1 // Output an HTML message, modifying it slightly to make sure it plays nice
2 // with the rest of our web framework.
4 // Copyright (c) 2005-2022 by the citadel.org team
6 // This program is open source software. Use, duplication, or
7 // disclosure is subject to the GNU General Public License v3.
12 // Strip surrounding single or double quotes from a string.
13 void stripquotes(char *s) {
25 if (((s[0] == '\"') && (s[len - 1] == '\"')) || ((s[0] == '\'') && (s[len - 1] == '\''))) {
32 // Check to see if a META tag has overridden the declared MIME character set.
34 // charset Character set name (left unchanged if we don't do anything)
35 // meta_http_equiv Content of the "http-equiv" portion of the META tag
36 // meta_content Content of the "content" portion of the META tag
37 void extract_charset_from_meta(char *charset, char *meta_http_equiv, char *meta_content) {
44 if (!meta_http_equiv) {
51 if (strcasecmp(meta_http_equiv, "Content-type")) {
55 ptr = strchr(meta_content, ';');
60 safestrncpy(buf, ++ptr, sizeof buf);
62 if (!strncasecmp(buf, "charset=", 8)) {
63 strcpy(charset, &buf[8]);
65 // The brain-damaged webmail program in Microsoft Exchange declares
66 // a charset of "unicode" when they really mean "UTF-8". GNU iconv
67 // treats "unicode" as an alias for "UTF-16" so we have to manually
68 // fix this here, otherwise messages generated in Exchange webmail
69 // show up as a big pile of weird characters.
70 if (!strcasecmp(charset, "unicode")) {
71 strcpy(charset, "UTF-8");
74 // Remove wandering punctuation
75 if ((ptr = strchr(charset, '\"'))) {
83 // Sanitize and enhance an HTML message for display.
84 // Also convert weird character sets to UTF-8 if necessary.
85 // Also fixup img src="cid:..." type inline images to fetch the image
86 StrBuf *html2html(const char *supplied_charset, int treat_as_wiki, char *roomname, long msgnum, StrBuf *Source) {
92 StrBuf *converted_msg;
93 int buffer_length = 1;
95 int content_length = 0;
100 int script_start_pos = (-1);
104 StrBuf *BodyArea = NULL;
106 iconv_t ic = (iconv_t) (-1);
107 char *ibuf; // Buffer of characters to be converted
108 char *obuf; // Buffer for converted characters
109 size_t ibuflen; // Length of input buffer
110 size_t obuflen; // Length of output buffer
111 char *osav; // Saved pointer to output buffer
113 StrBuf *Target = NewStrBuf();
114 if (Target == NULL) {
118 safestrncpy(charset, supplied_charset, sizeof charset);
119 sprintf(new_window, "<a target=\"%s\" href=", TARGET);
121 content_length = StrLength(Source);
122 msg = (char *) ChrPtr(Source);
123 buffer_length = content_length;
125 // Do a first pass to isolate the message body
128 msgend = &msg[content_length];
130 while (ptr < msgend) {
132 // Advance to next tag
133 ptr = strchr(ptr, '<');
134 if ((ptr == NULL) || (ptr >= msgend))
137 if ((ptr == NULL) || (ptr >= msgend))
140 // Look for META tags. Some messages (particularly in
141 // Asian locales) illegally declare a message's character
142 // set in the HTML instead of in the MIME headers. This
143 // is wrong but we have to work around it anyway.
144 if (!strncasecmp(ptr, "META", 4)) {
150 char *meta_http_equiv;
154 meta_start = &ptr[4];
155 meta_end = strchr(ptr, '>');
156 if ((meta_end != NULL) && (meta_end <= msgend)) {
157 meta_length = meta_end - meta_start + 1;
158 meta = malloc(meta_length + 1);
159 safestrncpy(meta, meta_start, meta_length);
160 meta[meta_length] = 0;
162 if (!strncasecmp(meta, "HTTP-EQUIV=", 11)) {
163 meta_http_equiv = strdup(&meta[11]);
164 spaceptr = strchr(meta_http_equiv, ' ');
165 if (spaceptr != NULL) {
167 meta_content = strdup(++spaceptr);
168 if (!strncasecmp(meta_content, "content=", 8)) {
169 strcpy(meta_content, &meta_content[8]);
170 stripquotes(meta_http_equiv);
171 stripquotes(meta_content);
172 extract_charset_from_meta(charset, meta_http_equiv, meta_content);
176 free(meta_http_equiv);
182 // Any of these tags cause everything up to and including
183 // the tag to be removed.
184 if ( (!strncasecmp(ptr, "HTML", 4))
185 || (!strncasecmp(ptr, "HEAD", 4))
186 || (!strncasecmp(ptr, "/HEAD", 5))
187 || (!strncasecmp(ptr, "BODY", 4))
191 if (!strncasecmp(ptr, "BODY", 4)) {
194 ptr = strchr(ptr, '>');
195 if ((ptr == NULL) || (ptr >= msgend))
197 if ((pBody != NULL) && (ptr - pBody > 4)) {
199 char *cid_start, *cid_end;
203 while ((isspace(*pBody)) && (pBody < ptr))
205 BodyArea = NewStrBufPlain(NULL, ptr - pBody);
208 src = strstr(pBody, "cid:");
212 while ((*cid_end != '"') && !isspace(*cid_end) && (cid_end < ptr))
215 // copy tag and attributes up to src="cid:
216 StrBufAppendBufPlain(BodyArea, pBody, src - pBody, 0);
218 // add in /webcit/mimepart/<msgno>/CID/
219 // trailing / stops dumb URL filters getting excited
220 StrBufAppendPrintf(BodyArea, "/webcit/mimepart/%ld/", msgnum);
221 StrBufAppendBufPlain(BodyArea, cid_start, cid_end - cid_start, 0);
223 if (ptr - cid_end > 0)
224 StrBufAppendBufPlain(BodyArea, cid_end + 1, ptr - cid_end, 0);
227 StrBufAppendBufPlain(BodyArea, pBody, ptr - pBody, 0);
233 if ((ptr == NULL) || (ptr >= msgend))
238 // Any of these tags cause everything including and following
239 // the tag to be removed.
240 if ((!strncasecmp(ptr, "/HTML", 5)) || (!strncasecmp(ptr, "/BODY", 5))) {
248 if (msgstart > msg) {
249 strcpy(msg, msgstart);
252 // Now go through the message, parsing tags as necessary.
253 converted_msg = NewStrBufPlain(NULL, content_length + 8192);
255 // Convert foreign character sets to UTF-8 if necessary
256 if ( (strcasecmp(charset, "us-ascii"))
257 && (strcasecmp(charset, "UTF-8"))
258 && (strcasecmp(charset, ""))
260 syslog(LOG_DEBUG, "Converting %s to UTF-8", charset);
261 ctdl_iconv_open("UTF-8", charset, &ic);
262 if (ic == (iconv_t) (-1)) {
263 syslog(LOG_WARNING, "%s:%d iconv_open() failed: %s", __FILE__, __LINE__, strerror(errno));
266 if (Source == NULL) {
267 if (ic != (iconv_t) (-1)) {
269 ibuflen = content_length;
270 obuflen = content_length + (content_length / 2);
271 obuf = (char *) malloc(obuflen);
273 iconv(ic, &ibuf, &ibuflen, &obuf, &obuflen);
274 content_length = content_length + (content_length / 2) - obuflen;
275 osav[content_length] = 0;
282 if (ic != (iconv_t) (-1)) {
283 StrBuf *Buf = NewStrBufPlain(NULL, StrLength(Source) + 8096);;
284 StrBufConvert(Source, Buf, &ic);
287 msg = (char *) ChrPtr(Source); // TODO: get rid of this.
291 // At this point, the message has been stripped down to
292 // only the content inside the <BODY></BODY> tags, and has
293 // been converted to UTF-8 if it was originally in a foreign
294 // character set. The text is also guaranteed to be null
297 if (converted_msg == NULL) {
298 StrBufAppendPrintf(Target, "Error %d: %s<br>%s:%d", errno, strerror(errno), __FILE__, __LINE__);
302 if (BodyArea != NULL) { // Any attributes that were declared in the <body> tag
303 StrBufAppendBufPlain(converted_msg, HKEY("<div "), 0); // are instead declared in this <div> tag
304 StrBufAppendBuf(converted_msg, BodyArea, 0);
305 StrBufAppendBufPlain(converted_msg, HKEY(">"), 0);
308 msgend = strchr(msg, 0);
309 while (ptr < msgend) {
311 // Try to sanitize the html of any rogue scripts
312 if (!strncasecmp(ptr, "<script", 7)) {
313 if (scriptlevel == 0) {
314 script_start_pos = StrLength(converted_msg);
318 if (!strncasecmp(ptr, "</script", 8)) {
322 // Change mailto: links to WebCit mail, by replacing the
323 // link with one that points back to our mail room. Due to
324 // the way we parse URL's, it'll even handle mailto: links
325 // that have "?subject=" in them.
326 // FIXME change URL syntax for webcit-ng
327 if (!strncasecmp(ptr, "<a href=\"mailto:", 16)) {
328 content_length += 64;
329 StrBufAppendPrintf(converted_msg, "<a href=\"display_enter?force_room=_MAIL_?recp=");
335 // Make external links open in a separate window
336 else if (!strncasecmp(ptr, "<a href=\"", 9)) {
339 if (((strchr(ptr, ':') < strchr(ptr, '/'))) && ((strchr(ptr, '/') < strchr(ptr, '>')))) {
340 // open external links to new window
341 StrBufAppendPrintf(converted_msg, new_window);
344 else if ((treat_as_wiki)
345 && (strncasecmp(ptr, "<a href=\"wiki?", 14))
346 && (strncasecmp(ptr, "<a href=\"dotgoto?", 17))
347 && (strncasecmp(ptr, "<a href=\"knrooms?", 17))
349 content_length += 64;
350 StrBufAppendPrintf(converted_msg, "<a href=\"wiki?go=");
351 //StrBufUrlescAppend(converted_msg, "FIXME ROOM NAME", NULL); // FIXME make compatible with webcit-ng
352 StrBufAppendPrintf(converted_msg, "?page=");
356 StrBufAppendPrintf(converted_msg, "<a href=\"");
361 // Fixup <img src="cid:... ...> to fetch the mime part
362 else if (!strncasecmp(ptr, "<img ", 5)) {
363 char *cid_start, *cid_end;
364 char *tag_end = strchr(ptr, '>');
366 // FIXME - handle this situation (maybe someone opened an <img cid...
367 // and then ended the message)
369 syslog(LOG_DEBUG, "tag_end is null and ptr is:");
370 syslog(LOG_DEBUG, "%s", ptr);
371 syslog(LOG_DEBUG, "Theoretical bytes remaining: %d", (int) (msgend - ptr));
374 src = strstr(ptr, "src=\"cid:");
378 && isspace(*(src - 1))
379 && tag_end && (cid_start = strchr(src, ':'))
380 && (cid_end = strchr(cid_start, '"'))
381 && (cid_end < tag_end)
383 // copy tag and attributes up to src="cid:
384 StrBufAppendBufPlain(converted_msg, ptr, src - ptr, 0);
387 // add in /webcit/mimepart/<msgnum>/CID/
388 // trailing / stops dumb URL filters getting excited
389 StrBufAppendPrintf(converted_msg, " src=\"/ctdl/r/");
390 StrBufXMLEscAppend(converted_msg, NULL, roomname, strlen(roomname), 0);
391 syslog(LOG_DEBUG, "room name is '%s'", roomname);
392 StrBufAppendPrintf(converted_msg, "/%ld/", msgnum);
393 StrBufAppendBufPlain(converted_msg, cid_start, cid_end - cid_start, 0);
394 StrBufAppendBufPlain(converted_msg, "\"", -1, 0);
397 StrBufAppendBufPlain(converted_msg, ptr, tag_end - ptr, 0);
401 // Turn anything that looks like a URL into a real link, as long
402 // as it's not inside a tag already
403 else if ((brak == 0) && (alevel == 0) && ((!strncasecmp(ptr, "http://", 7)) || (!strncasecmp(ptr, "https://", 8)))) {
404 // Find the end of the link
408 strlenptr = strlen(ptr);
409 for (i = 0; i <= strlenptr; ++i) {
427 if ((ptr[i + 2] == ';') ||
428 (ptr[i + 3] == ';') ||
429 (ptr[i + 5] == ';') || (ptr[i + 6] == ';') || (ptr[i + 7] == ';'))
442 linkedchar = ptr[len];
444 // spot for some subject strings tinymce tends to give us.
445 ltreviewptr = strchr(ptr, '<');
446 if (ltreviewptr != NULL) {
448 linklen = ltreviewptr - ptr;
451 nbspreviewptr = strstr(ptr, " ");
452 if (nbspreviewptr != NULL) {
453 // nbspreviewptr = '\0';
454 linklen = nbspreviewptr - ptr;
456 if (ltreviewptr != 0)
459 ptr[len] = linkedchar;
461 content_length += (32 + linklen);
462 StrBufAppendPrintf(converted_msg, "%s\"", new_window);
463 StrBufAppendBufPlain(converted_msg, ptr, linklen, 0);
464 StrBufAppendPrintf(converted_msg, "\">");
465 StrBufAppendBufPlain(converted_msg, ptr, linklen, 0);
467 StrBufAppendPrintf(converted_msg, "</a>");
471 StrBufAppendBufPlain(converted_msg, ptr, 1, 0);
475 if ((ptr >= msg) && (ptr <= msgend)) {
476 // We need to know when we're inside a tag,
477 // so we don't turn things that look like URL's into
478 // links, when they're already links - or image sources.
479 if ((ptr > msg) && (*(ptr - 1) == '<')) {
482 if ((ptr > msg) && (*(ptr - 1) == '>')) {
484 if ((scriptlevel == 0) && (script_start_pos >= 0)) {
485 StrBufCutRight(converted_msg, StrLength(converted_msg) - script_start_pos);
486 script_start_pos = (-1);
489 if (!strncasecmp(ptr, "</a>", 3))
494 if (BodyArea != NULL) {
495 StrBufAppendBufPlain(converted_msg, HKEY("</div>"), 0); // Close the div where we declared attributes copied
496 FreeStrBuf(&BodyArea); // from the original <body> tag
499 // uncomment these two lines to override conversion
500 // memcpy(converted_msg, msg, content_length);
501 // output_length = content_length;
503 // Output our big pile of markup
504 StrBufAppendBuf(Target, converted_msg, 0);
506 BAIL: // A little trailing vertical whitespace...
507 StrBufAppendPrintf(Target, "<br>\n");
509 // Now give back the memory
510 FreeStrBuf(&converted_msg);
511 if ((msg != NULL) && (Source == NULL))
517 // Look for URL's embedded in a buffer and make them linkable. We use a
518 // target window in order to keep the Citadel session in its own window.
519 void UrlizeText(StrBuf * Target, StrBuf * Source, StrBuf * WrkBuf) {
520 int len, UrlLen, Offset, TrailerLen;
521 const char *start, *end, *pos;
525 len = StrLength(Source);
526 end = ChrPtr(Source) + len;
527 for (pos = ChrPtr(Source); (pos < end) && (start == NULL); ++pos) {
528 if (!strncasecmp(pos, "http://", 7))
530 else if (!strncasecmp(pos, "ftp://", 6))
535 StrBufAppendBuf(Target, Source, 0);
540 for (pos = ChrPtr(Source) + len; pos > start; --pos) {
560 UrlLen = end - start;
561 StrBufAppendBufPlain(WrkBuf, start, UrlLen, 0);
563 Offset = start - ChrPtr(Source);
565 StrBufAppendBufPlain(Target, ChrPtr(Source), Offset, 0);
566 StrBufAppendPrintf(Target, "%ca href=%c%s%c TARGET=%c%s%c%c%s%c/A%c",
567 LB, QU, ChrPtr(WrkBuf), QU, QU, TARGET, QU, RB, ChrPtr(WrkBuf), LB, RB);
569 TrailerLen = StrLength(Source) - (end - ChrPtr(Source));
571 StrBufAppendBufPlain(Target, end, TrailerLen, 0);
575 void url(char *buf, size_t bufsize) {
576 int len, UrlLen, Offset, TrailerLen, outpos;
577 char *start, *end, *pos;
584 syslog(LOG_WARNING, "URL: content longer than buffer!");
588 for (pos = buf; (pos < end) && (start == NULL); ++pos) {
589 if (!strncasecmp(pos, "http://", 7))
591 if (!strncasecmp(pos, "ftp://", 6))
598 for (pos = buf + len; pos > start; --pos) {
618 UrlLen = end - start;
619 if (UrlLen > sizeof(urlbuf)) {
620 syslog(LOG_WARNING, "URL: content longer than buffer!");
623 memcpy(urlbuf, start, UrlLen);
624 urlbuf[UrlLen] = '\0';
626 Offset = start - buf;
627 if ((Offset != 0) && (Offset < sizeof(outbuf)))
628 memcpy(outbuf, buf, Offset);
629 outpos = snprintf(&outbuf[Offset], sizeof(outbuf) - Offset,
630 "%ca href=%c%s%c TARGET=%c%s%c%c%s%c/A%c", LB, QU, urlbuf, QU, QU, TARGET, QU, RB, urlbuf, LB, RB);
631 if (outpos >= sizeof(outbuf) - Offset) {
632 syslog(LOG_WARNING, "URL: content longer than buffer!");
636 TrailerLen = len - (end - start);
638 memcpy(outbuf + Offset + outpos, end, TrailerLen);
639 if (Offset + outpos + TrailerLen > bufsize) {
640 syslog(LOG_WARNING, "URL: content longer than buffer!");
643 memcpy(buf, outbuf, Offset + outpos + TrailerLen);
644 *(buf + Offset + outpos + TrailerLen) = '\0';
projects / citadel.git / blob