Changed version number

added patches from Tyler Akins to fix hyperlink rendering

AUTHORS

@@ -10,6 +10,7 @@
    Matt Phillips
    Lewis Bergman
    Bryan Stalcup <bryan@stalcup.net>
+   Tyler Akins <tyler@boas.anthro.mnsu.edu>
 
  Translations:
  -------------

ChangeLog

@@ -1,5 +1,10 @@
-Version 0.5pre2 -- DEVELOPMENT
-------------------------------
+Version 0.5 -- DEVELOPMENT
+--------------------------
+- Security fixes
+- Fixed hyperlink rendering problems
+
+Version 0.5pre2 -- September 6, 2000 
+------------------------------------
 - Added quite a few new themes
 - Fixed double folder problem on some servers
 - Using encryption for passwords

config/conf.pl

@@ -4,7 +4,7 @@
 #
 # A simple configure script to configure squirrelmail
 ############################################################              
-$conf_pl_version = "x52";
+$conf_pl_version = "x53";
 
 ############################################################              
 # First, lets read in the data already in there...

config/config_default.php

@@ -9,7 +9,7 @@
 //
 
     // don't change
-    $config_version = "x52";
+    $config_version = "x53";
 
 //  Organization's logo picture (blank if none)
     $org_logo = "../images/sm_logo.jpg";

functions/strings.php

@@ -136,39 +136,41 @@
       for ($i=0; $i < count($body_ary); $i++) {
          $line = $body_ary[$i];
          $line = charset_decode($charset, $line);
-         $line = str_replace("\t", "        ", $line);
+         $line = str_replace("\t", '        ', $line);
          
          if (strlen($line) - 2 >= $wrap_at) {
             $line = sqWordWrap($line, $wrap_at);  
          }
          
-         $line = str_replace(" ", "&nbsp;", $line);
+         $line = str_replace(' ', '&nbsp;', $line);
          $line = nl2br($line);
 
-         $line = parseEmail ($line);
+         // Removed parseEmail and integrated it into parseUrl
+         // This line is no longer needed.
+         // $line = parseEmail ($line);
          $line = parseUrl ($line);
-
-         $line = "^^$line"; // gotta do this because if not, strpos() returns 0 
-                            // which in PHP is the same as false.  Now it returns 2
-         if (strpos(trim(str_replace("&nbsp;", "", $line)), "&gt;&gt;") == 2) {
-            $line = substr($line, 2);
+         
+         $test_line = str_replace('&nbsp;', '', $line);
+         if (strpos($test_line, '&gt;&gt;') === 0) {
             $line = "<FONT COLOR=FF0000>$line</FONT>\n";
-         } else if (strpos(trim(str_replace("&nbsp;", "", $line)), "&gt;") == 2) {
-            $line = substr($line, 2);
+         } else if (strpos($test_line, '&gt;') === 0) {
             $line = "<FONT COLOR=800000>$line</FONT>\n";
-         } else {
-            $line = substr($line, 2);
-         } 
-         
-         $body_ary[$i] = "<tt>$line</tt><br>";
+         }
+
+         if ($line)
+         {
+             $line = '<tt>' . $line . '</tt>';
+         }
+
+         $body_ary[$i] = $line . '<br>';
       }
       $body = implode("\n", $body_ary);
-      
+            
       return $body;
    }
 
    /* SquirrelMail version number -- DO NOT CHANGE */
-   $version = "0.5pre2";
+   $version = "0.5";
 
 
    function find_mailbox_name ($mailbox) {

functions/url_parser.php

@@ -12,45 +12,72 @@
 
    function parseEmail ($body) {
       global $color;
+      
+      // Changed the expression to the one in abook_take
+      // This works very well, especially it looks like you might have
+      // three instances of it below.  Having it defined in
+      // just one spot could help when you need to change it.
+      $Expression = "[0-9a-z]([-_.]?[0-9a-z])*@[0-9a-z]([-.]?[0-9a-z])*\\.[a-wyz][a-z](g|l|m|pa|t|u|v)?";
+      
       /*
         This is here in case we ever decide to use highlighting of searched
         text.  this does it for email addresses
         
       if ($what && ($where == "BODY" || $where == "TEXT")) {
-         eregi ("([a-z]|[0-9]|_|\.|-)+\@([a-z]|[0-9]|_|-)+(\.([a-z]|[0-9]|_|-)+)*", $body, $regs);
+         // Use the $Expression
+         eregi ($Expression, $body, $regs);
          $oldaddr = $regs[0];
          if ($oldaddr) {
             $newaddr = eregi_replace ($what, "<b><font color=\"$color[2]\">$what</font></font></b>", $oldaddr);
             $body = str_replace ($oldaddr, "<a href=\"../src/compose.php?send_to=$oldaddr\">$newaddr</a>", $body); 
          }
       } else { 
-         $body = eregi_replace ("([a-z]|[0-9]|_|\.|-)+\@([a-z]|[0-9]|_|-)+(\.([a-z]|[0-9]|_|-)+)*", "<a href=\"../src/compose.php?send_to=\\0\">\\0</a>", $body);
+         // Use the $Expression
+         $body = eregi_replace ($Expression, "<a href=\"../src/compose.php?send_to=\\0\">\\0</a>", $body);
       }
       */
-      $body = eregi_replace ("([a-z]|[0-9]|_|\.|-)+\@([a-z]|[0-9]|_|-)+(\.([a-z]|[A-Z])|[a-z]|[0-9]|_|-)+", "<a href=\"../src/compose.php?send_to=\\0\">\\0</a>", $body); 
+      // Use the $Expression
+      $body = eregi_replace ($Expression, "<a href=\"../src/compose.php?send_to=\\0\">\\0</a>", $body); 
       return $body;
    }
-
+   
    function parseUrl ($body) {
       #Possible ways a URL could finish.
 
+      // Removed "--" since it could be part of a URL
       $poss_ends=array(" ", "\n", "\r", "<", ">", ".\r", ".\n", ".&nbsp;", "&nbsp;", ")", "(", 
-                       "&quot;", "&lt;", "&gt;", ".<", "]", "[", "{", "}", "--");
+                       "&quot;", "&lt;", "&gt;", ".<", "]", "[", "{", "}");
       $done=False;
       while (!$done) {
          #Look for when a URL starts
+         // Added gopher, news.  Modified telnet.
          $url_tokens = array(
                          "http://",
                          "https://",
                          "ftp://",
-                         "telnet://");
+                         "telnet:",  // Special case -- doesn't need the slashes
+                         "gopher://",
+                         "news://");
          for($i = 0; $i < sizeof($url_tokens); $i++) {
-           if($where = strpos(strtolower("^^".$body), $url_tokens[$i], $start))
+           // Removed the use of "^^" -- it is unneeded
+           if(is_int($where = strpos(strtolower($body), $url_tokens[$i], $start)))
              break;
          }
+         // Look between $start and $where for email links
+         $check_str = substr($body, $start, $where);
+         $new_str = parseEmail($check_str);
+       
+         if ($check_str != $new_str)
+         {
+             $body = replaceBlock($body, $new_str, $start, $where);
+             $where = strlen($new_str) + $start;
+         }
+         
          //$where = strpos(strtolower($body),"http://",$start);
-         if ($where) {
-            $where = $where - 2;  // because we added the ^^ at the begining
+         // Fixed this to work with $i instead of $where
+         if ($i < sizeof($url_tokens)) {
+            // Removed the "^^" so I removed the next line
+            //$where = $where - 2;  // because we added the ^^ at the begining
             # Find the end of that URL
             reset($poss_ends); $end=0; 
             while (list($key, $val) = each($poss_ends)) {
@@ -62,22 +89,37 @@
             #Extract URL
             $url = substr($body,$where,$end-$where);
             #Replace URL with HyperLinked Url
-            if ($url != "") {
+            // Now this code doesn't simply match on url_tokens
+            // It will need some more text.  This is good.
+            if ($url != "" && $url != $url_tokens[$i]) {
                $url_str = "<a href=\"$url\" target=\"_blank\">$url</a>";
                #    $body = str_replace($url,$url_str,$body); 
                # echo "$where, $end<br>";
                $body = replaceBlock($body,$url_str,$where,$end);
-               $start = strpos($body,"</a>",$where);
+               // Removed unnecessary strpos call.  Searching
+               // a string takes longer than just figuring out
+               // the length.
+               // $start = strpos($body,"</a>",$where);
+               $start = $where + strlen($url_str);
             } else { 
-               $start = $where + 7; 
+               // Proper length increment -- Don't just assume 7
+               $start = $where + strlen($url_tokens[$i]); 
             } 
          } else {
             $done=true;
          }
       }
 
+      // Look after $start for more email links.
+      $check_str = substr($body, $start);
+      $new_str = parseEmail($check_str);
+       
+      if ($check_str != $new_str)
+      {
+          $body = replaceBlock($body, $new_str, $start, strlen($body));
+      }
+
       return $body;
    }
 
 ?>
-