geos_one/go-mailzu
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

apply code-formating-cleanup-convert-DOS-to-UNIX-text-form from https://github.com/zedzedtop/mailzu

Browse Source
This commit is contained in:
Mario Fetka 2016-02-04 17:26:07 +01:00
parent 180aa514e9
commit 05196e9fb7
17 changed files with 967 additions and 1064 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
lib/AmavisdEngine.class.php
View File

@ -6,7 +6,7 @@
* @version 03-22-07
* @package AmavisdEngine
*
* Copyright (C) 2005 - 2007 MailZu
* Copyright (C) 2005 - 2007 MailZu
* License: GPL, see LICENSE
*/
/**
@ -37,11 +37,10 @@ else {
*/
class AmavisdEngine {
var $socket; // Reference to socket
var $port; // Amavisd spam release port
var $socket; // Reference to socket
var $port; // Amavisd spam release port
var $connected; // Connection status
var $last_error; // Last error message
var $last_error; // Last error message
/**
* AmavisdEngine object constructor
@ -49,7 +48,6 @@ class AmavisdEngine {
* $return object Amavisd object
*/
function AmavisdEngine($host) {
$this->socket = new Net_Socket();
$this->port = $GLOBALS['conf']['amavisd']['spam_release_port'];
$this->connected = false;
@ -79,10 +77,9 @@ class AmavisdEngine {
* @param $secret_id
* @param $recipient
* @result response
*/
*/
function release_message($mail_id, $secret_id, $recipient, $quar_type, $quar_loc) {
if (! $this->connected) {
return $this->last_error;
}
@ -120,8 +117,6 @@ class AmavisdEngine {
}
return $out;
}
}
?>

42
lib/Auth.class.php
View File

@ -94,7 +94,7 @@ class Auth {
function is_logged_in() {
return isset($_SESSION['sessionID']);
}
/**
* Returns the currently logged in user's userid
* @param none
@ -118,7 +118,7 @@ class Auth {
global $conf;
$msg = '';
$allowedToLogin = true;
if (empty($resume)) $resume = 'summary.php'; // Go to control panel by default
$_SESSION['sessionID'] = null;
@ -128,7 +128,7 @@ class Auth {
$_SESSION['sessionMailAdmin'] = null;
$_SESSION['sessionDomainAdmin'] = null;
$_SESSION['sessionNav'] = null;
$login = stripslashes($login);
$pass = stripslashes($pass);
$ok_user = $ok_pass = false;
@ -149,18 +149,16 @@ class Auth {
case "ad":
case "ldap":
// Added this check for LDAP servers that switch to anonymous bind whenever
// provided password is left blank
if ($pass == '') return (translate ('Invalid User Name/Password.'));
// Include LDAPEngine class
include_once('LDAPEngine.class.php');
$ldap = new LDAPEngine();
if( $ldap->connect() ) {
$ldap = new LDAPEngine();
if( $ldap->connect() ) {
// Get user DN
// For AD it could be of the form of 'user@domain' or standard LDAP dn
$dn = $ldap->getUserDN($login);
@ -171,20 +169,19 @@ class Auth {
$msg .= 'User is not allowed to login';
// If user is allowed to log in try a bind
} elseif ( ($dn != '') && $ldap->authBind($dn, $pass) ) {
$ldap->logonName = $login;
$ldap->logonName = $login;
$ldap->loadUserData($dn);
$data = $ldap->getUserData();
$data = $ldap->getUserData();
$ok_user = true; $ok_pass = true;
} else {
$msg .= 'Invalid User Name/Password.';
}
$ldap->disconnect();
}
break;
case "sql":
// Include DBAuth class
include_once('DBAuth.class.php');
@ -218,11 +215,10 @@ class Auth {
} else {
$msg .= 'Invalid User Name/Password.';
}
break;
case "imap":
// Include IMAPAuth class
include_once('IMAPAuth.class.php');
@ -241,7 +237,8 @@ class Auth {
break;
default:
CmnFns::do_error_box(translate('Unknown server type'), '', false);
CmnFns::do_error_box(translate('Unknown server type'), '', false);
break;
}
}
@ -250,7 +247,6 @@ class Auth {
CmnFns::write_log('Authentication failed' . ', ' . $msg, $login);
return translate($msg);
} else {
$this->is_loggedin = true;
CmnFns::write_log('Authentication successful', $login);
@ -271,14 +267,14 @@ class Auth {
$_SESSION['sessionName'] = $data['firstName'];
$_SESSION['sessionMail'] = $data['emailAddress'];
// If it is the super admin, set session variable
foreach ($conf['auth']['s_admins'] as $s_admin) {
if (strtolower($s_admin) == strtolower($_SESSION['sessionID'])) {
$_SESSION['sessionAdmin'] = true;
}
}
// If it is the mail admin, set session variable
foreach ($conf['auth']['m_admins'] as $m_admin) {
if (strtolower($m_admin) == strtolower($_SESSION['sessionID'])) {
@ -296,14 +292,13 @@ class Auth {
if ($lang != '') {
set_language($lang);
}
// Send them to the control panel
CmnFns::redirect(urldecode($resume));
}
}
function isAllowedToLogin( $username ) {
global $conf;
// If not defined or set to false, $username is allowed to log in
@ -317,7 +312,6 @@ class Auth {
}
}
/**
* Log the user out of the system
* @param none
@ -343,7 +337,7 @@ class Auth {
// Log in logfile
CmnFns::write_log('Logout successful', $login);
// Refresh page
CmnFns::redirect($_SERVER['PHP_SELF']);
}
@ -395,7 +389,7 @@ class Auth {
function print_login_msg($kill = true) {
CmnFns::redirect(CmnFns::getScriptURL() . '/index.php?auth=no&resume=' . urlencode($_SERVER['PHP_SELF']) . '?' . urlencode($_SERVER['QUERY_STRING']));
}
/**
* Prints out the latest success box
* @param none

181
lib/CmnFns.class.php
View File

@ -13,7 +13,7 @@
* formatTime(), formatDate(), formatDateTime(), minutes_to_hours(), getScriptURL(),
* do_error_box(), do_message_box(), getNewLink(), getNewPager(), cleanPostVals(),
* get_vert_order(), get_value_order(), write_log(), get_day_name(), redirect(),
* print_language_pulldown(), html_activate_links()
* print_language_pulldown(), html_activate_links()
*
* Copyright (C) 2005 - 2007 MailZu
* License: GPL, see LICENSE
@ -47,7 +47,6 @@ include_once('Pager.class.php');
* Provides functions common to most pages
*/
class CmnFns {
/**
* Convert minutes to hours
* @param double $time time to convert in minutes
@ -55,39 +54,38 @@ class CmnFns {
*/
function formatTime($time) {
global $conf;
// Set up time array with $timeArray[0]=hour, $timeArray[1]=minute
// If time does not contain decimal point
// then set time array manually
// else explode on the decimal point
$hour = intval($time / 60);
$min = $time % 60;
if ($conf['app']['timeFormat'] == 24) {
$a = ''; // AM/PM does not exist
if ($conf['app']['timeFormat'] == 24) {
$a = ''; // AM/PM does not exist
if ($hour < 10) $hour = '0' . $hour;
}
else {
$a = ($hour < 12 || $hour == 24) ? translate('am') : translate('pm'); // Set am/pm
if ($hour > 12) $hour = $hour - 12; // Take out of 24hr clock
if ($hour == 0) $hour = 12; // Don't show 0hr, show 12 am
else {
$a = ($hour < 12 || $hour == 24) ? translate('am') : translate('pm'); // Set am/pm
if ($hour > 12) $hour = $hour - 12; // Take out of 24hr clock
if ($hour == 0) $hour = 12; // Don't show 0hr, show 12 am
}
// Set proper minutes (the same for 12/24 format)
if ($min < 10) $min = 0 . $min;
// Put into a string and return
return $hour . ':' . $min . $a;
}
/**
* Convert ISO8601 date to date format
* @param string $date string (yyyy-mm-dd)
* @return int timestamp
*/
function formatDateISO($date) {
$time = strtotime($date);
return $time;
}
/**
* Convert timestamp to date format
* @param string $date timestamp
@ -96,12 +94,11 @@ class CmnFns {
*/
function formatDate($date, $format = '') {
global $dates;
if (empty($format)) $format = $dates['general_date'];
return strftime($format, $date);
}
/**
* Convert UNIX timestamp to datetime format
* @param string $ts MySQL timestamp
@ -111,13 +108,12 @@ class CmnFns {
function formatDateTime($ts, $format = '') {
global $conf;
global $dates;
if (empty($format))
$format = $dates['general_datetime'] . ' ' . (($conf['app']['timeFormat'] ==24) ? '%H' : '%I') . ':%M:%S' . (($conf['app']['timeFormat'] == 24) ? '' : ' %p');
return strftime($format, $ts);
}
/**
* Convert minutes to hours/minutes
* @param int $minutes minutes to convert
@ -126,12 +122,12 @@ class CmnFns {
function minutes_to_hours($minutes) {
if ($minutes == 0)
return '0 ' . translate('hours');
$hours = (intval($minutes / 60) != 0) ? intval($minutes / 60) . ' ' . translate('hours') : '';
$min = (intval($minutes % 60) != 0) ? intval($minutes % 60) . ' ' . translate('minutes') : '';
return ($hours . ' ' . $min);
}
/**
* Return the current script URL directory
* @param none
@ -142,8 +138,7 @@ class CmnFns {
$uri = $conf['app']['weburi'];
return (strrpos($uri, '/') === false) ? $uri : substr($uri, 0, strlen($uri));
}
/**
* Prints an error message box and kills the app
* @param string $msg error message to print
@ -152,20 +147,20 @@ class CmnFns {
*/
function do_error_box($msg, $style='', $die = true) {
global $conf;
echo '<table border="0" cellspacing="0" cellpadding="0" align="center" class="alert" style="' . $style . '"><tr><td>' . $msg . '</td></tr></table>';
if ($die) {
echo '</td></tr></table>'; // endMain() in Template
echo '<p align="center"><a href="http://www.mailzu.net">' . $conf['app']['title'] .' v' . $conf['app']['version'] . '</a></p></body></html>'; // printHTMLFooter() in Template
//$t = new Template();
//$t->endMain();
//$t->printHTMLFooter();
die();
}
}
/**
* Prints out a box with notification message
* @param string $msg message to print out
@ -174,7 +169,7 @@ class CmnFns {
function do_message_box($msg, $style='') {
echo '<table border="0" cellspacing="0" cellpadding="0" align="center" class="message" style="' . $style . '"><tr><td>' . $msg . '</td></tr></table>';
}
/**
* Returns a reference to a new Link object
* Used to make HTML links
@ -184,7 +179,7 @@ class CmnFns {
function getNewLink() {
return new Link();
}
/**
* Returns a reference to a new Pager object
* Used to iterate over limited recordesets
@ -194,35 +189,35 @@ class CmnFns {
function getNewPager() {
return new Pager();
}
/**
* Strip out slahses from POST values
* @param none
* @return array of cleaned up POST values
*/
function cleanPostVals() {
$return = array();
$rval = array();
foreach ($_POST as $key => $val)
$return[$key] = stripslashes(trim($val));
return $return;
$rval[$key] = stripslashes(trim($val));
return $rval;
}
/**
* Strip out slahses from an array of data
* @param none
* @return array of cleaned up data
*/
function cleanVals($data) {
$return = array();
$rval = array();
foreach ($data as $key => $val)
$return[$key] = stripslashes($val);
return $return;
$rval[$key] = stripslashes($val);
return $rval;
}
/**
* Verifies vertical order and returns value
* @param string $vert value of vertical order
@ -231,20 +226,20 @@ class CmnFns {
function get_vert_order($get_name = 'vert') {
// If no vertical value is specified, use DESC
$vert = isset($_GET[$get_name]) ? $_GET[$get_name] : 'DESC';
// Validate vert value, default to DESC if invalid
switch($vert) {
case 'DESC';
case 'ASC';
break;
break;
default :
$vert = 'DESC';
break;
break;
}
return $vert;
}
/**
* Verifies and returns the order to list recordset results by
* If none of the values are valid, it will return the 1st element in the array
@ -254,20 +249,19 @@ class CmnFns {
function get_value_order($orders = array(), $get_name = 'order') {
if (empty($orders)) // Return null if the order array is empty
return NULL;
// Set default order value
// If a value is specifed in GET, use that. Else use the first element in the array
$order = isset($_GET[$get_name]) ? $_GET[$get_name] : $orders[0];
if (in_array($order, $orders))
$order = $order;
else
$order = $orders[0];
return $order;
}
/**
* Opposite of php's nl2br function.
* Subs in a newline for all brs
@ -277,7 +271,7 @@ class CmnFns {
function br2nl($subject) {
return str_replace('<br />', "\n", $subject);
}
/**
* Writes a log string to the log file specified in config.php
* @param string $string log entry to write to file
@ -290,30 +284,30 @@ class CmnFns {
$file = $conf['app']['logfile'];
$values = '';
if (!$conf['app']['use_log']) // Return if we aren't going to log
if (!$conf['app']['use_log']) // Return if we aren't going to log
return;
if (empty($ip))
$ip = $_SERVER['REMOTE_ADDR'];
clearstatcache(); // Clear cached results
clearstatcache(); // Clear cached results
if (!is_dir(dirname($file)))
mkdir(dirname($file), 0777); // Create the directory
mkdir(dirname($file), 0777); // Create the directory
if (!touch($file))
return; // Return if we cant touch the file
return; // Return if we cant touch the file
if (!$fp = fopen($file, 'a'))
return; // Return if the fopen fails
flock($fp, LOCK_EX); // Lock file for writing
return; // Return if the fopen fails
flock($fp, LOCK_EX); // Lock file for writing
if (!fwrite($fp, '[' . date('D, d M Y H:i:s') . ']' . $delim . $ip . $delim . $userid . $delim . $string . "\r\n")) // Write log entry
return; // Return if we cant write to the file
flock($fp, LOCK_UN); // Unlock file
flock($fp, LOCK_UN); // Unlock file
fclose($fp);
}
/**
* Returns the day name
* @param int $day_of_week day of the week
@ -334,7 +328,7 @@ class CmnFns {
array ('Sun', 'Mon', 'Tue', 'Wed', 'Thu', 'Fri', 'Sat')
*/
);
return $names[$type][$day_of_week];
}
@ -342,12 +336,12 @@ class CmnFns {
* Redirects a user to a new location
* @param string $location new http location
* @param int $time time in seconds to wait before redirect
*/
*/
function redirect($location, $time = 0, $die = true) {
header("Refresh: $time; URL=$location");
if ($die) exit;
}
/**
* Prints out the HTML to choose a language
* @param none
@ -367,7 +361,7 @@ class CmnFns {
</select>
<?php
}
/**
* Searches the input string and creates links out of any properly formatted 'URL-like' text
* Written by Fredrik Kristiansen (russlndr at online.no)
@ -382,7 +376,6 @@ class CmnFns {
return $str;
}
/**
* Verifies current page number and returns value
* @param integer $page value of current page number
@ -393,7 +386,7 @@ class CmnFns {
$page = ( isset($_GET[$get_name]) && is_numeric($_GET[$get_name]) ) ? $_GET[$get_name] : 0;
return $page;
}
/**
* Gets the requested mail_id
* @param none
@ -404,7 +397,7 @@ class CmnFns {
$mail_id = (isset($_GET[$get_name])) ? $_GET[$get_name] : NULL;
return $mail_id;
}
/**
* Verifies and returns the order to list recordset results by
/**
@ -504,7 +497,7 @@ class CmnFns {
function searchEngine($content_type, $submit_page, $full_search = false) {
global $conf;
$fields_array = array("f" => translate('From'),
$fields_array = array("f" => translate('From'),
"s" => translate('Subject')
);
if ((Auth::isMailAdmin() || Auth::isDomainAdmin()) || $conf['app']['allowMailid']) {
@ -512,10 +505,9 @@ class CmnFns {
}
if ($full_search) $fields_array = array_merge(array("t" => translate('To')), $fields_array);
?>
?>
<table border=0 width="100%">
<form action="<?php echo $submit_page ?>" method="get" name="quarantine">
<tr><td colspan=2 align="center"><?php echo translate('Search for messages whose:'); ?>&nbsp;</td></tr>
<tr><td align="right">&nbsp;
<?php
@ -564,7 +556,7 @@ class CmnFns {
echo ($i % 2) ? "&nbsp;</td></tr>\n\t\t\t<tr><td colspan='2' align='center'>&nbsp\n" : "&nbsp;</td><td align='left'>&nbsp";
?>
<input type="submit" class="button" name="search_action" value="<?php echo translate('Search'); ?>" />
<?php if (CmnFns::didSearch())
<?php if (CmnFns::didSearch())
echo "<input type=\"submit\" class=\"button\" name=\"search_action\" value=\"" . translate('Clear search results') . "\" />";
?>
&nbsp;</td></tr>
@ -595,7 +587,7 @@ class CmnFns {
*/
function querystring_exclude_vars( $excl_array = array() ) {
return CmnFns::array_to_query_string( $_GET, $excl_array );
}
}
/**
* Gets the 'ctype' value
@ -645,7 +637,6 @@ class CmnFns {
return $result;
}
/*
* Search for the var $name in $_SESSION, $_POST, $_GET,
* $_SERVER and set it in provided var.
@ -668,36 +659,30 @@ class CmnFns {
* @return value of var
*/
function getGlobalVar($name, $search = INORDER) {
switch ($search) {
/* we want the default case to be first here,
so that if a valid value isn't specified,
all four arrays will be searched. */
default:
case INORDER: // check session, post, get
case SESSION:
if( isset($_SESSION[$name]) )
return $_SESSION[$name];
elseif ( $search == SESSION )
elseif ( $search == SESSION )
break;
// fall through
case FORM: // check post, get
case POST:
if( isset($_POST[$name]) )
if( isset($_POST[$name]) )
return $_POST[$name];
elseif ( $search == POST )
elseif ( $search == POST )
break;
// fall through
case GET:
if( isset($_GET[$name]) )
return $_GET[$name];
/* For INORDER case, exit after GET */
break;
case SERVER:
if( isset($_SERVER[$name]) )
return $_SERVER[$name];
@ -711,9 +696,9 @@ class CmnFns {
* @param $location string
*/
function redirect_js($location) {
echo "<SCRIPT LANGUAGE=\"JavaScript\">";
echo "parent.location.href = '" . $location . "';";
echo "</SCRIPT>";
echo "<SCRIPT LANGUAGE=\"JavaScript\">";
echo "parent.location.href = '" . $location . "';";
echo "</SCRIPT>";
}
@ -729,11 +714,11 @@ class CmnFns {
?>
<table border=0 width="100%">
<form action="<? echo $submit_page ?>" method="get" name="wblist">
<form action="<?php echo $submit_page ?>" method="get" name="wblist">
<tr><td colspan=2 align="center"><? echo translate('Search for rules whose:'); ?>&nbsp;</td></tr>
<tr><td colspan=2 align="center"><?php echo translate('Search for rules whose:'); ?>&nbsp;</td></tr>
<tr><td align="right">&nbsp;
<?
<?php
$i = 1;
$array_size = count($fields_array);
foreach ($fields_array as $k => $name) {
@ -761,14 +746,14 @@ class CmnFns {
$i ++;
echo ($i % 2) ? "&nbsp;</td></tr>\n\t\t\t<tr><td colspan='2' align='center'>&nbsp\n" : "&nbsp;</td><td align='left'>&nbsp";
?>
<input type="submit" class="button" name="search_action" value="<? echo translate('Search'); ?>" />
<? if (CmnFns::didSearch())
<input type="submit" class="button" name="search_action" value="<?php echo translate('Search'); ?>" />
<?php if (CmnFns::didSearch())
echo "<input type=\"submit\" class=\"button\" name=\"search_action\" value=\"" . translate('Clear search results') . "\" />";
?>
&nbsp;</td></tr>
</form>
</table>
<?
<?php
}

35
lib/DBAuth.class.php
View File

@ -35,7 +35,6 @@ else {
* Provide all database access/manipulation functionality for SQL Auth
*/
class DBAuth {
// Reference to the database object
var $db;
@ -76,7 +75,7 @@ class DBAuth {
var $emailAddress;
var $err_msg = '';
/**
* DBEngine constructor to initialize object
* @param none
@ -96,24 +95,23 @@ class DBAuth {
$this->dbTablePassword = $conf['auth']['dbTablePassword'];
$this->dbTableName = $conf['auth']['dbTableName'];
$this->dbTableMail = $conf['auth']['dbTableMail'];
$this->db_connect();
}
// Connection handling methods -------------------------------------------
/**
* Create a persistent connection to the database
* @param none
*/
function db_connect() {
/***********************************************************
/ This uses PEAR::DB
/ See http://www.pear.php.net/manual/en/package.database.php#package.database.db
/ for more information and syntax on PEAR::DB
/**********************************************************/
// Data Source Name: This is the universal connection string
// See http://www.pear.php.net/manual/en/package.database.php#package.database.db
// for more information on DSN
@ -123,20 +121,20 @@ class DBAuth {
// Make persistant connection to database
$db = DB::connect($dsn, true);
// If there is an error, print to browser, print to logfile and kill app
if (DB::isError($db)) {
die ('Error connecting to database: ' . $db->getMessage() );
}
// Set fetch mode to return associatve array
$db->setFetchMode(DB_FETCHMODE_ASSOC);
$this->db = $db;
}
// User methods -------------------------------------------
// User methods -------------------------------------------
/**
* Authenticates user
@ -145,7 +143,6 @@ class DBAuth {
* @return boolean
*/
function authUser($username, $password) {
if ( $this->isMd5 )
$password = md5( $password );
@ -171,7 +168,6 @@ class DBAuth {
$this->err_msg = translate('There are no records in the table.');
return false;
} else {
// Fetch the first row of data
$rs = $this->cleanRow($result->fetchRow());
@ -185,7 +181,7 @@ class DBAuth {
return true;
}
}
/**
* Checks to see if there was a database error and die if there was
* @param object $result result object of query
@ -197,8 +193,7 @@ class DBAuth {
. '<br />' . '<a href="javascript: history.back();">' . translate('Back') . '</a>');
return false;
}
/**
* Strips out slashes for all data in the return row
* - THIS MUST ONLY BE ONE ROW OF DATA -
@ -206,11 +201,11 @@ class DBAuth {
* @return array with same key => value pairs (except slashes)
*/
function cleanRow($data) {
$return = array();
$rval = array();
foreach ($data as $key => $val)
$return[$key] = stripslashes($val);
return $return;
$rval[$key] = stripslashes($val);
return $rval;
}
/**
@ -229,12 +224,12 @@ class DBAuth {
* @return array containing user information
*/
function getUserData() {
$return = array(
$rval = array(
'logonName' => $this->logonName,
'firstName' => $this->firstName,
'emailAddress' => $this->emailAddress
);
return $return;
return $rval;
}
//mysql_crypt - shamelessly stolen from php.net docs

117
lib/DBEngine.class.php
View File

@ -43,7 +43,6 @@ else {
* Provide all database access/manipulation functionality
*/
class DBEngine {
// Reference to the database object
var $db;
@ -59,10 +58,10 @@ class DBEngine {
var $dbUser;
// Password for database user
var $dbPass;
var $err_msg = '';
var $numRows;
/**
* DBEngine constructor to initialize object
* @param none
@ -78,20 +77,19 @@ class DBEngine {
$this->db_connect();
}
/**
* Create a persistent connection to the database
* @param none
* @global $conf
*/
function db_connect() {
/***********************************************************
/ This uses PEAR::DB
/ See http://www.pear.php.net/manual/en/package.database.php#package.database.db
/ for more information and syntax on PEAR::DB
/**********************************************************/
// Data Source Name: This is the universal connection string
// See http://www.pear.php.net/manual/en/package.database.php#package.database.db
// for more information on DSN
@ -121,7 +119,7 @@ class DBEngine {
global $conf;
$return = array();
$rval = array();
$total = array( 'spam' => 0, 'banned' => 0, 'virus' => 0, 'header' => 0, 'pending' => 0, 'total' => 0);
$query = "SELECT date,
@ -147,7 +145,7 @@ class DBEngine {
COUNT(msgs.content) AS banned,
0 AS viruses,
0 AS badheaders,
0 AS pending
0 AS pending
FROM msgs INNER JOIN msgrcpt ON msgs.mail_id=msgrcpt.mail_id
WHERE msgs.content='B' AND NOT (msgs.quar_type = '')
AND msgrcpt.rs IN ('','v')
@ -199,7 +197,7 @@ class DBEngine {
$timestamp = CmnFns::formatDateISO($rs['date']);
$date = CmnFns::formatDate($timestamp);
$totalthisdate = $rs['spam'] + $rs['banned'] + $rs['viruses'] + $rs['badheaders'] + $rs['pending'];
$return[$date] = array('spam' => $rs['spam'],
$rval[$date] = array('spam' => $rs['spam'],
'banned' => $rs['banned'],
'virus' => $rs['viruses'],
'header' => $rs['badheaders'],
@ -208,16 +206,16 @@ class DBEngine {
}
// Total the data
foreach ($return as $date => $typearray) {
foreach ($rval as $date => $typearray) {
foreach ($typearray as $type => $count) {
$total[$type] += $count;
}
}
$return['Total'] = $total;
$rval['Total'] = $total;
$result->free();
return $return;
return $rval;
}
// User methods -------------------------------------------
@ -231,7 +229,7 @@ class DBEngine {
global $conf;
$return = array();
$rval = array();
$total = array('spam' => 0, 'banned' => 0, 'virus' => 0, 'header' => 0, 'pending' => 0, 'total' => 0);
// Get where clause for recipient email address(es)
@ -268,7 +266,7 @@ class DBEngine {
COUNT(msgs.content) AS banned,
0 AS viruses,
0 AS badheaders,
0 AS pending
0 AS pending
FROM msgs INNER JOIN msgrcpt ON msgs.mail_id=msgrcpt.mail_id
$join_type maddr AS recip ON msgrcpt.rid=recip.id
WHERE msgs.content='B' AND NOT (msgs.quar_type = '') AND msgrcpt.rs IN ('','v')
@ -325,7 +323,7 @@ class DBEngine {
$timestamp = CmnFns::formatDateISO($rs['date']);
$date = CmnFns::formatDate($timestamp);
$totalthisdate = $rs['spam'] + $rs['banned'] + $rs['viruses'] + $rs['badheaders'] + $rs['pending'];
$return[$date] = array('spam' => $rs['spam'],
$rval[$date] = array('spam' => $rs['spam'],
'banned' => $rs['banned'],
'virus' => $rs['viruses'],
'header' => $rs['badheaders'],
@ -334,16 +332,16 @@ class DBEngine {
}
// Total the data
foreach ($return as $date => $typearray) {
foreach ($rval as $date => $typearray) {
foreach ($typearray as $type => $count) {
$total[$type] += $count;
}
}
$return['Total'] = $total;
$rval['Total'] = $total;
$result->free();
return $return;
return $rval;
}
@ -375,7 +373,7 @@ class DBEngine {
$sizeLimit = isset ( $conf['app']['displaySizeLimit'] ) && is_numeric( $conf['app']['displaySizeLimit'] ) ?
$conf['app']['displaySizeLimit'] : 50;
$return = array();
$rval = array();
if (is_array($search_array)) {
$search_clause = "";
@ -418,20 +416,27 @@ class DBEngine {
}
}
$query = "SELECT msgs.time_num, msgs.from_addr,
msgs.mail_id, msgs.subject, msgs.spam_level, msgs.content,
msgrcpt.rs, msgs.quar_type, recip.email
$query = "SELECT
msgs.time_num,
msgs.from_addr,
msgs.mail_id,
msgs.subject,
msgs.spam_level,
msgs.content,
msgrcpt.rs,
msgs.quar_type,
recip.email
FROM msgs
INNER JOIN msgrcpt ON msgs.mail_id=msgrcpt.mail_id
$join_type maddr AS sender ON msgs.sid=sender.id
$join_type maddr AS recip ON msgrcpt.rid=recip.id
INNER JOIN msgrcpt ON msgs.mail_id = msgrcpt.mail_id
$join_type maddr AS sender ON msgs.sid = sender.id
$join_type maddr AS recip ON msgrcpt.rid = recip.id
WHERE $type_clause"
// Only check against the email address when not admin
. ($msgs_all ? ' ' : $emailaddr_clause)
. " $rs_clause
$search_clause
AND msgs.quar_type <> ''
ORDER BY $order $vert ";
$search_clause
AND msgs.quar_type <> ''
ORDER BY $order $vert ";
// Prepare query
$q = $this->db->prepare($query);
@ -456,7 +461,7 @@ class DBEngine {
if ( $get_all ) {
while ($rs = $result->fetchRow()) {
$return[] = $this->cleanRow($rs);
$rval[] = $this->cleanRow($rs);
}
} else {
// the row to start fetching
@ -469,13 +474,13 @@ class DBEngine {
if (!$row = $result->fetchrow(DB_FETCHMODE_ASSOC, $rownum)) {
break;
}
$return[] = $this->cleanRow($row);
$rval[] = $this->cleanRow($row);
}
}
$result->free();
return $return;
return $rval;
}
/**
@ -486,7 +491,6 @@ class DBEngine {
* @return array of message(s)
*/
function get_message($emailaddress, $mail_id) {
global $conf;
# MySQL seems to run faster with a LEFT JOIN
@ -498,7 +502,7 @@ class DBEngine {
$recipEmailClause = $this->convertEmailaddresses2SQL($emailaddress);
$return = array();
$rval = array();
$query = 'SELECT msgs.time_num, msgs.secret_id, msgs.subject, msgs.from_addr, msgs.spam_level,'
. ' msgrcpt.rs, recip.email, msgs.host, msgs.content, msgs.quar_type, msgs.quar_loc'
@ -522,12 +526,12 @@ class DBEngine {
return NULL;
}
while ($rs = $result->fetchRow()) {
$return[] = $this->cleanRow($rs);
$rval[] = $this->cleanRow($rs);
}
$result->free();
return $return;
return $rval;
}
/**
@ -539,7 +543,6 @@ class DBEngine {
* @return array of message(s)
*/
function update_msgrcpt_rs($mail_id, $mail_rcpt, $flag) {
// If its a pending message, do not set the rs flag to 'v'
$cur_msg_array = $this->get_message($mail_rcpt, $mail_id);
$msg_status = $cur_msg_array[0];
@ -561,7 +564,6 @@ class DBEngine {
return true;
}
/**
* Function that returns number of entries for logged in user
* where RS flag is equal to $flag
@ -570,12 +572,11 @@ class DBEngine {
* @return number of message(s)
*/
function get_count_rs($emailaddresses, $flag) {
// Get where clause for recipient email address(es)
$emailaddr_clause = $this->convertEmailaddresses2SQL($emailaddresses);
if ( $emailaddr_clause != '' )
$emailaddr_clause = ' AND ' . $emailaddr_clause;
$query = 'SELECT mail_id FROM msgrcpt, maddr as recip'
. ' WHERE msgrcpt.rid=recip.id'
. $emailaddr_clause
@ -588,12 +589,12 @@ class DBEngine {
// Execute query
$result = $this->db->execute($q, $values);
// Check if error
$this->check_for_error($result, $query);
$this->check_for_error($result, $query);
$count = $result->numRows();
$result->free();
return $count;
}
@ -617,7 +618,6 @@ class DBEngine {
}
}
if (Auth::isMailAdmin()) {
$values = array($mail_id);
$query = 'SELECT' . $mail_text_column . ' FROM quarantine ' .
@ -640,14 +640,14 @@ class DBEngine {
if ($result->numRows() <= 0){
return false;
}
$return = "";
$rval = "";
while ($rs = $result->fetchRow()) {
$return .= $rs['mail_text'];
$rval .= $rs['mail_text'];
}
$result->free();
return $return;
return $rval;
}
/**
@ -673,7 +673,7 @@ class DBEngine {
}
return false;
}
/**
* Strips out slashes for all data in the return row
* - THIS MUST ONLY BE ONE ROW OF DATA -
@ -681,11 +681,11 @@ class DBEngine {
* @return array with same key => value pairs (except slashes)
*/
function cleanRow($data) {
$return = array();
$rval = array();
foreach ($data as $key => $val)
$return[$key] = stripslashes($val);
return $return;
$rval[$key] = stripslashes($val);
return $rval;
}
/**
@ -705,11 +705,9 @@ class DBEngine {
* @return array containing SQL code
*/
function convertSearch2SQL($field, $criterion, $string) {
$result = array();
if ( $string != '' ) {
if ( $string != '' ) {
switch ($criterion) {
case "contains":
$search_clause = "(" . $field . " LIKE '%" . $string . "%')" ;
@ -728,7 +726,6 @@ class DBEngine {
}
array_push($result, $search_clause);
}
return $result;
}
@ -796,8 +793,8 @@ class DBEngine {
$this->check_for_error($result, $query);
if ($result->numRows() == 1) {
$return = $result->fetchRow();
return $return['id'];
$rval = $result->fetchRow();
return $rval['id'];
} else if ($result->numRows() == 0
&& strpos($recip_email,"@")) {
@ -927,7 +924,7 @@ class DBEngine {
function get_user_control_list( $emailaddresses, $order = 'sender', $vert = 'ASC', $search_array, $page, $all = false) {
global $conf;
$return = Array();
$rval = Array();
// grab the display size limit set in config.php
$sizeLimit = (isset ( $conf['app']['displaySizeLimit'] ) && is_numeric( $conf['app']['displaySizeLimit'] ) ?
@ -980,13 +977,13 @@ class DBEngine {
if (!$row = $result->fetchrow(DB_FETCHMODE_ASSOC, $rownum)) {
break;
}
$return[] = $this->cleanRow($row);
$rval[] = $this->cleanRow($row);
}
$result->free();
return $return;
return $rval;
}
}

11
lib/ExchAuth.class.php
View File

@ -21,11 +21,10 @@ include_once('lib/CmnFns.class.php');
* Provide all database access/manipulation functionality for Exchange Auth
*/
class ExchAuth {
// The exchange hostname with port (hostname[:port])
var $exchHost;
// The exchange LDAP URI (ldap://hostname[:port])
var $exchLDAP;
var $exchLDAP;
// The user's logon name
var $logonName;
// The user's first name
@ -34,7 +33,7 @@ class ExchAuth {
var $emailAddress;
var $err_msg = '';
/**
* Constructor to initialize object
* @param none
@ -46,7 +45,7 @@ class ExchAuth {
$this->exchLDAP = $conf['auth']['exch_ldap'];
}
// User methods -------------------------------------------
// User methods -------------------------------------------
/**
* Authenticates user
@ -56,7 +55,6 @@ class ExchAuth {
* @return boolean
*/
function authUser($username, $password, $domain) {
$fulluser = $domain.'/'.$username;
$mbox = imap_open('{'.$this->exchHost.'/imap}Inbox', $fulluser, $password);
if ($mbox === false) {
@ -97,7 +95,7 @@ class ExchAuth {
ldap_close($ldapconn);
return true;
}
/**
* Returns the last error message
* @param none
@ -121,6 +119,5 @@ class ExchAuth {
);
return $return;
}
}
?>

28
lib/IMAPAuth.class.php
View File

@ -21,7 +21,6 @@ include_once('lib/CmnFns.class.php');
* Provide all database access/manipulation functionality for IMAP Auth
*/
class IMAPAuth {
// The IMAP hosts with port (hostname[:port])
var $imapHosts;
// IMAP authentication type
@ -31,7 +30,7 @@ class IMAPAuth {
var $imapUsername;
var $err_msg = '';
/**
* Constructor to initialize object
* @param none
@ -44,7 +43,7 @@ class IMAPAuth {
$this->imapDomainName = $conf['auth']['imap_domain_name'];
}
// User methods -------------------------------------------
// User methods -------------------------------------------
/**
* Authenticates user
@ -60,26 +59,25 @@ class IMAPAuth {
$this->imapUsername = $username;
foreach ($this->imapHosts as $host) { // Try each host in turn
$host = trim($host);
switch ($this->imapType) {
case "imapssl":
$host = '{'.$host."/imap/ssl}INBOX";
break;
case "imapcert":
$host = '{'.$host."/imap/ssl/novalidate-cert}INBOX";
break;
case "imaptls":
$host = '{'.$host."/imap/notls}INBOX";
break;
default:
$host = '{'.$host.'}INBOX';
}
//error_reporting(0);
$connection = imap_open($host, $username, $password, OP_HALFOPEN);
@ -88,11 +86,11 @@ class IMAPAuth {
return true;
}
}
$this->err_msg = translate('IMAP Authentication: no match');
return false; // No match
}
/**
* Returns the last error message
* @param none
@ -109,16 +107,12 @@ class IMAPAuth {
* @return array containing user information
*/
function getUserData() {
$return = array(
$rval = array(
'logonName' => $this->imapUsername,
'firstName' => $this->imapUsername,
'emailAddress' => array( $this->imapUsername.
( empty($this->imapDomainName) ? '' :
'@'. $this->imapDomainName )
)
'emailAddress' => array($this->imapUsername.(empty($this->imapDomainName) ? '' : '@'. $this->imapDomainName))
);
return $return;
return $rval;
}
}
?>

30
lib/LDAPEngine.class.php
View File

@ -17,9 +17,7 @@
*/
include_once('lib/CmnFns.class.php');
class LDAPEngine {
// The directory server, tested with OpenLDAP and Active Directory
var $serverType;
@ -81,15 +79,14 @@ class LDAPEngine {
// Result of any connection
var $bind;
var $connected;
// The user's logon name
// The user's logon name
var $logonName;
// The user's first name
// The user's first name
var $firstName;
// The user's mail address ($mailAttr value)
var $emailAddress;
/**
* LDAPEngine constructor to initialize object
*/
@ -130,7 +127,7 @@ class LDAPEngine {
}
// Connection handling methods -------------------------------------------
/**
* Makes a connection to the LDAP server.
* Just creates a connection which is used in all later access.
@ -140,7 +137,6 @@ class LDAPEngine {
* @param none
*/
function connect() {
foreach ($this->hosts as $host) {
$ldap_url = ( $this->ssl ? "ldaps://".$host : $host );
$this->connection = ldap_connect($ldap_url);
@ -218,7 +214,6 @@ class LDAPEngine {
}
}
// User methods -------------------------------------------
/**
@ -282,7 +277,6 @@ class LDAPEngine {
* @return array
*/
function searchUserDN($searchFilter) {
switch ($this->serverType) {
case "ldap":
if ( $this->searchUser != '' ) {
@ -318,14 +312,12 @@ class LDAPEngine {
return $dn;
}
/**
* Queries LDAP for user information
* @param string $dn
* @return boolean indicating success or failure
*/
function loadUserData($dn) {
$this->emailAddress = array();
// We are instered in getting just the user's first name and his/her mail attribute(s)
@ -347,11 +339,11 @@ class LDAPEngine {
$result = ldap_search( $this->connection, $dn, "objectclass=*", $attributes );
}
break;
}
}
$entries = ldap_get_entries( $this->connection, $result );
if( $result and ( $entries["count"] > 0 ) ) {
if( $result and ( $entries["count"] > 0 ) ) {
// The search should give a single entry
// If several results are found get the first entry
$this->firstName = $entries[0][strtolower($this->name)][0];
@ -366,15 +358,15 @@ class LDAPEngine {
}
}
}
} else {
} else {
// If no results returned
$this->ldapErrorCode = -1;
$this->ldapErrorText = "No entry found matching search criteria";
CmnFns::write_log($this->ldapErrorCode . ': ' . $this->ldapErrorText, '');
return false;
}
return true;
return true;
}
@ -385,12 +377,12 @@ class LDAPEngine {
* @return array containing user information
*/
function getUserData() {
$return = array(
$rval = array(
'logonName' => $this->logonName,
'firstName' => $this->firstName,
'emailAddress' => $this->emailAddress
);
return $return;
return $rval;
}

46
lib/Link.class.php
View File

@ -36,7 +36,7 @@ class Link {
$this->style = $style;
$this->text_on_over = addslashes($text_on_over);
}
//---------------------------------------------
// Setter functions
//---------------------------------------------
@ -47,7 +47,7 @@ class Link {
function setUrl($url) {
$this->url = $url;
}
/**
* Set the text of the link
* @param string $text text of link
@ -55,7 +55,7 @@ class Link {
function setText($text) {
$this->text = $text;
}
/**
* Set the class of the link
* @param string $class link class
@ -63,7 +63,7 @@ class Link {
function setClass($class) {
$this->_class = $class;
}
/**
* Set the inline style of the link
* @param string $style inline style of link (overrides class)
@ -71,7 +71,7 @@ class Link {
function setStyle($style) {
$this->style = $style;
}
/**
* Set the text onmouseover
* @param string $text_on_over text to display in status bar onmouseover
@ -79,7 +79,7 @@ class Link {
function setTextOnOver($text_on_over) {
$this->text_on_over = addslashes($text_on_over);
}
/**
* Set the image source "src" property
* @param string $img_src image source property
@ -87,7 +87,7 @@ class Link {
function setImgSrc($img_src) {
$this->img_src = $img_src;
}
/**
* Set the image alt property
* @param string $img_alt image alt property
@ -97,8 +97,7 @@ class Link {
}
//=============================================
//---------------------------------------------
// Getter functions
//---------------------------------------------
@ -109,7 +108,7 @@ class Link {
function getUrl() {
return $this->url;
}
/**
* Return the text of the link
* @return string $text text of link
@ -117,7 +116,7 @@ class Link {
function getText() {
return $this->text;
}
/**
* Return the class of the link
* @return string $class link class
@ -125,7 +124,7 @@ class Link {
function getClass() {
return $this->_class;
}
/**
* Return the inline style of the link
* @return string $style inline style of link (overrides class)
@ -133,7 +132,7 @@ class Link {
function getStyle() {
return $this->style;
}
/**
* Return the text onmouseover
* @return string $text_on_over text to display in status bar onmouseover
@ -141,7 +140,7 @@ class Link {
function getTextOnOver() {
return stripslashes($this->text_on_over);
}
/**
* Return the image source "src" property
* @return string
@ -149,7 +148,7 @@ class Link {
function getImgSrc() {
return $img_src;
}
/**
* Return the image alt property
* @return string
@ -157,10 +156,9 @@ class Link {
function getImgAlt() {
return $img_alt;
}
//=============================================
/**
* Print out a link without creating a new Link object
* @param string $url url to link to
@ -170,9 +168,9 @@ class Link {
* @param string $text_on_over text to display in status bar onmouseover
*/
function doLink($url=null, $text=null, $class=null, $style=null, $text_on_over=null, $boldtext=null) {
echo $this->getLink($url, $text, $class, $style, $text_on_over, $boldtext);
echo $this->getLink($url, $text, $class, $style, $text_on_over, $boldtext);
}
/**
* Print out an image link without creating a new Link obejct
* @param string $url url to link to
@ -183,16 +181,16 @@ class Link {
function doImageLink($url = null, $img_src = null, $alt = null, $text_on_over = null) {
echo $this->getImageLink($url, $img_src, $alt, $text_on_over);
}
/**
* Prints out the link using the class values
* @param none
* @see doLink()
*/
function printLink() {
$this->doLink($this->url, $this->text, $this->_class, $this->style, $this->text_on_over);
$this->doLink($this->url, $this->text, $this->_class, $this->style, $this->text_on_over);
}
/**
* Returns the HTML for the link with given parameters
* @param string $url url to link to
@ -207,7 +205,7 @@ class Link {
//return "<a href=\"$url\" class=\"$class\" style=\"$style\" onmouseover=\"javascript: window.status='" . addslashes($text_on_over) . "'; return true;\" onmouseout=\"javascript: window.status=''; return true;\">$text</a>";
return "<a href=\"$url\" class=\"$class\" style=\"$style\" onmouseover=\"javascript: window.status='" . addslashes($text_on_over) . "'; return true;\" onmouseout=\"javascript: window.status=''; return true;\">" . ($boldtext ? "<b>$text</b>" : $text) . "</a>";
}
/**
* Returns the HTML for the link with given parameters
* @param string $url url to link to

87
lib/MailEngine.class.php
View File

@ -20,13 +20,12 @@ include_once('lib/CmnFns.class.php');
* Pear::DB
*/
if ($GLOBALS['conf']['app']['safeMode']) {
ini_set('include_path', ( dirname(__FILE__) . '/pear/' . PATH_SEPARATOR . ini_get('include_path') ));
include_once('pear/PEAR.php');
include_once('pear/Mail/mimeDecode.php');
}
else {
include_once 'PEAR.php';
include_once('Mail/mimeDecode.php');
ini_set('include_path', ( dirname(__FILE__) . '/pear/' . PATH_SEPARATOR . ini_get('include_path') ));
include_once('pear/PEAR.php');
include_once('pear/Mail/mimeDecode.php');
} else {
include_once('PEAR.php');
include_once('Mail/mimeDecode.php');
}
/**
@ -34,13 +33,12 @@ else {
*/
class MailEngine {
var $raw; // Raw mail contents
var $struct; // The top-level MIME structure
var $recipient; // The recipient of the email
var $msg_found; // Msg found in database
var $msg_error; // Msg has MIME error
var $last_error; // PEAR Error Messages
var $raw; // Raw mail contents
var $struct; // The top-level MIME structure
var $recipient; // The recipient of the email
var $msg_found; // Msg found in database
var $msg_error; // Msg has MIME error
var $last_error; // PEAR Error Messages
/**
* MailEngine object constructor
@ -49,35 +47,35 @@ class MailEngine {
* $return object MailEngine object
*/
function MailEngine($mail_id, $recip) {
$this->recipient = $recip;
$this->getRawContent($mail_id);
$this->msg_error = false;
if ($this->raw) {
$this->msg_found = true;
$this->struct = $this->getDecodedStruct($this->raw);
if (PEAR::isError($this->struct)) {
$this->msg_error = true;
$this->last_error = $this->struct->getMessage();
}
} else {
$this->msg_found = false;
}
return $this->struct;
$this->recipient = $recip;
$this->getRawContent($mail_id);
$this->msg_error = false;
if ($this->raw) {
$this->msg_found = true;
$this->struct = $this->getDecodedStruct($this->raw);
if (PEAR::isError($this->struct)) {
$this->msg_error = true;
$this->last_error = $this->struct->getMessage();
}
} else {
$this->msg_found = false;
}
return $this->struct;
}
/**
* Decode the raw contents to get the MIME structure
* $param string The complete raw message returned by get_raw_mail
* $return object Mail_mimeDecode::decode object
* $return object Mail_mimeDecode::decode object
*/
function getDecodedStruct($contents) {
$message = new Mail_mimeDecode($contents);
$msg_struct = $message->decode( array ( 'include_bodies' => true,
'decode_bodies' => true,
'decode_headers' => true)
);
return $msg_struct;
$message = new Mail_mimeDecode($contents);
$msg_struct = $message->decode( array ( 'include_bodies' => true,
'decode_bodies' => true,
'decode_headers' => true)
);
return $msg_struct;
}
/**
@ -86,12 +84,13 @@ class MailEngine {
* $return string The complete raw email
*/
function getRawContent($mail_id) {
$db = new DBEngine();
$this->raw = $db->get_raw_mail($mail_id, $this->recipient);
// Mark read
if (in_array($this->recipient, $_SESSION['sessionMail']) && $this->raw) {
$db->update_msgrcpt_rs($mail_id,$this->recipient,'v');
}
$db = new DBEngine();
$this->raw = $db->get_raw_mail($mail_id, $this->recipient);
// Mark read
if (in_array($this->recipient, $_SESSION['sessionMail']) && $this->raw) {
$db->update_msgrcpt_rs($mail_id,$this->recipient,'v');
}
}
}
?>

460
lib/MailMime.class.php
View File

@ -20,11 +20,10 @@ include_once('lib/CmnFns.class.php');
* Pear::DB
*/
if ($GLOBALS['conf']['app']['safeMode']) {
ini_set('include_path', ( dirname(__FILE__) . '/pear/' . PATH_SEPARATOR . ini_get('include_path') ));
include_once('pear/Mail/mimeDecode.php');
}
else {
include_once('Mail/mimeDecode.php');
ini_set('include_path', ( dirname(__FILE__) . '/pear/' . PATH_SEPARATOR . ini_get('include_path') ));
include_once('pear/Mail/mimeDecode.php');
} else {
include_once('Mail/mimeDecode.php');
}
/**
@ -42,10 +41,10 @@ include_once('lib/htmlfilter.php');
* $param The mime structure object
*/
function GetCtype($struct) {
$ctype_p = strtolower(trim($struct->ctype_primary));
$ctype_s = strtolower(trim($struct->ctype_secondary));
$type = $ctype_p . '/' . $ctype_s;
return $type;
$ctype_p = strtolower(trim($struct->ctype_primary));
$ctype_s = strtolower(trim($struct->ctype_secondary));
$type = $ctype_p . '/' . $ctype_s;
return $type;
}
/**
@ -56,71 +55,68 @@ $filelist = array ();
$errors = array ();
function MsgParseBody($struct) {
global $filelist;
global $errors;
$ctype_p = strtolower(trim($struct->ctype_primary));
$ctype_s = strtolower(trim($struct->ctype_secondary));
global $filelist;
global $errors;
$ctype_p = strtolower(trim($struct->ctype_primary));
$ctype_s = strtolower(trim($struct->ctype_secondary));
switch ($ctype_p) {
case "multipart":
switch ($ctype_s) {
case "alternative":
// Handle multipart/alternative parts
$alt_entity = FindMultiAlt($struct->parts);
// Ignore if we return false NEEDS WORK
if ($alt_entity) MsgParseBody($alt_entity);
break;
case "related":
// Handle multipart/related parts
$rel_entities = FindMultiRel($struct);
foreach ($rel_entities as $ent) {
MsgParseBody($ent);
}
break;
default:
// Probably multipart/mixed here
// Recursively process nested mime entities
if ( is_array($struct->parts) || is_object($struct->parts) ) {
foreach ($struct->parts as $cur_part) {
MsgParseBody($cur_part);
}
} else {
$errors['Invalid or Corrupt MIME Detected.'] = true;
}
break;
}
break;
case "text":
// Do not display attached text types
if (property_exists($struct, "d_parameters")) {
if ($attachment = $struct->d_parameters['filename'] or $attachment = $struct->d_parameters['name']) {
array_push($filelist, $attachment);
break;
}
}
switch ($ctype_s) {
// Plain text
case "plain":
MsgBodyPlainText($struct->body);
break;
// HTML text
case "html":
MsgBodyHtmlText($struct->body);
break;
// Text type we do not support
default:
$errors['Portions of text could not be displayed'] = true;
}
break;
default:
// Save the listed filename or notify the
// reader that this mail is not displayed completely
$attachment = $struct->d_parameters['filename'];
$attachment ? array_push($filelist, $attachment) : $errors['Unsupported MIME objects present'] = true;
}
switch ($ctype_p) {
case "multipart":
switch ($ctype_s) {
case "alternative":
// Handle multipart/alternative parts
$alt_entity = FindMultiAlt($struct->parts);
// Ignore if we return false NEEDS WORK
if ($alt_entity) MsgParseBody($alt_entity);
break;
case "related":
// Handle multipart/related parts
$rel_entities = FindMultiRel($struct);
foreach ($rel_entities as $ent) {
MsgParseBody($ent);
}
break;
default:
// Probably multipart/mixed here
// Recursively process nested mime entities
if ( is_array($struct->parts) || is_object($struct->parts) ) {
foreach ($struct->parts as $cur_part) {
MsgParseBody($cur_part);
}
} else {
$errors['Invalid or Corrupt MIME Detected.'] = true;
}
break;
}
break;
case "text":
// Do not display attached text types
if (property_exists($struct, "d_parameters")) {
if ($attachment = $struct->d_parameters['filename'] or $attachment = $struct->d_parameters['name']) {
array_push($filelist, $attachment);
break;
}
}
switch ($ctype_s) {
// Plain text
case "plain":
MsgBodyPlainText($struct->body);
break;
// HTML text
case "html":
MsgBodyHtmlText($struct->body);
break;
// Text type we do not support
default:
$errors['Portions of text could not be displayed'] = true;
}
break;
default:
// Save the listed filename or notify the
// reader that this mail is not displayed completely
$attachment = $struct->d_parameters['filename'];
$attachment ? array_push($filelist, $attachment) : $errors['Unsupported MIME objects present'] = true;
}
}
/**
@ -130,29 +126,29 @@ function MsgParseBody($struct) {
* $return Single MIME entity
*/
function FindMultiAlt($parts) {
$alt_pref = array ('text/plain', 'text/html');
$best_view = 0;
// Bad Headers sometimes have invalid MIME....
if ( is_array($parts) || is_object($parts) ) {
foreach ($parts as $cur_part) {
$type = GetCtype($cur_part);
if ($type == 'multipart/related') {
$type = $cur_part->d_parameters['type'];
// Mozilla bug. Mozilla does not provide the parameter type.
if (!$type) $type = 'text/html';
}
$altCount = count($alt_pref);
for ($j = $best_view; $j < $altCount; ++$j) {
if (($alt_pref[$j] == $type) && ($j >= $best_view)) {
$best_view = $j;
$struct = $cur_part;
}
}
}
return $struct;
} else {
$errors['Invalid or Corrupt MIME Detected.'] = true;
}
$alt_pref = array ('text/plain', 'text/html');
$best_view = 0;
// Bad Headers sometimes have invalid MIME....
if ( is_array($parts) || is_object($parts) ) {
foreach ($parts as $cur_part) {
$type = GetCtype($cur_part);
if ($type == 'multipart/related') {
$type = $cur_part->d_parameters['type'];
// Mozilla bug. Mozilla does not provide the parameter type.
if (!$type) $type = 'text/html';
}
$altCount = count($alt_pref);
for ($j = $best_view; $j < $altCount; ++$j) {
if (($alt_pref[$j] == $type) && ($j >= $best_view)) {
$best_view = $j;
$struct = $cur_part;
}
}
}
return $struct;
} else {
$errors['Invalid or Corrupt MIME Detected.'] = true;
}
}
/**
@ -162,155 +158,151 @@ function FindMultiAlt($parts) {
* @return List of MIME entities
*/
function FindMultiRel($struct) {
$entities = array();
$type = $struct->d_parameters['type'];
// Mozilla bug. Mozilla does not provide the parameter type.
if (!$type) $type = 'text/html';
// Bad Headers sometimes have invalid MIME....
if ( is_array($struct->parts) || is_object($struct->parts) ) {
foreach ($struct->parts as $part) {
if (GetCtype($part) == $type || GetCtype($part) == "multipart/alternative") {
array_push($entities,$part);
}
}
} else {
$errors['Invalid or Corrupt MIME Detected.'] = true;
}
return $entities;
$entities = array();
$type = $struct->d_parameters['type'];
// Mozilla bug. Mozilla does not provide the parameter type.
if (!$type) $type = 'text/html';
// Bad Headers sometimes have invalid MIME....
if ( is_array($struct->parts) || is_object($struct->parts) ) {
foreach ($struct->parts as $part) {
if (GetCtype($part) == $type || GetCtype($part) == "multipart/alternative") {
array_push($entities,$part);
}
}
} else {
$errors['Invalid or Corrupt MIME Detected.'] = true;
}
return $entities;
}
// Wrapper script for htmlfilter. Settings taken
// from SquirrelMail
function sanitizeHTML($body) {
if (isset($_COOKIE['lang']) &&
file_exists("img/".substr($_COOKIE['lang'],0,2).".blocked_img.png")) {
$secremoveimg = "img/".substr($_COOKIE['lang'],0,2).".blocked_img.png";
} else {
$secremoveimg = "img/blocked_img.png";
}
$tag_list = Array(
false,
"object",
"meta",
"html",
"head",
"base",
"link",
"frame",
"iframe",
"plaintext",
"marquee"
);
if (isset($_COOKIE['lang']) && file_exists("img/".substr($_COOKIE['lang'],0,2).".blocked_img.png")) {
$secremoveimg = "img/".substr($_COOKIE['lang'],0,2).".blocked_img.png";
} else {
$secremoveimg = "img/blocked_img.png";
}
$tag_list = Array(
false,
"object",
"meta",
"html",
"head",
"base",
"link",
"frame",
"iframe",
"plaintext",
"marquee"
);
$rm_tags_with_content = Array(
"script",
"applet",
"embed",
"title",
"frameset",
"xml",
"style"
);
$rm_tags_with_content = Array(
"script",
"applet",
"embed",
"title",
"frameset",
"xml",
"style"
);
$self_closing_tags = Array(
"img",
"br",
"hr",
"input"
);
$self_closing_tags = Array(
"img",
"br",
"hr",
"input"
);
$force_tag_closing = true;
$force_tag_closing = true;
$rm_attnames = Array(
"/.*/" =>
Array(
"/target/i",
"/^on.*/i",
"/^dynsrc/i",
"/^data.*/i",
"/^lowsrc.*/i"
)
);
$rm_attnames = Array(
"/.*/" =>
Array(
"/target/i",
"/^on.*/i",
"/^dynsrc/i",
"/^data.*/i",
"/^lowsrc.*/i"
)
);
$bad_attvals = Array(
"/.*/" =>
Array(
"/^src|background/i" =>
Array(
Array(
"/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
"/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
"/^([\'\"])\s*about\s*:.*([\'\"])/si",
"/^([\'\"])\s*https*:.*([\'\"])/si",
"/^([\'\"])\s*cid*:.*([\'\"])/si"
),
Array(
"\\1$secremoveimg\\2",
"\\1$secremoveimg\\2",
"\\1$secremoveimg\\2",
"\\1$secremoveimg\\2",
"\\1$secremoveimg\\2"
)
),
"/^href|action/i" =>
Array(
Array(
"/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
"/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
"/^([\'\"])\s*about\s*:.*([\'\"])/si"
),
Array(
"\\1#\\1",
"\\1#\\1",
"\\1#\\1",
"\\1#\\1"
)
),
"/^style/i" =>
Array(
Array(
"/expression/i",
"/binding/i",
"/behaviou*r/i",
"/include-source/i",
"/url\s*\(\s*([\'\"])\s*\S+script\s*:.*([\'\"])\s*\)/si",
"/url\s*\(\s*([\'\"])\s*mocha\s*:.*([\'\"])\s*\)/si",
"/url\s*\(\s*([\'\"])\s*about\s*:.*([\'\"])\s*\)/si",
"/(.*)\s*:\s*url\s*\(\s*([\'\"]*)\s*\S+script\s*:.*([\'\"]*)\s*\)/si",
"/url\(([\'\"])\s*https*:.*([\'\"])\)/si"
),
Array(
"idiocy",
"idiocy",
"idiocy",
"idiocy",
"url(\\1#\\1)",
"url(\\1#\\1)",
"url(\\1#\\1)",
"url(\\1#\\1)",
"url(\\1#\\1)",
"\\1:url(\\2#\\3)",
"url(\\1$secremoveimg\\1)"
)
)
)
);
$bad_attvals = Array(
"/.*/" =>
Array(
"/^src|background/i" =>
Array(
Array(
"/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
"/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
"/^([\'\"])\s*about\s*:.*([\'\"])/si",
"/^([\'\"])\s*https*:.*([\'\"])/si",
"/^([\'\"])\s*cid*:.*([\'\"])/si"
),
Array(
"\\1$secremoveimg\\2",
"\\1$secremoveimg\\2",
"\\1$secremoveimg\\2",
"\\1$secremoveimg\\2",
"\\1$secremoveimg\\2"
)
),
"/^href|action/i" =>
Array(
Array(
"/^([\'\"])\s*\S+script\s*:.*([\'\"])/si",
"/^([\'\"])\s*mocha\s*:*.*([\'\"])/si",
"/^([\'\"])\s*about\s*:.*([\'\"])/si"
),
Array(
"\\1#\\1",
"\\1#\\1",
"\\1#\\1",
"\\1#\\1"
)
),
"/^style/i" =>
Array(
Array(
"/expression/i",
"/binding/i",
"/behaviou*r/i",
"/include-source/i",
"/url\s*\(\s*([\'\"])\s*\S+script\s*:.*([\'\"])\s*\)/si",
"/url\s*\(\s*([\'\"])\s*mocha\s*:.*([\'\"])\s*\)/si",
"/url\s*\(\s*([\'\"])\s*about\s*:.*([\'\"])\s*\)/si",
"/(.*)\s*:\s*url\s*\(\s*([\'\"]*)\s*\S+script\s*:.*([\'\"]*)\s*\)/si",
"/url\(([\'\"])\s*https*:.*([\'\"])\)/si"
),
Array(
"idiocy",
"idiocy",
"idiocy",
"idiocy",
"url(\\1#\\1)",
"url(\\1#\\1)",
"url(\\1#\\1)",
"url(\\1#\\1)",
"url(\\1#\\1)",
"\\1:url(\\2#\\3)",
"url(\\1$secremoveimg\\1)"
)
)
)
);
$add_attr_to_tag = Array(
"/^a$/i" =>
Array('target'=>'"_new"'
)
);
$add_attr_to_tag = Array("/^a$/i" => Array('target'=>'"_new"'));
$trusted_html = sanitize($body,
$tag_list,
$rm_tags_with_content,
$self_closing_tags,
$force_tag_closing,
$rm_attnames,
$bad_attvals,
$add_attr_to_tag
);
$trusted_html = sanitize($body,
$tag_list,
$rm_tags_with_content,
$self_closing_tags,
$force_tag_closing,
$rm_attnames,
$bad_attvals,
$add_attr_to_tag
);
return $trusted_html;
return $trusted_html;
}
?>

208
lib/PHPMailer.class.php
View File

@ -96,7 +96,7 @@ class PHPMailer
var $AltBody = "";
/**
* Sets word wrapping on the body of the message to a given number of
* Sets word wrapping on the body of the message to a given number of
* characters.
* @var int
*/
@ -113,10 +113,10 @@ class PHPMailer
* @var string
*/
var $Sendmail = "/usr/sbin/sendmail";
/**
* Path to PHPMailer plugins. This is now only useful if the SMTP class
* is in a different directory than the PHP include path.
* Path to PHPMailer plugins. This is now only useful if the SMTP class
* is in a different directory than the PHP include path.
* @var string
*/
var $PluginDir = "";
@ -186,7 +186,7 @@ class PHPMailer
var $Password = "";
/**
* Sets the SMTP server timeout in seconds. This function will not
* Sets the SMTP server timeout in seconds. This function will not
* work with the win32 version.
* @var int
*/
@ -199,9 +199,9 @@ class PHPMailer
var $SMTPDebug = false;
/**
* Prevents the SMTP connection from being closed after each mail
* sending. If this is set to true then to close the connection
* requires an explicit call to SmtpClose().
* Prevents the SMTP connection from being closed after each mail
* sending. If this is set to true then to close the connection
* requires an explicit call to SmtpClose().
* @var bool
*/
var $SMTPKeepAlive = false;
@ -222,8 +222,8 @@ class PHPMailer
var $error_count = 0;
var $LE = "\n";
/**#@-*/
/////////////////////////////////////////////////
/////////////////////////////////////////////////
// CONSTRUCTOR
/////////////////////////////////////////////////
/**
@ -234,31 +234,31 @@ class PHPMailer
function PHPMailer() {
global $conf;
global $charset;
$this->CharSet = $charset;
$this->SetLanguage();
$this->Mailer = $conf['app']['emailType'];
if ($this->Mailer == 'smtp') { // Set smtp variables
$this->Host = $conf['app']['smtpHost'];
$this->Port = $conf['app']['smtpPort'];
}
if ($this->Mailer == 'sendmail') // Set sendmail variables
$this->Sendmail = $conf['app']['sendmailPath'];
$this->Sendmail = $conf['app']['sendmailPath'];
if ($this->Mailer == 'qmail') // Set qmail variables
$this->Sendmail = $conf['app']['qmailPath'];
}
/////////////////////////////////////////////////
// VARIABLE METHODS
/////////////////////////////////////////////////
/**
* Sets message type to HTML.
* Sets message type to HTML.
* @param bool $bool
* @return void
*/
@ -294,7 +294,7 @@ class PHPMailer
}
/**
* Sets Mailer to send message using the qmail MTA.
* Sets Mailer to send message using the qmail MTA.
* @return void
*/
function IsQmail() {
@ -308,7 +308,7 @@ class PHPMailer
/////////////////////////////////////////////////
/**
* Adds a "To" address.
* Adds a "To" address.
* @param string $address
* @param string $name
* @return void
@ -322,7 +322,7 @@ class PHPMailer
/**
* Adds a "Cc" address. Note: this function works
* with the SMTP mailer on win32, not with the "mail"
* mailer.
* mailer.
* @param string $address
* @param string $name
* @return void
@ -336,7 +336,7 @@ class PHPMailer
/**
* Adds a "Bcc" address. Note: this function works
* with the SMTP mailer on win32, not with the "mail"
* mailer.
* mailer.
* @param string $address
* @param string $name
* @return void
@ -348,7 +348,7 @@ class PHPMailer
}
/**
* Adds a "Reply-to" address.
* Adds a "Reply-to" address.
* @param string $address
* @param string $name
* @return void
@ -367,11 +367,11 @@ class PHPMailer
/**
* Creates message and assigns Mailer. If the message is
* not sent successfully then it returns false. Use the ErrorInfo
* variable to view description of the error.
* variable to view description of the error.
* @return bool
*/
function Send() {
$header = "";
$header = "";
$body = "";
$result = true;
@ -419,9 +419,9 @@ class PHPMailer
return $result;
}
/**
* Sends mail using the $Sendmail program.
* Sends mail using the $Sendmail program.
* @access private
* @return bool
*/
@ -439,7 +439,7 @@ class PHPMailer
fputs($mail, $header);
fputs($mail, $body);
$result = pclose($mail) >> 8 & 0xFF;
if($result != 0)
{
@ -451,7 +451,7 @@ class PHPMailer
}
/**
* Sends mail using the PHP mail() function.
* Sends mail using the PHP mail() function.
* @access private
* @return bool
*/
@ -468,8 +468,7 @@ class PHPMailer
$old_from = ini_get("sendmail_from");
ini_set("sendmail_from", $this->Sender);
$params = sprintf("-oi -f %s", $this->Sender);
$rt = @mail($to, $this->EncodeHeader($this->Subject), $body,
$header, $params);
$rt = @mail($to, $this->EncodeHeader($this->Subject), $body, $header, $params);
}
else
$rt = @mail($to, $this->EncodeHeader($this->Subject), $body, $header);
@ -555,7 +554,7 @@ class PHPMailer
}
/**
* Initiates a connection to an SMTP server. Returns false if the
* Initiates a connection to an SMTP server. Returns false if the
* operation failed.
* @access private
* @return bool
@ -566,7 +565,7 @@ class PHPMailer
$this->smtp->do_debug = $this->SMTPDebug;
$hosts = explode(";", $this->Host);
$index = 0;
$connection = ($this->smtp->Connected());
$connection = ($this->smtp->Connected());
// Retry while there is no connection
while($index < count($hosts) && $connection == false)
@ -585,11 +584,10 @@ class PHPMailer
$this->smtp->Hello($this->Helo);
else
$this->smtp->Hello($this->ServerHostname());
if($this->SMTPAuth)
{
if(!$this->smtp->Authenticate($this->Username,
$this->Password))
if(!$this->smtp->Authenticate($this->Username, $this->Password))
{
$this->SetError($this->Lang("authenticate"));
$this->smtp->Reset();
@ -658,7 +656,7 @@ class PHPMailer
/////////////////////////////////////////////////
/**
* Creates recipient headers.
* Creates recipient headers.
* @access private
* @return string
*/
@ -674,9 +672,9 @@ class PHPMailer
return $addr_str;
}
/**
* Formats an address correctly.
* Formats an address correctly.
* @access private
* @return string
*/
@ -685,8 +683,7 @@ class PHPMailer
$formatted = $addr[0];
else
{
$formatted = $this->EncodeHeader($addr[1], 'phrase') . " <" .
$addr[0] . ">";
$formatted = $this->EncodeHeader($addr[1], 'phrase') . " <" . $addr[0] . ">";
}
return $formatted;
@ -695,7 +692,7 @@ class PHPMailer
/**
* Wraps message for use with mailers that do not
* automatically perform wrapping and for quoted-printable.
* Original written by philippe.
* Original written by philippe.
* @access private
* @return string
*/
@ -757,7 +754,7 @@ class PHPMailer
else
{
$buf_o = $buf;
$buf .= ($e == 0) ? $word : (" " . $word);
$buf .= ($e == 0) ? $word : (" " . $word);
if (strlen($buf) > $length and $buf_o != "")
{
@ -771,7 +768,7 @@ class PHPMailer
return $message;
}
/**
* Set the body wrapping.
* @access private
@ -780,7 +777,7 @@ class PHPMailer
function SetWordWrap() {
if($this->WordWrap < 1)
return;
switch($this->message_type)
{
case "alt":
@ -795,13 +792,13 @@ class PHPMailer
}
/**
* Assembles message header.
* Assembles message header.
* @access private
* @return string
*/
function CreateHeader() {
$result = "";
// Set the boundaries
$uniq_id = md5(uniqid(time()));
$this->boundary[1] = "b1_" . $uniq_id;
@ -812,7 +809,7 @@ class PHPMailer
$result .= $this->HeaderLine("Return-Path", trim($this->From));
else
$result .= $this->HeaderLine("Return-Path", trim($this->Sender));
// To be created automatically by mail()
if($this->Mailer != "mail")
{
@ -827,7 +824,7 @@ class PHPMailer
$from = array();
$from[0][0] = trim($this->From);
$from[0][1] = $this->FromName;
$result .= $this->AddrAppend("From", $from);
$result .= $this->AddrAppend("From", $from);
// sendmail and mail() extract Bcc from the header before sending
if((($this->Mailer == "sendmail") || ($this->Mailer == "mail")) && (count($this->bcc) > 0))
@ -843,17 +840,17 @@ class PHPMailer
$result .= sprintf("Message-ID: <%s@%s>%s", $uniq_id, $this->ServerHostname(), $this->LE);
$result .= $this->HeaderLine("X-Priority", $this->Priority);
$result .= $this->HeaderLine("X-Mailer", "PHPMailer [version " . $this->Version . "]");
if($this->ConfirmReadingTo != "")
{
$result .= $this->HeaderLine("Disposition-Notification-To",
$result .= $this->HeaderLine("Disposition-Notification-To",
"<" . trim($this->ConfirmReadingTo) . ">");
}
// Add custom headers
for($index = 0; $index < count($this->CustomHeader); $index++)
{
$result .= $this->HeaderLine(trim($this->CustomHeader[$index][0]),
$result .= $this->HeaderLine(trim($this->CustomHeader[$index][0]),
$this->EncodeHeader(trim($this->CustomHeader[$index][1])));
}
$result .= $this->HeaderLine("MIME-Version", "1.0");
@ -870,8 +867,8 @@ class PHPMailer
case "alt_attachments":
if($this->InlineImageExists())
{
$result .= sprintf("Content-Type: %s;%s\ttype=\"text/html\";%s\tboundary=\"%s\"%s",
"multipart/related", $this->LE, $this->LE,
$result .= sprintf("Content-Type: %s;%s\ttype=\"text/html\";%s\tboundary=\"%s\"%s",
"multipart/related", $this->LE, $this->LE,
$this->boundary[1], $this->LE);
}
else
@ -905,16 +902,16 @@ class PHPMailer
switch($this->message_type)
{
case "alt":
$result .= $this->GetBoundary($this->boundary[1], "",
$result .= $this->GetBoundary($this->boundary[1], "",
"text/plain", "");
$result .= $this->EncodeString($this->AltBody, $this->Encoding);
$result .= $this->LE.$this->LE;
$result .= $this->GetBoundary($this->boundary[1], "",
$result .= $this->GetBoundary($this->boundary[1], "",
"text/html", "");
$result .= $this->EncodeString($this->Body, $this->Encoding);
$result .= $this->LE.$this->LE;
$result .= $this->EndBoundary($this->boundary[1]);
break;
case "plain":
@ -924,32 +921,32 @@ class PHPMailer
$result .= $this->GetBoundary($this->boundary[1], "", "", "");
$result .= $this->EncodeString($this->Body, $this->Encoding);
$result .= $this->LE;
$result .= $this->AttachAll();
break;
case "alt_attachments":
$result .= sprintf("--%s%s", $this->boundary[1], $this->LE);
$result .= sprintf("Content-Type: %s;%s" .
"\tboundary=\"%s\"%s",
"multipart/alternative", $this->LE,
"multipart/alternative", $this->LE,
$this->boundary[2], $this->LE.$this->LE);
// Create text body
$result .= $this->GetBoundary($this->boundary[2], "",
$result .= $this->GetBoundary($this->boundary[2], "",
"text/plain", "") . $this->LE;
$result .= $this->EncodeString($this->AltBody, $this->Encoding);
$result .= $this->LE.$this->LE;
// Create the HTML body
$result .= $this->GetBoundary($this->boundary[2], "",
$result .= $this->GetBoundary($this->boundary[2], "",
"text/html", "") . $this->LE;
$result .= $this->EncodeString($this->Body, $this->Encoding);
$result .= $this->LE.$this->LE;
$result .= $this->EndBoundary($this->boundary[2]);
$result .= $this->AttachAll();
break;
}
@ -970,23 +967,23 @@ class PHPMailer
if($encoding == "") { $encoding = $this->Encoding; }
$result .= $this->TextLine("--" . $boundary);
$result .= sprintf("Content-Type: %s; charset = \"%s\"",
$result .= sprintf("Content-Type: %s; charset = \"%s\"",
$contentType, $charSet);
$result .= $this->LE;
$result .= $this->HeaderLine("Content-Transfer-Encoding", $encoding);
$result .= $this->LE;
return $result;
}
/**
* Returns the end of a message boundary.
* @access private
*/
function EndBoundary($boundary) {
return $this->LE . "--" . $boundary . "--" . $this->LE;
return $this->LE . "--" . $boundary . "--" . $this->LE;
}
/**
* Sets the message type.
* @access private
@ -1038,7 +1035,7 @@ class PHPMailer
* @param string $type File extension (MIME) type.
* @return bool
*/
function AddAttachment($path, $name = "", $encoding = "base64",
function AddAttachment($path, $name = "", $encoding = "base64",
$type = "application/octet-stream") {
if(!@is_file($path))
{
@ -1089,7 +1086,7 @@ class PHPMailer
$type = $this->attachment[$i][4];
$disposition = $this->attachment[$i][6];
$cid = $this->attachment[$i][7];
$mime[] = sprintf("--%s%s", $this->boundary[1], $this->LE);
$mime[] = sprintf("Content-Type: %s; name=\"%s\"%s", $type, $name, $this->LE);
$mime[] = sprintf("Content-Transfer-Encoding: %s%s", $encoding, $this->LE);
@ -1097,7 +1094,7 @@ class PHPMailer
if($disposition == "inline")
$mime[] = sprintf("Content-ID: <%s>%s", $cid, $this->LE);
$mime[] = sprintf("Content-Disposition: %s; filename=\"%s\"%s",
$mime[] = sprintf("Content-Disposition: %s; filename=\"%s\"%s",
$disposition, $name, $this->LE.$this->LE);
// Encode as string attachment
@ -1109,7 +1106,7 @@ class PHPMailer
}
else
{
$mime[] = $this->EncodeFile($path, $encoding);
$mime[] = $this->EncodeFile($path, $encoding);
if($this->IsError()) { return ""; }
$mime[] = $this->LE.$this->LE;
}
@ -1119,7 +1116,7 @@ class PHPMailer
return join("", $mime);
}
/**
* Encodes attachment in requested format. Returns an
* empty string on failure.
@ -1172,13 +1169,13 @@ class PHPMailer
}
/**
* Encode a header string to best of Q, B, quoted or none.
* Encode a header string to best of Q, B, quoted or none.
* @access private
* @return string
*/
function EncodeHeader ($str, $position = 'text') {
$x = 0;
switch (strtolower($position)) {
case 'phrase':
if (!preg_match('/[\200-\377]/', $str)) {
@ -1220,12 +1217,12 @@ class PHPMailer
$encoded = preg_replace('/^(.*)$/m', " =?".$this->CharSet."?$encoding?\\1?=", $encoded);
$encoded = trim(str_replace("\n", $this->LE, $encoded));
return $encoded;
}
/**
* Encode string to quoted-printable.
* Encode string to quoted-printable.
* @access private
* @return string
*/
@ -1248,7 +1245,7 @@ class PHPMailer
}
/**
* Encode string to q encoding.
* Encode string to q encoding.
* @access private
* @return string
*/
@ -1269,7 +1266,7 @@ class PHPMailer
"'='.sprintf('%02X', ord('\\1'))", $encoded);
break;
}
// Replace every spaces to _ (more readable than =20)
$encoded = str_replace(" ", "_", $encoded);
@ -1286,7 +1283,7 @@ class PHPMailer
* @param string $type File extension (MIME) type.
* @return void
*/
function AddStringAttachment($string, $filename, $encoding = "base64",
function AddStringAttachment($string, $filename, $encoding = "base64",
$type = "application/octet-stream") {
// Append to $attachment array
$cur = count($this->attachment);
@ -1299,23 +1296,23 @@ class PHPMailer
$this->attachment[$cur][6] = "attachment";
$this->attachment[$cur][7] = 0;
}
/**
* Adds an embedded attachment. This can include images, sounds, and
* just about any other document. Make sure to set the $type to an
* image type. For JPEG images use "image/jpeg" and for GIF images
* Adds an embedded attachment. This can include images, sounds, and
* just about any other document. Make sure to set the $type to an
* image type. For JPEG images use "image/jpeg" and for GIF images
* use "image/gif".
* @param string $path Path to the attachment.
* @param string $cid Content ID of the attachment. Use this to identify
* @param string $cid Content ID of the attachment. Use this to identify
* the Id for accessing the image in an HTML form.
* @param string $name Overrides the attachment name.
* @param string $encoding File encoding (see $Encoding).
* @param string $type File extension (MIME) type.
* @param string $type File extension (MIME) type.
* @return bool
*/
function AddEmbeddedImage($path, $cid, $name = "", $encoding = "base64",
function AddEmbeddedImage($path, $cid, $name = "", $encoding = "base64",
$type = "application/octet-stream") {
if(!@is_file($path))
{
$this->SetError($this->Lang("file_access") . $path);
@ -1336,10 +1333,10 @@ class PHPMailer
$this->attachment[$cur][5] = false; // isStringAttachment
$this->attachment[$cur][6] = "inline";
$this->attachment[$cur][7] = $cid;
return true;
}
/**
* Returns true if an inline attachment is present.
* @access private
@ -1355,7 +1352,7 @@ class PHPMailer
break;
}
}
return $result;
}
@ -1440,7 +1437,7 @@ class PHPMailer
}
/**
* Returns the proper RFC 822 formatted date.
* Returns the proper RFC 822 formatted date.
* @access private
* @return string
*/
@ -1453,10 +1450,10 @@ class PHPMailer
return $result;
}
/**
* Returns the appropriate server variable. Should work with both
* PHP 4.1.0+ as well as older versions. Returns an empty string
* Returns the appropriate server variable. Should work with both
* PHP 4.1.0+ as well as older versions. Returns an empty string
* if nothing is found.
* @access private
* @return mixed
@ -1471,7 +1468,7 @@ class PHPMailer
if(!isset($_SERVER["REMOTE_ADDR"]))
$_SERVER = $HTTP_ENV_VARS; // must be Apache
}
if(isset($_SERVER[$varName]))
return $_SERVER[$varName];
else
@ -1502,13 +1499,13 @@ class PHPMailer
function Lang($key) {
if(count($this->language) < 1)
$this->SetLanguage("en"); // set the default language
if(isset($this->language[$key]))
return $this->language[$key];
else
return "Language string failed to load: " . $key;
}
/**
* Returns true if an error occurred.
* @return bool
@ -1518,7 +1515,7 @@ class PHPMailer
}
/**
* Changes every end of line from CR or LF to CRLF.
* Changes every end of line from CR or LF to CRLF.
* @access private
* @return string
*/
@ -1530,12 +1527,11 @@ class PHPMailer
}
/**
* Adds a custom header.
* Adds a custom header.
* @return void
*/
function AddCustomHeader($custom_header) {
$this->CustomHeader[] = explode(":", $custom_header, 2);
}
}
?>

143
lib/Pager.class.php
View File

@ -24,7 +24,7 @@
*
* // Get total # of pages
* $query = "SELECT COUNT(*) as num FROM table";
* $result = $db->query($query);
* $result = $db->query($query);
* $rs = $result->fetchRow();
* $num = $rs['num']; // # of records
*
@ -54,12 +54,12 @@ class Pager {
var $tot_pages;
var $page_var;
var $limit_var;
// Application variables with user modify option
var $limit;
var $tot_records;
var $print_limit_select = true;
// User modifiable variables
var $prev_link = '&laquo;';
var $next_link = '&raquo;';
@ -72,8 +72,7 @@ class Pager {
var $tb_style;
var $text_class;
var $text_style;
/**
* Pager Constructor
* Sets up Pager variables and initializes values
@ -94,15 +93,14 @@ class Pager {
$this->limit = $limit;
$this->page_var = $page_var;
$this->limit_var = $limit_var;
// Call all system setter functions
$this->initCurPage();
$this->initLimit();
$this->initTotPages();
$this->initQueryString();
}
/**
* Print out the pages as links
* Prints out a table of all the pages as links
@ -128,53 +126,53 @@ class Pager {
$p = $this->view_pages; // How many pages to view
$cur_page = $this->cur_page; // Current page
$tot_pages = $this->tot_pages; // Total pages
// Open up the HTML table
$this->startTable();
// Open up cell for page links
$this->startPagesCell();
// Page to start printing bulk of links
$start = ($cur_page > $p) ? $cur_page - $p : 1;
// Page to end printing bulk of links
$end = ($cur_page + $p) < $tot_pages ? $cur_page + $p : $tot_pages;
// Print 'prev' link
$this->printPrev();
// Print link to first page, if not already there
if ($start != 1) {
$this->printPage(1);
}
// Print '...' if necessary (with link to center page)
if ($cur_page > $p+2) {
$this->printLink(ceil( ($start+1)/2 ), '...');
}
// Print links to pages before current page (up to first page)
// Print current page
// Print links to pages after current page (up to last page)
// Print links to pages after current page (up to last page)
for ($pg = $start; $pg <= $end; $pg++) {
$this->printPage($pg);
}
// Print '...' if necessary (with link to center page)
if ( $cur_page < ($tot_pages - ($p+1)) ) {
$this->printLink(ceil( ($tot_pages+$end)/2 ), '...' );
}
// Print link to last page, if not already there
if ($end != $tot_pages) {
$this->printPage($tot_pages);
}
// Print 'next' link
$this->printNext();
// Print total records
$this->printTotal();
// Close page links cell
$this->endPagesCell();
// Print out cell with limit jump menu
@ -182,7 +180,7 @@ class Pager {
// Close table
$this->endTable();
}
//-----------------------------------------
// Application setter functions
//-----------------------------------------
@ -193,7 +191,7 @@ class Pager {
function initCurPage() {
$this->cur_page = isset($_GET[$this->page_var]) ? intval($_GET[$this->page_var]) : 1;
}
/**
* Sets the limit variable if it is passed from querystring
* @param none
@ -204,7 +202,7 @@ class Pager {
if (isset($_POST[$this->limit_var]))
$this->limit = intval($_POST[$this->limit_var]);
}
/**
* Pull page information from query string and set $query_string
*
@ -212,20 +210,19 @@ class Pager {
* @param none
*/
function initQueryString() {
if (isset($_SERVER['QUERY_STRING'])) {
if (isset($_SERVER['QUERY_STRING'])) {
// Remove page from query string and convert all "&" to "&amp;"
$this->query_string = str_replace('&', '&amp;', preg_replace("/(&|&amp;)?$this->page_var=\d*/",'',$_SERVER['QUERY_STRING']));
// Insert limit into querystring, if it's not there
if ( !strstr($this->query_string, "$this->limit_var=") )
$this->query_string .= "&amp;$this->limit_var=" . $this->limit;
}
else {
} else {
$this->query_string = '';
}
}
/**
* Sets the tot_pages variable
*
@ -238,10 +235,10 @@ class Pager {
$this->tot_pages = ceil($this->tot_records/$this->limit);
}
//===========================================
//-------------------------------------------
// Output functions
//-------------------------------------------
//-------------------------------------------
/**
* Print out link to a page
* @param int $p page number to print
@ -249,12 +246,11 @@ class Pager {
function printPage($p) {
if ($p == $this->cur_page) {
echo " <b>[$p]</b> ";
}
else {
} else {
$this->printLink($p, $p);
}
}
/**
* Print 'prev' link, if necessary
* @param none
@ -264,7 +260,7 @@ class Pager {
if ($cur_page > 1)
$this->printLink($cur_page-1, $this->prev_link);
}
/**
* Print 'next' link, if necessary
* @param none
@ -274,7 +270,7 @@ class Pager {
if ($cur_page < $this->tot_pages && $this->tot_records > 0)
$this->printLink($cur_page+1, $this->next_link);
}
/**
* Print out link to a certain page
* @param int $page page to link to
@ -283,7 +279,7 @@ class Pager {
function printLink($page, $text) {
global $link;
global $use_link;
if ($use_link) {
$link->doLink(
$_SERVER['PHP_SELF'] . "?$this->page_var=$page&amp;" . $this->query_string . '"',
@ -292,24 +288,23 @@ class Pager {
'',
'Page ' . $page
);
}
else {
} else {
echo ' <a href="' . $_SERVER['PHP_SELF'] . "?$this->page_var=$page&amp;" . $this->query_string . '"'
. ' class="$this->class"'
. '>'
. $text . '</a> ';
}
}
/**
* Prints out opening table tag
* @param none
*/
function startTable() {
echo "<table align=\"$this->table_align\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\" width=\"$this->table_width\">\n"
. "<tr class=\"$this->text_class\" style=\"$this->text_style\">\n";
. "<tr class=\"$this->text_class\" style=\"$this->text_style\">\n";
}
/**
* Begins cell containing page links
* @param none
@ -317,15 +312,15 @@ class Pager {
function startPagesCell() {
echo '<td>' . translate('Page') . ' ';
}
/**
* Closes cell containing page links
* @param none
*/
function endPagesCell() {
echo '</td>';
}
}
/**
* Prints out cell containing limit jump menu
* @param none
@ -345,7 +340,7 @@ class Pager {
. "</form>\n"
. "</td>\n";
}
/**
* Prints out the closing row and table HTML tags
* @param none
@ -353,7 +348,7 @@ class Pager {
function endTable() {
echo "</tr>\n</table>\n";
}
/**
* Prints out total number of records returned
* @param none
@ -365,10 +360,10 @@ class Pager {
//--------------------------------------------
// User-Modified Setter Functions
//--------------------------------------------
//--------------------------------------------
/**
* Sets the total records for this recordset
*
*
* - Default setting is 0 (in constructor)
*
* @param int $tot total number of records
@ -378,7 +373,7 @@ class Pager {
// Call initTotPages again to reset paging
$this->initTotPages();
}
/**
* Sets the default recordset limit
* Note: A limit value set in the querystring
@ -393,7 +388,7 @@ class Pager {
// Call initLimit() to reinitialzie limit
$this->initLimit();
}
/**
* Sets the text for 'prev' link
*
@ -404,7 +399,7 @@ class Pager {
function setPrevLink($text) {
$this->prev_link = trim($text);
}
/**
* Sets the text for 'next' link
*
@ -415,7 +410,7 @@ class Pager {
function setNextLink($text) {
$this->next_link = trim($text);
}
/**
* Sets the value of view_pages
* How many pages to print on either side of
@ -428,7 +423,7 @@ class Pager {
function setViewPages($view_page) {
$this->view_pages = intval($view_page);
}
/**
* Sets the array of limits
* Pass in an array of ints to use
@ -441,7 +436,7 @@ class Pager {
function setLimits($new_limits) {
$this->limits = $new_limits;
}
/**
* Sets the name of the class to be used for the links
*
@ -452,7 +447,7 @@ class Pager {
function setLinkClass($link_class) {
$this->link_class = $link_class;
}
/**
* Sets the name of the class to be used for the pull down box
*
@ -463,7 +458,7 @@ class Pager {
function setTbClass($tb_class) {
$this->tb_class = $tb_class;
}
/**
* Sets the inline style of the limit jump menu
* This setting overrides the tb_class value
@ -474,7 +469,7 @@ class Pager {
function setTbStyle($tb_style) {
$this->tb_style = $tb_style;
}
/**
* Sets the name of the class to be used for the text
* ie) "Page:" and "Per page:"
@ -487,7 +482,7 @@ class Pager {
function setTextClass($text_class) {
$this->text_class = $text_class;
}
/**
* Sets the inline style to be used for the text
* Should be used to modifiy all paging text font-family, size, etc
@ -500,7 +495,7 @@ class Pager {
function setTextStyle($text_style) {
$this->text_style = $text_style;
}
/**
* Sets the width of the table bounding the pages/jump box
*
@ -511,7 +506,7 @@ class Pager {
function setTableWidth($table_width) {
$this->table_width = $table_width;
}
/**
* Sets the horizontial alignment of the table bounding the paging
*
@ -522,7 +517,7 @@ class Pager {
function setTableAlign($table_align) {
$this->table_align = $table_align;
}
/**
* Sets the page variable name for the querystring
* @param string $page_var page variable name
@ -530,7 +525,7 @@ class Pager {
function setPageVar($page_var) {
$this->page_var = $page_var;
}
/**
* Sets the limit variable name for the querystring
* @param string $limit_var limit variable name
@ -538,7 +533,7 @@ class Pager {
function setLimitVar($limit_var) {
$this->limit_var = $limit_var;
}
/**
* Sets the print_limit_select variable to decide if we should show the limit select pulldown
* @param bool $view_limit_select if we should show the select pulldown or not
@ -547,10 +542,10 @@ class Pager {
$this->print_limit_select = $view_limit_select;
}
//============================================
//--------------------------------------------
// Getter methods
//--------------------------------------------
//--------------------------------------------
/**
* Returns the recordset offset
* @param none
@ -559,7 +554,7 @@ class Pager {
function getOffset() {
return $this->limit * $this->cur_page - $this->limit;
}
/**
* Returns the total number of pages
* @param none
@ -568,7 +563,7 @@ class Pager {
function getTotPages() {
return $this->tot_pages;
}
/**
* Returns the current page number
* @param none
@ -577,7 +572,7 @@ class Pager {
function getPageNum() {
return $this->cur_page;
}
/**
* Returns the current recordset limit
* @param none
@ -586,7 +581,7 @@ class Pager {
function getLimit() {
return $this->limit;
}
/**
* Returns value of previous link text
* @param none
@ -595,7 +590,7 @@ class Pager {
function getPrevLink() {
return $this->prev_link;
}
/**
* Returns value of next link text
* @param none
@ -604,7 +599,7 @@ class Pager {
function getNextLink() {
return $this->next_link;
}
/**
* Returns the name used for the page querystring variable
* @param none
@ -613,7 +608,7 @@ class Pager {
function getPageVar() {
return $this->page_var;
}
/**
* Returns the name used for the limit querystring variable
* @param none
@ -623,7 +618,7 @@ class Pager {
return $this->limit_var;
}
//===========================================
// End class
}
?>
?>

14
lib/Quarantine.lib.php
View File

@ -34,7 +34,7 @@ include_once('lib/PHPMailer.class.php');
* Release messages function
* @param array $emailaddresses recipient email address(es)
* @param array $mail_id_array containing mail_id of messages to be released
* @result return array of messages whose release failed
* @result return array of messages whose release failed
*/
function releaseMessages($emailaddresses, $mail_id_array) {
@ -61,7 +61,7 @@ function releaseMessages($emailaddresses, $mail_id_array) {
$result = $db->db->autoCommit(false);
$db->check_for_error($result, 'PEAR DB autoCommit(false)');
// Fill the arrays
// Fill the arrays
foreach ($mail_id_array as $mail_id_recip) {
// Get mail_id and recipient email address
@ -100,7 +100,7 @@ function releaseMessages($emailaddresses, $mail_id_array) {
// Other cases where:
// - content type is 'B' or 'V' but the logged in user is admin, therefore allowed to release message
// - content type is 'S' or 'H'
// - content type is 'S' or 'H'
} else {
// add message to be released to $hosts array
$release_messages[ $mail_id_recip ] = array(
@ -129,7 +129,7 @@ function releaseMessages($emailaddresses, $mail_id_array) {
// If release needs to be done
if ( is_array($hosts) && !empty($hosts) ) {
// For each host create socket, connect and release all messages pertaining to that host
// For each host create socket, connect and release all messages pertaining to that host
foreach ($hosts as $host => $message_info ) {
// Create new TCP/IP socket and try to connect to $host using this socket
@ -141,7 +141,7 @@ function releaseMessages($emailaddresses, $mail_id_array) {
$release_messages[ $mail_id_recip ][ 'status' ] = $am->last_error;
$nb_failure++;
}
else {
else {
foreach ($message_info as $mail_id_recip => $release_info) {
$socket_binding_result = $am->release_message(
$release_messages[ $mail_id_recip ][ 'mail_id' ],
@ -186,7 +186,7 @@ function releaseMessages($emailaddresses, $mail_id_array) {
$i = 0;
if ( $nb_failure > 0 ) {
foreach ($mail_id_array as $mail_id_recip) {
if ($release_messages[ $mail_id_recip ][ 'error_code' ] != 0) {
@ -217,7 +217,7 @@ function releaseMessages($emailaddresses, $mail_id_array) {
* @param array $emailaddresses recipient email address(es)
* @param array $mail_id_array containing mail_id of messages to be deleted
* @param bool $all false (default) or true, if true all messages will be deleted
* @result return array of messages whose release failed
* @result return array of messages whose release failed
*/
function updateMessages($flag, $content_type, $emailaddresses, $mail_id_array, $all = false) {

10
lib/Smtp.class.php
View File

@ -28,13 +28,13 @@ class SMTP
* @var int
*/
var $SMTP_PORT = 25;
/**
* SMTP reply line ending
* @var string
*/
var $CRLF = "\r\n";
/**
* Sets whether debugging is turned on
* @var bool
@ -502,7 +502,7 @@ class SMTP
}
$this->helo_rply = $rply;
return true;
}
@ -1034,6 +1034,4 @@ class SMTP
}
}
?>
?>

30
lib/Template.class.php
View File

@ -24,7 +24,7 @@ class Template {
var $title;
var $link;
var $dir_path;
/**
* Set the page's title
* @param string $title title of page
@ -32,13 +32,13 @@ class Template {
*/
function Template($title = '', $depth = 0) {
global $conf;
$this->title = (!empty($title)) ? $title : $conf['ui']['welcome'];
$this->dir_path = str_repeat('../', $depth);
$this->link = CmnFns::getNewLink();
//Auth::Auth(); // Starts session
}
/**
* Print all XHTML headers
* This function prints the HTML header code, CSS link, and JavaScript link
@ -51,7 +51,7 @@ class Template {
global $languages;
global $lang;
global $charset;
$path = $this->dir_path;
echo "<?xml version=\"1.0\" encoding=\"$charset\"?" . ">\n";
?>
@ -73,8 +73,7 @@ class Template {
<body>
<?php
}
/**
* Print welcome header message
* This function prints out a table welcoming
@ -86,7 +85,7 @@ class Template {
*/
function printWelcome() {
global $conf;
// Print out logoImage if it exists
echo (!empty($conf['ui']['logoImage']))
? '<div align="left"><img src="' . $conf['ui']['logoImage'] . '" alt="logo" vspace="5" /></div>'
@ -122,8 +121,7 @@ class Template {
</table>
<?php
}
/**
* Start main HTML table
* @param none
@ -136,8 +134,7 @@ class Template {
<td bgcolor="#FAFAFA">
<?php
}
/**
* End main HTML table
* @param none
@ -149,8 +146,7 @@ class Template {
</table>
<?php
}
/**
* Print HTML footer
* This function prints out a tech email
@ -165,7 +161,7 @@ class Template {
</html>
<?php
}
/**
* Sets the link class variable to reference a new Link object
* @param none
@ -173,16 +169,16 @@ class Template {
function set_link() {
$this->link = CmnFns::getNewLink();
}
/**
* Returns the link object
* @param none
* @return link object for this class
* @return link object for this class
*/
function get_link() {
return $this->link;
}
/**
* Sets a new title for the template page
* @param string $title title of page

574
lib/htmlfilter.php
View File

@ -17,10 +17,10 @@
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* @Author Konstantin Riabitsev <icon@linux.duke.edu>
@ -30,7 +30,7 @@
/**
* This is a debugging function used throughout the code. To enable
* debugging you have to specify a global variable called "debug" before
* calling sanitize() and set it to true.
* calling sanitize() and set it to true.
*
* Note: Although insignificantly, debugging does slow you down even
* when $debug is set to false. If you wish to get rid of all
@ -43,16 +43,16 @@
* @param $message A string with the message to output.
* @return void.
*/
function spew($message){
function spew($message) {
global $debug;
if ($debug == true){
if ($debug == true) {
echo "$message";
}
}
/**
* This function returns the final tag out of the tag name, an array
* of attributes, and the type of the tag. This function is called by
* of attributes, and the type of the tag. This function is called by
* sanitize internally.
*
* @param $tagname the name of the tag.
@ -60,20 +60,20 @@ function spew($message){
* @param $tagtype The type of the tag (see in comments).
* @return a string with the final tag representation.
*/
function tagprint($tagname, $attary, $tagtype){
function tagprint($tagname, $attary, $tagtype) {
$me = 'tagprint';
if ($tagtype == 2){
if ($tagtype == 2) {
$fulltag = '</' . $tagname . '>';
} else {
$fulltag = '<' . $tagname;
if (is_array($attary) && sizeof($attary)){
if (is_array($attary) && sizeof($attary)) {
$atts = Array();
while (list($attname, $attvalue) = each($attary)){
while (list($attname, $attvalue) = each($attary)) {
array_push($atts, "$attname=$attvalue");
}
$fulltag .= ' ' . join(' ', $atts);
}
if ($tagtype == 3){
if ($tagtype == 3) {
$fulltag .= ' /';
}
$fulltag .= '>';
@ -89,24 +89,24 @@ function tagprint($tagname, $attary, $tagtype){
* @param $val a value passed by-ref.
* @return void since it modifies a by-ref value.
*/
function casenormalize(&$val){
function casenormalize(&$val) {
$val = strtolower($val);
}
/**
* This function skips any whitespace from the current position within
* a string and to the next non-whitespace value.
*
*
* @param $body the string
* @param $offset the offset within the string where we should start
* looking for the next non-whitespace character.
* @return the location within the $body where the next
* non-whitespace char is located.
*/
function skipspace($body, $offset){
function skipspace($body, $offset) {
$me = 'skipspace';
preg_match('/^(\s*)/s', substr($body, $offset), $matches);
if (sizeof($matches{1})){
if (sizeof($matches{1})) {
$count = strlen($matches{1});
spew("$me: skipped $count chars\n");
$offset += $count;
@ -125,10 +125,10 @@ function skipspace($body, $offset){
* @return location of the next occurance of the needle, or
* strlen($body) if needle wasn't found.
*/
function findnxstr($body, $offset, $needle){
function findnxstr($body, $offset, $needle) {
$me = 'findnxstr';
$pos = strpos($body, $needle, $offset);
if ($pos === FALSE){
if ($pos === FALSE) {
$pos = strlen($body);
spew("$me: end of body reached\n");
}
@ -149,13 +149,13 @@ function findnxstr($body, $offset, $needle){
* - string with whatever content between offset and the match
* - string with whatever it is we matched
*/
function findnxreg($body, $offset, $reg){
function findnxreg($body, $offset, $reg) {
$me = 'findnxreg';
$matches = Array();
$retarr = Array();
$preg_rule = '%^(.*?)(' . $reg . ')%s';
preg_match($preg_rule, substr($body, $offset), $matches);
if (!isset($matches{0})){
if (!isset($matches{0})) {
spew("$me: No matches found.\n");
$retarr = false;
} else {
@ -181,14 +181,14 @@ function findnxreg($body, $offset, $reg){
* - integer where the tag ends (ending ">")
* first three members will be false, if the tag is invalid.
*/
function getnxtag($body, $offset){
function getnxtag($body, $offset) {
$me = 'getnxtag';
if ($offset > strlen($body)){
if ($offset > strlen($body)) {
spew("$me: Past the end of body\n");
return false;
}
$lt = findnxstr($body, $offset, '<');
if ($lt == strlen($body)){
if ($lt == strlen($body)) {
spew("$me: No more tags found!\n");
return false;
}
@ -199,7 +199,7 @@ function getnxtag($body, $offset){
*/
spew("$me: Found '<' at pos $lt\n");
$pos = skipspace($body, $lt + 1);
if ($pos >= strlen($body)){
if ($pos >= strlen($body)) {
spew("$me: End of body reached.\n");
return Array(false, false, false, $lt, strlen($body));
}
@ -213,40 +213,40 @@ function getnxtag($body, $offset){
* <img src="blah"/>
*/
$tagtype = false;
switch (substr($body, $pos, 1)){
case '/':
spew("$me: This is a closing tag (type 2)\n");
$tagtype = 2;
$pos++;
break;
case '!':
/**
* A comment or an SGML declaration.
*/
if (substr($body, $pos+1, 2) == '--'){
spew("$me: A comment found. Stripping.\n");
$gt = strpos($body, '-->', $pos);
if ($gt === false){
$gt = strlen($body);
switch (substr($body, $pos, 1)) {
case '/':
spew("$me: This is a closing tag (type 2)\n");
$tagtype = 2;
$pos++;
break;
case '!':
/**
* A comment or an SGML declaration.
*/
if (substr($body, $pos+1, 2) == '--') {
spew("$me: A comment found. Stripping.\n");
$gt = strpos($body, '-->', $pos);
if ($gt === false) {
$gt = strlen($body);
} else {
$gt += 2;
}
return Array(false, false, false, $lt, $gt);
} else {
$gt += 2;
spew("$me: An SGML declaration found. Stripping.\n");
$gt = findnxstr($body, $pos, '>');
return Array(false, false, false, $lt, $gt);
}
return Array(false, false, false, $lt, $gt);
} else {
spew("$me: An SGML declaration found. Stripping.\n");
$gt = findnxstr($body, $pos, '>');
return Array(false, false, false, $lt, $gt);
}
break;
default:
/**
* Assume tagtype 1 for now. If it's type 3, we'll switch values
* later.
*/
$tagtype = 1;
break;
break;
default:
/**
* Assume tagtype 1 for now. If it's type 3, we'll switch values
* later.
*/
$tagtype = 1;
break;
}
$tag_start = $pos;
$tagname = '';
/**
@ -259,56 +259,56 @@ function getnxtag($body, $offset){
}
list($pos, $tagname, $match) = $regary;
$tagname = strtolower($tagname);
/**
* $match can be either of these:
* '>' indicating the end of the tag entirely.
* '\s' indicating the end of the tag name.
* '/' indicating that this is type-3 xhtml tag.
*
*
* Whatever else we find there indicates an invalid tag.
*/
switch ($match){
case '/':
/**
* This is an xhtml-style tag with a closing / at the
* end, like so: <img src="blah"/>. Check if it's followed
* by the closing bracket. If not, then this tag is invalid
*/
if (substr($body, $pos, 2) == '/>'){
spew("$me: XHTML-style tag found.\n");
$pos++;
spew("$me: Setting tagtype to 3\n");
$tagtype = 3;
} else {
spew("$me: Found invalid character '/'.\n");
$gt = findnxstr($body, $pos, '>');
spew("$me: Tag is invalid. Returning.\n");
$retary = Array(false, false, false, $lt, $gt);
return $retary;
}
case '>':
spew("$me: End of tag found at $pos\n");
spew("$me: Tagname is '$tagname'\n");
spew("$me: This tag has no attributes\n");
return Array($tagname, false, $tagtype, $lt, $pos);
break;
default:
/**
* Check if it's whitespace
*/
if (preg_match('/\s/', $match)){
spew("$me: Tagname is '$tagname'\n");
} else {
switch ($match) {
case '/':
/**
* This is an invalid tag! Look for the next closing ">".
* This is an xhtml-style tag with a closing / at the
* end, like so: <img src="blah"/>. Check if it's followed
* by the closing bracket. If not, then this tag is invalid
*/
spew("$me: Invalid characters found in tag name: $match\n");
$gt = findnxstr($body, $lt, '>');
return Array(false, false, false, $lt, $gt);
}
if (substr($body, $pos, 2) == '/>') {
spew("$me: XHTML-style tag found.\n");
$pos++;
spew("$me: Setting tagtype to 3\n");
$tagtype = 3;
} else {
spew("$me: Found invalid character '/'.\n");
$gt = findnxstr($body, $pos, '>');
spew("$me: Tag is invalid. Returning.\n");
$retary = Array(false, false, false, $lt, $gt);
return $retary;
}
case '>':
spew("$me: End of tag found at $pos\n");
spew("$me: Tagname is '$tagname'\n");
spew("$me: This tag has no attributes\n");
return Array($tagname, false, $tagtype, $lt, $pos);
break;
default:
/**
* Check if it's whitespace
*/
if (preg_match('/\s/', $match)){
spew("$me: Tagname is '$tagname'\n");
} else {
/**
* This is an invalid tag! Look for the next closing ">".
*/
spew("$me: Invalid characters found in tag name: $match\n");
$gt = findnxstr($body, $lt, '>');
return Array(false, false, false, $lt, $gt);
}
}
/**
* At this point we're here:
* <tagname attribute='blah'>
@ -319,10 +319,10 @@ function getnxtag($body, $offset){
$attname = '';
$atttype = false;
$attary = Array();
while ($pos <= strlen($body)){
while ($pos <= strlen($body)) {
$pos = skipspace($body, $pos);
if ($pos == strlen($body)){
if ($pos == strlen($body)) {
/**
* Non-closed tag.
*/
@ -335,19 +335,19 @@ function getnxtag($body, $offset){
*/
$matches = Array();
preg_match('%^(\s*)(>|/>)%s', substr($body, $pos), $matches);
if (isset($matches{0}) && $matches{0}){
if (isset($matches{0}) && $matches{0}) {
/**
* Yep. So we did.
*/
spew("$me: Arrived at the end of the tag.\n");
$pos += strlen($matches{1});
if ($matches{2} == '/>'){
if ($matches{2} == '/>') {
$tagtype = 3;
$pos++;
}
return Array($tagname, $attary, $tagtype, $lt, $pos);
}
/**
* There are several types of attributes, with optional
* [:space:] between members.
@ -366,7 +366,7 @@ function getnxtag($body, $offset){
* attrname="yes".
*/
$regary = findnxreg($body, $pos, '[^\w\-_]');
if ($regary == false){
if ($regary == false) {
/**
* Looks like body ended before the end of tag.
*/
@ -385,121 +385,121 @@ function getnxtag($body, $offset){
* '\s' means a lot of things -- look what it's followed by.
* anything else means the attribute is invalid.
*/
switch($match){
case '/':
/**
* This is an xhtml-style tag with a closing / at the
* end, like so: <img src="blah"/>. Check if it's followed
* by the closing bracket. If not, then this tag is invalid
*/
if (substr($body, $pos, 2) == '/>'){
spew("$me: This is an xhtml-style tag.\n");
$pos++;
spew("$me: Setting tagtype to 3\n");
$tagtype = 3;
} else {
spew("$me: Found invalid character '/'.\n");
$gt = findnxstr($body, $pos, '>');
spew("$me: Tag is invalid. Returning.\n");
$retary = Array(false, false, false, $lt, $gt);
return $retary;
}
case '>':
spew("$me: found type 4 attribute.\n");
spew("$me: Additionally, end of tag found at $pos\n");
spew("$me: Attname is '$attname'\n");
spew("$me: Setting attvalue to 'yes'\n");
$attary{$attname} = '"yes"';
return Array($tagname, $attary, $tagtype, $lt, $pos);
break;
default:
/**
* Skip whitespace and see what we arrive at.
*/
$pos = skipspace($body, $pos);
$char = substr($body, $pos, 1);
/**
* Two things are valid here:
* '=' means this is attribute type 1 2 or 3.
* \w means this was attribute type 4.
* anything else we ignore and re-loop. End of tag and
* invalid stuff will be caught by our checks at the beginning
* of the loop.
*/
if ($char == '='){
spew("$me: Attribute type 1, 2, or 3 found.\n");
$pos++;
$pos = skipspace($body, $pos);
switch($match) {
case '/':
/**
* Here are 3 possibilities:
* "'" attribute type 1
* '"' attribute type 2
* everything else is the content of tag type 3
* This is an xhtml-style tag with a closing / at the
* end, like so: <img src="blah"/>. Check if it's followed
* by the closing bracket. If not, then this tag is invalid
*/
$quot = substr($body, $pos, 1);
if ($quot == '\''){
spew("$me: In fact, this is attribute type 1\n");
spew("$me: looking for closing quote\n");
$regary = findnxreg($body, $pos+1, '\'');
if ($regary == false){
spew("$me: end of body reached before end of val\n");
spew("$me: Returning\n");
return Array(false, false, false, $lt, strlen($body));
}
list($pos, $attval, $match) = $regary;
spew("$me: Attvalue is '$attval'\n");
if (substr($body, $pos, 2) == '/>') {
spew("$me: This is an xhtml-style tag.\n");
$pos++;
$attary{$attname} = '\'' . $attval . '\'';
} else if ($quot == '"'){
spew("$me: In fact, this is attribute type 2\n");
spew("$me: looking for closing quote\n");
$regary = findnxreg($body, $pos+1, '\"');
if ($regary == false){
spew("$me: end of body reached before end of val\n");
spew("$me: Returning\n");
return Array(false, false, false, $lt, strlen($body));
}
list($pos, $attval, $match) = $regary;
spew("$me: Attvalue is \"$attval\"\n");
$pos++;
$attary{$attname} = '"' . $attval . '"';
spew("$me: Setting tagtype to 3\n");
$tagtype = 3;
} else {
spew("$me: This looks like attribute type 3\n");
/**
* These are hateful. Look for \s, or >.
*/
spew("$me: Looking for end of attval\n");
$regary = findnxreg($body, $pos, '[\s>]');
if ($regary == false){
spew("$me: end of body reached before end of val\n");
spew("$me: Returning\n");
return Array(false, false, false, $lt, strlen($body));
}
list($pos, $attval, $match) = $regary;
/**
* If it's ">" it will be caught at the top.
*/
spew("$me: translating '\"' into &quot;\n");
$attval = preg_replace('/\"/s', '&quot;', $attval);
spew("$me: wrapping in quotes\n");
$attary{$attname} = '"' . $attval . '"';
spew("$me: Found invalid character '/'.\n");
$gt = findnxstr($body, $pos, '>');
spew("$me: Tag is invalid. Returning.\n");
$retary = Array(false, false, false, $lt, $gt);
return $retary;
}
} else if (preg_match('|[\w/>]|', $char)) {
/**
* That was attribute type 4.
*/
spew("$me: attribute type 4 found.\n");
spew("$me: Setting value to 'yes'\n");
case '>':
spew("$me: found type 4 attribute.\n");
spew("$me: Additionally, end of tag found at $pos\n");
spew("$me: Attname is '$attname'\n");
spew("$me: Setting attvalue to 'yes'\n");
$attary{$attname} = '"yes"';
} else {
return Array($tagname, $attary, $tagtype, $lt, $pos);
break;
default:
/**
* An illegal character. Find next '>' and return.
* Skip whitespace and see what we arrive at.
*/
spew("$me: illegal character '$char' found.\n");
spew("$me: returning\n");
$gt = findnxstr($body, $pos, '>');
return Array(false, false, false, $lt, $gt);
}
$pos = skipspace($body, $pos);
$char = substr($body, $pos, 1);
/**
* Two things are valid here:
* '=' means this is attribute type 1 2 or 3.
* \w means this was attribute type 4.
* anything else we ignore and re-loop. End of tag and
* invalid stuff will be caught by our checks at the beginning
* of the loop.
*/
if ($char == '=') {
spew("$me: Attribute type 1, 2, or 3 found.\n");
$pos++;
$pos = skipspace($body, $pos);
/**
* Here are 3 possibilities:
* "'" attribute type 1
* '"' attribute type 2
* everything else is the content of tag type 3
*/
$quot = substr($body, $pos, 1);
if ($quot == '\'') {
spew("$me: In fact, this is attribute type 1\n");
spew("$me: looking for closing quote\n");
$regary = findnxreg($body, $pos+1, '\'');
if ($regary == false) {
spew("$me: end of body reached before end of val\n");
spew("$me: Returning\n");
return Array(false, false, false, $lt, strlen($body));
}
list($pos, $attval, $match) = $regary;
spew("$me: Attvalue is '$attval'\n");
$pos++;
$attary{$attname} = '\'' . $attval . '\'';
} else if ($quot == '"') {
spew("$me: In fact, this is attribute type 2\n");
spew("$me: looking for closing quote\n");
$regary = findnxreg($body, $pos+1, '\"');
if ($regary == false) {
spew("$me: end of body reached before end of val\n");
spew("$me: Returning\n");
return Array(false, false, false, $lt, strlen($body));
}
list($pos, $attval, $match) = $regary;
spew("$me: Attvalue is \"$attval\"\n");
$pos++;
$attary{$attname} = '"' . $attval . '"';
} else {
spew("$me: This looks like attribute type 3\n");
/**
* These are hateful. Look for \s, or >.
*/
spew("$me: Looking for end of attval\n");
$regary = findnxreg($body, $pos, '[\s>]');
if ($regary == false) {
spew("$me: end of body reached before end of val\n");
spew("$me: Returning\n");
return Array(false, false, false, $lt, strlen($body));
}
list($pos, $attval, $match) = $regary;
/**
* If it's ">" it will be caught at the top.
*/
spew("$me: translating '\"' into &quot;\n");
$attval = preg_replace('/\"/s', '&quot;', $attval);
spew("$me: wrapping in quotes\n");
$attary{$attname} = '"' . $attval . '"';
}
} else if (preg_match('|[\w/>]|', $char)) {
/**
* That was attribute type 4.
*/
spew("$me: attribute type 4 found.\n");
spew("$me: Setting value to 'yes'\n");
$attary{$attname} = '"yes"';
} else {
/**
* An illegal character. Find next '>' and return.
*/
spew("$me: illegal character '$char' found.\n");
spew("$me: returning\n");
$gt = findnxstr($body, $pos, '>');
return Array(false, false, false, $lt, $gt);
}
}
}
/**
@ -518,18 +518,18 @@ function getnxtag($body, $offset){
* @param $hex whether the entites are hexadecimal.
* @return True or False depending on whether there were matches.
*/
function deent(&$attvalue, $regex, $hex=false){
function deent(&$attvalue, $regex, $hex=false) {
$me = 'deent';
spew("$me: matching '$regex' against: $attvalue\n");
$ret_match = false;
preg_match_all($regex, $attvalue, $matches);
if (is_array($matches) && sizeof($matches[0]) > 0){
if (is_array($matches) && sizeof($matches[0]) > 0) {
spew("$me: found " . sizeof($matches[0]) . " matches\n");
$repl = Array();
for ($i = 0; $i < sizeof($matches[0]); $i++){
for ($i = 0; $i < sizeof($matches[0]); $i++) {
$numval = $matches[1][$i];
spew("$me: numval is $numval\n");
if ($hex){
if ($hex) {
$numval = hexdec($numval);
spew("$me: hex! Numval is now $numval\n");
}
@ -552,14 +552,15 @@ function deent(&$attvalue, $regex, $hex=false){
* @param $attvalue A string to run entity check against.
* @return Nothing, modifies a reference value.
*/
function defang(&$attvalue){
function defang(&$attvalue) {
$me = 'defang';
/**
* Skip this if there aren't ampersands or backslashes.
*/
spew("$me: Checking '$attvalue' for suspicious content\n");
if (strpos($attvalue, '&') === false
&& strpos($attvalue, '\\') === false){
&& strpos($attvalue, '\\') === false)
{
spew("$me: no suspicious content found, returning.\n");
return;
}
@ -579,15 +580,15 @@ function defang(&$attvalue){
* Kill any tabs, newlines, or carriage returns. Our friends the
* makers of the browser with 95% market value decided that it'd
* be funny to make "java[tab]script" be just as good as "javascript".
*
*
* @param attvalue The attribute value before extraneous spaces removed.
* @return attvalue Nothing, modifies a reference value.
*/
function unspace(&$attvalue){
$me = 'unspace';
if (strcspn($attvalue, "\t\r\n\0 ") != strlen($attvalue)){
if (strcspn($attvalue, "\t\r\n\0 ") != strlen($attvalue)) {
spew("$me: Killing whitespace.\n");
$attvalue = str_replace(Array("\t", "\r", "\n", "\0", " "),
$attvalue = str_replace(Array("\t", "\r", "\n", "\0", " "),
Array('', '', ''), $attvalue);
}
spew("$me: after unspace: $attvalue\n");
@ -603,22 +604,17 @@ function unspace(&$attvalue){
* @param $add_attr_to_tag See description for sanitize
* @return Array with modified attributes.
*/
function fixatts($tagname,
$attary,
$rm_attnames,
$bad_attvals,
$add_attr_to_tag
){
function fixatts($tagname, $attary, $rm_attnames, $bad_attvals, $add_attr_to_tag) {
$me = 'fixatts';
spew("$me: Fixing attributes\n");
while (list($attname, $attvalue) = each($attary)){
while (list($attname, $attvalue) = each($attary)) {
/**
* See if this attribute should be removed.
*/
foreach ($rm_attnames as $matchtag=>$matchattrs){
if (preg_match($matchtag, $tagname)){
foreach ($matchattrs as $matchattr){
if (preg_match($matchattr, $attname)){
foreach ($rm_attnames as $matchtag=>$matchattrs) {
if (preg_match($matchtag, $tagname)) {
foreach ($matchattrs as $matchattr) {
if (preg_match($matchattr, $attname)) {
spew("$me: Attribute '$attname' defined as bad.\n");
spew("$me: Removing.\n");
unset($attary{$attname});
@ -632,17 +628,17 @@ function fixatts($tagname,
*/
defang($attvalue);
unspace($attvalue);
/**
* Now let's run checks on the attvalues.
* I don't expect anyone to comprehend this. If you do,
* get in touch with me so I can drive to where you live and
* shake your hand personally. :)
*/
foreach ($bad_attvals as $matchtag=>$matchattrs){
if (preg_match($matchtag, $tagname)){
foreach ($matchattrs as $matchattr=>$valary){
if (preg_match($matchattr, $attname)){
foreach ($bad_attvals as $matchtag=>$matchattrs) {
if (preg_match($matchtag, $tagname)) {
foreach ($matchattrs as $matchattr=>$valary) {
if (preg_match($matchattr, $attname)) {
/**
* There are two arrays in valary.
* First is matches.
@ -650,7 +646,7 @@ function fixatts($tagname,
*/
list($valmatch, $valrepl) = $valary;
$newvalue = preg_replace($valmatch,$valrepl,$attvalue);
if ($newvalue != $attvalue){
if ($newvalue != $attvalue) {
spew("$me: attvalue is now $newvalue\n");
$attary{$attname} = $newvalue;
}
@ -662,8 +658,8 @@ function fixatts($tagname,
/**
* See if we need to append any attributes to this tag.
*/
foreach ($add_attr_to_tag as $matchtag=>$addattary){
if (preg_match($matchtag, $tagname)){
foreach ($add_attr_to_tag as $matchtag=>$addattary) {
if (preg_match($matchtag, $tagname)) {
$attary = array_merge($attary, $addattary);
spew("$me: Added attributes to this tag\n");
}
@ -689,8 +685,8 @@ function fixatts($tagname,
*
* Examples:
* $tag_list = Array(
* false,
* "blink",
* false,
* "blink",
* "link",
* "object",
* "meta",
@ -698,17 +694,17 @@ function fixatts($tagname,
* "html"
* );
*
* This will allow all tags except for blink, link, object, meta, marquee,
* This will allow all tags except for blink, link, object, meta, marquee,
* and html.
*
* $tag_list = Array(
* true,
* "b",
* "a",
* "i",
* "img",
* "strong",
* "em",
* true,
* "b",
* "a",
* "i",
* "img",
* "strong",
* "em",
* "p"
* );
*
@ -723,7 +719,7 @@ function fixatts($tagname,
* Example:
* $rm_tags_with_content = Array(
* "script",
* "style",
* "style",
* "applet",
* "embed"
* );
@ -732,7 +728,7 @@ function fixatts($tagname,
* <script>
* window.alert("Isn't cross-site-scripting fun?!");
* </script>
*
*
* $self_closing_tags
* ------------------
* This is a simple one-dimentional array of strings, which specifies which
@ -741,10 +737,10 @@ function fixatts($tagname,
* Example:
* $self_closing_tags = Array(
* "img",
* "br",
* "br",
* "hr",
* "input"
* );
* );
*
* $force_tag_closing
* ------------------
@ -757,7 +753,7 @@ function fixatts($tagname,
* Now we come to parameters that are more obscure. This parameter is
* a nested array which is used to specify which attributes should be
* removed. It goes like so:
*
*
* $rm_attnames = Array(
* "PCRE regex to match tag name" =>
* Array(
@ -770,7 +766,7 @@ function fixatts($tagname,
* "|.*|" =>
* Array(
* "|target|i",
* "|^on.*|i"
* "|^on.*|i"
* )
* );
*
@ -829,33 +825,33 @@ function fixatts($tagname,
* );
*
* This will take care of nearly all known cross-site scripting exploits,
* plus some (see my filter sample at
* plus some (see my filter sample at
* http://www.mricon.com/html/phpfilter.html for a working version).
*
* $add_attr_to_tag
* ----------------
* This is a useful little feature which lets you add attributes to
* This is a useful little feature which lets you add attributes to
* certain tags. It is a nested array as well, but not at all like
* the previous one. It goes like so:
*
*
* $add_attr_to_tag = Array(
* "PCRE regex to match tag name" =>
* Array(
* "attribute name"=>'"attribute value"'
* )
* );
*
*
* Note: don't forget quotes around attribute value.
*
*
* Example:
*
*
* $add_attr_to_tag = Array(
* "/^a$/si" =>
* "/^a$/si" =>
* Array(
* 'target'=>'"_new"'
* )
* );
*
*
* This will change all <a> tags and add target="_new" to them so all links
* open in a new window.
*
@ -871,15 +867,7 @@ function fixatts($tagname,
* @param $add_attr_to_tag see description above
* @return sanitized html safe to show on your pages.
*/
function sanitize($body,
$tag_list,
$rm_tags_with_content,
$self_closing_tags,
$force_tag_closing,
$rm_attnames,
$bad_attvals,
$add_attr_to_tag
){
function sanitize($body, $tag_list, $rm_tags_with_content, $self_closing_tags, $force_tag_closing, $rm_attnames, $bad_attvals, $add_attr_to_tag) {
$me = 'sanitize';
/**
* Normalize rm_tags and rm_tags_with_content.
@ -903,22 +891,22 @@ function sanitize($body,
*/
$body = preg_replace('/&(\{.*?\};)/si', '&amp;\\1', $body);
spew("$me: invoking the loop\n");
while (($curtag = getnxtag($body, $curpos)) != FALSE){
while (($curtag = getnxtag($body, $curpos)) != FALSE) {
list($tagname, $attary, $tagtype, $lt, $gt) = $curtag;
spew("$me: grabbing free-standing content\n");
$free_content = substr($body, $curpos, $lt - $curpos);
spew("$me: " . strlen($free_content) . " chars grabbed\n");
if ($skip_content == false){
if ($skip_content == false) {
spew("$me: appending free content to trusted.\n");
$trusted .= $free_content;
} else {
spew("$me: Skipping free content.\n");
}
if ($tagname != FALSE){
if ($tagname != FALSE) {
spew("$me: tagname is '$tagname'\n");
if ($tagtype == 2){
if ($tagtype == 2) {
spew("$me: This is a closing tag\n");
if ($skip_content == $tagname){
if ($skip_content == $tagname) {
/**
* Got to the end of tag we needed to remove.
*/
@ -926,9 +914,8 @@ function sanitize($body,
$tagname = false;
$skip_content = false;
} else {
if ($skip_content == false){
if (isset($open_tags{$tagname}) &&
$open_tags{$tagname} > 0){
if ($skip_content == false) {
if (isset($open_tags{$tagname}) && $open_tags{$tagname} > 0) {
spew("$me: popping '$tagname' from open_tags\n");
$open_tags{$tagname}--;
} else {
@ -949,8 +936,7 @@ function sanitize($body,
* See if this is a self-closing type and change
* tagtype appropriately.
*/
if ($tagtype == 1
&& in_array($tagname, $self_closing_tags)){
if ($tagtype == 1 && in_array($tagname, $self_closing_tags)) {
spew("$me: Self-closing tag. Changing tagtype.\n");
$tagtype = 3;
}
@ -958,21 +944,19 @@ function sanitize($body,
* See if we should skip this tag and any content
* inside it.
*/
if ($tagtype == 1
&& in_array($tagname, $rm_tags_with_content)){
if ($tagtype == 1 && in_array($tagname, $rm_tags_with_content)) {
spew("$me: removing this tag with content\n");
$skip_content = $tagname;
} else {
if (($rm_tags == false
&& in_array($tagname, $tag_list)) ||
($rm_tags == true
&& !in_array($tagname, $tag_list))){
if (($rm_tags == false && in_array($tagname, $tag_list)) ||
($rm_tags == true && !in_array($tagname, $tag_list)))
{
spew("$me: Removing this tag.\n");
$tagname = false;
} else {
if ($tagtype == 1){
if ($tagtype == 1) {
spew("$me: adding '$tagname' to open_tags\n");
if (isset($open_tags{$tagname})){
if (isset($open_tags{$tagname})) {
$open_tags{$tagname}++;
} else {
$open_tags{$tagname} = 1;
@ -981,12 +965,8 @@ function sanitize($body,
/**
* This is where we run other checks.
*/
if (is_array($attary) && sizeof($attary) > 0){
$attary = fixatts($tagname,
$attary,
$rm_attnames,
$bad_attvals,
$add_attr_to_tag);
if (is_array($attary) && sizeof($attary) > 0) {
$attary = fixatts($tagname, $attary, $rm_attnames, $bad_attvals, $add_attr_to_tag);
}
}
}
@ -994,7 +974,7 @@ function sanitize($body,
spew("$me: Skipping this tag\n");
}
}
if ($tagname != false && $skip_content == false){
if ($tagname != false && $skip_content == false) {
spew("$me: Appending tag to trusted.\n");
$trusted .= tagprint($tagname, $attary, $tagtype);
}
@ -1005,9 +985,9 @@ function sanitize($body,
}
spew("$me: Appending any leftover content\n");
$trusted .= substr($body, $curpos, strlen($body) - $curpos);
if ($force_tag_closing == true){
foreach ($open_tags as $tagname=>$opentimes){
while ($opentimes > 0){
if ($force_tag_closing == true) {
foreach ($open_tags as $tagname=>$opentimes) {
while ($opentimes > 0) {
spew("$me: '$tagname' left open. Closing by force.\n");
$trusted .= '</' . $tagname . '>';
$opentimes--;