You've already forked postfixadmin
mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2025-08-07 17:42:53 +03:00
update Smarty to v3.1.33 - "This release does cover security issue CVE-2018-16831, other bug fixes (see changelog.txt) and adds a new feature of the {capture} tag (see NEW_FEATURES.txt)."
This commit is contained in:
David Goodwin
@@ -5,7 +5,6 @@
|
||||
* @package Smarty
|
||||
* @subpackage PluginsFunction
|
||||
*/
|
||||
|
||||
/**
|
||||
* Smarty {mailto} function plugin
|
||||
* Type: function
|
||||
@@ -37,12 +36,11 @@
|
||||
* {mailto address="me@domain.com" cc="you@domain.com,they@domain.com"}
|
||||
* {mailto address="me@domain.com" extra='class="mailto"'}
|
||||
*
|
||||
*
|
||||
* @link http://www.smarty.net/manual/en/language.function.mailto.php {mailto}
|
||||
* @link http://www.smarty.net/manual/en/language.function.mailto.php {mailto}
|
||||
* (Smarty online manual)
|
||||
* @version 1.2
|
||||
* @author Monte Ohrt <monte at ohrt dot com>
|
||||
* @author credits to Jason Sweat (added cc, bcc and subject functionality)
|
||||
* @version 1.2
|
||||
* @author Monte Ohrt <monte at ohrt dot com>
|
||||
* @author credits to Jason Sweat (added cc, bcc and subject functionality)
|
||||
*
|
||||
* @param array $params parameters
|
||||
*
|
||||
@@ -53,15 +51,12 @@ function smarty_function_mailto($params)
|
||||
static $_allowed_encoding =
|
||||
array('javascript' => true, 'javascript_charcode' => true, 'hex' => true, 'none' => true);
|
||||
$extra = '';
|
||||
|
||||
if (empty($params[ 'address' ])) {
|
||||
trigger_error("mailto: missing 'address' parameter", E_USER_WARNING);
|
||||
|
||||
return;
|
||||
} else {
|
||||
$address = $params[ 'address' ];
|
||||
}
|
||||
|
||||
$text = $address;
|
||||
// netscape and mozilla do not decode %40 (@) in BCC field (bug?)
|
||||
// so, don't encode it.
|
||||
@@ -77,61 +72,52 @@ function smarty_function_mailto($params)
|
||||
$mail_parms[] = $var . '=' . str_replace($search, $replace, rawurlencode($value));
|
||||
}
|
||||
break;
|
||||
|
||||
case 'subject':
|
||||
case 'newsgroups':
|
||||
$mail_parms[] = $var . '=' . rawurlencode($value);
|
||||
break;
|
||||
|
||||
case 'extra':
|
||||
case 'text':
|
||||
$$var = $value;
|
||||
|
||||
// no break
|
||||
default:
|
||||
}
|
||||
}
|
||||
|
||||
if ($mail_parms) {
|
||||
$address .= '?' . join('&', $mail_parms);
|
||||
}
|
||||
|
||||
$encode = (empty($params[ 'encode' ])) ? 'none' : $params[ 'encode' ];
|
||||
if (!isset($_allowed_encoding[ $encode ])) {
|
||||
trigger_error("mailto: 'encode' parameter must be none, javascript, javascript_charcode or hex",
|
||||
E_USER_WARNING);
|
||||
|
||||
trigger_error(
|
||||
"mailto: 'encode' parameter must be none, javascript, javascript_charcode or hex",
|
||||
E_USER_WARNING
|
||||
);
|
||||
return;
|
||||
}
|
||||
// FIXME: (rodneyrehm) document.write() excues me what? 1998 has passed!
|
||||
if ($encode === 'javascript') {
|
||||
$string = 'document.write(\'<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>\');';
|
||||
|
||||
$js_encode = '';
|
||||
for ($x = 0, $_length = strlen($string); $x < $_length; $x ++) {
|
||||
for ($x = 0, $_length = strlen($string); $x < $_length; $x++) {
|
||||
$js_encode .= '%' . bin2hex($string[ $x ]);
|
||||
}
|
||||
|
||||
return '<script type="text/javascript">eval(unescape(\'' . $js_encode . '\'))</script>';
|
||||
} elseif ($encode === 'javascript_charcode') {
|
||||
$string = '<a href="mailto:' . $address . '" ' . $extra . '>' . $text . '</a>';
|
||||
|
||||
for ($x = 0, $y = strlen($string); $x < $y; $x ++) {
|
||||
for ($x = 0, $y = strlen($string); $x < $y; $x++) {
|
||||
$ord[] = ord($string[ $x ]);
|
||||
}
|
||||
|
||||
$_ret = "<script type=\"text/javascript\" language=\"javascript\">\n" . "{document.write(String.fromCharCode(" .
|
||||
implode(',', $ord) . "))" . "}\n" . "</script>\n";
|
||||
|
||||
return $_ret;
|
||||
} elseif ($encode === 'hex') {
|
||||
preg_match('!^(.*)(\?.*)$!', $address, $match);
|
||||
if (!empty($match[ 2 ])) {
|
||||
trigger_error("mailto: hex encoding does not work with extra attributes. Try javascript.", E_USER_WARNING);
|
||||
|
||||
return;
|
||||
}
|
||||
$address_encode = '';
|
||||
for ($x = 0, $_length = strlen($address); $x < $_length; $x ++) {
|
||||
for ($x = 0, $_length = strlen($address); $x < $_length; $x++) {
|
||||
if (preg_match('!\w!' . Smarty::$_UTF8_MODIFIER, $address[ $x ])) {
|
||||
$address_encode .= '%' . bin2hex($address[ $x ]);
|
||||
} else {
|
||||
@@ -139,12 +125,10 @@ function smarty_function_mailto($params)
|
||||
}
|
||||
}
|
||||
$text_encode = '';
|
||||
for ($x = 0, $_length = strlen($text); $x < $_length; $x ++) {
|
||||
for ($x = 0, $_length = strlen($text); $x < $_length; $x++) {
|
||||
$text_encode .= '&#x' . bin2hex($text[ $x ]) . ';';
|
||||
}
|
||||
|
||||
$mailto = "mailto:";
|
||||
|
||||
return '<a href="' . $mailto . $address_encode . '" ' . $extra . '>' . $text_encode . '</a>';
|
||||
} else {
|
||||
// no encoding
|
||||
|
||||
Reference in New Issue
Block a user