コード例 #1
0
ファイル: mime.php プロジェクト: BackupTheBerlios/hpt-obm-svn
/**
 * This function runs various checks against the attributes.
 *
 * @param  $tagname         String with the name of the tag.
 * @param  $attary          Array with all tag attributes.
 * @param  $rm_attnames     See description for sq_sanitize
 * @param  $bad_attvals     See description for sq_sanitize
 * @param  $add_attr_to_tag See description for sq_sanitize
 * @param  $message         message object
 * @param  $id              message id
 * @return                  Array with modified attributes.
 */
function sq_fixatts($tagname, $attary, $rm_attnames, $bad_attvals, $add_attr_to_tag, $message, $id, $mailbox)
{
    $me = 'sq_fixatts';
    while (list($attname, $attvalue) = each($attary)) {
        /**
         * See if this attribute should be removed.
         */
        foreach ($rm_attnames as $matchtag => $matchattrs) {
            if (preg_match($matchtag, $tagname)) {
                foreach ($matchattrs as $matchattr) {
                    if (preg_match($matchattr, $attname)) {
                        unset($attary[$attname]);
                        continue;
                    }
                }
            }
        }
        /**
         * Remove any backslashes, entities, and extraneous whitespace.
         */
        $attvalue = sq_unbackslash($attvalue);
        $attvalue = sq_deent($attvalue);
        $attvalue = sq_unspace($attvalue);
        /**
         * Remove \r \n \t \0 " " "\\"
         */
        $attvalue = str_replace(array("\r", "\n", "\t", "", " ", "\\"), array('', '', '', '', '', ''), $attvalue);
        /**
         * Now let's run checks on the attvalues.
         * I don't expect anyone to comprehend this. If you do,
         * get in touch with me so I can drive to where you live and
         * shake your hand personally. :)
         */
        foreach ($bad_attvals as $matchtag => $matchattrs) {
            if (preg_match($matchtag, $tagname)) {
                foreach ($matchattrs as $matchattr => $valary) {
                    if (preg_match($matchattr, $attname)) {
                        /**
                         * There are two arrays in valary.
                         * First is matches.
                         * Second one is replacements
                         */
                        list($valmatch, $valrepl) = $valary;
                        $newvalue = preg_replace($valmatch, $valrepl, $attvalue);
                        if ($newvalue != $attvalue) {
                            $attary[$attname] = $newvalue;
                        }
                    }
                }
            }
        }
        /**
         * Turn cid: urls into http-friendly ones.
         */
        if (preg_match("/^[\\'\"]\\s*cid:/si", $attvalue)) {
            $attary[$attname] = sq_cid2http($message, $id, $attvalue, $mailbox);
        }
    }
    /**
     * See if we need to append any attributes to this tag.
     */
    foreach ($add_attr_to_tag as $matchtag => $addattary) {
        if (preg_match($matchtag, $tagname)) {
            $attary = array_merge($attary, $addattary);
        }
    }
    return $attary;
}
コード例 #2
0
ファイル: mime.php プロジェクト: jin255ff/company_website
/**
 * This function checks attribute values for entity-encoded values
 * and returns them translated into 8-bit strings so we can run
 * checks on them.
 *
 * @param  $attvalue A string to run entity check against.
 * @return           Nothing, modifies a reference value.
 */
function sq_defang(&$attvalue)
{
    $me = 'sq_defang';
    /**
     * Skip this if there aren't ampersands or backslashes.
     */
    if (strpos($attvalue, '&') === false && strpos($attvalue, '\\') === false) {
        return;
    }
    $m = false;
    do {
        $m = false;
        $m = $m || sq_deent($attvalue, '/\\&#0*(\\d+);*/s');
        $m = $m || sq_deent($attvalue, '/\\&#x0*((\\d|[a-f])+);*/si', true);
        $m = $m || sq_deent($attvalue, '/\\\\(\\d+)/s', true);
    } while ($m == true);
    $attvalue = stripslashes($attvalue);
}
コード例 #3
0
ファイル: mime.php プロジェクト: teammember8/roundcube
/**
 * This function checks attribute values for entity-encoded values
 * and returns them translated into 8-bit strings so we can run
 * checks on them.
 *
 * @param  $attvalue A string to run entity check against.
 * @return           Nothing, modifies a reference value.
 */
function sq_defang(&$attvalue)
{
    $me = 'sq_defang';
    /**
     * Skip this if there aren't ampersands or backslashes.
     */
    if (strpos($attvalue, '&') === false && strpos($attvalue, '\\') === false) {
        return;
    }
    $m = false;
    // before deent, translate the dangerous unicode characters and ... to safe values
    // otherwise the regular expressions do not match.
    do {
        $m = false;
        $m = $m || sq_deent($attvalue, '/\\&#0*(\\d+);*/s');
        $m = $m || sq_deent($attvalue, '/\\&#x0*((\\d|[a-f])+);*/si', true);
        $m = $m || sq_deent($attvalue, '/\\\\(\\d+)/s', true);
    } while ($m == true);
    $attvalue = stripslashes($attvalue);
}