geos_one/go-mailzu
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

apply code-formating-cleanup-convert-DOS-to-UNIX-text-form from https://github.com/zedzedtop/mailzu

Browse Source
This commit is contained in:
Mario Fetka 2016-02-04 17:26:07 +01:00
parent 180aa514e9
commit 05196e9fb7
17 changed files with 967 additions and 1064 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/AmavisdEngine.class.php
View File

@ -37,7 +37,6 @@ else {
*/ */
class AmavisdEngine { class AmavisdEngine {
var $socket; // Reference to socket var $socket; // Reference to socket
var $port; // Amavisd spam release port var $port; // Amavisd spam release port
var $connected; // Connection status var $connected; // Connection status
@ -49,7 +48,6 @@ class AmavisdEngine {
* $return object Amavisd object * $return object Amavisd object
*/ */
function AmavisdEngine($host) { function AmavisdEngine($host) {
$this->socket = new Net_Socket(); $this->socket = new Net_Socket();
$this->port = $GLOBALS['conf']['amavisd']['spam_release_port']; $this->port = $GLOBALS['conf']['amavisd']['spam_release_port'];
$this->connected = false; $this->connected = false;
@ -82,7 +80,6 @@ class AmavisdEngine {
*/ */
function release_message($mail_id, $secret_id, $recipient, $quar_type, $quar_loc) { function release_message($mail_id, $secret_id, $recipient, $quar_type, $quar_loc) {
if (! $this->connected) { if (! $this->connected) {
return $this->last_error; return $this->last_error;
} }
@ -120,8 +117,6 @@ class AmavisdEngine {
} }
return $out; return $out;
} }
} }
?> ?>

8
lib/Auth.class.php
View File

@ -149,7 +149,6 @@ class Auth {
case "ad": case "ad":
case "ldap": case "ldap":
// Added this check for LDAP servers that switch to anonymous bind whenever // Added this check for LDAP servers that switch to anonymous bind whenever
// provided password is left blank // provided password is left blank
if ($pass == '') return (translate ('Invalid User Name/Password.')); if ($pass == '') return (translate ('Invalid User Name/Password.'));
@ -160,7 +159,6 @@ class Auth {
$ldap = new LDAPEngine(); $ldap = new LDAPEngine();
if( $ldap->connect() ) { if( $ldap->connect() ) {
// Get user DN // Get user DN
// For AD it could be of the form of 'user@domain' or standard LDAP dn // For AD it could be of the form of 'user@domain' or standard LDAP dn
$dn = $ldap->getUserDN($login); $dn = $ldap->getUserDN($login);
@ -184,7 +182,6 @@ class Auth {
break; break;
case "sql": case "sql":
// Include DBAuth class // Include DBAuth class
include_once('DBAuth.class.php'); include_once('DBAuth.class.php');
@ -222,7 +219,6 @@ class Auth {
break; break;
case "imap": case "imap":
// Include IMAPAuth class // Include IMAPAuth class
include_once('IMAPAuth.class.php'); include_once('IMAPAuth.class.php');
@ -242,6 +238,7 @@ class Auth {
default: default:
CmnFns::do_error_box(translate('Unknown server type'), '', false); CmnFns::do_error_box(translate('Unknown server type'), '', false);
break;
} }
} }
@ -250,7 +247,6 @@ class Auth {
CmnFns::write_log('Authentication failed' . ', ' . $msg, $login); CmnFns::write_log('Authentication failed' . ', ' . $msg, $login);
return translate($msg); return translate($msg);
} else { } else {
$this->is_loggedin = true; $this->is_loggedin = true;
CmnFns::write_log('Authentication successful', $login); CmnFns::write_log('Authentication successful', $login);
@ -303,7 +299,6 @@ class Auth {
} }
function isAllowedToLogin( $username ) { function isAllowedToLogin( $username ) {
global $conf; global $conf;
// If not defined or set to false, $username is allowed to log in // If not defined or set to false, $username is allowed to log in
@ -317,7 +312,6 @@ class Auth {
} }
} }
/** /**
* Log the user out of the system * Log the user out of the system
* @param none * @param none

43
lib/CmnFns.class.php
View File

@ -47,7 +47,6 @@ include_once('Pager.class.php');
* Provides functions common to most pages * Provides functions common to most pages
*/ */
class CmnFns { class CmnFns {
/** /**
* Convert minutes to hours * Convert minutes to hours
* @param double $time time to convert in minutes * @param double $time time to convert in minutes
@ -83,7 +82,6 @@ class CmnFns {
* @return int timestamp * @return int timestamp
*/ */
function formatDateISO($date) { function formatDateISO($date) {
$time = strtotime($date); $time = strtotime($date);
return $time; return $time;
} }
@ -101,7 +99,6 @@ class CmnFns {
return strftime($format, $date); return strftime($format, $date);
} }
/** /**
* Convert UNIX timestamp to datetime format * Convert UNIX timestamp to datetime format
* @param string $ts MySQL timestamp * @param string $ts MySQL timestamp
@ -117,7 +114,6 @@ class CmnFns {
return strftime($format, $ts); return strftime($format, $ts);
} }
/** /**
* Convert minutes to hours/minutes * Convert minutes to hours/minutes
* @param int $minutes minutes to convert * @param int $minutes minutes to convert
@ -143,7 +139,6 @@ class CmnFns {
return (strrpos($uri, '/') === false) ? $uri : substr($uri, 0, strlen($uri)); return (strrpos($uri, '/') === false) ? $uri : substr($uri, 0, strlen($uri));
} }
/** /**
* Prints an error message box and kills the app * Prints an error message box and kills the app
* @param string $msg error message to print * @param string $msg error message to print
@ -201,12 +196,12 @@ class CmnFns {
* @return array of cleaned up POST values * @return array of cleaned up POST values
*/ */
function cleanPostVals() { function cleanPostVals() {
$return = array(); $rval = array();
foreach ($_POST as $key => $val) foreach ($_POST as $key => $val)
$return[$key] = stripslashes(trim($val)); $rval[$key] = stripslashes(trim($val));
return $return; return $rval;
} }
/** /**
@ -215,12 +210,12 @@ class CmnFns {
* @return array of cleaned up data * @return array of cleaned up data
*/ */
function cleanVals($data) { function cleanVals($data) {
$return = array(); $rval = array();
foreach ($data as $key => $val) foreach ($data as $key => $val)
$return[$key] = stripslashes($val); $rval[$key] = stripslashes($val);
return $return; return $rval;
} }
/** /**
@ -267,7 +262,6 @@ class CmnFns {
return $order; return $order;
} }
/** /**
* Opposite of php's nl2br function. * Opposite of php's nl2br function.
* Subs in a newline for all brs * Subs in a newline for all brs
@ -382,7 +376,6 @@ class CmnFns {
return $str; return $str;
} }
/** /**
* Verifies current page number and returns value * Verifies current page number and returns value
* @param integer $page value of current page number * @param integer $page value of current page number
@ -515,7 +508,6 @@ class CmnFns {
?> ?>
<table border=0 width="100%"> <table border=0 width="100%">
<form action="<?php echo $submit_page ?>" method="get" name="quarantine"> <form action="<?php echo $submit_page ?>" method="get" name="quarantine">
<tr><td colspan=2 align="center"><?php echo translate('Search for messages whose:'); ?>&nbsp;</td></tr> <tr><td colspan=2 align="center"><?php echo translate('Search for messages whose:'); ?>&nbsp;</td></tr>
<tr><td align="right">&nbsp; <tr><td align="right">&nbsp;
<?php <?php
@ -645,7 +637,6 @@ class CmnFns {
return $result; return $result;
} }
/* /*
* Search for the var $name in $_SESSION, $_POST, $_GET, * Search for the var $name in $_SESSION, $_POST, $_GET,
* $_SERVER and set it in provided var. * $_SERVER and set it in provided var.
@ -668,36 +659,30 @@ class CmnFns {
* @return value of var * @return value of var
*/ */
function getGlobalVar($name, $search = INORDER) { function getGlobalVar($name, $search = INORDER) {
switch ($search) { switch ($search) {
/* we want the default case to be first here, /* we want the default case to be first here,
so that if a valid value isn't specified, so that if a valid value isn't specified,
all four arrays will be searched. */ all four arrays will be searched. */
default: default:
case INORDER: // check session, post, get case INORDER: // check session, post, get
case SESSION: case SESSION:
if( isset($_SESSION[$name]) ) if( isset($_SESSION[$name]) )
return $_SESSION[$name]; return $_SESSION[$name];
elseif ( $search == SESSION ) elseif ( $search == SESSION )
break; break;
// fall through
case FORM: // check post, get case FORM: // check post, get
case POST: case POST:
if( isset($_POST[$name]) ) if( isset($_POST[$name]) )
return $_POST[$name]; return $_POST[$name];
elseif ( $search == POST ) elseif ( $search == POST )
break; break;
// fall through
case GET: case GET:
if( isset($_GET[$name]) ) if( isset($_GET[$name]) )
return $_GET[$name]; return $_GET[$name];
/* For INORDER case, exit after GET */ /* For INORDER case, exit after GET */
break; break;
case SERVER: case SERVER:
if( isset($_SERVER[$name]) ) if( isset($_SERVER[$name]) )
return $_SERVER[$name]; return $_SERVER[$name];
@ -729,11 +714,11 @@ class CmnFns {
?> ?>
<table border=0 width="100%"> <table border=0 width="100%">
<form action="<? echo $submit_page ?>" method="get" name="wblist"> <form action="<?php echo $submit_page ?>" method="get" name="wblist">
<tr><td colspan=2 align="center"><? echo translate('Search for rules whose:'); ?>&nbsp;</td></tr> <tr><td colspan=2 align="center"><?php echo translate('Search for rules whose:'); ?>&nbsp;</td></tr>
<tr><td align="right">&nbsp; <tr><td align="right">&nbsp;
<? <?php
$i = 1; $i = 1;
$array_size = count($fields_array); $array_size = count($fields_array);
foreach ($fields_array as $k => $name) { foreach ($fields_array as $k => $name) {
@ -761,14 +746,14 @@ class CmnFns {
$i ++; $i ++;
echo ($i % 2) ? "&nbsp;</td></tr>\n\t\t\t<tr><td colspan='2' align='center'>&nbsp\n" : "&nbsp;</td><td align='left'>&nbsp"; echo ($i % 2) ? "&nbsp;</td></tr>\n\t\t\t<tr><td colspan='2' align='center'>&nbsp\n" : "&nbsp;</td><td align='left'>&nbsp";
?> ?>
<input type="submit" class="button" name="search_action" value="<? echo translate('Search'); ?>" /> <input type="submit" class="button" name="search_action" value="<?php echo translate('Search'); ?>" />
<? if (CmnFns::didSearch()) <?php if (CmnFns::didSearch())
echo "<input type=\"submit\" class=\"button\" name=\"search_action\" value=\"" . translate('Clear search results') . "\" />"; echo "<input type=\"submit\" class=\"button\" name=\"search_action\" value=\"" . translate('Clear search results') . "\" />";
?> ?>
&nbsp;</td></tr> &nbsp;</td></tr>
</form> </form>
</table> </table>
<? <?php
} }

15
lib/DBAuth.class.php
View File

@ -35,7 +35,6 @@ else {
* Provide all database access/manipulation functionality for SQL Auth * Provide all database access/manipulation functionality for SQL Auth
*/ */
class DBAuth { class DBAuth {
// Reference to the database object // Reference to the database object
var $db; var $db;
@ -107,7 +106,6 @@ class DBAuth {
* @param none * @param none
*/ */
function db_connect() { function db_connect() {
/*********************************************************** /***********************************************************
/ This uses PEAR::DB / This uses PEAR::DB
/ See http://www.pear.php.net/manual/en/package.database.php#package.database.db / See http://www.pear.php.net/manual/en/package.database.php#package.database.db
@ -145,7 +143,6 @@ class DBAuth {
* @return boolean * @return boolean
*/ */
function authUser($username, $password) { function authUser($username, $password) {
if ( $this->isMd5 ) if ( $this->isMd5 )
$password = md5( $password ); $password = md5( $password );
@ -171,7 +168,6 @@ class DBAuth {
$this->err_msg = translate('There are no records in the table.'); $this->err_msg = translate('There are no records in the table.');
return false; return false;
} else { } else {
// Fetch the first row of data // Fetch the first row of data
$rs = $this->cleanRow($result->fetchRow()); $rs = $this->cleanRow($result->fetchRow());
@ -198,7 +194,6 @@ class DBAuth {
return false; return false;
} }
/** /**
* Strips out slashes for all data in the return row * Strips out slashes for all data in the return row
* - THIS MUST ONLY BE ONE ROW OF DATA - * - THIS MUST ONLY BE ONE ROW OF DATA -
@ -206,11 +201,11 @@ class DBAuth {
* @return array with same key => value pairs (except slashes) * @return array with same key => value pairs (except slashes)
*/ */
function cleanRow($data) { function cleanRow($data) {
$return = array(); $rval = array();
foreach ($data as $key => $val) foreach ($data as $key => $val)
$return[$key] = stripslashes($val); $rval[$key] = stripslashes($val);
return $return; return $rval;
} }
/** /**
@ -229,12 +224,12 @@ class DBAuth {
* @return array containing user information * @return array containing user information
*/ */
function getUserData() { function getUserData() {
$return = array( $rval = array(
'logonName' => $this->logonName, 'logonName' => $this->logonName,
'firstName' => $this->firstName, 'firstName' => $this->firstName,
'emailAddress' => $this->emailAddress 'emailAddress' => $this->emailAddress
); );
return $return; return $rval;
} }
//mysql_crypt - shamelessly stolen from php.net docs //mysql_crypt - shamelessly stolen from php.net docs

85
lib/DBEngine.class.php
View File

@ -43,7 +43,6 @@ else {
* Provide all database access/manipulation functionality * Provide all database access/manipulation functionality
*/ */
class DBEngine { class DBEngine {
// Reference to the database object // Reference to the database object
var $db; var $db;
@ -85,7 +84,6 @@ class DBEngine {
* @global $conf * @global $conf
*/ */
function db_connect() { function db_connect() {
/*********************************************************** /***********************************************************
/ This uses PEAR::DB / This uses PEAR::DB
/ See http://www.pear.php.net/manual/en/package.database.php#package.database.db / See http://www.pear.php.net/manual/en/package.database.php#package.database.db
@ -121,7 +119,7 @@ class DBEngine {
global $conf; global $conf;
$return = array(); $rval = array();
$total = array( 'spam' => 0, 'banned' => 0, 'virus' => 0, 'header' => 0, 'pending' => 0, 'total' => 0); $total = array( 'spam' => 0, 'banned' => 0, 'virus' => 0, 'header' => 0, 'pending' => 0, 'total' => 0);
$query = "SELECT date, $query = "SELECT date,
@ -199,7 +197,7 @@ class DBEngine {
$timestamp = CmnFns::formatDateISO($rs['date']); $timestamp = CmnFns::formatDateISO($rs['date']);
$date = CmnFns::formatDate($timestamp); $date = CmnFns::formatDate($timestamp);
$totalthisdate = $rs['spam'] + $rs['banned'] + $rs['viruses'] + $rs['badheaders'] + $rs['pending']; $totalthisdate = $rs['spam'] + $rs['banned'] + $rs['viruses'] + $rs['badheaders'] + $rs['pending'];
$return[$date] = array('spam' => $rs['spam'], $rval[$date] = array('spam' => $rs['spam'],
'banned' => $rs['banned'], 'banned' => $rs['banned'],
'virus' => $rs['viruses'], 'virus' => $rs['viruses'],
'header' => $rs['badheaders'], 'header' => $rs['badheaders'],
@ -208,16 +206,16 @@ class DBEngine {
} }
// Total the data // Total the data
foreach ($return as $date => $typearray) { foreach ($rval as $date => $typearray) {
foreach ($typearray as $type => $count) { foreach ($typearray as $type => $count) {
$total[$type] += $count; $total[$type] += $count;
} }
} }
$return['Total'] = $total; $rval['Total'] = $total;
$result->free(); $result->free();
return $return; return $rval;
} }
// User methods ------------------------------------------- // User methods -------------------------------------------
@ -231,7 +229,7 @@ class DBEngine {
global $conf; global $conf;
$return = array(); $rval = array();
$total = array('spam' => 0, 'banned' => 0, 'virus' => 0, 'header' => 0, 'pending' => 0, 'total' => 0); $total = array('spam' => 0, 'banned' => 0, 'virus' => 0, 'header' => 0, 'pending' => 0, 'total' => 0);
// Get where clause for recipient email address(es) // Get where clause for recipient email address(es)
@ -325,7 +323,7 @@ class DBEngine {
$timestamp = CmnFns::formatDateISO($rs['date']); $timestamp = CmnFns::formatDateISO($rs['date']);
$date = CmnFns::formatDate($timestamp); $date = CmnFns::formatDate($timestamp);
$totalthisdate = $rs['spam'] + $rs['banned'] + $rs['viruses'] + $rs['badheaders'] + $rs['pending']; $totalthisdate = $rs['spam'] + $rs['banned'] + $rs['viruses'] + $rs['badheaders'] + $rs['pending'];
$return[$date] = array('spam' => $rs['spam'], $rval[$date] = array('spam' => $rs['spam'],
'banned' => $rs['banned'], 'banned' => $rs['banned'],
'virus' => $rs['viruses'], 'virus' => $rs['viruses'],
'header' => $rs['badheaders'], 'header' => $rs['badheaders'],
@ -334,16 +332,16 @@ class DBEngine {
} }
// Total the data // Total the data
foreach ($return as $date => $typearray) { foreach ($rval as $date => $typearray) {
foreach ($typearray as $type => $count) { foreach ($typearray as $type => $count) {
$total[$type] += $count; $total[$type] += $count;
} }
} }
$return['Total'] = $total; $rval['Total'] = $total;
$result->free(); $result->free();
return $return; return $rval;
} }
@ -375,7 +373,7 @@ class DBEngine {
$sizeLimit = isset ( $conf['app']['displaySizeLimit'] ) && is_numeric( $conf['app']['displaySizeLimit'] ) ? $sizeLimit = isset ( $conf['app']['displaySizeLimit'] ) && is_numeric( $conf['app']['displaySizeLimit'] ) ?
$conf['app']['displaySizeLimit'] : 50; $conf['app']['displaySizeLimit'] : 50;
$return = array(); $rval = array();
if (is_array($search_array)) { if (is_array($search_array)) {
$search_clause = ""; $search_clause = "";
@ -418,13 +416,20 @@ class DBEngine {
} }
} }
$query = "SELECT msgs.time_num, msgs.from_addr, $query = "SELECT
msgs.mail_id, msgs.subject, msgs.spam_level, msgs.content, msgs.time_num,
msgrcpt.rs, msgs.quar_type, recip.email msgs.from_addr,
msgs.mail_id,
msgs.subject,
msgs.spam_level,
msgs.content,
msgrcpt.rs,
msgs.quar_type,
recip.email
FROM msgs FROM msgs
INNER JOIN msgrcpt ON msgs.mail_id=msgrcpt.mail_id INNER JOIN msgrcpt ON msgs.mail_id = msgrcpt.mail_id
$join_type maddr AS sender ON msgs.sid=sender.id $join_type maddr AS sender ON msgs.sid = sender.id
$join_type maddr AS recip ON msgrcpt.rid=recip.id $join_type maddr AS recip ON msgrcpt.rid = recip.id
WHERE $type_clause" WHERE $type_clause"
// Only check against the email address when not admin // Only check against the email address when not admin
. ($msgs_all ? ' ' : $emailaddr_clause) . ($msgs_all ? ' ' : $emailaddr_clause)
@ -456,7 +461,7 @@ class DBEngine {
if ( $get_all ) { if ( $get_all ) {
while ($rs = $result->fetchRow()) { while ($rs = $result->fetchRow()) {
$return[] = $this->cleanRow($rs); $rval[] = $this->cleanRow($rs);
} }
} else { } else {
// the row to start fetching // the row to start fetching
@ -469,13 +474,13 @@ class DBEngine {
if (!$row = $result->fetchrow(DB_FETCHMODE_ASSOC, $rownum)) { if (!$row = $result->fetchrow(DB_FETCHMODE_ASSOC, $rownum)) {
break; break;
} }
$return[] = $this->cleanRow($row); $rval[] = $this->cleanRow($row);
} }
} }
$result->free(); $result->free();
return $return; return $rval;
} }
/** /**
@ -486,7 +491,6 @@ class DBEngine {
* @return array of message(s) * @return array of message(s)
*/ */
function get_message($emailaddress, $mail_id) { function get_message($emailaddress, $mail_id) {
global $conf; global $conf;
# MySQL seems to run faster with a LEFT JOIN # MySQL seems to run faster with a LEFT JOIN
@ -498,7 +502,7 @@ class DBEngine {
$recipEmailClause = $this->convertEmailaddresses2SQL($emailaddress); $recipEmailClause = $this->convertEmailaddresses2SQL($emailaddress);
$return = array(); $rval = array();
$query = 'SELECT msgs.time_num, msgs.secret_id, msgs.subject, msgs.from_addr, msgs.spam_level,' $query = 'SELECT msgs.time_num, msgs.secret_id, msgs.subject, msgs.from_addr, msgs.spam_level,'
. ' msgrcpt.rs, recip.email, msgs.host, msgs.content, msgs.quar_type, msgs.quar_loc' . ' msgrcpt.rs, recip.email, msgs.host, msgs.content, msgs.quar_type, msgs.quar_loc'
@ -522,12 +526,12 @@ class DBEngine {
return NULL; return NULL;
} }
while ($rs = $result->fetchRow()) { while ($rs = $result->fetchRow()) {
$return[] = $this->cleanRow($rs); $rval[] = $this->cleanRow($rs);
} }
$result->free(); $result->free();
return $return; return $rval;
} }
/** /**
@ -539,7 +543,6 @@ class DBEngine {
* @return array of message(s) * @return array of message(s)
*/ */
function update_msgrcpt_rs($mail_id, $mail_rcpt, $flag) { function update_msgrcpt_rs($mail_id, $mail_rcpt, $flag) {
// If its a pending message, do not set the rs flag to 'v' // If its a pending message, do not set the rs flag to 'v'
$cur_msg_array = $this->get_message($mail_rcpt, $mail_id); $cur_msg_array = $this->get_message($mail_rcpt, $mail_id);
$msg_status = $cur_msg_array[0]; $msg_status = $cur_msg_array[0];
@ -561,7 +564,6 @@ class DBEngine {
return true; return true;
} }
/** /**
* Function that returns number of entries for logged in user * Function that returns number of entries for logged in user
* where RS flag is equal to $flag * where RS flag is equal to $flag
@ -570,7 +572,6 @@ class DBEngine {
* @return number of message(s) * @return number of message(s)
*/ */
function get_count_rs($emailaddresses, $flag) { function get_count_rs($emailaddresses, $flag) {
// Get where clause for recipient email address(es) // Get where clause for recipient email address(es)
$emailaddr_clause = $this->convertEmailaddresses2SQL($emailaddresses); $emailaddr_clause = $this->convertEmailaddresses2SQL($emailaddresses);
if ( $emailaddr_clause != '' ) if ( $emailaddr_clause != '' )
@ -617,7 +618,6 @@ class DBEngine {
} }
} }
if (Auth::isMailAdmin()) { if (Auth::isMailAdmin()) {
$values = array($mail_id); $values = array($mail_id);
$query = 'SELECT' . $mail_text_column . ' FROM quarantine ' . $query = 'SELECT' . $mail_text_column . ' FROM quarantine ' .
@ -640,14 +640,14 @@ class DBEngine {
if ($result->numRows() <= 0){ if ($result->numRows() <= 0){
return false; return false;
} }
$return = ""; $rval = "";
while ($rs = $result->fetchRow()) { while ($rs = $result->fetchRow()) {
$return .= $rs['mail_text']; $rval .= $rs['mail_text'];
} }
$result->free(); $result->free();
return $return; return $rval;
} }
/** /**
@ -681,11 +681,11 @@ class DBEngine {
* @return array with same key => value pairs (except slashes) * @return array with same key => value pairs (except slashes)
*/ */
function cleanRow($data) { function cleanRow($data) {
$return = array(); $rval = array();
foreach ($data as $key => $val) foreach ($data as $key => $val)
$return[$key] = stripslashes($val); $rval[$key] = stripslashes($val);
return $return; return $rval;
} }
/** /**
@ -705,11 +705,9 @@ class DBEngine {
* @return array containing SQL code * @return array containing SQL code
*/ */
function convertSearch2SQL($field, $criterion, $string) { function convertSearch2SQL($field, $criterion, $string) {
$result = array(); $result = array();
if ( $string != '' ) { if ( $string != '' ) {
switch ($criterion) { switch ($criterion) {
case "contains": case "contains":
$search_clause = "(" . $field . " LIKE '%" . $string . "%')" ; $search_clause = "(" . $field . " LIKE '%" . $string . "%')" ;
@ -728,7 +726,6 @@ class DBEngine {
} }
array_push($result, $search_clause); array_push($result, $search_clause);
} }
return $result; return $result;
} }
@ -796,8 +793,8 @@ class DBEngine {
$this->check_for_error($result, $query); $this->check_for_error($result, $query);
if ($result->numRows() == 1) { if ($result->numRows() == 1) {
$return = $result->fetchRow(); $rval = $result->fetchRow();
return $return['id']; return $rval['id'];
} else if ($result->numRows() == 0 } else if ($result->numRows() == 0
&& strpos($recip_email,"@")) { && strpos($recip_email,"@")) {
@ -927,7 +924,7 @@ class DBEngine {
function get_user_control_list( $emailaddresses, $order = 'sender', $vert = 'ASC', $search_array, $page, $all = false) { function get_user_control_list( $emailaddresses, $order = 'sender', $vert = 'ASC', $search_array, $page, $all = false) {
global $conf; global $conf;
$return = Array(); $rval = Array();
// grab the display size limit set in config.php // grab the display size limit set in config.php
$sizeLimit = (isset ( $conf['app']['displaySizeLimit'] ) && is_numeric( $conf['app']['displaySizeLimit'] ) ? $sizeLimit = (isset ( $conf['app']['displaySizeLimit'] ) && is_numeric( $conf['app']['displaySizeLimit'] ) ?
@ -980,13 +977,13 @@ class DBEngine {
if (!$row = $result->fetchrow(DB_FETCHMODE_ASSOC, $rownum)) { if (!$row = $result->fetchrow(DB_FETCHMODE_ASSOC, $rownum)) {
break; break;
} }
$return[] = $this->cleanRow($row); $rval[] = $this->cleanRow($row);
} }
$result->free(); $result->free();
return $return; return $rval;
} }
} }

3
lib/ExchAuth.class.php
View File

@ -21,7 +21,6 @@ include_once('lib/CmnFns.class.php');
* Provide all database access/manipulation functionality for Exchange Auth * Provide all database access/manipulation functionality for Exchange Auth
*/ */
class ExchAuth { class ExchAuth {
// The exchange hostname with port (hostname[:port]) // The exchange hostname with port (hostname[:port])
var $exchHost; var $exchHost;
// The exchange LDAP URI (ldap://hostname[:port]) // The exchange LDAP URI (ldap://hostname[:port])
@ -56,7 +55,6 @@ class ExchAuth {
* @return boolean * @return boolean
*/ */
function authUser($username, $password, $domain) { function authUser($username, $password, $domain) {
$fulluser = $domain.'/'.$username; $fulluser = $domain.'/'.$username;
$mbox = imap_open('{'.$this->exchHost.'/imap}Inbox', $fulluser, $password); $mbox = imap_open('{'.$this->exchHost.'/imap}Inbox', $fulluser, $password);
if ($mbox === false) { if ($mbox === false) {
@ -121,6 +119,5 @@ class ExchAuth {
); );
return $return; return $return;
} }
} }
?> ?>

12
lib/IMAPAuth.class.php
View File

@ -21,7 +21,6 @@ include_once('lib/CmnFns.class.php');
* Provide all database access/manipulation functionality for IMAP Auth * Provide all database access/manipulation functionality for IMAP Auth
*/ */
class IMAPAuth { class IMAPAuth {
// The IMAP hosts with port (hostname[:port]) // The IMAP hosts with port (hostname[:port])
var $imapHosts; var $imapHosts;
// IMAP authentication type // IMAP authentication type
@ -60,7 +59,6 @@ class IMAPAuth {
$this->imapUsername = $username; $this->imapUsername = $username;
foreach ($this->imapHosts as $host) { // Try each host in turn foreach ($this->imapHosts as $host) { // Try each host in turn
$host = trim($host); $host = trim($host);
switch ($this->imapType) { switch ($this->imapType) {
@ -109,16 +107,12 @@ class IMAPAuth {
* @return array containing user information * @return array containing user information
*/ */
function getUserData() { function getUserData() {
$return = array( $rval = array(
'logonName' => $this->imapUsername, 'logonName' => $this->imapUsername,
'firstName' => $this->imapUsername, 'firstName' => $this->imapUsername,
'emailAddress' => array( $this->imapUsername. 'emailAddress' => array($this->imapUsername.(empty($this->imapDomainName) ? '' : '@'. $this->imapDomainName))
( empty($this->imapDomainName) ? '' :
'@'. $this->imapDomainName )
)
); );
return $return; return $rval;
} }
} }
?> ?>

12
lib/LDAPEngine.class.php
View File

@ -17,9 +17,7 @@
*/ */
include_once('lib/CmnFns.class.php'); include_once('lib/CmnFns.class.php');
class LDAPEngine { class LDAPEngine {
// The directory server, tested with OpenLDAP and Active Directory // The directory server, tested with OpenLDAP and Active Directory
var $serverType; var $serverType;
@ -89,7 +87,6 @@ class LDAPEngine {
// The user's mail address ($mailAttr value) // The user's mail address ($mailAttr value)
var $emailAddress; var $emailAddress;
/** /**
* LDAPEngine constructor to initialize object * LDAPEngine constructor to initialize object
*/ */
@ -140,7 +137,6 @@ class LDAPEngine {
* @param none * @param none
*/ */
function connect() { function connect() {
foreach ($this->hosts as $host) { foreach ($this->hosts as $host) {
$ldap_url = ( $this->ssl ? "ldaps://".$host : $host ); $ldap_url = ( $this->ssl ? "ldaps://".$host : $host );
$this->connection = ldap_connect($ldap_url); $this->connection = ldap_connect($ldap_url);
@ -218,7 +214,6 @@ class LDAPEngine {
} }
} }
// User methods ------------------------------------------- // User methods -------------------------------------------
/** /**
@ -282,7 +277,6 @@ class LDAPEngine {
* @return array * @return array
*/ */
function searchUserDN($searchFilter) { function searchUserDN($searchFilter) {
switch ($this->serverType) { switch ($this->serverType) {
case "ldap": case "ldap":
if ( $this->searchUser != '' ) { if ( $this->searchUser != '' ) {
@ -318,14 +312,12 @@ class LDAPEngine {
return $dn; return $dn;
} }
/** /**
* Queries LDAP for user information * Queries LDAP for user information
* @param string $dn * @param string $dn
* @return boolean indicating success or failure * @return boolean indicating success or failure
*/ */
function loadUserData($dn) { function loadUserData($dn) {
$this->emailAddress = array(); $this->emailAddress = array();
// We are instered in getting just the user's first name and his/her mail attribute(s) // We are instered in getting just the user's first name and his/her mail attribute(s)
@ -385,12 +377,12 @@ class LDAPEngine {
* @return array containing user information * @return array containing user information
*/ */
function getUserData() { function getUserData() {
$return = array( $rval = array(
'logonName' => $this->logonName, 'logonName' => $this->logonName,
'firstName' => $this->firstName, 'firstName' => $this->firstName,
'emailAddress' => $this->emailAddress 'emailAddress' => $this->emailAddress
); );
return $return; return $rval;
} }

2
lib/Link.class.php
View File

@ -98,7 +98,6 @@ class Link {
//============================================= //=============================================
//--------------------------------------------- //---------------------------------------------
// Getter functions // Getter functions
//--------------------------------------------- //---------------------------------------------
@ -160,7 +159,6 @@ class Link {
//============================================= //=============================================
/** /**
* Print out a link without creating a new Link object * Print out a link without creating a new Link object
* @param string $url url to link to * @param string $url url to link to

9
lib/MailEngine.class.php
View File

@ -23,9 +23,8 @@ if ($GLOBALS['conf']['app']['safeMode']) {
ini_set('include_path', ( dirname(__FILE__) . '/pear/' . PATH_SEPARATOR . ini_get('include_path') )); ini_set('include_path', ( dirname(__FILE__) . '/pear/' . PATH_SEPARATOR . ini_get('include_path') ));
include_once('pear/PEAR.php'); include_once('pear/PEAR.php');
include_once('pear/Mail/mimeDecode.php'); include_once('pear/Mail/mimeDecode.php');
} } else {
else { include_once('PEAR.php');
include_once 'PEAR.php';
include_once('Mail/mimeDecode.php'); include_once('Mail/mimeDecode.php');
} }
@ -34,7 +33,6 @@ else {
*/ */
class MailEngine { class MailEngine {
var $raw; // Raw mail contents var $raw; // Raw mail contents
var $struct; // The top-level MIME structure var $struct; // The top-level MIME structure
var $recipient; // The recipient of the email var $recipient; // The recipient of the email
@ -88,10 +86,11 @@ class MailEngine {
function getRawContent($mail_id) { function getRawContent($mail_id) {
$db = new DBEngine(); $db = new DBEngine();
$this->raw = $db->get_raw_mail($mail_id, $this->recipient); $this->raw = $db->get_raw_mail($mail_id, $this->recipient);
// Mark read
// Mark read
if (in_array($this->recipient, $_SESSION['sessionMail']) && $this->raw) { if (in_array($this->recipient, $_SESSION['sessionMail']) && $this->raw) {
$db->update_msgrcpt_rs($mail_id,$this->recipient,'v'); $db->update_msgrcpt_rs($mail_id,$this->recipient,'v');
} }
} }
} }
?>

16
lib/MailMime.class.php
View File

@ -22,8 +22,7 @@ include_once('lib/CmnFns.class.php');
if ($GLOBALS['conf']['app']['safeMode']) { if ($GLOBALS['conf']['app']['safeMode']) {
ini_set('include_path', ( dirname(__FILE__) . '/pear/' . PATH_SEPARATOR . ini_get('include_path') )); ini_set('include_path', ( dirname(__FILE__) . '/pear/' . PATH_SEPARATOR . ini_get('include_path') ));
include_once('pear/Mail/mimeDecode.php'); include_once('pear/Mail/mimeDecode.php');
} } else {
else {
include_once('Mail/mimeDecode.php'); include_once('Mail/mimeDecode.php');
} }
@ -56,7 +55,6 @@ $filelist = array ();
$errors = array (); $errors = array ();
function MsgParseBody($struct) { function MsgParseBody($struct) {
global $filelist; global $filelist;
global $errors; global $errors;
$ctype_p = strtolower(trim($struct->ctype_primary)); $ctype_p = strtolower(trim($struct->ctype_primary));
@ -113,13 +111,11 @@ function MsgParseBody($struct) {
$errors['Portions of text could not be displayed'] = true; $errors['Portions of text could not be displayed'] = true;
} }
break; break;
default: default:
// Save the listed filename or notify the // Save the listed filename or notify the
// reader that this mail is not displayed completely // reader that this mail is not displayed completely
$attachment = $struct->d_parameters['filename']; $attachment = $struct->d_parameters['filename'];
$attachment ? array_push($filelist, $attachment) : $errors['Unsupported MIME objects present'] = true; $attachment ? array_push($filelist, $attachment) : $errors['Unsupported MIME objects present'] = true;
} }
} }
@ -182,8 +178,7 @@ function FindMultiRel($struct) {
// Wrapper script for htmlfilter. Settings taken // Wrapper script for htmlfilter. Settings taken
// from SquirrelMail // from SquirrelMail
function sanitizeHTML($body) { function sanitizeHTML($body) {
if (isset($_COOKIE['lang']) && if (isset($_COOKIE['lang']) && file_exists("img/".substr($_COOKIE['lang'],0,2).".blocked_img.png")) {
file_exists("img/".substr($_COOKIE['lang'],0,2).".blocked_img.png")) {
$secremoveimg = "img/".substr($_COOKIE['lang'],0,2).".blocked_img.png"; $secremoveimg = "img/".substr($_COOKIE['lang'],0,2).".blocked_img.png";
} else { } else {
$secremoveimg = "img/blocked_img.png"; $secremoveimg = "img/blocked_img.png";
@ -296,11 +291,7 @@ function sanitizeHTML($body) {
) )
); );
$add_attr_to_tag = Array( $add_attr_to_tag = Array("/^a$/i" => Array('target'=>'"_new"'));
"/^a$/i" =>
Array('target'=>'"_new"'
)
);
$trusted_html = sanitize($body, $trusted_html = sanitize($body,
$tag_list, $tag_list,
@ -314,3 +305,4 @@ function sanitizeHTML($body) {
return $trusted_html; return $trusted_html;
} }
?>

10
lib/PHPMailer.class.php
View File

@ -468,8 +468,7 @@ class PHPMailer
$old_from = ini_get("sendmail_from"); $old_from = ini_get("sendmail_from");
ini_set("sendmail_from", $this->Sender); ini_set("sendmail_from", $this->Sender);
$params = sprintf("-oi -f %s", $this->Sender); $params = sprintf("-oi -f %s", $this->Sender);
$rt = @mail($to, $this->EncodeHeader($this->Subject), $body, $rt = @mail($to, $this->EncodeHeader($this->Subject), $body, $header, $params);
$header, $params);
} }
else else
$rt = @mail($to, $this->EncodeHeader($this->Subject), $body, $header); $rt = @mail($to, $this->EncodeHeader($this->Subject), $body, $header);
@ -588,8 +587,7 @@ class PHPMailer
if($this->SMTPAuth) if($this->SMTPAuth)
{ {
if(!$this->smtp->Authenticate($this->Username, if(!$this->smtp->Authenticate($this->Username, $this->Password))
$this->Password))
{ {
$this->SetError($this->Lang("authenticate")); $this->SetError($this->Lang("authenticate"));
$this->smtp->Reset(); $this->smtp->Reset();
@ -685,8 +683,7 @@ class PHPMailer
$formatted = $addr[0]; $formatted = $addr[0];
else else
{ {
$formatted = $this->EncodeHeader($addr[1], 'phrase') . " <" . $formatted = $this->EncodeHeader($addr[1], 'phrase') . " <" . $addr[0] . ">";
$addr[0] . ">";
} }
return $formatted; return $formatted;
@ -1537,5 +1534,4 @@ class PHPMailer
$this->CustomHeader[] = explode(":", $custom_header, 2); $this->CustomHeader[] = explode(":", $custom_header, 2);
} }
} }
?> ?>

11
lib/Pager.class.php
View File

@ -73,7 +73,6 @@ class Pager {
var $text_class; var $text_class;
var $text_style; var $text_style;
/** /**
* Pager Constructor * Pager Constructor
* Sets up Pager variables and initializes values * Sets up Pager variables and initializes values
@ -102,7 +101,6 @@ class Pager {
$this->initQueryString(); $this->initQueryString();
} }
/** /**
* Print out the pages as links * Print out the pages as links
* Prints out a table of all the pages as links * Prints out a table of all the pages as links
@ -219,8 +217,7 @@ class Pager {
// Insert limit into querystring, if it's not there // Insert limit into querystring, if it's not there
if ( !strstr($this->query_string, "$this->limit_var=") ) if ( !strstr($this->query_string, "$this->limit_var=") )
$this->query_string .= "&amp;$this->limit_var=" . $this->limit; $this->query_string .= "&amp;$this->limit_var=" . $this->limit;
} } else {
else {
$this->query_string = ''; $this->query_string = '';
} }
@ -249,8 +246,7 @@ class Pager {
function printPage($p) { function printPage($p) {
if ($p == $this->cur_page) { if ($p == $this->cur_page) {
echo " <b>[$p]</b> "; echo " <b>[$p]</b> ";
} } else {
else {
$this->printLink($p, $p); $this->printLink($p, $p);
} }
} }
@ -292,8 +288,7 @@ class Pager {
'', '',
'Page ' . $page 'Page ' . $page
); );
} } else {
else {
echo ' <a href="' . $_SERVER['PHP_SELF'] . "?$this->page_var=$page&amp;" . $this->query_string . '"' echo ' <a href="' . $_SERVER['PHP_SELF'] . "?$this->page_var=$page&amp;" . $this->query_string . '"'
. ' class="$this->class"' . ' class="$this->class"'
. '>' . '>'

4
lib/Smtp.class.php
View File

@ -1034,6 +1034,4 @@ class SMTP
} }
} }
?>
?>

4
lib/Template.class.php
View File

@ -74,7 +74,6 @@ class Template {
<?php <?php
} }
/** /**
* Print welcome header message * Print welcome header message
* This function prints out a table welcoming * This function prints out a table welcoming
@ -123,7 +122,6 @@ class Template {
<?php <?php
} }
/** /**
* Start main HTML table * Start main HTML table
* @param none * @param none
@ -137,7 +135,6 @@ class Template {
<?php <?php
} }
/** /**
* End main HTML table * End main HTML table
* @param none * @param none
@ -150,7 +147,6 @@ class Template {
<?php <?php
} }
/** /**
* Print HTML footer * Print HTML footer
* This function prints out a tech email * This function prints out a tech email

176
lib/htmlfilter.php
View File

@ -43,9 +43,9 @@
* @param $message A string with the message to output. * @param $message A string with the message to output.
* @return void. * @return void.
*/ */
function spew($message){ function spew($message) {
global $debug; global $debug;
if ($debug == true){ if ($debug == true) {
echo "$message"; echo "$message";
} }
} }
@ -60,20 +60,20 @@ function spew($message){
* @param $tagtype The type of the tag (see in comments). * @param $tagtype The type of the tag (see in comments).
* @return a string with the final tag representation. * @return a string with the final tag representation.
*/ */
function tagprint($tagname, $attary, $tagtype){ function tagprint($tagname, $attary, $tagtype) {
$me = 'tagprint'; $me = 'tagprint';
if ($tagtype == 2){ if ($tagtype == 2) {
$fulltag = '</' . $tagname . '>'; $fulltag = '</' . $tagname . '>';
} else { } else {
$fulltag = '<' . $tagname; $fulltag = '<' . $tagname;
if (is_array($attary) && sizeof($attary)){ if (is_array($attary) && sizeof($attary)) {
$atts = Array(); $atts = Array();
while (list($attname, $attvalue) = each($attary)){ while (list($attname, $attvalue) = each($attary)) {
array_push($atts, "$attname=$attvalue"); array_push($atts, "$attname=$attvalue");
} }
$fulltag .= ' ' . join(' ', $atts); $fulltag .= ' ' . join(' ', $atts);
} }
if ($tagtype == 3){ if ($tagtype == 3) {
$fulltag .= ' /'; $fulltag .= ' /';
} }
$fulltag .= '>'; $fulltag .= '>';
@ -89,7 +89,7 @@ function tagprint($tagname, $attary, $tagtype){
* @param $val a value passed by-ref. * @param $val a value passed by-ref.
* @return void since it modifies a by-ref value. * @return void since it modifies a by-ref value.
*/ */
function casenormalize(&$val){ function casenormalize(&$val) {
$val = strtolower($val); $val = strtolower($val);
} }
@ -103,10 +103,10 @@ function casenormalize(&$val){
* @return the location within the $body where the next * @return the location within the $body where the next
* non-whitespace char is located. * non-whitespace char is located.
*/ */
function skipspace($body, $offset){ function skipspace($body, $offset) {
$me = 'skipspace'; $me = 'skipspace';
preg_match('/^(\s*)/s', substr($body, $offset), $matches); preg_match('/^(\s*)/s', substr($body, $offset), $matches);
if (sizeof($matches{1})){ if (sizeof($matches{1})) {
$count = strlen($matches{1}); $count = strlen($matches{1});
spew("$me: skipped $count chars\n"); spew("$me: skipped $count chars\n");
$offset += $count; $offset += $count;
@ -125,10 +125,10 @@ function skipspace($body, $offset){
* @return location of the next occurance of the needle, or * @return location of the next occurance of the needle, or
* strlen($body) if needle wasn't found. * strlen($body) if needle wasn't found.
*/ */
function findnxstr($body, $offset, $needle){ function findnxstr($body, $offset, $needle) {
$me = 'findnxstr'; $me = 'findnxstr';
$pos = strpos($body, $needle, $offset); $pos = strpos($body, $needle, $offset);
if ($pos === FALSE){ if ($pos === FALSE) {
$pos = strlen($body); $pos = strlen($body);
spew("$me: end of body reached\n"); spew("$me: end of body reached\n");
} }
@ -149,13 +149,13 @@ function findnxstr($body, $offset, $needle){
* - string with whatever content between offset and the match * - string with whatever content between offset and the match
* - string with whatever it is we matched * - string with whatever it is we matched
*/ */
function findnxreg($body, $offset, $reg){ function findnxreg($body, $offset, $reg) {
$me = 'findnxreg'; $me = 'findnxreg';
$matches = Array(); $matches = Array();
$retarr = Array(); $retarr = Array();
$preg_rule = '%^(.*?)(' . $reg . ')%s'; $preg_rule = '%^(.*?)(' . $reg . ')%s';
preg_match($preg_rule, substr($body, $offset), $matches); preg_match($preg_rule, substr($body, $offset), $matches);
if (!isset($matches{0})){ if (!isset($matches{0})) {
spew("$me: No matches found.\n"); spew("$me: No matches found.\n");
$retarr = false; $retarr = false;
} else { } else {
@ -181,14 +181,14 @@ function findnxreg($body, $offset, $reg){
* - integer where the tag ends (ending ">") * - integer where the tag ends (ending ">")
* first three members will be false, if the tag is invalid. * first three members will be false, if the tag is invalid.
*/ */
function getnxtag($body, $offset){ function getnxtag($body, $offset) {
$me = 'getnxtag'; $me = 'getnxtag';
if ($offset > strlen($body)){ if ($offset > strlen($body)) {
spew("$me: Past the end of body\n"); spew("$me: Past the end of body\n");
return false; return false;
} }
$lt = findnxstr($body, $offset, '<'); $lt = findnxstr($body, $offset, '<');
if ($lt == strlen($body)){ if ($lt == strlen($body)) {
spew("$me: No more tags found!\n"); spew("$me: No more tags found!\n");
return false; return false;
} }
@ -199,7 +199,7 @@ function getnxtag($body, $offset){
*/ */
spew("$me: Found '<' at pos $lt\n"); spew("$me: Found '<' at pos $lt\n");
$pos = skipspace($body, $lt + 1); $pos = skipspace($body, $lt + 1);
if ($pos >= strlen($body)){ if ($pos >= strlen($body)) {
spew("$me: End of body reached.\n"); spew("$me: End of body reached.\n");
return Array(false, false, false, $lt, strlen($body)); return Array(false, false, false, $lt, strlen($body));
} }
@ -213,7 +213,7 @@ function getnxtag($body, $offset){
* <img src="blah"/> * <img src="blah"/>
*/ */
$tagtype = false; $tagtype = false;
switch (substr($body, $pos, 1)){ switch (substr($body, $pos, 1)) {
case '/': case '/':
spew("$me: This is a closing tag (type 2)\n"); spew("$me: This is a closing tag (type 2)\n");
$tagtype = 2; $tagtype = 2;
@ -223,10 +223,10 @@ function getnxtag($body, $offset){
/** /**
* A comment or an SGML declaration. * A comment or an SGML declaration.
*/ */
if (substr($body, $pos+1, 2) == '--'){ if (substr($body, $pos+1, 2) == '--') {
spew("$me: A comment found. Stripping.\n"); spew("$me: A comment found. Stripping.\n");
$gt = strpos($body, '-->', $pos); $gt = strpos($body, '-->', $pos);
if ($gt === false){ if ($gt === false) {
$gt = strlen($body); $gt = strlen($body);
} else { } else {
$gt += 2; $gt += 2;
@ -268,14 +268,14 @@ function getnxtag($body, $offset){
* *
* Whatever else we find there indicates an invalid tag. * Whatever else we find there indicates an invalid tag.
*/ */
switch ($match){ switch ($match) {
case '/': case '/':
/** /**
* This is an xhtml-style tag with a closing / at the * This is an xhtml-style tag with a closing / at the
* end, like so: <img src="blah"/>. Check if it's followed * end, like so: <img src="blah"/>. Check if it's followed
* by the closing bracket. If not, then this tag is invalid * by the closing bracket. If not, then this tag is invalid
*/ */
if (substr($body, $pos, 2) == '/>'){ if (substr($body, $pos, 2) == '/>') {
spew("$me: XHTML-style tag found.\n"); spew("$me: XHTML-style tag found.\n");
$pos++; $pos++;
spew("$me: Setting tagtype to 3\n"); spew("$me: Setting tagtype to 3\n");
@ -320,9 +320,9 @@ function getnxtag($body, $offset){
$atttype = false; $atttype = false;
$attary = Array(); $attary = Array();
while ($pos <= strlen($body)){ while ($pos <= strlen($body)) {
$pos = skipspace($body, $pos); $pos = skipspace($body, $pos);
if ($pos == strlen($body)){ if ($pos == strlen($body)) {
/** /**
* Non-closed tag. * Non-closed tag.
*/ */
@ -335,13 +335,13 @@ function getnxtag($body, $offset){
*/ */
$matches = Array(); $matches = Array();
preg_match('%^(\s*)(>|/>)%s', substr($body, $pos), $matches); preg_match('%^(\s*)(>|/>)%s', substr($body, $pos), $matches);
if (isset($matches{0}) && $matches{0}){ if (isset($matches{0}) && $matches{0}) {
/** /**
* Yep. So we did. * Yep. So we did.
*/ */
spew("$me: Arrived at the end of the tag.\n"); spew("$me: Arrived at the end of the tag.\n");
$pos += strlen($matches{1}); $pos += strlen($matches{1});
if ($matches{2} == '/>'){ if ($matches{2} == '/>') {
$tagtype = 3; $tagtype = 3;
$pos++; $pos++;
} }
@ -366,7 +366,7 @@ function getnxtag($body, $offset){
* attrname="yes". * attrname="yes".
*/ */
$regary = findnxreg($body, $pos, '[^\w\-_]'); $regary = findnxreg($body, $pos, '[^\w\-_]');
if ($regary == false){ if ($regary == false) {
/** /**
* Looks like body ended before the end of tag. * Looks like body ended before the end of tag.
*/ */
@ -385,14 +385,14 @@ function getnxtag($body, $offset){
* '\s' means a lot of things -- look what it's followed by. * '\s' means a lot of things -- look what it's followed by.
* anything else means the attribute is invalid. * anything else means the attribute is invalid.
*/ */
switch($match){ switch($match) {
case '/': case '/':
/** /**
* This is an xhtml-style tag with a closing / at the * This is an xhtml-style tag with a closing / at the
* end, like so: <img src="blah"/>. Check if it's followed * end, like so: <img src="blah"/>. Check if it's followed
* by the closing bracket. If not, then this tag is invalid * by the closing bracket. If not, then this tag is invalid
*/ */
if (substr($body, $pos, 2) == '/>'){ if (substr($body, $pos, 2) == '/>') {
spew("$me: This is an xhtml-style tag.\n"); spew("$me: This is an xhtml-style tag.\n");
$pos++; $pos++;
spew("$me: Setting tagtype to 3\n"); spew("$me: Setting tagtype to 3\n");
@ -426,7 +426,7 @@ function getnxtag($body, $offset){
* invalid stuff will be caught by our checks at the beginning * invalid stuff will be caught by our checks at the beginning
* of the loop. * of the loop.
*/ */
if ($char == '='){ if ($char == '=') {
spew("$me: Attribute type 1, 2, or 3 found.\n"); spew("$me: Attribute type 1, 2, or 3 found.\n");
$pos++; $pos++;
$pos = skipspace($body, $pos); $pos = skipspace($body, $pos);
@ -437,11 +437,11 @@ function getnxtag($body, $offset){
* everything else is the content of tag type 3 * everything else is the content of tag type 3
*/ */
$quot = substr($body, $pos, 1); $quot = substr($body, $pos, 1);
if ($quot == '\''){ if ($quot == '\'') {
spew("$me: In fact, this is attribute type 1\n"); spew("$me: In fact, this is attribute type 1\n");
spew("$me: looking for closing quote\n"); spew("$me: looking for closing quote\n");
$regary = findnxreg($body, $pos+1, '\''); $regary = findnxreg($body, $pos+1, '\'');
if ($regary == false){ if ($regary == false) {
spew("$me: end of body reached before end of val\n"); spew("$me: end of body reached before end of val\n");
spew("$me: Returning\n"); spew("$me: Returning\n");
return Array(false, false, false, $lt, strlen($body)); return Array(false, false, false, $lt, strlen($body));
@ -450,11 +450,11 @@ function getnxtag($body, $offset){
spew("$me: Attvalue is '$attval'\n"); spew("$me: Attvalue is '$attval'\n");
$pos++; $pos++;
$attary{$attname} = '\'' . $attval . '\''; $attary{$attname} = '\'' . $attval . '\'';
} else if ($quot == '"'){ } else if ($quot == '"') {
spew("$me: In fact, this is attribute type 2\n"); spew("$me: In fact, this is attribute type 2\n");
spew("$me: looking for closing quote\n"); spew("$me: looking for closing quote\n");
$regary = findnxreg($body, $pos+1, '\"'); $regary = findnxreg($body, $pos+1, '\"');
if ($regary == false){ if ($regary == false) {
spew("$me: end of body reached before end of val\n"); spew("$me: end of body reached before end of val\n");
spew("$me: Returning\n"); spew("$me: Returning\n");
return Array(false, false, false, $lt, strlen($body)); return Array(false, false, false, $lt, strlen($body));
@ -470,7 +470,7 @@ function getnxtag($body, $offset){
*/ */
spew("$me: Looking for end of attval\n"); spew("$me: Looking for end of attval\n");
$regary = findnxreg($body, $pos, '[\s>]'); $regary = findnxreg($body, $pos, '[\s>]');
if ($regary == false){ if ($regary == false) {
spew("$me: end of body reached before end of val\n"); spew("$me: end of body reached before end of val\n");
spew("$me: Returning\n"); spew("$me: Returning\n");
return Array(false, false, false, $lt, strlen($body)); return Array(false, false, false, $lt, strlen($body));
@ -518,18 +518,18 @@ function getnxtag($body, $offset){
* @param $hex whether the entites are hexadecimal. * @param $hex whether the entites are hexadecimal.
* @return True or False depending on whether there were matches. * @return True or False depending on whether there were matches.
*/ */
function deent(&$attvalue, $regex, $hex=false){ function deent(&$attvalue, $regex, $hex=false) {
$me = 'deent'; $me = 'deent';
spew("$me: matching '$regex' against: $attvalue\n"); spew("$me: matching '$regex' against: $attvalue\n");
$ret_match = false; $ret_match = false;
preg_match_all($regex, $attvalue, $matches); preg_match_all($regex, $attvalue, $matches);
if (is_array($matches) && sizeof($matches[0]) > 0){ if (is_array($matches) && sizeof($matches[0]) > 0) {
spew("$me: found " . sizeof($matches[0]) . " matches\n"); spew("$me: found " . sizeof($matches[0]) . " matches\n");
$repl = Array(); $repl = Array();
for ($i = 0; $i < sizeof($matches[0]); $i++){ for ($i = 0; $i < sizeof($matches[0]); $i++) {
$numval = $matches[1][$i]; $numval = $matches[1][$i];
spew("$me: numval is $numval\n"); spew("$me: numval is $numval\n");
if ($hex){ if ($hex) {
$numval = hexdec($numval); $numval = hexdec($numval);
spew("$me: hex! Numval is now $numval\n"); spew("$me: hex! Numval is now $numval\n");
} }
@ -552,14 +552,15 @@ function deent(&$attvalue, $regex, $hex=false){
* @param $attvalue A string to run entity check against. * @param $attvalue A string to run entity check against.
* @return Nothing, modifies a reference value. * @return Nothing, modifies a reference value.
*/ */
function defang(&$attvalue){ function defang(&$attvalue) {
$me = 'defang'; $me = 'defang';
/** /**
* Skip this if there aren't ampersands or backslashes. * Skip this if there aren't ampersands or backslashes.
*/ */
spew("$me: Checking '$attvalue' for suspicious content\n"); spew("$me: Checking '$attvalue' for suspicious content\n");
if (strpos($attvalue, '&') === false if (strpos($attvalue, '&') === false
&& strpos($attvalue, '\\') === false){ && strpos($attvalue, '\\') === false)
{
spew("$me: no suspicious content found, returning.\n"); spew("$me: no suspicious content found, returning.\n");
return; return;
} }
@ -585,7 +586,7 @@ function defang(&$attvalue){
*/ */
function unspace(&$attvalue){ function unspace(&$attvalue){
$me = 'unspace'; $me = 'unspace';
if (strcspn($attvalue, "\t\r\n\0 ") != strlen($attvalue)){ if (strcspn($attvalue, "\t\r\n\0 ") != strlen($attvalue)) {
spew("$me: Killing whitespace.\n"); spew("$me: Killing whitespace.\n");
$attvalue = str_replace(Array("\t", "\r", "\n", "\0", " "), $attvalue = str_replace(Array("\t", "\r", "\n", "\0", " "),
Array('', '', ''), $attvalue); Array('', '', ''), $attvalue);
@ -603,22 +604,17 @@ function unspace(&$attvalue){
* @param $add_attr_to_tag See description for sanitize * @param $add_attr_to_tag See description for sanitize
* @return Array with modified attributes. * @return Array with modified attributes.
*/ */
function fixatts($tagname, function fixatts($tagname, $attary, $rm_attnames, $bad_attvals, $add_attr_to_tag) {
$attary,
$rm_attnames,
$bad_attvals,
$add_attr_to_tag
){
$me = 'fixatts'; $me = 'fixatts';
spew("$me: Fixing attributes\n"); spew("$me: Fixing attributes\n");
while (list($attname, $attvalue) = each($attary)){ while (list($attname, $attvalue) = each($attary)) {
/** /**
* See if this attribute should be removed. * See if this attribute should be removed.
*/ */
foreach ($rm_attnames as $matchtag=>$matchattrs){ foreach ($rm_attnames as $matchtag=>$matchattrs) {
if (preg_match($matchtag, $tagname)){ if (preg_match($matchtag, $tagname)) {
foreach ($matchattrs as $matchattr){ foreach ($matchattrs as $matchattr) {
if (preg_match($matchattr, $attname)){ if (preg_match($matchattr, $attname)) {
spew("$me: Attribute '$attname' defined as bad.\n"); spew("$me: Attribute '$attname' defined as bad.\n");
spew("$me: Removing.\n"); spew("$me: Removing.\n");
unset($attary{$attname}); unset($attary{$attname});
@ -639,10 +635,10 @@ function fixatts($tagname,
* get in touch with me so I can drive to where you live and * get in touch with me so I can drive to where you live and
* shake your hand personally. :) * shake your hand personally. :)
*/ */
foreach ($bad_attvals as $matchtag=>$matchattrs){ foreach ($bad_attvals as $matchtag=>$matchattrs) {
if (preg_match($matchtag, $tagname)){ if (preg_match($matchtag, $tagname)) {
foreach ($matchattrs as $matchattr=>$valary){ foreach ($matchattrs as $matchattr=>$valary) {
if (preg_match($matchattr, $attname)){ if (preg_match($matchattr, $attname)) {
/** /**
* There are two arrays in valary. * There are two arrays in valary.
* First is matches. * First is matches.
@ -650,7 +646,7 @@ function fixatts($tagname,
*/ */
list($valmatch, $valrepl) = $valary; list($valmatch, $valrepl) = $valary;
$newvalue = preg_replace($valmatch,$valrepl,$attvalue); $newvalue = preg_replace($valmatch,$valrepl,$attvalue);
if ($newvalue != $attvalue){ if ($newvalue != $attvalue) {
spew("$me: attvalue is now $newvalue\n"); spew("$me: attvalue is now $newvalue\n");
$attary{$attname} = $newvalue; $attary{$attname} = $newvalue;
} }
@ -662,8 +658,8 @@ function fixatts($tagname,
/** /**
* See if we need to append any attributes to this tag. * See if we need to append any attributes to this tag.
*/ */
foreach ($add_attr_to_tag as $matchtag=>$addattary){ foreach ($add_attr_to_tag as $matchtag=>$addattary) {
if (preg_match($matchtag, $tagname)){ if (preg_match($matchtag, $tagname)) {
$attary = array_merge($attary, $addattary); $attary = array_merge($attary, $addattary);
spew("$me: Added attributes to this tag\n"); spew("$me: Added attributes to this tag\n");
} }
@ -871,15 +867,7 @@ function fixatts($tagname,
* @param $add_attr_to_tag see description above * @param $add_attr_to_tag see description above
* @return sanitized html safe to show on your pages. * @return sanitized html safe to show on your pages.
*/ */
function sanitize($body, function sanitize($body, $tag_list, $rm_tags_with_content, $self_closing_tags, $force_tag_closing, $rm_attnames, $bad_attvals, $add_attr_to_tag) {
$tag_list,
$rm_tags_with_content,
$self_closing_tags,
$force_tag_closing,
$rm_attnames,
$bad_attvals,
$add_attr_to_tag
){
$me = 'sanitize'; $me = 'sanitize';
/** /**
* Normalize rm_tags and rm_tags_with_content. * Normalize rm_tags and rm_tags_with_content.
@ -903,22 +891,22 @@ function sanitize($body,
*/ */
$body = preg_replace('/&(\{.*?\};)/si', '&amp;\\1', $body); $body = preg_replace('/&(\{.*?\};)/si', '&amp;\\1', $body);
spew("$me: invoking the loop\n"); spew("$me: invoking the loop\n");
while (($curtag = getnxtag($body, $curpos)) != FALSE){ while (($curtag = getnxtag($body, $curpos)) != FALSE) {
list($tagname, $attary, $tagtype, $lt, $gt) = $curtag; list($tagname, $attary, $tagtype, $lt, $gt) = $curtag;
spew("$me: grabbing free-standing content\n"); spew("$me: grabbing free-standing content\n");
$free_content = substr($body, $curpos, $lt - $curpos); $free_content = substr($body, $curpos, $lt - $curpos);
spew("$me: " . strlen($free_content) . " chars grabbed\n"); spew("$me: " . strlen($free_content) . " chars grabbed\n");
if ($skip_content == false){ if ($skip_content == false) {
spew("$me: appending free content to trusted.\n"); spew("$me: appending free content to trusted.\n");
$trusted .= $free_content; $trusted .= $free_content;
} else { } else {
spew("$me: Skipping free content.\n"); spew("$me: Skipping free content.\n");
} }
if ($tagname != FALSE){ if ($tagname != FALSE) {
spew("$me: tagname is '$tagname'\n"); spew("$me: tagname is '$tagname'\n");
if ($tagtype == 2){ if ($tagtype == 2) {
spew("$me: This is a closing tag\n"); spew("$me: This is a closing tag\n");
if ($skip_content == $tagname){ if ($skip_content == $tagname) {
/** /**
* Got to the end of tag we needed to remove. * Got to the end of tag we needed to remove.
*/ */
@ -926,9 +914,8 @@ function sanitize($body,
$tagname = false; $tagname = false;
$skip_content = false; $skip_content = false;
} else { } else {
if ($skip_content == false){ if ($skip_content == false) {
if (isset($open_tags{$tagname}) && if (isset($open_tags{$tagname}) && $open_tags{$tagname} > 0) {
$open_tags{$tagname} > 0){
spew("$me: popping '$tagname' from open_tags\n"); spew("$me: popping '$tagname' from open_tags\n");
$open_tags{$tagname}--; $open_tags{$tagname}--;
} else { } else {
@ -949,8 +936,7 @@ function sanitize($body,
* See if this is a self-closing type and change * See if this is a self-closing type and change
* tagtype appropriately. * tagtype appropriately.
*/ */
if ($tagtype == 1 if ($tagtype == 1 && in_array($tagname, $self_closing_tags)) {
&& in_array($tagname, $self_closing_tags)){
spew("$me: Self-closing tag. Changing tagtype.\n"); spew("$me: Self-closing tag. Changing tagtype.\n");
$tagtype = 3; $tagtype = 3;
} }
@ -958,21 +944,19 @@ function sanitize($body,
* See if we should skip this tag and any content * See if we should skip this tag and any content
* inside it. * inside it.
*/ */
if ($tagtype == 1 if ($tagtype == 1 && in_array($tagname, $rm_tags_with_content)) {
&& in_array($tagname, $rm_tags_with_content)){
spew("$me: removing this tag with content\n"); spew("$me: removing this tag with content\n");
$skip_content = $tagname; $skip_content = $tagname;
} else { } else {
if (($rm_tags == false if (($rm_tags == false && in_array($tagname, $tag_list)) ||
&& in_array($tagname, $tag_list)) || ($rm_tags == true && !in_array($tagname, $tag_list)))
($rm_tags == true {
&& !in_array($tagname, $tag_list))){
spew("$me: Removing this tag.\n"); spew("$me: Removing this tag.\n");
$tagname = false; $tagname = false;
} else { } else {
if ($tagtype == 1){ if ($tagtype == 1) {
spew("$me: adding '$tagname' to open_tags\n"); spew("$me: adding '$tagname' to open_tags\n");
if (isset($open_tags{$tagname})){ if (isset($open_tags{$tagname})) {
$open_tags{$tagname}++; $open_tags{$tagname}++;
} else { } else {
$open_tags{$tagname} = 1; $open_tags{$tagname} = 1;
@ -981,12 +965,8 @@ function sanitize($body,
/** /**
* This is where we run other checks. * This is where we run other checks.
*/ */
if (is_array($attary) && sizeof($attary) > 0){ if (is_array($attary) && sizeof($attary) > 0) {
$attary = fixatts($tagname, $attary = fixatts($tagname, $attary, $rm_attnames, $bad_attvals, $add_attr_to_tag);
$attary,
$rm_attnames,
$bad_attvals,
$add_attr_to_tag);
} }
} }
} }
@ -994,7 +974,7 @@ function sanitize($body,
spew("$me: Skipping this tag\n"); spew("$me: Skipping this tag\n");
} }
} }
if ($tagname != false && $skip_content == false){ if ($tagname != false && $skip_content == false) {
spew("$me: Appending tag to trusted.\n"); spew("$me: Appending tag to trusted.\n");
$trusted .= tagprint($tagname, $attary, $tagtype); $trusted .= tagprint($tagname, $attary, $tagtype);
} }
@ -1005,9 +985,9 @@ function sanitize($body,
} }
spew("$me: Appending any leftover content\n"); spew("$me: Appending any leftover content\n");
$trusted .= substr($body, $curpos, strlen($body) - $curpos); $trusted .= substr($body, $curpos, strlen($body) - $curpos);
if ($force_tag_closing == true){ if ($force_tag_closing == true) {
foreach ($open_tags as $tagname=>$opentimes){ foreach ($open_tags as $tagname=>$opentimes) {
while ($opentimes > 0){ while ($opentimes > 0) {
spew("$me: '$tagname' left open. Closing by force.\n"); spew("$me: '$tagname' left open. Closing by force.\n");
$trusted .= '</' . $tagname . '>'; $trusted .= '</' . $tagname . '>';
$opentimes--; $opentimes--;