| 1 | <?php |
| 2 | /******************************************************************************** |
| 3 | * * banana/message.func.inc.php : function to display messages |
| 4 | * * ------------------------ |
| 5 | * * |
| 6 | * * This file is part of the banana distribution |
| 7 | * * Copyright: See COPYING files that comes with this distribution |
| 8 | * ********************************************************************************/ |
| 9 | |
| 10 | require_once dirname(__FILE__) . '/mimepart.inc.php'; |
| 11 | require_once dirname(__FILE__) . '/banana.inc.php'; |
| 12 | |
| 13 | // {{{ Plain Text Functions |
| 14 | |
| 15 | function banana_isFlowed($line) |
| 16 | { |
| 17 | return ctype_space(substr($line, -1)) && $line != '-- '; |
| 18 | } |
| 19 | |
| 20 | function banana_removeQuotes($line, &$quote_level, $strict = true) |
| 21 | { |
| 22 | $quote_level = 0; |
| 23 | if (empty($line)) { |
| 24 | return ''; |
| 25 | } |
| 26 | while ($line{0} == '>') { |
| 27 | $line = substr($line, 1); |
| 28 | if (!$strict && ctype_space($line{0})) { |
| 29 | $line = substr($line, 1); |
| 30 | } |
| 31 | $quote_level++; |
| 32 | } |
| 33 | if (ctype_space($line{0})) { |
| 34 | $line = substr($line, 1); |
| 35 | } |
| 36 | return $line; |
| 37 | } |
| 38 | |
| 39 | function banana_quote($line, $level, $mark = '>') |
| 40 | { |
| 41 | $lines = explode("\n", $line); |
| 42 | $quote = str_repeat($mark, $level); |
| 43 | foreach ($lines as &$line) { |
| 44 | $line = $quote . $line; |
| 45 | } |
| 46 | return implode("\n", $lines); |
| 47 | } |
| 48 | |
| 49 | function banana_unflowed($text) |
| 50 | { |
| 51 | $lines = explode("\n", $text); |
| 52 | $text = ''; |
| 53 | while (!is_null($line = array_shift($lines))) { |
| 54 | $level = 0; |
| 55 | $line = banana_removeQuotes($line, $level); |
| 56 | while (banana_isFlowed($line)) { |
| 57 | $lvl = 0; |
| 58 | if (empty($lines)) { |
| 59 | break; |
| 60 | } |
| 61 | $nl = $lines[0]; |
| 62 | $nl = banana_removeQuotes($nl, $lvl); |
| 63 | if ($lvl == $level) { |
| 64 | $line .= $nl; |
| 65 | array_shift($lines); |
| 66 | } else { |
| 67 | break; |
| 68 | } |
| 69 | } |
| 70 | $text .= banana_quote($line, $level) . "\n"; |
| 71 | } |
| 72 | return $text; |
| 73 | } |
| 74 | |
| 75 | function banana_wordwrap($text, $quote_level) |
| 76 | { |
| 77 | if ($quote_level > 0) { |
| 78 | $length = Banana::$msgshow_wrap - $quote_level - 1; |
| 79 | return banana_quote(wordwrap($text, $length), $quote_level); |
| 80 | |
| 81 | } |
| 82 | return wordwrap($text, Banana::$msgshow_wrap); |
| 83 | } |
| 84 | |
| 85 | function banana_catchFormats($text) |
| 86 | { |
| 87 | $formatting = Array('/' => 'em', // match / first in order not to match closing markups </...> <> </> |
| 88 | '_' => 'u', |
| 89 | '*' => 'strong'); |
| 90 | $url = Banana::$msgshow_url; |
| 91 | preg_match_all("/$url/ui", $text, $urls); |
| 92 | $text = str_replace($urls[0], "&&&urls&&&", $text); |
| 93 | foreach ($formatting as $limit=>$mark) { |
| 94 | $limit = preg_quote($limit, '/'); |
| 95 | $text = preg_replace('/' . $limit . '(\S+?)' . $limit . '/us', |
| 96 | "<$mark>\\1</$mark>", $text); |
| 97 | } |
| 98 | return preg_replace('/&&&urls&&&/e', 'array_shift($urls[0])', $text); |
| 99 | } |
| 100 | |
| 101 | // {{{ URL Catcher tools |
| 102 | |
| 103 | function banana__cutlink($link) |
| 104 | { |
| 105 | $link = banana_html_entity_decode($link, ENT_QUOTES); |
| 106 | if (strlen($link) > Banana::$msgshow_wrap) { |
| 107 | $link = substr($link, 0, Banana::$msgshow_wrap - 3) . "..."; |
| 108 | } |
| 109 | return banana_htmlentities($link, ENT_QUOTES); |
| 110 | } |
| 111 | |
| 112 | function banana__cleanURL($url) |
| 113 | { |
| 114 | $url = str_replace('@', '%40', $url); |
| 115 | if (strpos($url, '://') === false) { |
| 116 | $url = 'http://' . $url; |
| 117 | } |
| 118 | return '<a href="'.$url.'" title="'.$url.'">' . banana__cutlink($url) . '</a>'; |
| 119 | } |
| 120 | |
| 121 | function banana__catchMailLink($email) |
| 122 | { |
| 123 | $mid = '<' . $email . '>'; |
| 124 | if (isset(Banana::$spool->ids[$mid])) { |
| 125 | return Banana::$page->makeLink(Array('group' => Banana::$group, |
| 126 | 'artid' => Banana::$spool->ids[$mid], |
| 127 | 'text' => $email)); |
| 128 | } elseif (strpos($email, '$') !== false) { |
| 129 | return $email; |
| 130 | } |
| 131 | return '<a href="mailto:' . $email . '">' . $email . '</a>'; |
| 132 | } |
| 133 | |
| 134 | // }}} |
| 135 | |
| 136 | function banana_catchURLs($text) |
| 137 | { |
| 138 | $url = Banana::$msgshow_url; |
| 139 | |
| 140 | $res = preg_replace("/&(lt|gt|quot);/", " &\\1; ", $text); |
| 141 | $res = preg_replace("/$url/uie", "'\\1'.banana__cleanurl('\\2').'\\3'", $res); |
| 142 | $res = preg_replace('/(["\[])?(?:mailto:|news:)?([a-z0-9.\-+_\$]+@([\-.+_]?[a-z0-9])+)(["\]])?/ie', |
| 143 | "'\\1' . banana__catchMailLink('\\2') . '\\4'", |
| 144 | $res); |
| 145 | $res = preg_replace("/ &(lt|gt|quot); /", "&\\1;", $res); |
| 146 | return $res; |
| 147 | } |
| 148 | |
| 149 | // {{{ Quotes catcher functions |
| 150 | |
| 151 | function banana__replaceQuotes($text, $regexp) |
| 152 | { |
| 153 | return stripslashes(preg_replace("@(^|<pre>|\n)$regexp@i", '\1', $text)); |
| 154 | } |
| 155 | |
| 156 | // }}} |
| 157 | |
| 158 | function banana_catchQuotes($res, $strict = true) |
| 159 | { |
| 160 | if ($strict) { |
| 161 | $regexp = ">"; |
| 162 | } else { |
| 163 | $regexp = "> *"; |
| 164 | } |
| 165 | while (preg_match("/(^|<pre>|\n)$regexp/i", $res)) { |
| 166 | $res = preg_replace("/(^|<pre>|\n)(($regexp.*(?:\n|$))+)/ie", |
| 167 | "'\\1</pre><blockquote><pre>'" |
| 168 | ." . banana__replaceQuotes('\\2', '$regexp')" |
| 169 | ." . '</pre></blockquote><pre>'", |
| 170 | $res); |
| 171 | } |
| 172 | return $res; |
| 173 | } |
| 174 | |
| 175 | function banana_catchSignature($res) |
| 176 | { |
| 177 | $res = preg_replace("@<pre>-- ?\n@", "<pre>\n-- \n", $res); |
| 178 | $parts = preg_split("/\n-- ?\n/", $res); |
| 179 | $sign = '</pre><hr style="width: 100%; margin: 1em 0em; " /><pre>'; |
| 180 | return join($sign, $parts); |
| 181 | } |
| 182 | |
| 183 | function banana_plainTextToHtml($text, $strict = true) |
| 184 | { |
| 185 | $text = banana_htmlentities($text); |
| 186 | $text = banana_catchFormats($text); |
| 187 | $text = banana_catchURLs($text); |
| 188 | $text = banana_catchQuotes($text, $strict); |
| 189 | $text = banana_catchSignature($text); |
| 190 | return banana_cleanHtml('<pre>' . $text . '</pre>'); |
| 191 | } |
| 192 | |
| 193 | function banana_wrap($text, $base_level = 0, $strict = true) |
| 194 | { |
| 195 | $lines = explode("\n", $text); |
| 196 | $text = ''; |
| 197 | $buffer = array(); |
| 198 | $level = 0; |
| 199 | while (!is_null($line = array_shift($lines))) { |
| 200 | $lvl = 0; |
| 201 | $line = banana_removeQuotes($line, $lvl, $strict); |
| 202 | if($lvl != $level) { |
| 203 | if (!empty($buffer)) { |
| 204 | $text .= banana_wordwrap(implode("\n", $buffer), $level + $base_level) . "\n"; |
| 205 | $buffer = array(); |
| 206 | } |
| 207 | $level = $lvl; |
| 208 | } |
| 209 | $buffer[] = $line; |
| 210 | } |
| 211 | if (!empty($buffer)) { |
| 212 | $text .= banana_wordwrap(implode("\n", $buffer), $level + $base_level); |
| 213 | } |
| 214 | return $text; |
| 215 | } |
| 216 | |
| 217 | function banana_formatPlainText(BananaMimePart &$part, $base_level = 0) |
| 218 | { |
| 219 | $text = $part->getText(); |
| 220 | if ($part->isFlowed()) { |
| 221 | $text = banana_unflowed($text); |
| 222 | } |
| 223 | $text = banana_wrap($text, $base_level, $part->isFlowed()); |
| 224 | return banana_plainTextToHtml($text, $part->isFlowed()); |
| 225 | } |
| 226 | |
| 227 | function banana_quotePlainText(BananaMimePart &$part) |
| 228 | { |
| 229 | $text = $part->getText(); |
| 230 | if ($part->isFlowed()) { |
| 231 | $text = banana_unflowed($text); |
| 232 | } |
| 233 | return banana_wrap($text, 1); |
| 234 | } |
| 235 | |
| 236 | // }}} |
| 237 | // {{{ HTML Functions |
| 238 | |
| 239 | function banana_htmlentities($text, $quote = ENT_COMPAT) |
| 240 | { |
| 241 | return htmlentities($text, $quote, 'UTF-8'); |
| 242 | } |
| 243 | |
| 244 | function banana_html_entity_decode($text, $quote = ENT_COMPAT) |
| 245 | { |
| 246 | return html_entity_decode($text, $quote, 'UTF-8'); |
| 247 | } |
| 248 | |
| 249 | function banana_removeEvilAttributes($tagSource) |
| 250 | { |
| 251 | $stripAttrib = 'javascript:|onclick|ondblclick|onmousedown|onmouseup|onmouseover|'. |
| 252 | 'onmousemove|onmouseout|onkeypress|onkeydown|onkeyup'; |
| 253 | return stripslashes(preg_replace("/$stripAttrib/i", '', $tagSource)); |
| 254 | } |
| 255 | |
| 256 | function banana_cleanStyles($tag, $attributes) |
| 257 | { |
| 258 | static $td_style, $conv, $size_conv; |
| 259 | if (!isset($td_style)) { |
| 260 | $conv = array('style' => 'style', 'width' => 'width', 'height' => 'height', 'border' => 'border-size', |
| 261 | 'size' => 'font-size', 'align' => 'text-align', 'valign' => 'vertical-align', 'face' => 'font', |
| 262 | 'bgcolor' => 'background-color', 'color' => 'color', 'style' => 'style', |
| 263 | 'cellpadding' => 'padding', 'cellspacing' => 'border-spacing'); |
| 264 | $size_conv = array(1 => 'xx-small', 2 => 'x-small', 3 => 'small', 4 => 'medium', 5 => 'large', |
| 265 | 6 => 'x-large', 7 => 'xx-large', |
| 266 | '-2' => 'xx-small', '-1' => 'x-small', '+1' => 'medium', '+2' => 'large', |
| 267 | '+3' => 'x-large', '+4' => 'xx-large'); |
| 268 | $td_style = array(); |
| 269 | } |
| 270 | if ($tag == 'table') { |
| 271 | array_unshift($td_style, ''); |
| 272 | } |
| 273 | if ($tag == '/table') { |
| 274 | array_shift($td_style); |
| 275 | } |
| 276 | if ($tag{0} == '/') { |
| 277 | return ''; |
| 278 | } |
| 279 | if ($tag == 'td') { |
| 280 | $style = $td_style[0]; |
| 281 | } else { |
| 282 | $style = ''; |
| 283 | } |
| 284 | $attributes = str_replace("\n", ' ', stripslashes($attributes)); |
| 285 | $attributes = str_replace('= "', '="', $attributes); |
| 286 | foreach ($conv as $att=>$stl) { |
| 287 | $pattern = '/\b' . preg_quote($att, '/') . '="(.+?)"/i'; |
| 288 | if (preg_match($pattern, $attributes, $matches)) { |
| 289 | $attributes = preg_replace($pattern, '', $attributes); |
| 290 | $val = $matches[1]; |
| 291 | if ($att == 'cellspacing' && strpos($style, 'border-collapse') === false) { |
| 292 | $style .= "border-collapse: separate; border-spacing: $val $val; "; |
| 293 | } elseif ($att == 'cellpadding' && $tag == 'table') { |
| 294 | $td_style[0] = "$stl: {$val}px; "; |
| 295 | } elseif ($att == 'style') { |
| 296 | $val = rtrim($val, ' ;'); |
| 297 | $style .= "$val; "; |
| 298 | } elseif ($att == 'size') { |
| 299 | $val = $size_conv[$val]; |
| 300 | $style .= "$stl: $val; "; |
| 301 | } elseif (is_numeric($val)) { |
| 302 | $style .= "$stl: {$val}px; "; |
| 303 | } else { |
| 304 | $style .= "$stl: $val; "; |
| 305 | } |
| 306 | } |
| 307 | } |
| 308 | if (!empty($style)) { |
| 309 | $style = 'style="' . $style . '" '; |
| 310 | } |
| 311 | return ' ' . $style . trim($attributes); |
| 312 | } |
| 313 | |
| 314 | /** |
| 315 | * @return string |
| 316 | * @param string |
| 317 | * @desc Strip forbidden tags and delegate tag-source check to removeEvilAttributes() |
| 318 | */ |
| 319 | function banana_cleanHtml($source, $to_xhtml = false) |
| 320 | { |
| 321 | if (function_exists('tidy_repair_string')) { |
| 322 | $tidy_on = Array( |
| 323 | 'drop-empty-paras', 'drop-proprietary-attributes', |
| 324 | 'hide-comments', 'logical-emphasis', 'output-xhtml', |
| 325 | 'replace-color', |
| 326 | ); |
| 327 | $tidy_off = Array('join-classes', 'clean', 'show-body-only'); // 'clean' may be a good idea, but it is too aggressive |
| 328 | |
| 329 | foreach($tidy_on as $opt) { |
| 330 | tidy_setopt($opt, true); |
| 331 | } |
| 332 | foreach($tidy_off as $opt) { |
| 333 | tidy_setopt($opt, false); |
| 334 | } |
| 335 | tidy_setopt('alt-text', '[ inserted by TIDY ]'); |
| 336 | tidy_setopt('wrap', '120'); |
| 337 | tidy_set_encoding('utf8'); |
| 338 | $source = tidy_repair_string($source); |
| 339 | } |
| 340 | |
| 341 | // To XHTML |
| 342 | if ($to_xhtml) { |
| 343 | // catch inline CSS |
| 344 | $css = null; |
| 345 | if (preg_match('/<head.*?>(.*?)<\/head>/is', $source, $matches)) { |
| 346 | $source = preg_replace('/<head.*?>.*?<\/head>/is', '', $source); |
| 347 | preg_match_all('/<style.*?type="text\/css".*?>(.*?)<\/style>/is', $matches[1], $matches); |
| 348 | foreach ($matches[1] as &$match) { |
| 349 | $css .= $match; |
| 350 | } |
| 351 | $css = preg_replace("/(^|\n|,)\s*(\w+[^\{\}\<]+\{)/s", '\1.banana .message .body .html \2', $css); |
| 352 | $css = preg_replace('/ body\b/i', '', $css); |
| 353 | Banana::$page->addCssInline($css); |
| 354 | } |
| 355 | |
| 356 | // clean DTD |
| 357 | $source = str_replace('<font', '<span', $source); |
| 358 | $source = preg_replace('/<u\b/', '<span style="text-decoration: underline"', $source); |
| 359 | $source = preg_replace('/<\/(font|u)>/', '</span>', $source); |
| 360 | $source = str_replace('<body', $css ? '<div class="html"' : '<div class="html default"', $source); |
| 361 | $source = str_replace('</body>', '</div>', $source); |
| 362 | } |
| 363 | $allowedTags = '<h1><h2><h3><b><i><a><ul><li><pre><hr><blockquote><img><br><div><span>' |
| 364 | . '<p><small><big><sup><sub><code><em><strong><table><tr><td><th>'; |
| 365 | $source = strip_tags($source, $allowedTags); |
| 366 | |
| 367 | // Use inlined style instead of old html attributes |
| 368 | if ($to_xhtml) { |
| 369 | $source = preg_replace('/<(\/?\w+)(.*?)(\/?>)/ise', "'<\\1' . banana_cleanStyles('\\1', '\\2') . '\\3'", $source); |
| 370 | } |
| 371 | return preg_replace('/<(.*?)>/ie', "'<'.banana_removeEvilAttributes('\\1').'>'", $source); |
| 372 | } |
| 373 | |
| 374 | function banana_catchHtmlSignature($res) |
| 375 | { |
| 376 | $res = preg_replace("@(</p>)\n?-- ?\n?(<p[^>]*>|<br[^>]*>)@", "\\1<br/>-- \\2", $res); |
| 377 | $res = preg_replace("@<br[^>]*>\n?-- ?\n?(<p[^>]*>)@", "<br/>-- <br/>\\2", $res); |
| 378 | $res = preg_replace("@(<pre[^>]*>)\n?-- ?\n@", "<br/>-- <br/>\\1", $res); |
| 379 | $parts = preg_split("@(:?<p[^>]*>\n?-- ?\n?</p>|<br[^>]*>\n?-- ?\n?<br[^>]*>)@", $res); |
| 380 | $sign = '<hr style="width: 100%; margin: 1em 0em; " />'; |
| 381 | return join($sign, $parts); |
| 382 | } |
| 383 | |
| 384 | // {{{ Link to part catcher tools |
| 385 | |
| 386 | function banana__linkAttachment($cid) |
| 387 | { |
| 388 | return banana_htmlentities( |
| 389 | Banana::$page->makeUrl(Array('group' => Banana::$group, |
| 390 | 'artid' => Banana::$artid, |
| 391 | 'part' => $cid))); |
| 392 | } |
| 393 | |
| 394 | // }}} |
| 395 | |
| 396 | function banana_hideExternalImages($text) |
| 397 | { |
| 398 | return preg_replace("/<img([^>]*?)src=['\"](?!cid).*?['\"](.*?)>/i", |
| 399 | '<img\1src="invalid"\2>', |
| 400 | $text); |
| 401 | } |
| 402 | |
| 403 | function banana_catchPartLinks($text) |
| 404 | { |
| 405 | $article = Banana::$page->makeURL(array('group' => Banana::$group, 'artid' => Banana::$artid, 'part' => Banana::$part)); |
| 406 | $article = banana_htmlentities($article); |
| 407 | $text = preg_replace('/cid:([^\'" ]+)/e', "banana__linkAttachment('\\1')", $text); |
| 408 | $text = preg_replace('/href="(#.*?)"/i', 'href="' . $article . '\1"', $text); |
| 409 | return $text; |
| 410 | } |
| 411 | |
| 412 | // {{{ HTML to Plain Text tools |
| 413 | |
| 414 | function banana__convertFormats($res) |
| 415 | { |
| 416 | $table = array('em|i' => '/', |
| 417 | 'strong|b' => '*', |
| 418 | 'u' => '_'); |
| 419 | foreach ($table as $tags=>$format) { |
| 420 | $res = preg_replace("!</?($tags)( .*?)?>!is", $format, $res); |
| 421 | } |
| 422 | return $res; |
| 423 | } |
| 424 | |
| 425 | function banana__convertQuotes($res) |
| 426 | { |
| 427 | return preg_replace('!<blockquote.*?>([^<]*)</blockquote>!ies', |
| 428 | "\"\n\" . banana_quote(banana__convertQuotes('\\1' . \"\n\"), 1, '>')", |
| 429 | $res); |
| 430 | } |
| 431 | |
| 432 | // }}} |
| 433 | |
| 434 | function banana_htmlToPlainText($res) |
| 435 | { |
| 436 | $res = str_replace("\n", '', $res); |
| 437 | $res = banana__convertFormats($res); |
| 438 | $res = trim(strip_tags($res, '<div><br><p><blockquote>')); |
| 439 | $res = preg_replace("@</?(br|p|div).*?>@si", "\n", $res); |
| 440 | $res = banana__convertQuotes($res); |
| 441 | return banana_html_entity_decode($res); |
| 442 | } |
| 443 | |
| 444 | function banana_formatHtml(BananaMimePart &$part) |
| 445 | { |
| 446 | $text = $part->getText(); |
| 447 | $text = banana_catchHtmlSignature($text); |
| 448 | if (!Banana::$msgshow_externalimages) { |
| 449 | $text = banana_hideExternalImages($text); |
| 450 | } |
| 451 | $text = banana_catchPartLinks($text); |
| 452 | return banana_cleanHtml($text, true); |
| 453 | } |
| 454 | |
| 455 | function banana_quoteHtml(BananaMimePart &$part) |
| 456 | { |
| 457 | $text = $part->getText(); |
| 458 | $text = banana_htmlToPlainText($text); |
| 459 | return banana_wrap($text, 1); |
| 460 | } |
| 461 | |
| 462 | // }}} |
| 463 | // {{{ Richtext Functions |
| 464 | |
| 465 | /** Convert richtext to html |
| 466 | */ |
| 467 | function banana_richtextToHtml($source) |
| 468 | { |
| 469 | $tags = Array('bold' => 'b', |
| 470 | 'italic' => 'i', |
| 471 | 'smaller' => 'small', |
| 472 | 'bigger' => 'big', |
| 473 | 'underline' => 'u', |
| 474 | 'subscript' => 'sub', |
| 475 | 'superscript' => 'sup', |
| 476 | 'excerpt' => 'blockquote', |
| 477 | 'paragraph' => 'p', |
| 478 | 'nl' => 'br' |
| 479 | ); |
| 480 | |
| 481 | // clean unsupported tags |
| 482 | $protectedTags = '<signature><lt><comment><'.join('><', array_keys($tags)).'>'; |
| 483 | $source = strip_tags($source, $protectedTags); |
| 484 | |
| 485 | // convert richtext tags to html |
| 486 | foreach (array_keys($tags) as $tag) { |
| 487 | $source = preg_replace('@(</?)'.$tag.'([^>]*>)@i', '\1'.$tags[$tag].'\2', $source); |
| 488 | } |
| 489 | |
| 490 | // some special cases |
| 491 | $source = preg_replace('@<signature>@i', '<br>-- <br>', $source); |
| 492 | $source = preg_replace('@</signature>@i', '', $source); |
| 493 | $source = preg_replace('@<lt>@i', '<', $source); |
| 494 | $source = preg_replace('@<comment[^>]*>((?:[^<]|<(?!/comment>))*)</comment>@i', '<!-- \1 -->', $source); |
| 495 | return banana_cleanHtml($source); |
| 496 | } |
| 497 | |
| 498 | function banana_formatRichText(BananaMimePart &$part) |
| 499 | { |
| 500 | $text = $part->getText(); |
| 501 | $text = banana_richtextToHtml($text); |
| 502 | $text = banana_catchHtmlSignature($text); |
| 503 | return banana_cleanHtml($text); |
| 504 | } |
| 505 | |
| 506 | function banana_quoteRichtText(BananaMimePart &$part) |
| 507 | { |
| 508 | $text = $part->getText(); |
| 509 | $text = banana_richtextToHtml($text); |
| 510 | $text = banana_htmlToPlainText($text); |
| 511 | return banana_wrap($text, 1); |
| 512 | } |
| 513 | |
| 514 | // }}} |
| 515 | |
| 516 | // vim:set et sw=4 sts=4 ts=4 enc=utf-8: |
| 517 | ?> |