public function testBannedFileName()
 {
     $this->assertFalse(isBannedFileName("", null));
     $this->assertFalse(isBannedFileName("", ""));
     $this->assertFalse(isBannedFileName("", array()));
     $this->assertFalse(isBannedFileName("test", array()));
     $this->assertTrue(isBannedFileName("test", array("test")));
     $this->assertFalse(isBannedFileName("test", array("test1")));
     $this->assertTrue(isBannedFileName("test.exe", array("*.exe")));
     $this->assertFalse(isBannedFileName("test.pdf", array("*.exe")));
     $this->assertFalse(isBannedFileName("test.pdf", array("*.exe", "*.js", "*.cmd")));
     $this->assertFalse(isBannedFileName("test.cmd.pdf", array("*.exe", "*.js", "*.cmd")));
     $this->assertTrue(isBannedFileName("test test.exe", array("*.exe")));
 }
Exemple #2
0
function GetContent($part, &$attachments, $post_id, $poster, $config)
{
    extract($config);
    //global $charset, $encoding;
    DebugEcho('----');
    $meta_return = '';
    if (property_exists($part, "ctype_primary")) {
        DebugEcho("GetContent: primary= " . $part->ctype_primary . ", secondary = " . $part->ctype_secondary);
        //DebugDump($part);
    }
    DecodeBase64Part($part);
    //look for banned file names
    if (property_exists($part, 'ctype_parameters') && is_array($part->ctype_parameters) && array_key_exists('name', $part->ctype_parameters)) {
        if (isBannedFileName($part->ctype_parameters['name'], $banned_files_list)) {
            return NULL;
        }
    }
    if (property_exists($part, "ctype_primary") && $part->ctype_primary == "application" && $part->ctype_secondary == "octet-stream") {
        if (property_exists($part, 'disposition') && $part->disposition == "attachment") {
            //nothing
        } else {
            DebugEcho("GetContent: decoding application/octet-stream");
            $mimeDecodedEmail = DecodeMIMEMail($part->body);
            filter_PreferedText($mimeDecodedEmail, $prefer_text_type);
            foreach ($mimeDecodedEmail->parts as $section) {
                $meta_return .= GetContent($section, $attachments, $post_id, $poster, $config);
            }
        }
    }
    if (property_exists($part, "ctype_primary") && $part->ctype_primary == "multipart" && $part->ctype_secondary == "appledouble") {
        DebugEcho("multipart appledouble");
        $mimeDecodedEmail = DecodeMIMEMail("Content-Type: multipart/mixed; boundary=" . $part->ctype_parameters["boundary"] . "\n" . $part->body);
        filter_PreferedText($mimeDecodedEmail, $prefer_text_type);
        filter_AppleFile($mimeDecodedEmail);
        foreach ($mimeDecodedEmail->parts as $section) {
            $meta_return .= GetContent($section, $attachments, $post_id, $poster, $config);
        }
    } else {
        $filename = "";
        if (property_exists($part, 'ctype_parameters') && is_array($part->ctype_parameters) && array_key_exists('name', $part->ctype_parameters)) {
            $filename = $part->ctype_parameters['name'];
        } elseif (property_exists($part, 'd_parameters') && is_array($part->d_parameters) && array_key_exists('filename', $part->d_parameters)) {
            $filename = $part->d_parameters['filename'];
        }
        $filename = sanitize_file_name($filename);
        $fileext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
        DebugEcho("GetContent: file name '{$filename}'");
        DebugEcho("GetContent: extension '{$fileext}'");
        $mimetype_primary = "";
        $mimetype_secondary = "";
        if (property_exists($part, "ctype_primary")) {
            $mimetype_primary = strtolower($part->ctype_primary);
        }
        if (property_exists($part, "ctype_secondary")) {
            $mimetype_secondary = strtolower($part->ctype_secondary);
        }
        $typeinfo = wp_check_filetype($filename);
        //DebugDump($typeinfo);
        if (!empty($typeinfo['type'])) {
            DebugEcho("GetContent: secondary lookup found " . $typeinfo['type']);
            $mimeparts = explode('/', strtolower($typeinfo['type']));
            $mimetype_primary = $mimeparts[0];
            $mimetype_secondary = $mimeparts[1];
        } else {
            DebugEcho("GetContent: secondary lookup failed, checking configured extensions");
            if (in_array($fileext, $audiotypes)) {
                DebugEcho("GetContent: found audio extension");
                $mimetype_primary = 'audio';
                $mimetype_secondary = $fileext;
            } elseif (in_array($fileext, array_merge($video1types, $video2types))) {
                DebugEcho("GetContent: found video extension");
                $mimetype_primary = 'video';
                $mimetype_secondary = $fileext;
            } else {
                DebugEcho("GetContent: found no extension");
            }
        }
        DebugEcho("GetContent: mimetype {$mimetype_primary}/{$mimetype_secondary}");
        switch ($mimetype_primary) {
            case 'multipart':
                DebugEcho("multipart: " . count($part->parts));
                //DebugDump($part);
                filter_PreferedText($part, $prefer_text_type);
                foreach ($part->parts as $section) {
                    //DebugDump($section->headers);
                    $meta_return .= GetContent($section, $attachments, $post_id, $poster, $config);
                }
                break;
            case 'text':
                DebugEcho("ctype_primary: text");
                //DebugDump($part);
                $charset = "";
                if (property_exists($part, 'ctype_parameters') && array_key_exists('charset', $part->ctype_parameters) && !empty($part->ctype_parameters['charset'])) {
                    $charset = $part->ctype_parameters['charset'];
                    DebugEcho("charset: {$charset}");
                }
                $encoding = "";
                if (array_key_exists('content-transfer-encoding', $part->headers) && !empty($part->headers['content-transfer-encoding'])) {
                    $encoding = $part->headers['content-transfer-encoding'];
                    DebugEcho("encoding: {$encoding}");
                }
                if (array_key_exists('content-transfer-encoding', $part->headers)) {
                    //DebugDump($part);
                    $part->body = HandleMessageEncoding($encoding, $charset, $part->body, $message_encoding, $message_dequote);
                    if (!empty($charset)) {
                        $part->ctype_parameters['charset'] = "";
                        //reset so we don't double decode
                    }
                    //DebugDump($part);
                }
                if (array_key_exists('disposition', $part) && $part->disposition == 'attachment') {
                    DebugEcho("text Attachement: {$filename}");
                    if (!preg_match('/ATT\\d\\d\\d\\d\\d.txt/i', $filename)) {
                        $file_id = postie_media_handle_upload($part, $post_id, $poster, $generate_thumbnails);
                        if (!is_wp_error($file_id)) {
                            $file = wp_get_attachment_url($file_id);
                            $icon = chooseAttachmentIcon($file, $mimetype_primary, $mimetype_secondary, $icon_set, $icon_size);
                            $attachments["html"][$filename] = "<a href='{$file}'>" . $icon . $filename . '</a>' . "\n";
                            DebugEcho("text attachment: adding '{$filename}'");
                        } else {
                            LogInfo($file_id->get_error_message());
                        }
                    } else {
                        DebugEcho("text attachment: skipping '{$filename}'");
                    }
                } else {
                    //go through each sub-section
                    if ($mimetype_secondary == 'enriched') {
                        //convert enriched text to HTML
                        DebugEcho("enriched");
                        $meta_return .= filter_Etf2HTML($part->body) . "\n";
                    } elseif ($mimetype_secondary == 'html') {
                        //strip excess HTML
                        DebugEcho("html");
                        $meta_return .= filter_CleanHtml($part->body) . "\n";
                    } elseif ($mimetype_secondary == 'plain') {
                        DebugEcho("plain text");
                        //DebugDump($part);
                        DebugEcho("body text");
                        if ($allow_html_in_body) {
                            DebugEcho("html allowed");
                            $meta_return .= $part->body;
                            //$meta_return = "<div>$meta_return</div>\n";
                        } else {
                            DebugEcho("html not allowed (htmlentities)");
                            $meta_return .= htmlentities($part->body);
                        }
                        $meta_return = filter_StripPGP($meta_return);
                        //DebugEcho("meta return: $meta_return");
                    } else {
                        DebugEcho("text Attachement wo disposition: {$filename}");
                        $file_id = postie_media_handle_upload($part, $post_id, $poster);
                        if (!is_wp_error($file_id)) {
                            $file = wp_get_attachment_url($file_id);
                            $icon = chooseAttachmentIcon($file, $mimetype_primary, $mimetype_secondary, $icon_set, $icon_size);
                            $attachments["html"][$filename] = "<a href='{$file}'>" . $icon . $filename . '</a>' . "\n";
                        } else {
                            LogInfo($file_id->get_error_message());
                        }
                    }
                }
                break;
            case 'image':
                DebugEcho("image Attachement: {$filename}");
                $file_id = postie_media_handle_upload($part, $post_id, $poster, $generate_thumbnails);
                if (!is_wp_error($file_id)) {
                    //featured image logic
                    //set the first image we come across as the featured image
                    DebugEcho("has_post_thumbnail: " . has_post_thumbnail($post_id));
                    //DebugEcho("get_the_post_thumbnail: " .get_the_post_thumbnail($post_id));
                    if ($featured_image && !has_post_thumbnail($post_id)) {
                        DebugEcho("featured image: {$file_id}");
                        set_post_thumbnail($post_id, $file_id);
                    }
                    $file = wp_get_attachment_url($file_id);
                    $cid = "";
                    if (array_key_exists('content-id', $part->headers)) {
                        $cid = trim($part->headers["content-id"], "<>");
                        DebugEcho("found cid: {$cid}");
                    }
                    $the_post = get_post($file_id);
                    $attachments["html"][$filename] = parseTemplate($file_id, $mimetype_primary, $imagetemplate, $filename);
                    if ($cid) {
                        $attachments["cids"][$cid] = array($file, count($attachments["html"]) - 1);
                        DebugEcho("CID Attachement: {$cid}");
                    }
                } else {
                    LogInfo("image error: " . $file_id->get_error_message());
                }
                break;
            case 'audio':
                //DebugDump($part->headers);
                DebugEcho("audio Attachement: {$filename}");
                $file_id = postie_media_handle_upload($part, $post_id, $poster, $generate_thumbnails);
                if (!is_wp_error($file_id)) {
                    $file = wp_get_attachment_url($file_id);
                    $cid = "";
                    if (array_key_exists('content-id', $part->headers)) {
                        $cid = trim($part->headers["content-id"], "<>");
                        DebugEcho("audio Attachement cid: {$cid}");
                    }
                    if (in_array($fileext, $audiotypes)) {
                        DebugEcho("using audio template: {$mimetype_secondary}");
                        $audioTemplate = $audiotemplate;
                    } else {
                        DebugEcho("using default audio template: {$mimetype_secondary}");
                        $icon = chooseAttachmentIcon($file, $mimetype_primary, $mimetype_secondary, $icon_set, $icon_size);
                        $audioTemplate = '<a href="{FILELINK}">' . $icon . '{FILENAME}</a>';
                    }
                    $attachments["html"][$filename] = parseTemplate($file_id, $mimetype_primary, $audioTemplate, $filename);
                } else {
                    LogInfo("audio error: " . $file_id->get_error_message());
                }
                break;
            case 'video':
                DebugEcho("video Attachement: {$filename}");
                $file_id = postie_media_handle_upload($part, $post_id, $poster, $generate_thumbnails);
                if (!is_wp_error($file_id)) {
                    $file = wp_get_attachment_url($file_id);
                    $cid = "";
                    if (array_key_exists('content-id', $part->headers)) {
                        $cid = trim($part->headers["content-id"], "<>");
                        DebugEcho("video Attachement cid: {$cid}");
                    }
                    //DebugDump($part);
                    if (in_array($fileext, $video1types)) {
                        DebugEcho("using video1 template: {$fileext}");
                        $videoTemplate = $video1template;
                    } elseif (in_array($fileext, $video2types)) {
                        DebugEcho("using video2 template: {$fileext}");
                        $videoTemplate = $video2template;
                    } else {
                        DebugEcho("using default template: {$fileext}");
                        $icon = chooseAttachmentIcon($file, $mimetype_primary, $mimetype_secondary, $icon_set, $icon_size);
                        $videoTemplate = '<a href="{FILELINK}">' . $icon . '{FILENAME}</a>';
                    }
                    $attachments["html"][$filename] = parseTemplate($file_id, $mimetype_primary, $videoTemplate, $filename);
                    //echo "videoTemplate = $videoTemplate\n";
                } else {
                    LogInfo($file_id->get_error_message());
                }
                break;
            default:
                DebugEcho("found file type: " . $mimetype_primary);
                if (in_array($mimetype_primary, $supported_file_types)) {
                    //pgp signature - then forget it
                    if ($mimetype_secondary == 'pgp-signature') {
                        DebugEcho("found pgp-signature - done");
                        break;
                    }
                    $file_id = postie_media_handle_upload($part, $post_id, $poster, $generate_thumbnails);
                    if (!is_wp_error($file_id)) {
                        $file = wp_get_attachment_url($file_id);
                        DebugEcho("uploaded {$file_id} ({$file})");
                        $icon = chooseAttachmentIcon($file, $mimetype_primary, $mimetype_secondary, $icon_set, $icon_size);
                        DebugEcho("default: {$icon} {$filename}");
                        $attachments["html"][$filename] = parseTemplate($file_id, $mimetype_primary, $generaltemplate, $filename, $icon);
                        if (array_key_exists('content-id', $part->headers)) {
                            $cid = trim($part->headers["content-id"], "<>");
                            if ($cid) {
                                $attachments["cids"][$cid] = array($file, count($attachments["html"]) - 1);
                            }
                        } else {
                            DebugEcho("No content-id");
                        }
                    } else {
                        LogInfo($file_id->get_error_message());
                    }
                } else {
                    DebugEcho("Not in supported filetype list");
                    DebugDump($supported_file_types);
                }
                break;
        }
    }
    DebugEcho("meta_return: " . substr($meta_return, 0, 500));
    DebugEcho("====");
    return $meta_return;
}