function dateForTimestamp($timestamp = '1970-01-01 00:00:00-00')
{
return getDate(timeForTimestamp($timestamp));
}
public function HTMLSummary($clickable = FALSE, $overrideShowRecips = FALSE)
{
global $smarty;
$curUser = $this->_dropbox->authorizedUser();
$curUserEmail = $this->_dropbox->authorizedUserData("mail");
$isSender = FALSE;
$isAdmin = FALSE;
$overrideShowRecips = FALSE;
if ($curUser) {
if ($curUserEmail && strcasecmp($curUserEmail, $this->_senderEmail) == 0) {
$isSender = TRUE;
}
if ($this->_dropbox->authorizedUserData('grantAdminPriv')) {
$isAdmin = TRUE;
}
if ($curUser == $this->_authorizedUser || $isSender) {
$overrideShowRecips = TRUE;
}
}
if ($this->_senderIP) {
// Try to get a hostname for the IP, too:
$remoteHostName = gethostbyaddr($this->_senderIP);
}
if (count($this->_recipients) == 1) {
$isSingleRecip = TRUE;
}
$smarty->assign('isClickable', $clickable);
$smarty->assign('isDeleteable', $clickable && ($isAdmin || $isSender || $isSingleRecip));
$smarty->assign('isSendable', $clickable && $isSender);
$smarty->assign('inPickupPHP', preg_match('/pickup\\.php/', $_SERVER['PHP_SELF']));
$smarty->assign('claimPasscode', $this->_claimPasscode);
$smarty->assign('senderName', $this->_senderName);
$smarty->assign('senderOrg', $this->_senderOrganization);
$smarty->assign('senderEmail', $this->_senderEmail);
$smarty->assign('senderHost', $remoteHostName);
$smarty->assign('createdDate', timeForDate($this->created()));
$smarty->assign('expiryDate', timeForDate($this->created()) + 3600 * 24 * $this->_dropbox->retainDays());
$smarty->assign('confirmDelivery', $this->_confirmDelivery ? TRUE : FALSE);
$smarty->assign('informRecipients', $this->_informRecipients ? TRUE : FALSE);
$smarty->assign('showRecips', $this->_dropbox->showRecipsOnPickup() || $overrideShowRecips || $this->_dropbox->authorizedUser() && $this->_dropbox->authorizedUserData('grantAdminPriv'));
// MyZendTo: If there is only 1 recipient then that must be the sender
if (preg_match('/^[yYtT1]/', MYZENDTO) && count($this->_recipients) <= 1) {
$smarty->assign('showRecips', FALSE);
}
$reciphtml = array();
foreach ($this->_recipients as $r) {
$reciphtml[] = array(htmlentities($r[0], ENT_NOQUOTES, 'UTF-8'), htmlentities($r[1], ENT_NOQUOTES, 'UTF-8'));
}
$smarty->assign('recipients', $reciphtml);
$smarty->assign('note', htmlentities($this->_note, ENT_NOQUOTES, 'UTF-8'));
$smarty->assign('subject', htmlentities($this->_subject, ENT_NOQUOTES, 'UTF-8'));
$dropoffFiles = $this->_dropbox->database->DBFilesForDropoff($this->_dropoffID);
$smarty->assign('dropoffFilesCount', count($dropoffFiles));
// Fill the outputFiles array with all the dropoffFiles, over-riding
// one or two elements as we go so it's ready-formatted.
$outputFiles = array();
$i = 0;
foreach ($dropoffFiles as $file) {
$outputFiles[$i] = $file;
$outputFiles[$i]['basename'] = htmlentities($file['basename'], ENT_NOQUOTES, 'UTF-8');
$outputFiles[$i]['length'] = NSSFormattedMemSize($file['lengthInBytes']);
$outputFiles[$i]['description'] = htmlentities($file['description'], ENT_NOQUOTES, 'UTF-8');
$i++;
}
$smarty->assignByRef('files', $outputFiles);
// This is where the cross-site scripting vulnerability lies
$emailAddr = isset($_POST['emailAddr']) ? $_POST['emailAddr'] : (isset($_GET['emailAddr']) ? $_GET['emailAddr'] : NULL);
if (strlen(trim($emailAddr)) > 0) {
if (preg_match($this->_dropbox->validEmailRegexp(), $emailAddr, $eAParts)) {
$emailAddr = $eAParts[1] . "@" . $eAParts[2];
}
/* else {
$emailAddr = "Invalid_email_address";
} */
} else {
// No email address at all, so it wasn't invalid but blank.
$emailAddr = $smarty->getConfigVariable('UnknownRecipient');
}
$smarty->assign('emailAddr', $emailAddr);
$smarty->assign('downloadURL', 'download.php?claimID=' . $this->_claimID . '&claimPasscode=' . $this->_claimPasscode . ($emailAddr ? '&emailAddr=' . $emailAddr : ''));
$pickups = $this->_dropbox->database->DBPickupsForDropoff($this->_dropoffID);
$smarty->assign('pickupsCount', count($pickups));
// Fill the outputPickups array with all the pickups, over-riding
// one or two elements as we go so it's ready-formatted.
$outputPickups = array();
$i = 0;
foreach ($pickups as $pickup) {
$outputPickups[$i] = $pickup;
$hostname = gethostbyaddr($pickups[$i]['recipientIP']);
if ($hostname != $pickups[$i]['recipientIP']) {
$hostname = "{$hostname} (" . $pickups[$i]['recipientIP'] . ")";
}
$outputPickups[$i]['hostname'] = htmlentities($hostname, ENT_NOQUOTES, 'UTF-8');
$outputPickups[$i]['pickupDate'] = timeForTimestamp($pickups[$i]['pickupTimestamp']);
$authorizedUser = htmlentities($pickups[$i]['authorizedUser'], ENT_NOQUOTES, 'UTF-8');
if (!$authorizedUser) {
$authorizedUser = $pickups[$i]['emailAddr'];
}
$outputPickups[$i]['pickedUpBy'] = $authorizedUser;
$i++;
}
$smarty->assignByRef('pickups', $outputPickups);
}