geos_one/go-mailzu
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

apply code-formating-cleanup-convert-DOS-to-UNIX-text-form from https://github.com/zedzedtop/mailzu

Browse Source
This commit is contained in:
Mario Fetka 2016-02-04 17:26:07 +01:00
parent 180aa514e9
commit 05196e9fb7
17 changed files with 967 additions and 1064 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/AmavisdEngine.class.php
View File

@ -37,9 +37,8 @@ else {
*/ */
class AmavisdEngine { class AmavisdEngine {
var $socket; // Reference to socket
var $socket; // Reference to socket var $port; // Amavisd spam release port
var $port; // Amavisd spam release port
var $connected; // Connection status var $connected; // Connection status
var $last_error; // Last error message var $last_error; // Last error message
@ -49,7 +48,6 @@ class AmavisdEngine {
* $return object Amavisd object * $return object Amavisd object
*/ */
function AmavisdEngine($host) { function AmavisdEngine($host) {
$this->socket = new Net_Socket(); $this->socket = new Net_Socket();
$this->port = $GLOBALS['conf']['amavisd']['spam_release_port']; $this->port = $GLOBALS['conf']['amavisd']['spam_release_port'];
$this->connected = false; $this->connected = false;
@ -79,10 +77,9 @@ class AmavisdEngine {
* @param $secret_id * @param $secret_id
* @param $recipient * @param $recipient
* @result response * @result response
*/ */
function release_message($mail_id, $secret_id, $recipient, $quar_type, $quar_loc) { function release_message($mail_id, $secret_id, $recipient, $quar_type, $quar_loc) {
if (! $this->connected) { if (! $this->connected) {
return $this->last_error; return $this->last_error;
} }
@ -120,8 +117,6 @@ class AmavisdEngine {
} }
return $out; return $out;
} }
} }
?> ?>

10
lib/Auth.class.php
View File

@ -149,7 +149,6 @@ class Auth {
case "ad": case "ad":
case "ldap": case "ldap":
// Added this check for LDAP servers that switch to anonymous bind whenever // Added this check for LDAP servers that switch to anonymous bind whenever
// provided password is left blank // provided password is left blank
if ($pass == '') return (translate ('Invalid User Name/Password.')); if ($pass == '') return (translate ('Invalid User Name/Password.'));
@ -160,7 +159,6 @@ class Auth {
$ldap = new LDAPEngine(); $ldap = new LDAPEngine();
if( $ldap->connect() ) { if( $ldap->connect() ) {
// Get user DN // Get user DN
// For AD it could be of the form of 'user@domain' or standard LDAP dn // For AD it could be of the form of 'user@domain' or standard LDAP dn
$dn = $ldap->getUserDN($login); $dn = $ldap->getUserDN($login);
@ -184,7 +182,6 @@ class Auth {
break; break;
case "sql": case "sql":
// Include DBAuth class // Include DBAuth class
include_once('DBAuth.class.php'); include_once('DBAuth.class.php');
@ -222,7 +219,6 @@ class Auth {
break; break;
case "imap": case "imap":
// Include IMAPAuth class // Include IMAPAuth class
include_once('IMAPAuth.class.php'); include_once('IMAPAuth.class.php');
@ -241,7 +237,8 @@ class Auth {
break; break;
default: default:
CmnFns::do_error_box(translate('Unknown server type'), '', false); CmnFns::do_error_box(translate('Unknown server type'), '', false);
break;
} }
} }
@ -250,7 +247,6 @@ class Auth {
CmnFns::write_log('Authentication failed' . ', ' . $msg, $login); CmnFns::write_log('Authentication failed' . ', ' . $msg, $login);
return translate($msg); return translate($msg);
} else { } else {
$this->is_loggedin = true; $this->is_loggedin = true;
CmnFns::write_log('Authentication successful', $login); CmnFns::write_log('Authentication successful', $login);
@ -303,7 +299,6 @@ class Auth {
} }
function isAllowedToLogin( $username ) { function isAllowedToLogin( $username ) {
global $conf; global $conf;
// If not defined or set to false, $username is allowed to log in // If not defined or set to false, $username is allowed to log in
@ -317,7 +312,6 @@ class Auth {
} }
} }
/** /**
* Log the user out of the system * Log the user out of the system
* @param none * @param none

75
lib/CmnFns.class.php
View File

@ -47,7 +47,6 @@ include_once('Pager.class.php');
* Provides functions common to most pages * Provides functions common to most pages
*/ */
class CmnFns { class CmnFns {
/** /**
* Convert minutes to hours * Convert minutes to hours
* @param double $time time to convert in minutes * @param double $time time to convert in minutes
@ -63,13 +62,13 @@ class CmnFns {
$hour = intval($time / 60); $hour = intval($time / 60);
$min = $time % 60; $min = $time % 60;
if ($conf['app']['timeFormat'] == 24) { if ($conf['app']['timeFormat'] == 24) {
$a = ''; // AM/PM does not exist $a = ''; // AM/PM does not exist
if ($hour < 10) $hour = '0' . $hour; if ($hour < 10) $hour = '0' . $hour;
} }
else { else {
$a = ($hour < 12 || $hour == 24) ? translate('am') : translate('pm'); // Set am/pm $a = ($hour < 12 || $hour == 24) ? translate('am') : translate('pm'); // Set am/pm
if ($hour > 12) $hour = $hour - 12; // Take out of 24hr clock if ($hour > 12) $hour = $hour - 12; // Take out of 24hr clock
if ($hour == 0) $hour = 12; // Don't show 0hr, show 12 am if ($hour == 0) $hour = 12; // Don't show 0hr, show 12 am
} }
// Set proper minutes (the same for 12/24 format) // Set proper minutes (the same for 12/24 format)
if ($min < 10) $min = 0 . $min; if ($min < 10) $min = 0 . $min;
@ -83,7 +82,6 @@ class CmnFns {
* @return int timestamp * @return int timestamp
*/ */
function formatDateISO($date) { function formatDateISO($date) {
$time = strtotime($date); $time = strtotime($date);
return $time; return $time;
} }
@ -101,7 +99,6 @@ class CmnFns {
return strftime($format, $date); return strftime($format, $date);
} }
/** /**
* Convert UNIX timestamp to datetime format * Convert UNIX timestamp to datetime format
* @param string $ts MySQL timestamp * @param string $ts MySQL timestamp
@ -117,7 +114,6 @@ class CmnFns {
return strftime($format, $ts); return strftime($format, $ts);
} }
/** /**
* Convert minutes to hours/minutes * Convert minutes to hours/minutes
* @param int $minutes minutes to convert * @param int $minutes minutes to convert
@ -143,7 +139,6 @@ class CmnFns {
return (strrpos($uri, '/') === false) ? $uri : substr($uri, 0, strlen($uri)); return (strrpos($uri, '/') === false) ? $uri : substr($uri, 0, strlen($uri));
} }
/** /**
* Prints an error message box and kills the app * Prints an error message box and kills the app
* @param string $msg error message to print * @param string $msg error message to print
@ -201,12 +196,12 @@ class CmnFns {
* @return array of cleaned up POST values * @return array of cleaned up POST values
*/ */
function cleanPostVals() { function cleanPostVals() {
$return = array(); $rval = array();
foreach ($_POST as $key => $val) foreach ($_POST as $key => $val)
$return[$key] = stripslashes(trim($val)); $rval[$key] = stripslashes(trim($val));
return $return; return $rval;
} }
/** /**
@ -215,12 +210,12 @@ class CmnFns {
* @return array of cleaned up data * @return array of cleaned up data
*/ */
function cleanVals($data) { function cleanVals($data) {
$return = array(); $rval = array();
foreach ($data as $key => $val) foreach ($data as $key => $val)
$return[$key] = stripslashes($val); $rval[$key] = stripslashes($val);
return $return; return $rval;
} }
/** /**
@ -236,10 +231,10 @@ class CmnFns {
switch($vert) { switch($vert) {
case 'DESC'; case 'DESC';
case 'ASC'; case 'ASC';
break; break;
default : default :
$vert = 'DESC'; $vert = 'DESC';
break; break;
} }
return $vert; return $vert;
@ -267,7 +262,6 @@ class CmnFns {
return $order; return $order;
} }
/** /**
* Opposite of php's nl2br function. * Opposite of php's nl2br function.
* Subs in a newline for all brs * Subs in a newline for all brs
@ -290,27 +284,27 @@ class CmnFns {
$file = $conf['app']['logfile']; $file = $conf['app']['logfile'];
$values = ''; $values = '';
if (!$conf['app']['use_log']) // Return if we aren't going to log if (!$conf['app']['use_log']) // Return if we aren't going to log
return; return;
if (empty($ip)) if (empty($ip))
$ip = $_SERVER['REMOTE_ADDR']; $ip = $_SERVER['REMOTE_ADDR'];
clearstatcache(); // Clear cached results clearstatcache(); // Clear cached results
if (!is_dir(dirname($file))) if (!is_dir(dirname($file)))
mkdir(dirname($file), 0777); // Create the directory mkdir(dirname($file), 0777); // Create the directory
if (!touch($file)) if (!touch($file))
return; // Return if we cant touch the file return; // Return if we cant touch the file
if (!$fp = fopen($file, 'a')) if (!$fp = fopen($file, 'a'))
return; // Return if the fopen fails return; // Return if the fopen fails
flock($fp, LOCK_EX); // Lock file for writing flock($fp, LOCK_EX); // Lock file for writing
if (!fwrite($fp, '[' . date('D, d M Y H:i:s') . ']' . $delim . $ip . $delim . $userid . $delim . $string . "\r\n")) // Write log entry if (!fwrite($fp, '[' . date('D, d M Y H:i:s') . ']' . $delim . $ip . $delim . $userid . $delim . $string . "\r\n")) // Write log entry
return; // Return if we cant write to the file return; // Return if we cant write to the file
flock($fp, LOCK_UN); // Unlock file flock($fp, LOCK_UN); // Unlock file
fclose($fp); fclose($fp);
} }
@ -382,7 +376,6 @@ class CmnFns {
return $str; return $str;
} }
/** /**
* Verifies current page number and returns value * Verifies current page number and returns value
* @param integer $page value of current page number * @param integer $page value of current page number
@ -515,7 +508,6 @@ class CmnFns {
?> ?>
<table border=0 width="100%"> <table border=0 width="100%">
<form action="<?php echo $submit_page ?>" method="get" name="quarantine"> <form action="<?php echo $submit_page ?>" method="get" name="quarantine">
<tr><td colspan=2 align="center"><?php echo translate('Search for messages whose:'); ?>&nbsp;</td></tr> <tr><td colspan=2 align="center"><?php echo translate('Search for messages whose:'); ?>&nbsp;</td></tr>
<tr><td align="right">&nbsp; <tr><td align="right">&nbsp;
<?php <?php
@ -645,7 +637,6 @@ class CmnFns {
return $result; return $result;
} }
/* /*
* Search for the var $name in $_SESSION, $_POST, $_GET, * Search for the var $name in $_SESSION, $_POST, $_GET,
* $_SERVER and set it in provided var. * $_SERVER and set it in provided var.
@ -668,36 +659,30 @@ class CmnFns {
* @return value of var * @return value of var
*/ */
function getGlobalVar($name, $search = INORDER) { function getGlobalVar($name, $search = INORDER) {
switch ($search) { switch ($search) {
/* we want the default case to be first here, /* we want the default case to be first here,
so that if a valid value isn't specified, so that if a valid value isn't specified,
all four arrays will be searched. */ all four arrays will be searched. */
default: default:
case INORDER: // check session, post, get case INORDER: // check session, post, get
case SESSION: case SESSION:
if( isset($_SESSION[$name]) ) if( isset($_SESSION[$name]) )
return $_SESSION[$name]; return $_SESSION[$name];
elseif ( $search == SESSION ) elseif ( $search == SESSION )
break; break;
// fall through
case FORM: // check post, get case FORM: // check post, get
case POST: case POST:
if( isset($_POST[$name]) ) if( isset($_POST[$name]) )
return $_POST[$name]; return $_POST[$name];
elseif ( $search == POST ) elseif ( $search == POST )
break; break;
// fall through
case GET: case GET:
if( isset($_GET[$name]) ) if( isset($_GET[$name]) )
return $_GET[$name]; return $_GET[$name];
/* For INORDER case, exit after GET */ /* For INORDER case, exit after GET */
break; break;
case SERVER: case SERVER:
if( isset($_SERVER[$name]) ) if( isset($_SERVER[$name]) )
return $_SERVER[$name]; return $_SERVER[$name];
@ -711,9 +696,9 @@ class CmnFns {
* @param $location string * @param $location string
*/ */
function redirect_js($location) { function redirect_js($location) {
echo "<SCRIPT LANGUAGE=\"JavaScript\">"; echo "<SCRIPT LANGUAGE=\"JavaScript\">";
echo "parent.location.href = '" . $location . "';"; echo "parent.location.href = '" . $location . "';";
echo "</SCRIPT>"; echo "</SCRIPT>";
} }
@ -729,11 +714,11 @@ class CmnFns {
?> ?>
<table border=0 width="100%"> <table border=0 width="100%">
<form action="<? echo $submit_page ?>" method="get" name="wblist"> <form action="<?php echo $submit_page ?>" method="get" name="wblist">
<tr><td colspan=2 align="center"><? echo translate('Search for rules whose:'); ?>&nbsp;</td></tr> <tr><td colspan=2 align="center"><?php echo translate('Search for rules whose:'); ?>&nbsp;</td></tr>
<tr><td align="right">&nbsp; <tr><td align="right">&nbsp;
<? <?php
$i = 1; $i = 1;
$array_size = count($fields_array); $array_size = count($fields_array);
foreach ($fields_array as $k => $name) { foreach ($fields_array as $k => $name) {
@ -761,14 +746,14 @@ class CmnFns {
$i ++; $i ++;
echo ($i % 2) ? "&nbsp;</td></tr>\n\t\t\t<tr><td colspan='2' align='center'>&nbsp\n" : "&nbsp;</td><td align='left'>&nbsp"; echo ($i % 2) ? "&nbsp;</td></tr>\n\t\t\t<tr><td colspan='2' align='center'>&nbsp\n" : "&nbsp;</td><td align='left'>&nbsp";
?> ?>
<input type="submit" class="button" name="search_action" value="<? echo translate('Search'); ?>" /> <input type="submit" class="button" name="search_action" value="<?php echo translate('Search'); ?>" />
<? if (CmnFns::didSearch()) <?php if (CmnFns::didSearch())
echo "<input type=\"submit\" class=\"button\" name=\"search_action\" value=\"" . translate('Clear search results') . "\" />"; echo "<input type=\"submit\" class=\"button\" name=\"search_action\" value=\"" . translate('Clear search results') . "\" />";
?> ?>
&nbsp;</td></tr> &nbsp;</td></tr>
</form> </form>
</table> </table>
<? <?php
} }

15
lib/DBAuth.class.php
View File

@ -35,7 +35,6 @@ else {
* Provide all database access/manipulation functionality for SQL Auth * Provide all database access/manipulation functionality for SQL Auth
*/ */
class DBAuth { class DBAuth {
// Reference to the database object // Reference to the database object
var $db; var $db;
@ -107,7 +106,6 @@ class DBAuth {
* @param none * @param none
*/ */
function db_connect() { function db_connect() {
/*********************************************************** /***********************************************************
/ This uses PEAR::DB / This uses PEAR::DB
/ See http://www.pear.php.net/manual/en/package.database.php#package.database.db / See http://www.pear.php.net/manual/en/package.database.php#package.database.db
@ -145,7 +143,6 @@ class DBAuth {
* @return boolean * @return boolean
*/ */
function authUser($username, $password) { function authUser($username, $password) {
if ( $this->isMd5 ) if ( $this->isMd5 )
$password = md5( $password ); $password = md5( $password );
@ -171,7 +168,6 @@ class DBAuth {
$this->err_msg = translate('There are no records in the table.'); $this->err_msg = translate('There are no records in the table.');
return false; return false;
} else { } else {
// Fetch the first row of data // Fetch the first row of data
$rs = $this->cleanRow($result->fetchRow()); $rs = $this->cleanRow($result->fetchRow());
@ -198,7 +194,6 @@ class DBAuth {
return false; return false;
} }
/** /**
* Strips out slashes for all data in the return row * Strips out slashes for all data in the return row
* - THIS MUST ONLY BE ONE ROW OF DATA - * - THIS MUST ONLY BE ONE ROW OF DATA -
@ -206,11 +201,11 @@ class DBAuth {
* @return array with same key => value pairs (except slashes) * @return array with same key => value pairs (except slashes)
*/ */
function cleanRow($data) { function cleanRow($data) {
$return = array(); $rval = array();
foreach ($data as $key => $val) foreach ($data as $key => $val)
$return[$key] = stripslashes($val); $rval[$key] = stripslashes($val);
return $return; return $rval;
} }
/** /**
@ -229,12 +224,12 @@ class DBAuth {
* @return array containing user information * @return array containing user information
*/ */
function getUserData() { function getUserData() {
$return = array( $rval = array(
'logonName' => $this->logonName, 'logonName' => $this->logonName,
'firstName' => $this->firstName, 'firstName' => $this->firstName,
'emailAddress' => $this->emailAddress 'emailAddress' => $this->emailAddress
); );
return $return; return $rval;
} }
//mysql_crypt - shamelessly stolen from php.net docs //mysql_crypt - shamelessly stolen from php.net docs

91
lib/DBEngine.class.php
View File

@ -43,7 +43,6 @@ else {
* Provide all database access/manipulation functionality * Provide all database access/manipulation functionality
*/ */
class DBEngine { class DBEngine {
// Reference to the database object // Reference to the database object
var $db; var $db;
@ -85,7 +84,6 @@ class DBEngine {
* @global $conf * @global $conf
*/ */
function db_connect() { function db_connect() {
/*********************************************************** /***********************************************************
/ This uses PEAR::DB / This uses PEAR::DB
/ See http://www.pear.php.net/manual/en/package.database.php#package.database.db / See http://www.pear.php.net/manual/en/package.database.php#package.database.db
@ -121,7 +119,7 @@ class DBEngine {
global $conf; global $conf;
$return = array(); $rval = array();
$total = array( 'spam' => 0, 'banned' => 0, 'virus' => 0, 'header' => 0, 'pending' => 0, 'total' => 0); $total = array( 'spam' => 0, 'banned' => 0, 'virus' => 0, 'header' => 0, 'pending' => 0, 'total' => 0);
$query = "SELECT date, $query = "SELECT date,
@ -199,7 +197,7 @@ class DBEngine {
$timestamp = CmnFns::formatDateISO($rs['date']); $timestamp = CmnFns::formatDateISO($rs['date']);
$date = CmnFns::formatDate($timestamp); $date = CmnFns::formatDate($timestamp);
$totalthisdate = $rs['spam'] + $rs['banned'] + $rs['viruses'] + $rs['badheaders'] + $rs['pending']; $totalthisdate = $rs['spam'] + $rs['banned'] + $rs['viruses'] + $rs['badheaders'] + $rs['pending'];
$return[$date] = array('spam' => $rs['spam'], $rval[$date] = array('spam' => $rs['spam'],
'banned' => $rs['banned'], 'banned' => $rs['banned'],
'virus' => $rs['viruses'], 'virus' => $rs['viruses'],
'header' => $rs['badheaders'], 'header' => $rs['badheaders'],
@ -208,16 +206,16 @@ class DBEngine {
} }
// Total the data // Total the data
foreach ($return as $date => $typearray) { foreach ($rval as $date => $typearray) {
foreach ($typearray as $type => $count) { foreach ($typearray as $type => $count) {
$total[$type] += $count; $total[$type] += $count;
} }
} }
$return['Total'] = $total; $rval['Total'] = $total;
$result->free(); $result->free();
return $return; return $rval;
} }
// User methods ------------------------------------------- // User methods -------------------------------------------
@ -231,7 +229,7 @@ class DBEngine {
global $conf; global $conf;
$return = array(); $rval = array();
$total = array('spam' => 0, 'banned' => 0, 'virus' => 0, 'header' => 0, 'pending' => 0, 'total' => 0); $total = array('spam' => 0, 'banned' => 0, 'virus' => 0, 'header' => 0, 'pending' => 0, 'total' => 0);
// Get where clause for recipient email address(es) // Get where clause for recipient email address(es)
@ -325,7 +323,7 @@ class DBEngine {
$timestamp = CmnFns::formatDateISO($rs['date']); $timestamp = CmnFns::formatDateISO($rs['date']);
$date = CmnFns::formatDate($timestamp); $date = CmnFns::formatDate($timestamp);
$totalthisdate = $rs['spam'] + $rs['banned'] + $rs['viruses'] + $rs['badheaders'] + $rs['pending']; $totalthisdate = $rs['spam'] + $rs['banned'] + $rs['viruses'] + $rs['badheaders'] + $rs['pending'];
$return[$date] = array('spam' => $rs['spam'], $rval[$date] = array('spam' => $rs['spam'],
'banned' => $rs['banned'], 'banned' => $rs['banned'],
'virus' => $rs['viruses'], 'virus' => $rs['viruses'],
'header' => $rs['badheaders'], 'header' => $rs['badheaders'],
@ -334,16 +332,16 @@ class DBEngine {
} }
// Total the data // Total the data
foreach ($return as $date => $typearray) { foreach ($rval as $date => $typearray) {
foreach ($typearray as $type => $count) { foreach ($typearray as $type => $count) {
$total[$type] += $count; $total[$type] += $count;
} }
} }
$return['Total'] = $total; $rval['Total'] = $total;
$result->free(); $result->free();
return $return; return $rval;
} }
@ -375,7 +373,7 @@ class DBEngine {
$sizeLimit = isset ( $conf['app']['displaySizeLimit'] ) && is_numeric( $conf['app']['displaySizeLimit'] ) ? $sizeLimit = isset ( $conf['app']['displaySizeLimit'] ) && is_numeric( $conf['app']['displaySizeLimit'] ) ?
$conf['app']['displaySizeLimit'] : 50; $conf['app']['displaySizeLimit'] : 50;
$return = array(); $rval = array();
if (is_array($search_array)) { if (is_array($search_array)) {
$search_clause = ""; $search_clause = "";
@ -418,20 +416,27 @@ class DBEngine {
} }
} }
$query = "SELECT msgs.time_num, msgs.from_addr, $query = "SELECT
msgs.mail_id, msgs.subject, msgs.spam_level, msgs.content, msgs.time_num,
msgrcpt.rs, msgs.quar_type, recip.email msgs.from_addr,
msgs.mail_id,
msgs.subject,
msgs.spam_level,
msgs.content,
msgrcpt.rs,
msgs.quar_type,
recip.email
FROM msgs FROM msgs
INNER JOIN msgrcpt ON msgs.mail_id=msgrcpt.mail_id INNER JOIN msgrcpt ON msgs.mail_id = msgrcpt.mail_id
$join_type maddr AS sender ON msgs.sid=sender.id $join_type maddr AS sender ON msgs.sid = sender.id
$join_type maddr AS recip ON msgrcpt.rid=recip.id $join_type maddr AS recip ON msgrcpt.rid = recip.id
WHERE $type_clause" WHERE $type_clause"
// Only check against the email address when not admin // Only check against the email address when not admin
. ($msgs_all ? ' ' : $emailaddr_clause) . ($msgs_all ? ' ' : $emailaddr_clause)
. " $rs_clause . " $rs_clause
$search_clause $search_clause
AND msgs.quar_type <> '' AND msgs.quar_type <> ''
ORDER BY $order $vert "; ORDER BY $order $vert ";
// Prepare query // Prepare query
$q = $this->db->prepare($query); $q = $this->db->prepare($query);
@ -456,7 +461,7 @@ class DBEngine {
if ( $get_all ) { if ( $get_all ) {
while ($rs = $result->fetchRow()) { while ($rs = $result->fetchRow()) {
$return[] = $this->cleanRow($rs); $rval[] = $this->cleanRow($rs);
} }
} else { } else {
// the row to start fetching // the row to start fetching
@ -469,13 +474,13 @@ class DBEngine {
if (!$row = $result->fetchrow(DB_FETCHMODE_ASSOC, $rownum)) { if (!$row = $result->fetchrow(DB_FETCHMODE_ASSOC, $rownum)) {
break; break;
} }
$return[] = $this->cleanRow($row); $rval[] = $this->cleanRow($row);
} }
} }
$result->free(); $result->free();
return $return; return $rval;
} }
/** /**
@ -486,7 +491,6 @@ class DBEngine {
* @return array of message(s) * @return array of message(s)
*/ */
function get_message($emailaddress, $mail_id) { function get_message($emailaddress, $mail_id) {
global $conf; global $conf;
# MySQL seems to run faster with a LEFT JOIN # MySQL seems to run faster with a LEFT JOIN
@ -498,7 +502,7 @@ class DBEngine {
$recipEmailClause = $this->convertEmailaddresses2SQL($emailaddress); $recipEmailClause = $this->convertEmailaddresses2SQL($emailaddress);
$return = array(); $rval = array();
$query = 'SELECT msgs.time_num, msgs.secret_id, msgs.subject, msgs.from_addr, msgs.spam_level,' $query = 'SELECT msgs.time_num, msgs.secret_id, msgs.subject, msgs.from_addr, msgs.spam_level,'
. ' msgrcpt.rs, recip.email, msgs.host, msgs.content, msgs.quar_type, msgs.quar_loc' . ' msgrcpt.rs, recip.email, msgs.host, msgs.content, msgs.quar_type, msgs.quar_loc'
@ -522,12 +526,12 @@ class DBEngine {
return NULL; return NULL;
} }
while ($rs = $result->fetchRow()) { while ($rs = $result->fetchRow()) {
$return[] = $this->cleanRow($rs); $rval[] = $this->cleanRow($rs);
} }
$result->free(); $result->free();
return $return; return $rval;
} }
/** /**
@ -539,7 +543,6 @@ class DBEngine {
* @return array of message(s) * @return array of message(s)
*/ */
function update_msgrcpt_rs($mail_id, $mail_rcpt, $flag) { function update_msgrcpt_rs($mail_id, $mail_rcpt, $flag) {
// If its a pending message, do not set the rs flag to 'v' // If its a pending message, do not set the rs flag to 'v'
$cur_msg_array = $this->get_message($mail_rcpt, $mail_id); $cur_msg_array = $this->get_message($mail_rcpt, $mail_id);
$msg_status = $cur_msg_array[0]; $msg_status = $cur_msg_array[0];
@ -561,7 +564,6 @@ class DBEngine {
return true; return true;
} }
/** /**
* Function that returns number of entries for logged in user * Function that returns number of entries for logged in user
* where RS flag is equal to $flag * where RS flag is equal to $flag
@ -570,7 +572,6 @@ class DBEngine {
* @return number of message(s) * @return number of message(s)
*/ */
function get_count_rs($emailaddresses, $flag) { function get_count_rs($emailaddresses, $flag) {
// Get where clause for recipient email address(es) // Get where clause for recipient email address(es)
$emailaddr_clause = $this->convertEmailaddresses2SQL($emailaddresses); $emailaddr_clause = $this->convertEmailaddresses2SQL($emailaddresses);
if ( $emailaddr_clause != '' ) if ( $emailaddr_clause != '' )
@ -617,7 +618,6 @@ class DBEngine {
} }
} }
if (Auth::isMailAdmin()) { if (Auth::isMailAdmin()) {
$values = array($mail_id); $values = array($mail_id);
$query = 'SELECT' . $mail_text_column . ' FROM quarantine ' . $query = 'SELECT' . $mail_text_column . ' FROM quarantine ' .
@ -640,14 +640,14 @@ class DBEngine {
if ($result->numRows() <= 0){ if ($result->numRows() <= 0){
return false; return false;
} }
$return = ""; $rval = "";
while ($rs = $result->fetchRow()) { while ($rs = $result->fetchRow()) {
$return .= $rs['mail_text']; $rval .= $rs['mail_text'];
} }
$result->free(); $result->free();
return $return; return $rval;
} }
/** /**
@ -681,11 +681,11 @@ class DBEngine {
* @return array with same key => value pairs (except slashes) * @return array with same key => value pairs (except slashes)
*/ */
function cleanRow($data) { function cleanRow($data) {
$return = array(); $rval = array();
foreach ($data as $key => $val) foreach ($data as $key => $val)
$return[$key] = stripslashes($val); $rval[$key] = stripslashes($val);
return $return; return $rval;
} }
/** /**
@ -705,11 +705,9 @@ class DBEngine {
* @return array containing SQL code * @return array containing SQL code
*/ */
function convertSearch2SQL($field, $criterion, $string) { function convertSearch2SQL($field, $criterion, $string) {
$result = array(); $result = array();
if ( $string != '' ) { if ( $string != '' ) {
switch ($criterion) { switch ($criterion) {
case "contains": case "contains":
$search_clause = "(" . $field . " LIKE '%" . $string . "%')" ; $search_clause = "(" . $field . " LIKE '%" . $string . "%')" ;
@ -728,7 +726,6 @@ class DBEngine {
} }
array_push($result, $search_clause); array_push($result, $search_clause);
} }
return $result; return $result;
} }
@ -796,8 +793,8 @@ class DBEngine {
$this->check_for_error($result, $query); $this->check_for_error($result, $query);
if ($result->numRows() == 1) { if ($result->numRows() == 1) {
$return = $result->fetchRow(); $rval = $result->fetchRow();
return $return['id']; return $rval['id'];
} else if ($result->numRows() == 0 } else if ($result->numRows() == 0
&& strpos($recip_email,"@")) { && strpos($recip_email,"@")) {
@ -927,7 +924,7 @@ class DBEngine {
function get_user_control_list( $emailaddresses, $order = 'sender', $vert = 'ASC', $search_array, $page, $all = false) { function get_user_control_list( $emailaddresses, $order = 'sender', $vert = 'ASC', $search_array, $page, $all = false) {
global $conf; global $conf;
$return = Array(); $rval = Array();
// grab the display size limit set in config.php // grab the display size limit set in config.php
$sizeLimit = (isset ( $conf['app']['displaySizeLimit'] ) && is_numeric( $conf['app']['displaySizeLimit'] ) ? $sizeLimit = (isset ( $conf['app']['displaySizeLimit'] ) && is_numeric( $conf['app']['displaySizeLimit'] ) ?
@ -980,13 +977,13 @@ class DBEngine {
if (!$row = $result->fetchrow(DB_FETCHMODE_ASSOC, $rownum)) { if (!$row = $result->fetchrow(DB_FETCHMODE_ASSOC, $rownum)) {
break; break;
} }
$return[] = $this->cleanRow($row); $rval[] = $this->cleanRow($row);
} }
$result->free(); $result->free();
return $return; return $rval;
} }
} }

3
lib/ExchAuth.class.php
View File

@ -21,7 +21,6 @@ include_once('lib/CmnFns.class.php');
* Provide all database access/manipulation functionality for Exchange Auth * Provide all database access/manipulation functionality for Exchange Auth
*/ */
class ExchAuth { class ExchAuth {
// The exchange hostname with port (hostname[:port]) // The exchange hostname with port (hostname[:port])
var $exchHost; var $exchHost;
// The exchange LDAP URI (ldap://hostname[:port]) // The exchange LDAP URI (ldap://hostname[:port])
@ -56,7 +55,6 @@ class ExchAuth {
* @return boolean * @return boolean
*/ */
function authUser($username, $password, $domain) { function authUser($username, $password, $domain) {
$fulluser = $domain.'/'.$username; $fulluser = $domain.'/'.$username;
$mbox = imap_open('{'.$this->exchHost.'/imap}Inbox', $fulluser, $password); $mbox = imap_open('{'.$this->exchHost.'/imap}Inbox', $fulluser, $password);
if ($mbox === false) { if ($mbox === false) {
@ -121,6 +119,5 @@ class ExchAuth {
); );
return $return; return $return;
} }
} }
?> ?>

12
lib/IMAPAuth.class.php
View File

@ -21,7 +21,6 @@ include_once('lib/CmnFns.class.php');
* Provide all database access/manipulation functionality for IMAP Auth * Provide all database access/manipulation functionality for IMAP Auth
*/ */
class IMAPAuth { class IMAPAuth {
// The IMAP hosts with port (hostname[:port]) // The IMAP hosts with port (hostname[:port])
var $imapHosts; var $imapHosts;
// IMAP authentication type // IMAP authentication type
@ -60,7 +59,6 @@ class IMAPAuth {
$this->imapUsername = $username; $this->imapUsername = $username;
foreach ($this->imapHosts as $host) { // Try each host in turn foreach ($this->imapHosts as $host) { // Try each host in turn
$host = trim($host); $host = trim($host);
switch ($this->imapType) { switch ($this->imapType) {
@ -109,16 +107,12 @@ class IMAPAuth {
* @return array containing user information * @return array containing user information
*/ */
function getUserData() { function getUserData() {
$return = array( $rval = array(
'logonName' => $this->imapUsername, 'logonName' => $this->imapUsername,
'firstName' => $this->imapUsername, 'firstName' => $this->imapUsername,
'emailAddress' => array( $this->imapUsername. 'emailAddress' => array($this->imapUsername.(empty($this->imapDomainName) ? '' : '@'. $this->imapDomainName))
( empty($this->imapDomainName) ? '' :
'@'. $this->imapDomainName )
)
); );
return $return; return $rval;
} }
} }
?> ?>

12
lib/LDAPEngine.class.php
View File

@ -17,9 +17,7 @@
*/ */
include_once('lib/CmnFns.class.php'); include_once('lib/CmnFns.class.php');
class LDAPEngine { class LDAPEngine {
// The directory server, tested with OpenLDAP and Active Directory // The directory server, tested with OpenLDAP and Active Directory
var $serverType; var $serverType;
@ -89,7 +87,6 @@ class LDAPEngine {
// The user's mail address ($mailAttr value) // The user's mail address ($mailAttr value)
var $emailAddress; var $emailAddress;
/** /**
* LDAPEngine constructor to initialize object * LDAPEngine constructor to initialize object
*/ */
@ -140,7 +137,6 @@ class LDAPEngine {
* @param none * @param none
*/ */
function connect() { function connect() {
foreach ($this->hosts as $host) { foreach ($this->hosts as $host) {
$ldap_url = ( $this->ssl ? "ldaps://".$host : $host ); $ldap_url = ( $this->ssl ? "ldaps://".$host : $host );
$this->connection = ldap_connect($ldap_url); $this->connection = ldap_connect($ldap_url);
@ -218,7 +214,6 @@ class LDAPEngine {
} }
} }
// User methods ------------------------------------------- // User methods -------------------------------------------
/** /**
@ -282,7 +277,6 @@ class LDAPEngine {
* @return array * @return array
*/ */
function searchUserDN($searchFilter) { function searchUserDN($searchFilter) {
switch ($this->serverType) { switch ($this->serverType) {
case "ldap": case "ldap":
if ( $this->searchUser != '' ) { if ( $this->searchUser != '' ) {
@ -318,14 +312,12 @@ class LDAPEngine {
return $dn; return $dn;
} }
/** /**
* Queries LDAP for user information * Queries LDAP for user information
* @param string $dn * @param string $dn
* @return boolean indicating success or failure * @return boolean indicating success or failure
*/ */
function loadUserData($dn) { function loadUserData($dn) {
$this->emailAddress = array(); $this->emailAddress = array();
// We are instered in getting just the user's first name and his/her mail attribute(s) // We are instered in getting just the user's first name and his/her mail attribute(s)
@ -385,12 +377,12 @@ class LDAPEngine {
* @return array containing user information * @return array containing user information
*/ */
function getUserData() { function getUserData() {
$return = array( $rval = array(
'logonName' => $this->logonName, 'logonName' => $this->logonName,
'firstName' => $this->firstName, 'firstName' => $this->firstName,
'emailAddress' => $this->emailAddress 'emailAddress' => $this->emailAddress
); );
return $return; return $rval;
} }

2
lib/Link.class.php
View File

@ -98,7 +98,6 @@ class Link {
//============================================= //=============================================
//--------------------------------------------- //---------------------------------------------
// Getter functions // Getter functions
//--------------------------------------------- //---------------------------------------------
@ -160,7 +159,6 @@ class Link {
//============================================= //=============================================
/** /**
* Print out a link without creating a new Link object * Print out a link without creating a new Link object
* @param string $url url to link to * @param string $url url to link to

79
lib/MailEngine.class.php
View File

@ -20,13 +20,12 @@ include_once('lib/CmnFns.class.php');
* Pear::DB * Pear::DB
*/ */
if ($GLOBALS['conf']['app']['safeMode']) { if ($GLOBALS['conf']['app']['safeMode']) {
ini_set('include_path', ( dirname(__FILE__) . '/pear/' . PATH_SEPARATOR . ini_get('include_path') )); ini_set('include_path', ( dirname(__FILE__) . '/pear/' . PATH_SEPARATOR . ini_get('include_path') ));
include_once('pear/PEAR.php'); include_once('pear/PEAR.php');
include_once('pear/Mail/mimeDecode.php'); include_once('pear/Mail/mimeDecode.php');
} } else {
else { include_once('PEAR.php');
include_once 'PEAR.php'; include_once('Mail/mimeDecode.php');
include_once('Mail/mimeDecode.php');
} }
/** /**
@ -34,13 +33,12 @@ else {
*/ */
class MailEngine { class MailEngine {
var $raw; // Raw mail contents
var $raw; // Raw mail contents var $struct; // The top-level MIME structure
var $struct; // The top-level MIME structure var $recipient; // The recipient of the email
var $recipient; // The recipient of the email var $msg_found; // Msg found in database
var $msg_found; // Msg found in database var $msg_error; // Msg has MIME error
var $msg_error; // Msg has MIME error var $last_error; // PEAR Error Messages
var $last_error; // PEAR Error Messages
/** /**
* MailEngine object constructor * MailEngine object constructor
@ -49,21 +47,21 @@ class MailEngine {
* $return object MailEngine object * $return object MailEngine object
*/ */
function MailEngine($mail_id, $recip) { function MailEngine($mail_id, $recip) {
$this->recipient = $recip; $this->recipient = $recip;
$this->getRawContent($mail_id); $this->getRawContent($mail_id);
$this->msg_error = false; $this->msg_error = false;
if ($this->raw) { if ($this->raw) {
$this->msg_found = true; $this->msg_found = true;
$this->struct = $this->getDecodedStruct($this->raw); $this->struct = $this->getDecodedStruct($this->raw);
if (PEAR::isError($this->struct)) { if (PEAR::isError($this->struct)) {
$this->msg_error = true; $this->msg_error = true;
$this->last_error = $this->struct->getMessage(); $this->last_error = $this->struct->getMessage();
} }
} else { } else {
$this->msg_found = false; $this->msg_found = false;
} }
return $this->struct; return $this->struct;
} }
/** /**
@ -72,12 +70,12 @@ class MailEngine {
* $return object Mail_mimeDecode::decode object * $return object Mail_mimeDecode::decode object
*/ */
function getDecodedStruct($contents) { function getDecodedStruct($contents) {
$message = new Mail_mimeDecode($contents); $message = new Mail_mimeDecode($contents);
$msg_struct = $message->decode( array ( 'include_bodies' => true, $msg_struct = $message->decode( array ( 'include_bodies' => true,
'decode_bodies' => true, 'decode_bodies' => true,
'decode_headers' => true) 'decode_headers' => true)
); );
return $msg_struct; return $msg_struct;
} }
/** /**
@ -86,12 +84,13 @@ class MailEngine {
* $return string The complete raw email * $return string The complete raw email
*/ */
function getRawContent($mail_id) { function getRawContent($mail_id) {
$db = new DBEngine(); $db = new DBEngine();
$this->raw = $db->get_raw_mail($mail_id, $this->recipient); $this->raw = $db->get_raw_mail($mail_id, $this->recipient);
// Mark read
if (in_array($this->recipient, $_SESSION['sessionMail']) && $this->raw) { // Mark read
$db->update_msgrcpt_rs($mail_id,$this->recipient,'v'); if (in_array($this->recipient, $_SESSION['sessionMail']) && $this->raw) {
} $db->update_msgrcpt_rs($mail_id,$this->recipient,'v');
}
} }
} }
?>

460
lib/MailMime.class.php
View File

@ -20,11 +20,10 @@ include_once('lib/CmnFns.class.php');
* Pear::DB * Pear::DB
*/ */
if ($GLOBALS['conf']['app']['safeMode']) { if ($GLOBALS['conf']['app']['safeMode']) {
ini_set('include_path', ( dirname(__FILE__) . '/pear/' . PATH_SEPARATOR . ini_get('include_path') )); ini_set('include_path', ( dirname(__FILE__) . '/pear/' . PATH_SEPARATOR . ini_get('include_path') ));
include_once('pear/Mail/mimeDecode.php'); include_once('pear/Mail/mimeDecode.php');
} } else {
else { include_once('Mail/mimeDecode.php');
include_once('Mail/mimeDecode.php');
} }
/** /**
@ -42,10 +41,10 @@ include_once('lib/htmlfilter.php');
* $param The mime structure object * $param The mime structure object
*/ */
function GetCtype($struct) { function GetCtype($struct) {
$ctype_p = strtolower(trim($struct->ctype_primary)); $ctype_p = strtolower(trim($struct->ctype_primary));
$ctype_s = strtolower(trim($struct->ctype_secondary)); $ctype_s = strtolower(trim($struct->ctype_secondary));
$type = $ctype_p . '/' . $ctype_s; $type = $ctype_p . '/' . $ctype_s;
return $type; return $type;
} }
/** /**
@ -56,71 +55,68 @@ $filelist = array ();
$errors = array (); $errors = array ();
function MsgParseBody($struct) { function MsgParseBody($struct) {
global $filelist;
global $errors;
$ctype_p = strtolower(trim($struct->ctype_primary));
$ctype_s = strtolower(trim($struct->ctype_secondary));
global $filelist; switch ($ctype_p) {
global $errors; case "multipart":
$ctype_p = strtolower(trim($struct->ctype_primary)); switch ($ctype_s) {
$ctype_s = strtolower(trim($struct->ctype_secondary)); case "alternative":
// Handle multipart/alternative parts
switch ($ctype_p) { $alt_entity = FindMultiAlt($struct->parts);
case "multipart": // Ignore if we return false NEEDS WORK
switch ($ctype_s) { if ($alt_entity) MsgParseBody($alt_entity);
case "alternative": break;
// Handle multipart/alternative parts case "related":
$alt_entity = FindMultiAlt($struct->parts); // Handle multipart/related parts
// Ignore if we return false NEEDS WORK $rel_entities = FindMultiRel($struct);
if ($alt_entity) MsgParseBody($alt_entity); foreach ($rel_entities as $ent) {
break; MsgParseBody($ent);
case "related": }
// Handle multipart/related parts break;
$rel_entities = FindMultiRel($struct); default:
foreach ($rel_entities as $ent) { // Probably multipart/mixed here
MsgParseBody($ent); // Recursively process nested mime entities
} if ( is_array($struct->parts) || is_object($struct->parts) ) {
break; foreach ($struct->parts as $cur_part) {
default: MsgParseBody($cur_part);
// Probably multipart/mixed here }
// Recursively process nested mime entities } else {
if ( is_array($struct->parts) || is_object($struct->parts) ) { $errors['Invalid or Corrupt MIME Detected.'] = true;
foreach ($struct->parts as $cur_part) { }
MsgParseBody($cur_part); break;
} }
} else { break;
$errors['Invalid or Corrupt MIME Detected.'] = true; case "text":
} // Do not display attached text types
break; if (property_exists($struct, "d_parameters")) {
} if ($attachment = $struct->d_parameters['filename'] or $attachment = $struct->d_parameters['name']) {
break; array_push($filelist, $attachment);
case "text": break;
// Do not display attached text types }
if (property_exists($struct, "d_parameters")) { }
if ($attachment = $struct->d_parameters['filename'] or $attachment = $struct->d_parameters['name']) { switch ($ctype_s) {
array_push($filelist, $attachment); // Plain text
break; case "plain":
} MsgBodyPlainText($struct->body);
} break;
switch ($ctype_s) { // HTML text
// Plain text case "html":
case "plain": MsgBodyHtmlText($struct->body);
MsgBodyPlainText($struct->body); break;
break; // Text type we do not support
// HTML text default:
case "html": $errors['Portions of text could not be displayed'] = true;
MsgBodyHtmlText($struct->body); }
break; break;
// Text type we do not support default:
default: // Save the listed filename or notify the
$errors['Portions of text could not be displayed'] = true; // reader that this mail is not displayed completely
} $attachment = $struct->d_parameters['filename'];
break; $attachment ? array_push($filelist, $attachment) : $errors['Unsupported MIME objects present'] = true;
}
default:
// Save the listed filename or notify the
// reader that this mail is not displayed completely
$attachment = $struct->d_parameters['filename'];
$attachment ? array_push($filelist, $attachment) : $errors['Unsupported MIME objects present'] = true;
}
} }
/** /**
@ -130,29 +126,29 @@ function MsgParseBody($struct) {
* $return Single MIME entity * $return Single MIME entity
*/ */
function FindMultiAlt($parts) { function FindMultiAlt($parts) {
$alt_pref = array ('text/plain', 'text/html'); $alt_pref = array ('text/plain', 'text/html');
$best_view = 0; $best_view = 0;
// Bad Headers sometimes have invalid MIME.... // Bad Headers sometimes have invalid MIME....
if ( is_array($parts) || is_object($parts) ) { if ( is_array($parts) || is_object($parts) ) {
foreach ($parts as $cur_part) { foreach ($parts as $cur_part) {
$type = GetCtype($cur_part); $type = GetCtype($cur_part);
if ($type == 'multipart/related') { if ($type == 'multipart/related') {
$type = $cur_part->d_parameters['type']; $type = $cur_part->d_parameters['type'];
// Mozilla bug. Mozilla does not provide the parameter type. // Mozilla bug. Mozilla does not provide the parameter type.
if (!$type) $type = 'text/html'; if (!$type) $type = 'text/html';
} }
$altCount = count($alt_pref); $altCount = count($alt_pref);
for ($j = $best_view; $j < $altCount; ++$j) { for ($j = $best_view; $j < $altCount; ++$j) {
if (($alt_pref[$j] == $type) && ($j >= $best_view)) { if (($alt_pref[$j] == $type) && ($j >= $best_view)) {
$best_view = $j; $best_view = $j;
$struct = $cur_part; $struct = $cur_part;
} }
} }
} }
return $struct; return $struct;
} else { } else {
$errors['Invalid or Corrupt MIME Detected.'] = true; $errors['Invalid or Corrupt MIME Detected.'] = true;
} }
} }
/** /**
@ -162,155 +158,151 @@ function FindMultiAlt($parts) {
* @return List of MIME entities * @return List of MIME entities
*/ */
function FindMultiRel($struct) { function FindMultiRel($struct) {
$entities = array(); $entities = array();
$type = $struct->d_parameters['type']; $type = $struct->d_parameters['type'];
// Mozilla bug. Mozilla does not provide the parameter type. // Mozilla bug. Mozilla does not provide the parameter type.
if (!$type) $type = 'text/html'; if (!$type) $type = 'text/html';
// Bad Headers sometimes have invalid MIME.... // Bad Headers sometimes have invalid MIME....
if ( is_array($struct->parts) || is_object($struct->parts) ) { if ( is_array($struct->parts) || is_object($struct->parts) ) {
foreach ($struct->parts as $part) { foreach ($struct->parts as $part) {
if (GetCtype($part) == $type || GetCtype($part) == "multipart/alternative") { if (GetCtype($part) == $type || GetCtype($part) == "multipart/alternative") {
array_push($entities,$part); array_push($entities,$part);
} }
} }
} else { } else {
$errors['Invalid or Corrupt MIME Detected.'] = true; $errors['Invalid or Corrupt MIME Detected.'] = true;
} }
return $entities; return $entities;
} }
// Wrapper script for htmlfilter. Settings taken // Wrapper script for htmlfilter. Settings taken
// from SquirrelMail // from SquirrelMail
function sanitizeHTML($body) { function sanitizeHTML($body) {
if (isset($_COOKIE['lang']) && if (isset($_COOKIE['lang']) && file_exists("img/".substr($_COOKIE['lang'],0,2).".blocked_img.png")) {
file_exists("img/".substr($_COOKIE['lang'],0,2).".blocked_img.png")) { $secremoveimg = "img/".substr($_COOKIE['lang'],0,2).".blocked_img.png";
$secremoveimg = "img/".substr($_COOKIE['lang'],0,2).".blocked_img.png"; } else {
} else { $secremoveimg = "img/blocked_img.png";
$secremoveimg = "img/blocked_img.png"; }
} $tag_list = Array(
$tag_list = Array( false,
false, "object",
"object", "meta",
"meta", "html",
"html", "head",
"head", "base",
"base", "link",
"link", "frame",
"frame", "iframe",
"iframe", "plaintext",
"plaintext", "marquee"
"marquee" );
);
$rm_tags_with_content = Array( $rm_tags_with_content = Array(
"script", "script",
"applet", "applet",
"embed", "embed",
"title", "title",
"frameset", "frameset",
"xml", "xml",
"style" "style"
); );
$self_closing_tags = Array( $self_closing_tags = Array(
"img", "img",
"br", "br",
"hr", "hr",
"input" "input"
); );
$force_tag_closing = true; $force_tag_closing = true;
$rm_attnames = Array( $rm_attnames = Array(
"/.*/" => "/.*/" =>
Array( Array(
"/target/i", "/target/i",
"/^on.*/i", "/^on.*/i",
"/^dynsrc/i", "/^dynsrc/i",
"/^data.*/i", "/^data.*/i",
"/^lowsrc.*/i" "/^lowsrc.*/i"
) )
); );
$bad_attvals = Array( $bad_attvals = Array(
"/.*/" => "/.*/" =>
Array( Array(
"/^src|background/i" => "/^src|background/i" =>
Array( Array(
Array( Array(
"/^([\'\"])\s*\S+script\s*:.*([\'\"])/si", "/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
"/^([\'\"])\s*mocha\s*:*.*([\'\"])/si", "/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
"/^([\'\"])\s*about\s*:.*([\'\"])/si", "/^([\'\"])\s*about\s*:.*([\'\"])/si",
"/^([\'\"])\s*https*:.*([\'\"])/si", "/^([\'\"])\s*https*:.*([\'\"])/si",
"/^([\'\"])\s*cid*:.*([\'\"])/si" "/^([\'\"])\s*cid*:.*([\'\"])/si"
), ),
Array( Array(
"\\1$secremoveimg\\2", "\\1$secremoveimg\\2",
"\\1$secremoveimg\\2", "\\1$secremoveimg\\2",
"\\1$secremoveimg\\2", "\\1$secremoveimg\\2",
"\\1$secremoveimg\\2", "\\1$secremoveimg\\2",
"\\1$secremoveimg\\2" "\\1$secremoveimg\\2"
) )
), ),
"/^href|action/i" => "/^href|action/i" =>
Array( Array(
Array( Array(
"/^([\'\"])\s*\S+script\s*:.*([\'\"])/si", "/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
"/^([\'\"])\s*mocha\s*:*.*([\'\"])/si", "/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
"/^([\'\"])\s*about\s*:.*([\'\"])/si" "/^([\'\"])\s*about\s*:.*([\'\"])/si"
), ),
Array( Array(
"\\1#\\1", "\\1#\\1",
"\\1#\\1", "\\1#\\1",
"\\1#\\1", "\\1#\\1",
"\\1#\\1" "\\1#\\1"
) )
), ),
"/^style/i" => "/^style/i" =>
Array( Array(
Array( Array(
"/expression/i", "/expression/i",
"/binding/i", "/binding/i",
"/behaviou*r/i", "/behaviou*r/i",
"/include-source/i", "/include-source/i",
"/url\s*\(\s*([\'\"])\s*\S+script\s*:.*([\'\"])\s*\)/si", "/url\s*\(\s*([\'\"])\s*\S+script\s*:.*([\'\"])\s*\)/si",
"/url\s*\(\s*([\'\"])\s*mocha\s*:.*([\'\"])\s*\)/si", "/url\s*\(\s*([\'\"])\s*mocha\s*:.*([\'\"])\s*\)/si",
"/url\s*\(\s*([\'\"])\s*about\s*:.*([\'\"])\s*\)/si", "/url\s*\(\s*([\'\"])\s*about\s*:.*([\'\"])\s*\)/si",
"/(.*)\s*:\s*url\s*\(\s*([\'\"]*)\s*\S+script\s*:.*([\'\"]*)\s*\)/si", "/(.*)\s*:\s*url\s*\(\s*([\'\"]*)\s*\S+script\s*:.*([\'\"]*)\s*\)/si",
"/url\(([\'\"])\s*https*:.*([\'\"])\)/si" "/url\(([\'\"])\s*https*:.*([\'\"])\)/si"
), ),
Array( Array(
"idiocy", "idiocy",
"idiocy", "idiocy",
"idiocy", "idiocy",
"idiocy", "idiocy",
"url(\\1#\\1)", "url(\\1#\\1)",
"url(\\1#\\1)", "url(\\1#\\1)",
"url(\\1#\\1)", "url(\\1#\\1)",
"url(\\1#\\1)", "url(\\1#\\1)",
"url(\\1#\\1)", "url(\\1#\\1)",
"\\1:url(\\2#\\3)", "\\1:url(\\2#\\3)",
"url(\\1$secremoveimg\\1)" "url(\\1$secremoveimg\\1)"
) )
) )
) )
); );
$add_attr_to_tag = Array( $add_attr_to_tag = Array("/^a$/i" => Array('target'=>'"_new"'));
"/^a$/i" =>
Array('target'=>'"_new"'
)
);
$trusted_html = sanitize($body, $trusted_html = sanitize($body,
$tag_list, $tag_list,
$rm_tags_with_content, $rm_tags_with_content,
$self_closing_tags, $self_closing_tags,
$force_tag_closing, $force_tag_closing,
$rm_attnames, $rm_attnames,
$bad_attvals, $bad_attvals,
$add_attr_to_tag $add_attr_to_tag
); );
return $trusted_html; return $trusted_html;
} }
?>

14
lib/PHPMailer.class.php
View File

@ -223,7 +223,7 @@ class PHPMailer
var $LE = "\n"; var $LE = "\n";
/**#@-*/ /**#@-*/
///////////////////////////////////////////////// /////////////////////////////////////////////////
// CONSTRUCTOR // CONSTRUCTOR
///////////////////////////////////////////////// /////////////////////////////////////////////////
/** /**
@ -371,7 +371,7 @@ class PHPMailer
* @return bool * @return bool
*/ */
function Send() { function Send() {
$header = ""; $header = "";
$body = ""; $body = "";
$result = true; $result = true;
@ -468,8 +468,7 @@ class PHPMailer
$old_from = ini_get("sendmail_from"); $old_from = ini_get("sendmail_from");
ini_set("sendmail_from", $this->Sender); ini_set("sendmail_from", $this->Sender);
$params = sprintf("-oi -f %s", $this->Sender); $params = sprintf("-oi -f %s", $this->Sender);
$rt = @mail($to, $this->EncodeHeader($this->Subject), $body, $rt = @mail($to, $this->EncodeHeader($this->Subject), $body, $header, $params);
$header, $params);
} }
else else
$rt = @mail($to, $this->EncodeHeader($this->Subject), $body, $header); $rt = @mail($to, $this->EncodeHeader($this->Subject), $body, $header);
@ -588,8 +587,7 @@ class PHPMailer
if($this->SMTPAuth) if($this->SMTPAuth)
{ {
if(!$this->smtp->Authenticate($this->Username, if(!$this->smtp->Authenticate($this->Username, $this->Password))
$this->Password))
{ {
$this->SetError($this->Lang("authenticate")); $this->SetError($this->Lang("authenticate"));
$this->smtp->Reset(); $this->smtp->Reset();
@ -685,8 +683,7 @@ class PHPMailer
$formatted = $addr[0]; $formatted = $addr[0];
else else
{ {
$formatted = $this->EncodeHeader($addr[1], 'phrase') . " <" . $formatted = $this->EncodeHeader($addr[1], 'phrase') . " <" . $addr[0] . ">";
$addr[0] . ">";
} }
return $formatted; return $formatted;
@ -1537,5 +1534,4 @@ class PHPMailer
$this->CustomHeader[] = explode(":", $custom_header, 2); $this->CustomHeader[] = explode(":", $custom_header, 2);
} }
} }
?> ?>

13
lib/Pager.class.php
View File

@ -73,7 +73,6 @@ class Pager {
var $text_class; var $text_class;
var $text_style; var $text_style;
/** /**
* Pager Constructor * Pager Constructor
* Sets up Pager variables and initializes values * Sets up Pager variables and initializes values
@ -102,7 +101,6 @@ class Pager {
$this->initQueryString(); $this->initQueryString();
} }
/** /**
* Print out the pages as links * Print out the pages as links
* Prints out a table of all the pages as links * Prints out a table of all the pages as links
@ -212,15 +210,14 @@ class Pager {
* @param none * @param none
*/ */
function initQueryString() { function initQueryString() {
if (isset($_SERVER['QUERY_STRING'])) { if (isset($_SERVER['QUERY_STRING'])) {
// Remove page from query string and convert all "&" to "&amp;" // Remove page from query string and convert all "&" to "&amp;"
$this->query_string = str_replace('&', '&amp;', preg_replace("/(&|&amp;)?$this->page_var=\d*/",'',$_SERVER['QUERY_STRING'])); $this->query_string = str_replace('&', '&amp;', preg_replace("/(&|&amp;)?$this->page_var=\d*/",'',$_SERVER['QUERY_STRING']));
// Insert limit into querystring, if it's not there // Insert limit into querystring, if it's not there
if ( !strstr($this->query_string, "$this->limit_var=") ) if ( !strstr($this->query_string, "$this->limit_var=") )
$this->query_string .= "&amp;$this->limit_var=" . $this->limit; $this->query_string .= "&amp;$this->limit_var=" . $this->limit;
} } else {
else {
$this->query_string = ''; $this->query_string = '';
} }
@ -249,8 +246,7 @@ class Pager {
function printPage($p) { function printPage($p) {
if ($p == $this->cur_page) { if ($p == $this->cur_page) {
echo " <b>[$p]</b> "; echo " <b>[$p]</b> ";
} } else {
else {
$this->printLink($p, $p); $this->printLink($p, $p);
} }
} }
@ -292,8 +288,7 @@ class Pager {
'', '',
'Page ' . $page 'Page ' . $page
); );
} } else {
else {
echo ' <a href="' . $_SERVER['PHP_SELF'] . "?$this->page_var=$page&amp;" . $this->query_string . '"' echo ' <a href="' . $_SERVER['PHP_SELF'] . "?$this->page_var=$page&amp;" . $this->query_string . '"'
. ' class="$this->class"' . ' class="$this->class"'
. '>' . '>'

4
lib/Smtp.class.php
View File

@ -1034,6 +1034,4 @@ class SMTP
} }
} }
?>
?>

4
lib/Template.class.php
View File

@ -74,7 +74,6 @@ class Template {
<?php <?php
} }
/** /**
* Print welcome header message * Print welcome header message
* This function prints out a table welcoming * This function prints out a table welcoming
@ -123,7 +122,6 @@ class Template {
<?php <?php
} }
/** /**
* Start main HTML table * Start main HTML table
* @param none * @param none
@ -137,7 +135,6 @@ class Template {
<?php <?php
} }
/** /**
* End main HTML table * End main HTML table
* @param none * @param none
@ -150,7 +147,6 @@ class Template {
<?php <?php
} }
/** /**
* Print HTML footer * Print HTML footer
* This function prints out a tech email * This function prints out a tech email

498
lib/htmlfilter.php
View File

@ -43,9 +43,9 @@
* @param $message A string with the message to output. * @param $message A string with the message to output.
* @return void. * @return void.
*/ */
function spew($message){ function spew($message) {
global $debug; global $debug;
if ($debug == true){ if ($debug == true) {
echo "$message"; echo "$message";
} }
} }
@ -60,20 +60,20 @@ function spew($message){
* @param $tagtype The type of the tag (see in comments). * @param $tagtype The type of the tag (see in comments).
* @return a string with the final tag representation. * @return a string with the final tag representation.
*/ */
function tagprint($tagname, $attary, $tagtype){ function tagprint($tagname, $attary, $tagtype) {
$me = 'tagprint'; $me = 'tagprint';
if ($tagtype == 2){ if ($tagtype == 2) {
$fulltag = '</' . $tagname . '>'; $fulltag = '</' . $tagname . '>';
} else { } else {
$fulltag = '<' . $tagname; $fulltag = '<' . $tagname;
if (is_array($attary) && sizeof($attary)){ if (is_array($attary) && sizeof($attary)) {
$atts = Array(); $atts = Array();
while (list($attname, $attvalue) = each($attary)){ while (list($attname, $attvalue) = each($attary)) {
array_push($atts, "$attname=$attvalue"); array_push($atts, "$attname=$attvalue");
} }
$fulltag .= ' ' . join(' ', $atts); $fulltag .= ' ' . join(' ', $atts);
} }
if ($tagtype == 3){ if ($tagtype == 3) {
$fulltag .= ' /'; $fulltag .= ' /';
} }
$fulltag .= '>'; $fulltag .= '>';
@ -89,7 +89,7 @@ function tagprint($tagname, $attary, $tagtype){
* @param $val a value passed by-ref. * @param $val a value passed by-ref.
* @return void since it modifies a by-ref value. * @return void since it modifies a by-ref value.
*/ */
function casenormalize(&$val){ function casenormalize(&$val) {
$val = strtolower($val); $val = strtolower($val);
} }
@ -103,10 +103,10 @@ function casenormalize(&$val){
* @return the location within the $body where the next * @return the location within the $body where the next
* non-whitespace char is located. * non-whitespace char is located.
*/ */
function skipspace($body, $offset){ function skipspace($body, $offset) {
$me = 'skipspace'; $me = 'skipspace';
preg_match('/^(\s*)/s', substr($body, $offset), $matches); preg_match('/^(\s*)/s', substr($body, $offset), $matches);
if (sizeof($matches{1})){ if (sizeof($matches{1})) {
$count = strlen($matches{1}); $count = strlen($matches{1});
spew("$me: skipped $count chars\n"); spew("$me: skipped $count chars\n");
$offset += $count; $offset += $count;
@ -125,10 +125,10 @@ function skipspace($body, $offset){
* @return location of the next occurance of the needle, or * @return location of the next occurance of the needle, or
* strlen($body) if needle wasn't found. * strlen($body) if needle wasn't found.
*/ */
function findnxstr($body, $offset, $needle){ function findnxstr($body, $offset, $needle) {
$me = 'findnxstr'; $me = 'findnxstr';
$pos = strpos($body, $needle, $offset); $pos = strpos($body, $needle, $offset);
if ($pos === FALSE){ if ($pos === FALSE) {
$pos = strlen($body); $pos = strlen($body);
spew("$me: end of body reached\n"); spew("$me: end of body reached\n");
} }
@ -149,13 +149,13 @@ function findnxstr($body, $offset, $needle){
* - string with whatever content between offset and the match * - string with whatever content between offset and the match
* - string with whatever it is we matched * - string with whatever it is we matched
*/ */
function findnxreg($body, $offset, $reg){ function findnxreg($body, $offset, $reg) {
$me = 'findnxreg'; $me = 'findnxreg';
$matches = Array(); $matches = Array();
$retarr = Array(); $retarr = Array();
$preg_rule = '%^(.*?)(' . $reg . ')%s'; $preg_rule = '%^(.*?)(' . $reg . ')%s';
preg_match($preg_rule, substr($body, $offset), $matches); preg_match($preg_rule, substr($body, $offset), $matches);
if (!isset($matches{0})){ if (!isset($matches{0})) {
spew("$me: No matches found.\n"); spew("$me: No matches found.\n");
$retarr = false; $retarr = false;
} else { } else {
@ -181,14 +181,14 @@ function findnxreg($body, $offset, $reg){
* - integer where the tag ends (ending ">") * - integer where the tag ends (ending ">")
* first three members will be false, if the tag is invalid. * first three members will be false, if the tag is invalid.
*/ */
function getnxtag($body, $offset){ function getnxtag($body, $offset) {
$me = 'getnxtag'; $me = 'getnxtag';
if ($offset > strlen($body)){ if ($offset > strlen($body)) {
spew("$me: Past the end of body\n"); spew("$me: Past the end of body\n");
return false; return false;
} }
$lt = findnxstr($body, $offset, '<'); $lt = findnxstr($body, $offset, '<');
if ($lt == strlen($body)){ if ($lt == strlen($body)) {
spew("$me: No more tags found!\n"); spew("$me: No more tags found!\n");
return false; return false;
} }
@ -199,7 +199,7 @@ function getnxtag($body, $offset){
*/ */
spew("$me: Found '<' at pos $lt\n"); spew("$me: Found '<' at pos $lt\n");
$pos = skipspace($body, $lt + 1); $pos = skipspace($body, $lt + 1);
if ($pos >= strlen($body)){ if ($pos >= strlen($body)) {
spew("$me: End of body reached.\n"); spew("$me: End of body reached.\n");
return Array(false, false, false, $lt, strlen($body)); return Array(false, false, false, $lt, strlen($body));
} }
@ -213,38 +213,38 @@ function getnxtag($body, $offset){
* <img src="blah"/> * <img src="blah"/>
*/ */
$tagtype = false; $tagtype = false;
switch (substr($body, $pos, 1)){ switch (substr($body, $pos, 1)) {
case '/': case '/':
spew("$me: This is a closing tag (type 2)\n"); spew("$me: This is a closing tag (type 2)\n");
$tagtype = 2; $tagtype = 2;
$pos++; $pos++;
break; break;
case '!': case '!':
/** /**
* A comment or an SGML declaration. * A comment or an SGML declaration.
*/ */
if (substr($body, $pos+1, 2) == '--'){ if (substr($body, $pos+1, 2) == '--') {
spew("$me: A comment found. Stripping.\n"); spew("$me: A comment found. Stripping.\n");
$gt = strpos($body, '-->', $pos); $gt = strpos($body, '-->', $pos);
if ($gt === false){ if ($gt === false) {
$gt = strlen($body); $gt = strlen($body);
} else {
$gt += 2;
}
return Array(false, false, false, $lt, $gt);
} else { } else {
$gt += 2; spew("$me: An SGML declaration found. Stripping.\n");
$gt = findnxstr($body, $pos, '>');
return Array(false, false, false, $lt, $gt);
} }
return Array(false, false, false, $lt, $gt); break;
} else { default:
spew("$me: An SGML declaration found. Stripping.\n"); /**
$gt = findnxstr($body, $pos, '>'); * Assume tagtype 1 for now. If it's type 3, we'll switch values
return Array(false, false, false, $lt, $gt); * later.
} */
break; $tagtype = 1;
default: break;
/**
* Assume tagtype 1 for now. If it's type 3, we'll switch values
* later.
*/
$tagtype = 1;
break;
} }
$tag_start = $pos; $tag_start = $pos;
@ -268,45 +268,45 @@ function getnxtag($body, $offset){
* *
* Whatever else we find there indicates an invalid tag. * Whatever else we find there indicates an invalid tag.
*/ */
switch ($match){ switch ($match) {
case '/': case '/':
/**
* This is an xhtml-style tag with a closing / at the
* end, like so: <img src="blah"/>. Check if it's followed
* by the closing bracket. If not, then this tag is invalid
*/
if (substr($body, $pos, 2) == '/>'){
spew("$me: XHTML-style tag found.\n");
$pos++;
spew("$me: Setting tagtype to 3\n");
$tagtype = 3;
} else {
spew("$me: Found invalid character '/'.\n");
$gt = findnxstr($body, $pos, '>');
spew("$me: Tag is invalid. Returning.\n");
$retary = Array(false, false, false, $lt, $gt);
return $retary;
}
case '>':
spew("$me: End of tag found at $pos\n");
spew("$me: Tagname is '$tagname'\n");
spew("$me: This tag has no attributes\n");
return Array($tagname, false, $tagtype, $lt, $pos);
break;
default:
/**
* Check if it's whitespace
*/
if (preg_match('/\s/', $match)){
spew("$me: Tagname is '$tagname'\n");
} else {
/** /**
* This is an invalid tag! Look for the next closing ">". * This is an xhtml-style tag with a closing / at the
* end, like so: <img src="blah"/>. Check if it's followed
* by the closing bracket. If not, then this tag is invalid
*/ */
spew("$me: Invalid characters found in tag name: $match\n"); if (substr($body, $pos, 2) == '/>') {
$gt = findnxstr($body, $lt, '>'); spew("$me: XHTML-style tag found.\n");
return Array(false, false, false, $lt, $gt); $pos++;
} spew("$me: Setting tagtype to 3\n");
$tagtype = 3;
} else {
spew("$me: Found invalid character '/'.\n");
$gt = findnxstr($body, $pos, '>');
spew("$me: Tag is invalid. Returning.\n");
$retary = Array(false, false, false, $lt, $gt);
return $retary;
}
case '>':
spew("$me: End of tag found at $pos\n");
spew("$me: Tagname is '$tagname'\n");
spew("$me: This tag has no attributes\n");
return Array($tagname, false, $tagtype, $lt, $pos);
break;
default:
/**
* Check if it's whitespace
*/
if (preg_match('/\s/', $match)){
spew("$me: Tagname is '$tagname'\n");
} else {
/**
* This is an invalid tag! Look for the next closing ">".
*/
spew("$me: Invalid characters found in tag name: $match\n");
$gt = findnxstr($body, $lt, '>');
return Array(false, false, false, $lt, $gt);
}
} }
/** /**
@ -320,9 +320,9 @@ function getnxtag($body, $offset){
$atttype = false; $atttype = false;
$attary = Array(); $attary = Array();
while ($pos <= strlen($body)){ while ($pos <= strlen($body)) {
$pos = skipspace($body, $pos); $pos = skipspace($body, $pos);
if ($pos == strlen($body)){ if ($pos == strlen($body)) {
/** /**
* Non-closed tag. * Non-closed tag.
*/ */
@ -335,13 +335,13 @@ function getnxtag($body, $offset){
*/ */
$matches = Array(); $matches = Array();
preg_match('%^(\s*)(>|/>)%s', substr($body, $pos), $matches); preg_match('%^(\s*)(>|/>)%s', substr($body, $pos), $matches);
if (isset($matches{0}) && $matches{0}){ if (isset($matches{0}) && $matches{0}) {
/** /**
* Yep. So we did. * Yep. So we did.
*/ */
spew("$me: Arrived at the end of the tag.\n"); spew("$me: Arrived at the end of the tag.\n");
$pos += strlen($matches{1}); $pos += strlen($matches{1});
if ($matches{2} == '/>'){ if ($matches{2} == '/>') {
$tagtype = 3; $tagtype = 3;
$pos++; $pos++;
} }
@ -366,7 +366,7 @@ function getnxtag($body, $offset){
* attrname="yes". * attrname="yes".
*/ */
$regary = findnxreg($body, $pos, '[^\w\-_]'); $regary = findnxreg($body, $pos, '[^\w\-_]');
if ($regary == false){ if ($regary == false) {
/** /**
* Looks like body ended before the end of tag. * Looks like body ended before the end of tag.
*/ */
@ -385,121 +385,121 @@ function getnxtag($body, $offset){
* '\s' means a lot of things -- look what it's followed by. * '\s' means a lot of things -- look what it's followed by.
* anything else means the attribute is invalid. * anything else means the attribute is invalid.
*/ */
switch($match){ switch($match) {
case '/': case '/':
/**
* This is an xhtml-style tag with a closing / at the
* end, like so: <img src="blah"/>. Check if it's followed
* by the closing bracket. If not, then this tag is invalid
*/
if (substr($body, $pos, 2) == '/>'){
spew("$me: This is an xhtml-style tag.\n");
$pos++;
spew("$me: Setting tagtype to 3\n");
$tagtype = 3;
} else {
spew("$me: Found invalid character '/'.\n");
$gt = findnxstr($body, $pos, '>');
spew("$me: Tag is invalid. Returning.\n");
$retary = Array(false, false, false, $lt, $gt);
return $retary;
}
case '>':
spew("$me: found type 4 attribute.\n");
spew("$me: Additionally, end of tag found at $pos\n");
spew("$me: Attname is '$attname'\n");
spew("$me: Setting attvalue to 'yes'\n");
$attary{$attname} = '"yes"';
return Array($tagname, $attary, $tagtype, $lt, $pos);
break;
default:
/**
* Skip whitespace and see what we arrive at.
*/
$pos = skipspace($body, $pos);
$char = substr($body, $pos, 1);
/**
* Two things are valid here:
* '=' means this is attribute type 1 2 or 3.
* \w means this was attribute type 4.
* anything else we ignore and re-loop. End of tag and
* invalid stuff will be caught by our checks at the beginning
* of the loop.
*/
if ($char == '='){
spew("$me: Attribute type 1, 2, or 3 found.\n");
$pos++;
$pos = skipspace($body, $pos);
/** /**
* Here are 3 possibilities: * This is an xhtml-style tag with a closing / at the
* "'" attribute type 1 * end, like so: <img src="blah"/>. Check if it's followed
* '"' attribute type 2 * by the closing bracket. If not, then this tag is invalid
* everything else is the content of tag type 3
*/ */
$quot = substr($body, $pos, 1); if (substr($body, $pos, 2) == '/>') {
if ($quot == '\''){ spew("$me: This is an xhtml-style tag.\n");
spew("$me: In fact, this is attribute type 1\n");
spew("$me: looking for closing quote\n");
$regary = findnxreg($body, $pos+1, '\'');
if ($regary == false){
spew("$me: end of body reached before end of val\n");
spew("$me: Returning\n");
return Array(false, false, false, $lt, strlen($body));
}
list($pos, $attval, $match) = $regary;
spew("$me: Attvalue is '$attval'\n");
$pos++; $pos++;
$attary{$attname} = '\'' . $attval . '\''; spew("$me: Setting tagtype to 3\n");
} else if ($quot == '"'){ $tagtype = 3;
spew("$me: In fact, this is attribute type 2\n");
spew("$me: looking for closing quote\n");
$regary = findnxreg($body, $pos+1, '\"');
if ($regary == false){
spew("$me: end of body reached before end of val\n");
spew("$me: Returning\n");
return Array(false, false, false, $lt, strlen($body));
}
list($pos, $attval, $match) = $regary;
spew("$me: Attvalue is \"$attval\"\n");
$pos++;
$attary{$attname} = '"' . $attval . '"';
} else { } else {
spew("$me: This looks like attribute type 3\n"); spew("$me: Found invalid character '/'.\n");
/** $gt = findnxstr($body, $pos, '>');
* These are hateful. Look for \s, or >. spew("$me: Tag is invalid. Returning.\n");
*/ $retary = Array(false, false, false, $lt, $gt);
spew("$me: Looking for end of attval\n"); return $retary;
$regary = findnxreg($body, $pos, '[\s>]');
if ($regary == false){
spew("$me: end of body reached before end of val\n");
spew("$me: Returning\n");
return Array(false, false, false, $lt, strlen($body));
}
list($pos, $attval, $match) = $regary;
/**
* If it's ">" it will be caught at the top.
*/
spew("$me: translating '\"' into &quot;\n");
$attval = preg_replace('/\"/s', '&quot;', $attval);
spew("$me: wrapping in quotes\n");
$attary{$attname} = '"' . $attval . '"';
} }
} else if (preg_match('|[\w/>]|', $char)) { case '>':
/** spew("$me: found type 4 attribute.\n");
* That was attribute type 4. spew("$me: Additionally, end of tag found at $pos\n");
*/ spew("$me: Attname is '$attname'\n");
spew("$me: attribute type 4 found.\n"); spew("$me: Setting attvalue to 'yes'\n");
spew("$me: Setting value to 'yes'\n");
$attary{$attname} = '"yes"'; $attary{$attname} = '"yes"';
} else { return Array($tagname, $attary, $tagtype, $lt, $pos);
break;
default:
/** /**
* An illegal character. Find next '>' and return. * Skip whitespace and see what we arrive at.
*/ */
spew("$me: illegal character '$char' found.\n"); $pos = skipspace($body, $pos);
spew("$me: returning\n"); $char = substr($body, $pos, 1);
$gt = findnxstr($body, $pos, '>'); /**
return Array(false, false, false, $lt, $gt); * Two things are valid here:
} * '=' means this is attribute type 1 2 or 3.
* \w means this was attribute type 4.
* anything else we ignore and re-loop. End of tag and
* invalid stuff will be caught by our checks at the beginning
* of the loop.
*/
if ($char == '=') {
spew("$me: Attribute type 1, 2, or 3 found.\n");
$pos++;
$pos = skipspace($body, $pos);
/**
* Here are 3 possibilities:
* "'" attribute type 1
* '"' attribute type 2
* everything else is the content of tag type 3
*/
$quot = substr($body, $pos, 1);
if ($quot == '\'') {
spew("$me: In fact, this is attribute type 1\n");
spew("$me: looking for closing quote\n");
$regary = findnxreg($body, $pos+1, '\'');
if ($regary == false) {
spew("$me: end of body reached before end of val\n");
spew("$me: Returning\n");
return Array(false, false, false, $lt, strlen($body));
}
list($pos, $attval, $match) = $regary;
spew("$me: Attvalue is '$attval'\n");
$pos++;
$attary{$attname} = '\'' . $attval . '\'';
} else if ($quot == '"') {
spew("$me: In fact, this is attribute type 2\n");
spew("$me: looking for closing quote\n");
$regary = findnxreg($body, $pos+1, '\"');
if ($regary == false) {
spew("$me: end of body reached before end of val\n");
spew("$me: Returning\n");
return Array(false, false, false, $lt, strlen($body));
}
list($pos, $attval, $match) = $regary;
spew("$me: Attvalue is \"$attval\"\n");
$pos++;
$attary{$attname} = '"' . $attval . '"';
} else {
spew("$me: This looks like attribute type 3\n");
/**
* These are hateful. Look for \s, or >.
*/
spew("$me: Looking for end of attval\n");
$regary = findnxreg($body, $pos, '[\s>]');
if ($regary == false) {
spew("$me: end of body reached before end of val\n");
spew("$me: Returning\n");
return Array(false, false, false, $lt, strlen($body));
}
list($pos, $attval, $match) = $regary;
/**
* If it's ">" it will be caught at the top.
*/
spew("$me: translating '\"' into &quot;\n");
$attval = preg_replace('/\"/s', '&quot;', $attval);
spew("$me: wrapping in quotes\n");
$attary{$attname} = '"' . $attval . '"';
}
} else if (preg_match('|[\w/>]|', $char)) {
/**
* That was attribute type 4.
*/
spew("$me: attribute type 4 found.\n");
spew("$me: Setting value to 'yes'\n");
$attary{$attname} = '"yes"';
} else {
/**
* An illegal character. Find next '>' and return.
*/
spew("$me: illegal character '$char' found.\n");
spew("$me: returning\n");
$gt = findnxstr($body, $pos, '>');
return Array(false, false, false, $lt, $gt);
}
} }
} }
/** /**
@ -518,18 +518,18 @@ function getnxtag($body, $offset){
* @param $hex whether the entites are hexadecimal. * @param $hex whether the entites are hexadecimal.
* @return True or False depending on whether there were matches. * @return True or False depending on whether there were matches.
*/ */
function deent(&$attvalue, $regex, $hex=false){ function deent(&$attvalue, $regex, $hex=false) {
$me = 'deent'; $me = 'deent';
spew("$me: matching '$regex' against: $attvalue\n"); spew("$me: matching '$regex' against: $attvalue\n");
$ret_match = false; $ret_match = false;
preg_match_all($regex, $attvalue, $matches); preg_match_all($regex, $attvalue, $matches);
if (is_array($matches) && sizeof($matches[0]) > 0){ if (is_array($matches) && sizeof($matches[0]) > 0) {
spew("$me: found " . sizeof($matches[0]) . " matches\n"); spew("$me: found " . sizeof($matches[0]) . " matches\n");
$repl = Array(); $repl = Array();
for ($i = 0; $i < sizeof($matches[0]); $i++){ for ($i = 0; $i < sizeof($matches[0]); $i++) {
$numval = $matches[1][$i]; $numval = $matches[1][$i];
spew("$me: numval is $numval\n"); spew("$me: numval is $numval\n");
if ($hex){ if ($hex) {
$numval = hexdec($numval); $numval = hexdec($numval);
spew("$me: hex! Numval is now $numval\n"); spew("$me: hex! Numval is now $numval\n");
} }
@ -552,14 +552,15 @@ function deent(&$attvalue, $regex, $hex=false){
* @param $attvalue A string to run entity check against. * @param $attvalue A string to run entity check against.
* @return Nothing, modifies a reference value. * @return Nothing, modifies a reference value.
*/ */
function defang(&$attvalue){ function defang(&$attvalue) {
$me = 'defang'; $me = 'defang';
/** /**
* Skip this if there aren't ampersands or backslashes. * Skip this if there aren't ampersands or backslashes.
*/ */
spew("$me: Checking '$attvalue' for suspicious content\n"); spew("$me: Checking '$attvalue' for suspicious content\n");
if (strpos($attvalue, '&') === false if (strpos($attvalue, '&') === false
&& strpos($attvalue, '\\') === false){ && strpos($attvalue, '\\') === false)
{
spew("$me: no suspicious content found, returning.\n"); spew("$me: no suspicious content found, returning.\n");
return; return;
} }
@ -585,7 +586,7 @@ function defang(&$attvalue){
*/ */
function unspace(&$attvalue){ function unspace(&$attvalue){
$me = 'unspace'; $me = 'unspace';
if (strcspn($attvalue, "\t\r\n\0 ") != strlen($attvalue)){ if (strcspn($attvalue, "\t\r\n\0 ") != strlen($attvalue)) {
spew("$me: Killing whitespace.\n"); spew("$me: Killing whitespace.\n");
$attvalue = str_replace(Array("\t", "\r", "\n", "\0", " "), $attvalue = str_replace(Array("\t", "\r", "\n", "\0", " "),
Array('', '', ''), $attvalue); Array('', '', ''), $attvalue);
@ -603,22 +604,17 @@ function unspace(&$attvalue){
* @param $add_attr_to_tag See description for sanitize * @param $add_attr_to_tag See description for sanitize
* @return Array with modified attributes. * @return Array with modified attributes.
*/ */
function fixatts($tagname, function fixatts($tagname, $attary, $rm_attnames, $bad_attvals, $add_attr_to_tag) {
$attary,
$rm_attnames,
$bad_attvals,
$add_attr_to_tag
){
$me = 'fixatts'; $me = 'fixatts';
spew("$me: Fixing attributes\n"); spew("$me: Fixing attributes\n");
while (list($attname, $attvalue) = each($attary)){ while (list($attname, $attvalue) = each($attary)) {
/** /**
* See if this attribute should be removed. * See if this attribute should be removed.
*/ */
foreach ($rm_attnames as $matchtag=>$matchattrs){ foreach ($rm_attnames as $matchtag=>$matchattrs) {
if (preg_match($matchtag, $tagname)){ if (preg_match($matchtag, $tagname)) {
foreach ($matchattrs as $matchattr){ foreach ($matchattrs as $matchattr) {
if (preg_match($matchattr, $attname)){ if (preg_match($matchattr, $attname)) {
spew("$me: Attribute '$attname' defined as bad.\n"); spew("$me: Attribute '$attname' defined as bad.\n");
spew("$me: Removing.\n"); spew("$me: Removing.\n");
unset($attary{$attname}); unset($attary{$attname});
@ -639,10 +635,10 @@ function fixatts($tagname,
* get in touch with me so I can drive to where you live and * get in touch with me so I can drive to where you live and
* shake your hand personally. :) * shake your hand personally. :)
*/ */
foreach ($bad_attvals as $matchtag=>$matchattrs){ foreach ($bad_attvals as $matchtag=>$matchattrs) {
if (preg_match($matchtag, $tagname)){ if (preg_match($matchtag, $tagname)) {
foreach ($matchattrs as $matchattr=>$valary){ foreach ($matchattrs as $matchattr=>$valary) {
if (preg_match($matchattr, $attname)){ if (preg_match($matchattr, $attname)) {
/** /**
* There are two arrays in valary. * There are two arrays in valary.
* First is matches. * First is matches.
@ -650,7 +646,7 @@ function fixatts($tagname,
*/ */
list($valmatch, $valrepl) = $valary; list($valmatch, $valrepl) = $valary;
$newvalue = preg_replace($valmatch,$valrepl,$attvalue); $newvalue = preg_replace($valmatch,$valrepl,$attvalue);
if ($newvalue != $attvalue){ if ($newvalue != $attvalue) {
spew("$me: attvalue is now $newvalue\n"); spew("$me: attvalue is now $newvalue\n");
$attary{$attname} = $newvalue; $attary{$attname} = $newvalue;
} }
@ -662,8 +658,8 @@ function fixatts($tagname,
/** /**
* See if we need to append any attributes to this tag. * See if we need to append any attributes to this tag.
*/ */
foreach ($add_attr_to_tag as $matchtag=>$addattary){ foreach ($add_attr_to_tag as $matchtag=>$addattary) {
if (preg_match($matchtag, $tagname)){ if (preg_match($matchtag, $tagname)) {
$attary = array_merge($attary, $addattary); $attary = array_merge($attary, $addattary);
spew("$me: Added attributes to this tag\n"); spew("$me: Added attributes to this tag\n");
} }
@ -871,15 +867,7 @@ function fixatts($tagname,
* @param $add_attr_to_tag see description above * @param $add_attr_to_tag see description above
* @return sanitized html safe to show on your pages. * @return sanitized html safe to show on your pages.
*/ */
function sanitize($body, function sanitize($body, $tag_list, $rm_tags_with_content, $self_closing_tags, $force_tag_closing, $rm_attnames, $bad_attvals, $add_attr_to_tag) {
$tag_list,
$rm_tags_with_content,
$self_closing_tags,
$force_tag_closing,
$rm_attnames,
$bad_attvals,
$add_attr_to_tag
){
$me = 'sanitize'; $me = 'sanitize';
/** /**
* Normalize rm_tags and rm_tags_with_content. * Normalize rm_tags and rm_tags_with_content.
@ -903,22 +891,22 @@ function sanitize($body,
*/ */
$body = preg_replace('/&(\{.*?\};)/si', '&amp;\\1', $body); $body = preg_replace('/&(\{.*?\};)/si', '&amp;\\1', $body);
spew("$me: invoking the loop\n"); spew("$me: invoking the loop\n");
while (($curtag = getnxtag($body, $curpos)) != FALSE){ while (($curtag = getnxtag($body, $curpos)) != FALSE) {
list($tagname, $attary, $tagtype, $lt, $gt) = $curtag; list($tagname, $attary, $tagtype, $lt, $gt) = $curtag;
spew("$me: grabbing free-standing content\n"); spew("$me: grabbing free-standing content\n");
$free_content = substr($body, $curpos, $lt - $curpos); $free_content = substr($body, $curpos, $lt - $curpos);
spew("$me: " . strlen($free_content) . " chars grabbed\n"); spew("$me: " . strlen($free_content) . " chars grabbed\n");
if ($skip_content == false){ if ($skip_content == false) {
spew("$me: appending free content to trusted.\n"); spew("$me: appending free content to trusted.\n");
$trusted .= $free_content; $trusted .= $free_content;
} else { } else {
spew("$me: Skipping free content.\n"); spew("$me: Skipping free content.\n");
} }
if ($tagname != FALSE){ if ($tagname != FALSE) {
spew("$me: tagname is '$tagname'\n"); spew("$me: tagname is '$tagname'\n");
if ($tagtype == 2){ if ($tagtype == 2) {
spew("$me: This is a closing tag\n"); spew("$me: This is a closing tag\n");
if ($skip_content == $tagname){ if ($skip_content == $tagname) {
/** /**
* Got to the end of tag we needed to remove. * Got to the end of tag we needed to remove.
*/ */
@ -926,9 +914,8 @@ function sanitize($body,
$tagname = false; $tagname = false;
$skip_content = false; $skip_content = false;
} else { } else {
if ($skip_content == false){ if ($skip_content == false) {
if (isset($open_tags{$tagname}) && if (isset($open_tags{$tagname}) && $open_tags{$tagname} > 0) {
$open_tags{$tagname} > 0){
spew("$me: popping '$tagname' from open_tags\n"); spew("$me: popping '$tagname' from open_tags\n");
$open_tags{$tagname}--; $open_tags{$tagname}--;
} else { } else {
@ -949,8 +936,7 @@ function sanitize($body,
* See if this is a self-closing type and change * See if this is a self-closing type and change
* tagtype appropriately. * tagtype appropriately.
*/ */
if ($tagtype == 1 if ($tagtype == 1 && in_array($tagname, $self_closing_tags)) {
&& in_array($tagname, $self_closing_tags)){
spew("$me: Self-closing tag. Changing tagtype.\n"); spew("$me: Self-closing tag. Changing tagtype.\n");
$tagtype = 3; $tagtype = 3;
} }
@ -958,21 +944,19 @@ function sanitize($body,
* See if we should skip this tag and any content * See if we should skip this tag and any content
* inside it. * inside it.
*/ */
if ($tagtype == 1 if ($tagtype == 1 && in_array($tagname, $rm_tags_with_content)) {
&& in_array($tagname, $rm_tags_with_content)){
spew("$me: removing this tag with content\n"); spew("$me: removing this tag with content\n");
$skip_content = $tagname; $skip_content = $tagname;
} else { } else {
if (($rm_tags == false if (($rm_tags == false && in_array($tagname, $tag_list)) ||
&& in_array($tagname, $tag_list)) || ($rm_tags == true && !in_array($tagname, $tag_list)))
($rm_tags == true {
&& !in_array($tagname, $tag_list))){
spew("$me: Removing this tag.\n"); spew("$me: Removing this tag.\n");
$tagname = false; $tagname = false;
} else { } else {
if ($tagtype == 1){ if ($tagtype == 1) {
spew("$me: adding '$tagname' to open_tags\n"); spew("$me: adding '$tagname' to open_tags\n");
if (isset($open_tags{$tagname})){ if (isset($open_tags{$tagname})) {
$open_tags{$tagname}++; $open_tags{$tagname}++;
} else { } else {
$open_tags{$tagname} = 1; $open_tags{$tagname} = 1;
@ -981,12 +965,8 @@ function sanitize($body,
/** /**
* This is where we run other checks. * This is where we run other checks.
*/ */
if (is_array($attary) && sizeof($attary) > 0){ if (is_array($attary) && sizeof($attary) > 0) {
$attary = fixatts($tagname, $attary = fixatts($tagname, $attary, $rm_attnames, $bad_attvals, $add_attr_to_tag);
$attary,
$rm_attnames,
$bad_attvals,
$add_attr_to_tag);
} }
} }
} }
@ -994,7 +974,7 @@ function sanitize($body,
spew("$me: Skipping this tag\n"); spew("$me: Skipping this tag\n");
} }
} }
if ($tagname != false && $skip_content == false){ if ($tagname != false && $skip_content == false) {
spew("$me: Appending tag to trusted.\n"); spew("$me: Appending tag to trusted.\n");
$trusted .= tagprint($tagname, $attary, $tagtype); $trusted .= tagprint($tagname, $attary, $tagtype);
} }
@ -1005,9 +985,9 @@ function sanitize($body,
} }
spew("$me: Appending any leftover content\n"); spew("$me: Appending any leftover content\n");
$trusted .= substr($body, $curpos, strlen($body) - $curpos); $trusted .= substr($body, $curpos, strlen($body) - $curpos);
if ($force_tag_closing == true){ if ($force_tag_closing == true) {
foreach ($open_tags as $tagname=>$opentimes){ foreach ($open_tags as $tagname=>$opentimes) {
while ($opentimes > 0){ while ($opentimes > 0) {
spew("$me: '$tagname' left open. Closing by force.\n"); spew("$me: '$tagname' left open. Closing by force.\n");
$trusted .= '</' . $tagname . '>'; $trusted .= '</' . $tagname . '>';
$opentimes--; $opentimes--;