X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=banana%2Fmessage.func.inc.php;h=f0f8d93d1e16c505577de6bb39692e50f05b907b;hb=18f6babf615250b1360e6abbf306e62a141a10b8;hp=04ad7cb837328ea4dc478fc1fcbf734659d63083;hpb=ab02e8a95a51e72a91709b4f0943ab57a1c5f90f;p=banana.git

diff --git a/banana/message.func.inc.php b/banana/message.func.inc.php
index 04ad7cb..f0f8d93 100644
--- a/banana/message.func.inc.php
+++ b/banana/message.func.inc.php
@@ -39,13 +39,9 @@ function banana_removeQuotes($line, &$quote_level, $strict = true)
 function banana_quote($line, $level, $mark = '>')
 {
     $lines = explode("\n", $line);
+    $quote = str_repeat($mark, $level);
     foreach ($lines as &$line) {
-        if ($level > 0 && substr($line, 0, strlen($mark)) != $mark) {
-            $line = ' ' . $line;
-        }
-        for ($i = 0 ; $i < $level ; $i++) {
-            $line = $mark . $line;
-        }
+        $line = $quote . $line;
     }
     return implode("\n", $lines);
 }
@@ -59,11 +55,17 @@ function banana_unflowed($text)
         $line = banana_removeQuotes($line, $level);
         while (banana_isFlowed($line)) {
             $lvl = 0;
-            if (is_null($nl = array_shift($lines))) {
+            if (empty($lines)) {
                 break;
             }
+            $nl  = $lines[0];
             $nl = banana_removeQuotes($nl, $lvl);
-            $line .= $nl;
+            if ($lvl == $level) {
+                $line .= $nl;
+                array_shift($lines);
+            } else {
+                break;
+            }
         }
         $text .= banana_quote($line, $level) . "\n";
     }
@@ -73,11 +75,11 @@ function banana_unflowed($text)
 function banana_wordwrap($text, $quote_level)
 {
     if ($quote_level > 0) {
-        $length = Banana::$wrap - $quote_level - 1;
+        $length = Banana::$msgshow_wrap - $quote_level - 1;
         return banana_quote(wordwrap($text, $length), $quote_level);
     
     }
-    return wordwrap($text, Banana::$wrap);
+    return wordwrap($text, Banana::$msgshow_wrap);
 }
 
 function banana_catchFormats($text)
@@ -85,12 +87,12 @@ function banana_catchFormats($text)
     $formatting = Array('/' => 'em', // match / first in order not to match closing markups </...> <> </>
                         '_' => 'u',
                         '*' => 'strong');
-    $url = Banana::$url_regexp;
-    preg_match_all("/$url/i", $text, $urls);
+    $url = Banana::$msgshow_url;
+    preg_match_all("/$url/ui", $text, $urls);
     $text = str_replace($urls[0], "&&&urls&&&", $text);
     foreach ($formatting as $limit=>$mark) {
         $limit = preg_quote($limit, '/');
-        $text = preg_replace("/$limit\\b(.*?)\\b$limit/s",
+        $text = preg_replace('/' . $limit . '(\S+?)' . $limit . '/us',
                              "<$mark>\\1</$mark>", $text);
     }
     return preg_replace('/&&&urls&&&/e', 'array_shift($urls[0])', $text);
@@ -101,8 +103,8 @@ function banana_catchFormats($text)
 function banana__cutlink($link)
 {
     $link = banana_html_entity_decode($link, ENT_QUOTES);
-    if (strlen($link) > Banana::$wrap) {
-        $link = substr($link, 0, Banana::$wrap - 3) . "...";
+    if (strlen($link) > Banana::$msgshow_wrap) {
+        $link = substr($link, 0, Banana::$msgshow_wrap - 3) . "...";
     }
     return banana_htmlentities($link, ENT_QUOTES);
 }
@@ -133,10 +135,10 @@ function banana__catchMailLink($email)
 
 function banana_catchURLs($text)
 {
-    $url  = Banana::$url_regexp;
+    $url  = Banana::$msgshow_url;
 
     $res  = preg_replace("/&(lt|gt|quot);/", " &\\1; ", $text);
-    $res  = preg_replace("/$url/ie", "'\\1'.banana__cleanurl('\\2').'\\3'", $res);
+    $res  = preg_replace("/$url/uie", "'\\1'.banana__cleanurl('\\2').'\\3'", $res);
     $res  = preg_replace('/(["\[])?(?:mailto:|news:)?([a-z0-9.\-+_\$]+@([\-.+_]?[a-z0-9])+)(["\]])?/ie',
                          "'\\1' . banana__catchMailLink('\\2') . '\\4'",
                           $res);
@@ -197,10 +199,12 @@ function banana_wrap($text, $base_level = 0, $strict = true)
     while (!is_null($line = array_shift($lines))) {
         $lvl = 0;
         $line = banana_removeQuotes($line, $lvl, $strict);
-        if($lvl != $level && !empty($buffer)) {
-            $text  .= banana_wordwrap(implode("\n", $buffer), $level + $base_level) . "\n";
+        if($lvl != $level) {
+            if (!empty($buffer)) {
+                $text  .= banana_wordwrap(implode("\n", $buffer), $level + $base_level) . "\n";
+                $buffer = array();
+            }    
             $level  = $lvl;
-            $buffer = array();
         }
         $buffer[] = $line;
     }
@@ -247,27 +251,93 @@ function banana_removeEvilAttributes($tagSource)
     $stripAttrib = 'javascript:|onclick|ondblclick|onmousedown|onmouseup|onmouseover|'.
                    'onmousemove|onmouseout|onkeypress|onkeydown|onkeyup';
     return stripslashes(preg_replace("/$stripAttrib/i", '', $tagSource));
-}   
+}
+
+function banana_cleanStyles($tag, $attributes)
+{
+    static $td_style, $conv, $size_conv;
+    if (!isset($td_style)) {
+        $conv = array('style' => 'style', 'width' => 'width', 'height' => 'height', 'border' => 'border-size',
+                      'size' => 'font-size', 'align' => 'text-align', 'valign' => 'vertical-align', 'face' => 'font',
+                      'bgcolor' => 'background-color', 'color' => 'color', 'style' => 'style',
+                      'cellpadding' => 'padding', 'cellspacing' => 'border-spacing');
+        $size_conv = array(1 => 'xx-small', 2 => 'x-small', 3 => 'small', 4 => 'medium', 5 => 'large',
+                           6 => 'x-large',  7 => 'xx-large',
+                           '-2' => 'xx-small', '-1' => 'x-small', '+1' => 'medium', '+2' => 'large',
+                           '+3' => 'x-large', '+4' => 'xx-large');
+        $td_style = array();
+    }
+    if ($tag == 'table') {
+        array_unshift($td_style, '');
+    }
+    if ($tag == '/table') {
+        array_shift($td_style);
+    }
+    if ($tag{0} == '/') {
+        return '';
+    }
+    if ($tag == 'td') {
+        $style = $td_style[0];
+    } else {
+        $style = '';
+    }
+    $attributes = str_replace("\n", ' ', stripslashes($attributes));
+    $attributes = str_replace('= "', '="', $attributes);
+    foreach ($conv as $att=>$stl) {
+        $pattern = '/\b' . preg_quote($att, '/') . '="(.+?)"/i';
+        if (preg_match($pattern, $attributes, $matches)) {
+            $attributes = preg_replace($pattern, '', $attributes);
+            $val = $matches[1];
+            if ($att == 'cellspacing' && strpos($style, 'border-collapse') === false) {
+                $style .= "border-collapse: separate; border-spacing: $val $val; ";
+            } elseif ($att == 'cellpadding' && $tag == 'table') {
+                $td_style[0] = "$stl: {$val}px; ";
+            } elseif ($att == 'style') {
+                $val = rtrim($val, ' ;');
+                $style .= "$val; ";
+            } elseif ($att == 'size') {
+                $val = $size_conv[$val];
+                $style .= "$stl: $val; ";
+            } elseif (is_numeric($val)) {
+                $style .= "$stl: {$val}px; ";
+            } else {
+                $style .= "$stl: $val; ";
+            }
+        }
+    }
+    if (!empty($style)) {
+        $style = 'style="' . $style . '" ';
+    }
+    return ' ' . $style . trim($attributes);
+}
+
+function banana_filterCss($css)
+{
+    $css = preg_replace("/(^|\n|,)\s*(\w+[^\{\}\<]+\{)/s", '\1.banana .message .body .html \2', $css);
+    $css = preg_replace('/ body\b/i', '', $css);
+    if (!Banana::$msgshow_externalimages) {
+        if (preg_match("/url\(((ht|f)tps?:.*?)\)/i", $css)) {
+            $css = preg_replace("/url\(((ht|f)tps?:.*?)\)/i", 'url(invalid-image.png)', $css);
+            Banana::$msgshow_hasextimages = true;
+        }
+    }
+    return $css;
+}
     
 /**
  * @return string
  * @param string
  * @desc Strip forbidden tags and delegate tag-source check to removeEvilAttributes()
  */
-function banana_cleanHtml($source)
+function banana_cleanHtml($source, $to_xhtml = false)
 {
-    $allowedTags = '<h1><b><i><a><ul><li><pre><hr><blockquote><img><br><font><div>'
-                 . '<p><small><big><sup><sub><code><em><strong><table><tr><td><th>';
-    $source = strip_tags($source, $allowedTags);
-    $source = preg_replace('/<(.*?)>/ie', "'<'.banana_removeEvilAttributes('\\1').'>'", $source);
-        
     if (function_exists('tidy_repair_string')) {
         $tidy_on = Array(
             'drop-empty-paras', 'drop-proprietary-attributes',
             'hide-comments', 'logical-emphasis', 'output-xhtml',
-            'replace-color', 'show-body-only'
+            'replace-color',
         );
-        $tidy_off = Array('join-classes', 'clean'); // 'clean' may be a good idea, but it is too aggressive
+        $tidy_off = Array('join-classes', 'clean', 'show-body-only'); // 'clean' may be a good idea, but it is too aggressive
 
         foreach($tidy_on as $opt) {
             tidy_setopt($opt, true);
@@ -278,9 +348,39 @@ function banana_cleanHtml($source)
         tidy_setopt('alt-text', '[ inserted by TIDY ]');
         tidy_setopt('wrap', '120');
         tidy_set_encoding('utf8');
-        return tidy_repair_string($source);
+        $source = tidy_repair_string($source);
     }
-    return $source;
+
+    // To XHTML
+    if ($to_xhtml) {
+        // catch inline CSS
+        $css = null;
+        if (preg_match('/<head.*?>(.*?)<\/head>/is', $source, $matches)) {
+            $source = preg_replace('/<head.*?>.*?<\/head>/is', '', $source);
+            preg_match_all('/<style.*?type="text\/css".*?>(.*?)<\/style>/is', $matches[1], $matches);
+            foreach ($matches[1] as &$match) {
+                $css .= $match;
+            }
+            $css = banana_filterCss($css);
+            Banana::$page->addCssInline($css);
+        }
+
+        // clean DTD
+        $source = str_replace('<font', '<span', $source);
+        $source = preg_replace('/<u\b/', '<span style="text-decoration: underline"', $source);
+        $source = preg_replace('/<\/(font|u)>/', '</span>', $source);
+        $source = str_replace('<body', $css ? '<div class="html"' : '<div class="html default"', $source);
+        $source = str_replace('</body>', '</div>', $source);
+    }
+    $allowedTags = '<h1><h2><h3><b><i><a><ul><li><pre><hr><blockquote><img><br><div><span>'
+                 . '<p><small><big><sup><sub><code><em><strong><table><tr><td><th>';
+    $source = strip_tags($source, $allowedTags);
+
+    // Use inlined style instead of old html attributes
+    if ($to_xhtml) {
+        $source = preg_replace('/<(\/?\w+)(.*?)(\/?>)/ise', "'<\\1' . banana_cleanStyles('\\1', '\\2') . '\\3'", $source);
+    }    
+    return preg_replace('/<(.*?)>/ie', "'<'.banana_removeEvilAttributes('\\1').'>'", $source);
 }
 
 function banana_catchHtmlSignature($res)
@@ -307,14 +407,22 @@ function banana__linkAttachment($cid)
 
 function banana_hideExternalImages($text)
 {
-    return preg_replace("/<img[^>]*?src=['\"](?!cid).*?>/i",
-                        Banana::$page->makeImg(array('img' => 'invalid')),
-                        $text);
+    if (preg_match("/<img([^>]*?)src=['\"](?!cid).*?['\"](.*?)>/i", $text)) {
+        Banana::$msgshow_hasextimages = true;
+        return preg_replace("/<img([^>]*?)src=['\"](?!cid).*?['\"](.*?)>/i",
+                            '<img\1src="invalid"\2>',
+                            $text);
+    }
+    return $text;
 }
 
 function banana_catchPartLinks($text)
 {
-    return preg_replace('/cid:([^\'" ]+)/e', "banana__linkAttachment('\\1')", $text);
+    $article = Banana::$page->makeURL(array('group' => Banana::$group, 'artid' => Banana::$artid, 'part' => Banana::$part));
+    $article = banana_htmlentities($article);
+    $text = preg_replace('/cid:([^\'" ]+)/e', "banana__linkAttachment('\\1')", $text);
+    $text = preg_replace('/href="(#.*?)"/i', 'href="' . $article . '\1"', $text);
+    return $text;
 }
 
 // {{{ HTML to Plain Text tools
@@ -353,9 +461,11 @@ function banana_formatHtml(BananaMimePart &$part)
 {
     $text = $part->getText();
     $text = banana_catchHtmlSignature($text);
-    $text = banana_hideExternalImages($text);
+    if (!Banana::$msgshow_externalimages) {
+        $text = banana_hideExternalImages($text);
+    }    
     $text = banana_catchPartLinks($text);
-    return banana_cleanHtml($text);
+    return banana_cleanHtml($text, true);
 }
 
 function banana_quoteHtml(BananaMimePart &$part)
@@ -409,7 +519,15 @@ function banana_formatRichText(BananaMimePart &$part)
     return banana_cleanHtml($text);
 }
 
+function banana_quoteRichtText(BananaMimePart &$part)
+{
+    $text = $part->getText();
+    $text = banana_richtextToHtml($text);
+    $text = banana_htmlToPlainText($text);
+    return banana_wrap($text, 1);
+}
+
 // }}}
 
-// vim:set et sw=4 sts=4 ts=4:
+// vim:set et sw=4 sts=4 ts=4 enc=utf-8:
 ?>