3 * Output an HTML message, modifying it slightly to make sure it plays nice
4 * with the rest of our web framework.
6 * Copyright (c) 2005-2012 by the citadel.org team
8 * This program is open source software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License, version 3.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
18 #include "webserver.h"
22 * Strip surrounding single or double quotes from a string.
24 void stripquotes(char *s) {
34 if (((s[0] == '\"') && (s[len - 1] == '\"')) || ((s[0] == '\'') && (s[len - 1] == '\''))) {
42 * Check to see if a META tag has overridden the declared MIME character set.
44 * charset Character set name (left unchanged if we don't do anything)
45 * meta_http_equiv Content of the "http-equiv" portion of the META tag
46 * meta_content Content of the "content" portion of the META tag
48 void extract_charset_from_meta(char *charset, char *meta_http_equiv, char *meta_content) {
60 if (strcasecmp(meta_http_equiv, "Content-type"))
63 ptr = strchr(meta_content, ';');
67 safestrncpy(buf, ++ptr, sizeof buf);
69 if (!strncasecmp(buf, "charset=", 8)) {
70 strcpy(charset, &buf[8]);
73 * The brain-damaged webmail program in Microsoft Exchange declares
74 * a charset of "unicode" when they really mean "UTF-8". GNU iconv
75 * treats "unicode" as an alias for "UTF-16" so we have to manually
76 * fix this here, otherwise messages generated in Exchange webmail
77 * show up as a big pile of weird characters.
79 if (!strcasecmp(charset, "unicode")) {
80 strcpy(charset, "UTF-8");
83 /* Remove wandering punctuation */
84 if ((ptr = strchr(charset, '\"')))
93 * Sanitize and enhance an HTML message for display.
94 * Also convert weird character sets to UTF-8 if necessary.
95 * Also fixup img src="cid:..." type inline images to fetch the image
98 void output_html(const char *supplied_charset, int treat_as_wiki, int msgnum, StrBuf * Source, StrBuf * Target) {
104 StrBuf *converted_msg;
105 int buffer_length = 1;
107 int content_length = 0;
108 char new_window[SIZ];
112 int script_start_pos = (-1);
116 StrBuf *BodyArea = NULL;
118 iconv_t ic = (iconv_t) (-1);
119 char *ibuf; /* Buffer of characters to be converted */
120 char *obuf; /* Buffer for converted characters */
121 size_t ibuflen; /* Length of input buffer */
122 size_t obuflen; /* Length of output buffer */
123 char *osav; /* Saved pointer to output buffer */
128 safestrncpy(charset, supplied_charset, sizeof charset);
130 sprintf(new_window, "<a target=\"%s\" href=", TARGET);
133 while (serv_getln(buf, sizeof buf), strcmp(buf, "000")) {
134 line_length = strlen(buf);
135 buffer_length = content_length + line_length + 2;
136 ptr = realloc(msg, buffer_length);
138 StrBufAppendPrintf(Target, "<b>");
139 StrBufAppendPrintf(Target, _("realloc() error! couldn't get %d bytes: %s"),
140 buffer_length + 1, strerror(errno));
141 StrBufAppendPrintf(Target, "</b><br><br>\n");
142 while (serv_getln(buf, sizeof buf), strcmp(buf, "000")) {
150 strcpy(&msg[content_length], buf);
151 content_length += line_length;
152 strcpy(&msg[content_length], "\n");
156 content_length = StrLength(Source);
158 msg = (char *) ChrPtr(Source); /* TODO: remove cast */
159 buffer_length = content_length;
162 /** Do a first pass to isolate the message body */
165 msgend = &msg[content_length];
167 while (ptr < msgend) {
169 /** Advance to next tag */
170 ptr = strchr(ptr, '<');
171 if ((ptr == NULL) || (ptr >= msgend))
174 if ((ptr == NULL) || (ptr >= msgend))
178 * Look for META tags. Some messages (particularly in
179 * Asian locales) illegally declare a message's character
180 * set in the HTML instead of in the MIME headers. This
181 * is wrong but we have to work around it anyway.
183 if (!strncasecmp(ptr, "META", 4)) {
189 char *meta_http_equiv;
193 meta_start = &ptr[4];
194 meta_end = strchr(ptr, '>');
195 if ((meta_end != NULL) && (meta_end <= msgend)) {
196 meta_length = meta_end - meta_start + 1;
197 meta = malloc(meta_length + 1);
198 safestrncpy(meta, meta_start, meta_length);
199 meta[meta_length] = 0;
201 if (!strncasecmp(meta, "HTTP-EQUIV=", 11)) {
202 meta_http_equiv = strdup(&meta[11]);
203 spaceptr = strchr(meta_http_equiv, ' ');
204 if (spaceptr != NULL) {
206 meta_content = strdup(++spaceptr);
207 if (!strncasecmp(meta_content, "content=", 8)) {
208 strcpy(meta_content, &meta_content[8]);
209 stripquotes(meta_http_equiv);
210 stripquotes(meta_content);
211 extract_charset_from_meta(charset, meta_http_equiv, meta_content);
215 free(meta_http_equiv);
222 * Any of these tags cause everything up to and including
223 * the tag to be removed.
225 if ((!strncasecmp(ptr, "HTML", 4))
226 || (!strncasecmp(ptr, "HEAD", 4))
227 || (!strncasecmp(ptr, "/HEAD", 5))
228 || (!strncasecmp(ptr, "BODY", 4))) {
231 if (!strncasecmp(ptr, "BODY", 4)) {
234 ptr = strchr(ptr, '>');
235 if ((ptr == NULL) || (ptr >= msgend))
237 if ((pBody != NULL) && (ptr - pBody > 4)) {
239 char *cid_start, *cid_end;
243 while ((isspace(*pBody)) && (pBody < ptr))
245 BodyArea = NewStrBufPlain(NULL, ptr - pBody);
248 src = strstr(pBody, "cid:");
252 while ((*cid_end != '"') && !isspace(*cid_end) && (cid_end < ptr))
255 /* copy tag and attributes up to src="cid: */
256 StrBufAppendBufPlain(BodyArea, pBody, src - pBody, 0);
258 /* add in /webcit/mimepart/<msgno>/CID/
259 trailing / stops dumb URL filters getting excited */
260 StrBufAppendPrintf(BodyArea, "/webcit/mimepart/%d/", msgnum);
261 StrBufAppendBufPlain(BodyArea, cid_start, cid_end - cid_start, 0);
263 if (ptr - cid_end > 0)
264 StrBufAppendBufPlain(BodyArea, cid_end + 1, ptr - cid_end, 0);
267 StrBufAppendBufPlain(BodyArea, pBody, ptr - pBody, 0);
272 if ((ptr == NULL) || (ptr >= msgend))
278 * Any of these tags cause everything including and following
279 * the tag to be removed.
281 if ((!strncasecmp(ptr, "/HTML", 5))
282 || (!strncasecmp(ptr, "/BODY", 5))) {
291 if (msgstart > msg) {
292 strcpy(msg, msgstart);
295 /* Now go through the message, parsing tags as necessary. */
296 converted_msg = NewStrBufPlain(NULL, content_length + 8192);
299 /** Convert foreign character sets to UTF-8 if necessary. */
301 if ((strcasecmp(charset, "us-ascii"))
302 && (strcasecmp(charset, "UTF-8"))
303 && (strcasecmp(charset, ""))
305 syslog(LOG_DEBUG, "Converting %s to UTF-8\n", charset);
306 ctdl_iconv_open("UTF-8", charset, &ic);
307 if (ic == (iconv_t) (-1)) {
308 syslog(LOG_WARNING, "%s:%d iconv_open() failed: %s\n", __FILE__, __LINE__, strerror(errno));
311 if (Source == NULL) {
312 if (ic != (iconv_t) (-1)) {
314 ibuflen = content_length;
315 obuflen = content_length + (content_length / 2);
316 obuf = (char *) malloc(obuflen);
318 iconv(ic, &ibuf, &ibuflen, &obuf, &obuflen);
319 content_length = content_length + (content_length / 2) - obuflen;
320 osav[content_length] = 0;
327 if (ic != (iconv_t) (-1)) {
328 StrBuf *Buf = NewStrBufPlain(NULL, StrLength(Source) + 8096);;
329 StrBufConvert(Source, Buf, &ic);
332 msg = (char *) ChrPtr(Source); /* TODO: get rid of this. */
339 * At this point, the message has been stripped down to
340 * only the content inside the <BODY></BODY> tags, and has
341 * been converted to UTF-8 if it was originally in a foreign
342 * character set. The text is also guaranteed to be null
346 if (converted_msg == NULL) {
347 StrBufAppendPrintf(Target, "Error %d: %s<br>%s:%d", errno, strerror(errno), __FILE__, __LINE__);
351 if (BodyArea != NULL) {
352 StrBufAppendBufPlain(converted_msg, HKEY("<table "), 0);
353 StrBufAppendBuf(converted_msg, BodyArea, 0);
354 StrBufAppendBufPlain(converted_msg, HKEY(" width=\"100%\"><tr><td>"), 0);
357 msgend = strchr(msg, 0);
358 while (ptr < msgend) {
360 /** Try to sanitize the html of any rogue scripts */
361 if (!strncasecmp(ptr, "<script", 7)) {
362 if (scriptlevel == 0) {
363 script_start_pos = StrLength(converted_msg);
367 if (!strncasecmp(ptr, "</script", 8)) {
372 * Change mailto: links to WebCit mail, by replacing the
373 * link with one that points back to our mail room. Due to
374 * the way we parse URL's, it'll even handle mailto: links
375 * that have "?subject=" in them.
377 if (!strncasecmp(ptr, "<a href=\"mailto:", 16)) {
378 content_length += 64;
379 StrBufAppendPrintf(converted_msg, "<a href=\"display_enter?force_room=_MAIL_?recp=");
385 /** Make external links open in a separate window */
386 else if (!strncasecmp(ptr, "<a href=\"", 9)) {
389 if (((strchr(ptr, ':') < strchr(ptr, '/')))
390 && ((strchr(ptr, '/') < strchr(ptr, '>')))
392 /* open external links to new window */
393 StrBufAppendPrintf(converted_msg, new_window);
396 else if ((treat_as_wiki)
397 && (strncasecmp(ptr, "<a href=\"wiki?", 14))
398 && (strncasecmp(ptr, "<a href=\"dotgoto?", 17))
399 && (strncasecmp(ptr, "<a href=\"knrooms?", 17))
401 content_length += 64;
402 StrBufAppendPrintf(converted_msg, "<a href=\"wiki?go=");
403 StrBufUrlescAppend(converted_msg, WC->CurRoom.name, NULL);
404 StrBufAppendPrintf(converted_msg, "?page=");
408 StrBufAppendPrintf(converted_msg, "<a href=\"");
413 /** Fixup <img src="cid:... ...> to fetch the mime part */
414 else if (!strncasecmp(ptr, "<img ", 5)) {
415 char *cid_start, *cid_end;
416 char *tag_end = strchr(ptr, '>');
418 /* FIXME - handle this situation (maybe someone opened an <img cid...
419 * and then ended the message)
422 syslog(LOG_DEBUG, "tag_end is null and ptr is:\n");
423 syslog(LOG_DEBUG, "%s\n", ptr);
424 syslog(LOG_DEBUG, "Theoretical bytes remaining: %d\n", (int) (msgend - ptr));
427 src = strstr(ptr, "src=\"cid:");
430 if (src && isspace(*(src - 1))
431 && tag_end && (cid_start = strchr(src, ':'))
432 && (cid_end = strchr(cid_start, '"'))
433 && (cid_end < tag_end)
435 /* copy tag and attributes up to src="cid: */
436 StrBufAppendBufPlain(converted_msg, ptr, src - ptr, 0);
439 /* add in /webcit/mimepart/<msgno>/CID/
440 trailing / stops dumb URL filters getting excited */
441 StrBufAppendPrintf(converted_msg, " src=\"/webcit/mimepart/%d/", msgnum);
442 StrBufAppendBufPlain(converted_msg, cid_start, cid_end - cid_start, 0);
443 StrBufAppendBufPlain(converted_msg, "/\"", -1, 0);
447 StrBufAppendBufPlain(converted_msg, ptr, tag_end - ptr, 0);
452 * Turn anything that looks like a URL into a real link, as long
453 * as it's not inside a tag already
455 else if ((brak == 0) && (alevel == 0) && ((!strncasecmp(ptr, "http://", 7)) || (!strncasecmp(ptr, "https://", 8)))) {
457 /** Find the end of the link */
461 strlenptr = strlen(ptr);
462 for (i = 0; i <= strlenptr; ++i) {
477 /* did s.b. send us an entity? */
479 if ((ptr[i + 2] == ';') ||
480 (ptr[i + 3] == ';') ||
481 (ptr[i + 5] == ';') || (ptr[i + 6] == ';') || (ptr[i + 7] == ';'))
494 linkedchar = ptr[len];
496 /* spot for some subject strings tinymce tends to give us. */
497 ltreviewptr = strchr(ptr, '<');
498 if (ltreviewptr != NULL) {
500 linklen = ltreviewptr - ptr;
503 nbspreviewptr = strstr(ptr, " ");
504 if (nbspreviewptr != NULL) {
505 /* nbspreviewptr = '\0'; */
506 linklen = nbspreviewptr - ptr;
508 if (ltreviewptr != 0)
511 ptr[len] = linkedchar;
513 content_length += (32 + linklen);
514 StrBufAppendPrintf(converted_msg, "%s\"", new_window);
515 StrBufAppendBufPlain(converted_msg, ptr, linklen, 0);
516 StrBufAppendPrintf(converted_msg, "\">");
517 StrBufAppendBufPlain(converted_msg, ptr, linklen, 0);
519 StrBufAppendPrintf(converted_msg, "</A>");
523 StrBufAppendBufPlain(converted_msg, ptr, 1, 0);
528 if ((ptr >= msg) && (ptr <= msgend)) {
530 * We need to know when we're inside a tag,
531 * so we don't turn things that look like URL's into
532 * links, when they're already links - or image sources.
534 if ((ptr > msg) && (*(ptr - 1) == '<')) {
537 if ((ptr > msg) && (*(ptr - 1) == '>')) {
539 if ((scriptlevel == 0) && (script_start_pos >= 0)) {
540 StrBufCutRight(converted_msg, StrLength(converted_msg) - script_start_pos);
541 script_start_pos = (-1);
544 if (!strncasecmp(ptr, "</A>", 3))
549 if (BodyArea != NULL) {
550 StrBufAppendBufPlain(converted_msg, HKEY("</td></tr></table>"), 0);
551 FreeStrBuf(&BodyArea);
554 /** uncomment these two lines to override conversion */
556 /** memcpy(converted_msg, msg, content_length); */
558 /** output_length = content_length; */
560 /** Output our big pile of markup */
561 StrBufAppendBuf(Target, converted_msg, 0);
564 /** A little trailing vertical whitespace... */
565 StrBufAppendPrintf(Target, "<br><br>\n");
567 /** Now give back the memory */
568 FreeStrBuf(&converted_msg);
569 if ((msg != NULL) && (Source == NULL))
579 * Look for URL's embedded in a buffer and make them linkable. We use a
580 * target window in order to keep the Citadel session in its own window.
582 void UrlizeText(StrBuf * Target, StrBuf * Source, StrBuf * WrkBuf) {
583 int len, UrlLen, Offset, TrailerLen;
584 const char *start, *end, *pos;
589 len = StrLength(Source);
590 end = ChrPtr(Source) + len;
591 for (pos = ChrPtr(Source); (pos < end) && (start == NULL); ++pos) {
592 if (!strncasecmp(pos, "http://", 7))
594 else if (!strncasecmp(pos, "ftp://", 6))
599 StrBufAppendBuf(Target, Source, 0);
604 for (pos = ChrPtr(Source) + len; pos > start; --pos) {
624 UrlLen = end - start;
625 StrBufAppendBufPlain(WrkBuf, start, UrlLen, 0);
627 Offset = start - ChrPtr(Source);
629 StrBufAppendBufPlain(Target, ChrPtr(Source), Offset, 0);
630 StrBufAppendPrintf(Target, "%ca href=%c%s%c TARGET=%c%s%c%c%s%c/A%c",
631 LB, QU, ChrPtr(WrkBuf), QU, QU, TARGET, QU, RB, ChrPtr(WrkBuf), LB, RB);
633 TrailerLen = StrLength(Source) - (end - ChrPtr(Source));
635 StrBufAppendBufPlain(Target, end, TrailerLen, 0);
639 void url(char *buf, size_t bufsize) {
640 int len, UrlLen, Offset, TrailerLen, outpos;
641 char *start, *end, *pos;
648 syslog(LOG_WARNING, "URL: content longer than buffer!");
652 for (pos = buf; (pos < end) && (start == NULL); ++pos) {
653 if (!strncasecmp(pos, "http://", 7))
655 if (!strncasecmp(pos, "ftp://", 6))
662 for (pos = buf + len; pos > start; --pos) {
682 UrlLen = end - start;
683 if (UrlLen > sizeof(urlbuf)) {
684 syslog(LOG_WARNING, "URL: content longer than buffer!");
687 memcpy(urlbuf, start, UrlLen);
688 urlbuf[UrlLen] = '\0';
690 Offset = start - buf;
691 if ((Offset != 0) && (Offset < sizeof(outbuf)))
692 memcpy(outbuf, buf, Offset);
693 outpos = snprintf(&outbuf[Offset], sizeof(outbuf) - Offset,
694 "%ca href=%c%s%c TARGET=%c%s%c%c%s%c/A%c", LB, QU, urlbuf, QU, QU, TARGET, QU, RB, urlbuf, LB, RB);
695 if (outpos >= sizeof(outbuf) - Offset) {
696 syslog(LOG_WARNING, "URL: content longer than buffer!");
700 TrailerLen = len - (end - start);
702 memcpy(outbuf + Offset + outpos, end, TrailerLen);
703 if (Offset + outpos + TrailerLen > bufsize) {
704 syslog(LOG_WARNING, "URL: content longer than buffer!");
707 memcpy(buf, outbuf, Offset + outpos + TrailerLen);
708 *(buf + Offset + outpos + TrailerLen) = '\0';