ExternalVendorCode/devilbox
1
0
Fork 0
mirror of https://github.com/cytopia/devilbox.git synced 2025-04-07 02:56:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Refs #798 Added ctype_xdigit check around hexdec

Browse Source
This commit is contained in:
cytopia 2022-12-31 03:33:09 +01:00
parent 7f3b45b387
commit d1894b3eb2
No known key found for this signature in database
GPG Key ID: 6D56EDB8695128A2
1 changed files with 53 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
.devilbox/www/include/vendor/Mail/mimeDecode.php vendored
View File

@ -28,8 +28,8 @@
* - Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* - Neither the name of the authors, nor the names of its contributors
* may be used to endorse or promote products derived from this
* - Neither the name of the authors, nor the names of its contributors
* may be used to endorse or promote products derived from this
* software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
@ -142,11 +142,11 @@ class Mail_mimeDecode extends PEAR
/**
* Flag to determine whether to decode headers
* (set to UTF8 to iconv convert headers)
* @var mixed
* @var mixed
* @access private
*/
var $_decode_headers;
/**
* Flag to determine whether to include attached messages
@ -182,7 +182,7 @@ class Mail_mimeDecode extends PEAR
{
$this->__construct($input);
}
/**
* Begins the decoding process. If called statically
@ -197,7 +197,7 @@ class Mail_mimeDecode extends PEAR
* of the parts. (Transfer encoding)
* decode_headers - Whether to decode headers,
* - use "UTF8//IGNORE" to convert charset.
*
*
* input - If called statically, this will be treated
* as the input
* @return object Decoded results
@ -229,17 +229,17 @@ class Mail_mimeDecode extends PEAR
$params['decode_headers'] : false;
$this->_rfc822_bodies = isset($params['rfc_822bodies']) ?
$params['rfc_822bodies'] : false;
if (is_string($this->_decode_headers) && !function_exists('iconv')) {
PEAR::raiseError('header decode conversion requested, however iconv is missing');
}
$structure = $this->_decode($this->_header, $this->_body);
if ($structure === false) {
$structure = $this->raiseError($this->_error);
}
}
return $structure;
}
@ -320,10 +320,10 @@ class Mail_mimeDecode extends PEAR
$encoding = isset($content_transfer_encoding) ? $content_transfer_encoding['value'] : '7bit';
$this->_include_bodies ? $return->body = ($this->_decode_bodies ? $this->_decodeBody($body, $encoding) : $body) : null;
break;
case 'multipart/signed': // PGP
$parts = $this->_boundarySplit($body, $content_type['other']['boundary'], true);
$return->parts['msg_body'] = $parts[0];
$return->parts['msg_body'] = $parts[0];
list($part_header, $part_body) = $this->_splitBodyHeader($parts[1]);
$return->parts['sig_hdr'] = $part_header;
$return->parts['sig_body'] = $part_body;
@ -404,7 +404,7 @@ class Mail_mimeDecode extends PEAR
}
for ($i = 0; $i < count($structure->parts); $i++) {
if (!empty($structure->headers['content-type']) AND substr(strtolower($structure->headers['content-type']), 0, 8) == 'message/') {
$prepend = $prepend . $mime_number . '.';
$_mime_number = '';
@ -424,7 +424,7 @@ class Mail_mimeDecode extends PEAR
$structure->mime_id = $prepend . $mime_number;
$no_refs ? $return[$prepend . $mime_number] = '' : $return[$prepend . $mime_number] = &$structure;
}
return $return;
}
@ -442,7 +442,7 @@ class Mail_mimeDecode extends PEAR
if (preg_match("/^(.*?)\r?\n\r?\n(.*)/s", $input, $match)) {
return array($match[1], $match[2]);
}
// bug #17325 - empty bodies are allowed. - we just check that at least one line
// bug #17325 - empty bodies are allowed. - we just check that at least one line
// of headers exist..
if (count(explode("\n",$input))) {
return array($input, '');
@ -466,11 +466,11 @@ class Mail_mimeDecode extends PEAR
// Unfold the input
$input = preg_replace("/\r?\n/", "\r\n", $input);
//#7065 - wrapping.. with encoded stuff.. - probably not needed,
// wrapping space should only get removed if the trailing item on previous line is a
// wrapping space should only get removed if the trailing item on previous line is a
// encoded character
$input = preg_replace("/=\r\n(\t| )+/", '=', $input);
$input = preg_replace("/\r\n(\t| )+/", ' ', $input);
$headers = explode("\r\n", trim($input));
$got_start = false;
foreach ($headers as $value) {
@ -485,7 +485,7 @@ class Mail_mimeDecode extends PEAR
$got_start = true;
}
}
$hdr_name = substr($value, 0, $pos = strpos($value, ':'));
$hdr_value = substr($value, $pos+1);
if($hdr_value[0] == ' ') {
@ -520,7 +520,7 @@ class Mail_mimeDecode extends PEAR
* filename*0*=ENC'lang'urlencoded data.
* filename*1*=ENC'lang'urlencoded data.
*
*
*
*
* @param string Header value to parse
* @return array Contains parsed result
@ -554,7 +554,7 @@ class Mail_mimeDecode extends PEAR
$lq = ''; // last quote..
while ($i < $l) {
$c = $input[$i];
//var_dump(array('i'=>$i,'c'=>$c,'q'=>$q, 'lq'=>$lq, 'key'=>$key, 'val' =>$val));
@ -566,7 +566,7 @@ class Mail_mimeDecode extends PEAR
}
$escaped = true;
$c = $input[$i];
}
}
// state - in key..
@ -588,7 +588,7 @@ class Mail_mimeDecode extends PEAR
$i++;
continue;
}
// state - in value.. (as $val is set..)
if ($q === false) {
@ -597,10 +597,10 @@ class Mail_mimeDecode extends PEAR
$i++;
continue; // skip leading spaces after '=' or after '"'
}
// do not de-quote 'xxx*= itesm..
// do not de-quote 'xxx*= itesm..
$key_is_trans = $key[strlen($key)-1] == '*';
if (!$key_is_trans && !$escaped && ($c == '"' || $c == "'")) {
// start quoted area..
$q = $c;
@ -612,7 +612,7 @@ class Mail_mimeDecode extends PEAR
}
// got end....
if (!$escaped && $c == ';') {
$return['other'][$key] = trim($val);
$val = false;
$key = '';
@ -625,31 +625,31 @@ class Mail_mimeDecode extends PEAR
$i++;
continue;
}
// state - in quote..
if (!$escaped && $c == $q) { // potential exit state..
// end of quoted string..
$lq = $q;
$q = false;
$i++;
continue;
}
// normal char inside of quoted string..
$val.= $c;
$i++;
}
// do we have anything left..
if (strlen(trim($key)) || $val !== false) {
$val = trim($val);
$return['other'][$key] = $val;
}
$clean_others = array();
// merge added values. eg. *1[*]
foreach($return['other'] as $key =>$val) {
@ -659,12 +659,12 @@ class Mail_mimeDecode extends PEAR
$clean_others[$key] .= $val;
continue;
}
}
$clean_others[$key] = $val;
}
// handle language translation of '*' ending others.
foreach( $clean_others as $key =>$val) {
if ( $key[strlen($key)-1] != '*') {
@ -677,26 +677,26 @@ class Mail_mimeDecode extends PEAR
// extended-other-values
$match = array();
$info = preg_match("/^([^']+)'([^']*)'(.*)$/", $val, $match);
$clean_others[$key] = urldecode($match[3]);
$clean_others[strtolower($key)] = $clean_others[$key];
$clean_others[strtolower($key).'-charset'] = $match[1];
$clean_others[strtolower($key).'-language'] = $match[2];
}
$return['other'] = $clean_others;
// decode values.
foreach($return['other'] as $key =>$val) {
$charset = isset($return['other'][$key . '-charset']) ?
$return['other'][$key . '-charset'] : false;
$return['other'][$key] = $this->_decodeHeader($val, $charset);
}
return $return;
}
@ -729,7 +729,7 @@ class Mail_mimeDecode extends PEAR
$parts[] = $tmp[$i];
}
}
// add the last part on if it does not end with the 'closing indicator'
if (!empty($tmp[$len]) && strlen(trim($tmp[$len])) && $tmp[$len][0] != '-') {
$parts[] = $tmp[$len];
@ -781,12 +781,12 @@ class Mail_mimeDecode extends PEAR
}
$input = str_replace($encoded, $text, $input);
}
if ($default_charset && is_string($this->_decode_headers)) {
$conv = @iconv($charset, $this->_decode_headers, $input);
$input = ($conv === false) ? $input : $conv;
}
return $input;
}
@ -832,10 +832,12 @@ class Mail_mimeDecode extends PEAR
// Remove soft line breaks
$input = preg_replace("/=\r?\n/", '', $input);
// cytopia edit
if (version_compare(PHP_VERSION, '7.2.0', '>=')) {
$cb = function($matches) {
return chr(hexdec($matches[0]));
// cytopia edit (added ctype_xdigit() check around)
if (ctype_xdigit($matches[0])) {
return chr(hexdec($matches[0]));
}
};
} else {
// Replace encoded characters
@ -924,7 +926,7 @@ class Mail_mimeDecode extends PEAR
/**
* getSendArray() returns the arguments required for Mail::send()
* used to build the arguments for a mail::send() call
* used to build the arguments for a mail::send() call
*
* Usage:
* $mailtext = Full email (for example generated by a template)
@ -966,7 +968,7 @@ class Mail_mimeDecode extends PEAR
}
$to = substr($to,1);
return array($to,$header,$this->_body);
}
}
/**
* Returns a xml copy of the output of