Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /**
- * Rewritten by Grizly to support named HTML users.
- * @param unknown $mid
- * @return Ambigous <string, unknown>
- */
- function getBody ($mid)
- {
- global $cfg;
- //If you don't go the full "create admin setting" route, you will need to edit
- //this array for each new sender.. or simply allow HTML by default and risk it..
- // HIGHLY NOT RECOMMENDED.. only allow TRUSTED people to send you html.. its bad for you!
- $allowed_html_senders = array('sender1@domain.com','sender2@domain.com');
- $body = trim($this->getPart($mid, 'TEXT/PLAIN', $this->charset));
- $html_body = $this->getPart($mid, 'TEXT/HTML', $this->charset);
- $mailinfo = $this->getHeaderInfo($mid);
- //Just because someone is able to send an HTML message, doesn't mean they DID.. so check it!
- if (in_array($mailinfo['email'],$allowed_html_senders) && ! empty($html_body)) {
- error_log('class.mailfetch.php: Bypassed filter for ' . $mailinfo['email']);
- //Remove some of the cruft and pretend its ok.. we honestly do not want this for everyone though. Bad dev, no donut.
- return Format::stripBadHTML($html_body);
- }
- //If there was simply no plain-text message, attempt to filter the HTML message and use that instead.
- // some mail-clients are only sending html messages nowadays.
- // Some of them, frankly shouldn't be sending email at all.. freaks. We have a list up above that simply shouldn't be sending text as it breaks things.
- if (empty($body)) {
- error_log("Attempting HTML for " . $mailinfo['email']);
- //Frankly, the page gets long enough without all these linebreaks and divs.. and we have to strip everything but the OK stuff.
- return Format::safe_html(
- str_ireplace(array('<br>','<br />','<p>','</p>','<div>','</div>'), '', $html_body)); //Balance html tags & neutralize unsafe tags.
- }
- // The Content-Type was text/plain, so escape anything that
- // looks like HTML
- return Format::htmlchars($body);
- /** Original implementation
- $body ='';
- if ($body = $this->getPart($mid,'TEXT/PLAIN', $this->charset))
- // The Content-Type was text/plain, so escape anything that
- // looks like HTML
- $body=Format::htmlchars($body);
- elseif ($body = $this->getPart($mid,'TEXT/HTML', $this->charset)) {
- //Convert tags of interest before we striptags
- $body=str_replace("</DIV><DIV>", "\n", $body);
- $body=str_replace(array("<br>", "<br />", "<BR>", "<BR />"), "\n", $body);
- $body=Format::safe_html($body); //Balance html tags & neutralize unsafe tags.
- }
- return $body;
- */
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement