apply code-formating-cleanup-convert-DOS-to-UNIX-text-form from https://github.com/zedzedtop/mailzu
This commit is contained in:
parent
180aa514e9
commit
05196e9fb7
@ -37,9 +37,8 @@ else {
|
||||
*/
|
||||
|
||||
class AmavisdEngine {
|
||||
|
||||
var $socket; // Reference to socket
|
||||
var $port; // Amavisd spam release port
|
||||
var $socket; // Reference to socket
|
||||
var $port; // Amavisd spam release port
|
||||
var $connected; // Connection status
|
||||
var $last_error; // Last error message
|
||||
|
||||
@ -49,7 +48,6 @@ class AmavisdEngine {
|
||||
* $return object Amavisd object
|
||||
*/
|
||||
function AmavisdEngine($host) {
|
||||
|
||||
$this->socket = new Net_Socket();
|
||||
$this->port = $GLOBALS['conf']['amavisd']['spam_release_port'];
|
||||
$this->connected = false;
|
||||
@ -79,10 +77,9 @@ class AmavisdEngine {
|
||||
* @param $secret_id
|
||||
* @param $recipient
|
||||
* @result response
|
||||
*/
|
||||
*/
|
||||
|
||||
function release_message($mail_id, $secret_id, $recipient, $quar_type, $quar_loc) {
|
||||
|
||||
if (! $this->connected) {
|
||||
return $this->last_error;
|
||||
}
|
||||
@ -120,8 +117,6 @@ class AmavisdEngine {
|
||||
}
|
||||
|
||||
return $out;
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
@ -149,7 +149,6 @@ class Auth {
|
||||
|
||||
case "ad":
|
||||
case "ldap":
|
||||
|
||||
// Added this check for LDAP servers that switch to anonymous bind whenever
|
||||
// provided password is left blank
|
||||
if ($pass == '') return (translate ('Invalid User Name/Password.'));
|
||||
@ -160,7 +159,6 @@ class Auth {
|
||||
$ldap = new LDAPEngine();
|
||||
|
||||
if( $ldap->connect() ) {
|
||||
|
||||
// Get user DN
|
||||
// For AD it could be of the form of 'user@domain' or standard LDAP dn
|
||||
$dn = $ldap->getUserDN($login);
|
||||
@ -184,7 +182,6 @@ class Auth {
|
||||
break;
|
||||
|
||||
case "sql":
|
||||
|
||||
// Include DBAuth class
|
||||
include_once('DBAuth.class.php');
|
||||
|
||||
@ -222,7 +219,6 @@ class Auth {
|
||||
break;
|
||||
|
||||
case "imap":
|
||||
|
||||
// Include IMAPAuth class
|
||||
include_once('IMAPAuth.class.php');
|
||||
|
||||
@ -241,7 +237,8 @@ class Auth {
|
||||
break;
|
||||
|
||||
default:
|
||||
CmnFns::do_error_box(translate('Unknown server type'), '', false);
|
||||
CmnFns::do_error_box(translate('Unknown server type'), '', false);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -250,7 +247,6 @@ class Auth {
|
||||
CmnFns::write_log('Authentication failed' . ', ' . $msg, $login);
|
||||
return translate($msg);
|
||||
} else {
|
||||
|
||||
$this->is_loggedin = true;
|
||||
CmnFns::write_log('Authentication successful', $login);
|
||||
|
||||
@ -303,7 +299,6 @@ class Auth {
|
||||
}
|
||||
|
||||
function isAllowedToLogin( $username ) {
|
||||
|
||||
global $conf;
|
||||
|
||||
// If not defined or set to false, $username is allowed to log in
|
||||
@ -317,7 +312,6 @@ class Auth {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Log the user out of the system
|
||||
* @param none
|
||||
|
@ -47,7 +47,6 @@ include_once('Pager.class.php');
|
||||
* Provides functions common to most pages
|
||||
*/
|
||||
class CmnFns {
|
||||
|
||||
/**
|
||||
* Convert minutes to hours
|
||||
* @param double $time time to convert in minutes
|
||||
@ -63,13 +62,13 @@ class CmnFns {
|
||||
$hour = intval($time / 60);
|
||||
$min = $time % 60;
|
||||
if ($conf['app']['timeFormat'] == 24) {
|
||||
$a = ''; // AM/PM does not exist
|
||||
$a = ''; // AM/PM does not exist
|
||||
if ($hour < 10) $hour = '0' . $hour;
|
||||
}
|
||||
else {
|
||||
$a = ($hour < 12 || $hour == 24) ? translate('am') : translate('pm'); // Set am/pm
|
||||
if ($hour > 12) $hour = $hour - 12; // Take out of 24hr clock
|
||||
if ($hour == 0) $hour = 12; // Don't show 0hr, show 12 am
|
||||
$a = ($hour < 12 || $hour == 24) ? translate('am') : translate('pm'); // Set am/pm
|
||||
if ($hour > 12) $hour = $hour - 12; // Take out of 24hr clock
|
||||
if ($hour == 0) $hour = 12; // Don't show 0hr, show 12 am
|
||||
}
|
||||
// Set proper minutes (the same for 12/24 format)
|
||||
if ($min < 10) $min = 0 . $min;
|
||||
@ -83,7 +82,6 @@ class CmnFns {
|
||||
* @return int timestamp
|
||||
*/
|
||||
function formatDateISO($date) {
|
||||
|
||||
$time = strtotime($date);
|
||||
return $time;
|
||||
}
|
||||
@ -101,7 +99,6 @@ class CmnFns {
|
||||
return strftime($format, $date);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Convert UNIX timestamp to datetime format
|
||||
* @param string $ts MySQL timestamp
|
||||
@ -117,7 +114,6 @@ class CmnFns {
|
||||
return strftime($format, $ts);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Convert minutes to hours/minutes
|
||||
* @param int $minutes minutes to convert
|
||||
@ -143,7 +139,6 @@ class CmnFns {
|
||||
return (strrpos($uri, '/') === false) ? $uri : substr($uri, 0, strlen($uri));
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Prints an error message box and kills the app
|
||||
* @param string $msg error message to print
|
||||
@ -201,12 +196,12 @@ class CmnFns {
|
||||
* @return array of cleaned up POST values
|
||||
*/
|
||||
function cleanPostVals() {
|
||||
$return = array();
|
||||
$rval = array();
|
||||
|
||||
foreach ($_POST as $key => $val)
|
||||
$return[$key] = stripslashes(trim($val));
|
||||
$rval[$key] = stripslashes(trim($val));
|
||||
|
||||
return $return;
|
||||
return $rval;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -215,12 +210,12 @@ class CmnFns {
|
||||
* @return array of cleaned up data
|
||||
*/
|
||||
function cleanVals($data) {
|
||||
$return = array();
|
||||
$rval = array();
|
||||
|
||||
foreach ($data as $key => $val)
|
||||
$return[$key] = stripslashes($val);
|
||||
$rval[$key] = stripslashes($val);
|
||||
|
||||
return $return;
|
||||
return $rval;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -236,10 +231,10 @@ class CmnFns {
|
||||
switch($vert) {
|
||||
case 'DESC';
|
||||
case 'ASC';
|
||||
break;
|
||||
break;
|
||||
default :
|
||||
$vert = 'DESC';
|
||||
break;
|
||||
break;
|
||||
}
|
||||
|
||||
return $vert;
|
||||
@ -267,7 +262,6 @@ class CmnFns {
|
||||
return $order;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Opposite of php's nl2br function.
|
||||
* Subs in a newline for all brs
|
||||
@ -290,27 +284,27 @@ class CmnFns {
|
||||
$file = $conf['app']['logfile'];
|
||||
$values = '';
|
||||
|
||||
if (!$conf['app']['use_log']) // Return if we aren't going to log
|
||||
if (!$conf['app']['use_log']) // Return if we aren't going to log
|
||||
return;
|
||||
|
||||
if (empty($ip))
|
||||
$ip = $_SERVER['REMOTE_ADDR'];
|
||||
|
||||
clearstatcache(); // Clear cached results
|
||||
clearstatcache(); // Clear cached results
|
||||
|
||||
if (!is_dir(dirname($file)))
|
||||
mkdir(dirname($file), 0777); // Create the directory
|
||||
mkdir(dirname($file), 0777); // Create the directory
|
||||
|
||||
if (!touch($file))
|
||||
return; // Return if we cant touch the file
|
||||
return; // Return if we cant touch the file
|
||||
|
||||
if (!$fp = fopen($file, 'a'))
|
||||
return; // Return if the fopen fails
|
||||
return; // Return if the fopen fails
|
||||
|
||||
flock($fp, LOCK_EX); // Lock file for writing
|
||||
flock($fp, LOCK_EX); // Lock file for writing
|
||||
if (!fwrite($fp, '[' . date('D, d M Y H:i:s') . ']' . $delim . $ip . $delim . $userid . $delim . $string . "\r\n")) // Write log entry
|
||||
return; // Return if we cant write to the file
|
||||
flock($fp, LOCK_UN); // Unlock file
|
||||
flock($fp, LOCK_UN); // Unlock file
|
||||
fclose($fp);
|
||||
}
|
||||
|
||||
@ -382,7 +376,6 @@ class CmnFns {
|
||||
return $str;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Verifies current page number and returns value
|
||||
* @param integer $page value of current page number
|
||||
@ -515,7 +508,6 @@ class CmnFns {
|
||||
?>
|
||||
<table border=0 width="100%">
|
||||
<form action="<?php echo $submit_page ?>" method="get" name="quarantine">
|
||||
|
||||
<tr><td colspan=2 align="center"><?php echo translate('Search for messages whose:'); ?> </td></tr>
|
||||
<tr><td align="right">
|
||||
<?php
|
||||
@ -645,7 +637,6 @@ class CmnFns {
|
||||
return $result;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* Search for the var $name in $_SESSION, $_POST, $_GET,
|
||||
* $_SERVER and set it in provided var.
|
||||
@ -668,36 +659,30 @@ class CmnFns {
|
||||
* @return value of var
|
||||
*/
|
||||
function getGlobalVar($name, $search = INORDER) {
|
||||
|
||||
switch ($search) {
|
||||
|
||||
/* we want the default case to be first here,
|
||||
so that if a valid value isn't specified,
|
||||
all four arrays will be searched. */
|
||||
default:
|
||||
|
||||
case INORDER: // check session, post, get
|
||||
|
||||
case SESSION:
|
||||
if( isset($_SESSION[$name]) )
|
||||
return $_SESSION[$name];
|
||||
elseif ( $search == SESSION )
|
||||
break;
|
||||
|
||||
// fall through
|
||||
case FORM: // check post, get
|
||||
|
||||
case POST:
|
||||
if( isset($_POST[$name]) )
|
||||
return $_POST[$name];
|
||||
elseif ( $search == POST )
|
||||
break;
|
||||
|
||||
// fall through
|
||||
case GET:
|
||||
if( isset($_GET[$name]) )
|
||||
return $_GET[$name];
|
||||
/* For INORDER case, exit after GET */
|
||||
break;
|
||||
|
||||
case SERVER:
|
||||
if( isset($_SERVER[$name]) )
|
||||
return $_SERVER[$name];
|
||||
@ -711,9 +696,9 @@ class CmnFns {
|
||||
* @param $location string
|
||||
*/
|
||||
function redirect_js($location) {
|
||||
echo "<SCRIPT LANGUAGE=\"JavaScript\">";
|
||||
echo "parent.location.href = '" . $location . "';";
|
||||
echo "</SCRIPT>";
|
||||
echo "<SCRIPT LANGUAGE=\"JavaScript\">";
|
||||
echo "parent.location.href = '" . $location . "';";
|
||||
echo "</SCRIPT>";
|
||||
}
|
||||
|
||||
|
||||
@ -729,11 +714,11 @@ class CmnFns {
|
||||
|
||||
?>
|
||||
<table border=0 width="100%">
|
||||
<form action="<? echo $submit_page ?>" method="get" name="wblist">
|
||||
<form action="<?php echo $submit_page ?>" method="get" name="wblist">
|
||||
|
||||
<tr><td colspan=2 align="center"><? echo translate('Search for rules whose:'); ?> </td></tr>
|
||||
<tr><td colspan=2 align="center"><?php echo translate('Search for rules whose:'); ?> </td></tr>
|
||||
<tr><td align="right">
|
||||
<?
|
||||
<?php
|
||||
$i = 1;
|
||||
$array_size = count($fields_array);
|
||||
foreach ($fields_array as $k => $name) {
|
||||
@ -761,14 +746,14 @@ class CmnFns {
|
||||
$i ++;
|
||||
echo ($i % 2) ? " </td></tr>\n\t\t\t<tr><td colspan='2' align='center'> \n" : " </td><td align='left'> ";
|
||||
?>
|
||||
<input type="submit" class="button" name="search_action" value="<? echo translate('Search'); ?>" />
|
||||
<? if (CmnFns::didSearch())
|
||||
<input type="submit" class="button" name="search_action" value="<?php echo translate('Search'); ?>" />
|
||||
<?php if (CmnFns::didSearch())
|
||||
echo "<input type=\"submit\" class=\"button\" name=\"search_action\" value=\"" . translate('Clear search results') . "\" />";
|
||||
?>
|
||||
</td></tr>
|
||||
</form>
|
||||
</table>
|
||||
<?
|
||||
<?php
|
||||
|
||||
}
|
||||
|
||||
|
@ -35,7 +35,6 @@ else {
|
||||
* Provide all database access/manipulation functionality for SQL Auth
|
||||
*/
|
||||
class DBAuth {
|
||||
|
||||
// Reference to the database object
|
||||
var $db;
|
||||
|
||||
@ -107,7 +106,6 @@ class DBAuth {
|
||||
* @param none
|
||||
*/
|
||||
function db_connect() {
|
||||
|
||||
/***********************************************************
|
||||
/ This uses PEAR::DB
|
||||
/ See http://www.pear.php.net/manual/en/package.database.php#package.database.db
|
||||
@ -145,7 +143,6 @@ class DBAuth {
|
||||
* @return boolean
|
||||
*/
|
||||
function authUser($username, $password) {
|
||||
|
||||
if ( $this->isMd5 )
|
||||
$password = md5( $password );
|
||||
|
||||
@ -171,7 +168,6 @@ class DBAuth {
|
||||
$this->err_msg = translate('There are no records in the table.');
|
||||
return false;
|
||||
} else {
|
||||
|
||||
// Fetch the first row of data
|
||||
$rs = $this->cleanRow($result->fetchRow());
|
||||
|
||||
@ -198,7 +194,6 @@ class DBAuth {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Strips out slashes for all data in the return row
|
||||
* - THIS MUST ONLY BE ONE ROW OF DATA -
|
||||
@ -206,11 +201,11 @@ class DBAuth {
|
||||
* @return array with same key => value pairs (except slashes)
|
||||
*/
|
||||
function cleanRow($data) {
|
||||
$return = array();
|
||||
$rval = array();
|
||||
|
||||
foreach ($data as $key => $val)
|
||||
$return[$key] = stripslashes($val);
|
||||
return $return;
|
||||
$rval[$key] = stripslashes($val);
|
||||
return $rval;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -229,12 +224,12 @@ class DBAuth {
|
||||
* @return array containing user information
|
||||
*/
|
||||
function getUserData() {
|
||||
$return = array(
|
||||
$rval = array(
|
||||
'logonName' => $this->logonName,
|
||||
'firstName' => $this->firstName,
|
||||
'emailAddress' => $this->emailAddress
|
||||
);
|
||||
return $return;
|
||||
return $rval;
|
||||
}
|
||||
//mysql_crypt - shamelessly stolen from php.net docs
|
||||
|
||||
|
@ -43,7 +43,6 @@ else {
|
||||
* Provide all database access/manipulation functionality
|
||||
*/
|
||||
class DBEngine {
|
||||
|
||||
// Reference to the database object
|
||||
var $db;
|
||||
|
||||
@ -85,7 +84,6 @@ class DBEngine {
|
||||
* @global $conf
|
||||
*/
|
||||
function db_connect() {
|
||||
|
||||
/***********************************************************
|
||||
/ This uses PEAR::DB
|
||||
/ See http://www.pear.php.net/manual/en/package.database.php#package.database.db
|
||||
@ -121,7 +119,7 @@ class DBEngine {
|
||||
|
||||
global $conf;
|
||||
|
||||
$return = array();
|
||||
$rval = array();
|
||||
$total = array( 'spam' => 0, 'banned' => 0, 'virus' => 0, 'header' => 0, 'pending' => 0, 'total' => 0);
|
||||
|
||||
$query = "SELECT date,
|
||||
@ -199,7 +197,7 @@ class DBEngine {
|
||||
$timestamp = CmnFns::formatDateISO($rs['date']);
|
||||
$date = CmnFns::formatDate($timestamp);
|
||||
$totalthisdate = $rs['spam'] + $rs['banned'] + $rs['viruses'] + $rs['badheaders'] + $rs['pending'];
|
||||
$return[$date] = array('spam' => $rs['spam'],
|
||||
$rval[$date] = array('spam' => $rs['spam'],
|
||||
'banned' => $rs['banned'],
|
||||
'virus' => $rs['viruses'],
|
||||
'header' => $rs['badheaders'],
|
||||
@ -208,16 +206,16 @@ class DBEngine {
|
||||
}
|
||||
|
||||
// Total the data
|
||||
foreach ($return as $date => $typearray) {
|
||||
foreach ($rval as $date => $typearray) {
|
||||
foreach ($typearray as $type => $count) {
|
||||
$total[$type] += $count;
|
||||
}
|
||||
}
|
||||
|
||||
$return['Total'] = $total;
|
||||
$rval['Total'] = $total;
|
||||
$result->free();
|
||||
|
||||
return $return;
|
||||
return $rval;
|
||||
}
|
||||
|
||||
// User methods -------------------------------------------
|
||||
@ -231,7 +229,7 @@ class DBEngine {
|
||||
|
||||
global $conf;
|
||||
|
||||
$return = array();
|
||||
$rval = array();
|
||||
$total = array('spam' => 0, 'banned' => 0, 'virus' => 0, 'header' => 0, 'pending' => 0, 'total' => 0);
|
||||
|
||||
// Get where clause for recipient email address(es)
|
||||
@ -325,7 +323,7 @@ class DBEngine {
|
||||
$timestamp = CmnFns::formatDateISO($rs['date']);
|
||||
$date = CmnFns::formatDate($timestamp);
|
||||
$totalthisdate = $rs['spam'] + $rs['banned'] + $rs['viruses'] + $rs['badheaders'] + $rs['pending'];
|
||||
$return[$date] = array('spam' => $rs['spam'],
|
||||
$rval[$date] = array('spam' => $rs['spam'],
|
||||
'banned' => $rs['banned'],
|
||||
'virus' => $rs['viruses'],
|
||||
'header' => $rs['badheaders'],
|
||||
@ -334,16 +332,16 @@ class DBEngine {
|
||||
}
|
||||
|
||||
// Total the data
|
||||
foreach ($return as $date => $typearray) {
|
||||
foreach ($rval as $date => $typearray) {
|
||||
foreach ($typearray as $type => $count) {
|
||||
$total[$type] += $count;
|
||||
}
|
||||
}
|
||||
|
||||
$return['Total'] = $total;
|
||||
$rval['Total'] = $total;
|
||||
$result->free();
|
||||
|
||||
return $return;
|
||||
return $rval;
|
||||
}
|
||||
|
||||
|
||||
@ -375,7 +373,7 @@ class DBEngine {
|
||||
$sizeLimit = isset ( $conf['app']['displaySizeLimit'] ) && is_numeric( $conf['app']['displaySizeLimit'] ) ?
|
||||
$conf['app']['displaySizeLimit'] : 50;
|
||||
|
||||
$return = array();
|
||||
$rval = array();
|
||||
|
||||
if (is_array($search_array)) {
|
||||
$search_clause = "";
|
||||
@ -418,20 +416,27 @@ class DBEngine {
|
||||
}
|
||||
}
|
||||
|
||||
$query = "SELECT msgs.time_num, msgs.from_addr,
|
||||
msgs.mail_id, msgs.subject, msgs.spam_level, msgs.content,
|
||||
msgrcpt.rs, msgs.quar_type, recip.email
|
||||
$query = "SELECT
|
||||
msgs.time_num,
|
||||
msgs.from_addr,
|
||||
msgs.mail_id,
|
||||
msgs.subject,
|
||||
msgs.spam_level,
|
||||
msgs.content,
|
||||
msgrcpt.rs,
|
||||
msgs.quar_type,
|
||||
recip.email
|
||||
FROM msgs
|
||||
INNER JOIN msgrcpt ON msgs.mail_id=msgrcpt.mail_id
|
||||
$join_type maddr AS sender ON msgs.sid=sender.id
|
||||
$join_type maddr AS recip ON msgrcpt.rid=recip.id
|
||||
INNER JOIN msgrcpt ON msgs.mail_id = msgrcpt.mail_id
|
||||
$join_type maddr AS sender ON msgs.sid = sender.id
|
||||
$join_type maddr AS recip ON msgrcpt.rid = recip.id
|
||||
WHERE $type_clause"
|
||||
// Only check against the email address when not admin
|
||||
. ($msgs_all ? ' ' : $emailaddr_clause)
|
||||
. " $rs_clause
|
||||
$search_clause
|
||||
AND msgs.quar_type <> ''
|
||||
ORDER BY $order $vert ";
|
||||
$search_clause
|
||||
AND msgs.quar_type <> ''
|
||||
ORDER BY $order $vert ";
|
||||
|
||||
// Prepare query
|
||||
$q = $this->db->prepare($query);
|
||||
@ -456,7 +461,7 @@ class DBEngine {
|
||||
|
||||
if ( $get_all ) {
|
||||
while ($rs = $result->fetchRow()) {
|
||||
$return[] = $this->cleanRow($rs);
|
||||
$rval[] = $this->cleanRow($rs);
|
||||
}
|
||||
} else {
|
||||
// the row to start fetching
|
||||
@ -469,13 +474,13 @@ class DBEngine {
|
||||
if (!$row = $result->fetchrow(DB_FETCHMODE_ASSOC, $rownum)) {
|
||||
break;
|
||||
}
|
||||
$return[] = $this->cleanRow($row);
|
||||
$rval[] = $this->cleanRow($row);
|
||||
}
|
||||
}
|
||||
|
||||
$result->free();
|
||||
|
||||
return $return;
|
||||
return $rval;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -486,7 +491,6 @@ class DBEngine {
|
||||
* @return array of message(s)
|
||||
*/
|
||||
function get_message($emailaddress, $mail_id) {
|
||||
|
||||
global $conf;
|
||||
|
||||
# MySQL seems to run faster with a LEFT JOIN
|
||||
@ -498,7 +502,7 @@ class DBEngine {
|
||||
|
||||
$recipEmailClause = $this->convertEmailaddresses2SQL($emailaddress);
|
||||
|
||||
$return = array();
|
||||
$rval = array();
|
||||
|
||||
$query = 'SELECT msgs.time_num, msgs.secret_id, msgs.subject, msgs.from_addr, msgs.spam_level,'
|
||||
. ' msgrcpt.rs, recip.email, msgs.host, msgs.content, msgs.quar_type, msgs.quar_loc'
|
||||
@ -522,12 +526,12 @@ class DBEngine {
|
||||
return NULL;
|
||||
}
|
||||
while ($rs = $result->fetchRow()) {
|
||||
$return[] = $this->cleanRow($rs);
|
||||
$rval[] = $this->cleanRow($rs);
|
||||
}
|
||||
|
||||
$result->free();
|
||||
|
||||
return $return;
|
||||
return $rval;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -539,7 +543,6 @@ class DBEngine {
|
||||
* @return array of message(s)
|
||||
*/
|
||||
function update_msgrcpt_rs($mail_id, $mail_rcpt, $flag) {
|
||||
|
||||
// If its a pending message, do not set the rs flag to 'v'
|
||||
$cur_msg_array = $this->get_message($mail_rcpt, $mail_id);
|
||||
$msg_status = $cur_msg_array[0];
|
||||
@ -561,7 +564,6 @@ class DBEngine {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Function that returns number of entries for logged in user
|
||||
* where RS flag is equal to $flag
|
||||
@ -570,7 +572,6 @@ class DBEngine {
|
||||
* @return number of message(s)
|
||||
*/
|
||||
function get_count_rs($emailaddresses, $flag) {
|
||||
|
||||
// Get where clause for recipient email address(es)
|
||||
$emailaddr_clause = $this->convertEmailaddresses2SQL($emailaddresses);
|
||||
if ( $emailaddr_clause != '' )
|
||||
@ -617,7 +618,6 @@ class DBEngine {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (Auth::isMailAdmin()) {
|
||||
$values = array($mail_id);
|
||||
$query = 'SELECT' . $mail_text_column . ' FROM quarantine ' .
|
||||
@ -640,14 +640,14 @@ class DBEngine {
|
||||
if ($result->numRows() <= 0){
|
||||
return false;
|
||||
}
|
||||
$return = "";
|
||||
$rval = "";
|
||||
while ($rs = $result->fetchRow()) {
|
||||
$return .= $rs['mail_text'];
|
||||
$rval .= $rs['mail_text'];
|
||||
}
|
||||
|
||||
$result->free();
|
||||
|
||||
return $return;
|
||||
return $rval;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -681,11 +681,11 @@ class DBEngine {
|
||||
* @return array with same key => value pairs (except slashes)
|
||||
*/
|
||||
function cleanRow($data) {
|
||||
$return = array();
|
||||
$rval = array();
|
||||
|
||||
foreach ($data as $key => $val)
|
||||
$return[$key] = stripslashes($val);
|
||||
return $return;
|
||||
$rval[$key] = stripslashes($val);
|
||||
return $rval;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -705,11 +705,9 @@ class DBEngine {
|
||||
* @return array containing SQL code
|
||||
*/
|
||||
function convertSearch2SQL($field, $criterion, $string) {
|
||||
|
||||
$result = array();
|
||||
|
||||
if ( $string != '' ) {
|
||||
|
||||
switch ($criterion) {
|
||||
case "contains":
|
||||
$search_clause = "(" . $field . " LIKE '%" . $string . "%')" ;
|
||||
@ -728,7 +726,6 @@ class DBEngine {
|
||||
}
|
||||
array_push($result, $search_clause);
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
@ -796,8 +793,8 @@ class DBEngine {
|
||||
$this->check_for_error($result, $query);
|
||||
|
||||
if ($result->numRows() == 1) {
|
||||
$return = $result->fetchRow();
|
||||
return $return['id'];
|
||||
$rval = $result->fetchRow();
|
||||
return $rval['id'];
|
||||
} else if ($result->numRows() == 0
|
||||
&& strpos($recip_email,"@")) {
|
||||
|
||||
@ -927,7 +924,7 @@ class DBEngine {
|
||||
|
||||
function get_user_control_list( $emailaddresses, $order = 'sender', $vert = 'ASC', $search_array, $page, $all = false) {
|
||||
global $conf;
|
||||
$return = Array();
|
||||
$rval = Array();
|
||||
|
||||
// grab the display size limit set in config.php
|
||||
$sizeLimit = (isset ( $conf['app']['displaySizeLimit'] ) && is_numeric( $conf['app']['displaySizeLimit'] ) ?
|
||||
@ -980,13 +977,13 @@ class DBEngine {
|
||||
if (!$row = $result->fetchrow(DB_FETCHMODE_ASSOC, $rownum)) {
|
||||
break;
|
||||
}
|
||||
$return[] = $this->cleanRow($row);
|
||||
$rval[] = $this->cleanRow($row);
|
||||
}
|
||||
|
||||
|
||||
$result->free();
|
||||
|
||||
return $return;
|
||||
return $rval;
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -21,7 +21,6 @@ include_once('lib/CmnFns.class.php');
|
||||
* Provide all database access/manipulation functionality for Exchange Auth
|
||||
*/
|
||||
class ExchAuth {
|
||||
|
||||
// The exchange hostname with port (hostname[:port])
|
||||
var $exchHost;
|
||||
// The exchange LDAP URI (ldap://hostname[:port])
|
||||
@ -56,7 +55,6 @@ class ExchAuth {
|
||||
* @return boolean
|
||||
*/
|
||||
function authUser($username, $password, $domain) {
|
||||
|
||||
$fulluser = $domain.'/'.$username;
|
||||
$mbox = imap_open('{'.$this->exchHost.'/imap}Inbox', $fulluser, $password);
|
||||
if ($mbox === false) {
|
||||
@ -121,6 +119,5 @@ class ExchAuth {
|
||||
);
|
||||
return $return;
|
||||
}
|
||||
|
||||
}
|
||||
?>
|
||||
|
@ -21,7 +21,6 @@ include_once('lib/CmnFns.class.php');
|
||||
* Provide all database access/manipulation functionality for IMAP Auth
|
||||
*/
|
||||
class IMAPAuth {
|
||||
|
||||
// The IMAP hosts with port (hostname[:port])
|
||||
var $imapHosts;
|
||||
// IMAP authentication type
|
||||
@ -60,7 +59,6 @@ class IMAPAuth {
|
||||
$this->imapUsername = $username;
|
||||
|
||||
foreach ($this->imapHosts as $host) { // Try each host in turn
|
||||
|
||||
$host = trim($host);
|
||||
|
||||
switch ($this->imapType) {
|
||||
@ -109,16 +107,12 @@ class IMAPAuth {
|
||||
* @return array containing user information
|
||||
*/
|
||||
function getUserData() {
|
||||
$return = array(
|
||||
$rval = array(
|
||||
'logonName' => $this->imapUsername,
|
||||
'firstName' => $this->imapUsername,
|
||||
'emailAddress' => array( $this->imapUsername.
|
||||
( empty($this->imapDomainName) ? '' :
|
||||
'@'. $this->imapDomainName )
|
||||
)
|
||||
'emailAddress' => array($this->imapUsername.(empty($this->imapDomainName) ? '' : '@'. $this->imapDomainName))
|
||||
);
|
||||
return $return;
|
||||
return $rval;
|
||||
}
|
||||
|
||||
}
|
||||
?>
|
||||
|
@ -17,9 +17,7 @@
|
||||
*/
|
||||
include_once('lib/CmnFns.class.php');
|
||||
|
||||
|
||||
class LDAPEngine {
|
||||
|
||||
// The directory server, tested with OpenLDAP and Active Directory
|
||||
var $serverType;
|
||||
|
||||
@ -89,7 +87,6 @@ class LDAPEngine {
|
||||
// The user's mail address ($mailAttr value)
|
||||
var $emailAddress;
|
||||
|
||||
|
||||
/**
|
||||
* LDAPEngine constructor to initialize object
|
||||
*/
|
||||
@ -140,7 +137,6 @@ class LDAPEngine {
|
||||
* @param none
|
||||
*/
|
||||
function connect() {
|
||||
|
||||
foreach ($this->hosts as $host) {
|
||||
$ldap_url = ( $this->ssl ? "ldaps://".$host : $host );
|
||||
$this->connection = ldap_connect($ldap_url);
|
||||
@ -218,7 +214,6 @@ class LDAPEngine {
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// User methods -------------------------------------------
|
||||
|
||||
/**
|
||||
@ -282,7 +277,6 @@ class LDAPEngine {
|
||||
* @return array
|
||||
*/
|
||||
function searchUserDN($searchFilter) {
|
||||
|
||||
switch ($this->serverType) {
|
||||
case "ldap":
|
||||
if ( $this->searchUser != '' ) {
|
||||
@ -318,14 +312,12 @@ class LDAPEngine {
|
||||
return $dn;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Queries LDAP for user information
|
||||
* @param string $dn
|
||||
* @return boolean indicating success or failure
|
||||
*/
|
||||
function loadUserData($dn) {
|
||||
|
||||
$this->emailAddress = array();
|
||||
|
||||
// We are instered in getting just the user's first name and his/her mail attribute(s)
|
||||
@ -385,12 +377,12 @@ class LDAPEngine {
|
||||
* @return array containing user information
|
||||
*/
|
||||
function getUserData() {
|
||||
$return = array(
|
||||
$rval = array(
|
||||
'logonName' => $this->logonName,
|
||||
'firstName' => $this->firstName,
|
||||
'emailAddress' => $this->emailAddress
|
||||
);
|
||||
return $return;
|
||||
return $rval;
|
||||
}
|
||||
|
||||
|
||||
|
@ -98,7 +98,6 @@ class Link {
|
||||
|
||||
//=============================================
|
||||
|
||||
|
||||
//---------------------------------------------
|
||||
// Getter functions
|
||||
//---------------------------------------------
|
||||
@ -160,7 +159,6 @@ class Link {
|
||||
|
||||
//=============================================
|
||||
|
||||
|
||||
/**
|
||||
* Print out a link without creating a new Link object
|
||||
* @param string $url url to link to
|
||||
|
@ -20,13 +20,12 @@ include_once('lib/CmnFns.class.php');
|
||||
* Pear::DB
|
||||
*/
|
||||
if ($GLOBALS['conf']['app']['safeMode']) {
|
||||
ini_set('include_path', ( dirname(__FILE__) . '/pear/' . PATH_SEPARATOR . ini_get('include_path') ));
|
||||
include_once('pear/PEAR.php');
|
||||
include_once('pear/Mail/mimeDecode.php');
|
||||
}
|
||||
else {
|
||||
include_once 'PEAR.php';
|
||||
include_once('Mail/mimeDecode.php');
|
||||
ini_set('include_path', ( dirname(__FILE__) . '/pear/' . PATH_SEPARATOR . ini_get('include_path') ));
|
||||
include_once('pear/PEAR.php');
|
||||
include_once('pear/Mail/mimeDecode.php');
|
||||
} else {
|
||||
include_once('PEAR.php');
|
||||
include_once('Mail/mimeDecode.php');
|
||||
}
|
||||
|
||||
/**
|
||||
@ -34,13 +33,12 @@ else {
|
||||
*/
|
||||
|
||||
class MailEngine {
|
||||
|
||||
var $raw; // Raw mail contents
|
||||
var $struct; // The top-level MIME structure
|
||||
var $recipient; // The recipient of the email
|
||||
var $msg_found; // Msg found in database
|
||||
var $msg_error; // Msg has MIME error
|
||||
var $last_error; // PEAR Error Messages
|
||||
var $raw; // Raw mail contents
|
||||
var $struct; // The top-level MIME structure
|
||||
var $recipient; // The recipient of the email
|
||||
var $msg_found; // Msg found in database
|
||||
var $msg_error; // Msg has MIME error
|
||||
var $last_error; // PEAR Error Messages
|
||||
|
||||
/**
|
||||
* MailEngine object constructor
|
||||
@ -49,21 +47,21 @@ class MailEngine {
|
||||
* $return object MailEngine object
|
||||
*/
|
||||
function MailEngine($mail_id, $recip) {
|
||||
$this->recipient = $recip;
|
||||
$this->getRawContent($mail_id);
|
||||
$this->msg_error = false;
|
||||
if ($this->raw) {
|
||||
$this->msg_found = true;
|
||||
$this->struct = $this->getDecodedStruct($this->raw);
|
||||
if (PEAR::isError($this->struct)) {
|
||||
$this->msg_error = true;
|
||||
$this->last_error = $this->struct->getMessage();
|
||||
}
|
||||
} else {
|
||||
$this->msg_found = false;
|
||||
}
|
||||
$this->recipient = $recip;
|
||||
$this->getRawContent($mail_id);
|
||||
$this->msg_error = false;
|
||||
if ($this->raw) {
|
||||
$this->msg_found = true;
|
||||
$this->struct = $this->getDecodedStruct($this->raw);
|
||||
if (PEAR::isError($this->struct)) {
|
||||
$this->msg_error = true;
|
||||
$this->last_error = $this->struct->getMessage();
|
||||
}
|
||||
} else {
|
||||
$this->msg_found = false;
|
||||
}
|
||||
|
||||
return $this->struct;
|
||||
return $this->struct;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -72,12 +70,12 @@ class MailEngine {
|
||||
* $return object Mail_mimeDecode::decode object
|
||||
*/
|
||||
function getDecodedStruct($contents) {
|
||||
$message = new Mail_mimeDecode($contents);
|
||||
$msg_struct = $message->decode( array ( 'include_bodies' => true,
|
||||
'decode_bodies' => true,
|
||||
'decode_headers' => true)
|
||||
);
|
||||
return $msg_struct;
|
||||
$message = new Mail_mimeDecode($contents);
|
||||
$msg_struct = $message->decode( array ( 'include_bodies' => true,
|
||||
'decode_bodies' => true,
|
||||
'decode_headers' => true)
|
||||
);
|
||||
return $msg_struct;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -86,12 +84,13 @@ class MailEngine {
|
||||
* $return string The complete raw email
|
||||
*/
|
||||
function getRawContent($mail_id) {
|
||||
$db = new DBEngine();
|
||||
$this->raw = $db->get_raw_mail($mail_id, $this->recipient);
|
||||
// Mark read
|
||||
$db = new DBEngine();
|
||||
$this->raw = $db->get_raw_mail($mail_id, $this->recipient);
|
||||
|
||||
if (in_array($this->recipient, $_SESSION['sessionMail']) && $this->raw) {
|
||||
$db->update_msgrcpt_rs($mail_id,$this->recipient,'v');
|
||||
}
|
||||
// Mark read
|
||||
if (in_array($this->recipient, $_SESSION['sessionMail']) && $this->raw) {
|
||||
$db->update_msgrcpt_rs($mail_id,$this->recipient,'v');
|
||||
}
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
@ -20,11 +20,10 @@ include_once('lib/CmnFns.class.php');
|
||||
* Pear::DB
|
||||
*/
|
||||
if ($GLOBALS['conf']['app']['safeMode']) {
|
||||
ini_set('include_path', ( dirname(__FILE__) . '/pear/' . PATH_SEPARATOR . ini_get('include_path') ));
|
||||
include_once('pear/Mail/mimeDecode.php');
|
||||
}
|
||||
else {
|
||||
include_once('Mail/mimeDecode.php');
|
||||
ini_set('include_path', ( dirname(__FILE__) . '/pear/' . PATH_SEPARATOR . ini_get('include_path') ));
|
||||
include_once('pear/Mail/mimeDecode.php');
|
||||
} else {
|
||||
include_once('Mail/mimeDecode.php');
|
||||
}
|
||||
|
||||
/**
|
||||
@ -42,10 +41,10 @@ include_once('lib/htmlfilter.php');
|
||||
* $param The mime structure object
|
||||
*/
|
||||
function GetCtype($struct) {
|
||||
$ctype_p = strtolower(trim($struct->ctype_primary));
|
||||
$ctype_s = strtolower(trim($struct->ctype_secondary));
|
||||
$type = $ctype_p . '/' . $ctype_s;
|
||||
return $type;
|
||||
$ctype_p = strtolower(trim($struct->ctype_primary));
|
||||
$ctype_s = strtolower(trim($struct->ctype_secondary));
|
||||
$type = $ctype_p . '/' . $ctype_s;
|
||||
return $type;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -56,71 +55,68 @@ $filelist = array ();
|
||||
$errors = array ();
|
||||
|
||||
function MsgParseBody($struct) {
|
||||
global $filelist;
|
||||
global $errors;
|
||||
$ctype_p = strtolower(trim($struct->ctype_primary));
|
||||
$ctype_s = strtolower(trim($struct->ctype_secondary));
|
||||
|
||||
global $filelist;
|
||||
global $errors;
|
||||
$ctype_p = strtolower(trim($struct->ctype_primary));
|
||||
$ctype_s = strtolower(trim($struct->ctype_secondary));
|
||||
|
||||
switch ($ctype_p) {
|
||||
case "multipart":
|
||||
switch ($ctype_s) {
|
||||
case "alternative":
|
||||
// Handle multipart/alternative parts
|
||||
$alt_entity = FindMultiAlt($struct->parts);
|
||||
// Ignore if we return false NEEDS WORK
|
||||
if ($alt_entity) MsgParseBody($alt_entity);
|
||||
break;
|
||||
case "related":
|
||||
// Handle multipart/related parts
|
||||
$rel_entities = FindMultiRel($struct);
|
||||
foreach ($rel_entities as $ent) {
|
||||
MsgParseBody($ent);
|
||||
}
|
||||
break;
|
||||
default:
|
||||
// Probably multipart/mixed here
|
||||
// Recursively process nested mime entities
|
||||
if ( is_array($struct->parts) || is_object($struct->parts) ) {
|
||||
foreach ($struct->parts as $cur_part) {
|
||||
MsgParseBody($cur_part);
|
||||
}
|
||||
} else {
|
||||
$errors['Invalid or Corrupt MIME Detected.'] = true;
|
||||
}
|
||||
break;
|
||||
}
|
||||
break;
|
||||
case "text":
|
||||
// Do not display attached text types
|
||||
if (property_exists($struct, "d_parameters")) {
|
||||
if ($attachment = $struct->d_parameters['filename'] or $attachment = $struct->d_parameters['name']) {
|
||||
array_push($filelist, $attachment);
|
||||
break;
|
||||
}
|
||||
}
|
||||
switch ($ctype_s) {
|
||||
// Plain text
|
||||
case "plain":
|
||||
MsgBodyPlainText($struct->body);
|
||||
break;
|
||||
// HTML text
|
||||
case "html":
|
||||
MsgBodyHtmlText($struct->body);
|
||||
break;
|
||||
// Text type we do not support
|
||||
default:
|
||||
$errors['Portions of text could not be displayed'] = true;
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
// Save the listed filename or notify the
|
||||
// reader that this mail is not displayed completely
|
||||
$attachment = $struct->d_parameters['filename'];
|
||||
$attachment ? array_push($filelist, $attachment) : $errors['Unsupported MIME objects present'] = true;
|
||||
|
||||
}
|
||||
switch ($ctype_p) {
|
||||
case "multipart":
|
||||
switch ($ctype_s) {
|
||||
case "alternative":
|
||||
// Handle multipart/alternative parts
|
||||
$alt_entity = FindMultiAlt($struct->parts);
|
||||
// Ignore if we return false NEEDS WORK
|
||||
if ($alt_entity) MsgParseBody($alt_entity);
|
||||
break;
|
||||
case "related":
|
||||
// Handle multipart/related parts
|
||||
$rel_entities = FindMultiRel($struct);
|
||||
foreach ($rel_entities as $ent) {
|
||||
MsgParseBody($ent);
|
||||
}
|
||||
break;
|
||||
default:
|
||||
// Probably multipart/mixed here
|
||||
// Recursively process nested mime entities
|
||||
if ( is_array($struct->parts) || is_object($struct->parts) ) {
|
||||
foreach ($struct->parts as $cur_part) {
|
||||
MsgParseBody($cur_part);
|
||||
}
|
||||
} else {
|
||||
$errors['Invalid or Corrupt MIME Detected.'] = true;
|
||||
}
|
||||
break;
|
||||
}
|
||||
break;
|
||||
case "text":
|
||||
// Do not display attached text types
|
||||
if (property_exists($struct, "d_parameters")) {
|
||||
if ($attachment = $struct->d_parameters['filename'] or $attachment = $struct->d_parameters['name']) {
|
||||
array_push($filelist, $attachment);
|
||||
break;
|
||||
}
|
||||
}
|
||||
switch ($ctype_s) {
|
||||
// Plain text
|
||||
case "plain":
|
||||
MsgBodyPlainText($struct->body);
|
||||
break;
|
||||
// HTML text
|
||||
case "html":
|
||||
MsgBodyHtmlText($struct->body);
|
||||
break;
|
||||
// Text type we do not support
|
||||
default:
|
||||
$errors['Portions of text could not be displayed'] = true;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
// Save the listed filename or notify the
|
||||
// reader that this mail is not displayed completely
|
||||
$attachment = $struct->d_parameters['filename'];
|
||||
$attachment ? array_push($filelist, $attachment) : $errors['Unsupported MIME objects present'] = true;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@ -130,29 +126,29 @@ function MsgParseBody($struct) {
|
||||
* $return Single MIME entity
|
||||
*/
|
||||
function FindMultiAlt($parts) {
|
||||
$alt_pref = array ('text/plain', 'text/html');
|
||||
$best_view = 0;
|
||||
// Bad Headers sometimes have invalid MIME....
|
||||
if ( is_array($parts) || is_object($parts) ) {
|
||||
foreach ($parts as $cur_part) {
|
||||
$type = GetCtype($cur_part);
|
||||
if ($type == 'multipart/related') {
|
||||
$type = $cur_part->d_parameters['type'];
|
||||
// Mozilla bug. Mozilla does not provide the parameter type.
|
||||
if (!$type) $type = 'text/html';
|
||||
}
|
||||
$altCount = count($alt_pref);
|
||||
for ($j = $best_view; $j < $altCount; ++$j) {
|
||||
if (($alt_pref[$j] == $type) && ($j >= $best_view)) {
|
||||
$best_view = $j;
|
||||
$struct = $cur_part;
|
||||
}
|
||||
}
|
||||
}
|
||||
return $struct;
|
||||
} else {
|
||||
$errors['Invalid or Corrupt MIME Detected.'] = true;
|
||||
}
|
||||
$alt_pref = array ('text/plain', 'text/html');
|
||||
$best_view = 0;
|
||||
// Bad Headers sometimes have invalid MIME....
|
||||
if ( is_array($parts) || is_object($parts) ) {
|
||||
foreach ($parts as $cur_part) {
|
||||
$type = GetCtype($cur_part);
|
||||
if ($type == 'multipart/related') {
|
||||
$type = $cur_part->d_parameters['type'];
|
||||
// Mozilla bug. Mozilla does not provide the parameter type.
|
||||
if (!$type) $type = 'text/html';
|
||||
}
|
||||
$altCount = count($alt_pref);
|
||||
for ($j = $best_view; $j < $altCount; ++$j) {
|
||||
if (($alt_pref[$j] == $type) && ($j >= $best_view)) {
|
||||
$best_view = $j;
|
||||
$struct = $cur_part;
|
||||
}
|
||||
}
|
||||
}
|
||||
return $struct;
|
||||
} else {
|
||||
$errors['Invalid or Corrupt MIME Detected.'] = true;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@ -162,155 +158,151 @@ function FindMultiAlt($parts) {
|
||||
* @return List of MIME entities
|
||||
*/
|
||||
function FindMultiRel($struct) {
|
||||
$entities = array();
|
||||
$type = $struct->d_parameters['type'];
|
||||
// Mozilla bug. Mozilla does not provide the parameter type.
|
||||
if (!$type) $type = 'text/html';
|
||||
// Bad Headers sometimes have invalid MIME....
|
||||
if ( is_array($struct->parts) || is_object($struct->parts) ) {
|
||||
foreach ($struct->parts as $part) {
|
||||
if (GetCtype($part) == $type || GetCtype($part) == "multipart/alternative") {
|
||||
array_push($entities,$part);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$errors['Invalid or Corrupt MIME Detected.'] = true;
|
||||
}
|
||||
return $entities;
|
||||
$entities = array();
|
||||
$type = $struct->d_parameters['type'];
|
||||
// Mozilla bug. Mozilla does not provide the parameter type.
|
||||
if (!$type) $type = 'text/html';
|
||||
// Bad Headers sometimes have invalid MIME....
|
||||
if ( is_array($struct->parts) || is_object($struct->parts) ) {
|
||||
foreach ($struct->parts as $part) {
|
||||
if (GetCtype($part) == $type || GetCtype($part) == "multipart/alternative") {
|
||||
array_push($entities,$part);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$errors['Invalid or Corrupt MIME Detected.'] = true;
|
||||
}
|
||||
return $entities;
|
||||
}
|
||||
|
||||
// Wrapper script for htmlfilter. Settings taken
|
||||
// from SquirrelMail
|
||||
function sanitizeHTML($body) {
|
||||
if (isset($_COOKIE['lang']) &&
|
||||
file_exists("img/".substr($_COOKIE['lang'],0,2).".blocked_img.png")) {
|
||||
$secremoveimg = "img/".substr($_COOKIE['lang'],0,2).".blocked_img.png";
|
||||
} else {
|
||||
$secremoveimg = "img/blocked_img.png";
|
||||
}
|
||||
$tag_list = Array(
|
||||
false,
|
||||
"object",
|
||||
"meta",
|
||||
"html",
|
||||
"head",
|
||||
"base",
|
||||
"link",
|
||||
"frame",
|
||||
"iframe",
|
||||
"plaintext",
|
||||
"marquee"
|
||||
);
|
||||
if (isset($_COOKIE['lang']) && file_exists("img/".substr($_COOKIE['lang'],0,2).".blocked_img.png")) {
|
||||
$secremoveimg = "img/".substr($_COOKIE['lang'],0,2).".blocked_img.png";
|
||||
} else {
|
||||
$secremoveimg = "img/blocked_img.png";
|
||||
}
|
||||
$tag_list = Array(
|
||||
false,
|
||||
"object",
|
||||
"meta",
|
||||
"html",
|
||||
"head",
|
||||
"base",
|
||||
"link",
|
||||
"frame",
|
||||
"iframe",
|
||||
"plaintext",
|
||||
"marquee"
|
||||
);
|
||||
|
||||
$rm_tags_with_content = Array(
|
||||
"script",
|
||||
"applet",
|
||||
"embed",
|
||||
"title",
|
||||
"frameset",
|
||||
"xml",
|
||||
"style"
|
||||
);
|
||||
$rm_tags_with_content = Array(
|
||||
"script",
|
||||
"applet",
|
||||
"embed",
|
||||
"title",
|
||||
"frameset",
|
||||
"xml",
|
||||
"style"
|
||||
);
|
||||
|
||||
$self_closing_tags = Array(
|
||||
"img",
|
||||
"br",
|
||||
"hr",
|
||||
"input"
|
||||
);
|
||||
$self_closing_tags = Array(
|
||||
"img",
|
||||
"br",
|
||||
"hr",
|
||||
"input"
|
||||
);
|
||||
|
||||
$force_tag_closing = true;
|
||||
$force_tag_closing = true;
|
||||
|
||||
$rm_attnames = Array(
|
||||
"/.*/" =>
|
||||
Array(
|
||||
"/target/i",
|
||||
"/^on.*/i",
|
||||
"/^dynsrc/i",
|
||||
"/^data.*/i",
|
||||
"/^lowsrc.*/i"
|
||||
)
|
||||
);
|
||||
$rm_attnames = Array(
|
||||
"/.*/" =>
|
||||
Array(
|
||||
"/target/i",
|
||||
"/^on.*/i",
|
||||
"/^dynsrc/i",
|
||||
"/^data.*/i",
|
||||
"/^lowsrc.*/i"
|
||||
)
|
||||
);
|
||||
|
||||
$bad_attvals = Array(
|
||||
"/.*/" =>
|
||||
Array(
|
||||
"/^src|background/i" =>
|
||||
Array(
|
||||
Array(
|
||||
"/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
|
||||
"/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
|
||||
"/^([\'\"])\s*about\s*:.*([\'\"])/si",
|
||||
"/^([\'\"])\s*https*:.*([\'\"])/si",
|
||||
"/^([\'\"])\s*cid*:.*([\'\"])/si"
|
||||
),
|
||||
Array(
|
||||
"\\1$secremoveimg\\2",
|
||||
"\\1$secremoveimg\\2",
|
||||
"\\1$secremoveimg\\2",
|
||||
"\\1$secremoveimg\\2",
|
||||
"\\1$secremoveimg\\2"
|
||||
)
|
||||
),
|
||||
"/^href|action/i" =>
|
||||
Array(
|
||||
Array(
|
||||
"/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
|
||||
"/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
|
||||
"/^([\'\"])\s*about\s*:.*([\'\"])/si"
|
||||
),
|
||||
Array(
|
||||
"\\1#\\1",
|
||||
"\\1#\\1",
|
||||
"\\1#\\1",
|
||||
"\\1#\\1"
|
||||
)
|
||||
),
|
||||
"/^style/i" =>
|
||||
Array(
|
||||
Array(
|
||||
"/expression/i",
|
||||
"/binding/i",
|
||||
"/behaviou*r/i",
|
||||
"/include-source/i",
|
||||
"/url\s*\(\s*([\'\"])\s*\S+script\s*:.*([\'\"])\s*\)/si",
|
||||
"/url\s*\(\s*([\'\"])\s*mocha\s*:.*([\'\"])\s*\)/si",
|
||||
"/url\s*\(\s*([\'\"])\s*about\s*:.*([\'\"])\s*\)/si",
|
||||
"/(.*)\s*:\s*url\s*\(\s*([\'\"]*)\s*\S+script\s*:.*([\'\"]*)\s*\)/si",
|
||||
"/url\(([\'\"])\s*https*:.*([\'\"])\)/si"
|
||||
),
|
||||
Array(
|
||||
"idiocy",
|
||||
"idiocy",
|
||||
"idiocy",
|
||||
"idiocy",
|
||||
"url(\\1#\\1)",
|
||||
"url(\\1#\\1)",
|
||||
"url(\\1#\\1)",
|
||||
"url(\\1#\\1)",
|
||||
"url(\\1#\\1)",
|
||||
"\\1:url(\\2#\\3)",
|
||||
"url(\\1$secremoveimg\\1)"
|
||||
)
|
||||
)
|
||||
)
|
||||
);
|
||||
$bad_attvals = Array(
|
||||
"/.*/" =>
|
||||
Array(
|
||||
"/^src|background/i" =>
|
||||
Array(
|
||||
Array(
|
||||
"/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
|
||||
"/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
|
||||
"/^([\'\"])\s*about\s*:.*([\'\"])/si",
|
||||
"/^([\'\"])\s*https*:.*([\'\"])/si",
|
||||
"/^([\'\"])\s*cid*:.*([\'\"])/si"
|
||||
),
|
||||
Array(
|
||||
"\\1$secremoveimg\\2",
|
||||
"\\1$secremoveimg\\2",
|
||||
"\\1$secremoveimg\\2",
|
||||
"\\1$secremoveimg\\2",
|
||||
"\\1$secremoveimg\\2"
|
||||
)
|
||||
),
|
||||
"/^href|action/i" =>
|
||||
Array(
|
||||
Array(
|
||||
"/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
|
||||
"/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
|
||||
"/^([\'\"])\s*about\s*:.*([\'\"])/si"
|
||||
),
|
||||
Array(
|
||||
"\\1#\\1",
|
||||
"\\1#\\1",
|
||||
"\\1#\\1",
|
||||
"\\1#\\1"
|
||||
)
|
||||
),
|
||||
"/^style/i" =>
|
||||
Array(
|
||||
Array(
|
||||
"/expression/i",
|
||||
"/binding/i",
|
||||
"/behaviou*r/i",
|
||||
"/include-source/i",
|
||||
"/url\s*\(\s*([\'\"])\s*\S+script\s*:.*([\'\"])\s*\)/si",
|
||||
"/url\s*\(\s*([\'\"])\s*mocha\s*:.*([\'\"])\s*\)/si",
|
||||
"/url\s*\(\s*([\'\"])\s*about\s*:.*([\'\"])\s*\)/si",
|
||||
"/(.*)\s*:\s*url\s*\(\s*([\'\"]*)\s*\S+script\s*:.*([\'\"]*)\s*\)/si",
|
||||
"/url\(([\'\"])\s*https*:.*([\'\"])\)/si"
|
||||
),
|
||||
Array(
|
||||
"idiocy",
|
||||
"idiocy",
|
||||
"idiocy",
|
||||
"idiocy",
|
||||
"url(\\1#\\1)",
|
||||
"url(\\1#\\1)",
|
||||
"url(\\1#\\1)",
|
||||
"url(\\1#\\1)",
|
||||
"url(\\1#\\1)",
|
||||
"\\1:url(\\2#\\3)",
|
||||
"url(\\1$secremoveimg\\1)"
|
||||
)
|
||||
)
|
||||
)
|
||||
);
|
||||
|
||||
$add_attr_to_tag = Array(
|
||||
"/^a$/i" =>
|
||||
Array('target'=>'"_new"'
|
||||
)
|
||||
);
|
||||
$add_attr_to_tag = Array("/^a$/i" => Array('target'=>'"_new"'));
|
||||
|
||||
$trusted_html = sanitize($body,
|
||||
$tag_list,
|
||||
$rm_tags_with_content,
|
||||
$self_closing_tags,
|
||||
$force_tag_closing,
|
||||
$rm_attnames,
|
||||
$bad_attvals,
|
||||
$add_attr_to_tag
|
||||
);
|
||||
$trusted_html = sanitize($body,
|
||||
$tag_list,
|
||||
$rm_tags_with_content,
|
||||
$self_closing_tags,
|
||||
$force_tag_closing,
|
||||
$rm_attnames,
|
||||
$bad_attvals,
|
||||
$add_attr_to_tag
|
||||
);
|
||||
|
||||
return $trusted_html;
|
||||
return $trusted_html;
|
||||
}
|
||||
?>
|
||||
|
@ -223,7 +223,7 @@ class PHPMailer
|
||||
var $LE = "\n";
|
||||
/**#@-*/
|
||||
|
||||
/////////////////////////////////////////////////
|
||||
/////////////////////////////////////////////////
|
||||
// CONSTRUCTOR
|
||||
/////////////////////////////////////////////////
|
||||
/**
|
||||
@ -371,7 +371,7 @@ class PHPMailer
|
||||
* @return bool
|
||||
*/
|
||||
function Send() {
|
||||
$header = "";
|
||||
$header = "";
|
||||
$body = "";
|
||||
$result = true;
|
||||
|
||||
@ -468,8 +468,7 @@ class PHPMailer
|
||||
$old_from = ini_get("sendmail_from");
|
||||
ini_set("sendmail_from", $this->Sender);
|
||||
$params = sprintf("-oi -f %s", $this->Sender);
|
||||
$rt = @mail($to, $this->EncodeHeader($this->Subject), $body,
|
||||
$header, $params);
|
||||
$rt = @mail($to, $this->EncodeHeader($this->Subject), $body, $header, $params);
|
||||
}
|
||||
else
|
||||
$rt = @mail($to, $this->EncodeHeader($this->Subject), $body, $header);
|
||||
@ -588,8 +587,7 @@ class PHPMailer
|
||||
|
||||
if($this->SMTPAuth)
|
||||
{
|
||||
if(!$this->smtp->Authenticate($this->Username,
|
||||
$this->Password))
|
||||
if(!$this->smtp->Authenticate($this->Username, $this->Password))
|
||||
{
|
||||
$this->SetError($this->Lang("authenticate"));
|
||||
$this->smtp->Reset();
|
||||
@ -685,8 +683,7 @@ class PHPMailer
|
||||
$formatted = $addr[0];
|
||||
else
|
||||
{
|
||||
$formatted = $this->EncodeHeader($addr[1], 'phrase') . " <" .
|
||||
$addr[0] . ">";
|
||||
$formatted = $this->EncodeHeader($addr[1], 'phrase') . " <" . $addr[0] . ">";
|
||||
}
|
||||
|
||||
return $formatted;
|
||||
@ -1537,5 +1534,4 @@ class PHPMailer
|
||||
$this->CustomHeader[] = explode(":", $custom_header, 2);
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
@ -73,7 +73,6 @@ class Pager {
|
||||
var $text_class;
|
||||
var $text_style;
|
||||
|
||||
|
||||
/**
|
||||
* Pager Constructor
|
||||
* Sets up Pager variables and initializes values
|
||||
@ -102,7 +101,6 @@ class Pager {
|
||||
$this->initQueryString();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Print out the pages as links
|
||||
* Prints out a table of all the pages as links
|
||||
@ -212,15 +210,14 @@ class Pager {
|
||||
* @param none
|
||||
*/
|
||||
function initQueryString() {
|
||||
if (isset($_SERVER['QUERY_STRING'])) {
|
||||
if (isset($_SERVER['QUERY_STRING'])) {
|
||||
// Remove page from query string and convert all "&" to "&"
|
||||
$this->query_string = str_replace('&', '&', preg_replace("/(&|&)?$this->page_var=\d*/",'',$_SERVER['QUERY_STRING']));
|
||||
|
||||
// Insert limit into querystring, if it's not there
|
||||
if ( !strstr($this->query_string, "$this->limit_var=") )
|
||||
$this->query_string .= "&$this->limit_var=" . $this->limit;
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$this->query_string = '';
|
||||
}
|
||||
|
||||
@ -249,8 +246,7 @@ class Pager {
|
||||
function printPage($p) {
|
||||
if ($p == $this->cur_page) {
|
||||
echo " <b>[$p]</b> ";
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$this->printLink($p, $p);
|
||||
}
|
||||
}
|
||||
@ -292,8 +288,7 @@ class Pager {
|
||||
'',
|
||||
'Page ' . $page
|
||||
);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
echo ' <a href="' . $_SERVER['PHP_SELF'] . "?$this->page_var=$page&" . $this->query_string . '"'
|
||||
. ' class="$this->class"'
|
||||
. '>'
|
||||
|
@ -1034,6 +1034,4 @@ class SMTP
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
?>
|
||||
?>
|
||||
|
@ -74,7 +74,6 @@ class Template {
|
||||
<?php
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Print welcome header message
|
||||
* This function prints out a table welcoming
|
||||
@ -123,7 +122,6 @@ class Template {
|
||||
<?php
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Start main HTML table
|
||||
* @param none
|
||||
@ -137,7 +135,6 @@ class Template {
|
||||
<?php
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* End main HTML table
|
||||
* @param none
|
||||
@ -150,7 +147,6 @@ class Template {
|
||||
<?php
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Print HTML footer
|
||||
* This function prints out a tech email
|
||||
|
@ -43,9 +43,9 @@
|
||||
* @param $message A string with the message to output.
|
||||
* @return void.
|
||||
*/
|
||||
function spew($message){
|
||||
function spew($message) {
|
||||
global $debug;
|
||||
if ($debug == true){
|
||||
if ($debug == true) {
|
||||
echo "$message";
|
||||
}
|
||||
}
|
||||
@ -60,20 +60,20 @@ function spew($message){
|
||||
* @param $tagtype The type of the tag (see in comments).
|
||||
* @return a string with the final tag representation.
|
||||
*/
|
||||
function tagprint($tagname, $attary, $tagtype){
|
||||
function tagprint($tagname, $attary, $tagtype) {
|
||||
$me = 'tagprint';
|
||||
if ($tagtype == 2){
|
||||
if ($tagtype == 2) {
|
||||
$fulltag = '</' . $tagname . '>';
|
||||
} else {
|
||||
$fulltag = '<' . $tagname;
|
||||
if (is_array($attary) && sizeof($attary)){
|
||||
if (is_array($attary) && sizeof($attary)) {
|
||||
$atts = Array();
|
||||
while (list($attname, $attvalue) = each($attary)){
|
||||
while (list($attname, $attvalue) = each($attary)) {
|
||||
array_push($atts, "$attname=$attvalue");
|
||||
}
|
||||
$fulltag .= ' ' . join(' ', $atts);
|
||||
}
|
||||
if ($tagtype == 3){
|
||||
if ($tagtype == 3) {
|
||||
$fulltag .= ' /';
|
||||
}
|
||||
$fulltag .= '>';
|
||||
@ -89,7 +89,7 @@ function tagprint($tagname, $attary, $tagtype){
|
||||
* @param $val a value passed by-ref.
|
||||
* @return void since it modifies a by-ref value.
|
||||
*/
|
||||
function casenormalize(&$val){
|
||||
function casenormalize(&$val) {
|
||||
$val = strtolower($val);
|
||||
}
|
||||
|
||||
@ -103,10 +103,10 @@ function casenormalize(&$val){
|
||||
* @return the location within the $body where the next
|
||||
* non-whitespace char is located.
|
||||
*/
|
||||
function skipspace($body, $offset){
|
||||
function skipspace($body, $offset) {
|
||||
$me = 'skipspace';
|
||||
preg_match('/^(\s*)/s', substr($body, $offset), $matches);
|
||||
if (sizeof($matches{1})){
|
||||
if (sizeof($matches{1})) {
|
||||
$count = strlen($matches{1});
|
||||
spew("$me: skipped $count chars\n");
|
||||
$offset += $count;
|
||||
@ -125,10 +125,10 @@ function skipspace($body, $offset){
|
||||
* @return location of the next occurance of the needle, or
|
||||
* strlen($body) if needle wasn't found.
|
||||
*/
|
||||
function findnxstr($body, $offset, $needle){
|
||||
function findnxstr($body, $offset, $needle) {
|
||||
$me = 'findnxstr';
|
||||
$pos = strpos($body, $needle, $offset);
|
||||
if ($pos === FALSE){
|
||||
if ($pos === FALSE) {
|
||||
$pos = strlen($body);
|
||||
spew("$me: end of body reached\n");
|
||||
}
|
||||
@ -149,13 +149,13 @@ function findnxstr($body, $offset, $needle){
|
||||
* - string with whatever content between offset and the match
|
||||
* - string with whatever it is we matched
|
||||
*/
|
||||
function findnxreg($body, $offset, $reg){
|
||||
function findnxreg($body, $offset, $reg) {
|
||||
$me = 'findnxreg';
|
||||
$matches = Array();
|
||||
$retarr = Array();
|
||||
$preg_rule = '%^(.*?)(' . $reg . ')%s';
|
||||
preg_match($preg_rule, substr($body, $offset), $matches);
|
||||
if (!isset($matches{0})){
|
||||
if (!isset($matches{0})) {
|
||||
spew("$me: No matches found.\n");
|
||||
$retarr = false;
|
||||
} else {
|
||||
@ -181,14 +181,14 @@ function findnxreg($body, $offset, $reg){
|
||||
* - integer where the tag ends (ending ">")
|
||||
* first three members will be false, if the tag is invalid.
|
||||
*/
|
||||
function getnxtag($body, $offset){
|
||||
function getnxtag($body, $offset) {
|
||||
$me = 'getnxtag';
|
||||
if ($offset > strlen($body)){
|
||||
if ($offset > strlen($body)) {
|
||||
spew("$me: Past the end of body\n");
|
||||
return false;
|
||||
}
|
||||
$lt = findnxstr($body, $offset, '<');
|
||||
if ($lt == strlen($body)){
|
||||
if ($lt == strlen($body)) {
|
||||
spew("$me: No more tags found!\n");
|
||||
return false;
|
||||
}
|
||||
@ -199,7 +199,7 @@ function getnxtag($body, $offset){
|
||||
*/
|
||||
spew("$me: Found '<' at pos $lt\n");
|
||||
$pos = skipspace($body, $lt + 1);
|
||||
if ($pos >= strlen($body)){
|
||||
if ($pos >= strlen($body)) {
|
||||
spew("$me: End of body reached.\n");
|
||||
return Array(false, false, false, $lt, strlen($body));
|
||||
}
|
||||
@ -213,38 +213,38 @@ function getnxtag($body, $offset){
|
||||
* <img src="blah"/>
|
||||
*/
|
||||
$tagtype = false;
|
||||
switch (substr($body, $pos, 1)){
|
||||
case '/':
|
||||
spew("$me: This is a closing tag (type 2)\n");
|
||||
$tagtype = 2;
|
||||
$pos++;
|
||||
break;
|
||||
case '!':
|
||||
/**
|
||||
* A comment or an SGML declaration.
|
||||
*/
|
||||
if (substr($body, $pos+1, 2) == '--'){
|
||||
spew("$me: A comment found. Stripping.\n");
|
||||
$gt = strpos($body, '-->', $pos);
|
||||
if ($gt === false){
|
||||
$gt = strlen($body);
|
||||
switch (substr($body, $pos, 1)) {
|
||||
case '/':
|
||||
spew("$me: This is a closing tag (type 2)\n");
|
||||
$tagtype = 2;
|
||||
$pos++;
|
||||
break;
|
||||
case '!':
|
||||
/**
|
||||
* A comment or an SGML declaration.
|
||||
*/
|
||||
if (substr($body, $pos+1, 2) == '--') {
|
||||
spew("$me: A comment found. Stripping.\n");
|
||||
$gt = strpos($body, '-->', $pos);
|
||||
if ($gt === false) {
|
||||
$gt = strlen($body);
|
||||
} else {
|
||||
$gt += 2;
|
||||
}
|
||||
return Array(false, false, false, $lt, $gt);
|
||||
} else {
|
||||
$gt += 2;
|
||||
spew("$me: An SGML declaration found. Stripping.\n");
|
||||
$gt = findnxstr($body, $pos, '>');
|
||||
return Array(false, false, false, $lt, $gt);
|
||||
}
|
||||
return Array(false, false, false, $lt, $gt);
|
||||
} else {
|
||||
spew("$me: An SGML declaration found. Stripping.\n");
|
||||
$gt = findnxstr($body, $pos, '>');
|
||||
return Array(false, false, false, $lt, $gt);
|
||||
}
|
||||
break;
|
||||
default:
|
||||
/**
|
||||
* Assume tagtype 1 for now. If it's type 3, we'll switch values
|
||||
* later.
|
||||
*/
|
||||
$tagtype = 1;
|
||||
break;
|
||||
break;
|
||||
default:
|
||||
/**
|
||||
* Assume tagtype 1 for now. If it's type 3, we'll switch values
|
||||
* later.
|
||||
*/
|
||||
$tagtype = 1;
|
||||
break;
|
||||
}
|
||||
|
||||
$tag_start = $pos;
|
||||
@ -268,45 +268,45 @@ function getnxtag($body, $offset){
|
||||
*
|
||||
* Whatever else we find there indicates an invalid tag.
|
||||
*/
|
||||
switch ($match){
|
||||
case '/':
|
||||
/**
|
||||
* This is an xhtml-style tag with a closing / at the
|
||||
* end, like so: <img src="blah"/>. Check if it's followed
|
||||
* by the closing bracket. If not, then this tag is invalid
|
||||
*/
|
||||
if (substr($body, $pos, 2) == '/>'){
|
||||
spew("$me: XHTML-style tag found.\n");
|
||||
$pos++;
|
||||
spew("$me: Setting tagtype to 3\n");
|
||||
$tagtype = 3;
|
||||
} else {
|
||||
spew("$me: Found invalid character '/'.\n");
|
||||
$gt = findnxstr($body, $pos, '>');
|
||||
spew("$me: Tag is invalid. Returning.\n");
|
||||
$retary = Array(false, false, false, $lt, $gt);
|
||||
return $retary;
|
||||
}
|
||||
case '>':
|
||||
spew("$me: End of tag found at $pos\n");
|
||||
spew("$me: Tagname is '$tagname'\n");
|
||||
spew("$me: This tag has no attributes\n");
|
||||
return Array($tagname, false, $tagtype, $lt, $pos);
|
||||
break;
|
||||
default:
|
||||
/**
|
||||
* Check if it's whitespace
|
||||
*/
|
||||
if (preg_match('/\s/', $match)){
|
||||
spew("$me: Tagname is '$tagname'\n");
|
||||
} else {
|
||||
switch ($match) {
|
||||
case '/':
|
||||
/**
|
||||
* This is an invalid tag! Look for the next closing ">".
|
||||
* This is an xhtml-style tag with a closing / at the
|
||||
* end, like so: <img src="blah"/>. Check if it's followed
|
||||
* by the closing bracket. If not, then this tag is invalid
|
||||
*/
|
||||
spew("$me: Invalid characters found in tag name: $match\n");
|
||||
$gt = findnxstr($body, $lt, '>');
|
||||
return Array(false, false, false, $lt, $gt);
|
||||
}
|
||||
if (substr($body, $pos, 2) == '/>') {
|
||||
spew("$me: XHTML-style tag found.\n");
|
||||
$pos++;
|
||||
spew("$me: Setting tagtype to 3\n");
|
||||
$tagtype = 3;
|
||||
} else {
|
||||
spew("$me: Found invalid character '/'.\n");
|
||||
$gt = findnxstr($body, $pos, '>');
|
||||
spew("$me: Tag is invalid. Returning.\n");
|
||||
$retary = Array(false, false, false, $lt, $gt);
|
||||
return $retary;
|
||||
}
|
||||
case '>':
|
||||
spew("$me: End of tag found at $pos\n");
|
||||
spew("$me: Tagname is '$tagname'\n");
|
||||
spew("$me: This tag has no attributes\n");
|
||||
return Array($tagname, false, $tagtype, $lt, $pos);
|
||||
break;
|
||||
default:
|
||||
/**
|
||||
* Check if it's whitespace
|
||||
*/
|
||||
if (preg_match('/\s/', $match)){
|
||||
spew("$me: Tagname is '$tagname'\n");
|
||||
} else {
|
||||
/**
|
||||
* This is an invalid tag! Look for the next closing ">".
|
||||
*/
|
||||
spew("$me: Invalid characters found in tag name: $match\n");
|
||||
$gt = findnxstr($body, $lt, '>');
|
||||
return Array(false, false, false, $lt, $gt);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
@ -320,9 +320,9 @@ function getnxtag($body, $offset){
|
||||
$atttype = false;
|
||||
$attary = Array();
|
||||
|
||||
while ($pos <= strlen($body)){
|
||||
while ($pos <= strlen($body)) {
|
||||
$pos = skipspace($body, $pos);
|
||||
if ($pos == strlen($body)){
|
||||
if ($pos == strlen($body)) {
|
||||
/**
|
||||
* Non-closed tag.
|
||||
*/
|
||||
@ -335,13 +335,13 @@ function getnxtag($body, $offset){
|
||||
*/
|
||||
$matches = Array();
|
||||
preg_match('%^(\s*)(>|/>)%s', substr($body, $pos), $matches);
|
||||
if (isset($matches{0}) && $matches{0}){
|
||||
if (isset($matches{0}) && $matches{0}) {
|
||||
/**
|
||||
* Yep. So we did.
|
||||
*/
|
||||
spew("$me: Arrived at the end of the tag.\n");
|
||||
$pos += strlen($matches{1});
|
||||
if ($matches{2} == '/>'){
|
||||
if ($matches{2} == '/>') {
|
||||
$tagtype = 3;
|
||||
$pos++;
|
||||
}
|
||||
@ -366,7 +366,7 @@ function getnxtag($body, $offset){
|
||||
* attrname="yes".
|
||||
*/
|
||||
$regary = findnxreg($body, $pos, '[^\w\-_]');
|
||||
if ($regary == false){
|
||||
if ($regary == false) {
|
||||
/**
|
||||
* Looks like body ended before the end of tag.
|
||||
*/
|
||||
@ -385,121 +385,121 @@ function getnxtag($body, $offset){
|
||||
* '\s' means a lot of things -- look what it's followed by.
|
||||
* anything else means the attribute is invalid.
|
||||
*/
|
||||
switch($match){
|
||||
case '/':
|
||||
/**
|
||||
* This is an xhtml-style tag with a closing / at the
|
||||
* end, like so: <img src="blah"/>. Check if it's followed
|
||||
* by the closing bracket. If not, then this tag is invalid
|
||||
*/
|
||||
if (substr($body, $pos, 2) == '/>'){
|
||||
spew("$me: This is an xhtml-style tag.\n");
|
||||
$pos++;
|
||||
spew("$me: Setting tagtype to 3\n");
|
||||
$tagtype = 3;
|
||||
} else {
|
||||
spew("$me: Found invalid character '/'.\n");
|
||||
$gt = findnxstr($body, $pos, '>');
|
||||
spew("$me: Tag is invalid. Returning.\n");
|
||||
$retary = Array(false, false, false, $lt, $gt);
|
||||
return $retary;
|
||||
}
|
||||
case '>':
|
||||
spew("$me: found type 4 attribute.\n");
|
||||
spew("$me: Additionally, end of tag found at $pos\n");
|
||||
spew("$me: Attname is '$attname'\n");
|
||||
spew("$me: Setting attvalue to 'yes'\n");
|
||||
$attary{$attname} = '"yes"';
|
||||
return Array($tagname, $attary, $tagtype, $lt, $pos);
|
||||
break;
|
||||
default:
|
||||
/**
|
||||
* Skip whitespace and see what we arrive at.
|
||||
*/
|
||||
$pos = skipspace($body, $pos);
|
||||
$char = substr($body, $pos, 1);
|
||||
/**
|
||||
* Two things are valid here:
|
||||
* '=' means this is attribute type 1 2 or 3.
|
||||
* \w means this was attribute type 4.
|
||||
* anything else we ignore and re-loop. End of tag and
|
||||
* invalid stuff will be caught by our checks at the beginning
|
||||
* of the loop.
|
||||
*/
|
||||
if ($char == '='){
|
||||
spew("$me: Attribute type 1, 2, or 3 found.\n");
|
||||
$pos++;
|
||||
$pos = skipspace($body, $pos);
|
||||
switch($match) {
|
||||
case '/':
|
||||
/**
|
||||
* Here are 3 possibilities:
|
||||
* "'" attribute type 1
|
||||
* '"' attribute type 2
|
||||
* everything else is the content of tag type 3
|
||||
* This is an xhtml-style tag with a closing / at the
|
||||
* end, like so: <img src="blah"/>. Check if it's followed
|
||||
* by the closing bracket. If not, then this tag is invalid
|
||||
*/
|
||||
$quot = substr($body, $pos, 1);
|
||||
if ($quot == '\''){
|
||||
spew("$me: In fact, this is attribute type 1\n");
|
||||
spew("$me: looking for closing quote\n");
|
||||
$regary = findnxreg($body, $pos+1, '\'');
|
||||
if ($regary == false){
|
||||
spew("$me: end of body reached before end of val\n");
|
||||
spew("$me: Returning\n");
|
||||
return Array(false, false, false, $lt, strlen($body));
|
||||
}
|
||||
list($pos, $attval, $match) = $regary;
|
||||
spew("$me: Attvalue is '$attval'\n");
|
||||
if (substr($body, $pos, 2) == '/>') {
|
||||
spew("$me: This is an xhtml-style tag.\n");
|
||||
$pos++;
|
||||
$attary{$attname} = '\'' . $attval . '\'';
|
||||
} else if ($quot == '"'){
|
||||
spew("$me: In fact, this is attribute type 2\n");
|
||||
spew("$me: looking for closing quote\n");
|
||||
$regary = findnxreg($body, $pos+1, '\"');
|
||||
if ($regary == false){
|
||||
spew("$me: end of body reached before end of val\n");
|
||||
spew("$me: Returning\n");
|
||||
return Array(false, false, false, $lt, strlen($body));
|
||||
}
|
||||
list($pos, $attval, $match) = $regary;
|
||||
spew("$me: Attvalue is \"$attval\"\n");
|
||||
$pos++;
|
||||
$attary{$attname} = '"' . $attval . '"';
|
||||
spew("$me: Setting tagtype to 3\n");
|
||||
$tagtype = 3;
|
||||
} else {
|
||||
spew("$me: This looks like attribute type 3\n");
|
||||
/**
|
||||
* These are hateful. Look for \s, or >.
|
||||
*/
|
||||
spew("$me: Looking for end of attval\n");
|
||||
$regary = findnxreg($body, $pos, '[\s>]');
|
||||
if ($regary == false){
|
||||
spew("$me: end of body reached before end of val\n");
|
||||
spew("$me: Returning\n");
|
||||
return Array(false, false, false, $lt, strlen($body));
|
||||
}
|
||||
list($pos, $attval, $match) = $regary;
|
||||
/**
|
||||
* If it's ">" it will be caught at the top.
|
||||
*/
|
||||
spew("$me: translating '\"' into "\n");
|
||||
$attval = preg_replace('/\"/s', '"', $attval);
|
||||
spew("$me: wrapping in quotes\n");
|
||||
$attary{$attname} = '"' . $attval . '"';
|
||||
spew("$me: Found invalid character '/'.\n");
|
||||
$gt = findnxstr($body, $pos, '>');
|
||||
spew("$me: Tag is invalid. Returning.\n");
|
||||
$retary = Array(false, false, false, $lt, $gt);
|
||||
return $retary;
|
||||
}
|
||||
} else if (preg_match('|[\w/>]|', $char)) {
|
||||
/**
|
||||
* That was attribute type 4.
|
||||
*/
|
||||
spew("$me: attribute type 4 found.\n");
|
||||
spew("$me: Setting value to 'yes'\n");
|
||||
case '>':
|
||||
spew("$me: found type 4 attribute.\n");
|
||||
spew("$me: Additionally, end of tag found at $pos\n");
|
||||
spew("$me: Attname is '$attname'\n");
|
||||
spew("$me: Setting attvalue to 'yes'\n");
|
||||
$attary{$attname} = '"yes"';
|
||||
} else {
|
||||
return Array($tagname, $attary, $tagtype, $lt, $pos);
|
||||
break;
|
||||
default:
|
||||
/**
|
||||
* An illegal character. Find next '>' and return.
|
||||
* Skip whitespace and see what we arrive at.
|
||||
*/
|
||||
spew("$me: illegal character '$char' found.\n");
|
||||
spew("$me: returning\n");
|
||||
$gt = findnxstr($body, $pos, '>');
|
||||
return Array(false, false, false, $lt, $gt);
|
||||
}
|
||||
$pos = skipspace($body, $pos);
|
||||
$char = substr($body, $pos, 1);
|
||||
/**
|
||||
* Two things are valid here:
|
||||
* '=' means this is attribute type 1 2 or 3.
|
||||
* \w means this was attribute type 4.
|
||||
* anything else we ignore and re-loop. End of tag and
|
||||
* invalid stuff will be caught by our checks at the beginning
|
||||
* of the loop.
|
||||
*/
|
||||
if ($char == '=') {
|
||||
spew("$me: Attribute type 1, 2, or 3 found.\n");
|
||||
$pos++;
|
||||
$pos = skipspace($body, $pos);
|
||||
/**
|
||||
* Here are 3 possibilities:
|
||||
* "'" attribute type 1
|
||||
* '"' attribute type 2
|
||||
* everything else is the content of tag type 3
|
||||
*/
|
||||
$quot = substr($body, $pos, 1);
|
||||
if ($quot == '\'') {
|
||||
spew("$me: In fact, this is attribute type 1\n");
|
||||
spew("$me: looking for closing quote\n");
|
||||
$regary = findnxreg($body, $pos+1, '\'');
|
||||
if ($regary == false) {
|
||||
spew("$me: end of body reached before end of val\n");
|
||||
spew("$me: Returning\n");
|
||||
return Array(false, false, false, $lt, strlen($body));
|
||||
}
|
||||
list($pos, $attval, $match) = $regary;
|
||||
spew("$me: Attvalue is '$attval'\n");
|
||||
$pos++;
|
||||
$attary{$attname} = '\'' . $attval . '\'';
|
||||
} else if ($quot == '"') {
|
||||
spew("$me: In fact, this is attribute type 2\n");
|
||||
spew("$me: looking for closing quote\n");
|
||||
$regary = findnxreg($body, $pos+1, '\"');
|
||||
if ($regary == false) {
|
||||
spew("$me: end of body reached before end of val\n");
|
||||
spew("$me: Returning\n");
|
||||
return Array(false, false, false, $lt, strlen($body));
|
||||
}
|
||||
list($pos, $attval, $match) = $regary;
|
||||
spew("$me: Attvalue is \"$attval\"\n");
|
||||
$pos++;
|
||||
$attary{$attname} = '"' . $attval . '"';
|
||||
} else {
|
||||
spew("$me: This looks like attribute type 3\n");
|
||||
/**
|
||||
* These are hateful. Look for \s, or >.
|
||||
*/
|
||||
spew("$me: Looking for end of attval\n");
|
||||
$regary = findnxreg($body, $pos, '[\s>]');
|
||||
if ($regary == false) {
|
||||
spew("$me: end of body reached before end of val\n");
|
||||
spew("$me: Returning\n");
|
||||
return Array(false, false, false, $lt, strlen($body));
|
||||
}
|
||||
list($pos, $attval, $match) = $regary;
|
||||
/**
|
||||
* If it's ">" it will be caught at the top.
|
||||
*/
|
||||
spew("$me: translating '\"' into "\n");
|
||||
$attval = preg_replace('/\"/s', '"', $attval);
|
||||
spew("$me: wrapping in quotes\n");
|
||||
$attary{$attname} = '"' . $attval . '"';
|
||||
}
|
||||
} else if (preg_match('|[\w/>]|', $char)) {
|
||||
/**
|
||||
* That was attribute type 4.
|
||||
*/
|
||||
spew("$me: attribute type 4 found.\n");
|
||||
spew("$me: Setting value to 'yes'\n");
|
||||
$attary{$attname} = '"yes"';
|
||||
} else {
|
||||
/**
|
||||
* An illegal character. Find next '>' and return.
|
||||
*/
|
||||
spew("$me: illegal character '$char' found.\n");
|
||||
spew("$me: returning\n");
|
||||
$gt = findnxstr($body, $pos, '>');
|
||||
return Array(false, false, false, $lt, $gt);
|
||||
}
|
||||
}
|
||||
}
|
||||
/**
|
||||
@ -518,18 +518,18 @@ function getnxtag($body, $offset){
|
||||
* @param $hex whether the entites are hexadecimal.
|
||||
* @return True or False depending on whether there were matches.
|
||||
*/
|
||||
function deent(&$attvalue, $regex, $hex=false){
|
||||
function deent(&$attvalue, $regex, $hex=false) {
|
||||
$me = 'deent';
|
||||
spew("$me: matching '$regex' against: $attvalue\n");
|
||||
$ret_match = false;
|
||||
preg_match_all($regex, $attvalue, $matches);
|
||||
if (is_array($matches) && sizeof($matches[0]) > 0){
|
||||
if (is_array($matches) && sizeof($matches[0]) > 0) {
|
||||
spew("$me: found " . sizeof($matches[0]) . " matches\n");
|
||||
$repl = Array();
|
||||
for ($i = 0; $i < sizeof($matches[0]); $i++){
|
||||
for ($i = 0; $i < sizeof($matches[0]); $i++) {
|
||||
$numval = $matches[1][$i];
|
||||
spew("$me: numval is $numval\n");
|
||||
if ($hex){
|
||||
if ($hex) {
|
||||
$numval = hexdec($numval);
|
||||
spew("$me: hex! Numval is now $numval\n");
|
||||
}
|
||||
@ -552,14 +552,15 @@ function deent(&$attvalue, $regex, $hex=false){
|
||||
* @param $attvalue A string to run entity check against.
|
||||
* @return Nothing, modifies a reference value.
|
||||
*/
|
||||
function defang(&$attvalue){
|
||||
function defang(&$attvalue) {
|
||||
$me = 'defang';
|
||||
/**
|
||||
* Skip this if there aren't ampersands or backslashes.
|
||||
*/
|
||||
spew("$me: Checking '$attvalue' for suspicious content\n");
|
||||
if (strpos($attvalue, '&') === false
|
||||
&& strpos($attvalue, '\\') === false){
|
||||
&& strpos($attvalue, '\\') === false)
|
||||
{
|
||||
spew("$me: no suspicious content found, returning.\n");
|
||||
return;
|
||||
}
|
||||
@ -585,7 +586,7 @@ function defang(&$attvalue){
|
||||
*/
|
||||
function unspace(&$attvalue){
|
||||
$me = 'unspace';
|
||||
if (strcspn($attvalue, "\t\r\n\0 ") != strlen($attvalue)){
|
||||
if (strcspn($attvalue, "\t\r\n\0 ") != strlen($attvalue)) {
|
||||
spew("$me: Killing whitespace.\n");
|
||||
$attvalue = str_replace(Array("\t", "\r", "\n", "\0", " "),
|
||||
Array('', '', ''), $attvalue);
|
||||
@ -603,22 +604,17 @@ function unspace(&$attvalue){
|
||||
* @param $add_attr_to_tag See description for sanitize
|
||||
* @return Array with modified attributes.
|
||||
*/
|
||||
function fixatts($tagname,
|
||||
$attary,
|
||||
$rm_attnames,
|
||||
$bad_attvals,
|
||||
$add_attr_to_tag
|
||||
){
|
||||
function fixatts($tagname, $attary, $rm_attnames, $bad_attvals, $add_attr_to_tag) {
|
||||
$me = 'fixatts';
|
||||
spew("$me: Fixing attributes\n");
|
||||
while (list($attname, $attvalue) = each($attary)){
|
||||
while (list($attname, $attvalue) = each($attary)) {
|
||||
/**
|
||||
* See if this attribute should be removed.
|
||||
*/
|
||||
foreach ($rm_attnames as $matchtag=>$matchattrs){
|
||||
if (preg_match($matchtag, $tagname)){
|
||||
foreach ($matchattrs as $matchattr){
|
||||
if (preg_match($matchattr, $attname)){
|
||||
foreach ($rm_attnames as $matchtag=>$matchattrs) {
|
||||
if (preg_match($matchtag, $tagname)) {
|
||||
foreach ($matchattrs as $matchattr) {
|
||||
if (preg_match($matchattr, $attname)) {
|
||||
spew("$me: Attribute '$attname' defined as bad.\n");
|
||||
spew("$me: Removing.\n");
|
||||
unset($attary{$attname});
|
||||
@ -639,10 +635,10 @@ function fixatts($tagname,
|
||||
* get in touch with me so I can drive to where you live and
|
||||
* shake your hand personally. :)
|
||||
*/
|
||||
foreach ($bad_attvals as $matchtag=>$matchattrs){
|
||||
if (preg_match($matchtag, $tagname)){
|
||||
foreach ($matchattrs as $matchattr=>$valary){
|
||||
if (preg_match($matchattr, $attname)){
|
||||
foreach ($bad_attvals as $matchtag=>$matchattrs) {
|
||||
if (preg_match($matchtag, $tagname)) {
|
||||
foreach ($matchattrs as $matchattr=>$valary) {
|
||||
if (preg_match($matchattr, $attname)) {
|
||||
/**
|
||||
* There are two arrays in valary.
|
||||
* First is matches.
|
||||
@ -650,7 +646,7 @@ function fixatts($tagname,
|
||||
*/
|
||||
list($valmatch, $valrepl) = $valary;
|
||||
$newvalue = preg_replace($valmatch,$valrepl,$attvalue);
|
||||
if ($newvalue != $attvalue){
|
||||
if ($newvalue != $attvalue) {
|
||||
spew("$me: attvalue is now $newvalue\n");
|
||||
$attary{$attname} = $newvalue;
|
||||
}
|
||||
@ -662,8 +658,8 @@ function fixatts($tagname,
|
||||
/**
|
||||
* See if we need to append any attributes to this tag.
|
||||
*/
|
||||
foreach ($add_attr_to_tag as $matchtag=>$addattary){
|
||||
if (preg_match($matchtag, $tagname)){
|
||||
foreach ($add_attr_to_tag as $matchtag=>$addattary) {
|
||||
if (preg_match($matchtag, $tagname)) {
|
||||
$attary = array_merge($attary, $addattary);
|
||||
spew("$me: Added attributes to this tag\n");
|
||||
}
|
||||
@ -871,15 +867,7 @@ function fixatts($tagname,
|
||||
* @param $add_attr_to_tag see description above
|
||||
* @return sanitized html safe to show on your pages.
|
||||
*/
|
||||
function sanitize($body,
|
||||
$tag_list,
|
||||
$rm_tags_with_content,
|
||||
$self_closing_tags,
|
||||
$force_tag_closing,
|
||||
$rm_attnames,
|
||||
$bad_attvals,
|
||||
$add_attr_to_tag
|
||||
){
|
||||
function sanitize($body, $tag_list, $rm_tags_with_content, $self_closing_tags, $force_tag_closing, $rm_attnames, $bad_attvals, $add_attr_to_tag) {
|
||||
$me = 'sanitize';
|
||||
/**
|
||||
* Normalize rm_tags and rm_tags_with_content.
|
||||
@ -903,22 +891,22 @@ function sanitize($body,
|
||||
*/
|
||||
$body = preg_replace('/&(\{.*?\};)/si', '&\\1', $body);
|
||||
spew("$me: invoking the loop\n");
|
||||
while (($curtag = getnxtag($body, $curpos)) != FALSE){
|
||||
while (($curtag = getnxtag($body, $curpos)) != FALSE) {
|
||||
list($tagname, $attary, $tagtype, $lt, $gt) = $curtag;
|
||||
spew("$me: grabbing free-standing content\n");
|
||||
$free_content = substr($body, $curpos, $lt - $curpos);
|
||||
spew("$me: " . strlen($free_content) . " chars grabbed\n");
|
||||
if ($skip_content == false){
|
||||
if ($skip_content == false) {
|
||||
spew("$me: appending free content to trusted.\n");
|
||||
$trusted .= $free_content;
|
||||
} else {
|
||||
spew("$me: Skipping free content.\n");
|
||||
}
|
||||
if ($tagname != FALSE){
|
||||
if ($tagname != FALSE) {
|
||||
spew("$me: tagname is '$tagname'\n");
|
||||
if ($tagtype == 2){
|
||||
if ($tagtype == 2) {
|
||||
spew("$me: This is a closing tag\n");
|
||||
if ($skip_content == $tagname){
|
||||
if ($skip_content == $tagname) {
|
||||
/**
|
||||
* Got to the end of tag we needed to remove.
|
||||
*/
|
||||
@ -926,9 +914,8 @@ function sanitize($body,
|
||||
$tagname = false;
|
||||
$skip_content = false;
|
||||
} else {
|
||||
if ($skip_content == false){
|
||||
if (isset($open_tags{$tagname}) &&
|
||||
$open_tags{$tagname} > 0){
|
||||
if ($skip_content == false) {
|
||||
if (isset($open_tags{$tagname}) && $open_tags{$tagname} > 0) {
|
||||
spew("$me: popping '$tagname' from open_tags\n");
|
||||
$open_tags{$tagname}--;
|
||||
} else {
|
||||
@ -949,8 +936,7 @@ function sanitize($body,
|
||||
* See if this is a self-closing type and change
|
||||
* tagtype appropriately.
|
||||
*/
|
||||
if ($tagtype == 1
|
||||
&& in_array($tagname, $self_closing_tags)){
|
||||
if ($tagtype == 1 && in_array($tagname, $self_closing_tags)) {
|
||||
spew("$me: Self-closing tag. Changing tagtype.\n");
|
||||
$tagtype = 3;
|
||||
}
|
||||
@ -958,21 +944,19 @@ function sanitize($body,
|
||||
* See if we should skip this tag and any content
|
||||
* inside it.
|
||||
*/
|
||||
if ($tagtype == 1
|
||||
&& in_array($tagname, $rm_tags_with_content)){
|
||||
if ($tagtype == 1 && in_array($tagname, $rm_tags_with_content)) {
|
||||
spew("$me: removing this tag with content\n");
|
||||
$skip_content = $tagname;
|
||||
} else {
|
||||
if (($rm_tags == false
|
||||
&& in_array($tagname, $tag_list)) ||
|
||||
($rm_tags == true
|
||||
&& !in_array($tagname, $tag_list))){
|
||||
if (($rm_tags == false && in_array($tagname, $tag_list)) ||
|
||||
($rm_tags == true && !in_array($tagname, $tag_list)))
|
||||
{
|
||||
spew("$me: Removing this tag.\n");
|
||||
$tagname = false;
|
||||
} else {
|
||||
if ($tagtype == 1){
|
||||
if ($tagtype == 1) {
|
||||
spew("$me: adding '$tagname' to open_tags\n");
|
||||
if (isset($open_tags{$tagname})){
|
||||
if (isset($open_tags{$tagname})) {
|
||||
$open_tags{$tagname}++;
|
||||
} else {
|
||||
$open_tags{$tagname} = 1;
|
||||
@ -981,12 +965,8 @@ function sanitize($body,
|
||||
/**
|
||||
* This is where we run other checks.
|
||||
*/
|
||||
if (is_array($attary) && sizeof($attary) > 0){
|
||||
$attary = fixatts($tagname,
|
||||
$attary,
|
||||
$rm_attnames,
|
||||
$bad_attvals,
|
||||
$add_attr_to_tag);
|
||||
if (is_array($attary) && sizeof($attary) > 0) {
|
||||
$attary = fixatts($tagname, $attary, $rm_attnames, $bad_attvals, $add_attr_to_tag);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -994,7 +974,7 @@ function sanitize($body,
|
||||
spew("$me: Skipping this tag\n");
|
||||
}
|
||||
}
|
||||
if ($tagname != false && $skip_content == false){
|
||||
if ($tagname != false && $skip_content == false) {
|
||||
spew("$me: Appending tag to trusted.\n");
|
||||
$trusted .= tagprint($tagname, $attary, $tagtype);
|
||||
}
|
||||
@ -1005,9 +985,9 @@ function sanitize($body,
|
||||
}
|
||||
spew("$me: Appending any leftover content\n");
|
||||
$trusted .= substr($body, $curpos, strlen($body) - $curpos);
|
||||
if ($force_tag_closing == true){
|
||||
foreach ($open_tags as $tagname=>$opentimes){
|
||||
while ($opentimes > 0){
|
||||
if ($force_tag_closing == true) {
|
||||
foreach ($open_tags as $tagname=>$opentimes) {
|
||||
while ($opentimes > 0) {
|
||||
spew("$me: '$tagname' left open. Closing by force.\n");
|
||||
$trusted .= '</' . $tagname . '>';
|
||||
$opentimes--;
|
||||
|
Loading…
Reference in New Issue
Block a user