Beispiel #1
0
function dateForTimestamp($timestamp = '1970-01-01 00:00:00-00')
{
    return getDate(timeForTimestamp($timestamp));
}
Beispiel #2
0
 public function HTMLSummary($clickable = FALSE, $overrideShowRecips = FALSE)
 {
     global $smarty;
     $curUser = $this->_dropbox->authorizedUser();
     $curUserEmail = $this->_dropbox->authorizedUserData("mail");
     $isSender = FALSE;
     $isAdmin = FALSE;
     $overrideShowRecips = FALSE;
     if ($curUser) {
         if ($curUserEmail && strcasecmp($curUserEmail, $this->_senderEmail) == 0) {
             $isSender = TRUE;
         }
         if ($this->_dropbox->authorizedUserData('grantAdminPriv')) {
             $isAdmin = TRUE;
         }
         if ($curUser == $this->_authorizedUser || $isSender) {
             $overrideShowRecips = TRUE;
         }
     }
     if ($this->_senderIP) {
         //  Try to get a hostname for the IP, too:
         $remoteHostName = gethostbyaddr($this->_senderIP);
     }
     if (count($this->_recipients) == 1) {
         $isSingleRecip = TRUE;
     }
     $smarty->assign('isClickable', $clickable);
     $smarty->assign('isDeleteable', $clickable && ($isAdmin || $isSender || $isSingleRecip));
     $smarty->assign('isSendable', $clickable && $isSender);
     $smarty->assign('inPickupPHP', preg_match('/pickup\\.php/', $_SERVER['PHP_SELF']));
     $smarty->assign('claimPasscode', $this->_claimPasscode);
     $smarty->assign('senderName', $this->_senderName);
     $smarty->assign('senderOrg', $this->_senderOrganization);
     $smarty->assign('senderEmail', $this->_senderEmail);
     $smarty->assign('senderHost', $remoteHostName);
     $smarty->assign('createdDate', timeForDate($this->created()));
     $smarty->assign('expiryDate', timeForDate($this->created()) + 3600 * 24 * $this->_dropbox->retainDays());
     $smarty->assign('confirmDelivery', $this->_confirmDelivery ? TRUE : FALSE);
     $smarty->assign('informRecipients', $this->_informRecipients ? TRUE : FALSE);
     $smarty->assign('showRecips', $this->_dropbox->showRecipsOnPickup() || $overrideShowRecips || $this->_dropbox->authorizedUser() && $this->_dropbox->authorizedUserData('grantAdminPriv'));
     // MyZendTo: If there is only 1 recipient then that must be the sender
     if (preg_match('/^[yYtT1]/', MYZENDTO) && count($this->_recipients) <= 1) {
         $smarty->assign('showRecips', FALSE);
     }
     $reciphtml = array();
     foreach ($this->_recipients as $r) {
         $reciphtml[] = array(htmlentities($r[0], ENT_NOQUOTES, 'UTF-8'), htmlentities($r[1], ENT_NOQUOTES, 'UTF-8'));
     }
     $smarty->assign('recipients', $reciphtml);
     $smarty->assign('note', htmlentities($this->_note, ENT_NOQUOTES, 'UTF-8'));
     $smarty->assign('subject', htmlentities($this->_subject, ENT_NOQUOTES, 'UTF-8'));
     $dropoffFiles = $this->_dropbox->database->DBFilesForDropoff($this->_dropoffID);
     $smarty->assign('dropoffFilesCount', count($dropoffFiles));
     // Fill the outputFiles array with all the dropoffFiles, over-riding
     // one or two elements as we go so it's ready-formatted.
     $outputFiles = array();
     $i = 0;
     foreach ($dropoffFiles as $file) {
         $outputFiles[$i] = $file;
         $outputFiles[$i]['basename'] = htmlentities($file['basename'], ENT_NOQUOTES, 'UTF-8');
         $outputFiles[$i]['length'] = NSSFormattedMemSize($file['lengthInBytes']);
         $outputFiles[$i]['description'] = htmlentities($file['description'], ENT_NOQUOTES, 'UTF-8');
         $i++;
     }
     $smarty->assignByRef('files', $outputFiles);
     // This is where the cross-site scripting vulnerability lies
     $emailAddr = isset($_POST['emailAddr']) ? $_POST['emailAddr'] : (isset($_GET['emailAddr']) ? $_GET['emailAddr'] : NULL);
     if (strlen(trim($emailAddr)) > 0) {
         if (preg_match($this->_dropbox->validEmailRegexp(), $emailAddr, $eAParts)) {
             $emailAddr = $eAParts[1] . "@" . $eAParts[2];
         }
         /* else {
              $emailAddr = "Invalid_email_address";
            } */
     } else {
         // No email address at all, so it wasn't invalid but blank.
         $emailAddr = $smarty->getConfigVariable('UnknownRecipient');
     }
     $smarty->assign('emailAddr', $emailAddr);
     $smarty->assign('downloadURL', 'download.php?claimID=' . $this->_claimID . '&claimPasscode=' . $this->_claimPasscode . ($emailAddr ? '&emailAddr=' . $emailAddr : ''));
     $pickups = $this->_dropbox->database->DBPickupsForDropoff($this->_dropoffID);
     $smarty->assign('pickupsCount', count($pickups));
     // Fill the outputPickups array with all the pickups, over-riding
     // one or two elements as we go so it's ready-formatted.
     $outputPickups = array();
     $i = 0;
     foreach ($pickups as $pickup) {
         $outputPickups[$i] = $pickup;
         $hostname = gethostbyaddr($pickups[$i]['recipientIP']);
         if ($hostname != $pickups[$i]['recipientIP']) {
             $hostname = "{$hostname} (" . $pickups[$i]['recipientIP'] . ")";
         }
         $outputPickups[$i]['hostname'] = htmlentities($hostname, ENT_NOQUOTES, 'UTF-8');
         $outputPickups[$i]['pickupDate'] = timeForTimestamp($pickups[$i]['pickupTimestamp']);
         $authorizedUser = htmlentities($pickups[$i]['authorizedUser'], ENT_NOQUOTES, 'UTF-8');
         if (!$authorizedUser) {
             $authorizedUser = $pickups[$i]['emailAddr'];
         }
         $outputPickups[$i]['pickedUpBy'] = $authorizedUser;
         $i++;
     }
     $smarty->assignByRef('pickups', $outputPickups);
 }