// fill-in and submit a pickup form when a dropoff on the page // is clicked. // $iMax = count($allDropoffs); $totalsize = 0; $smarty->assign('countDropoffs', $iMax); if ($allDropoffs && $iMax > 0) { $outputDropoffs = array(); $i = 0; foreach ($allDropoffs as $dropoff) { $outputDropoffs[$i] = array(); $outputDropoffs[$i]['claimID'] = $dropoff->claimID(); $outputDropoffs[$i]['senderName'] = $dropoff->senderName(); $outputDropoffs[$i]['senderOrg'] = $dropoff->senderOrganization(); $outputDropoffs[$i]['senderEmail'] = $dropoff->senderEmail(); $outputDropoffs[$i]['createdDate'] = timeForDate($dropoff->created()); $outputDropoffs[$i]['formattedBytes'] = $dropoff->formattedBytes(); $outputDropoffs[$i]['Bytes'] = $dropoff->Bytes(); $totalsize += $theDropbox->database()->DBBytesOfDropoff($dropoff->dropoffID()); $recipients = $allDropoffs[$i]->recipients(); $j = 0; $outputDropoffs[$i]['recipients'] = array(); foreach ($dropoff->recipients() as $recipient) { $outputDropoffs[$i]['recipients'][$j] = array(); $outputDropoffs[$i]['recipients'][$j]['name'] = htmlentities($recipient[0]); $outputDropoffs[$i]['recipients'][$j]['email'] = htmlentities($recipient[1]); $j++; } $i++; } $smarty->assignByRef('dropoffs', $outputDropoffs);
function timestampForDate($aDate = NULL) { return timestampForTime(timeForDate($aDate)); }
public function HTMLSummary($clickable = FALSE, $overrideShowRecips = FALSE) { global $smarty; $curUser = $this->_dropbox->authorizedUser(); $curUserEmail = $this->_dropbox->authorizedUserData("mail"); $isSender = FALSE; $isAdmin = FALSE; $overrideShowRecips = FALSE; if ($curUser) { if ($curUserEmail && strcasecmp($curUserEmail, $this->_senderEmail) == 0) { $isSender = TRUE; } if ($this->_dropbox->authorizedUserData('grantAdminPriv')) { $isAdmin = TRUE; } if ($curUser == $this->_authorizedUser || $isSender) { $overrideShowRecips = TRUE; } } if ($this->_senderIP) { // Try to get a hostname for the IP, too: $remoteHostName = gethostbyaddr($this->_senderIP); } if (count($this->_recipients) == 1) { $isSingleRecip = TRUE; } $smarty->assign('isClickable', $clickable); $smarty->assign('isDeleteable', $clickable && ($isAdmin || $isSender || $isSingleRecip)); $smarty->assign('isSendable', $clickable && $isSender); $smarty->assign('inPickupPHP', preg_match('/pickup\\.php/', $_SERVER['PHP_SELF'])); $smarty->assign('claimPasscode', $this->_claimPasscode); $smarty->assign('senderName', $this->_senderName); $smarty->assign('senderOrg', $this->_senderOrganization); $smarty->assign('senderEmail', $this->_senderEmail); $smarty->assign('senderHost', $remoteHostName); $smarty->assign('createdDate', timeForDate($this->created())); $smarty->assign('expiryDate', timeForDate($this->created()) + 3600 * 24 * $this->_dropbox->retainDays()); $smarty->assign('confirmDelivery', $this->_confirmDelivery ? TRUE : FALSE); $smarty->assign('informRecipients', $this->_informRecipients ? TRUE : FALSE); $smarty->assign('showRecips', $this->_dropbox->showRecipsOnPickup() || $overrideShowRecips || $this->_dropbox->authorizedUser() && $this->_dropbox->authorizedUserData('grantAdminPriv')); // MyZendTo: If there is only 1 recipient then that must be the sender if (preg_match('/^[yYtT1]/', MYZENDTO) && count($this->_recipients) <= 1) { $smarty->assign('showRecips', FALSE); } $reciphtml = array(); foreach ($this->_recipients as $r) { $reciphtml[] = array(htmlentities($r[0], ENT_NOQUOTES, 'UTF-8'), htmlentities($r[1], ENT_NOQUOTES, 'UTF-8')); } $smarty->assign('recipients', $reciphtml); $smarty->assign('note', htmlentities($this->_note, ENT_NOQUOTES, 'UTF-8')); $smarty->assign('subject', htmlentities($this->_subject, ENT_NOQUOTES, 'UTF-8')); $dropoffFiles = $this->_dropbox->database->DBFilesForDropoff($this->_dropoffID); $smarty->assign('dropoffFilesCount', count($dropoffFiles)); // Fill the outputFiles array with all the dropoffFiles, over-riding // one or two elements as we go so it's ready-formatted. $outputFiles = array(); $i = 0; foreach ($dropoffFiles as $file) { $outputFiles[$i] = $file; $outputFiles[$i]['basename'] = htmlentities($file['basename'], ENT_NOQUOTES, 'UTF-8'); $outputFiles[$i]['length'] = NSSFormattedMemSize($file['lengthInBytes']); $outputFiles[$i]['description'] = htmlentities($file['description'], ENT_NOQUOTES, 'UTF-8'); $i++; } $smarty->assignByRef('files', $outputFiles); // This is where the cross-site scripting vulnerability lies $emailAddr = isset($_POST['emailAddr']) ? $_POST['emailAddr'] : (isset($_GET['emailAddr']) ? $_GET['emailAddr'] : NULL); if (strlen(trim($emailAddr)) > 0) { if (preg_match($this->_dropbox->validEmailRegexp(), $emailAddr, $eAParts)) { $emailAddr = $eAParts[1] . "@" . $eAParts[2]; } /* else { $emailAddr = "Invalid_email_address"; } */ } else { // No email address at all, so it wasn't invalid but blank. $emailAddr = $smarty->getConfigVariable('UnknownRecipient'); } $smarty->assign('emailAddr', $emailAddr); $smarty->assign('downloadURL', 'download.php?claimID=' . $this->_claimID . '&claimPasscode=' . $this->_claimPasscode . ($emailAddr ? '&emailAddr=' . $emailAddr : '')); $pickups = $this->_dropbox->database->DBPickupsForDropoff($this->_dropoffID); $smarty->assign('pickupsCount', count($pickups)); // Fill the outputPickups array with all the pickups, over-riding // one or two elements as we go so it's ready-formatted. $outputPickups = array(); $i = 0; foreach ($pickups as $pickup) { $outputPickups[$i] = $pickup; $hostname = gethostbyaddr($pickups[$i]['recipientIP']); if ($hostname != $pickups[$i]['recipientIP']) { $hostname = "{$hostname} (" . $pickups[$i]['recipientIP'] . ")"; } $outputPickups[$i]['hostname'] = htmlentities($hostname, ENT_NOQUOTES, 'UTF-8'); $outputPickups[$i]['pickupDate'] = timeForTimestamp($pickups[$i]['pickupTimestamp']); $authorizedUser = htmlentities($pickups[$i]['authorizedUser'], ENT_NOQUOTES, 'UTF-8'); if (!$authorizedUser) { $authorizedUser = $pickups[$i]['emailAddr']; } $outputPickups[$i]['pickedUpBy'] = $authorizedUser; $i++; } $smarty->assignByRef('pickups', $outputPickups); }