cidurl, $mailbox) | |
| sq_body2div ($attary, $mailbox, $message, $id) | |
| sq_sanitize ($body, $tag_list, $rm_tags_with_content, $self_closing_tags, $force_tag_closing, $rm_attnames, $bad_attvals, $add_attr_to_tag, $message, $id, $mailbox) | |
| magicHTML ($body, $id, $message, $mailbox='INBOX', $take_mailto_links=true) | |
| SendDownloadHeaders ($type0, $type1, $filename, $force, $filesize=0) | |
| decodeBody | ( | $body, | |
| $encoding | |||
| ) |
Decodes encoded message body
This function decodes the body depending on the encoding type. Currently quoted-printable and base64 encodings are supported. decode_body hook was added to this function in 1.4.2/1.5.0
| string | $body | encoded message body |
| string | $encoding | used encoding |
quoted_printable_decode() function is broken in older php versions. Text with \r
decoding was fixed only in php 4.3.0. Minimal code requirement 4.0.4 + str_replace("\r\n", "\n", $body); call.
Definition at line 598 of file mime.php.
References $body, $encoding, do_hook_function(), and elseif.
Referenced by formatBody(), mime_print_body_lines(), and newMail().
| decodeHeader | ( | $string, | |
$utfencode = true, |
|||
$htmlsave = true, |
|||
$decide = false |
|||
| ) |
Decodes headers
This functions decode strings that is encoded according to RFC1522 (MIME Part Two: Message Header Extensions for Non-ASCII Text). Patched by Christian Schmidt christian@ostenfeld.dk 23/03/2002
Definition at line 633 of file mime.php.
References $default_charset, $encoding, $j, $languages, $ret, $squirrelmail_language, charset_convert(), charset_decode(), elseif, and is_conversion_safe().
Referenced by attachSelectedMessages(), formatAttachments(), formatEnvheader(), formatRecipientString(), getAttachments(), Message\getFilename(), getforwardHeader(), getReplyCitation(), newMail(), pf_show_attachments(), printMessageInfo(), SendMDN(), showInputForm(), and sqimap_get_small_header_list().
| encodeHeader | ( | $string | ) |
Encodes header as quoted-printable
Encode a string according to RFC 1522 for use in headers if it contains 8-bit characters or anything that looks like it should be encoded.
Definition at line 759 of file mime.php.
References $default_charset, $j, $languages, $ret, $squirrelmail_language, elseif, encodeHeaderBase64(), sprintf, sq_is8bit(), and sq_mb_list_encodings().
Referenced by Rfc822Header\createAddressObject(), deliverMessage(), AddressStructure\getAddress(), getMessage_RFC822_Attachment(), Rfc822Header\parseAddress(), and Deliver\prepareMIME_Header().
| encodeHeaderBase64 | ( | $string, | |
| $charset | |||
| ) |
Encodes string according to rfc2047 B encoding header formating rules
It is recommended way to encode headers with character sets that store symbols in more than one byte.
Function requires mbstring support. If required mbstring functions are missing, function returns false and sets E_USER_WARNING level error message.
Minimal requirements - php 4.0.6 with mbstring extension. Please note, that mbstring functions will generate E_WARNING errors, if unsupported character set is used. mb_encode_mimeheader function provided by php mbstring extension is not used in order to get better control of header encoding.
Used php code functions - function_exists(), trigger_error(), strlen() (is used with charset names and base64 strings). Used php mbstring functions - mb_strlen and mb_substr.
Related documents: rfc 2045 (BASE64 encoding), rfc 2047 (mime header encoding), rfc 2822 (header folding)
| string | $string | header string that must be encoded |
| string | $charset | character set. Must be supported by mbstring extension. Use sq_mb_list_encodings() to detect supported charsets. |
Check mbstring function requirements.
header length = 75 symbols max (same as in encodeHeader) remove $charset length remove =? ? ?= (5 chars) remove 2 more chars (\r
?)
Definition at line 922 of file mime.php.
References $charset.
Referenced by encodeHeader(), and japanese_charset_xtra().
| find_ent_id | ( | $id, | |
| $message | |||
| ) |
| formatAttachments | ( | $message, | |
| $exclude_id, | |||
| $mailbox, | |||
| $id | |||
| ) |
Definition at line 425 of file mime.php.
References $attachments, $color, $filename, $header, $id, $mailbox, $message, $rfc822_header, $type0, $type1, _(), decodeHeader(), do_hook(), elseif, show_readable_size(), and SM_PATH.
| formatBody | ( | $imap_stream, | |
| $message, | |||
| $color, | |||
| $wrap_at, | |||
| $ent_num, | |||
| $id, | |||
$mailbox = 'INBOX', |
|||
$clean = false |
|||
| ) |
This returns a parsed string called $body. That string can then be displayed as the actual message in the HTML. It contains everything needed, including HTML Tags, Attachments at the bottom, etc.
Definition at line 306 of file mime.php.
References $body, $charset, $id, $imap_stream, $imapPort, $imapServerAddress, $languages, $mailbox, $message, $show_html_default, $sort, $squirrelmail_language, $username, $view_unsafe_images, $wrap_at, _(), charset_decode(), decodeBody(), do_hook(), getEntity(), magicHTML(), mime_fetch_body(), SQ_GET, sqgetGlobalVar(), and translateText().
Referenced by translate_read_form().
| getEntity | ( | $message, | |
| $ent_id | |||
| ) |
| getPriorityStr | ( | $priority | ) |
| magicHTML | ( | $body, | |
| $id, | |||
| $message, | |||
$mailbox = 'INBOX', |
|||
$take_mailto_links = true |
|||
| ) |
This is a wrapper function to call html sanitizing routines.
| $body | the body of the message | |
| $id | the id of the message | |
| boolean | $take_mailto_links | When TRUE, converts mailto: links into internal SM compose links (optional; default = TRUE) |
Don't display attached images in HTML mode.
Remove any references to http/https if view_unsafe_images set to false.
Definition at line 2291 of file mime.php.
References $attachment_common_show_images, $body, $compose_new_win, $id, $mailbox, $MailTo_PReg_Match, $message, $to, $view_unsafe_images, _(), makeComposeLink(), SM_PATH, SQ_GET, sq_sanitize(), and sqgetGlobalVar().
Referenced by formatBody().
| mime_fetch_body | ( | $imap_stream, | |
| $id, | |||
$ent_id = 1, |
|||
$fetch_size = 0 |
|||
| ) |
Definition at line 100 of file mime.php.
References $data, $imap_stream, $mailbox, $message, $ret, $uid_support, _(), and sqimap_run_command().
Referenced by formatBody(), mime_print_body_lines(), and newMail().
| mime_print_body_lines | ( | $imap_stream, | |
| $id, | |||
$ent_id = 1, |
|||
| $encoding, | |||
$rStream = 'php://stdout' |
|||
| ) |
Definition at line 164 of file mime.php.
References $body, $encoding, $id, $imap_stream, $message, $uid_support, decodeBody(), mime_fetch_body(), and sqimap_run_command().
Referenced by getAttachments().
| mime_structure | ( | $bodystructure, | |
$flags = array() |
|||
| ) |
The typical includes... Get the MIME structure
This function gets the structure of a message and stores it in the "message" class. It will return this object for use with all relevant header information and fully parsed into the standard "message" object format.
Definition at line 30 of file mime.php.
References $color, $mailbox, $read, _(), displayPageHeader(), exit, Message\parseStructure(), plain_error_message(), and SM_PATH.
Referenced by sqimap_get_message().
| SendDownloadHeaders | ( | $type0, | |
| $type1, | |||
| $filename, | |||
| $force, | |||
$filesize = 0 |
|||
| ) |
function SendDownloadHeaders - send file to the browser
Original Source: SM core src/download.php moved here to make it available to other code, and separate front end from back end functionality.
| string | $type0 | first half of mime type |
| string | $type1 | second half of mime type |
| string | $filename | filename to tell the browser for downloaded file |
| boolean | $force | whether to force the download dialog to pop |
| optional | integer $filesize send the Content-Header and length to the browser |
Definition at line 2536 of file mime.php.
References $filename, $languages, $squirrelmail_language, SQ_SERVER, and sqgetGlobalVar().
| sq_body2div | ( | $attary, | |
| $mailbox, | |||
| $message, | |||
| $id | |||
| ) |
This function changes the <body> tag into a
| $attary | an array of attributes and values of <body> |
| $mailbox | mailbox we're currently reading (for cid2http) |
| $message | current message (for cid2http) |
| $id | current message id (for cid2http) |
Definition at line 2067 of file mime.php.
References $id, $mailbox, $message, and sq_cid2http().
Referenced by sq_sanitize().
| sq_casenormalize | ( | & | $val | ) |
| sq_check_save_extension | ( | $message | ) |
| sq_cid2http | ( | $message, | |
| $id, | |||
| $cidurl, | |||
| $mailbox | |||
| ) |
This function converts cid: url's into the ones that can be viewed in the browser.
| $message | the message object |
| $id | the message id |
| $cidurl | the cid: url. |
| $mailbox | the message mailbox |
Get rid of quotes.
This is part of a fix for Outlook Express 6.x generating cid URLs without creating content-id headers. These images are not part of the multipart/related html mail. The html contains references to attached images with as goal to render them inline although the attachment disposition property is not inline.
If we couldn't generate a proper img url, drop in a blank image instead of sending back empty, otherwise it causes unusual behaviour
Definition at line 2003 of file mime.php.
References $mailbox, $message, find_ent_id(), and SM_PATH.
Referenced by sq_body2div(), and sq_fix_url().
| sq_deent | ( | & | $attvalue, |
| $regex, | |||
$hex = false |
|||
| ) |
Translates entities into literal values so they can be checked.
| $attvalue | the by-ref value to check. |
| $regex | the regular expression to check against. |
| $hex | whether the entites are hexadecimal. |
Definition at line 1551 of file mime.php.
Referenced by sq_defang().
| sq_defang | ( | & | $attvalue | ) |
HTMLFILTER ROUTINESThis function checks attribute values for entity-encoded values and returns them translated into 8-bit strings so we can run checks on them.
| $attvalue | A string to run entity check against. |
Skip this if there aren't ampersands or backslashes.
Definition at line 1029 of file mime.php.
References sq_deent().
Referenced by sq_fixatts(), and sq_fixstyle().
| sq_findnxreg | ( | $body, | |
| $offset, | |||
| $reg | |||
| ) |
This function takes a PCRE-style regexp and tries to match it within the string.
| $body | The string to look for needle in. |
| $offset | Start looking from here. |
| $reg | A PCRE-style regex to match. |
Definition at line 1237 of file mime.php.
References $body.
Referenced by sq_getnxtag().
| sq_findnxstr | ( | $body, | |
| $offset, | |||
| $needle | |||
| ) |
This function looks for the next character within a string. It's really just a glorified "strpos", except it catches if failures nicely.
| $body | The string to look for needle in. |
| $offset | Start looking from this position. |
| $needle | The character/string to look for. |
Definition at line 1215 of file mime.php.
References $body.
Referenced by sq_getnxtag().
| sq_fix_url | ( | $attname, | |
| & | $attvalue, | ||
| $message, | |||
| $id, | |||
| $mailbox, | |||
$sQuote = '"' |
|||
| ) |
This function filters url's
| $attvalue | String with attribute value to filter |
| $message | message object |
| $id | message id |
| $mailbox | mailbox |
| $sQuote | quoting characters around url's |
Replace empty src tags with the blank image. src is only used for frames, images, and image inputs. Doing a replace should not affect them working as should be, however it will stop IE from being kicked off when src for img tags are not set
"Hack" fix for Outlook using propriatary outbind:// protocol in img tags. One day MS might actually make it match something useful, for now, falling back to using cid2http, so we can grab the blank.png.
Turn cid: urls into http-friendly ones.
Definition at line 1696 of file mime.php.
References $id, $mailbox, $message, $view_unsafe_images, _(), SM_PATH, sq_cid2http(), SQ_GET, and sqgetGlobalVar().
Referenced by sq_fixatts(), and sq_fixstyle().
| sq_fixatts | ( | $tagname, | |
| $attary, | |||
| $rm_attnames, | |||
| $bad_attvals, | |||
| $add_attr_to_tag, | |||
| $message, | |||
| $id, | |||
| $mailbox | |||
| ) |
This function runs various checks against the attributes.
| $tagname | String with the name of the tag. |
| $attary | Array with all tag attributes. |
| $rm_attnames | See description for sq_sanitize |
| $bad_attvals | See description for sq_sanitize |
| $add_attr_to_tag | See description for sq_sanitize |
| $message | message object |
| $id | message id |
| $mailbox | mailbox |
See if this attribute should be removed.
Workaround for IE quirks
Remove any backslashes, entities, and extraneous whitespace.
Now let's run checks on the attvalues. I don't expect anyone to comprehend this. If you do, get in touch with me so I can drive to where you live and shake your hand personally. :)
There are two arrays in valary. First is matches. Second one is replacements
Use white list based filtering on attributes which can contain url's
See if we need to append any attributes to this tag.
Definition at line 1584 of file mime.php.
References $id, $mailbox, $message, sq_defang(), sq_fix_url(), sq_fixIE_idiocy(), and sq_unspace().
Referenced by sq_sanitize().
| sq_fixIE_idiocy | ( | & | $attvalue | ) |
Translate all dangerous Unicode or Shift_JIS characters which are accepted by IE as regular characters.
| attvalue | The attribute value before dangerous characters are translated. |
Definition at line 1072 of file mime.php.
Referenced by sq_fixatts(), and sq_fixstyle().
| sq_fixstyle | ( | $body, | |
| $pos, | |||
| $message, | |||
| $id, | |||
| $mailbox | |||
| ) |
This function edits the style definition to make them friendly and usable in SquirrelMail.
| $message | the message object |
| $id | the message id |
| $content | a string with whatever is between <style> and </style> |
| $mailbox | the message mailbox |
First look for general BODY style declaration, which would be like so: body {background: blah-blah} and change it to .bodyclass so we can just assign it to a
Definition at line 1850 of file mime.php.
References $body, $content, $id, $mailbox, $message, $view_unsafe_images, _(), sq_defang(), sq_fix_url(), sq_fixIE_idiocy(), and sq_unspace().
Referenced by sq_sanitize().
| sq_getnxtag | ( | $body, | |
| $offset | |||
| ) |
This function looks for the next tag.
| $body | String where to look for the next tag. |
| $offset | Start looking from here. |
We are here: blah blah <tag attribute="value"> ------—^
There are 3 kinds of tags:
A comment or an SGML declaration.
Assume tagtype 1 for now. If it's type 3, we'll switch values later.
Look for next [\W-_], which will indicate the end of the tag name.
$match can be either of these: '>' indicating the end of the tag entirely. '\s' indicating the end of the tag name. '/' indicating that this is type-3 xhtml tag.
Whatever else we find there indicates an invalid tag.
This is an xhtml-style tag with a closing / at the end, like so: . Check if it's followed by the closing bracket. If not, then this tag is invalid
Check if it's whitespace
This is an invalid tag! Look for the next closing ">".
At this point we're here: <tagname attribute="blah"> ----—^
At this point we loop in order to find all attributes.
Non-closed tag.
See if we arrived at a ">" or "/>", which means that we reached the end of the tag.
Yep. So we did.
There are several types of attributes, with optional [:space:] between members. Type 1: attrname[:space:]=[:space:]'CDATA' Type 2: attrname[:space:]=[:space:]"CDATA" Type 3: attr[:space:]=[:space:]CDATA Type 4: attrname
We leave types 1 and 2 the same, type 3 we check for '"' and convert to """ if needed, then wrap in double quotes. Type 4 we convert into: attrname="yes".
Looks like body ended before the end of tag.
We arrived at the end of attribute name. Several things possible here: '>' means the end of the tag and this is attribute type 4 '/' if followed by '>' means the same thing as above '\s' means a lot of things – look what it's followed by. anything else means the attribute is invalid.
This is an xhtml-style tag with a closing / at the end, like so: . Check if it's followed by the closing bracket. If not, then this tag is invalid
Skip whitespace and see what we arrive at.
Two things are valid here: '=' means this is attribute type 1 2 or 3. \w means this was attribute type 4. anything else we ignore and re-loop. End of tag and invalid stuff will be caught by our checks at the beginning of the loop.
Here are 3 possibilities: "'" attribute type 1 '"' attribute type 2 everything else is the content of tag type 3
These are hateful. Look for \s, or >.
If it's ">" it will be caught at the top.
That was attribute type 4.
An illegal character. Find next '>' and return.
The fact that we got here indicates that the tag end was never found. Return invalid tag indication so it gets stripped.
Definition at line 1266 of file mime.php.
References $body, $gt, sq_findnxreg(), sq_findnxstr(), and sq_skipspace().
Referenced by sq_sanitize().
| sq_sanitize | ( | $body, | |
| $tag_list, | |||
| $rm_tags_with_content, | |||
| $self_closing_tags, | |||
| $force_tag_closing, | |||
| $rm_attnames, | |||
| $bad_attvals, | |||
| $add_attr_to_tag, | |||
| $message, | |||
| $id, | |||
| $mailbox | |||
| ) |
This is the main function and the one you should actually be calling. There are several variables you should be aware of an which need special description.
Since the description is quite lengthy, see it here: http://linux.duke.edu/projects/mini/htmlfilter/
| $body | the string with HTML you wish to filter |
| $tag_list | see description above |
| $rm_tags_with_content | see description above |
| $self_closing_tags | see description above |
| $force_tag_closing | see description above |
| $rm_attnames | see description above |
| $bad_attvals | see description above |
| $add_attr_to_tag | see description above |
| $message | message object |
| $id | message id |
Normalize rm_tags and rm_tags_with_content.
See if tag_list is of tags to remove or tags to allow. false means remove these tags true means allow these tags
Take care of netscape's stupid javascript entities like &{alert('boo')};
Take care of <style>
Got to the end of tag we needed to remove.
$rm_tags_with_content
See if this is a self-closing type and change tagtype appropriately.
See if we should skip this tag and any content inside it.
Convert body into div.
This is where we run other checks.
Definition at line 2117 of file mime.php.
References $body, $gt, $id, $mailbox, $message, sq_body2div(), sq_fixatts(), sq_fixstyle(), sq_getnxtag(), and sq_tagprint().
Referenced by magicHTML().
| sq_skipspace | ( | $body, | |
| $offset | |||
| ) |
This function skips any whitespace from the current position within a string and to the next non-whitespace value.
| $body | the string |
| $offset | the offset within the string where we should start looking for the next non-whitespace character. |
Definition at line 1194 of file mime.php.
Referenced by sq_getnxtag().
| sq_tagprint | ( | $tagname, | |
| $attary, | |||
| $tagtype | |||
| ) |
This function returns the final tag out of the tag name, an array of attributes, and the type of the tag. This function is called by sq_sanitize internally.
| $tagname | the name of the tag. |
| $attary | the array of attributes and their values |
| $tagtype | The type of the tag (see in comments). |
Definition at line 1151 of file mime.php.
Referenced by sq_sanitize().
| sq_unspace | ( | & | $attvalue | ) |
Kill any tabs, newlines, or carriage returns. Our friends the makers of the browser with 95% market value decided that it'd be funny to make "java[tab]script" be just as good as "javascript".
| attvalue | The attribute value before extraneous spaces removed. |
Definition at line 1056 of file mime.php.
Referenced by sq_fixatts(), and sq_fixstyle().
| translateText | ( | & | $body, |
| $wrap_at, | |||
| $charset | |||
| ) |
Definition at line 251 of file mime.php.
References $body, $charset, $color, $j, $wrap_at, charset_decode(), elseif, parseUrl(), SM_PATH, and sqWordWrap().
Referenced by formatBody().
1.8.16