| [ Index ] |
|
Code source de IMP H3 (4.1.5) |
1 <?php 2 3 require_once 'Horde/MIME/Viewer/html.php'; 4 5 /** 6 * The MIME_Viewer_html class renders out HTML text with an effort to 7 * remove potentially malicious code. 8 * 9 * $Horde: imp/lib/MIME/Viewer/html.php,v 1.75.2.25 2007/09/11 10:22:34 jan Exp $ 10 * 11 * Copyright 1999-2007 Anil Madhavapeddy <anil@recoil.org> 12 * Copyright 1999-2007 Jon Parise <jon@recoil.org> 13 * Copyright 2002-2007 Michael Slusarz <slusarz@horde.org> 14 * 15 * See the enclosed file COPYING for license information (GPL). If you 16 * did not receive this file, see http://www.fsf.org/copyleft/gpl.html. 17 * 18 * @author Anil Madhavapeddy <anil@recoil.org> 19 * @author Jon Parise <jon@horde.org> 20 * @author Michael Slusarz <slusarz@horde.org> 21 * @since IMP 3.0 22 * @package Horde_MIME_Viewer 23 */ 24 class IMP_MIME_Viewer_html extends MIME_Viewer_html { 25 26 /** 27 * Render out the currently set contents. 28 * 29 * @param array $params An array with a reference to a MIME_Contents 30 * object. 31 * 32 * @return string The rendered text in HTML. 33 */ 34 function render($params) 35 { 36 $contents = &$params[0]; 37 38 $attachment = $contents->viewAsAttachment(); 39 40 /* Sanitize the HTML. */ 41 $data = $this->_cleanHTML($this->mime_part->getContents()); 42 43 /* Search for inlined images that we can display. */ 44 $related = $this->mime_part->getInformation('related_part'); 45 if ($related !== false) { 46 $relatedPart = $contents->getMIMEPart($related); 47 foreach ($relatedPart->getCIDList() as $ref => $id) { 48 $id = trim($id, '<>'); 49 $cid_part = $contents->getDecodedMIMEPart($ref); 50 $data = str_replace("cid:$id", $contents->urlView($cid_part, 'view_attach'), $data); 51 } 52 } 53 54 /* Convert links to open in new windows. But first we hide all links 55 * that have an "#xyz" anchor and ignore all links that already have a 56 * target. */ 57 $data = preg_replace( 58 array('|<a([^>]*\s+href=["\']?(#\|mailto:))|i', 59 '|<a([^>]*)\s+target=["\']?[^>"\'\s]*["\']?|i', 60 '|<a\s|i', 61 "|\x01|"), 62 array("<\x01\\1", 63 "<\x01\\1", 64 "<\x01 \\1 target=\"_blank\"", 65 '<a target="_blank" ', 66 'a '), 67 $data); 68 69 /* Turn mailto: links into our own compose links. */ 70 if (!$attachment) { 71 $data = preg_replace_callback('/href\s*=\s*(["\'])?mailto:((?(1)[^\1]*?|[^\s>]+))(?(1)\1|)/i', 72 create_function('$m', 'return \'href="\' . IMP::composeLink($m[2]) . \'"\';'), 73 $data); 74 } 75 76 /* Filter bad language. */ 77 $data = IMP::filterText($data); 78 79 if ($attachment) { 80 $charset = $this->mime_part->getCharset(); 81 } else { 82 $charset = NLS::getCharset(); 83 /* Put div around message. */ 84 $data = '<div id="html-message">' . $data . '</div>'; 85 } 86 87 /* Only display images if specifically allowed by user. */ 88 if (!IMP::printMode() && 89 $GLOBALS['prefs']->getValue('html_image_replacement')) { 90 91 /* Check to see if images exist. */ 92 $img_regex = '/(<img[^>]*src=|<input[^>]*src=|<body[^>]*background=|<td[^>]*background=|<table[^>]*background=|style=[^>]*background-image:.*url\()\s*(["\'])?((?(2)[^"\'>]*|[^\s>]*))(?(2)"|)/is'; 93 if (preg_match($img_regex, $data)) { 94 /* Make sure the URL parameters are correct for the current 95 message. */ 96 $url = Util::removeParameter(Horde::selfUrl(true), array('index')); 97 if (!$attachment) { 98 $url = Util::removeParameter($url, array('actionID')); 99 } 100 $base_ob = &$contents->getBaseObjectPtr(); 101 $url = Util::addParameter($url, 'index', $base_ob->getMessageIndex()); 102 103 $view_img = Util::getFormData('view_html_images'); 104 $addr_check = ($GLOBALS['prefs']->getValue('html_image_addrbook') && $this->_inAddressBook($contents)); 105 106 if (!$view_img && !$addr_check) { 107 $block_img = 'spacer_red.png'; 108 $msg = array(String::convertCharset(_("This HTML message has images embedded in it. Blocked images appear like this: "), NLS::getCharset(), $charset) . Horde::img($block_img, null, 'height="10" width="10"')); 109 $newSrc = Horde::url($GLOBALS['registry']->getImageDir('imp') . '/' . $block_img); 110 $data = preg_replace($img_regex, '\\1"' . $newSrc . '"', $data); 111 $url = Util::addParameter($url, 'view_html_images', 1); 112 $attributes = $attachment ? array('style' => 'color:blue') : array(); 113 $msg[] = Horde::link($url, String::convertCharset(_("Show the Images"), NLS::getCharset(), $charset), null, null, null, String::convertCharset(_("Show the Images"), NLS::getCharset(), $charset), null, $attributes) . String::convertCharset(_("Click here to SHOW the Images"), NLS::getCharset(), $charset) . '</a>.'; 114 } elseif ($addr_check) { 115 $msg = array(String::convertCharset(_("This HTML message has images embedded in it."), NLS::getCharset(), $charset), String::convertCharset(_("The images will be displayed because the sender is present in your addressbook."), NLS::getCharset(), $charset)); 116 } 117 118 if (isset($msg)) { 119 $msg = $contents->formatStatusMsg($msg, Horde::img('mime/image.png', _("View the Images")), false); 120 if ($attachment) { 121 $msg = '<span style="background-color:white;color:black">' . nl2br($msg) . '</span><br />'; 122 } 123 if (stristr($data, '<body') === false) { 124 $data = $msg . $data; 125 } else { 126 $data = preg_replace('/(.*<body.*?>)(.*)/is', '$1' . $msg . '$2', $data); 127 } 128 } 129 } 130 } 131 132 /* If we are viewing inline, give option to view in separate window. */ 133 if (!$attachment && $this->getConfigParam('external')) { 134 $msg = sprintf(_("Click %s to view HTML content in a separate window."), $contents->linkViewJS($this->mime_part, 'view_attach', _("HERE"), _("View HTML content in a separate window"))); 135 $data = $contents->formatStatusMsg($msg, Horde::img('mime/html.png', _("HTML")), false) . $data; 136 } 137 138 return $data; 139 } 140 141 /** 142 * Determine whether the sender appears in an available addressbook. 143 * 144 * @access private 145 * 146 * @param MIME_Contents &$contents The MIME_Contents object. 147 * 148 * @return boolean Does the sender appear in an addressbook? 149 */ 150 function _inAddressBook(&$contents) 151 { 152 global $registry, $prefs; 153 154 /* If we don't have access to the sender information, return false. */ 155 $base_ob = &$contents->getBaseObjectPtr(); 156 157 /* If we don't have a contacts provider available, give up. */ 158 if (!$registry->hasMethod('contacts/getField')) { 159 return false; 160 } 161 162 $sources = explode("\t", $prefs->getValue('search_sources')); 163 if ((count($sources) == 1) && empty($sources[0])) { 164 $sources = array(); 165 } 166 167 /* Try to get back a result from the search. */ 168 $result = $registry->call('contacts/getField', array($base_ob->getFromAddress(), '__key', $sources)); 169 if (is_a($result, 'PEAR_Error')) { 170 return false; 171 } else { 172 return (count($result) ? true : false); 173 } 174 } 175 176 }
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Thu Nov 29 12:30:07 2007 | par Balluche grâce à PHPXref 0.7 |
|
|