From 97bd2c0537bc3edb3751b3020f37e680944ac41c Mon Sep 17 00:00:00 2001 From: thomascube Date: Sat, 29 Sep 2007 18:15:05 +0000 Subject: Filter linked/imported CSS files (#1484056) --- program/steps/mail/func.inc | 74 +++++++++++++++++++-------------------------- 1 file changed, 31 insertions(+), 43 deletions(-) (limited to 'program/steps') diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc index 0712ef8df..30d60e6da 100644 --- a/program/steps/mail/func.inc +++ b/program/steps/mail/func.inc @@ -946,16 +946,21 @@ function rcmail_sanitize_html($body, $container_id) // remove any null-byte characters before parsing $body = preg_replace('/\x00/', '', $body); + $base_url = ""; $last_style_pos = 0; $body_lc = strtolower($body); + // check for + if (preg_match(($base_reg = '/()/i'), $body, $base_regs)) + $base_url = $base_regs[2]; + // find STYLE tags while (($pos = strpos($body_lc, '', $pos))) { $pos = strpos($body_lc, '>', $pos)+1; // replace all css definitions with #container [def] - $styles = rcmail_mod_css_styles(substr($body, $pos, $pos2-$pos), $container_id); + $styles = rcmail_mod_css_styles(substr($body, $pos, $pos2-$pos), $container_id, $base_url); $body = substr($body, 0, $pos) . $styles . substr($body, $pos2); $body_lc = strtolower($body); @@ -983,17 +988,15 @@ function rcmail_sanitize_html($body, $container_id) } // resolve - $base_reg = '/()/i'; - if (preg_match($base_reg, $body, $regs)) + if ($base_url) { - $base_url = $regs[2]; $body = preg_replace('/(src|background|href)=(["\']?)([\.\/]+[^"\'\s]+)(\2|\s|>)/Uie', "'\\1=\"'.make_absolute_url('\\3', '$base_url').'\"'", $body); $body = preg_replace('/(url\s*\()(["\']?)([\.\/]+[^"\'\)\s]+)(\2)\)/Uie', "'\\1\''.make_absolute_url('\\3', '$base_url').'\')'", $body); $body = preg_replace($base_reg, '', $body); } // modify HTML links to open a new window if clicked - $body = preg_replace('/]+)>/Uie', "rcmail_alter_html_link('\\1');", $body); + $body = preg_replace('/<(a|link)\s+([^>]+)>/Uie', "rcmail_alter_html_link('\\1','\\2', '$container_id');", $body); // add comments arround html and other tags $out = preg_replace(array( @@ -1005,11 +1008,16 @@ function rcmail_sanitize_html($body, $container_id) '', $body); - $out = preg_replace(array('/]*)>/i', - '/<\/body>/i'), - array('
', - '
'), - $out); + $out = preg_replace( + array( + '/]*)>/i', + '/<\/body>/i', + ), + array( + '
', + '
', + ), + $out); // quote /'), array('<?', '?>'), $out); @@ -1019,44 +1027,24 @@ function rcmail_sanitize_html($body, $container_id) // parse link attributes and set correct target -function rcmail_alter_html_link($in) +function rcmail_alter_html_link($tag, $attrs, $container_id) { $in = preg_replace('/=([^("|\'|\s)]+)(\s|$)/', '="\1"', $in); - $attrib = parse_attrib_string($in); - - if (stristr((string)$attrib['href'], 'mailto:')) - $attrib['onclick'] = sprintf("return %s.command('compose','%s',this)", - JS_OBJECT_NAME, - JQ(substr($attrib['href'], 7))); - else if (!empty($attrib['href']) && $attrib['href']{0}!='#') - $attrib['target'] = '_blank'; + $attrib = parse_attrib_string($attrs); - return ''; - } - - -// replace all css definitions with #container [def] -function rcmail_mod_css_styles($source, $container_id) - { - $a_css_values = array(); - $last_pos = 0; + if ($tag == 'link' && preg_match('/^https?:\/\//i', $attrib['href'])) + $attrib['href'] = "./bin/modcss.php?u=" . urlencode($attrib['href']) . "&c=" . urlencode($container_id); + + else if (stristr((string)$attrib['href'], 'mailto:')) + $attrib['onclick'] = sprintf( + "return %s.command('compose','%s',this)", + JS_OBJECT_NAME, + JQ(substr($attrib['href'], 7))); - // cut out all contents between { and } - while (($pos = strpos($source, '{', $last_pos)) && ($pos2 = strpos($source, '}', $pos))) - { - $key = sizeof($a_css_values); - $a_css_values[$key] = substr($source, $pos+1, $pos2-($pos+1)); - $source = substr($source, 0, $pos+1) . "<>" . substr($source, $pos2, strlen($source)-$pos2); - $last_pos = $pos+2; - } - - // remove html commends and add #container to each tag selector. - // also replace body definition because we also stripped off the tag - $styles = preg_replace(array('/(^\s*\s*$)/', '/(^\s*|,\s*|\}\s*)([a-z0-9\._][a-z0-9\.\-_]*)/im', '/<>/e', "/$container_id\s+body/i"), - array('', "\\1#$container_id \\2", "\$a_css_values[\\1]", "$container_id div.rcmBody"), - $source); + else if (!empty($attrib['href']) && $attrib['href']{0}!='#') + $attrib['target'] = '_blank'; - return $styles; + return "<$tag" . create_attrib_string($attrib, array('href','name','target','onclick','id','class','style','title','rel','type','media')) . ' />'; } -- cgit v1.2.3