1 --- roundcube/program/steps/mail/func.inc 2007-10-17 08:50:28.000000000 +0200
2 +++ roundcube/program/steps/mail/func.inc 2008-01-22 21:59:30.000000000 +0100
7 +/* Stolen from Squirrelmail */
8 +function sq_deent(&$attvalue, $regex, $hex=false){
10 + preg_match_all($regex, $attvalue, $matches);
11 + if (is_array($matches) && sizeof($matches[0]) > 0){
13 + for ($i = 0; $i < sizeof($matches[0]); $i++){
14 + $numval = $matches[1][$i];
16 + $numval = hexdec($numval);
18 + $repl{$matches[0][$i]} = chr($numval);
20 + $attvalue = strtr($attvalue, $repl);
27 +/* Stolen verbatim from Squirrelmail */
28 +function sq_defang(&$attvalue){
30 + * Skip this if there aren't ampersands or backslashes.
32 + if (strpos($attvalue, '&') === false
33 + && strpos($attvalue, '\\') === false){
39 + $m = $m || sq_deent($attvalue, '/\�*(\d+);*/s');
40 + $m = $m || sq_deent($attvalue, '/\�*((\d|[a-f])+);*/si', true);
41 + $m = $m || sq_deent($attvalue, '/\\\\(\d+)/s', true);
42 + } while ($m == true);
43 + $attvalue = stripslashes($attvalue);
46 +function rcmail_html_filter($html)
48 + preg_match_all('/<\/?\w+((\s+\w+(\s*=\s*(?:".*?"|\'.*?\'|[^\'">\s]+))?)+\s*|\s*)\/?>/', $html, $tags);
50 + /* From Squirrelmail: Translate all dangerous Unicode or Shift_JIS characters which are accepted by
51 + * IE as regular characters. */
52 + $replace = array(array('ʟ', 'ʟ' ,/* L UNICODE IPA Extension */
53 + 'ʀ', 'ʀ' ,/* R UNICODE IPA Extension */
54 + 'ɴ', 'ɴ' ,/* N UNICODE IPA Extension */
55 + 'E', 'E' ,/* Unicode FULLWIDTH LATIN CAPITAL LETTER E */
56 + 'e', 'e' ,/* Unicode FULLWIDTH LATIN SMALL LETTER E */
57 + 'X', 'X',/* Unicode FULLWIDTH LATIN CAPITAL LETTER X */
58 + 'x', 'x',/* Unicode FULLWIDTH LATIN SMALL LETTER X */
59 + 'P', 'P',/* Unicode FULLWIDTH LATIN CAPITAL LETTER P */
60 + 'p', 'p',/* Unicode FULLWIDTH LATIN SMALL LETTER P */
61 + 'R', 'R',/* Unicode FULLWIDTH LATIN CAPITAL LETTER R */
62 + 'r', 'r',/* Unicode FULLWIDTH LATIN SMALL LETTER R */
63 + 'S', 'S',/* Unicode FULLWIDTH LATIN CAPITAL LETTER S */
64 + 's', 's',/* Unicode FULLWIDTH LATIN SMALL LETTER S */
65 + 'I', 'I',/* Unicode FULLWIDTH LATIN CAPITAL LETTER I */
66 + 'i', 'i',/* Unicode FULLWIDTH LATIN SMALL LETTER I */
67 + 'O', 'O',/* Unicode FULLWIDTH LATIN CAPITAL LETTER O */
68 + 'o', 'o',/* Unicode FULLWIDTH LATIN SMALL LETTER O */
69 + 'N', 'N',/* Unicode FULLWIDTH LATIN CAPITAL LETTER N */
70 + 'n', 'n',/* Unicode FULLWIDTH LATIN SMALL LETTER N */
71 + 'L', 'L',/* Unicode FULLWIDTH LATIN CAPITAL LETTER L */
72 + 'l', 'l',/* Unicode FULLWIDTH LATIN SMALL LETTER L */
73 + 'U', 'U',/* Unicode FULLWIDTH LATIN CAPITAL LETTER U */
74 + 'u', 'u',/* Unicode FULLWIDTH LATIN SMALL LETTER U */
75 + 'ⁿ', 'ⁿ' ,/* Unicode SUPERSCRIPT LATIN SMALL LETTER N */
76 + "\xEF\xBC\xA5", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER E */
77 + /* in unicode this is some Chinese char range */
78 + "\xEF\xBD\x85", /* Shift JIS FULLWIDTH LATIN SMALL LETTER E */
79 + "\xEF\xBC\xB8", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER X */
80 + "\xEF\xBD\x98", /* Shift JIS FULLWIDTH LATIN SMALL LETTER X */
81 + "\xEF\xBC\xB0", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER P */
82 + "\xEF\xBD\x90", /* Shift JIS FULLWIDTH LATIN SMALL LETTER P */
83 + "\xEF\xBC\xB2", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER R */
84 + "\xEF\xBD\x92", /* Shift JIS FULLWIDTH LATIN SMALL LETTER R */
85 + "\xEF\xBC\xB3", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER S */
86 + "\xEF\xBD\x93", /* Shift JIS FULLWIDTH LATIN SMALL LETTER S */
87 + "\xEF\xBC\xA9", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER I */
88 + "\xEF\xBD\x89", /* Shift JIS FULLWIDTH LATIN SMALL LETTER I */
89 + "\xEF\xBC\xAF", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER O */
90 + "\xEF\xBD\x8F", /* Shift JIS FULLWIDTH LATIN SMALL LETTER O */
91 + "\xEF\xBC\xAE", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER N */
92 + "\xEF\xBD\x8E", /* Shift JIS FULLWIDTH LATIN SMALL LETTER N */
93 + "\xEF\xBC\xAC", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER L */
94 + "\xEF\xBD\x8C", /* Shift JIS FULLWIDTH LATIN SMALL LETTER L */
95 + "\xEF\xBC\xB5", /* Shift JIS FULLWIDTH LATIN CAPITAL LETTER U */
96 + "\xEF\xBD\x95", /* Shift JIS FULLWIDTH LATIN SMALL LETTER U */
97 + "\xE2\x81\xBF", /* Shift JIS FULLWIDTH SUPERSCRIPT N */
98 + "\xCA\x9F", /* L UNICODE IPA Extension */
99 + "\xCA\x80", /* R UNICODE IPA Extension */
100 + "\xC9\xB4"), /* N UNICODE IPA Extension */
101 + array('l', 'l', 'r', 'r', 'n', 'n', 'E', 'E', 'e', 'e', 'X', 'X', 'x', 'x',
102 + 'P', 'P', 'p', 'p', 'R', 'R', 'r', 'r', 'S', 'S', 's', 's', 'I', 'I',
103 + 'i', 'i', 'O', 'O', 'o', 'o', 'N', 'N', 'n', 'n', 'L', 'L', 'l', 'l',
104 + 'U', 'U', 'u', 'u', 'n', 'n', 'E', 'e', 'X', 'x', 'P', 'p', 'R', 'r',
105 + 'S', 's', 'I', 'i', 'O', 'o', 'N', 'n', 'L', 'l', 'U', 'u', 'n', 'l', 'r', 'n'));
106 + if ((count($tags)>3) && (count($tags[3])>0))
107 + foreach ($tags[3] as $nr=>$value)
109 + /* Remove comments */
110 + $newvalue = preg_replace('/(\/\*.*\*\/)/','$2',$value);
111 + /* Translate dangerous characters */
112 + $newvalue = str_replace($replace[0], $replace[1], $newvalue);
113 + sq_defang($newvalue);
114 + /* Rename dangerous CSS */
115 + $newvalue = preg_replace('/expression/i', 'idiocy', $newvalue);
116 + $newvalue = preg_replace('/url/i', 'idiocy', $newvalue);
117 + $newattrs = preg_replace('/'.preg_quote($value, '/').'$/', $newvalue, $tags[1][$nr]);
118 + $newtag = preg_replace('/'.preg_quote($tags[1][$nr], '/').'/', $newattrs, $tags[0][$nr]);
119 + $html = preg_replace('/'.preg_quote($tags[0][$nr], '/').'/', $newtag, $html);
126 function rcmail_print_body($part, $safe=FALSE, $plain=FALSE)
129 $body = preg_replace($remote_patterns, $remote_replaces, $body);
132 - return Q($body, 'show', FALSE);
133 + return Q(rcmail_html_filter($body), 'show', FALSE);