apply code-formating-cleanup-convert-DOS-to-UNIX-text-form from https://github.com/zedzedtop/mailzu

This commit is contained in:
Mario Fetka 2016-02-04 17:26:07 +01:00
parent 180aa514e9
commit 05196e9fb7
17 changed files with 967 additions and 1064 deletions

View File

@ -37,9 +37,8 @@ else {
*/
class AmavisdEngine {
var $socket; // Reference to socket
var $port; // Amavisd spam release port
var $socket; // Reference to socket
var $port; // Amavisd spam release port
var $connected; // Connection status
var $last_error; // Last error message
@ -49,7 +48,6 @@ class AmavisdEngine {
* $return object Amavisd object
*/
function AmavisdEngine($host) {
$this->socket = new Net_Socket();
$this->port = $GLOBALS['conf']['amavisd']['spam_release_port'];
$this->connected = false;
@ -79,10 +77,9 @@ class AmavisdEngine {
* @param $secret_id
* @param $recipient
* @result response
*/
*/
function release_message($mail_id, $secret_id, $recipient, $quar_type, $quar_loc) {
if (! $this->connected) {
return $this->last_error;
}
@ -120,8 +117,6 @@ class AmavisdEngine {
}
return $out;
}
}
?>

View File

@ -149,7 +149,6 @@ class Auth {
case "ad":
case "ldap":
// Added this check for LDAP servers that switch to anonymous bind whenever
// provided password is left blank
if ($pass == '') return (translate ('Invalid User Name/Password.'));
@ -160,7 +159,6 @@ class Auth {
$ldap = new LDAPEngine();
if( $ldap->connect() ) {
// Get user DN
// For AD it could be of the form of 'user@domain' or standard LDAP dn
$dn = $ldap->getUserDN($login);
@ -184,7 +182,6 @@ class Auth {
break;
case "sql":
// Include DBAuth class
include_once('DBAuth.class.php');
@ -222,7 +219,6 @@ class Auth {
break;
case "imap":
// Include IMAPAuth class
include_once('IMAPAuth.class.php');
@ -241,7 +237,8 @@ class Auth {
break;
default:
CmnFns::do_error_box(translate('Unknown server type'), '', false);
CmnFns::do_error_box(translate('Unknown server type'), '', false);
break;
}
}
@ -250,7 +247,6 @@ class Auth {
CmnFns::write_log('Authentication failed' . ', ' . $msg, $login);
return translate($msg);
} else {
$this->is_loggedin = true;
CmnFns::write_log('Authentication successful', $login);
@ -303,7 +299,6 @@ class Auth {
}
function isAllowedToLogin( $username ) {
global $conf;
// If not defined or set to false, $username is allowed to log in
@ -317,7 +312,6 @@ class Auth {
}
}
/**
* Log the user out of the system
* @param none

View File

@ -47,7 +47,6 @@ include_once('Pager.class.php');
* Provides functions common to most pages
*/
class CmnFns {
/**
* Convert minutes to hours
* @param double $time time to convert in minutes
@ -63,13 +62,13 @@ class CmnFns {
$hour = intval($time / 60);
$min = $time % 60;
if ($conf['app']['timeFormat'] == 24) {
$a = ''; // AM/PM does not exist
$a = ''; // AM/PM does not exist
if ($hour < 10) $hour = '0' . $hour;
}
else {
$a = ($hour < 12 || $hour == 24) ? translate('am') : translate('pm'); // Set am/pm
if ($hour > 12) $hour = $hour - 12; // Take out of 24hr clock
if ($hour == 0) $hour = 12; // Don't show 0hr, show 12 am
$a = ($hour < 12 || $hour == 24) ? translate('am') : translate('pm'); // Set am/pm
if ($hour > 12) $hour = $hour - 12; // Take out of 24hr clock
if ($hour == 0) $hour = 12; // Don't show 0hr, show 12 am
}
// Set proper minutes (the same for 12/24 format)
if ($min < 10) $min = 0 . $min;
@ -83,7 +82,6 @@ class CmnFns {
* @return int timestamp
*/
function formatDateISO($date) {
$time = strtotime($date);
return $time;
}
@ -101,7 +99,6 @@ class CmnFns {
return strftime($format, $date);
}
/**
* Convert UNIX timestamp to datetime format
* @param string $ts MySQL timestamp
@ -117,7 +114,6 @@ class CmnFns {
return strftime($format, $ts);
}
/**
* Convert minutes to hours/minutes
* @param int $minutes minutes to convert
@ -143,7 +139,6 @@ class CmnFns {
return (strrpos($uri, '/') === false) ? $uri : substr($uri, 0, strlen($uri));
}
/**
* Prints an error message box and kills the app
* @param string $msg error message to print
@ -201,12 +196,12 @@ class CmnFns {
* @return array of cleaned up POST values
*/
function cleanPostVals() {
$return = array();
$rval = array();
foreach ($_POST as $key => $val)
$return[$key] = stripslashes(trim($val));
$rval[$key] = stripslashes(trim($val));
return $return;
return $rval;
}
/**
@ -215,12 +210,12 @@ class CmnFns {
* @return array of cleaned up data
*/
function cleanVals($data) {
$return = array();
$rval = array();
foreach ($data as $key => $val)
$return[$key] = stripslashes($val);
$rval[$key] = stripslashes($val);
return $return;
return $rval;
}
/**
@ -236,10 +231,10 @@ class CmnFns {
switch($vert) {
case 'DESC';
case 'ASC';
break;
break;
default :
$vert = 'DESC';
break;
break;
}
return $vert;
@ -267,7 +262,6 @@ class CmnFns {
return $order;
}
/**
* Opposite of php's nl2br function.
* Subs in a newline for all brs
@ -290,27 +284,27 @@ class CmnFns {
$file = $conf['app']['logfile'];
$values = '';
if (!$conf['app']['use_log']) // Return if we aren't going to log
if (!$conf['app']['use_log']) // Return if we aren't going to log
return;
if (empty($ip))
$ip = $_SERVER['REMOTE_ADDR'];
clearstatcache(); // Clear cached results
clearstatcache(); // Clear cached results
if (!is_dir(dirname($file)))
mkdir(dirname($file), 0777); // Create the directory
mkdir(dirname($file), 0777); // Create the directory
if (!touch($file))
return; // Return if we cant touch the file
return; // Return if we cant touch the file
if (!$fp = fopen($file, 'a'))
return; // Return if the fopen fails
return; // Return if the fopen fails
flock($fp, LOCK_EX); // Lock file for writing
flock($fp, LOCK_EX); // Lock file for writing
if (!fwrite($fp, '[' . date('D, d M Y H:i:s') . ']' . $delim . $ip . $delim . $userid . $delim . $string . "\r\n")) // Write log entry
return; // Return if we cant write to the file
flock($fp, LOCK_UN); // Unlock file
flock($fp, LOCK_UN); // Unlock file
fclose($fp);
}
@ -382,7 +376,6 @@ class CmnFns {
return $str;
}
/**
* Verifies current page number and returns value
* @param integer $page value of current page number
@ -515,7 +508,6 @@ class CmnFns {
?>
<table border=0 width="100%">
<form action="<?php echo $submit_page ?>" method="get" name="quarantine">
<tr><td colspan=2 align="center"><?php echo translate('Search for messages whose:'); ?>&nbsp;</td></tr>
<tr><td align="right">&nbsp;
<?php
@ -645,7 +637,6 @@ class CmnFns {
return $result;
}
/*
* Search for the var $name in $_SESSION, $_POST, $_GET,
* $_SERVER and set it in provided var.
@ -668,36 +659,30 @@ class CmnFns {
* @return value of var
*/
function getGlobalVar($name, $search = INORDER) {
switch ($search) {
/* we want the default case to be first here,
so that if a valid value isn't specified,
all four arrays will be searched. */
default:
case INORDER: // check session, post, get
case SESSION:
if( isset($_SESSION[$name]) )
return $_SESSION[$name];
elseif ( $search == SESSION )
break;
// fall through
case FORM: // check post, get
case POST:
if( isset($_POST[$name]) )
return $_POST[$name];
elseif ( $search == POST )
break;
// fall through
case GET:
if( isset($_GET[$name]) )
return $_GET[$name];
/* For INORDER case, exit after GET */
break;
case SERVER:
if( isset($_SERVER[$name]) )
return $_SERVER[$name];
@ -711,9 +696,9 @@ class CmnFns {
* @param $location string
*/
function redirect_js($location) {
echo "<SCRIPT LANGUAGE=\"JavaScript\">";
echo "parent.location.href = '" . $location . "';";
echo "</SCRIPT>";
echo "<SCRIPT LANGUAGE=\"JavaScript\">";
echo "parent.location.href = '" . $location . "';";
echo "</SCRIPT>";
}
@ -729,11 +714,11 @@ class CmnFns {
?>
<table border=0 width="100%">
<form action="<? echo $submit_page ?>" method="get" name="wblist">
<form action="<?php echo $submit_page ?>" method="get" name="wblist">
<tr><td colspan=2 align="center"><? echo translate('Search for rules whose:'); ?>&nbsp;</td></tr>
<tr><td colspan=2 align="center"><?php echo translate('Search for rules whose:'); ?>&nbsp;</td></tr>
<tr><td align="right">&nbsp;
<?
<?php
$i = 1;
$array_size = count($fields_array);
foreach ($fields_array as $k => $name) {
@ -761,14 +746,14 @@ class CmnFns {
$i ++;
echo ($i % 2) ? "&nbsp;</td></tr>\n\t\t\t<tr><td colspan='2' align='center'>&nbsp\n" : "&nbsp;</td><td align='left'>&nbsp";
?>
<input type="submit" class="button" name="search_action" value="<? echo translate('Search'); ?>" />
<? if (CmnFns::didSearch())
<input type="submit" class="button" name="search_action" value="<?php echo translate('Search'); ?>" />
<?php if (CmnFns::didSearch())
echo "<input type=\"submit\" class=\"button\" name=\"search_action\" value=\"" . translate('Clear search results') . "\" />";
?>
&nbsp;</td></tr>
</form>
</table>
<?
<?php
}

View File

@ -35,7 +35,6 @@ else {
* Provide all database access/manipulation functionality for SQL Auth
*/
class DBAuth {
// Reference to the database object
var $db;
@ -107,7 +106,6 @@ class DBAuth {
* @param none
*/
function db_connect() {
/***********************************************************
/ This uses PEAR::DB
/ See http://www.pear.php.net/manual/en/package.database.php#package.database.db
@ -145,7 +143,6 @@ class DBAuth {
* @return boolean
*/
function authUser($username, $password) {
if ( $this->isMd5 )
$password = md5( $password );
@ -171,7 +168,6 @@ class DBAuth {
$this->err_msg = translate('There are no records in the table.');
return false;
} else {
// Fetch the first row of data
$rs = $this->cleanRow($result->fetchRow());
@ -198,7 +194,6 @@ class DBAuth {
return false;
}
/**
* Strips out slashes for all data in the return row
* - THIS MUST ONLY BE ONE ROW OF DATA -
@ -206,11 +201,11 @@ class DBAuth {
* @return array with same key => value pairs (except slashes)
*/
function cleanRow($data) {
$return = array();
$rval = array();
foreach ($data as $key => $val)
$return[$key] = stripslashes($val);
return $return;
$rval[$key] = stripslashes($val);
return $rval;
}
/**
@ -229,12 +224,12 @@ class DBAuth {
* @return array containing user information
*/
function getUserData() {
$return = array(
$rval = array(
'logonName' => $this->logonName,
'firstName' => $this->firstName,
'emailAddress' => $this->emailAddress
);
return $return;
return $rval;
}
//mysql_crypt - shamelessly stolen from php.net docs

View File

@ -43,7 +43,6 @@ else {
* Provide all database access/manipulation functionality
*/
class DBEngine {
// Reference to the database object
var $db;
@ -85,7 +84,6 @@ class DBEngine {
* @global $conf
*/
function db_connect() {
/***********************************************************
/ This uses PEAR::DB
/ See http://www.pear.php.net/manual/en/package.database.php#package.database.db
@ -121,7 +119,7 @@ class DBEngine {
global $conf;
$return = array();
$rval = array();
$total = array( 'spam' => 0, 'banned' => 0, 'virus' => 0, 'header' => 0, 'pending' => 0, 'total' => 0);
$query = "SELECT date,
@ -199,7 +197,7 @@ class DBEngine {
$timestamp = CmnFns::formatDateISO($rs['date']);
$date = CmnFns::formatDate($timestamp);
$totalthisdate = $rs['spam'] + $rs['banned'] + $rs['viruses'] + $rs['badheaders'] + $rs['pending'];
$return[$date] = array('spam' => $rs['spam'],
$rval[$date] = array('spam' => $rs['spam'],
'banned' => $rs['banned'],
'virus' => $rs['viruses'],
'header' => $rs['badheaders'],
@ -208,16 +206,16 @@ class DBEngine {
}
// Total the data
foreach ($return as $date => $typearray) {
foreach ($rval as $date => $typearray) {
foreach ($typearray as $type => $count) {
$total[$type] += $count;
}
}
$return['Total'] = $total;
$rval['Total'] = $total;
$result->free();
return $return;
return $rval;
}
// User methods -------------------------------------------
@ -231,7 +229,7 @@ class DBEngine {
global $conf;
$return = array();
$rval = array();
$total = array('spam' => 0, 'banned' => 0, 'virus' => 0, 'header' => 0, 'pending' => 0, 'total' => 0);
// Get where clause for recipient email address(es)
@ -325,7 +323,7 @@ class DBEngine {
$timestamp = CmnFns::formatDateISO($rs['date']);
$date = CmnFns::formatDate($timestamp);
$totalthisdate = $rs['spam'] + $rs['banned'] + $rs['viruses'] + $rs['badheaders'] + $rs['pending'];
$return[$date] = array('spam' => $rs['spam'],
$rval[$date] = array('spam' => $rs['spam'],
'banned' => $rs['banned'],
'virus' => $rs['viruses'],
'header' => $rs['badheaders'],
@ -334,16 +332,16 @@ class DBEngine {
}
// Total the data
foreach ($return as $date => $typearray) {
foreach ($rval as $date => $typearray) {
foreach ($typearray as $type => $count) {
$total[$type] += $count;
}
}
$return['Total'] = $total;
$rval['Total'] = $total;
$result->free();
return $return;
return $rval;
}
@ -375,7 +373,7 @@ class DBEngine {
$sizeLimit = isset ( $conf['app']['displaySizeLimit'] ) && is_numeric( $conf['app']['displaySizeLimit'] ) ?
$conf['app']['displaySizeLimit'] : 50;
$return = array();
$rval = array();
if (is_array($search_array)) {
$search_clause = "";
@ -418,20 +416,27 @@ class DBEngine {
}
}
$query = "SELECT msgs.time_num, msgs.from_addr,
msgs.mail_id, msgs.subject, msgs.spam_level, msgs.content,
msgrcpt.rs, msgs.quar_type, recip.email
$query = "SELECT
msgs.time_num,
msgs.from_addr,
msgs.mail_id,
msgs.subject,
msgs.spam_level,
msgs.content,
msgrcpt.rs,
msgs.quar_type,
recip.email
FROM msgs
INNER JOIN msgrcpt ON msgs.mail_id=msgrcpt.mail_id
$join_type maddr AS sender ON msgs.sid=sender.id
$join_type maddr AS recip ON msgrcpt.rid=recip.id
INNER JOIN msgrcpt ON msgs.mail_id = msgrcpt.mail_id
$join_type maddr AS sender ON msgs.sid = sender.id
$join_type maddr AS recip ON msgrcpt.rid = recip.id
WHERE $type_clause"
// Only check against the email address when not admin
. ($msgs_all ? ' ' : $emailaddr_clause)
. " $rs_clause
$search_clause
AND msgs.quar_type <> ''
ORDER BY $order $vert ";
$search_clause
AND msgs.quar_type <> ''
ORDER BY $order $vert ";
// Prepare query
$q = $this->db->prepare($query);
@ -456,7 +461,7 @@ class DBEngine {
if ( $get_all ) {
while ($rs = $result->fetchRow()) {
$return[] = $this->cleanRow($rs);
$rval[] = $this->cleanRow($rs);
}
} else {
// the row to start fetching
@ -469,13 +474,13 @@ class DBEngine {
if (!$row = $result->fetchrow(DB_FETCHMODE_ASSOC, $rownum)) {
break;
}
$return[] = $this->cleanRow($row);
$rval[] = $this->cleanRow($row);
}
}
$result->free();
return $return;
return $rval;
}
/**
@ -486,7 +491,6 @@ class DBEngine {
* @return array of message(s)
*/
function get_message($emailaddress, $mail_id) {
global $conf;
# MySQL seems to run faster with a LEFT JOIN
@ -498,7 +502,7 @@ class DBEngine {
$recipEmailClause = $this->convertEmailaddresses2SQL($emailaddress);
$return = array();
$rval = array();
$query = 'SELECT msgs.time_num, msgs.secret_id, msgs.subject, msgs.from_addr, msgs.spam_level,'
. ' msgrcpt.rs, recip.email, msgs.host, msgs.content, msgs.quar_type, msgs.quar_loc'
@ -522,12 +526,12 @@ class DBEngine {
return NULL;
}
while ($rs = $result->fetchRow()) {
$return[] = $this->cleanRow($rs);
$rval[] = $this->cleanRow($rs);
}
$result->free();
return $return;
return $rval;
}
/**
@ -539,7 +543,6 @@ class DBEngine {
* @return array of message(s)
*/
function update_msgrcpt_rs($mail_id, $mail_rcpt, $flag) {
// If its a pending message, do not set the rs flag to 'v'
$cur_msg_array = $this->get_message($mail_rcpt, $mail_id);
$msg_status = $cur_msg_array[0];
@ -561,7 +564,6 @@ class DBEngine {
return true;
}
/**
* Function that returns number of entries for logged in user
* where RS flag is equal to $flag
@ -570,7 +572,6 @@ class DBEngine {
* @return number of message(s)
*/
function get_count_rs($emailaddresses, $flag) {
// Get where clause for recipient email address(es)
$emailaddr_clause = $this->convertEmailaddresses2SQL($emailaddresses);
if ( $emailaddr_clause != '' )
@ -617,7 +618,6 @@ class DBEngine {
}
}
if (Auth::isMailAdmin()) {
$values = array($mail_id);
$query = 'SELECT' . $mail_text_column . ' FROM quarantine ' .
@ -640,14 +640,14 @@ class DBEngine {
if ($result->numRows() <= 0){
return false;
}
$return = "";
$rval = "";
while ($rs = $result->fetchRow()) {
$return .= $rs['mail_text'];
$rval .= $rs['mail_text'];
}
$result->free();
return $return;
return $rval;
}
/**
@ -681,11 +681,11 @@ class DBEngine {
* @return array with same key => value pairs (except slashes)
*/
function cleanRow($data) {
$return = array();
$rval = array();
foreach ($data as $key => $val)
$return[$key] = stripslashes($val);
return $return;
$rval[$key] = stripslashes($val);
return $rval;
}
/**
@ -705,11 +705,9 @@ class DBEngine {
* @return array containing SQL code
*/
function convertSearch2SQL($field, $criterion, $string) {
$result = array();
if ( $string != '' ) {
switch ($criterion) {
case "contains":
$search_clause = "(" . $field . " LIKE '%" . $string . "%')" ;
@ -728,7 +726,6 @@ class DBEngine {
}
array_push($result, $search_clause);
}
return $result;
}
@ -796,8 +793,8 @@ class DBEngine {
$this->check_for_error($result, $query);
if ($result->numRows() == 1) {
$return = $result->fetchRow();
return $return['id'];
$rval = $result->fetchRow();
return $rval['id'];
} else if ($result->numRows() == 0
&& strpos($recip_email,"@")) {
@ -927,7 +924,7 @@ class DBEngine {
function get_user_control_list( $emailaddresses, $order = 'sender', $vert = 'ASC', $search_array, $page, $all = false) {
global $conf;
$return = Array();
$rval = Array();
// grab the display size limit set in config.php
$sizeLimit = (isset ( $conf['app']['displaySizeLimit'] ) && is_numeric( $conf['app']['displaySizeLimit'] ) ?
@ -980,13 +977,13 @@ class DBEngine {
if (!$row = $result->fetchrow(DB_FETCHMODE_ASSOC, $rownum)) {
break;
}
$return[] = $this->cleanRow($row);
$rval[] = $this->cleanRow($row);
}
$result->free();
return $return;
return $rval;
}
}

View File

@ -21,7 +21,6 @@ include_once('lib/CmnFns.class.php');
* Provide all database access/manipulation functionality for Exchange Auth
*/
class ExchAuth {
// The exchange hostname with port (hostname[:port])
var $exchHost;
// The exchange LDAP URI (ldap://hostname[:port])
@ -56,7 +55,6 @@ class ExchAuth {
* @return boolean
*/
function authUser($username, $password, $domain) {
$fulluser = $domain.'/'.$username;
$mbox = imap_open('{'.$this->exchHost.'/imap}Inbox', $fulluser, $password);
if ($mbox === false) {
@ -121,6 +119,5 @@ class ExchAuth {
);
return $return;
}
}
?>

View File

@ -21,7 +21,6 @@ include_once('lib/CmnFns.class.php');
* Provide all database access/manipulation functionality for IMAP Auth
*/
class IMAPAuth {
// The IMAP hosts with port (hostname[:port])
var $imapHosts;
// IMAP authentication type
@ -60,7 +59,6 @@ class IMAPAuth {
$this->imapUsername = $username;
foreach ($this->imapHosts as $host) { // Try each host in turn
$host = trim($host);
switch ($this->imapType) {
@ -109,16 +107,12 @@ class IMAPAuth {
* @return array containing user information
*/
function getUserData() {
$return = array(
$rval = array(
'logonName' => $this->imapUsername,
'firstName' => $this->imapUsername,
'emailAddress' => array( $this->imapUsername.
( empty($this->imapDomainName) ? '' :
'@'. $this->imapDomainName )
)
'emailAddress' => array($this->imapUsername.(empty($this->imapDomainName) ? '' : '@'. $this->imapDomainName))
);
return $return;
return $rval;
}
}
?>

View File

@ -17,9 +17,7 @@
*/
include_once('lib/CmnFns.class.php');
class LDAPEngine {
// The directory server, tested with OpenLDAP and Active Directory
var $serverType;
@ -89,7 +87,6 @@ class LDAPEngine {
// The user's mail address ($mailAttr value)
var $emailAddress;
/**
* LDAPEngine constructor to initialize object
*/
@ -140,7 +137,6 @@ class LDAPEngine {
* @param none
*/
function connect() {
foreach ($this->hosts as $host) {
$ldap_url = ( $this->ssl ? "ldaps://".$host : $host );
$this->connection = ldap_connect($ldap_url);
@ -218,7 +214,6 @@ class LDAPEngine {
}
}
// User methods -------------------------------------------
/**
@ -282,7 +277,6 @@ class LDAPEngine {
* @return array
*/
function searchUserDN($searchFilter) {
switch ($this->serverType) {
case "ldap":
if ( $this->searchUser != '' ) {
@ -318,14 +312,12 @@ class LDAPEngine {
return $dn;
}
/**
* Queries LDAP for user information
* @param string $dn
* @return boolean indicating success or failure
*/
function loadUserData($dn) {
$this->emailAddress = array();
// We are instered in getting just the user's first name and his/her mail attribute(s)
@ -385,12 +377,12 @@ class LDAPEngine {
* @return array containing user information
*/
function getUserData() {
$return = array(
$rval = array(
'logonName' => $this->logonName,
'firstName' => $this->firstName,
'emailAddress' => $this->emailAddress
);
return $return;
return $rval;
}

View File

@ -98,7 +98,6 @@ class Link {
//=============================================
//---------------------------------------------
// Getter functions
//---------------------------------------------
@ -160,7 +159,6 @@ class Link {
//=============================================
/**
* Print out a link without creating a new Link object
* @param string $url url to link to

View File

@ -20,13 +20,12 @@ include_once('lib/CmnFns.class.php');
* Pear::DB
*/
if ($GLOBALS['conf']['app']['safeMode']) {
ini_set('include_path', ( dirname(__FILE__) . '/pear/' . PATH_SEPARATOR . ini_get('include_path') ));
include_once('pear/PEAR.php');
include_once('pear/Mail/mimeDecode.php');
}
else {
include_once 'PEAR.php';
include_once('Mail/mimeDecode.php');
ini_set('include_path', ( dirname(__FILE__) . '/pear/' . PATH_SEPARATOR . ini_get('include_path') ));
include_once('pear/PEAR.php');
include_once('pear/Mail/mimeDecode.php');
} else {
include_once('PEAR.php');
include_once('Mail/mimeDecode.php');
}
/**
@ -34,13 +33,12 @@ else {
*/
class MailEngine {
var $raw; // Raw mail contents
var $struct; // The top-level MIME structure
var $recipient; // The recipient of the email
var $msg_found; // Msg found in database
var $msg_error; // Msg has MIME error
var $last_error; // PEAR Error Messages
var $raw; // Raw mail contents
var $struct; // The top-level MIME structure
var $recipient; // The recipient of the email
var $msg_found; // Msg found in database
var $msg_error; // Msg has MIME error
var $last_error; // PEAR Error Messages
/**
* MailEngine object constructor
@ -49,21 +47,21 @@ class MailEngine {
* $return object MailEngine object
*/
function MailEngine($mail_id, $recip) {
$this->recipient = $recip;
$this->getRawContent($mail_id);
$this->msg_error = false;
if ($this->raw) {
$this->msg_found = true;
$this->struct = $this->getDecodedStruct($this->raw);
if (PEAR::isError($this->struct)) {
$this->msg_error = true;
$this->last_error = $this->struct->getMessage();
}
} else {
$this->msg_found = false;
}
$this->recipient = $recip;
$this->getRawContent($mail_id);
$this->msg_error = false;
if ($this->raw) {
$this->msg_found = true;
$this->struct = $this->getDecodedStruct($this->raw);
if (PEAR::isError($this->struct)) {
$this->msg_error = true;
$this->last_error = $this->struct->getMessage();
}
} else {
$this->msg_found = false;
}
return $this->struct;
return $this->struct;
}
/**
@ -72,12 +70,12 @@ class MailEngine {
* $return object Mail_mimeDecode::decode object
*/
function getDecodedStruct($contents) {
$message = new Mail_mimeDecode($contents);
$msg_struct = $message->decode( array ( 'include_bodies' => true,
'decode_bodies' => true,
'decode_headers' => true)
);
return $msg_struct;
$message = new Mail_mimeDecode($contents);
$msg_struct = $message->decode( array ( 'include_bodies' => true,
'decode_bodies' => true,
'decode_headers' => true)
);
return $msg_struct;
}
/**
@ -86,12 +84,13 @@ class MailEngine {
* $return string The complete raw email
*/
function getRawContent($mail_id) {
$db = new DBEngine();
$this->raw = $db->get_raw_mail($mail_id, $this->recipient);
// Mark read
$db = new DBEngine();
$this->raw = $db->get_raw_mail($mail_id, $this->recipient);
if (in_array($this->recipient, $_SESSION['sessionMail']) && $this->raw) {
$db->update_msgrcpt_rs($mail_id,$this->recipient,'v');
}
// Mark read
if (in_array($this->recipient, $_SESSION['sessionMail']) && $this->raw) {
$db->update_msgrcpt_rs($mail_id,$this->recipient,'v');
}
}
}
?>

View File

@ -20,11 +20,10 @@ include_once('lib/CmnFns.class.php');
* Pear::DB
*/
if ($GLOBALS['conf']['app']['safeMode']) {
ini_set('include_path', ( dirname(__FILE__) . '/pear/' . PATH_SEPARATOR . ini_get('include_path') ));
include_once('pear/Mail/mimeDecode.php');
}
else {
include_once('Mail/mimeDecode.php');
ini_set('include_path', ( dirname(__FILE__) . '/pear/' . PATH_SEPARATOR . ini_get('include_path') ));
include_once('pear/Mail/mimeDecode.php');
} else {
include_once('Mail/mimeDecode.php');
}
/**
@ -42,10 +41,10 @@ include_once('lib/htmlfilter.php');
* $param The mime structure object
*/
function GetCtype($struct) {
$ctype_p = strtolower(trim($struct->ctype_primary));
$ctype_s = strtolower(trim($struct->ctype_secondary));
$type = $ctype_p . '/' . $ctype_s;
return $type;
$ctype_p = strtolower(trim($struct->ctype_primary));
$ctype_s = strtolower(trim($struct->ctype_secondary));
$type = $ctype_p . '/' . $ctype_s;
return $type;
}
/**
@ -56,71 +55,68 @@ $filelist = array ();
$errors = array ();
function MsgParseBody($struct) {
global $filelist;
global $errors;
$ctype_p = strtolower(trim($struct->ctype_primary));
$ctype_s = strtolower(trim($struct->ctype_secondary));
global $filelist;
global $errors;
$ctype_p = strtolower(trim($struct->ctype_primary));
$ctype_s = strtolower(trim($struct->ctype_secondary));
switch ($ctype_p) {
case "multipart":
switch ($ctype_s) {
case "alternative":
// Handle multipart/alternative parts
$alt_entity = FindMultiAlt($struct->parts);
// Ignore if we return false NEEDS WORK
if ($alt_entity) MsgParseBody($alt_entity);
break;
case "related":
// Handle multipart/related parts
$rel_entities = FindMultiRel($struct);
foreach ($rel_entities as $ent) {
MsgParseBody($ent);
}
break;
default:
// Probably multipart/mixed here
// Recursively process nested mime entities
if ( is_array($struct->parts) || is_object($struct->parts) ) {
foreach ($struct->parts as $cur_part) {
MsgParseBody($cur_part);
}
} else {
$errors['Invalid or Corrupt MIME Detected.'] = true;
}
break;
}
break;
case "text":
// Do not display attached text types
if (property_exists($struct, "d_parameters")) {
if ($attachment = $struct->d_parameters['filename'] or $attachment = $struct->d_parameters['name']) {
array_push($filelist, $attachment);
break;
}
}
switch ($ctype_s) {
// Plain text
case "plain":
MsgBodyPlainText($struct->body);
break;
// HTML text
case "html":
MsgBodyHtmlText($struct->body);
break;
// Text type we do not support
default:
$errors['Portions of text could not be displayed'] = true;
}
break;
default:
// Save the listed filename or notify the
// reader that this mail is not displayed completely
$attachment = $struct->d_parameters['filename'];
$attachment ? array_push($filelist, $attachment) : $errors['Unsupported MIME objects present'] = true;
}
switch ($ctype_p) {
case "multipart":
switch ($ctype_s) {
case "alternative":
// Handle multipart/alternative parts
$alt_entity = FindMultiAlt($struct->parts);
// Ignore if we return false NEEDS WORK
if ($alt_entity) MsgParseBody($alt_entity);
break;
case "related":
// Handle multipart/related parts
$rel_entities = FindMultiRel($struct);
foreach ($rel_entities as $ent) {
MsgParseBody($ent);
}
break;
default:
// Probably multipart/mixed here
// Recursively process nested mime entities
if ( is_array($struct->parts) || is_object($struct->parts) ) {
foreach ($struct->parts as $cur_part) {
MsgParseBody($cur_part);
}
} else {
$errors['Invalid or Corrupt MIME Detected.'] = true;
}
break;
}
break;
case "text":
// Do not display attached text types
if (property_exists($struct, "d_parameters")) {
if ($attachment = $struct->d_parameters['filename'] or $attachment = $struct->d_parameters['name']) {
array_push($filelist, $attachment);
break;
}
}
switch ($ctype_s) {
// Plain text
case "plain":
MsgBodyPlainText($struct->body);
break;
// HTML text
case "html":
MsgBodyHtmlText($struct->body);
break;
// Text type we do not support
default:
$errors['Portions of text could not be displayed'] = true;
}
break;
default:
// Save the listed filename or notify the
// reader that this mail is not displayed completely
$attachment = $struct->d_parameters['filename'];
$attachment ? array_push($filelist, $attachment) : $errors['Unsupported MIME objects present'] = true;
}
}
/**
@ -130,29 +126,29 @@ function MsgParseBody($struct) {
* $return Single MIME entity
*/
function FindMultiAlt($parts) {
$alt_pref = array ('text/plain', 'text/html');
$best_view = 0;
// Bad Headers sometimes have invalid MIME....
if ( is_array($parts) || is_object($parts) ) {
foreach ($parts as $cur_part) {
$type = GetCtype($cur_part);
if ($type == 'multipart/related') {
$type = $cur_part->d_parameters['type'];
// Mozilla bug. Mozilla does not provide the parameter type.
if (!$type) $type = 'text/html';
}
$altCount = count($alt_pref);
for ($j = $best_view; $j < $altCount; ++$j) {
if (($alt_pref[$j] == $type) && ($j >= $best_view)) {
$best_view = $j;
$struct = $cur_part;
}
}
}
return $struct;
} else {
$errors['Invalid or Corrupt MIME Detected.'] = true;
}
$alt_pref = array ('text/plain', 'text/html');
$best_view = 0;
// Bad Headers sometimes have invalid MIME....
if ( is_array($parts) || is_object($parts) ) {
foreach ($parts as $cur_part) {
$type = GetCtype($cur_part);
if ($type == 'multipart/related') {
$type = $cur_part->d_parameters['type'];
// Mozilla bug. Mozilla does not provide the parameter type.
if (!$type) $type = 'text/html';
}
$altCount = count($alt_pref);
for ($j = $best_view; $j < $altCount; ++$j) {
if (($alt_pref[$j] == $type) && ($j >= $best_view)) {
$best_view = $j;
$struct = $cur_part;
}
}
}
return $struct;
} else {
$errors['Invalid or Corrupt MIME Detected.'] = true;
}
}
/**
@ -162,155 +158,151 @@ function FindMultiAlt($parts) {
* @return List of MIME entities
*/
function FindMultiRel($struct) {
$entities = array();
$type = $struct->d_parameters['type'];
// Mozilla bug. Mozilla does not provide the parameter type.
if (!$type) $type = 'text/html';
// Bad Headers sometimes have invalid MIME....
if ( is_array($struct->parts) || is_object($struct->parts) ) {
foreach ($struct->parts as $part) {
if (GetCtype($part) == $type || GetCtype($part) == "multipart/alternative") {
array_push($entities,$part);
}
}
} else {
$errors['Invalid or Corrupt MIME Detected.'] = true;
}
return $entities;
$entities = array();
$type = $struct->d_parameters['type'];
// Mozilla bug. Mozilla does not provide the parameter type.
if (!$type) $type = 'text/html';
// Bad Headers sometimes have invalid MIME....
if ( is_array($struct->parts) || is_object($struct->parts) ) {
foreach ($struct->parts as $part) {
if (GetCtype($part) == $type || GetCtype($part) == "multipart/alternative") {
array_push($entities,$part);
}
}
} else {
$errors['Invalid or Corrupt MIME Detected.'] = true;
}
return $entities;
}
// Wrapper script for htmlfilter. Settings taken
// from SquirrelMail
function sanitizeHTML($body) {
if (isset($_COOKIE['lang']) &&
file_exists("img/".substr($_COOKIE['lang'],0,2).".blocked_img.png")) {
$secremoveimg = "img/".substr($_COOKIE['lang'],0,2).".blocked_img.png";
} else {
$secremoveimg = "img/blocked_img.png";
}
$tag_list = Array(
false,
"object",
"meta",
"html",
"head",
"base",
"link",
"frame",
"iframe",
"plaintext",
"marquee"
);
if (isset($_COOKIE['lang']) && file_exists("img/".substr($_COOKIE['lang'],0,2).".blocked_img.png")) {
$secremoveimg = "img/".substr($_COOKIE['lang'],0,2).".blocked_img.png";
} else {
$secremoveimg = "img/blocked_img.png";
}
$tag_list = Array(
false,
"object",
"meta",
"html",
"head",
"base",
"link",
"frame",
"iframe",
"plaintext",
"marquee"
);
$rm_tags_with_content = Array(
"script",
"applet",
"embed",
"title",
"frameset",
"xml",
"style"
);
$rm_tags_with_content = Array(
"script",
"applet",
"embed",
"title",
"frameset",
"xml",
"style"
);
$self_closing_tags = Array(
"img",
"br",
"hr",
"input"
);
$self_closing_tags = Array(
"img",
"br",
"hr",
"input"
);
$force_tag_closing = true;
$force_tag_closing = true;
$rm_attnames = Array(
"/.*/" =>
Array(
"/target/i",
"/^on.*/i",
"/^dynsrc/i",
"/^data.*/i",
"/^lowsrc.*/i"
)
);
$rm_attnames = Array(
"/.*/" =>
Array(
"/target/i",
"/^on.*/i",
"/^dynsrc/i",
"/^data.*/i",
"/^lowsrc.*/i"
)
);
$bad_attvals = Array(
"/.*/" =>
Array(
"/^src|background/i" =>
Array(
Array(
"/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
"/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
"/^([\'\"])\s*about\s*:.*([\'\"])/si",
"/^([\'\"])\s*https*:.*([\'\"])/si",
"/^([\'\"])\s*cid*:.*([\'\"])/si"
),
Array(
"\\1$secremoveimg\\2",
"\\1$secremoveimg\\2",
"\\1$secremoveimg\\2",
"\\1$secremoveimg\\2",
"\\1$secremoveimg\\2"
)
),
"/^href|action/i" =>
Array(
Array(
"/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
"/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
"/^([\'\"])\s*about\s*:.*([\'\"])/si"
),
Array(
"\\1#\\1",
"\\1#\\1",
"\\1#\\1",
"\\1#\\1"
)
),
"/^style/i" =>
Array(
Array(
"/expression/i",
"/binding/i",
"/behaviou*r/i",
"/include-source/i",
"/url\s*\(\s*([\'\"])\s*\S+script\s*:.*([\'\"])\s*\)/si",
"/url\s*\(\s*([\'\"])\s*mocha\s*:.*([\'\"])\s*\)/si",
"/url\s*\(\s*([\'\"])\s*about\s*:.*([\'\"])\s*\)/si",
"/(.*)\s*:\s*url\s*\(\s*([\'\"]*)\s*\S+script\s*:.*([\'\"]*)\s*\)/si",
"/url\(([\'\"])\s*https*:.*([\'\"])\)/si"
),
Array(
"idiocy",
"idiocy",
"idiocy",
"idiocy",
"url(\\1#\\1)",
"url(\\1#\\1)",
"url(\\1#\\1)",
"url(\\1#\\1)",
"url(\\1#\\1)",
"\\1:url(\\2#\\3)",
"url(\\1$secremoveimg\\1)"
)
)
)
);
$bad_attvals = Array(
"/.*/" =>
Array(
"/^src|background/i" =>
Array(
Array(
"/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
"/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
"/^([\'\"])\s*about\s*:.*([\'\"])/si",
"/^([\'\"])\s*https*:.*([\'\"])/si",
"/^([\'\"])\s*cid*:.*([\'\"])/si"
),
Array(
"\\1$secremoveimg\\2",
"\\1$secremoveimg\\2",
"\\1$secremoveimg\\2",
"\\1$secremoveimg\\2",
"\\1$secremoveimg\\2"
)
),
"/^href|action/i" =>
Array(
Array(
"/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
"/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
"/^([\'\"])\s*about\s*:.*([\'\"])/si"
),
Array(
"\\1#\\1",
"\\1#\\1",
"\\1#\\1",
"\\1#\\1"
)
),
"/^style/i" =>
Array(
Array(
"/expression/i",
"/binding/i",
"/behaviou*r/i",
"/include-source/i",
"/url\s*\(\s*([\'\"])\s*\S+script\s*:.*([\'\"])\s*\)/si",
"/url\s*\(\s*([\'\"])\s*mocha\s*:.*([\'\"])\s*\)/si",
"/url\s*\(\s*([\'\"])\s*about\s*:.*([\'\"])\s*\)/si",
"/(.*)\s*:\s*url\s*\(\s*([\'\"]*)\s*\S+script\s*:.*([\'\"]*)\s*\)/si",
"/url\(([\'\"])\s*https*:.*([\'\"])\)/si"
),
Array(
"idiocy",
"idiocy",
"idiocy",
"idiocy",
"url(\\1#\\1)",
"url(\\1#\\1)",
"url(\\1#\\1)",
"url(\\1#\\1)",
"url(\\1#\\1)",
"\\1:url(\\2#\\3)",
"url(\\1$secremoveimg\\1)"
)
)
)
);
$add_attr_to_tag = Array(
"/^a$/i" =>
Array('target'=>'"_new"'
)
);
$add_attr_to_tag = Array("/^a$/i" => Array('target'=>'"_new"'));
$trusted_html = sanitize($body,
$tag_list,
$rm_tags_with_content,
$self_closing_tags,
$force_tag_closing,
$rm_attnames,
$bad_attvals,
$add_attr_to_tag
);
$trusted_html = sanitize($body,
$tag_list,
$rm_tags_with_content,
$self_closing_tags,
$force_tag_closing,
$rm_attnames,
$bad_attvals,
$add_attr_to_tag
);
return $trusted_html;
return $trusted_html;
}
?>

View File

@ -223,7 +223,7 @@ class PHPMailer
var $LE = "\n";
/**#@-*/
/////////////////////////////////////////////////
/////////////////////////////////////////////////
// CONSTRUCTOR
/////////////////////////////////////////////////
/**
@ -371,7 +371,7 @@ class PHPMailer
* @return bool
*/
function Send() {
$header = "";
$header = "";
$body = "";
$result = true;
@ -468,8 +468,7 @@ class PHPMailer
$old_from = ini_get("sendmail_from");
ini_set("sendmail_from", $this->Sender);
$params = sprintf("-oi -f %s", $this->Sender);
$rt = @mail($to, $this->EncodeHeader($this->Subject), $body,
$header, $params);
$rt = @mail($to, $this->EncodeHeader($this->Subject), $body, $header, $params);
}
else
$rt = @mail($to, $this->EncodeHeader($this->Subject), $body, $header);
@ -588,8 +587,7 @@ class PHPMailer
if($this->SMTPAuth)
{
if(!$this->smtp->Authenticate($this->Username,
$this->Password))
if(!$this->smtp->Authenticate($this->Username, $this->Password))
{
$this->SetError($this->Lang("authenticate"));
$this->smtp->Reset();
@ -685,8 +683,7 @@ class PHPMailer
$formatted = $addr[0];
else
{
$formatted = $this->EncodeHeader($addr[1], 'phrase') . " <" .
$addr[0] . ">";
$formatted = $this->EncodeHeader($addr[1], 'phrase') . " <" . $addr[0] . ">";
}
return $formatted;
@ -1537,5 +1534,4 @@ class PHPMailer
$this->CustomHeader[] = explode(":", $custom_header, 2);
}
}
?>

View File

@ -73,7 +73,6 @@ class Pager {
var $text_class;
var $text_style;
/**
* Pager Constructor
* Sets up Pager variables and initializes values
@ -102,7 +101,6 @@ class Pager {
$this->initQueryString();
}
/**
* Print out the pages as links
* Prints out a table of all the pages as links
@ -212,15 +210,14 @@ class Pager {
* @param none
*/
function initQueryString() {
if (isset($_SERVER['QUERY_STRING'])) {
if (isset($_SERVER['QUERY_STRING'])) {
// Remove page from query string and convert all "&" to "&amp;"
$this->query_string = str_replace('&', '&amp;', preg_replace("/(&|&amp;)?$this->page_var=\d*/",'',$_SERVER['QUERY_STRING']));
// Insert limit into querystring, if it's not there
if ( !strstr($this->query_string, "$this->limit_var=") )
$this->query_string .= "&amp;$this->limit_var=" . $this->limit;
}
else {
} else {
$this->query_string = '';
}
@ -249,8 +246,7 @@ class Pager {
function printPage($p) {
if ($p == $this->cur_page) {
echo " <b>[$p]</b> ";
}
else {
} else {
$this->printLink($p, $p);
}
}
@ -292,8 +288,7 @@ class Pager {
'',
'Page ' . $page
);
}
else {
} else {
echo ' <a href="' . $_SERVER['PHP_SELF'] . "?$this->page_var=$page&amp;" . $this->query_string . '"'
. ' class="$this->class"'
. '>'

View File

@ -1034,6 +1034,4 @@ class SMTP
}
}
?>
?>

View File

@ -74,7 +74,6 @@ class Template {
<?php
}
/**
* Print welcome header message
* This function prints out a table welcoming
@ -123,7 +122,6 @@ class Template {
<?php
}
/**
* Start main HTML table
* @param none
@ -137,7 +135,6 @@ class Template {
<?php
}
/**
* End main HTML table
* @param none
@ -150,7 +147,6 @@ class Template {
<?php
}
/**
* Print HTML footer
* This function prints out a tech email

View File

@ -43,9 +43,9 @@
* @param $message A string with the message to output.
* @return void.
*/
function spew($message){
function spew($message) {
global $debug;
if ($debug == true){
if ($debug == true) {
echo "$message";
}
}
@ -60,20 +60,20 @@ function spew($message){
* @param $tagtype The type of the tag (see in comments).
* @return a string with the final tag representation.
*/
function tagprint($tagname, $attary, $tagtype){
function tagprint($tagname, $attary, $tagtype) {
$me = 'tagprint';
if ($tagtype == 2){
if ($tagtype == 2) {
$fulltag = '</' . $tagname . '>';
} else {
$fulltag = '<' . $tagname;
if (is_array($attary) && sizeof($attary)){
if (is_array($attary) && sizeof($attary)) {
$atts = Array();
while (list($attname, $attvalue) = each($attary)){
while (list($attname, $attvalue) = each($attary)) {
array_push($atts, "$attname=$attvalue");
}
$fulltag .= ' ' . join(' ', $atts);
}
if ($tagtype == 3){
if ($tagtype == 3) {
$fulltag .= ' /';
}
$fulltag .= '>';
@ -89,7 +89,7 @@ function tagprint($tagname, $attary, $tagtype){
* @param $val a value passed by-ref.
* @return void since it modifies a by-ref value.
*/
function casenormalize(&$val){
function casenormalize(&$val) {
$val = strtolower($val);
}
@ -103,10 +103,10 @@ function casenormalize(&$val){
* @return the location within the $body where the next
* non-whitespace char is located.
*/
function skipspace($body, $offset){
function skipspace($body, $offset) {
$me = 'skipspace';
preg_match('/^(\s*)/s', substr($body, $offset), $matches);
if (sizeof($matches{1})){
if (sizeof($matches{1})) {
$count = strlen($matches{1});
spew("$me: skipped $count chars\n");
$offset += $count;
@ -125,10 +125,10 @@ function skipspace($body, $offset){
* @return location of the next occurance of the needle, or
* strlen($body) if needle wasn't found.
*/
function findnxstr($body, $offset, $needle){
function findnxstr($body, $offset, $needle) {
$me = 'findnxstr';
$pos = strpos($body, $needle, $offset);
if ($pos === FALSE){
if ($pos === FALSE) {
$pos = strlen($body);
spew("$me: end of body reached\n");
}
@ -149,13 +149,13 @@ function findnxstr($body, $offset, $needle){
* - string with whatever content between offset and the match
* - string with whatever it is we matched
*/
function findnxreg($body, $offset, $reg){
function findnxreg($body, $offset, $reg) {
$me = 'findnxreg';
$matches = Array();
$retarr = Array();
$preg_rule = '%^(.*?)(' . $reg . ')%s';
preg_match($preg_rule, substr($body, $offset), $matches);
if (!isset($matches{0})){
if (!isset($matches{0})) {
spew("$me: No matches found.\n");
$retarr = false;
} else {
@ -181,14 +181,14 @@ function findnxreg($body, $offset, $reg){
* - integer where the tag ends (ending ">")
* first three members will be false, if the tag is invalid.
*/
function getnxtag($body, $offset){
function getnxtag($body, $offset) {
$me = 'getnxtag';
if ($offset > strlen($body)){
if ($offset > strlen($body)) {
spew("$me: Past the end of body\n");
return false;
}
$lt = findnxstr($body, $offset, '<');
if ($lt == strlen($body)){
if ($lt == strlen($body)) {
spew("$me: No more tags found!\n");
return false;
}
@ -199,7 +199,7 @@ function getnxtag($body, $offset){
*/
spew("$me: Found '<' at pos $lt\n");
$pos = skipspace($body, $lt + 1);
if ($pos >= strlen($body)){
if ($pos >= strlen($body)) {
spew("$me: End of body reached.\n");
return Array(false, false, false, $lt, strlen($body));
}
@ -213,38 +213,38 @@ function getnxtag($body, $offset){
* <img src="blah"/>
*/
$tagtype = false;
switch (substr($body, $pos, 1)){
case '/':
spew("$me: This is a closing tag (type 2)\n");
$tagtype = 2;
$pos++;
break;
case '!':
/**
* A comment or an SGML declaration.
*/
if (substr($body, $pos+1, 2) == '--'){
spew("$me: A comment found. Stripping.\n");
$gt = strpos($body, '-->', $pos);
if ($gt === false){
$gt = strlen($body);
switch (substr($body, $pos, 1)) {
case '/':
spew("$me: This is a closing tag (type 2)\n");
$tagtype = 2;
$pos++;
break;
case '!':
/**
* A comment or an SGML declaration.
*/
if (substr($body, $pos+1, 2) == '--') {
spew("$me: A comment found. Stripping.\n");
$gt = strpos($body, '-->', $pos);
if ($gt === false) {
$gt = strlen($body);
} else {
$gt += 2;
}
return Array(false, false, false, $lt, $gt);
} else {
$gt += 2;
spew("$me: An SGML declaration found. Stripping.\n");
$gt = findnxstr($body, $pos, '>');
return Array(false, false, false, $lt, $gt);
}
return Array(false, false, false, $lt, $gt);
} else {
spew("$me: An SGML declaration found. Stripping.\n");
$gt = findnxstr($body, $pos, '>');
return Array(false, false, false, $lt, $gt);
}
break;
default:
/**
* Assume tagtype 1 for now. If it's type 3, we'll switch values
* later.
*/
$tagtype = 1;
break;
break;
default:
/**
* Assume tagtype 1 for now. If it's type 3, we'll switch values
* later.
*/
$tagtype = 1;
break;
}
$tag_start = $pos;
@ -268,45 +268,45 @@ function getnxtag($body, $offset){
*
* Whatever else we find there indicates an invalid tag.
*/
switch ($match){
case '/':
/**
* This is an xhtml-style tag with a closing / at the
* end, like so: <img src="blah"/>. Check if it's followed
* by the closing bracket. If not, then this tag is invalid
*/
if (substr($body, $pos, 2) == '/>'){
spew("$me: XHTML-style tag found.\n");
$pos++;
spew("$me: Setting tagtype to 3\n");
$tagtype = 3;
} else {
spew("$me: Found invalid character '/'.\n");
$gt = findnxstr($body, $pos, '>');
spew("$me: Tag is invalid. Returning.\n");
$retary = Array(false, false, false, $lt, $gt);
return $retary;
}
case '>':
spew("$me: End of tag found at $pos\n");
spew("$me: Tagname is '$tagname'\n");
spew("$me: This tag has no attributes\n");
return Array($tagname, false, $tagtype, $lt, $pos);
break;
default:
/**
* Check if it's whitespace
*/
if (preg_match('/\s/', $match)){
spew("$me: Tagname is '$tagname'\n");
} else {
switch ($match) {
case '/':
/**
* This is an invalid tag! Look for the next closing ">".
* This is an xhtml-style tag with a closing / at the
* end, like so: <img src="blah"/>. Check if it's followed
* by the closing bracket. If not, then this tag is invalid
*/
spew("$me: Invalid characters found in tag name: $match\n");
$gt = findnxstr($body, $lt, '>');
return Array(false, false, false, $lt, $gt);
}
if (substr($body, $pos, 2) == '/>') {
spew("$me: XHTML-style tag found.\n");
$pos++;
spew("$me: Setting tagtype to 3\n");
$tagtype = 3;
} else {
spew("$me: Found invalid character '/'.\n");
$gt = findnxstr($body, $pos, '>');
spew("$me: Tag is invalid. Returning.\n");
$retary = Array(false, false, false, $lt, $gt);
return $retary;
}
case '>':
spew("$me: End of tag found at $pos\n");
spew("$me: Tagname is '$tagname'\n");
spew("$me: This tag has no attributes\n");
return Array($tagname, false, $tagtype, $lt, $pos);
break;
default:
/**
* Check if it's whitespace
*/
if (preg_match('/\s/', $match)){
spew("$me: Tagname is '$tagname'\n");
} else {
/**
* This is an invalid tag! Look for the next closing ">".
*/
spew("$me: Invalid characters found in tag name: $match\n");
$gt = findnxstr($body, $lt, '>');
return Array(false, false, false, $lt, $gt);
}
}
/**
@ -320,9 +320,9 @@ function getnxtag($body, $offset){
$atttype = false;
$attary = Array();
while ($pos <= strlen($body)){
while ($pos <= strlen($body)) {
$pos = skipspace($body, $pos);
if ($pos == strlen($body)){
if ($pos == strlen($body)) {
/**
* Non-closed tag.
*/
@ -335,13 +335,13 @@ function getnxtag($body, $offset){
*/
$matches = Array();
preg_match('%^(\s*)(>|/>)%s', substr($body, $pos), $matches);
if (isset($matches{0}) && $matches{0}){
if (isset($matches{0}) && $matches{0}) {
/**
* Yep. So we did.
*/
spew("$me: Arrived at the end of the tag.\n");
$pos += strlen($matches{1});
if ($matches{2} == '/>'){
if ($matches{2} == '/>') {
$tagtype = 3;
$pos++;
}
@ -366,7 +366,7 @@ function getnxtag($body, $offset){
* attrname="yes".
*/
$regary = findnxreg($body, $pos, '[^\w\-_]');
if ($regary == false){
if ($regary == false) {
/**
* Looks like body ended before the end of tag.
*/
@ -385,121 +385,121 @@ function getnxtag($body, $offset){
* '\s' means a lot of things -- look what it's followed by.
* anything else means the attribute is invalid.
*/
switch($match){
case '/':
/**
* This is an xhtml-style tag with a closing / at the
* end, like so: <img src="blah"/>. Check if it's followed
* by the closing bracket. If not, then this tag is invalid
*/
if (substr($body, $pos, 2) == '/>'){
spew("$me: This is an xhtml-style tag.\n");
$pos++;
spew("$me: Setting tagtype to 3\n");
$tagtype = 3;
} else {
spew("$me: Found invalid character '/'.\n");
$gt = findnxstr($body, $pos, '>');
spew("$me: Tag is invalid. Returning.\n");
$retary = Array(false, false, false, $lt, $gt);
return $retary;
}
case '>':
spew("$me: found type 4 attribute.\n");
spew("$me: Additionally, end of tag found at $pos\n");
spew("$me: Attname is '$attname'\n");
spew("$me: Setting attvalue to 'yes'\n");
$attary{$attname} = '"yes"';
return Array($tagname, $attary, $tagtype, $lt, $pos);
break;
default:
/**
* Skip whitespace and see what we arrive at.
*/
$pos = skipspace($body, $pos);
$char = substr($body, $pos, 1);
/**
* Two things are valid here:
* '=' means this is attribute type 1 2 or 3.
* \w means this was attribute type 4.
* anything else we ignore and re-loop. End of tag and
* invalid stuff will be caught by our checks at the beginning
* of the loop.
*/
if ($char == '='){
spew("$me: Attribute type 1, 2, or 3 found.\n");
$pos++;
$pos = skipspace($body, $pos);
switch($match) {
case '/':
/**
* Here are 3 possibilities:
* "'" attribute type 1
* '"' attribute type 2
* everything else is the content of tag type 3
* This is an xhtml-style tag with a closing / at the
* end, like so: <img src="blah"/>. Check if it's followed
* by the closing bracket. If not, then this tag is invalid
*/
$quot = substr($body, $pos, 1);
if ($quot == '\''){
spew("$me: In fact, this is attribute type 1\n");
spew("$me: looking for closing quote\n");
$regary = findnxreg($body, $pos+1, '\'');
if ($regary == false){
spew("$me: end of body reached before end of val\n");
spew("$me: Returning\n");
return Array(false, false, false, $lt, strlen($body));
}
list($pos, $attval, $match) = $regary;
spew("$me: Attvalue is '$attval'\n");
if (substr($body, $pos, 2) == '/>') {
spew("$me: This is an xhtml-style tag.\n");
$pos++;
$attary{$attname} = '\'' . $attval . '\'';
} else if ($quot == '"'){
spew("$me: In fact, this is attribute type 2\n");
spew("$me: looking for closing quote\n");
$regary = findnxreg($body, $pos+1, '\"');
if ($regary == false){
spew("$me: end of body reached before end of val\n");
spew("$me: Returning\n");
return Array(false, false, false, $lt, strlen($body));
}
list($pos, $attval, $match) = $regary;
spew("$me: Attvalue is \"$attval\"\n");
$pos++;
$attary{$attname} = '"' . $attval . '"';
spew("$me: Setting tagtype to 3\n");
$tagtype = 3;
} else {
spew("$me: This looks like attribute type 3\n");
/**
* These are hateful. Look for \s, or >.
*/
spew("$me: Looking for end of attval\n");
$regary = findnxreg($body, $pos, '[\s>]');
if ($regary == false){
spew("$me: end of body reached before end of val\n");
spew("$me: Returning\n");
return Array(false, false, false, $lt, strlen($body));
}
list($pos, $attval, $match) = $regary;
/**
* If it's ">" it will be caught at the top.
*/
spew("$me: translating '\"' into &quot;\n");
$attval = preg_replace('/\"/s', '&quot;', $attval);
spew("$me: wrapping in quotes\n");
$attary{$attname} = '"' . $attval . '"';
spew("$me: Found invalid character '/'.\n");
$gt = findnxstr($body, $pos, '>');
spew("$me: Tag is invalid. Returning.\n");
$retary = Array(false, false, false, $lt, $gt);
return $retary;
}
} else if (preg_match('|[\w/>]|', $char)) {
/**
* That was attribute type 4.
*/
spew("$me: attribute type 4 found.\n");
spew("$me: Setting value to 'yes'\n");
case '>':
spew("$me: found type 4 attribute.\n");
spew("$me: Additionally, end of tag found at $pos\n");
spew("$me: Attname is '$attname'\n");
spew("$me: Setting attvalue to 'yes'\n");
$attary{$attname} = '"yes"';
} else {
return Array($tagname, $attary, $tagtype, $lt, $pos);
break;
default:
/**
* An illegal character. Find next '>' and return.
* Skip whitespace and see what we arrive at.
*/
spew("$me: illegal character '$char' found.\n");
spew("$me: returning\n");
$gt = findnxstr($body, $pos, '>');
return Array(false, false, false, $lt, $gt);
}
$pos = skipspace($body, $pos);
$char = substr($body, $pos, 1);
/**
* Two things are valid here:
* '=' means this is attribute type 1 2 or 3.
* \w means this was attribute type 4.
* anything else we ignore and re-loop. End of tag and
* invalid stuff will be caught by our checks at the beginning
* of the loop.
*/
if ($char == '=') {
spew("$me: Attribute type 1, 2, or 3 found.\n");
$pos++;
$pos = skipspace($body, $pos);
/**
* Here are 3 possibilities:
* "'" attribute type 1
* '"' attribute type 2
* everything else is the content of tag type 3
*/
$quot = substr($body, $pos, 1);
if ($quot == '\'') {
spew("$me: In fact, this is attribute type 1\n");
spew("$me: looking for closing quote\n");
$regary = findnxreg($body, $pos+1, '\'');
if ($regary == false) {
spew("$me: end of body reached before end of val\n");
spew("$me: Returning\n");
return Array(false, false, false, $lt, strlen($body));
}
list($pos, $attval, $match) = $regary;
spew("$me: Attvalue is '$attval'\n");
$pos++;
$attary{$attname} = '\'' . $attval . '\'';
} else if ($quot == '"') {
spew("$me: In fact, this is attribute type 2\n");
spew("$me: looking for closing quote\n");
$regary = findnxreg($body, $pos+1, '\"');
if ($regary == false) {
spew("$me: end of body reached before end of val\n");
spew("$me: Returning\n");
return Array(false, false, false, $lt, strlen($body));
}
list($pos, $attval, $match) = $regary;
spew("$me: Attvalue is \"$attval\"\n");
$pos++;
$attary{$attname} = '"' . $attval . '"';
} else {
spew("$me: This looks like attribute type 3\n");
/**
* These are hateful. Look for \s, or >.
*/
spew("$me: Looking for end of attval\n");
$regary = findnxreg($body, $pos, '[\s>]');
if ($regary == false) {
spew("$me: end of body reached before end of val\n");
spew("$me: Returning\n");
return Array(false, false, false, $lt, strlen($body));
}
list($pos, $attval, $match) = $regary;
/**
* If it's ">" it will be caught at the top.
*/
spew("$me: translating '\"' into &quot;\n");
$attval = preg_replace('/\"/s', '&quot;', $attval);
spew("$me: wrapping in quotes\n");
$attary{$attname} = '"' . $attval . '"';
}
} else if (preg_match('|[\w/>]|', $char)) {
/**
* That was attribute type 4.
*/
spew("$me: attribute type 4 found.\n");
spew("$me: Setting value to 'yes'\n");
$attary{$attname} = '"yes"';
} else {
/**
* An illegal character. Find next '>' and return.
*/
spew("$me: illegal character '$char' found.\n");
spew("$me: returning\n");
$gt = findnxstr($body, $pos, '>');
return Array(false, false, false, $lt, $gt);
}
}
}
/**
@ -518,18 +518,18 @@ function getnxtag($body, $offset){
* @param $hex whether the entites are hexadecimal.
* @return True or False depending on whether there were matches.
*/
function deent(&$attvalue, $regex, $hex=false){
function deent(&$attvalue, $regex, $hex=false) {
$me = 'deent';
spew("$me: matching '$regex' against: $attvalue\n");
$ret_match = false;
preg_match_all($regex, $attvalue, $matches);
if (is_array($matches) && sizeof($matches[0]) > 0){
if (is_array($matches) && sizeof($matches[0]) > 0) {
spew("$me: found " . sizeof($matches[0]) . " matches\n");
$repl = Array();
for ($i = 0; $i < sizeof($matches[0]); $i++){
for ($i = 0; $i < sizeof($matches[0]); $i++) {
$numval = $matches[1][$i];
spew("$me: numval is $numval\n");
if ($hex){
if ($hex) {
$numval = hexdec($numval);
spew("$me: hex! Numval is now $numval\n");
}
@ -552,14 +552,15 @@ function deent(&$attvalue, $regex, $hex=false){
* @param $attvalue A string to run entity check against.
* @return Nothing, modifies a reference value.
*/
function defang(&$attvalue){
function defang(&$attvalue) {
$me = 'defang';
/**
* Skip this if there aren't ampersands or backslashes.
*/
spew("$me: Checking '$attvalue' for suspicious content\n");
if (strpos($attvalue, '&') === false
&& strpos($attvalue, '\\') === false){
&& strpos($attvalue, '\\') === false)
{
spew("$me: no suspicious content found, returning.\n");
return;
}
@ -585,7 +586,7 @@ function defang(&$attvalue){
*/
function unspace(&$attvalue){
$me = 'unspace';
if (strcspn($attvalue, "\t\r\n\0 ") != strlen($attvalue)){
if (strcspn($attvalue, "\t\r\n\0 ") != strlen($attvalue)) {
spew("$me: Killing whitespace.\n");
$attvalue = str_replace(Array("\t", "\r", "\n", "\0", " "),
Array('', '', ''), $attvalue);
@ -603,22 +604,17 @@ function unspace(&$attvalue){
* @param $add_attr_to_tag See description for sanitize
* @return Array with modified attributes.
*/
function fixatts($tagname,
$attary,
$rm_attnames,
$bad_attvals,
$add_attr_to_tag
){
function fixatts($tagname, $attary, $rm_attnames, $bad_attvals, $add_attr_to_tag) {
$me = 'fixatts';
spew("$me: Fixing attributes\n");
while (list($attname, $attvalue) = each($attary)){
while (list($attname, $attvalue) = each($attary)) {
/**
* See if this attribute should be removed.
*/
foreach ($rm_attnames as $matchtag=>$matchattrs){
if (preg_match($matchtag, $tagname)){
foreach ($matchattrs as $matchattr){
if (preg_match($matchattr, $attname)){
foreach ($rm_attnames as $matchtag=>$matchattrs) {
if (preg_match($matchtag, $tagname)) {
foreach ($matchattrs as $matchattr) {
if (preg_match($matchattr, $attname)) {
spew("$me: Attribute '$attname' defined as bad.\n");
spew("$me: Removing.\n");
unset($attary{$attname});
@ -639,10 +635,10 @@ function fixatts($tagname,
* get in touch with me so I can drive to where you live and
* shake your hand personally. :)
*/
foreach ($bad_attvals as $matchtag=>$matchattrs){
if (preg_match($matchtag, $tagname)){
foreach ($matchattrs as $matchattr=>$valary){
if (preg_match($matchattr, $attname)){
foreach ($bad_attvals as $matchtag=>$matchattrs) {
if (preg_match($matchtag, $tagname)) {
foreach ($matchattrs as $matchattr=>$valary) {
if (preg_match($matchattr, $attname)) {
/**
* There are two arrays in valary.
* First is matches.
@ -650,7 +646,7 @@ function fixatts($tagname,
*/
list($valmatch, $valrepl) = $valary;
$newvalue = preg_replace($valmatch,$valrepl,$attvalue);
if ($newvalue != $attvalue){
if ($newvalue != $attvalue) {
spew("$me: attvalue is now $newvalue\n");
$attary{$attname} = $newvalue;
}
@ -662,8 +658,8 @@ function fixatts($tagname,
/**
* See if we need to append any attributes to this tag.
*/
foreach ($add_attr_to_tag as $matchtag=>$addattary){
if (preg_match($matchtag, $tagname)){
foreach ($add_attr_to_tag as $matchtag=>$addattary) {
if (preg_match($matchtag, $tagname)) {
$attary = array_merge($attary, $addattary);
spew("$me: Added attributes to this tag\n");
}
@ -871,15 +867,7 @@ function fixatts($tagname,
* @param $add_attr_to_tag see description above
* @return sanitized html safe to show on your pages.
*/
function sanitize($body,
$tag_list,
$rm_tags_with_content,
$self_closing_tags,
$force_tag_closing,
$rm_attnames,
$bad_attvals,
$add_attr_to_tag
){
function sanitize($body, $tag_list, $rm_tags_with_content, $self_closing_tags, $force_tag_closing, $rm_attnames, $bad_attvals, $add_attr_to_tag) {
$me = 'sanitize';
/**
* Normalize rm_tags and rm_tags_with_content.
@ -903,22 +891,22 @@ function sanitize($body,
*/
$body = preg_replace('/&(\{.*?\};)/si', '&amp;\\1', $body);
spew("$me: invoking the loop\n");
while (($curtag = getnxtag($body, $curpos)) != FALSE){
while (($curtag = getnxtag($body, $curpos)) != FALSE) {
list($tagname, $attary, $tagtype, $lt, $gt) = $curtag;
spew("$me: grabbing free-standing content\n");
$free_content = substr($body, $curpos, $lt - $curpos);
spew("$me: " . strlen($free_content) . " chars grabbed\n");
if ($skip_content == false){
if ($skip_content == false) {
spew("$me: appending free content to trusted.\n");
$trusted .= $free_content;
} else {
spew("$me: Skipping free content.\n");
}
if ($tagname != FALSE){
if ($tagname != FALSE) {
spew("$me: tagname is '$tagname'\n");
if ($tagtype == 2){
if ($tagtype == 2) {
spew("$me: This is a closing tag\n");
if ($skip_content == $tagname){
if ($skip_content == $tagname) {
/**
* Got to the end of tag we needed to remove.
*/
@ -926,9 +914,8 @@ function sanitize($body,
$tagname = false;
$skip_content = false;
} else {
if ($skip_content == false){
if (isset($open_tags{$tagname}) &&
$open_tags{$tagname} > 0){
if ($skip_content == false) {
if (isset($open_tags{$tagname}) && $open_tags{$tagname} > 0) {
spew("$me: popping '$tagname' from open_tags\n");
$open_tags{$tagname}--;
} else {
@ -949,8 +936,7 @@ function sanitize($body,
* See if this is a self-closing type and change
* tagtype appropriately.
*/
if ($tagtype == 1
&& in_array($tagname, $self_closing_tags)){
if ($tagtype == 1 && in_array($tagname, $self_closing_tags)) {
spew("$me: Self-closing tag. Changing tagtype.\n");
$tagtype = 3;
}
@ -958,21 +944,19 @@ function sanitize($body,
* See if we should skip this tag and any content
* inside it.
*/
if ($tagtype == 1
&& in_array($tagname, $rm_tags_with_content)){
if ($tagtype == 1 && in_array($tagname, $rm_tags_with_content)) {
spew("$me: removing this tag with content\n");
$skip_content = $tagname;
} else {
if (($rm_tags == false
&& in_array($tagname, $tag_list)) ||
($rm_tags == true
&& !in_array($tagname, $tag_list))){
if (($rm_tags == false && in_array($tagname, $tag_list)) ||
($rm_tags == true && !in_array($tagname, $tag_list)))
{
spew("$me: Removing this tag.\n");
$tagname = false;
} else {
if ($tagtype == 1){
if ($tagtype == 1) {
spew("$me: adding '$tagname' to open_tags\n");
if (isset($open_tags{$tagname})){
if (isset($open_tags{$tagname})) {
$open_tags{$tagname}++;
} else {
$open_tags{$tagname} = 1;
@ -981,12 +965,8 @@ function sanitize($body,
/**
* This is where we run other checks.
*/
if (is_array($attary) && sizeof($attary) > 0){
$attary = fixatts($tagname,
$attary,
$rm_attnames,
$bad_attvals,
$add_attr_to_tag);
if (is_array($attary) && sizeof($attary) > 0) {
$attary = fixatts($tagname, $attary, $rm_attnames, $bad_attvals, $add_attr_to_tag);
}
}
}
@ -994,7 +974,7 @@ function sanitize($body,
spew("$me: Skipping this tag\n");
}
}
if ($tagname != false && $skip_content == false){
if ($tagname != false && $skip_content == false) {
spew("$me: Appending tag to trusted.\n");
$trusted .= tagprint($tagname, $attary, $tagtype);
}
@ -1005,9 +985,9 @@ function sanitize($body,
}
spew("$me: Appending any leftover content\n");
$trusted .= substr($body, $curpos, strlen($body) - $curpos);
if ($force_tag_closing == true){
foreach ($open_tags as $tagname=>$opentimes){
while ($opentimes > 0){
if ($force_tag_closing == true) {
foreach ($open_tags as $tagname=>$opentimes) {
while ($opentimes > 0) {
spew("$me: '$tagname' left open. Closing by force.\n");
$trusted .= '</' . $tagname . '>';
$opentimes--;