public function testBannedFileName() { $this->assertFalse(isBannedFileName("", null)); $this->assertFalse(isBannedFileName("", "")); $this->assertFalse(isBannedFileName("", array())); $this->assertFalse(isBannedFileName("test", array())); $this->assertTrue(isBannedFileName("test", array("test"))); $this->assertFalse(isBannedFileName("test", array("test1"))); $this->assertTrue(isBannedFileName("test.exe", array("*.exe"))); $this->assertFalse(isBannedFileName("test.pdf", array("*.exe"))); $this->assertFalse(isBannedFileName("test.pdf", array("*.exe", "*.js", "*.cmd"))); $this->assertFalse(isBannedFileName("test.cmd.pdf", array("*.exe", "*.js", "*.cmd"))); $this->assertTrue(isBannedFileName("test test.exe", array("*.exe"))); }
function GetContent($part, &$attachments, $post_id, $poster, $config) { extract($config); //global $charset, $encoding; DebugEcho('----'); $meta_return = ''; if (property_exists($part, "ctype_primary")) { DebugEcho("GetContent: primary= " . $part->ctype_primary . ", secondary = " . $part->ctype_secondary); //DebugDump($part); } DecodeBase64Part($part); //look for banned file names if (property_exists($part, 'ctype_parameters') && is_array($part->ctype_parameters) && array_key_exists('name', $part->ctype_parameters)) { if (isBannedFileName($part->ctype_parameters['name'], $banned_files_list)) { return NULL; } } if (property_exists($part, "ctype_primary") && $part->ctype_primary == "application" && $part->ctype_secondary == "octet-stream") { if (property_exists($part, 'disposition') && $part->disposition == "attachment") { //nothing } else { DebugEcho("GetContent: decoding application/octet-stream"); $mimeDecodedEmail = DecodeMIMEMail($part->body); filter_PreferedText($mimeDecodedEmail, $prefer_text_type); foreach ($mimeDecodedEmail->parts as $section) { $meta_return .= GetContent($section, $attachments, $post_id, $poster, $config); } } } if (property_exists($part, "ctype_primary") && $part->ctype_primary == "multipart" && $part->ctype_secondary == "appledouble") { DebugEcho("multipart appledouble"); $mimeDecodedEmail = DecodeMIMEMail("Content-Type: multipart/mixed; boundary=" . $part->ctype_parameters["boundary"] . "\n" . $part->body); filter_PreferedText($mimeDecodedEmail, $prefer_text_type); filter_AppleFile($mimeDecodedEmail); foreach ($mimeDecodedEmail->parts as $section) { $meta_return .= GetContent($section, $attachments, $post_id, $poster, $config); } } else { $filename = ""; if (property_exists($part, 'ctype_parameters') && is_array($part->ctype_parameters) && array_key_exists('name', $part->ctype_parameters)) { $filename = $part->ctype_parameters['name']; } elseif (property_exists($part, 'd_parameters') && is_array($part->d_parameters) && array_key_exists('filename', $part->d_parameters)) { $filename = $part->d_parameters['filename']; } $filename = sanitize_file_name($filename); $fileext = strtolower(pathinfo($filename, PATHINFO_EXTENSION)); DebugEcho("GetContent: file name '{$filename}'"); DebugEcho("GetContent: extension '{$fileext}'"); $mimetype_primary = ""; $mimetype_secondary = ""; if (property_exists($part, "ctype_primary")) { $mimetype_primary = strtolower($part->ctype_primary); } if (property_exists($part, "ctype_secondary")) { $mimetype_secondary = strtolower($part->ctype_secondary); } $typeinfo = wp_check_filetype($filename); //DebugDump($typeinfo); if (!empty($typeinfo['type'])) { DebugEcho("GetContent: secondary lookup found " . $typeinfo['type']); $mimeparts = explode('/', strtolower($typeinfo['type'])); $mimetype_primary = $mimeparts[0]; $mimetype_secondary = $mimeparts[1]; } else { DebugEcho("GetContent: secondary lookup failed, checking configured extensions"); if (in_array($fileext, $audiotypes)) { DebugEcho("GetContent: found audio extension"); $mimetype_primary = 'audio'; $mimetype_secondary = $fileext; } elseif (in_array($fileext, array_merge($video1types, $video2types))) { DebugEcho("GetContent: found video extension"); $mimetype_primary = 'video'; $mimetype_secondary = $fileext; } else { DebugEcho("GetContent: found no extension"); } } DebugEcho("GetContent: mimetype {$mimetype_primary}/{$mimetype_secondary}"); switch ($mimetype_primary) { case 'multipart': DebugEcho("multipart: " . count($part->parts)); //DebugDump($part); filter_PreferedText($part, $prefer_text_type); foreach ($part->parts as $section) { //DebugDump($section->headers); $meta_return .= GetContent($section, $attachments, $post_id, $poster, $config); } break; case 'text': DebugEcho("ctype_primary: text"); //DebugDump($part); $charset = ""; if (property_exists($part, 'ctype_parameters') && array_key_exists('charset', $part->ctype_parameters) && !empty($part->ctype_parameters['charset'])) { $charset = $part->ctype_parameters['charset']; DebugEcho("charset: {$charset}"); } $encoding = ""; if (array_key_exists('content-transfer-encoding', $part->headers) && !empty($part->headers['content-transfer-encoding'])) { $encoding = $part->headers['content-transfer-encoding']; DebugEcho("encoding: {$encoding}"); } if (array_key_exists('content-transfer-encoding', $part->headers)) { //DebugDump($part); $part->body = HandleMessageEncoding($encoding, $charset, $part->body, $message_encoding, $message_dequote); if (!empty($charset)) { $part->ctype_parameters['charset'] = ""; //reset so we don't double decode } //DebugDump($part); } if (array_key_exists('disposition', $part) && $part->disposition == 'attachment') { DebugEcho("text Attachement: {$filename}"); if (!preg_match('/ATT\\d\\d\\d\\d\\d.txt/i', $filename)) { $file_id = postie_media_handle_upload($part, $post_id, $poster, $generate_thumbnails); if (!is_wp_error($file_id)) { $file = wp_get_attachment_url($file_id); $icon = chooseAttachmentIcon($file, $mimetype_primary, $mimetype_secondary, $icon_set, $icon_size); $attachments["html"][$filename] = "<a href='{$file}'>" . $icon . $filename . '</a>' . "\n"; DebugEcho("text attachment: adding '{$filename}'"); } else { LogInfo($file_id->get_error_message()); } } else { DebugEcho("text attachment: skipping '{$filename}'"); } } else { //go through each sub-section if ($mimetype_secondary == 'enriched') { //convert enriched text to HTML DebugEcho("enriched"); $meta_return .= filter_Etf2HTML($part->body) . "\n"; } elseif ($mimetype_secondary == 'html') { //strip excess HTML DebugEcho("html"); $meta_return .= filter_CleanHtml($part->body) . "\n"; } elseif ($mimetype_secondary == 'plain') { DebugEcho("plain text"); //DebugDump($part); DebugEcho("body text"); if ($allow_html_in_body) { DebugEcho("html allowed"); $meta_return .= $part->body; //$meta_return = "<div>$meta_return</div>\n"; } else { DebugEcho("html not allowed (htmlentities)"); $meta_return .= htmlentities($part->body); } $meta_return = filter_StripPGP($meta_return); //DebugEcho("meta return: $meta_return"); } else { DebugEcho("text Attachement wo disposition: {$filename}"); $file_id = postie_media_handle_upload($part, $post_id, $poster); if (!is_wp_error($file_id)) { $file = wp_get_attachment_url($file_id); $icon = chooseAttachmentIcon($file, $mimetype_primary, $mimetype_secondary, $icon_set, $icon_size); $attachments["html"][$filename] = "<a href='{$file}'>" . $icon . $filename . '</a>' . "\n"; } else { LogInfo($file_id->get_error_message()); } } } break; case 'image': DebugEcho("image Attachement: {$filename}"); $file_id = postie_media_handle_upload($part, $post_id, $poster, $generate_thumbnails); if (!is_wp_error($file_id)) { //featured image logic //set the first image we come across as the featured image DebugEcho("has_post_thumbnail: " . has_post_thumbnail($post_id)); //DebugEcho("get_the_post_thumbnail: " .get_the_post_thumbnail($post_id)); if ($featured_image && !has_post_thumbnail($post_id)) { DebugEcho("featured image: {$file_id}"); set_post_thumbnail($post_id, $file_id); } $file = wp_get_attachment_url($file_id); $cid = ""; if (array_key_exists('content-id', $part->headers)) { $cid = trim($part->headers["content-id"], "<>"); DebugEcho("found cid: {$cid}"); } $the_post = get_post($file_id); $attachments["html"][$filename] = parseTemplate($file_id, $mimetype_primary, $imagetemplate, $filename); if ($cid) { $attachments["cids"][$cid] = array($file, count($attachments["html"]) - 1); DebugEcho("CID Attachement: {$cid}"); } } else { LogInfo("image error: " . $file_id->get_error_message()); } break; case 'audio': //DebugDump($part->headers); DebugEcho("audio Attachement: {$filename}"); $file_id = postie_media_handle_upload($part, $post_id, $poster, $generate_thumbnails); if (!is_wp_error($file_id)) { $file = wp_get_attachment_url($file_id); $cid = ""; if (array_key_exists('content-id', $part->headers)) { $cid = trim($part->headers["content-id"], "<>"); DebugEcho("audio Attachement cid: {$cid}"); } if (in_array($fileext, $audiotypes)) { DebugEcho("using audio template: {$mimetype_secondary}"); $audioTemplate = $audiotemplate; } else { DebugEcho("using default audio template: {$mimetype_secondary}"); $icon = chooseAttachmentIcon($file, $mimetype_primary, $mimetype_secondary, $icon_set, $icon_size); $audioTemplate = '<a href="{FILELINK}">' . $icon . '{FILENAME}</a>'; } $attachments["html"][$filename] = parseTemplate($file_id, $mimetype_primary, $audioTemplate, $filename); } else { LogInfo("audio error: " . $file_id->get_error_message()); } break; case 'video': DebugEcho("video Attachement: {$filename}"); $file_id = postie_media_handle_upload($part, $post_id, $poster, $generate_thumbnails); if (!is_wp_error($file_id)) { $file = wp_get_attachment_url($file_id); $cid = ""; if (array_key_exists('content-id', $part->headers)) { $cid = trim($part->headers["content-id"], "<>"); DebugEcho("video Attachement cid: {$cid}"); } //DebugDump($part); if (in_array($fileext, $video1types)) { DebugEcho("using video1 template: {$fileext}"); $videoTemplate = $video1template; } elseif (in_array($fileext, $video2types)) { DebugEcho("using video2 template: {$fileext}"); $videoTemplate = $video2template; } else { DebugEcho("using default template: {$fileext}"); $icon = chooseAttachmentIcon($file, $mimetype_primary, $mimetype_secondary, $icon_set, $icon_size); $videoTemplate = '<a href="{FILELINK}">' . $icon . '{FILENAME}</a>'; } $attachments["html"][$filename] = parseTemplate($file_id, $mimetype_primary, $videoTemplate, $filename); //echo "videoTemplate = $videoTemplate\n"; } else { LogInfo($file_id->get_error_message()); } break; default: DebugEcho("found file type: " . $mimetype_primary); if (in_array($mimetype_primary, $supported_file_types)) { //pgp signature - then forget it if ($mimetype_secondary == 'pgp-signature') { DebugEcho("found pgp-signature - done"); break; } $file_id = postie_media_handle_upload($part, $post_id, $poster, $generate_thumbnails); if (!is_wp_error($file_id)) { $file = wp_get_attachment_url($file_id); DebugEcho("uploaded {$file_id} ({$file})"); $icon = chooseAttachmentIcon($file, $mimetype_primary, $mimetype_secondary, $icon_set, $icon_size); DebugEcho("default: {$icon} {$filename}"); $attachments["html"][$filename] = parseTemplate($file_id, $mimetype_primary, $generaltemplate, $filename, $icon); if (array_key_exists('content-id', $part->headers)) { $cid = trim($part->headers["content-id"], "<>"); if ($cid) { $attachments["cids"][$cid] = array($file, count($attachments["html"]) - 1); } } else { DebugEcho("No content-id"); } } else { LogInfo($file_id->get_error_message()); } } else { DebugEcho("Not in supported filetype list"); DebugDump($supported_file_types); } break; } } DebugEcho("meta_return: " . substr($meta_return, 0, 500)); DebugEcho("===="); return $meta_return; }