squirrelmail-webmail  1.4.22
About: SquirrelMail is a standards-based webmail package with strong MIME support, address books, and folder manipulation (written in PHP4).
  Fossies Dox: squirrelmail-webmail-1.4.22.tar.gz  ("inofficial" and yet experimental doxygen-generated source code documentation)  

mime.php File Reference

Go to the source code of this file.

Namespaces

 squirrelmail
 

Functions

 mime_structure ($bodystructure, $flags=array())
 
 mime_fetch_body ($imap_stream, $id, $ent_id=1, $fetch_size=0)
 
 mime_print_body_lines ($imap_stream, $id, $ent_id=1, $encoding, $rStream='php://stdout')
 
 listEntities ($message)
 
 getPriorityStr ($priority)
 
 getEntity ($message, $ent_id)
 
 translateText (&$body, $wrap_at, $charset)
 
 formatBody ($imap_stream, $message, $color, $wrap_at, $ent_num, $id, $mailbox='INBOX', $clean=false)
 
 formatAttachments ($message, $exclude_id, $mailbox, $id)
 
 sqimap_base64_decode (&$string)
 
 decodeBody ($body, $encoding)
 
 decodeHeader ($string, $utfencode=true, $htmlsave=true, $decide=false)
 
 encodeHeader ($string)
 
 encodeHeaderBase64 ($string, $charset)
 
 find_ent_id ($id, $message)
 
 sq_check_save_extension ($message)
 
 sq_defang (&$attvalue)
 
 sq_unspace (&$attvalue)
 
 sq_fixIE_idiocy (&$attvalue)
 
 sq_tagprint ($tagname, $attary, $tagtype)
 
 sq_casenormalize (&$val)
 
 sq_skipspace ($body, $offset)
 
 sq_findnxstr ($body, $offset, $needle)
 
 sq_findnxreg ($body, $offset, $reg)
 
 sq_getnxtag ($body, $offset)
 
 sq_deent (&$attvalue, $regex, $hex=false)
 
 sq_fixatts ($tagname, $attary, $rm_attnames, $bad_attvals, $add_attr_to_tag, $message, $id, $mailbox)
 
 sq_fix_url ($attname, &$attvalue, $message, $id, $mailbox, $sQuote='"')
 
 sq_fixstyle ($body, $pos, $message, $id, $mailbox)
 
 sq_cid2http ($message, $id, $cidurl, $mailbox)
 
 sq_body2div ($attary, $mailbox, $message, $id)
 
 sq_sanitize ($body, $tag_list, $rm_tags_with_content, $self_closing_tags, $force_tag_closing, $rm_attnames, $bad_attvals, $add_attr_to_tag, $message, $id, $mailbox)
 
 magicHTML ($body, $id, $message, $mailbox='INBOX', $take_mailto_links=true)
 
 SendDownloadHeaders ($type0, $type1, $filename, $force, $filesize=0)
 

Function Documentation

◆ decodeBody()

decodeBody (   $body,
  $encoding 
)

Decodes encoded message body

This function decodes the body depending on the encoding type. Currently quoted-printable and base64 encodings are supported. decode_body hook was added to this function in 1.4.2/1.5.0

Parameters
string$bodyencoded message body
string$encodingused encoding
Returns
string decoded string
Since
1.0

quoted_printable_decode() function is broken in older php versions. Text with \r
decoding was fixed only in php 4.3.0. Minimal code requirement 4.0.4 + str_replace("\r\n", "\n", $body); call.

Definition at line 598 of file mime.php.

References $body, $encoding, do_hook_function(), and elseif.

Referenced by formatBody(), mime_print_body_lines(), and newMail().

◆ decodeHeader()

decodeHeader (   $string,
  $utfencode = true,
  $htmlsave = true,
  $decide = false 
)

◆ encodeHeader()

encodeHeader (   $string)

Encodes header as quoted-printable

Encode a string according to RFC 1522 for use in headers if it contains 8-bit characters or anything that looks like it should be encoded.

Definition at line 759 of file mime.php.

References $default_charset, $j, $languages, $ret, $squirrelmail_language, elseif, encodeHeaderBase64(), sprintf, sq_is8bit(), and sq_mb_list_encodings().

Referenced by Rfc822Header\createAddressObject(), deliverMessage(), AddressStructure\getAddress(), getMessage_RFC822_Attachment(), Rfc822Header\parseAddress(), and Deliver\prepareMIME_Header().

◆ encodeHeaderBase64()

encodeHeaderBase64 (   $string,
  $charset 
)

Encodes string according to rfc2047 B encoding header formating rules

It is recommended way to encode headers with character sets that store symbols in more than one byte.

Function requires mbstring support. If required mbstring functions are missing, function returns false and sets E_USER_WARNING level error message.

Minimal requirements - php 4.0.6 with mbstring extension. Please note, that mbstring functions will generate E_WARNING errors, if unsupported character set is used. mb_encode_mimeheader function provided by php mbstring extension is not used in order to get better control of header encoding.

Used php code functions - function_exists(), trigger_error(), strlen() (is used with charset names and base64 strings). Used php mbstring functions - mb_strlen and mb_substr.

Related documents: rfc 2045 (BASE64 encoding), rfc 2047 (mime header encoding), rfc 2822 (header folding)

Parameters
string$stringheader string that must be encoded
string$charsetcharacter set. Must be supported by mbstring extension. Use sq_mb_list_encodings() to detect supported charsets.
Returns
string string encoded according to rfc2047 B encoding formating rules
Since
1.5.1 and 1.4.6

Check mbstring function requirements.

header length = 75 symbols max (same as in encodeHeader) remove $charset length remove =? ? ?= (5 chars) remove 2 more chars (\r
?)

Definition at line 922 of file mime.php.

References $charset.

Referenced by encodeHeader(), and japanese_charset_xtra().

◆ find_ent_id()

find_ent_id (   $id,
  $message 
)

This is part of a fix for Outlook Express 6.x generating cid URLs without creating content-id headers @JA - 20050207

Definition at line 985 of file mime.php.

References $id, $message, $ret, and elseif.

Referenced by sq_cid2http().

◆ formatAttachments()

formatAttachments (   $message,
  $exclude_id,
  $mailbox,
  $id 
)

◆ formatBody()

formatBody (   $imap_stream,
  $message,
  $color,
  $wrap_at,
  $ent_num,
  $id,
  $mailbox = 'INBOX',
  $clean = false 
)

This returns a parsed string called $body. That string can then be displayed as the actual message in the HTML. It contains everything needed, including HTML Tags, Attachments at the bottom, etc.

Definition at line 306 of file mime.php.

References $body, $charset, $id, $imap_stream, $imapPort, $imapServerAddress, $languages, $mailbox, $message, $show_html_default, $sort, $squirrelmail_language, $username, $view_unsafe_images, $wrap_at, _(), charset_decode(), decodeBody(), do_hook(), getEntity(), magicHTML(), mime_fetch_body(), SQ_GET, sqgetGlobalVar(), and translateText().

Referenced by translate_read_form().

◆ getEntity()

getEntity (   $message,
  $ent_id 
)

Definition at line 243 of file mime.php.

References $message.

Referenced by formatBody().

◆ getPriorityStr()

getPriorityStr (   $priority)

Definition at line 215 of file mime.php.

References _().

Referenced by formatEnvheader().

◆ listEntities()

listEntities (   $message)

Definition at line 200 of file mime.php.

References $message.

◆ magicHTML()

magicHTML (   $body,
  $id,
  $message,
  $mailbox = 'INBOX',
  $take_mailto_links = true 
)

This is a wrapper function to call html sanitizing routines.

Parameters
$bodythe body of the message
$idthe id of the message
boolean$take_mailto_linksWhen TRUE, converts mailto: links into internal SM compose links (optional; default = TRUE)
Returns
a string with html safe to display in the browser.

Don't display attached images in HTML mode.

Remove any references to http/https if view_unsafe_images set to false.

Definition at line 2291 of file mime.php.

References $attachment_common_show_images, $body, $compose_new_win, $id, $mailbox, $MailTo_PReg_Match, $message, $to, $view_unsafe_images, _(), makeComposeLink(), SM_PATH, SQ_GET, sq_sanitize(), and sqgetGlobalVar().

Referenced by formatBody().

◆ mime_fetch_body()

mime_fetch_body (   $imap_stream,
  $id,
  $ent_id = 1,
  $fetch_size = 0 
)

Definition at line 100 of file mime.php.

References $data, $imap_stream, $mailbox, $message, $ret, $uid_support, _(), and sqimap_run_command().

Referenced by formatBody(), mime_print_body_lines(), and newMail().

◆ mime_print_body_lines()

mime_print_body_lines (   $imap_stream,
  $id,
  $ent_id = 1,
  $encoding,
  $rStream = 'php://stdout' 
)

◆ mime_structure()

mime_structure (   $bodystructure,
  $flags = array() 
)

The typical includes... Get the MIME structure

This function gets the structure of a message and stores it in the "message" class. It will return this object for use with all relevant header information and fully parsed into the standard "message" object format.

Definition at line 30 of file mime.php.

References $color, $mailbox, $read, _(), displayPageHeader(), exit, Message\parseStructure(), plain_error_message(), and SM_PATH.

Referenced by sqimap_get_message().

◆ SendDownloadHeaders()

SendDownloadHeaders (   $type0,
  $type1,
  $filename,
  $force,
  $filesize = 0 
)

function SendDownloadHeaders - send file to the browser

Original Source: SM core src/download.php moved here to make it available to other code, and separate front end from back end functionality.

Parameters
string$type0first half of mime type
string$type1second half of mime type
string$filenamefilename to tell the browser for downloaded file
boolean$forcewhether to force the download dialog to pop
optionalinteger $filesize send the Content-Header and length to the browser
Returns
void

Definition at line 2536 of file mime.php.

References $filename, $languages, $squirrelmail_language, SQ_SERVER, and sqgetGlobalVar().

◆ sq_body2div()

sq_body2div (   $attary,
  $mailbox,
  $message,
  $id 
)

This function changes the <body> tag into a

tag since we can't really have a body-within-body.
Parameters
$attaryan array of attributes and values of <body>
$mailboxmailbox we're currently reading (for cid2http)
$messagecurrent message (for cid2http)
$idcurrent message id (for cid2http)
Returns
a modified array of attributes to be set for

Definition at line 2067 of file mime.php.

References $id, $mailbox, $message, and sq_cid2http().

Referenced by sq_sanitize().

◆ sq_casenormalize()

sq_casenormalize ( $val)

A small helper function to use with array_walk. Modifies a by-ref value and makes it lowercase.

Parameters
$vala value passed by-ref.
Returns
void since it modifies a by-ref value.

Definition at line 1180 of file mime.php.

◆ sq_check_save_extension()

sq_check_save_extension (   $message)

Definition at line 1009 of file mime.php.

References $filename, and $message.

◆ sq_cid2http()

sq_cid2http (   $message,
  $id,
  $cidurl,
  $mailbox 
)

This function converts cid: url's into the ones that can be viewed in the browser.

Parameters
$messagethe message object
$idthe message id
$cidurlthe cid: url.
$mailboxthe message mailbox
Returns
a string with a http-friendly url

Get rid of quotes.

This is part of a fix for Outlook Express 6.x generating cid URLs without creating content-id headers. These images are not part of the multipart/related html mail. The html contains references to attached images with as goal to render them inline although the attachment disposition property is not inline.

If we couldn't generate a proper img url, drop in a blank image instead of sending back empty, otherwise it causes unusual behaviour

Definition at line 2003 of file mime.php.

References $mailbox, $message, find_ent_id(), and SM_PATH.

Referenced by sq_body2div(), and sq_fix_url().

◆ sq_deent()

sq_deent ( $attvalue,
  $regex,
  $hex = false 
)

Translates entities into literal values so they can be checked.

Parameters
$attvaluethe by-ref value to check.
$regexthe regular expression to check against.
$hexwhether the entites are hexadecimal.
Returns
True or False depending on whether there were matches.

Definition at line 1551 of file mime.php.

Referenced by sq_defang().

◆ sq_defang()

sq_defang ( $attvalue)

HTMLFILTER ROUTINESThis function checks attribute values for entity-encoded values and returns them translated into 8-bit strings so we can run checks on them.

Parameters
$attvalueA string to run entity check against.
Returns
Nothing, modifies a reference value.

Skip this if there aren't ampersands or backslashes.

Definition at line 1029 of file mime.php.

References sq_deent().

Referenced by sq_fixatts(), and sq_fixstyle().

◆ sq_findnxreg()

sq_findnxreg (   $body,
  $offset,
  $reg 
)

This function takes a PCRE-style regexp and tries to match it within the string.

Parameters
$bodyThe string to look for needle in.
$offsetStart looking from here.
$regA PCRE-style regex to match.
Returns
Returns a false if no matches found, or an array with the following members:
  • integer with the location of the match within $body
  • string with whatever content between offset and the match
  • string with whatever it is we matched

Definition at line 1237 of file mime.php.

References $body.

Referenced by sq_getnxtag().

◆ sq_findnxstr()

sq_findnxstr (   $body,
  $offset,
  $needle 
)

This function looks for the next character within a string. It's really just a glorified "strpos", except it catches if failures nicely.

Parameters
$bodyThe string to look for needle in.
$offsetStart looking from this position.
$needleThe character/string to look for.
Returns
location of the next occurance of the needle, or strlen($body) if needle wasn't found.

Definition at line 1215 of file mime.php.

References $body.

Referenced by sq_getnxtag().

◆ sq_fix_url()

sq_fix_url (   $attname,
$attvalue,
  $message,
  $id,
  $mailbox,
  $sQuote = '"' 
)

This function filters url's

Parameters
$attvalueString with attribute value to filter
$messagemessage object
$idmessage id
$mailboxmailbox
$sQuotequoting characters around url's

Replace empty src tags with the blank image. src is only used for frames, images, and image inputs. Doing a replace should not affect them working as should be, however it will stop IE from being kicked off when src for img tags are not set

"Hack" fix for Outlook using propriatary outbind:// protocol in img tags. One day MS might actually make it match something useful, for now, falling back to using cid2http, so we can grab the blank.png.

Turn cid: urls into http-friendly ones.

Definition at line 1696 of file mime.php.

References $id, $mailbox, $message, $view_unsafe_images, _(), SM_PATH, sq_cid2http(), SQ_GET, and sqgetGlobalVar().

Referenced by sq_fixatts(), and sq_fixstyle().

◆ sq_fixatts()

sq_fixatts (   $tagname,
  $attary,
  $rm_attnames,
  $bad_attvals,
  $add_attr_to_tag,
  $message,
  $id,
  $mailbox 
)

This function runs various checks against the attributes.

Parameters
$tagnameString with the name of the tag.
$attaryArray with all tag attributes.
$rm_attnamesSee description for sq_sanitize
$bad_attvalsSee description for sq_sanitize
$add_attr_to_tagSee description for sq_sanitize
$messagemessage object
$idmessage id
$mailboxmailbox
Returns
Array with modified attributes.

See if this attribute should be removed.

Workaround for IE quirks

Remove any backslashes, entities, and extraneous whitespace.

Now let's run checks on the attvalues. I don't expect anyone to comprehend this. If you do, get in touch with me so I can drive to where you live and shake your hand personally. :)

There are two arrays in valary. First is matches. Second one is replacements

Use white list based filtering on attributes which can contain url's

See if we need to append any attributes to this tag.

Definition at line 1584 of file mime.php.

References $id, $mailbox, $message, sq_defang(), sq_fix_url(), sq_fixIE_idiocy(), and sq_unspace().

Referenced by sq_sanitize().

◆ sq_fixIE_idiocy()

sq_fixIE_idiocy ( $attvalue)

Translate all dangerous Unicode or Shift_JIS characters which are accepted by IE as regular characters.

Parameters
attvalueThe attribute value before dangerous characters are translated.
Returns
attvalue Nothing, modifies a reference value.
Author
Marc Groot Koerkamp.

Definition at line 1072 of file mime.php.

Referenced by sq_fixatts(), and sq_fixstyle().

◆ sq_fixstyle()

sq_fixstyle (   $body,
  $pos,
  $message,
  $id,
  $mailbox 
)

This function edits the style definition to make them friendly and usable in SquirrelMail.

Parameters
$messagethe message object
$idthe message id
$contenta string with whatever is between <style> and </style>
$mailboxthe message mailbox
Returns
a string with edited content.

First look for general BODY style declaration, which would be like so: body {background: blah-blah} and change it to .bodyclass so we can just assign it to a

Fix url('blah') declarations.
Remove any backslashes, entities, and extraneous whitespace.
Fix stupid css declarations which lead to vulnerabilities in IE.
Also remove "position" attribute, as it can easily be set to "fixed" or "absolute" with "left" and "top" attributes of zero, taking over the whole content frame. It can also be set to relative and move itself anywhere it wants to, displaying content in areas it shouldn't be allowed to touch.

Definition at line 1850 of file mime.php.

References $body, $content, $id, $mailbox, $message, $view_unsafe_images, _(), sq_defang(), sq_fix_url(), sq_fixIE_idiocy(), and sq_unspace().

Referenced by sq_sanitize().

◆ sq_getnxtag()

sq_getnxtag (   $body,
  $offset 
)

This function looks for the next tag.

Parameters
$bodyString where to look for the next tag.
$offsetStart looking from here.
Returns
false if no more tags exist in the body, or an array with the following members:
  • string with the name of the tag
  • array with attributes and their values
  • integer with tag type (1, 2, or 3)
  • integer where the tag starts (starting "<")
  • integer where the tag ends (ending ">") first three members will be false, if the tag is invalid.

We are here: blah blah <tag attribute="value"> ------—^

There are 3 kinds of tags:

  1. Opening tag, e.g.: aClosing tag, e.g.:
  2. XHTML-style content-less tag, e.g.:

A comment or an SGML declaration.

Assume tagtype 1 for now. If it's type 3, we'll switch values later.

Look for next [\W-_], which will indicate the end of the tag name.

$match can be either of these: '>' indicating the end of the tag entirely. '\s' indicating the end of the tag name. '/' indicating that this is type-3 xhtml tag.

Whatever else we find there indicates an invalid tag.

This is an xhtml-style tag with a closing / at the end, like so: . Check if it's followed by the closing bracket. If not, then this tag is invalid

Check if it's whitespace

This is an invalid tag! Look for the next closing ">".

At this point we're here: <tagname attribute="blah"> ----—^

At this point we loop in order to find all attributes.

Non-closed tag.

See if we arrived at a ">" or "/>", which means that we reached the end of the tag.

Yep. So we did.

There are several types of attributes, with optional [:space:] between members. Type 1: attrname[:space:]=[:space:]'CDATA' Type 2: attrname[:space:]=[:space:]"CDATA" Type 3: attr[:space:]=[:space:]CDATA Type 4: attrname

We leave types 1 and 2 the same, type 3 we check for '"' and convert to "&quot" if needed, then wrap in double quotes. Type 4 we convert into: attrname="yes".

Looks like body ended before the end of tag.

We arrived at the end of attribute name. Several things possible here: '>' means the end of the tag and this is attribute type 4 '/' if followed by '>' means the same thing as above '\s' means a lot of things – look what it's followed by. anything else means the attribute is invalid.

This is an xhtml-style tag with a closing / at the end, like so: . Check if it's followed by the closing bracket. If not, then this tag is invalid

Skip whitespace and see what we arrive at.

Two things are valid here: '=' means this is attribute type 1 2 or 3. \w means this was attribute type 4. anything else we ignore and re-loop. End of tag and invalid stuff will be caught by our checks at the beginning of the loop.

Here are 3 possibilities: "'" attribute type 1 '"' attribute type 2 everything else is the content of tag type 3

These are hateful. Look for \s, or >.

If it's ">" it will be caught at the top.

That was attribute type 4.

An illegal character. Find next '>' and return.

The fact that we got here indicates that the tag end was never found. Return invalid tag indication so it gets stripped.

Definition at line 1266 of file mime.php.

References $body, $gt, sq_findnxreg(), sq_findnxstr(), and sq_skipspace().

Referenced by sq_sanitize().

◆ sq_sanitize()

sq_sanitize (   $body,
  $tag_list,
  $rm_tags_with_content,
  $self_closing_tags,
  $force_tag_closing,
  $rm_attnames,
  $bad_attvals,
  $add_attr_to_tag,
  $message,
  $id,
  $mailbox 
)

This is the main function and the one you should actually be calling. There are several variables you should be aware of an which need special description.

Since the description is quite lengthy, see it here: http://linux.duke.edu/projects/mini/htmlfilter/

Parameters
$bodythe string with HTML you wish to filter
$tag_listsee description above
$rm_tags_with_contentsee description above
$self_closing_tagssee description above
$force_tag_closingsee description above
$rm_attnamessee description above
$bad_attvalssee description above
$add_attr_to_tagsee description above
$messagemessage object
$idmessage id
Returns
sanitized html safe to show on your pages.

Normalize rm_tags and rm_tags_with_content.

See if tag_list is of tags to remove or tags to allow. false means remove these tags true means allow these tags

Take care of netscape's stupid javascript entities like &{alert('boo')};

Take care of <style>

Got to the end of tag we needed to remove.

$rm_tags_with_content

See if this is a self-closing type and change tagtype appropriately.

See if we should skip this tag and any content inside it.

Convert body into div.

This is where we run other checks.

Definition at line 2117 of file mime.php.

References $body, $gt, $id, $mailbox, $message, sq_body2div(), sq_fixatts(), sq_fixstyle(), sq_getnxtag(), and sq_tagprint().

Referenced by magicHTML().

◆ sq_skipspace()

sq_skipspace (   $body,
  $offset 
)

This function skips any whitespace from the current position within a string and to the next non-whitespace value.

Parameters
$bodythe string
$offsetthe offset within the string where we should start looking for the next non-whitespace character.
Returns
the location within the $body where the next non-whitespace char is located.

Definition at line 1194 of file mime.php.

References $body, and $count.

Referenced by sq_getnxtag().

◆ sq_tagprint()

sq_tagprint (   $tagname,
  $attary,
  $tagtype 
)

This function returns the final tag out of the tag name, an array of attributes, and the type of the tag. This function is called by sq_sanitize internally.

Parameters
$tagnamethe name of the tag.
$attarythe array of attributes and their values
$tagtypeThe type of the tag (see in comments).
Returns
a string with the final tag representation.

Definition at line 1151 of file mime.php.

Referenced by sq_sanitize().

◆ sq_unspace()

sq_unspace ( $attvalue)

Kill any tabs, newlines, or carriage returns. Our friends the makers of the browser with 95% market value decided that it'd be funny to make "java[tab]script" be just as good as "javascript".

Parameters
attvalueThe attribute value before extraneous spaces removed.
Returns
attvalue Nothing, modifies a reference value.

Definition at line 1056 of file mime.php.

Referenced by sq_fixatts(), and sq_fixstyle().

◆ sqimap_base64_decode()

sqimap_base64_decode ( $string)

Definition at line 563 of file mime.php.

◆ translateText()

translateText ( $body,
  $wrap_at,
  $charset 
)

Definition at line 251 of file mime.php.

References $body, $charset, $color, $j, $wrap_at, charset_decode(), elseif, parseUrl(), SM_PATH, and sqWordWrap().

Referenced by formatBody().