1862 lines
61 KiB
PHP
1862 lines
61 KiB
PHP
<?php
|
|
|
|
/**
|
|
* strings.php
|
|
*
|
|
* This code provides various string manipulation functions that are
|
|
* used by the rest of the SquirrelMail code.
|
|
*
|
|
* @copyright 1999-2025 The SquirrelMail Project Team
|
|
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
|
* @version $Id$
|
|
* @package squirrelmail
|
|
*/
|
|
|
|
/**
|
|
* Appends citation markers to the string.
|
|
* Also appends a trailing space.
|
|
*
|
|
* @author Justus Pendleton
|
|
* @param string $str The string to append to
|
|
* @param int $citeLevel the number of markers to append
|
|
* @return null
|
|
* @since 1.5.1
|
|
*/
|
|
function sqMakeCite (&$str, $citeLevel) {
|
|
for ($i = 0; $i < $citeLevel; $i++) {
|
|
$str .= '>';
|
|
}
|
|
if ($citeLevel != 0) {
|
|
$str .= ' ';
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Create a newline in the string, adding citation
|
|
* markers to the newline as necessary.
|
|
*
|
|
* @author Justus Pendleton
|
|
* @param string $str the string to make a newline in
|
|
* @param int $citeLevel the citation level the newline is at
|
|
* @param int $column starting column of the newline
|
|
* @return null
|
|
* @since 1.5.1
|
|
*/
|
|
function sqMakeNewLine (&$str, $citeLevel, &$column) {
|
|
$str .= "\n";
|
|
$column = 0;
|
|
if ($citeLevel > 0) {
|
|
sqMakeCite ($str, $citeLevel);
|
|
$column = $citeLevel + 1;
|
|
} else {
|
|
$column = 0;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Checks for spaces in strings - only used if PHP doesn't have native ctype support
|
|
*
|
|
* You might be able to rewrite the function by adding short evaluation form.
|
|
*
|
|
* possible problems:
|
|
* - iso-2022-xx charsets - hex 20 might be part of other symbol. I might
|
|
* be wrong. 0x20 is not used in iso-2022-jp. I haven't checked iso-2022-kr
|
|
* and iso-2022-cn mappings.
|
|
*
|
|
* - no-break space ( ) - it is 8bit symbol, that depends on charset.
|
|
* there are at least three different charset groups that have nbsp in
|
|
* different places.
|
|
*
|
|
* I don't see any charset/nbsp options in php ctype either.
|
|
*
|
|
* @param string $string tested string
|
|
* @return bool true when only whitespace symbols are present in test string
|
|
* @since 1.5.1
|
|
*/
|
|
function sm_ctype_space($string) {
|
|
if ( preg_match('/^[\x09-\x0D]|^\x20/', $string) || $string=='') {
|
|
return true;
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Wraps text at $wrap characters. While sqWordWrap takes
|
|
* a single line of text and wraps it, this function works
|
|
* on the entire corpus at once, this allows it to be a little
|
|
* bit smarter and when and how to wrap.
|
|
*
|
|
* @author Justus Pendleton
|
|
* @param string $body the entire body of text
|
|
* @param int $wrap the maximum line length
|
|
* @return string the wrapped text
|
|
* @since 1.5.1
|
|
*/
|
|
function &sqBodyWrap (&$body, $wrap) {
|
|
//check for ctype support, and fake it if it doesn't exist
|
|
if (!function_exists('ctype_space')) {
|
|
function ctype_space ($string) {
|
|
return sm_ctype_space($string);
|
|
}
|
|
}
|
|
|
|
// the newly wrapped text
|
|
$outString = '';
|
|
// current column since the last newline in the outstring
|
|
$outStringCol = 0;
|
|
$length = sq_strlen($body);
|
|
// where we are in the original string
|
|
$pos = 0;
|
|
// the number of >>> citation markers we are currently at
|
|
$citeLevel = 0;
|
|
|
|
// the main loop, whenever we start a newline of input text
|
|
// we start from here
|
|
while ($pos < $length) {
|
|
// we're at the beginning of a line, get the new cite level
|
|
$newCiteLevel = 0;
|
|
|
|
while (($pos < $length) && (sq_substr($body,$pos,1) == '>')) {
|
|
$newCiteLevel++;
|
|
$pos++;
|
|
|
|
// skip over any spaces interleaved among the cite markers
|
|
while (($pos < $length) && (sq_substr($body,$pos,1) == ' ')) {
|
|
|
|
$pos++;
|
|
|
|
}
|
|
if ($pos >= $length) {
|
|
break;
|
|
}
|
|
}
|
|
|
|
// special case: if this is a blank line then maintain it
|
|
// (i.e. try to preserve original paragraph breaks)
|
|
// unless they occur at the very beginning of the text
|
|
if ((sq_substr($body,$pos,1) == "\n" ) && (sq_strlen($outString) != 0)) {
|
|
$outStringLast = $outString[sq_strlen($outString) - 1];
|
|
if ($outStringLast != "\n") {
|
|
$outString .= "\n";
|
|
}
|
|
sqMakeCite ($outString, $newCiteLevel);
|
|
$outString .= "\n";
|
|
$pos++;
|
|
$outStringCol = 0;
|
|
continue;
|
|
}
|
|
|
|
// if the cite level has changed, then start a new line
|
|
// with the new cite level.
|
|
if (($citeLevel != $newCiteLevel) && ($pos > ($newCiteLevel + 1)) && ($outStringCol != 0)) {
|
|
sqMakeNewLine ($outString, 0, $outStringCol);
|
|
}
|
|
|
|
$citeLevel = $newCiteLevel;
|
|
|
|
// prepend the quote level if necessary
|
|
if ($outStringCol == 0) {
|
|
sqMakeCite ($outString, $citeLevel);
|
|
// if we added a citation then move the column
|
|
// out by citelevel + 1 (the cite markers + the space)
|
|
$outStringCol = $citeLevel + ($citeLevel ? 1 : 0);
|
|
} else if ($outStringCol > $citeLevel) {
|
|
// not a cite and we're not at the beginning of a line
|
|
// in the output. add a space to separate the new text
|
|
// from previous text.
|
|
$outString .= ' ';
|
|
$outStringCol++;
|
|
}
|
|
|
|
// find the next newline -- we don't want to go further than that
|
|
$nextNewline = sq_strpos ($body, "\n", $pos);
|
|
if ($nextNewline === FALSE) {
|
|
$nextNewline = $length;
|
|
}
|
|
|
|
// Don't wrap unquoted lines at all. For now the textarea
|
|
// will work fine for this. Maybe revisit this later though
|
|
// (for completeness more than anything else, I think)
|
|
if ($citeLevel == 0) {
|
|
$outString .= sq_substr ($body, $pos, ($nextNewline - $pos));
|
|
$outStringCol = $nextNewline - $pos;
|
|
if ($nextNewline != $length) {
|
|
sqMakeNewLine ($outString, 0, $outStringCol);
|
|
}
|
|
$pos = $nextNewline + 1;
|
|
continue;
|
|
}
|
|
/**
|
|
* Set this to false to stop appending short strings to previous lines
|
|
*/
|
|
$smartwrap = true;
|
|
// inner loop, (obviously) handles wrapping up to
|
|
// the next newline
|
|
while ($pos < $nextNewline) {
|
|
// skip over initial spaces
|
|
while (($pos < $nextNewline) && (ctype_space (sq_substr($body,$pos,1)))) {
|
|
$pos++;
|
|
}
|
|
// if this is a short line then just append it and continue outer loop
|
|
if (($outStringCol + $nextNewline - $pos) <= ($wrap - $citeLevel - 1) ) {
|
|
// if this is the final line in the input string then include
|
|
// any trailing newlines
|
|
// echo substr($body,$pos,$wrap). "<br />";
|
|
if (($nextNewline + 1 == $length) && (sq_substr($body,$nextNewline,1) == "\n")) {
|
|
$nextNewline++;
|
|
}
|
|
|
|
// trim trailing spaces
|
|
$lastRealChar = $nextNewline;
|
|
while (($lastRealChar > $pos && $lastRealChar < $length) && (ctype_space (sq_substr($body,$lastRealChar,1)))) {
|
|
$lastRealChar--;
|
|
}
|
|
// decide if appending the short string is what we want
|
|
if (($nextNewline < $length && sq_substr($body,$nextNewline,1) == "\n") &&
|
|
isset($lastRealChar)) {
|
|
$mypos = $pos;
|
|
//check the first word:
|
|
while (($mypos < $length) && (sq_substr($body,$mypos,1) == '>')) {
|
|
$mypos++;
|
|
// skip over any spaces interleaved among the cite markers
|
|
while (($mypos < $length) && (sq_substr($body,$mypos,1) == ' ')) {
|
|
$mypos++;
|
|
}
|
|
}
|
|
/*
|
|
$ldnspacecnt = 0;
|
|
if ($mypos == $nextNewline+1) {
|
|
while (($mypos < $length) && ($body[$mypos] == ' ')) {
|
|
$ldnspacecnt++;
|
|
}
|
|
}
|
|
*/
|
|
|
|
$firstword = sq_substr($body,$mypos,sq_strpos($body,' ',$mypos) - $mypos);
|
|
//if ($dowrap || $ldnspacecnt > 1 || ($firstword && (
|
|
if (!$smartwrap || $firstword && (
|
|
$firstword[0] == '-' ||
|
|
$firstword[0] == '+' ||
|
|
$firstword[0] == '*' ||
|
|
sq_substr($firstword,0,1) == sq_strtoupper(sq_substr($firstword,0,1)) ||
|
|
strpos($firstword,':'))) {
|
|
$outString .= sq_substr($body,$pos,($lastRealChar - $pos+1));
|
|
$outStringCol += ($lastRealChar - $pos);
|
|
sqMakeNewLine($outString,$citeLevel,$outStringCol);
|
|
$nextNewline++;
|
|
$pos = $nextNewline;
|
|
$outStringCol--;
|
|
continue;
|
|
}
|
|
|
|
}
|
|
|
|
$outString .= sq_substr ($body, $pos, ($lastRealChar - $pos + 1));
|
|
$outStringCol += ($lastRealChar - $pos);
|
|
$pos = $nextNewline + 1;
|
|
continue;
|
|
}
|
|
|
|
$eol = $pos + $wrap - $citeLevel - $outStringCol;
|
|
// eol is the tentative end of line.
|
|
// look backwards for there for a whitespace to break at.
|
|
// if it's already less than our current position then
|
|
// our current line is already too long, break immediately
|
|
// and restart outer loop
|
|
if ($eol <= $pos) {
|
|
sqMakeNewLine ($outString, $citeLevel, $outStringCol);
|
|
continue;
|
|
}
|
|
|
|
// start looking backwards for whitespace to break at.
|
|
$breakPoint = $eol;
|
|
while (($breakPoint > $pos) && (! ctype_space (sq_substr($body,$breakPoint,1)))) {
|
|
$breakPoint--;
|
|
}
|
|
|
|
// if we didn't find a breakpoint by looking backward then we
|
|
// need to figure out what to do about that
|
|
if ($breakPoint == $pos) {
|
|
// if we are not at the beginning then end this line
|
|
// and start a new loop
|
|
if ($outStringCol > ($citeLevel + 1)) {
|
|
sqMakeNewLine ($outString, $citeLevel, $outStringCol);
|
|
continue;
|
|
} else {
|
|
// just hard break here. most likely we are breaking
|
|
// a really long URL. could also try searching
|
|
// forward for a break point, which is what Mozilla
|
|
// does. don't bother for now.
|
|
$breakPoint = $eol;
|
|
}
|
|
}
|
|
|
|
// special case: maybe we should have wrapped last
|
|
// time. if the first breakpoint here makes the
|
|
// current line too long and there is already text on
|
|
// the current line, break and loop again if at
|
|
// beginning of current line, don't force break
|
|
$SLOP = 6;
|
|
if ((($outStringCol + ($breakPoint - $pos)) > ($wrap + $SLOP)) && ($outStringCol > ($citeLevel + 1))) {
|
|
sqMakeNewLine ($outString, $citeLevel, $outStringCol);
|
|
continue;
|
|
}
|
|
|
|
// skip newlines or whitespace at the beginning of the string
|
|
$substring = sq_substr ($body, $pos, ($breakPoint - $pos));
|
|
$substring = rtrim ($substring); // do rtrim and ctype_space have the same ideas about whitespace?
|
|
$outString .= $substring;
|
|
$outStringCol += sq_strlen ($substring);
|
|
// advance past the whitespace which caused the wrap
|
|
$pos = $breakPoint;
|
|
while (($pos < $length) && (ctype_space (sq_substr($body,$pos,1)))) {
|
|
$pos++;
|
|
}
|
|
if ($pos < $length) {
|
|
sqMakeNewLine ($outString, $citeLevel, $outStringCol);
|
|
}
|
|
}
|
|
}
|
|
|
|
return $outString;
|
|
}
|
|
|
|
/**
|
|
* Wraps text at $wrap characters
|
|
*
|
|
* Has a problem with special HTML characters, so call this before
|
|
* you do character translation.
|
|
*
|
|
* Specifically, &#039; comes up as 5 characters instead of 1.
|
|
* This should not add newlines to the end of lines.
|
|
*
|
|
* @param string $line the line of text to wrap, by ref
|
|
* @param int $wrap the maximum line lenth
|
|
* @param string $charset name of charset used in $line string. Available since v.1.5.1.
|
|
* @return void
|
|
* @since 1.0
|
|
*/
|
|
function sqWordWrap(&$line, $wrap, $charset='') {
|
|
global $languages, $squirrelmail_language;
|
|
|
|
// Use custom wrapping function, if translation provides it
|
|
if (isset($languages[$squirrelmail_language]['XTRA_CODE']) &&
|
|
function_exists($languages[$squirrelmail_language]['XTRA_CODE'] . '_wordwrap')) {
|
|
if (mb_detect_encoding($line) != 'ASCII') {
|
|
$line = call_user_func($languages[$squirrelmail_language]['XTRA_CODE'] . '_wordwrap', $line, $wrap);
|
|
return;
|
|
}
|
|
}
|
|
|
|
preg_match('/^([\t >]*)([^\t >].*)?$/', $line, $regs);
|
|
$beginning_spaces = $regs[1];
|
|
if (isset($regs[2])) {
|
|
$words = explode(' ', $regs[2]);
|
|
} else {
|
|
$words = array();
|
|
}
|
|
|
|
$i = 0;
|
|
$line = $beginning_spaces;
|
|
|
|
while ($i < count($words)) {
|
|
/* Force one word to be on a line (minimum) */
|
|
$line .= $words[$i];
|
|
$line_len = strlen($beginning_spaces) + sq_strlen($words[$i],$charset) + 2;
|
|
if (isset($words[$i + 1]))
|
|
$line_len += sq_strlen($words[$i + 1],$charset);
|
|
$i ++;
|
|
|
|
/* Add more words (as long as they fit) */
|
|
while ($line_len < $wrap && $i < count($words)) {
|
|
$line .= ' ' . $words[$i];
|
|
$i++;
|
|
if (isset($words[$i]))
|
|
$line_len += sq_strlen($words[$i],$charset) + 1;
|
|
else
|
|
$line_len += 1;
|
|
}
|
|
|
|
/* Skip spaces if they are the first thing on a continued line */
|
|
while (!isset($words[$i]) && $i < count($words)) {
|
|
$i ++;
|
|
}
|
|
|
|
/* Go to the next line if we have more to process */
|
|
if ($i < count($words)) {
|
|
$line .= "\n";
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Does the opposite of sqWordWrap()
|
|
* @param string $body the text to un-wordwrap
|
|
* @return void
|
|
* @since 1.0
|
|
*/
|
|
function sqUnWordWrap(&$body) {
|
|
global $squirrelmail_language;
|
|
|
|
if ($squirrelmail_language == 'ja_JP') {
|
|
return;
|
|
}
|
|
|
|
$lines = explode("\n", $body);
|
|
$body = '';
|
|
$PreviousSpaces = '';
|
|
$cnt = count($lines);
|
|
for ($i = 0; $i < $cnt; $i ++) {
|
|
preg_match("/^([\t >]*)([^\t >].*)?$/", $lines[$i], $regs);
|
|
$CurrentSpaces = $regs[1];
|
|
if (isset($regs[2])) {
|
|
$CurrentRest = $regs[2];
|
|
} else {
|
|
$CurrentRest = '';
|
|
}
|
|
|
|
if ($i == 0) {
|
|
$PreviousSpaces = $CurrentSpaces;
|
|
$body = $lines[$i];
|
|
} else if (($PreviousSpaces == $CurrentSpaces) /* Do the beginnings match */
|
|
&& (strlen($lines[$i - 1]) > 65) /* Over 65 characters long */
|
|
&& strlen($CurrentRest)) { /* and there's a line to continue with */
|
|
$body .= ' ' . $CurrentRest;
|
|
} else {
|
|
$body .= "\n" . $lines[$i];
|
|
$PreviousSpaces = $CurrentSpaces;
|
|
}
|
|
}
|
|
$body .= "\n";
|
|
}
|
|
|
|
/**
|
|
* If $haystack is a full mailbox name and $needle is the mailbox
|
|
* separator character, returns the last part of the mailbox name.
|
|
*
|
|
* @param string haystack full mailbox name to search
|
|
* @param string needle the mailbox separator character
|
|
* @return string the last part of the mailbox name
|
|
* @since 1.0
|
|
*/
|
|
function readShortMailboxName($haystack, $needle) {
|
|
|
|
if ($needle == '') {
|
|
$elem = $haystack;
|
|
} else {
|
|
$parts = explode($needle, $haystack);
|
|
$elem = array_pop($parts);
|
|
while ($elem == '' && count($parts)) {
|
|
$elem = array_pop($parts);
|
|
}
|
|
}
|
|
return( $elem );
|
|
}
|
|
|
|
|
|
/**
|
|
* get_location
|
|
*
|
|
* Determines the location to forward to, relative to your server.
|
|
* This is used in HTTP Location: redirects.
|
|
*
|
|
* If set, it uses $config_location_base as the first part of the URL,
|
|
* specifically, the protocol, hostname and port parts. The path is
|
|
* always autodetected.
|
|
*
|
|
* @return string the base url for this SquirrelMail installation
|
|
* @since 1.0
|
|
*/
|
|
function get_location () {
|
|
|
|
global $imap_server_type, $config_location_base,
|
|
$is_secure_connection, $sq_ignore_http_x_forwarded_headers;
|
|
|
|
/* Get the path, handle virtual directories */
|
|
$path = substr(php_self(FALSE), 0, strrpos(php_self(FALSE), '/'));
|
|
|
|
// proto+host+port are already set in config:
|
|
if ( !empty($config_location_base) ) {
|
|
return $config_location_base . $path ;
|
|
}
|
|
// we computed it before, get it from the session:
|
|
if ( sqgetGlobalVar('sq_base_url', $full_url, SQ_SESSION) ) {
|
|
return $full_url . $path;
|
|
}
|
|
// else: autodetect
|
|
|
|
/* Check if this is a HTTPS or regular HTTP request. */
|
|
$proto = 'http://';
|
|
if ($is_secure_connection)
|
|
$proto = 'https://';
|
|
|
|
/* Get the hostname from the Host header or server config. */
|
|
if ($sq_ignore_http_x_forwarded_headers
|
|
|| !sqgetGlobalVar('HTTP_X_FORWARDED_HOST', $host, SQ_SERVER)
|
|
|| empty($host)) {
|
|
if ( !sqgetGlobalVar('HTTP_HOST', $host, SQ_SERVER) || empty($host) ) {
|
|
if ( !sqgetGlobalVar('SERVER_NAME', $host, SQ_SERVER) || empty($host) ) {
|
|
$host = '';
|
|
}
|
|
}
|
|
}
|
|
|
|
$port = '';
|
|
if (! strstr($host, ':')) {
|
|
// Note: HTTP_X_FORWARDED_PROTO could be sent from the client and
|
|
// therefore possibly spoofed/hackable. Thus, SquirrelMail
|
|
// ignores such headers by default. The administrator
|
|
// can tell SM to use such header values by setting
|
|
// $sq_ignore_http_x_forwarded_headers to boolean FALSE
|
|
// in config/config.php or by using config/conf.pl.
|
|
global $sq_ignore_http_x_forwarded_headers;
|
|
if ($sq_ignore_http_x_forwarded_headers
|
|
|| !sqgetGlobalVar('HTTP_X_FORWARDED_PROTO', $forwarded_proto, SQ_SERVER))
|
|
$forwarded_proto = '';
|
|
if (sqgetGlobalVar('SERVER_PORT', $server_port, SQ_SERVER)) {
|
|
if (($server_port != 80 && $proto == 'http://') ||
|
|
($server_port != 443 && $proto == 'https://' &&
|
|
strcasecmp($forwarded_proto, 'https') !== 0)) {
|
|
$port = sprintf(':%d', $server_port);
|
|
}
|
|
}
|
|
}
|
|
|
|
/* this is a workaround for the weird macosx caching that
|
|
* causes Apache to return 16080 as the port number, which causes
|
|
* SM to bail */
|
|
|
|
if ($imap_server_type == 'macosx' && $port == ':16080') {
|
|
$port = '';
|
|
}
|
|
|
|
/* Fallback is to omit the server name and use a relative */
|
|
/* URI, although this is not RFC 2616 compliant. */
|
|
$full_url = ($host ? $proto . $host . $port : '');
|
|
sqsession_register($full_url, 'sq_base_url');
|
|
return $full_url . $path;
|
|
}
|
|
|
|
|
|
/**
|
|
* Get Message List URI
|
|
*
|
|
* @param string $mailbox Current mailbox name (unencoded/raw)
|
|
* @param string $startMessage The mailbox page offset
|
|
* @param string $what Any current search parameters (OPTIONAL;
|
|
* default empty string)
|
|
*
|
|
* @return string The message list URI
|
|
*
|
|
* @since 1.5.2
|
|
*
|
|
*/
|
|
function get_message_list_uri($mailbox, $startMessage, $what='') {
|
|
|
|
global $base_uri;
|
|
|
|
$urlMailbox = urlencode($mailbox);
|
|
|
|
$list_xtra = "?where=read_body.php&what=$what&mailbox=" . $urlMailbox.
|
|
"&startMessage=$startMessage";
|
|
|
|
return $base_uri .'src/right_main.php'. $list_xtra;
|
|
}
|
|
|
|
|
|
/**
|
|
* Encrypts password
|
|
*
|
|
* These functions are used to encrypt the password before it is
|
|
* stored in a cookie. The encryption key is generated by
|
|
* OneTimePadCreate();
|
|
*
|
|
* @param string $string the (password)string to encrypt
|
|
* @param string $epad the encryption key
|
|
* @return string the base64-encoded encrypted password
|
|
* @since 1.0
|
|
*/
|
|
function OneTimePadEncrypt ($string, $epad) {
|
|
$pad = base64_decode($epad);
|
|
|
|
if (strlen($pad)>0) {
|
|
// make sure that pad is longer than string
|
|
while (strlen($string)>strlen($pad)) {
|
|
$pad.=$pad;
|
|
}
|
|
} else {
|
|
// FIXME: what should we do when $epad is not base64 encoded or empty.
|
|
}
|
|
|
|
$encrypted = '';
|
|
for ($i = 0; $i < strlen ($string); $i++) {
|
|
$encrypted .= chr (ord($string[$i]) ^ ord($pad[$i]));
|
|
}
|
|
|
|
return base64_encode($encrypted);
|
|
}
|
|
|
|
/**
|
|
* Decrypts a password from the cookie
|
|
*
|
|
* Decrypts a password from the cookie, encrypted by OneTimePadEncrypt.
|
|
* This uses the encryption key that is stored in the session.
|
|
*
|
|
* @param string $string the string to decrypt
|
|
* @param string $epad the encryption key from the session
|
|
* @return string the decrypted password
|
|
* @since 1.0
|
|
*/
|
|
function OneTimePadDecrypt ($string, $epad) {
|
|
$pad = base64_decode($epad);
|
|
|
|
if (strlen($pad)>0) {
|
|
// make sure that pad is longer than string
|
|
while (strlen($string)>strlen($pad)) {
|
|
$pad.=$pad;
|
|
}
|
|
} else {
|
|
// FIXME: what should we do when $epad is not base64 encoded or empty.
|
|
}
|
|
|
|
$encrypted = base64_decode ($string);
|
|
$decrypted = '';
|
|
for ($i = 0; $i < strlen ($encrypted); $i++) {
|
|
$decrypted .= chr (ord($encrypted[$i]) ^ ord($pad[$i]));
|
|
}
|
|
|
|
return $decrypted;
|
|
}
|
|
|
|
/**
|
|
* Creates encryption key
|
|
*
|
|
* Creates an encryption key for encrypting the password stored in the cookie.
|
|
* The encryption key itself is stored in the session.
|
|
*
|
|
* Pad must be longer or equal to encoded string length in 1.4.4/1.5.0 and older.
|
|
* @param int $length optional, length of the string to generate
|
|
* @return string the encryption key
|
|
* @since 1.0
|
|
*/
|
|
function OneTimePadCreate ($length=100) {
|
|
$pad = '';
|
|
for ($i = 0; $i < $length; $i++) {
|
|
$pad .= chr(random_int(0,255));
|
|
}
|
|
|
|
return base64_encode($pad);
|
|
}
|
|
|
|
/**
|
|
* Returns a string showing a byte size figure in
|
|
* a more easily digested (readable) format
|
|
*
|
|
* @param int $bytes the size in bytes
|
|
* @param int $filesize_divisor the divisor we'll use (OPTIONAL; default 1024)
|
|
*
|
|
* @return string The size in human readable format
|
|
*
|
|
* @since 1.0
|
|
*
|
|
*/
|
|
function show_readable_size($bytes, $filesize_divisor=1024) {
|
|
$bytes /= $filesize_divisor;
|
|
$type = _("KiB");
|
|
|
|
if ($bytes / $filesize_divisor > 1) {
|
|
$bytes /= $filesize_divisor;
|
|
$type = _("MiB");
|
|
}
|
|
|
|
if ($bytes < 10) {
|
|
$bytes *= 10;
|
|
settype($bytes, 'integer');
|
|
$bytes /= 10;
|
|
} else {
|
|
settype($bytes, 'integer');
|
|
}
|
|
|
|
global $nbsp;
|
|
return $bytes . $nbsp . $type;
|
|
}
|
|
|
|
/**
|
|
* Generates a random string from the character set you pass in
|
|
*
|
|
* @param int $size the length of the string to generate
|
|
* @param string $chars a string containing the characters to use
|
|
* @param int $flags a flag to add a specific set to the characters to use:
|
|
* Flags:
|
|
* 1 = add lowercase a-z to $chars
|
|
* 2 = add uppercase A-Z to $chars
|
|
* 4 = add numbers 0-9 to $chars
|
|
* @return string the random string
|
|
* @since 1.0
|
|
*/
|
|
function GenerateRandomString($size, $chars, $flags = 0) {
|
|
if ($flags & 0x1) {
|
|
$chars .= 'abcdefghijklmnopqrstuvwxyz';
|
|
}
|
|
if ($flags & 0x2) {
|
|
$chars .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
|
|
}
|
|
if ($flags & 0x4) {
|
|
$chars .= '0123456789';
|
|
}
|
|
|
|
if (($size < 1) || (strlen($chars) < 1)) {
|
|
return '';
|
|
}
|
|
|
|
$String = '';
|
|
$j = strlen( $chars ) - 1;
|
|
while (strlen($String) < $size) {
|
|
$String .= $chars[random_int(0, $j)];
|
|
}
|
|
|
|
return $String;
|
|
}
|
|
|
|
/**
|
|
* Escapes special characters for use in IMAP commands.
|
|
*
|
|
* @param string $str the string to escape
|
|
* @return string the escaped string
|
|
* @since 1.0.3
|
|
*/
|
|
function quoteimap($str) {
|
|
return str_replace(array('\\', '"'), array('\\\\', '\\"'), $str);
|
|
}
|
|
|
|
/**
|
|
* Create compose link
|
|
*
|
|
* Returns a link to the compose-page, taking in consideration
|
|
* the compose_in_new and javascript settings.
|
|
*
|
|
* @param string $url The URL to the compose page
|
|
* @param string $text The link text, default "Compose"
|
|
* @param string $target URL target, if any (since 1.4.3)
|
|
* @param string $accesskey The access key to be used, if any
|
|
*
|
|
* @return string a link to the compose page
|
|
*
|
|
* @since 1.4.2
|
|
*/
|
|
function makeComposeLink($url, $text = null, $target='', $accesskey='NONE') {
|
|
global $compose_new_win, $compose_width,
|
|
$compose_height, $oTemplate;
|
|
|
|
if(!$text) {
|
|
$text = _("Compose");
|
|
}
|
|
|
|
// if not using "compose in new window", make
|
|
// regular link and be done with it
|
|
if($compose_new_win != '1') {
|
|
return makeInternalLink($url, $text, $target, $accesskey);
|
|
}
|
|
|
|
// build the compose in new window link...
|
|
|
|
|
|
// if javascript is on, use onclick event to handle it
|
|
if(checkForJavascript()) {
|
|
sqgetGlobalVar('base_uri', $base_uri, SQ_SESSION);
|
|
$compuri = SM_BASE_URI.$url;
|
|
|
|
return create_hyperlink('javascript:void(0)', $text, '',
|
|
"comp_in_new('$compuri','$compose_width','$compose_height')",
|
|
'', '', '',
|
|
($accesskey == 'NONE'
|
|
? array()
|
|
: array('accesskey' => $accesskey)));
|
|
}
|
|
|
|
// otherwise, just open new window using regular HTML
|
|
return makeInternalLink($url, $text, '_blank', $accesskey);
|
|
}
|
|
|
|
/**
|
|
* version of fwrite which checks for failure
|
|
* @param resource $fp
|
|
* @param string $string
|
|
* @return number of written bytes. false on failure
|
|
* @since 1.4.3
|
|
*/
|
|
function sq_fwrite($fp, $string) {
|
|
// write to file
|
|
$count = @fwrite($fp,$string);
|
|
// the number of bytes written should be the length of the string
|
|
if($count != strlen($string)) {
|
|
return FALSE;
|
|
}
|
|
|
|
return $count;
|
|
}
|
|
|
|
/**
|
|
* sq_get_html_translation_table
|
|
*
|
|
* Returns the translation table used by sq_htmlentities()
|
|
*
|
|
* @param integer $table html translation table. Possible values (without quotes):
|
|
* <ul>
|
|
* <li>HTML_ENTITIES - full html entities table defined by charset</li>
|
|
* <li>HTML_SPECIALCHARS - html special characters table</li>
|
|
* </ul>
|
|
* @param integer $quote_style quote encoding style. Possible values (without quotes):
|
|
* <ul>
|
|
* <li>ENT_COMPAT - (default) encode double quotes</li>
|
|
* <li>ENT_NOQUOTES - don't encode double or single quotes</li>
|
|
* <li>ENT_QUOTES - encode double and single quotes</li>
|
|
* </ul>
|
|
* @param string $charset charset used for encoding. default to us-ascii, 'auto' uses $default_charset global value.
|
|
* @return array html translation array
|
|
* @since 1.5.1
|
|
*/
|
|
function sq_get_html_translation_table($table,$quote_style=ENT_COMPAT,$charset='us-ascii') {
|
|
global $default_charset;
|
|
|
|
if ($table == HTML_SPECIALCHARS) $charset='us-ascii';
|
|
|
|
// Start array with ampersand
|
|
$sq_html_ent_table = array( "&" => '&' );
|
|
|
|
// < and >
|
|
$sq_html_ent_table = array_merge($sq_html_ent_table,
|
|
array("<" => '<',
|
|
">" => '>')
|
|
);
|
|
// double quotes
|
|
if ($quote_style == ENT_COMPAT)
|
|
$sq_html_ent_table = array_merge($sq_html_ent_table,
|
|
array("\"" => '"')
|
|
);
|
|
|
|
// double and single quotes
|
|
if ($quote_style == ENT_QUOTES)
|
|
$sq_html_ent_table = array_merge($sq_html_ent_table,
|
|
array("\"" => '"',
|
|
"'" => ''')
|
|
);
|
|
|
|
if ($charset=='auto') $charset=$default_charset;
|
|
|
|
// add entities that depend on charset
|
|
switch($charset){
|
|
case 'iso-8859-1':
|
|
include_once(SM_PATH . 'functions/htmlentities/iso-8859-1.php');
|
|
break;
|
|
case 'utf-8':
|
|
include_once(SM_PATH . 'functions/htmlentities/utf-8.php');
|
|
break;
|
|
case 'us-ascii':
|
|
default:
|
|
break;
|
|
}
|
|
// return table
|
|
return $sq_html_ent_table;
|
|
}
|
|
|
|
/**
|
|
* sq_htmlentities
|
|
*
|
|
* Convert all applicable characters to HTML entities.
|
|
* Minimal php requirement - v.4.0.5.
|
|
*
|
|
* Function is designed for people that want to use full power of htmlentities() in
|
|
* i18n environment.
|
|
*
|
|
* @param string $string string that has to be sanitized
|
|
* @param integer $quote_style quote encoding style. Possible values (without quotes):
|
|
* <ul>
|
|
* <li>ENT_COMPAT - (default) encode double quotes</li>
|
|
* <li>ENT_NOQUOTES - don't encode double or single quotes</li>
|
|
* <li>ENT_QUOTES - encode double and single quotes</li>
|
|
* </ul>
|
|
* @param string $charset charset used for encoding. defaults to 'us-ascii', 'auto' uses $default_charset global value.
|
|
* @return string sanitized string
|
|
* @since 1.5.1
|
|
*/
|
|
function sq_htmlentities($string,$quote_style=ENT_COMPAT,$charset='us-ascii') {
|
|
// get translation table
|
|
$sq_html_ent_table=sq_get_html_translation_table(HTML_ENTITIES,$quote_style,$charset);
|
|
// convert characters
|
|
return str_replace(array_keys($sq_html_ent_table),array_values($sq_html_ent_table),$string);
|
|
}
|
|
|
|
/**
|
|
* Tests if string contains 8bit symbols.
|
|
*
|
|
* If charset is not set, function defaults to default_charset.
|
|
* $default_charset global must be set correctly if $charset is
|
|
* not used.
|
|
* @param string $string tested string
|
|
* @param string $charset charset used in a string
|
|
* @return bool true if 8bit symbols are detected
|
|
* @since 1.5.1 and 1.4.4
|
|
*/
|
|
function sq_is8bit($string,$charset='') {
|
|
global $default_charset;
|
|
|
|
if ($charset=='') $charset=$default_charset;
|
|
|
|
/**
|
|
* Don't use \240 in ranges. Sometimes RH 7.2 doesn't like it.
|
|
* Don't use \200-\237 for iso-8859-x charsets. This range
|
|
* stores control symbols in those charsets.
|
|
* Use preg_match instead of ereg in order to avoid problems
|
|
* with mbstring overloading
|
|
*/
|
|
if (preg_match("/^iso-8859/i",$charset)) {
|
|
$needle='/\240|[\241-\377]/';
|
|
} else {
|
|
$needle='/[\200-\237]|\240|[\241-\377]/';
|
|
}
|
|
return preg_match("$needle",$string);
|
|
}
|
|
|
|
/**
|
|
* Replacement of mb_list_encodings function
|
|
*
|
|
* This function provides replacement for function that is available only
|
|
* in php 5.x. Function does not test all mbstring encodings. Only the ones
|
|
* that might be used in SM translations.
|
|
*
|
|
* Supported strings are stored in session in order to reduce number of
|
|
* mb_internal_encoding function calls.
|
|
*
|
|
* If you want to test all mbstring encodings - fill $list_of_encodings
|
|
* array.
|
|
* @return array list of encodings supported by php mbstring extension
|
|
* @since 1.5.1 and 1.4.6
|
|
*/
|
|
function sq_mb_list_encodings() {
|
|
if (! function_exists('mb_internal_encoding'))
|
|
return array();
|
|
|
|
// php 5+ function
|
|
if (function_exists('mb_list_encodings')) {
|
|
$ret = mb_list_encodings();
|
|
array_walk($ret,'sq_lowercase_array_vals');
|
|
return $ret;
|
|
}
|
|
|
|
// don't try to test encodings, if they are already stored in session
|
|
if (sqgetGlobalVar('mb_supported_encodings',$mb_supported_encodings,SQ_SESSION))
|
|
return $mb_supported_encodings;
|
|
|
|
// save original encoding
|
|
$orig_encoding=mb_internal_encoding();
|
|
|
|
$list_of_encoding=array(
|
|
'pass',
|
|
'auto',
|
|
'ascii',
|
|
'jis',
|
|
'utf-8',
|
|
'sjis',
|
|
'euc-jp',
|
|
'iso-8859-1',
|
|
'iso-8859-2',
|
|
'iso-8859-7',
|
|
'iso-8859-9',
|
|
'iso-8859-15',
|
|
'koi8-r',
|
|
'koi8-u',
|
|
'big5',
|
|
'gb2312',
|
|
'gb18030',
|
|
'windows-1251',
|
|
'windows-1255',
|
|
'windows-1256',
|
|
'tis-620',
|
|
'iso-2022-jp',
|
|
'euc-cn',
|
|
'euc-kr',
|
|
'euc-tw',
|
|
'uhc',
|
|
'utf7-imap');
|
|
|
|
$supported_encodings=array();
|
|
|
|
foreach ($list_of_encoding as $encoding) {
|
|
// try setting encodings. suppress warning messages
|
|
if (@mb_internal_encoding($encoding))
|
|
$supported_encodings[]=$encoding;
|
|
}
|
|
|
|
// restore original encoding
|
|
mb_internal_encoding($orig_encoding);
|
|
|
|
// register list in session
|
|
sqsession_register($supported_encodings,'mb_supported_encodings');
|
|
|
|
return $supported_encodings;
|
|
}
|
|
|
|
/**
|
|
* Callback function used to lowercase array values.
|
|
* @param string $val array value
|
|
* @param mixed $key array key
|
|
* @since 1.5.1 and 1.4.6
|
|
*/
|
|
function sq_lowercase_array_vals(&$val,$key) {
|
|
$val = strtolower($val);
|
|
}
|
|
|
|
|
|
/**
|
|
* Function returns number of characters in string.
|
|
*
|
|
* Returned number might be different from number of bytes in string,
|
|
* if $charset is multibyte charset. Detection depends on mbstring
|
|
* functions. If mbstring does not support tested multibyte charset,
|
|
* vanilla string length function is used.
|
|
* @param string $str string
|
|
* @param string $charset charset
|
|
* @since 1.5.1 and 1.4.6
|
|
* @return integer number of characters in string
|
|
*/
|
|
function sq_strlen($str, $charset=null){
|
|
// default option
|
|
if (is_null($charset)) return strlen($str);
|
|
|
|
// lowercase charset name
|
|
$charset=strtolower($charset);
|
|
|
|
// use automatic charset detection, if function call asks for it
|
|
if ($charset=='auto') {
|
|
global $default_charset, $squirrelmail_language;
|
|
set_my_charset();
|
|
$charset=$default_charset;
|
|
if ($squirrelmail_language=='ja_JP') $charset='euc-jp';
|
|
}
|
|
|
|
// Use mbstring only with listed charsets
|
|
$aList_of_mb_charsets=array('utf-8','big5','gb2312','gb18030','euc-jp','euc-cn','euc-tw','euc-kr');
|
|
|
|
// calculate string length according to charset
|
|
if (in_array($charset,$aList_of_mb_charsets) && in_array($charset,sq_mb_list_encodings())) {
|
|
$real_length = mb_strlen($str,$charset);
|
|
} else {
|
|
// own strlen detection code is removed because missing strpos,
|
|
// strtoupper and substr implementations break string wrapping.
|
|
$real_length=strlen($str);
|
|
}
|
|
return $real_length;
|
|
}
|
|
|
|
/**
|
|
* string padding with multibyte support
|
|
*
|
|
* @link http://www.php.net/str_pad
|
|
* @param string $string original string
|
|
* @param integer $width padded string width
|
|
* @param string $pad padding symbols
|
|
* @param integer $padtype padding type
|
|
* (internal php defines, see str_pad() description)
|
|
* @param string $charset charset used in original string
|
|
* @return string padded string
|
|
*/
|
|
function sq_str_pad($string, $width, $pad, $padtype, $charset='') {
|
|
|
|
$charset = strtolower($charset);
|
|
$padded_string = '';
|
|
|
|
switch ($charset) {
|
|
case 'utf-8':
|
|
case 'big5':
|
|
case 'gb2312':
|
|
case 'euc-kr':
|
|
/*
|
|
* all multibyte charsets try to increase width value by
|
|
* adding difference between number of bytes and real length
|
|
*/
|
|
$width = $width - sq_strlen($string,$charset) + strlen($string);
|
|
default:
|
|
$padded_string=str_pad($string,$width,$pad,$padtype);
|
|
}
|
|
return $padded_string;
|
|
}
|
|
|
|
/**
|
|
* Wrapper that is used to switch between vanilla and multibyte substr
|
|
* functions.
|
|
* @param string $string
|
|
* @param integer $start
|
|
* @param integer $length
|
|
* @param string $charset
|
|
* @return string
|
|
* @since 1.5.1
|
|
* @link http://www.php.net/substr
|
|
* @link http://www.php.net/mb_substr
|
|
*/
|
|
function sq_substr($string,$start,$length=NULL,$charset='auto') {
|
|
|
|
// if $length is NULL, use the full string length...
|
|
// we have to do this to mimick the use of substr()
|
|
// where $length is not given
|
|
//
|
|
if (is_null($length))
|
|
$length = sq_strlen($length);
|
|
|
|
|
|
// use automatic charset detection, if function call asks for it
|
|
static $charset_auto, $bUse_mb;
|
|
|
|
if ($charset=='auto') {
|
|
if (!isset($charset_auto)) {
|
|
global $default_charset, $squirrelmail_language;
|
|
set_my_charset();
|
|
$charset=$default_charset;
|
|
if ($squirrelmail_language=='ja_JP') $charset='euc-jp';
|
|
$charset_auto = $charset;
|
|
} else {
|
|
$charset = $charset_auto;
|
|
}
|
|
}
|
|
$charset = strtolower($charset);
|
|
|
|
// in_array call is expensive => do it once and use a static var for
|
|
// storing the results
|
|
if (!isset($bUse_mb)) {
|
|
if (in_array($charset,sq_mb_list_encodings())) {
|
|
$bUse_mb = true;
|
|
} else {
|
|
$bUse_mb = false;
|
|
}
|
|
}
|
|
|
|
if ($bUse_mb) {
|
|
return mb_substr($string,$start,$length,$charset);
|
|
}
|
|
// TODO: add mbstring independent code
|
|
|
|
// use vanilla string functions as last option
|
|
return substr($string,$start,$length);
|
|
}
|
|
|
|
/**
|
|
* This is a replacement for PHP's substr_replace() that is
|
|
* multibyte-aware.
|
|
*
|
|
* @param string $string The string to operate upon
|
|
* @param string $replacement The string to be inserted
|
|
* @param int $start The offset at which to begin substring replacement
|
|
* @param int $length The number of characters after $start to remove
|
|
* NOTE that if you need to specify a charset but
|
|
* want to achieve normal substr_replace() behavior
|
|
* where $length is not specified, use NULL (OPTIONAL;
|
|
* default from $start to end of string)
|
|
* @param string $charset The charset of the given string. A value of NULL
|
|
* here will force the use of PHP's standard substr().
|
|
* (OPTIONAL; default is "auto", which indicates that
|
|
* the user's current charset should be used).
|
|
*
|
|
* @return string The manipulated string
|
|
*
|
|
* Of course, you can use more advanced (e.g., negative) values
|
|
* for $start and $length as needed - see the PHP manual for more
|
|
* information: http://www.php.net/manual/function.substr-replace.php
|
|
*
|
|
*/
|
|
function sq_substr_replace($string, $replacement, $start, $length=NULL,
|
|
$charset='auto')
|
|
{
|
|
|
|
// NULL charset? Just use substr_replace()
|
|
//
|
|
if (is_null($charset))
|
|
return is_null($length) ? substr_replace($string, $replacement, $start)
|
|
: substr_replace($string, $replacement, $start, $length);
|
|
|
|
|
|
// use current character set?
|
|
//
|
|
if ($charset == 'auto')
|
|
{
|
|
//FIXME: is there any reason why this cannot be a global flag used by all string wrapper functions?
|
|
static $auto_charset;
|
|
if (!isset($auto_charset))
|
|
{
|
|
global $default_charset;
|
|
//FIXME - do we need this?
|
|
global $squirrelmail_language;
|
|
set_my_charset();
|
|
$auto_charset = $default_charset;
|
|
//FIXME - do we need this?
|
|
if ($squirrelmail_language == 'ja_JP') $auto_charset = 'euc-jp';
|
|
}
|
|
$charset = $auto_charset;
|
|
}
|
|
|
|
|
|
// standardize character set name
|
|
//
|
|
$charset = strtolower($charset);
|
|
|
|
|
|
/* ===== FIXME: this list is not used in 1.5.x, but if we need it, unless this differs between all our string function wrappers, we should store this info in the session
|
|
// only use mbstring with the following character sets
|
|
//
|
|
$sq_substr_replace_mb_charsets = array(
|
|
'utf-8',
|
|
'big5',
|
|
'gb2312',
|
|
'gb18030',
|
|
'euc-jp',
|
|
'euc-cn',
|
|
'euc-tw',
|
|
'euc-kr'
|
|
);
|
|
|
|
|
|
// now we can use our own implementation using
|
|
// mb_substr() and mb_strlen() if needed
|
|
//
|
|
if (in_array($charset, $sq_substr_replace_mb_charsets)
|
|
&& in_array($charset, sq_mb_list_encodings()))
|
|
===== */
|
|
//FIXME: is there any reason why this cannot be a global array used by all string wrapper functions?
|
|
if (in_array($charset, sq_mb_list_encodings()))
|
|
{
|
|
|
|
$string_length = mb_strlen($string, $charset);
|
|
|
|
if ($start < 0)
|
|
$start = max(0, $string_length + $start);
|
|
|
|
else if ($start > $string_length)
|
|
$start = $string_length;
|
|
|
|
if ($length < 0)
|
|
$length = max(0, $string_length - $start + $length);
|
|
|
|
else if (is_null($length) || $length > $string_length)
|
|
$length = $string_length;
|
|
|
|
if ($start + $length > $string_length)
|
|
$length = $string_length - $start;
|
|
|
|
return mb_substr($string, 0, $start, $charset)
|
|
. $replacement
|
|
. mb_substr($string,
|
|
$start + $length,
|
|
$string_length, // FIXME: I can't see why this is needed: - $start - $length,
|
|
$charset);
|
|
|
|
}
|
|
|
|
|
|
// else use normal substr_replace()
|
|
//
|
|
return is_null($length) ? substr_replace($string, $replacement, $start)
|
|
: substr_replace($string, $replacement, $start, $length);
|
|
|
|
}
|
|
|
|
/**
|
|
* Wrapper that is used to switch between vanilla and multibyte strpos
|
|
* functions.
|
|
* @param string $haystack
|
|
* @param mixed $needle
|
|
* @param integer $offset
|
|
* @param string $charset
|
|
* @return string
|
|
* @since 1.5.1
|
|
* @link http://www.php.net/strpos
|
|
* @link http://www.php.net/mb_strpos
|
|
*/
|
|
function sq_strpos($haystack,$needle,$offset,$charset='auto') {
|
|
// use automatic charset detection, if function call asks for it
|
|
static $charset_auto, $bUse_mb;
|
|
|
|
if ($charset=='auto') {
|
|
if (!isset($charset_auto)) {
|
|
global $default_charset, $squirrelmail_language;
|
|
set_my_charset();
|
|
$charset=$default_charset;
|
|
if ($squirrelmail_language=='ja_JP') $charset='euc-jp';
|
|
$charset_auto = $charset;
|
|
} else {
|
|
$charset = $charset_auto;
|
|
}
|
|
}
|
|
$charset = strtolower($charset);
|
|
|
|
// in_array call is expensive => do it once and use a static var for
|
|
// storing the results
|
|
if (!isset($bUse_mb)) {
|
|
if (in_array($charset,sq_mb_list_encodings())) {
|
|
$bUse_mb = true;
|
|
} else {
|
|
$bUse_mb = false;
|
|
}
|
|
}
|
|
if ($bUse_mb) {
|
|
return mb_strpos($haystack,$needle,$offset,$charset);
|
|
}
|
|
// TODO: add mbstring independent code
|
|
|
|
// use vanilla string functions as last option
|
|
return strpos($haystack,$needle,$offset);
|
|
}
|
|
|
|
/**
|
|
* Wrapper that is used to switch between vanilla and multibyte strtoupper
|
|
* functions.
|
|
* @param string $string
|
|
* @param string $charset
|
|
* @return string
|
|
* @since 1.5.1
|
|
* @link http://www.php.net/strtoupper
|
|
* @link http://www.php.net/mb_strtoupper
|
|
*/
|
|
function sq_strtoupper($string,$charset='auto') {
|
|
// use automatic charset detection, if function call asks for it
|
|
static $charset_auto, $bUse_mb;
|
|
|
|
if ($charset=='auto') {
|
|
if (!isset($charset_auto)) {
|
|
global $default_charset, $squirrelmail_language;
|
|
set_my_charset();
|
|
$charset=$default_charset;
|
|
if ($squirrelmail_language=='ja_JP') $charset='euc-jp';
|
|
$charset_auto = $charset;
|
|
} else {
|
|
$charset = $charset_auto;
|
|
}
|
|
}
|
|
$charset = strtolower($charset);
|
|
|
|
// in_array call is expensive => do it once and use a static var for
|
|
// storing the results
|
|
if (!isset($bUse_mb)) {
|
|
if (function_exists('mb_strtoupper') &&
|
|
in_array($charset,sq_mb_list_encodings())) {
|
|
$bUse_mb = true;
|
|
} else {
|
|
$bUse_mb = false;
|
|
}
|
|
}
|
|
|
|
if ($bUse_mb) {
|
|
return mb_strtoupper($string,$charset);
|
|
}
|
|
// TODO: add mbstring independent code
|
|
|
|
// use vanilla string functions as last option
|
|
return strtoupper($string);
|
|
}
|
|
|
|
/**
|
|
* Counts 8bit bytes in string
|
|
* @param string $string tested string
|
|
* @return integer number of 8bit bytes
|
|
*/
|
|
function sq_count8bit($string) {
|
|
$count=0;
|
|
for ($i=0; $i<strlen($string); $i++) {
|
|
if (ord($string[$i]) > 127) $count++;
|
|
}
|
|
return $count;
|
|
}
|
|
|
|
/**
|
|
* Callback function to trim whitespace from a value, to be used in array_walk
|
|
* @param string $value value to trim
|
|
* @since 1.5.2 and 1.4.7
|
|
*/
|
|
function sq_trim_value ( &$value ) {
|
|
$value = trim($value);
|
|
}
|
|
|
|
/**
|
|
* Truncates the given string so that it has at
|
|
* most $max_chars characters. NOTE that a "character"
|
|
* may be a multibyte character, or (optionally), an
|
|
* HTML entity , so this function is different than
|
|
* using substr() or mb_substr().
|
|
*
|
|
* NOTE that if $elipses is given and used, the returned
|
|
* number of characters will be $max_chars PLUS the
|
|
* length of $elipses
|
|
*
|
|
* @param string $string The string to truncate
|
|
* @param int $max_chars The maximum allowable characters
|
|
* @param string $elipses A string that will be added to
|
|
* the end of the truncated string
|
|
* (ONLY if it is truncated) (OPTIONAL;
|
|
* default not used)
|
|
* @param boolean $html_entities_as_chars Whether or not to keep
|
|
* HTML entities together
|
|
* (OPTIONAL; default ignore
|
|
* HTML entities)
|
|
*
|
|
* @return string The truncated string
|
|
*
|
|
* @since 1.4.20 and 1.5.2 (replaced truncateWithEntities())
|
|
*
|
|
*/
|
|
function sm_truncate_string($string, $max_chars, $elipses='',
|
|
$html_entities_as_chars=FALSE)
|
|
{
|
|
|
|
// if the length of the string is less than
|
|
// the allowable number of characters, just
|
|
// return it as is (even if it contains any
|
|
// HTML entities, that would just make the
|
|
// actual length even smaller)
|
|
//
|
|
$actual_strlen = sq_strlen($string, 'auto');
|
|
if ($max_chars <= 0 || $actual_strlen <= $max_chars)
|
|
return $string;
|
|
|
|
|
|
// if needed, count the number of HTML entities in
|
|
// the string up to the maximum character limit,
|
|
// pushing that limit up for each entity found
|
|
//
|
|
$adjusted_max_chars = $max_chars;
|
|
if ($html_entities_as_chars)
|
|
{
|
|
|
|
// $loop_count is needed to prevent an endless loop
|
|
// which is caused by buggy mbstring versions that
|
|
// return 0 (zero) instead of FALSE in some rare
|
|
// cases. Thanks, PHP.
|
|
// see: http://bugs.php.net/bug.php?id=52731
|
|
// also: tracker $3053349
|
|
//
|
|
$loop_count = 0;
|
|
$entity_pos = $entity_end_pos = -1;
|
|
while ($entity_end_pos + 1 < $actual_strlen
|
|
&& ($entity_pos = sq_strpos($string, '&', $entity_end_pos + 1)) !== FALSE
|
|
&& ($entity_end_pos = sq_strpos($string, ';', $entity_pos)) !== FALSE
|
|
&& $entity_pos <= $adjusted_max_chars
|
|
&& $loop_count++ < $max_chars)
|
|
{
|
|
$adjusted_max_chars += $entity_end_pos - $entity_pos;
|
|
}
|
|
|
|
|
|
// this isn't necessary because sq_substr() would figure this
|
|
// out anyway, but we can avoid a sq_substr() call and we
|
|
// know that we don't have to add an elipses (this is now
|
|
// an accurate comparison, since $adjusted_max_chars, like
|
|
// $actual_strlen, does not take into account HTML entities)
|
|
//
|
|
if ($actual_strlen <= $adjusted_max_chars)
|
|
return $string;
|
|
|
|
}
|
|
|
|
|
|
// get the truncated string
|
|
//
|
|
$truncated_string = sq_substr($string, 0, $adjusted_max_chars);
|
|
|
|
|
|
// return with added elipses
|
|
//
|
|
return $truncated_string . $elipses;
|
|
|
|
}
|
|
|
|
/**
|
|
* Gathers the list of secuirty tokens currently
|
|
* stored in the user's preferences and optionally
|
|
* purges old ones from the list.
|
|
*
|
|
* @param boolean $purge_old Indicates if old tokens
|
|
* should be purged from the
|
|
* list ("old" is 2 days or
|
|
* older unless the administrator
|
|
* overrides that value using
|
|
* $max_token_age_days in
|
|
* config/config_local.php)
|
|
* (OPTIONAL; default is to always
|
|
* purge old tokens)
|
|
*
|
|
* @return array The list of tokens
|
|
*
|
|
* @since 1.4.19 and 1.5.2
|
|
*
|
|
*/
|
|
function sm_get_user_security_tokens($purge_old=TRUE)
|
|
{
|
|
|
|
global $data_dir, $username, $max_token_age_days,
|
|
$use_expiring_security_tokens;
|
|
|
|
$tokens = getPref($data_dir, $username, 'security_tokens', '');
|
|
if (($tokens = unserialize($tokens)) === FALSE || !is_array($tokens))
|
|
$tokens = array();
|
|
|
|
// purge old tokens if necessary
|
|
//
|
|
if ($purge_old)
|
|
{
|
|
if (empty($max_token_age_days)) $max_token_age_days = 2;
|
|
$now = time();
|
|
$discard_token_date = $now - ($max_token_age_days * 86400);
|
|
$cleaned_tokens = array();
|
|
foreach ($tokens as $token => $timestamp)
|
|
if ($timestamp >= $discard_token_date)
|
|
$cleaned_tokens[$token] = $timestamp;
|
|
$tokens = $cleaned_tokens;
|
|
}
|
|
|
|
return $tokens;
|
|
|
|
}
|
|
|
|
/**
|
|
* Generates a security token that is then stored in
|
|
* the user's preferences with a timestamp for later
|
|
* verification/use (although session-based tokens
|
|
* are not stored in user preferences).
|
|
*
|
|
* NOTE: By default SquirrelMail will use a single session-based
|
|
* token, but if desired, user tokens can have expiration
|
|
* dates associated with them and become invalid even during
|
|
* the same login session. When in that mode, the note
|
|
* immediately below applies, otherwise it is irrelevant.
|
|
* To enable that mode, the administrator must add the
|
|
* following to config/config_local.php:
|
|
* $use_expiring_security_tokens = TRUE;
|
|
*
|
|
* NOTE: The administrator can force SquirrelMail to generate
|
|
* a new token every time one is requested (which may increase
|
|
* obscurity through token randomness at the cost of some
|
|
* performance) by adding the following to
|
|
* config/config_local.php: $do_not_use_single_token = TRUE;
|
|
* Otherwise, only one token will be generated per user which
|
|
* will change only after it expires or is used outside of the
|
|
* validity period specified when calling sm_validate_security_token()
|
|
*
|
|
* WARNING: If the administrator has turned the token system
|
|
* off by setting $disable_security_tokens to TRUE in
|
|
* config/config.php or the configuration tool, this
|
|
* function will not store tokens in the user
|
|
* preferences (but it will still generate and return
|
|
* a random string).
|
|
*
|
|
* @param boolean $force_generate_new When TRUE, a new token will
|
|
* always be created even if current
|
|
* configuration dictates otherwise
|
|
* (OPTIONAL; default FALSE)
|
|
*
|
|
* @return string A security token
|
|
*
|
|
* @since 1.4.19 and 1.5.2
|
|
*
|
|
*/
|
|
function sm_generate_security_token($force_generate_new=FALSE)
|
|
{
|
|
|
|
global $data_dir, $username, $disable_security_tokens, $do_not_use_single_token,
|
|
$use_expiring_security_tokens;
|
|
$max_generation_tries = 1000;
|
|
|
|
// if we're using session-based tokens, just return
|
|
// the same one every time (generate it if it's not there)
|
|
//
|
|
if (!$use_expiring_security_tokens)
|
|
{
|
|
if (sqgetGlobalVar('sm_security_token', $token, SQ_SESSION))
|
|
return $token;
|
|
|
|
// create new one since there was none in session
|
|
$token = GenerateRandomString(12, '', 7);
|
|
sqsession_register($token, 'sm_security_token');
|
|
return $token;
|
|
}
|
|
|
|
$tokens = sm_get_user_security_tokens();
|
|
|
|
if (!$force_generate_new && !$do_not_use_single_token && !empty($tokens))
|
|
return key($tokens);
|
|
|
|
$new_token = GenerateRandomString(12, '', 7);
|
|
$count = 0;
|
|
while (isset($tokens[$new_token]))
|
|
{
|
|
$new_token = GenerateRandomString(12, '', 7);
|
|
if (++$count > $max_generation_tries)
|
|
{
|
|
logout_error(_("Fatal token generation error; please contact your system administrator or the SquirrelMail Team"));
|
|
exit;
|
|
}
|
|
}
|
|
|
|
// is the token system enabled? CAREFUL!
|
|
//
|
|
if (!$disable_security_tokens)
|
|
{
|
|
$tokens[$new_token] = time();
|
|
setPref($data_dir, $username, 'security_tokens', serialize($tokens));
|
|
}
|
|
|
|
return $new_token;
|
|
|
|
}
|
|
|
|
/**
|
|
* Validates a given security token and optionally remove it
|
|
* from the user's preferences if it was valid. If the token
|
|
* is too old but otherwise valid, it will still be rejected.
|
|
*
|
|
* "Too old" is 2 days or older unless the administrator
|
|
* overrides that value using $max_token_age_days in
|
|
* config/config_local.php
|
|
*
|
|
* Session-based tokens of course are always reused and are
|
|
* valid for the lifetime of the login session.
|
|
*
|
|
* WARNING: If the administrator has turned the token system
|
|
* off by setting $disable_security_tokens to TRUE in
|
|
* config/config.php or the configuration tool, this
|
|
* function will always return TRUE.
|
|
*
|
|
* @param string $token The token to validate
|
|
* @param int $validity_period The number of seconds tokens are valid
|
|
* for (set to zero to remove valid tokens
|
|
* after only one use; set to -1 to allow
|
|
* indefinite re-use (but still subject to
|
|
* $max_token_age_days - see elsewhere);
|
|
* use 3600 to allow tokens to be reused for
|
|
* an hour) (OPTIONAL; default is to only
|
|
* allow tokens to be used once)
|
|
* NOTE this is unrelated to $max_token_age_days
|
|
* or rather is an additional time constraint on
|
|
* tokens that allows them to be re-used (or not)
|
|
* within a more narrow timeframe
|
|
* @param boolean $show_error Indicates that if the token is not
|
|
* valid, this function should display
|
|
* a generic error, log the user out
|
|
* and exit - this function will never
|
|
* return in that case.
|
|
* (OPTIONAL; default FALSE)
|
|
*
|
|
* @return boolean TRUE if the token validated; FALSE otherwise
|
|
*
|
|
* @since 1.4.19 and 1.5.2
|
|
*
|
|
*/
|
|
function sm_validate_security_token($token, $validity_period=0, $show_error=FALSE)
|
|
{
|
|
|
|
global $data_dir, $username, $max_token_age_days,
|
|
$use_expiring_security_tokens,
|
|
$disable_security_tokens;
|
|
|
|
// bypass token validation? CAREFUL!
|
|
//
|
|
if ($disable_security_tokens) return TRUE;
|
|
|
|
// if we're using session-based tokens, just compare
|
|
// the same one every time
|
|
//
|
|
if (!$use_expiring_security_tokens)
|
|
{
|
|
if (!sqgetGlobalVar('sm_security_token', $session_token, SQ_SESSION))
|
|
{
|
|
if (!$show_error) return FALSE;
|
|
logout_error(_("Fatal security token error; please log in again"));
|
|
exit;
|
|
}
|
|
if ($token !== $session_token)
|
|
{
|
|
if (!$show_error) return FALSE;
|
|
logout_error(_("The current page request appears to have originated from an untrusted source."));
|
|
exit;
|
|
}
|
|
return TRUE;
|
|
}
|
|
|
|
// don't purge old tokens here because we already
|
|
// do it when generating tokens
|
|
//
|
|
$tokens = sm_get_user_security_tokens(FALSE);
|
|
|
|
// token not found?
|
|
//
|
|
if (empty($tokens[$token]))
|
|
{
|
|
if (!$show_error) return FALSE;
|
|
logout_error(_("This page request could not be verified and appears to have expired."));
|
|
exit;
|
|
}
|
|
|
|
$now = time();
|
|
$timestamp = $tokens[$token];
|
|
|
|
// whether valid or not, we want to remove it from
|
|
// user prefs if it's old enough (unless requested to
|
|
// bypass this (in which case $validity_period is -1))
|
|
//
|
|
if ($validity_period >= 0
|
|
&& $timestamp < $now - $validity_period)
|
|
{
|
|
unset($tokens[$token]);
|
|
setPref($data_dir, $username, 'security_tokens', serialize($tokens));
|
|
}
|
|
|
|
// reject tokens that are too old
|
|
//
|
|
if (empty($max_token_age_days)) $max_token_age_days = 2;
|
|
$old_token_date = $now - ($max_token_age_days * 86400);
|
|
if ($timestamp < $old_token_date)
|
|
{
|
|
if (!$show_error) return FALSE;
|
|
logout_error(_("The current page request appears to have originated from an untrusted source."));
|
|
exit;
|
|
}
|
|
|
|
// token OK!
|
|
//
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
/**
|
|
* Wrapper for PHP's htmlspecialchars() that
|
|
* attempts to add the correct character encoding
|
|
*
|
|
* @param string $string The string to be converted
|
|
* @param int $flags A bitmask that controls the behavior of
|
|
* htmlspecialchars() -- NOTE that this parameter
|
|
* should only be used to dictate handling of
|
|
* quotes; handling invalid code sequences is done
|
|
* using the $invalid_sequence_flag parameter below
|
|
* (See http://php.net/manual/function.htmlspecialchars.php )
|
|
* (OPTIONAL; default ENT_COMPAT)
|
|
* @param string $encoding The character encoding to use in the conversion
|
|
* (if not one of the character sets supported
|
|
* by PHP's htmlspecialchars(), then $encoding
|
|
* will be ignored and iso-8859-1 will be used,
|
|
* unless a default has been specified in
|
|
* $default_htmlspecialchars_encoding in
|
|
* config_local.php) (OPTIONAL; default automatic
|
|
* detection)
|
|
* @param boolean $double_encode Whether or not to convert entities that are
|
|
* already in the string (only supported in
|
|
* PHP 5.2.3+) (OPTIONAL; default TRUE)
|
|
* @param mixed $invalid_sequence_flag A bitmask that controls how invalid
|
|
* code sequences should be handled;
|
|
* When calling htmlspecialchars(),
|
|
* this value will be combined with
|
|
* the $flags parameter above
|
|
* (See http://php.net/manual/function.htmlspecialchars.php )
|
|
* (OPTIONAL; defaults to the string
|
|
* "ent_substitute" that, for PHP 5.4+,
|
|
* is converted to the ENT_SUBSTITUTE
|
|
* constant, otherwise empty)
|
|
*
|
|
* @return string The converted text
|
|
*
|
|
*/
|
|
function sm_encode_html_special_chars($string, $flags=ENT_COMPAT,
|
|
$encoding=NULL, $double_encode=TRUE,
|
|
$invalid_sequence_flag='ent_substitute')
|
|
{
|
|
if ($invalid_sequence_flag === 'ent_substitute')
|
|
{
|
|
if (check_php_version(5, 4, 0))
|
|
$invalid_sequence_flag = ENT_SUBSTITUTE;
|
|
else
|
|
$invalid_sequence_flag = 0;
|
|
}
|
|
|
|
|
|
// charsets supported by PHP's htmlspecialchars
|
|
// (move this elsewhere if needed)
|
|
//
|
|
static $htmlspecialchars_charsets = array(
|
|
'iso-8859-1', 'iso8859-1',
|
|
'iso-8859-5', 'iso8859-5',
|
|
'iso-8859-15', 'iso8859-15',
|
|
'utf-8',
|
|
'cp866', 'ibm866', '866',
|
|
'cp1251', 'windows-1251', 'win-1251', '1251',
|
|
'cp1252', 'windows-1252', '1252',
|
|
'koi8-R', 'koi8-ru', 'koi8r',
|
|
'big5', '950',
|
|
'gb2312', '936',
|
|
'big5-hkscs',
|
|
'shift_jis', 'sjis', 'sjis-win', 'cp932', '932',
|
|
'euc-jp', 'eucjp', 'eucjp-win',
|
|
'macroman',
|
|
);
|
|
|
|
|
|
// if not given, set encoding to the charset being
|
|
// used by the current user interface language
|
|
//
|
|
if (!$encoding)
|
|
{
|
|
global $default_charset;
|
|
if ($default_charset == 'iso-2022-jp')
|
|
$default_charset = 'EUC-JP';
|
|
$encoding = $default_charset;
|
|
}
|
|
|
|
|
|
// two ways to handle encodings not supported by htmlspecialchars() -
|
|
// one takes less CPU cycles but can munge characters in certain
|
|
// translations, the other is more exact but requires more resources
|
|
//
|
|
global $html_special_chars_extended_fix;
|
|
//FIXME: need to document that the config switch above can be enabled in config_local... but first, we need to decide if we will implement the second option here -- currently there hasn't been a need for it (munged characters seem quite rare).... see tracker #2806 for some tips https://sourceforge.net/p/squirrelmail/bugs/2806
|
|
if (!in_array(strtolower($encoding), $htmlspecialchars_charsets))
|
|
{
|
|
if ($html_special_chars_extended_fix)
|
|
{
|
|
// convert to utf-8 first, run htmlspecialchars() and convert
|
|
// back to original encoding below
|
|
//
|
|
//FIXME: try conversion functions in this order: recode_string(), iconv(), mbstring (with various charset checks: sq_mb_list_encodings(), mb_check_encoding) -- oh, first check for internal charset_decode_CHARSET() function?? or just use (does this put everything into HTML entities already? shouldn't, but if it does, return right here):
|
|
$string = charset_decode($encoding, $string, TRUE, TRUE);
|
|
$string = charset_encode($string, $encoding, TRUE);
|
|
}
|
|
else
|
|
{
|
|
// simply force use of an encoding that is supported (some
|
|
// characters may be munged)
|
|
//
|
|
// use default from configuration if provided or hard-coded fallback
|
|
//
|
|
global $default_htmlspecialchars_encoding;
|
|
if (!empty($default_htmlspecialchars_encoding))
|
|
$encoding = $default_htmlspecialchars_encoding;
|
|
else
|
|
$encoding = 'iso-8859-1';
|
|
}
|
|
}
|
|
|
|
|
|
// TODO: Is adding this check an unnecessary performance hit?
|
|
if (check_php_version(5, 2, 3))
|
|
$ret = htmlspecialchars($string, $flags | $invalid_sequence_flag,
|
|
$encoding, $double_encode);
|
|
else
|
|
$ret = htmlspecialchars($string, $flags | $invalid_sequence_flag,
|
|
$encoding);
|
|
|
|
|
|
// convert back to original encoding if needed (see above)
|
|
//
|
|
if ($html_special_chars_extended_fix
|
|
&& !in_array(strtolower($encoding), $htmlspecialchars_charsets))
|
|
{
|
|
//FIXME: NOT FINISHED - here, we'd convert from utf-8 back to original charset (if we obey $lossy_encoding and end up returning in utf-8 instead of original charset, does that screw up the caller?)
|
|
}
|
|
|
|
|
|
return $ret;
|
|
}
|