Postie - Version 1.4.10

Version Description

(2012.12.11) = * Fixed warning when there is no subject * Removed all script and style tags from HTML content in place of XSS warning * Removed XSS warning * Fixed bug where post type was not being detected if only case is different * Fixed bug with custom post type and leading spaces in the subject * Fixed bug where custom fields were not being populated for images

Download this release

Release Info

Developer WayneAllen
Plugin Icon 128x128 Postie
Version 1.4.10
Comparing to
See all releases

Code changes from version 1.4.9 to 1.4.10

Files changed (11) hide show
  1. Revision +2 -2
  2. deploy/_deploy.txt +1 -0
  3. docs/Changes.txt +12 -5
  4. docs/Postie.txt +1 -1
  5. get_mail.php +0 -6
  6. postie-functions.php +146 -106
  7. postie.php +2 -2
  8. readme.html +1 -1
  9. readme.txt +13 -6
  10. test/postie-functionsTest.php +16 -4
  11. test/wpstub.php +2 -1
Revision CHANGED
@@ -1,2 +1,2 @@
1
- Revision: 636678
2
- Last Changed Date: 2012-12-09 19:05:40 -0800 (Sun, 09 Dec 2012)
1
+ Revision: 637111
2
+ Last Changed Date: 2012-12-10 21:29:00 -0800 (Mon, 10 Dec 2012)
deploy/_deploy.txt CHANGED
@@ -2,6 +2,7 @@ see: http://codex.wordpress.org/Writing_a_Plugin#Updating_your_Plugin
2
  update docs\Changes.txt
3
  update version number in postie.php
4
  update version number in docs\postie.txt
 
5
  run deploy.cmd
6
  commit
7
  branch trunk to new version
2
  update docs\Changes.txt
3
  update version number in postie.php
4
  update version number in docs\postie.txt
5
+ update date in docs\Changes.txt
6
  run deploy.cmd
7
  commit
8
  branch trunk to new version
docs/Changes.txt CHANGED
@@ -1,8 +1,15 @@
1
  == Upgrade Notice ==
2
  * Attachments are now processed in the order they were attached.
3
- * XSS detection only issues a warning now
4
 
5
  == CHANGELOG ==
 
 
 
 
 
 
 
6
 
7
  = 1.4.9 (2012.12.10) =
8
  * Fixed bug where date, author, etc didn't get set.
@@ -12,9 +19,9 @@
12
  * Fixed bug where base64 strings were being double decoded.
13
 
14
  = 1.4.8 (2012.12.09) =
15
- * fix collisions with simple_html_dom
16
- * fix bug when trying to get file name from MIME part
17
- * fix bug causing Cannot modify header information warning
18
 
19
  = 1.4.7 (2012.12.07) =
20
  * Fixed bug in cron setup that was preventing Weekly, twice an hour and every ten minute schedules from running.
@@ -33,7 +40,7 @@
33
  * Fixed numerous warning messages
34
  * Added phpUnit tests
35
  * Allow wp-config.php to be in alternate location as described here: http://codex.wordpress.org/Hardening_WordPress#Securing_wp-config.php
36
- * Fix a bug that didn't replace the #img# tags correctly.
37
 
38
  = 1.4.5 (2012.11.14) =
39
  * Fixed bug in XSS attack vulnerability code. Thanks to R Reid http://blog.strictly-software.com/2012/03/fixing-postie-plugin-for-wordpress-to.html
1
  == Upgrade Notice ==
2
  * Attachments are now processed in the order they were attached.
3
+ * All script, style and body tags are stripped from html emails.
4
 
5
  == CHANGELOG ==
6
+ = 1.4.10 (2012.12.11) =
7
+ * Fixed warning when there is no subject
8
+ * Removed all script and style tags from HTML content in place of XSS warning
9
+ * Removed XSS warning
10
+ * Fixed bug where post type was not being detected if only case is different
11
+ * Fixed bug with custom post type and leading spaces in the subject
12
+ * Fixed bug where custom fields were not being populated for images
13
 
14
  = 1.4.9 (2012.12.10) =
15
  * Fixed bug where date, author, etc didn't get set.
19
  * Fixed bug where base64 strings were being double decoded.
20
 
21
  = 1.4.8 (2012.12.09) =
22
+ * Fixed collisions with simple_html_dom
23
+ * Fixed bug when trying to get file name from MIME part
24
+ * Fixed bug causing Cannot modify header information warning
25
 
26
  = 1.4.7 (2012.12.07) =
27
  * Fixed bug in cron setup that was preventing Weekly, twice an hour and every ten minute schedules from running.
40
  * Fixed numerous warning messages
41
  * Added phpUnit tests
42
  * Allow wp-config.php to be in alternate location as described here: http://codex.wordpress.org/Hardening_WordPress#Securing_wp-config.php
43
+ * Fixed a bug that didn't replace the #img# tags correctly.
44
 
45
  = 1.4.5 (2012.11.14) =
46
  * Fixed bug in XSS attack vulnerability code. Thanks to R Reid http://blog.strictly-software.com/2012/03/fixing-postie-plugin-for-wordpress-to.html
docs/Postie.txt CHANGED
@@ -6,7 +6,7 @@ Plugin URI: http://PostiePlugin.com/
6
  Tags: e-mail, email
7
  Requires at least: 3.0
8
  Tested up to: 3.4.2
9
- Stable tag: 1.4.9
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
6
  Tags: e-mail, email
7
  Requires at least: 3.0
8
  Tested up to: 3.4.2
9
+ Stable tag: 1.4.10
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
get_mail.php CHANGED
@@ -51,12 +51,6 @@ foreach ($emails as $email) {
51
 
52
  DebugEmailOutput($email, $mimeDecodedEmail);
53
 
54
- // check for XSS attacks - we disallow any javascript, meta, onload, or base64
55
- if (preg_match("@((%3C|<)/?script|<meta|document\.|\.cookie|\.createElement|onload\s*=|(eval|base64)\()@is", $email, $matches)) {
56
- EchoInfo("Warning: possible XSS attack");
57
- DebugDump($matches);
58
- }
59
-
60
  //Check poster to see if a valid person
61
  $poster = ValidatePoster($mimeDecodedEmail, $config);
62
  if (!empty($poster)) {
51
 
52
  DebugEmailOutput($email, $mimeDecodedEmail);
53
 
 
 
 
 
 
 
54
  //Check poster to see if a valid person
55
  $poster = ValidatePoster($mimeDecodedEmail, $config);
56
  if (!empty($poster)) {
postie-functions.php CHANGED
@@ -1,7 +1,7 @@
1
  <?php
2
 
3
  /*
4
- $Id: postie-functions.php 636795 2012-12-10 22:00:12Z WayneAllen $
5
  */
6
 
7
  /* TODO
@@ -73,16 +73,22 @@ function LogInfo($v) {
73
  }
74
 
75
  function EchoInfo($v) {
76
- echo("<p>$v</p>\n");
 
 
77
  LogInfo($v);
78
  }
79
 
80
  function DebugDump($v) {
81
  if (IsDebugMode()) {
82
  $o = print_r($v, true);
83
- echo "<pre>\n";
84
- EchoInfo($o);
85
- echo "</pre>\n";
 
 
 
 
86
  }
87
  }
88
 
@@ -200,8 +206,8 @@ function PostEmail($poster, $mimeDecodedEmail, $config) {
200
  'email_author' => $postAuthorDetails['email'],
201
  'post_date' => $post_date,
202
  'post_date_gmt' => $post_date_gmt,
203
- 'post_content' => $content,
204
- 'post_title' => $subject,
205
  'post_type' => $post_type, /* Added by Raam Dev <raam@raamdev.com> */
206
  'ping_status' => get_option('default_ping_status'),
207
  'post_category' => $post_categories,
@@ -252,17 +258,17 @@ function GetPostType(&$subject) {
252
  $custom_post_type_delim = "//";
253
  if (strpos($subject, $custom_post_type_delim) !== FALSE) {
254
 
255
- // Captures the custom post type in the subject before $custom_post_type_delim
256
  $separated_subject = explode($custom_post_type_delim, $subject);
257
  $custom_post_type = $separated_subject[0];
258
- $subject = $separated_subject[1];
259
 
260
  $custom_post_type = trim(strtolower($custom_post_type));
261
 
262
- // Check if custom post type exists, if not, set default post type of 'post'
263
  $known_post_types = get_post_types();
264
 
265
- if (in_array($custom_post_type, $known_post_types)) {
266
  $post_type = $custom_post_type;
267
  } else {
268
  $post_type = 'post';
@@ -280,12 +286,12 @@ function clickableLink($text, $shortcode = false) {
280
 
281
  $text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1:", $text);
282
 
283
- // pad it with a space so we can match things at the start of the 1st line.
284
  $ret = ' ' . $text;
285
  if (strpos($ret, 'youtube') !== false) {
286
- // try to embed youtube videos
287
  $youtube = "#(^|[\n ]|>)[\w]+?://(www\.)?youtube\.com/watch\?v=([_a-zA-Z0-9-]+).*?([ \n]|$|<)#is";
288
- #$youtube="#(^|[\n ]|<p[^<]*>)[\w]+?://(www\.)?youtube\.com/watch\?v=([_a-zA-Z0-9]+).*?([ \n]|$|</p>)#is";
289
  if ($shortcode) {
290
  $youtube_replace = "\\1[youtube \\3]\\4";
291
  } else {
@@ -295,10 +301,10 @@ function clickableLink($text, $shortcode = false) {
295
  }
296
 
297
  if (strpos($ret, 'vimeo') !== false) {
298
- // try to embed vimeo videos
299
- # : http://vimeo.com/6348141
300
  $vimeo = "#(^|[\n ]|>)[\w]+?://(www\.)?vimeo\.com/([_a-zA-Z0-9-]+).*?([ \n]|$|<)#is";
301
- #$youtube="#(^|[\n ]|<p[^<]*>)[\w]+?://(www\.)?youtube\.com/watch\?v=([_a-zA-Z0-9]+).*?([ \n]|$|</p>)#is";
302
  if ($shortcode) {
303
  $vimeo_replace = "\\1[vimeo \\3]\\4";
304
  } else {
@@ -315,22 +321,22 @@ function clickableLink($text, $shortcode = false) {
315
  $ret = preg_replace($vimeo, $vimeo_replace, $ret);
316
  }
317
 
318
- // matches an "xxxx://yyyy" URL at the start of a line, or after a space.
319
- // xxxx can only be alpha characters.
320
- // yyyy is anything up to the first space, newline, comma, double quote or <
321
  $ret = preg_replace("#(^|[\n ])<?([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)>?#is", "\\1<a href=\"\\2\" >\\2</a>", $ret);
322
 
323
- // matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing
324
- // Must contain at least 2 dots. xxxx contains either alphanum, or "-"
325
- // zzzz is optional.. will contain everything up to the first space, newline,
326
- // comma, double quote or <.
327
  $ret = preg_replace("#(^|[\n ])<?((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)>?#is", "\\1<a href=\"http://\\2\" >\\2</a>", $ret);
328
 
329
- // matches an email@domain type address at the start of a line, or after a space.
330
- // Note: Only the followed chars are valid; alphanums, "-", "_" and or ".".
331
  $ret = preg_replace(
332
  "#(^|[\n ])([a-z0-9&\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)*[\w]+)#i", "\\1<a href=\"mailto:\\2@\\3\">\\2@\\3</a>", $ret);
333
- // Remove our padding..
334
  $ret = substr($ret, 1);
335
  return $ret;
336
  }
@@ -591,6 +597,9 @@ function PostToDB($details, $isReply, $postToDb = true, $customImageField = fals
591
  $post_ID = wp_insert_comment($comment);
592
  }
593
  if ($customImageField) {
 
 
 
594
  if (count($details['customImages']) > 1) {
595
  $imageField = 1;
596
  foreach ($details['customImages'] as $image) {
@@ -621,17 +630,17 @@ function BannedFileName($filename, $bannedFiles) {
621
  return false;
622
  }
623
 
624
- //tear apart the meta part for useful information
625
  function GetContent($part, &$attachments, $post_id, $poster, $config) {
626
  extract($config);
627
  global $charset, $encoding;
628
 
629
  $meta_return = NULL;
630
- EchoInfo("primary= " . $part->ctype_primary . ", secondary = " . $part->ctype_secondary);
631
 
632
  DecodeBase64Part($part);
633
 
634
- if (array_key_exists('name', $part->ctype_parameters))
 
635
  if (BannedFileName($part->ctype_parameters['name'], $banned_files_list))
636
  return NULL;
637
 
@@ -653,6 +662,7 @@ function GetContent($part, &$attachments, $post_id, $poster, $config) {
653
  }
654
  }
655
  }
 
656
  if ($part->ctype_primary == "multipart" && $part->ctype_secondary == "appledouble") {
657
  $mimeDecodedEmail = DecodeMIMEMail("Content-Type: multipart/mixed; boundary=" . $part->ctype_parameters["boundary"] . "\n" . $part->body);
658
  FilterTextParts($mimeDecodedEmail, $prefer_text_type);
@@ -662,9 +672,13 @@ function GetContent($part, &$attachments, $post_id, $poster, $config) {
662
  }
663
  } else {
664
  // fix filename (remove non-standard characters)
 
 
 
665
  $filename = "";
666
  if (is_array($part->ctype_parameters) && array_key_exists('name', $part->ctype_parameters)) {
667
  $filename = preg_replace("/[^\x9\xA\xD\x20-\x7F]/", "", $part->ctype_parameters['name']);
 
668
  }
669
  switch (strtolower($part->ctype_primary)) {
670
  case 'multipart':
@@ -673,22 +687,22 @@ function GetContent($part, &$attachments, $post_id, $poster, $config) {
673
  $meta_return .= GetContent($section, $attachments, $post_id, $poster, $config);
674
  }
675
  break;
 
676
  case 'text':
677
- $tmpcharset = trim($part->ctype_parameters['charset']);
678
- if ($tmpcharset != '')
679
- $charset = $tmpcharset;
680
- DebugEcho("charset: $tmpcharset");
681
- if (array_key_exists('content-transfer-encoding', $part->headers)) {
682
- $tmpencoding = trim($part->headers['content-transfer-encoding']);
683
- if ($tmpencoding != '') {
684
- $encoding = $tmpencoding;
685
- }
686
  }
687
 
688
  if (array_key_exists('content-transfer-encoding', $part->headers)) {
689
- DebugDump($part);
690
  $part->body = HandleMessageEncoding($part->headers["content-transfer-encoding"], $part->ctype_parameters["charset"], $part->body, $message_encoding, $message_dequote);
691
- DebugDump($part);
692
  }
693
 
694
  //go through each sub-section
@@ -716,13 +730,16 @@ function GetContent($part, &$attachments, $post_id, $poster, $config) {
716
  if (array_key_exists('content-id', $part->headers)) {
717
  $cid = trim($part->headers["content-id"], "<>");
718
  }
719
- ; //cids are in <cid>
720
  $the_post = get_post($file_id);
 
721
  $attachments["html"][$filename] = parseTemplate($file_id, $part->ctype_primary, $imagetemplate);
722
  if ($cid) {
723
  $attachments["cids"][$cid] = array($file, count($attachments["html"]) - 1);
 
724
  }
725
  break;
 
726
  case 'audio':
727
  $file_id = postie_media_handle_upload($part, $post_id, $poster);
728
  $file = wp_get_attachment_url($file_id);
@@ -736,6 +753,7 @@ function GetContent($part, &$attachments, $post_id, $poster, $config) {
736
  }
737
  $attachments["html"][$filename] = parseTemplate($file_id, $part->ctype_primary, $audioTemplate);
738
  break;
 
739
  case 'video':
740
  $file_id = postie_media_handle_upload($part, $post_id, $poster);
741
  $file = wp_get_attachment_url($file_id);
@@ -850,9 +868,14 @@ function etf2HTML($content) {
850
  function HTML2HTML($content) {
851
  $html = str_get_html($content);
852
  if ($html) {
 
 
 
 
 
853
  $b = $html->find('body');
854
  if ($b) {
855
- $content = $b[0]->outertext;
856
  }
857
  }
858
  return $content;
@@ -863,6 +886,7 @@ function HTML2HTML($content) {
863
  * @return integer|NULL
864
  */
865
  function ValidatePoster(&$mimeDecodedEmail, $config) {
 
866
  extract($config);
867
  global $wpdb;
868
  $poster = NULL;
@@ -883,12 +907,12 @@ function ValidatePoster(&$mimeDecodedEmail, $config) {
883
  $poster = $user_ID;
884
  EchoInfo("posting as user $poster");
885
  } else {
886
- $poster = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE
887
- user_login = '$admin_username'");
888
  }
889
  } elseif ($turn_authorization_off || CheckEmailAddress($from, $authorized_addresses) || CheckEmailAddress($resentFrom, $authorized_addresses)) {
890
  $poster = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_login = '$admin_username'");
891
  }
 
892
  $validSMTP = checkSMTP($mimeDecodedEmail, $smtp);
893
  if (!$poster || !$validSMTP) {
894
  EchoInfo('Invalid sender: ' . htmlentities($from) . "! Not adding email!");
@@ -900,28 +924,30 @@ function ValidatePoster(&$mimeDecodedEmail, $config) {
900
  EchoInfo("The message was unable to be forwarded to the adminstrator.");
901
  }
902
  }
903
- return;
904
  }
905
  return $poster;
906
  }
907
 
908
  function post_as_admin($admin_username) {
909
  EchoInfo("$from is authorized to post as the administrator");
910
- //$from = get_option("admin_email");
911
- //$adminUser=$admin_username;
912
- //echo "adminUser='$adminUser'";
913
  return $poster;
914
  }
915
 
916
  function checkSMTP($mimeDecodedEmail, $smtpservers) {
917
  if (empty($smtpservers))
918
  return true;
 
919
  foreach ((array) $mimeDecodedEmail->headers['received'] as $received) {
920
  foreach ($smtpservers as $smtp) {
921
- if (stristr($received, $smtp) !== false)
 
922
  return true;
 
923
  }
924
  }
 
 
925
  return false;
926
  }
927
 
@@ -1013,9 +1039,7 @@ function StripPGP($content) {
1013
  ' ',
1014
  ''
1015
  );
1016
- // strip extra line breaks
1017
- $return = preg_replace($search, $replace, $content);
1018
- return $return;
1019
  }
1020
 
1021
  function ConvertUTF8ToISO_8859_1($contenttransferencoding, $currentcharset, $body) {
@@ -1035,7 +1059,7 @@ function HandleMessageEncoding($contenttransferencoding, $charset, $body, $blogE
1035
  $charset = strtolower($charset);
1036
  $contenttransferencoding = strtolower($contenttransferencoding);
1037
 
1038
- DebugEcho("before HandleMessageEncoding: $body");
1039
  DebugEcho("charset: $charset");
1040
  DebugEcho("encoding: $contenttransferencoding");
1041
 
@@ -1049,7 +1073,7 @@ function HandleMessageEncoding($contenttransferencoding, $charset, $body, $blogE
1049
  $body = iconv($charset, $blogEncoding, quoted_printable_decode($body));
1050
  }
1051
 
1052
- DebugEcho("after HandleMessageEncoding: $body");
1053
  return $body;
1054
  }
1055
 
@@ -1133,12 +1157,13 @@ function DecodeBase64Part(&$part) {
1133
  if (array_key_exists('content-transfer-encoding', $part->headers)) {
1134
  if (strtolower($part->headers['content-transfer-encoding']) == 'base64') {
1135
  DebugEcho("DecodeBase64Part: base64 detected");
1136
- if (array_key_exists('charset', $part->ctype_parameters)) {
 
1137
  $part->body = iconv($part->ctype_parameters['charset'], 'UTF-8', base64_decode($part->body));
1138
  } else {
1139
  $part->body = base64_decode($part->body);
1140
  }
1141
- $part->headers['content-transfer-encoding']='';
1142
  }
1143
  }
1144
  }
@@ -1246,8 +1271,6 @@ function FilterAppleFile(&$mimeDecodedEmail) {
1246
 
1247
  function postie_media_handle_upload($part, $post_id, $poster, $post_data = array()) {
1248
  $overrides = array('test_form' => false);
1249
- //$overrides = array('test_form'=>false, 'test_size'=>false,
1250
- // 'test_type'=>false);
1251
  $tmpFile = tempnam(getenv('TEMP'), 'postie');
1252
  if (!is_writable($tmpFile)) {
1253
  $uploadDir = wp_upload_dir();
@@ -1260,15 +1283,16 @@ function postie_media_handle_upload($part, $post_id, $poster, $post_data = array
1260
  } else {
1261
  EchoInfo("could not write to temp file: '$tmpFile' ");
1262
  }
1263
- if ($part->ctype_parameters['name'] == '') {
 
 
1264
  if ($part->d_parameters['filename'] != '') {
1265
  $name = $part->d_parameters['filename'];
1266
- } else {
1267
- $name = 'postie-media.' . $part->ctype_secondary;
1268
  }
1269
  } else {
1270
  $name = $part->ctype_parameters['name'];
1271
  }
 
1272
  $the_file = array('name' => $name,
1273
  'tmp_name' => $tmpFile,
1274
  'size' => filesize($tmpFile),
@@ -1288,7 +1312,6 @@ function postie_media_handle_upload($part, $post_id, $poster, $post_data = array
1288
  if (substr($post->post_date, 0, 4) > 0)
1289
  $time = $post->post_date;
1290
 
1291
-
1292
  $file = postie_handle_upload($the_file, $overrides, $time);
1293
  //unlink($tmpFile);
1294
 
@@ -1472,7 +1495,7 @@ function FilterTextParts(&$mimeDecodedEmail, $preferTextType) {
1472
  }
1473
  if ($found && $newParts) {
1474
  //This is now the filtered list of just the preferred type.
1475
- echo count($newParts) . " parts\n";
1476
  $mimeDecodedEmail->parts = $newParts;
1477
  }
1478
  }
@@ -1508,7 +1531,7 @@ function MailToRecipients(&$mail_content, $testEmail = false, $recipients = arra
1508
  $headers .= "Cc: " . $recipient . "\r\n";
1509
  }
1510
  }
1511
- // Set email subject
1512
  if ($reject) {
1513
  $alert_subject = $blogname . ": Unauthorized Post Attempt from $from";
1514
  if ($mail_content->ctype_parameters['boundary']) {
@@ -1516,7 +1539,7 @@ function MailToRecipients(&$mail_content, $testEmail = false, $recipients = arra
1516
  } else {
1517
  $boundary = uniqid("B_");
1518
  }
1519
- // Set sender details
1520
  /*
1521
  if (isset($mail_content->headers["mime-version"])) {
1522
  $headers .= "Mime-Version: ". $mail_content->headers["mime-version"] . "\r\n";
@@ -1527,16 +1550,14 @@ function MailToRecipients(&$mail_content, $testEmail = false, $recipients = arra
1527
  */
1528
 
1529
  $headers.="Content-Type:multipart/alternative; boundary=\"$boundary\"\r\n";
1530
- // SDM 20041123
1531
- // construct mail message
1532
  $message = "An unauthorized message has been sent to $blogname.\n";
1533
  $message .= "Sender: $from\n";
1534
  $message .= "Subject: $subject\n";
1535
  $message .= "\n\nIf you wish to allow posts from this address, please add " . $from . " to the registered users list and manually add the content of the e-mail found below.";
1536
  $message .= "\n\nOtherwise, the e-mail has already been deleted from the server and you can ignore this message.";
1537
- $message .= "\n\nIf you would like to prevent postie from forwarding mail
1538
- in the future, please change the FORWARD_REJECTED_MAIL setting in the Postie
1539
- settings panel";
1540
  $message .= "\n\nThe original content of the e-mail has been attached.\n\n";
1541
  $mailtext = "--$boundary\r\n";
1542
  $mailtext .= "Content-Type: text/plain;format=flowed;charset=\"iso-8859-1\";reply-type=original\n";
@@ -1550,18 +1571,20 @@ function MailToRecipients(&$mail_content, $testEmail = false, $recipients = arra
1550
  }
1551
  foreach ($mailparts as $part) {
1552
  $mailtext .= "--$boundary\r\n";
1553
- $mailtext .= "Content-Type: " . $part->headers["content-type"] . "\n";
1554
- $mailtext .= "Content-Transfer-Encoding: " . $part->headers["content-transfer-encoding"] . "\n";
1555
- if (isset($part->headers["content-disposition"])) {
 
 
1556
  $mailtext .= "Content-Disposition: " . $part->headers["content-disposition"] . "\n";
1557
  }
1558
  $mailtext .= "\n";
1559
- $mailtext .= $part->body;
 
1560
  }
1561
  } else {
1562
  $alert_subject = "Successfully posted to $blogname";
1563
- $mailtext = "Your post '$subject' has been successfully published to " .
1564
- "$blogname <$blogurl>.\n";
1565
  }
1566
 
1567
 
@@ -1777,6 +1800,7 @@ function parseTemplate($id, $type, $template, $size = 'medium') {
1777
  * @param array - array of HTML for images for post
1778
  */
1779
  function ReplaceImageCIDs(&$content, &$attachments) {
 
1780
  $used = array();
1781
  foreach ($attachments["cids"] as $key => $info) {
1782
  $key = str_replace('/', '\/', $key);
@@ -1789,16 +1813,26 @@ function ReplaceImageCIDs(&$content, &$attachments) {
1789
  //DebugEcho("# cid attachments: " . count($used));
1790
 
1791
  $html = array();
1792
- $att = array_values($attachments["html"]); //make sure there are numeric indexes
1793
- //DebugDump($attachments["html"]);
1794
- //DebugDump($att);
 
 
 
 
 
 
 
 
1795
 
1796
- for ($i = 0; $i < count($attachments["html"]); $i++) {
1797
- if (!in_array($i, $used)) {
1798
- $html[] = $att[$i];
1799
  }
1800
  }
 
1801
  $attachments["html"] = $html;
 
1802
  }
1803
 
1804
  /**
@@ -1871,7 +1905,7 @@ function GetSubject(&$mimeDecodedEmail, &$content, $config) {
1871
  extract($config);
1872
  global $charset;
1873
  //assign the default title/subject
1874
- if ($mimeDecodedEmail->headers['subject'] == NULL) {
1875
  DebugEcho("No subject in email");
1876
  if ($allow_subject_in_mail) {
1877
  list($subject, $content) = ParseInMessageSubject($content, $default_title);
@@ -1890,15 +1924,15 @@ function GetSubject(&$mimeDecodedEmail, &$content, $config) {
1890
  $encoding = '7bit';
1891
  }
1892
  DebugEcho("Subject encoding: $encoding");
1893
-
1894
  if (function_exists('imap_mime_header_decode')) {
1895
  $subject = '';
1896
  $text = $mimeDecodedEmail->headers['subject'];
1897
 
1898
  $elements = imap_mime_header_decode($text);
1899
- DebugEcho("MIME Header");
1900
- DebugDump($elements);
1901
-
1902
  for ($i = 0; $i < count($elements); $i++) {
1903
  $thischarset = $elements[$i]->charset;
1904
  if ($thischarset == 'default')
@@ -1906,7 +1940,6 @@ function GetSubject(&$mimeDecodedEmail, &$content, $config) {
1906
 
1907
  $subject.=HandleMessageEncoding($encoding, $thischarset, $elements[$i]->text, $message_encoding, $message_dequote);
1908
  }
1909
-
1910
  }
1911
  if (!$allow_html_in_subject) {
1912
  DebugEcho("subject before htmlentities: $subject");
@@ -2015,18 +2048,18 @@ function GetPostCategories(&$subject, $defaultCategory) {
2015
  function DisplayEmailPost($details) {
2016
  //DebugDump($details);
2017
  // Report
2018
- EchoInfo('<b>Post Author</b>: ' . $details["post_author"]);
2019
- EchoInfo('<b>Date</b>: ' . $details["post_date"]);
2020
  foreach ($details["post_category"] as $category) {
2021
- EchoInfo('<b>Category</b>: ' . $category);
2022
- }
2023
- EchoInfo('<b>Ping Status</b>: ' . $details["ping_status"]);
2024
- EchoInfo('<b>Comment Status</b>: ' . $details["comment_status"]);
2025
- EchoInfo('<b>Subject</b>: ' . $details["post_title"]);
2026
- EchoInfo('<b>Postname</b>: ' . $details["post_name"]);
2027
- EchoInfo('<b>Post Id</b>: ' . $details["ID"]);
2028
- EchoInfo('<b>Post Type</b>: ' . $details["post_type"]); /* Added by Raam Dev <raam@raamdev.com> */
2029
- EchoInfo('<b>Posted content:</b>');
2030
  EchoInfo($details["post_content"]);
2031
  }
2032
 
@@ -2573,8 +2606,8 @@ function SafeFileName($filename) {
2573
 
2574
  function DebugEmailOutput(&$email, &$mimeDecodedEmail) {
2575
  if (IsDebugMode()) {
2576
- DebugDump($email);
2577
- DebugDump($mimeDecodedEmail);
2578
 
2579
  $fname = POSTIE_ROOT . DIRECTORY_SEPARATOR . "test_emails" . DIRECTORY_SEPARATOR . SafeFileName($mimeDecodedEmail->headers["message-id"]);
2580
  $file = fopen($fname . ".txt ", "w");
@@ -2598,7 +2631,8 @@ function DebugEmailOutput(&$email, &$mimeDecodedEmail) {
2598
  function SpecialMessageParsing(&$content, &$attachments, $config) {
2599
  extract($config);
2600
  if (preg_match('/You have been sent a message from Vodafone mobile/', $content)) {
2601
- VodafoneHandler($content, $attachments); //Everything for this type of message is handled below
 
2602
  return;
2603
  }
2604
  if ($message_start) {
@@ -2617,9 +2651,15 @@ function SpecialMessageParsing(&$content, &$attachments, $config) {
2617
  ReplaceImagePlaceHolders($content, $attachments["html"], $config);
2618
  } else {
2619
  $customImages = array();
2620
- foreach ($attachments["html"] as $value) {
2621
- preg_match("/src = ['\"]([^'\"]*)['\"]/", $value, $matches);
2622
- array_push($customImages, $matches[1]);
 
 
 
 
 
 
2623
  }
2624
 
2625
  return $customImages;
1
  <?php
2
 
3
  /*
4
+ $Id: postie-functions.php 637396 2012-12-12 00:48:27Z WayneAllen $
5
  */
6
 
7
  /* TODO
73
  }
74
 
75
  function EchoInfo($v) {
76
+ if (headers_sent()) {
77
+ echo("<p>$v</p>\n");
78
+ }
79
  LogInfo($v);
80
  }
81
 
82
  function DebugDump($v) {
83
  if (IsDebugMode()) {
84
  $o = print_r($v, true);
85
+ if (headers_sent()) {
86
+ echo "<pre>\n";
87
+ }
88
+ EchoInfo(htmlspecialchars($o));
89
+ if (headers_sent()) {
90
+ echo "</pre>\n";
91
+ }
92
  }
93
  }
94
 
206
  'email_author' => $postAuthorDetails['email'],
207
  'post_date' => $post_date,
208
  'post_date_gmt' => $post_date_gmt,
209
+ 'post_content' => $content,
210
+ 'post_title' => $subject,
211
  'post_type' => $post_type, /* Added by Raam Dev <raam@raamdev.com> */
212
  'ping_status' => get_option('default_ping_status'),
213
  'post_category' => $post_categories,
258
  $custom_post_type_delim = "//";
259
  if (strpos($subject, $custom_post_type_delim) !== FALSE) {
260
 
261
+ // Captures the custom post type in the subject before $custom_post_type_delim
262
  $separated_subject = explode($custom_post_type_delim, $subject);
263
  $custom_post_type = $separated_subject[0];
264
+ $subject = trim($separated_subject[1]);
265
 
266
  $custom_post_type = trim(strtolower($custom_post_type));
267
 
268
+ // Check if custom post type exists, if not, set default post type of 'post'
269
  $known_post_types = get_post_types();
270
 
271
+ if (in_array($custom_post_type, array_map('strtolower', $known_post_types))) {
272
  $post_type = $custom_post_type;
273
  } else {
274
  $post_type = 'post';
286
 
287
  $text = preg_replace('#(script|about|applet|activex|chrome):#is', "\\1:", $text);
288
 
289
+ // pad it with a space so we can match things at the start of the 1st line.
290
  $ret = ' ' . $text;
291
  if (strpos($ret, 'youtube') !== false) {
292
+ // try to embed youtube videos
293
  $youtube = "#(^|[\n ]|>)[\w]+?://(www\.)?youtube\.com/watch\?v=([_a-zA-Z0-9-]+).*?([ \n]|$|<)#is";
294
+ #$youtube="#(^|[\n ]|<p[^<]*>)[\w]+?://(www\.)?youtube\.com/watch\?v=([_a-zA-Z0-9]+).*?([ \n]|$|</p>)#is";
295
  if ($shortcode) {
296
  $youtube_replace = "\\1[youtube \\3]\\4";
297
  } else {
301
  }
302
 
303
  if (strpos($ret, 'vimeo') !== false) {
304
+ // try to embed vimeo videos
305
+ # : http://vimeo.com/6348141
306
  $vimeo = "#(^|[\n ]|>)[\w]+?://(www\.)?vimeo\.com/([_a-zA-Z0-9-]+).*?([ \n]|$|<)#is";
307
+ #$youtube="#(^|[\n ]|<p[^<]*>)[\w]+?://(www\.)?youtube\.com/watch\?v=([_a-zA-Z0-9]+).*?([ \n]|$|</p>)#is";
308
  if ($shortcode) {
309
  $vimeo_replace = "\\1[vimeo \\3]\\4";
310
  } else {
321
  $ret = preg_replace($vimeo, $vimeo_replace, $ret);
322
  }
323
 
324
+ // matches an "xxxx://yyyy" URL at the start of a line, or after a space.
325
+ // xxxx can only be alpha characters.
326
+ // yyyy is anything up to the first space, newline, comma, double quote or <
327
  $ret = preg_replace("#(^|[\n ])<?([\w]+?://[\w\#$%&~/.\-;:=,?@\[\]+]*)>?#is", "\\1<a href=\"\\2\" >\\2</a>", $ret);
328
 
329
+ // matches a "www|ftp.xxxx.yyyy[/zzzz]" kinda lazy URL thing
330
+ // Must contain at least 2 dots. xxxx contains either alphanum, or "-"
331
+ // zzzz is optional.. will contain everything up to the first space, newline,
332
+ // comma, double quote or <.
333
  $ret = preg_replace("#(^|[\n ])<?((www|ftp)\.[\w\#$%&~/.\-;:=,?@\[\]+]*)>?#is", "\\1<a href=\"http://\\2\" >\\2</a>", $ret);
334
 
335
+ // matches an email@domain type address at the start of a line, or after a space.
336
+ // Note: Only the followed chars are valid; alphanums, "-", "_" and or ".".
337
  $ret = preg_replace(
338
  "#(^|[\n ])([a-z0-9&\-_.]+?)@([\w\-]+\.([\w\-\.]+\.)*[\w]+)#i", "\\1<a href=\"mailto:\\2@\\3\">\\2@\\3</a>", $ret);
339
+ // Remove our padding..
340
  $ret = substr($ret, 1);
341
  return $ret;
342
  }
597
  $post_ID = wp_insert_comment($comment);
598
  }
599
  if ($customImageField) {
600
+ DebugEcho("Saving custom image fields");
601
+ //DebugDump($details['customImages']);
602
+
603
  if (count($details['customImages']) > 1) {
604
  $imageField = 1;
605
  foreach ($details['customImages'] as $image) {
630
  return false;
631
  }
632
 
 
633
  function GetContent($part, &$attachments, $post_id, $poster, $config) {
634
  extract($config);
635
  global $charset, $encoding;
636
 
637
  $meta_return = NULL;
638
+ DebugEcho("primary= " . $part->ctype_primary . ", secondary = " . $part->ctype_secondary);
639
 
640
  DecodeBase64Part($part);
641
 
642
+ //look for banned file names
643
+ if (is_array($part->ctype_parameters) && array_key_exists('name', $part->ctype_parameters))
644
  if (BannedFileName($part->ctype_parameters['name'], $banned_files_list))
645
  return NULL;
646
 
662
  }
663
  }
664
  }
665
+
666
  if ($part->ctype_primary == "multipart" && $part->ctype_secondary == "appledouble") {
667
  $mimeDecodedEmail = DecodeMIMEMail("Content-Type: multipart/mixed; boundary=" . $part->ctype_parameters["boundary"] . "\n" . $part->body);
668
  FilterTextParts($mimeDecodedEmail, $prefer_text_type);
672
  }
673
  } else {
674
  // fix filename (remove non-standard characters)
675
+ DebugEcho("extracting file name for attachement");
676
+ //DebugDump($part);
677
+
678
  $filename = "";
679
  if (is_array($part->ctype_parameters) && array_key_exists('name', $part->ctype_parameters)) {
680
  $filename = preg_replace("/[^\x9\xA\xD\x20-\x7F]/", "", $part->ctype_parameters['name']);
681
+ DebugEcho("Filename: $filename");
682
  }
683
  switch (strtolower($part->ctype_primary)) {
684
  case 'multipart':
687
  $meta_return .= GetContent($section, $attachments, $post_id, $poster, $config);
688
  }
689
  break;
690
+
691
  case 'text':
692
+ if (array_key_exists('charset', $part->ctype_parameters) && !empty($part->ctype_parameters['charset'])) {
693
+ $charset = $part->ctype_parameters['charset'];
694
+ DebugEcho("charset: $charset");
695
+ }
696
+
697
+ if (array_key_exists('content-transfer-encoding', $part->headers) && !empty($part->headers['content-transfer-encoding'])) {
698
+ $encoding = $part->headers['content-transfer-encoding'];
699
+ DebugEcho("encoding: $encoding");
 
700
  }
701
 
702
  if (array_key_exists('content-transfer-encoding', $part->headers)) {
703
+ //DebugDump($part);
704
  $part->body = HandleMessageEncoding($part->headers["content-transfer-encoding"], $part->ctype_parameters["charset"], $part->body, $message_encoding, $message_dequote);
705
+ //DebugDump($part);
706
  }
707
 
708
  //go through each sub-section
730
  if (array_key_exists('content-id', $part->headers)) {
731
  $cid = trim($part->headers["content-id"], "<>");
732
  }
733
+
734
  $the_post = get_post($file_id);
735
+ DebugEcho("Html Attachement: $filename");
736
  $attachments["html"][$filename] = parseTemplate($file_id, $part->ctype_primary, $imagetemplate);
737
  if ($cid) {
738
  $attachments["cids"][$cid] = array($file, count($attachments["html"]) - 1);
739
+ DebugEcho("CID Attachement: $cid");
740
  }
741
  break;
742
+
743
  case 'audio':
744
  $file_id = postie_media_handle_upload($part, $post_id, $poster);
745
  $file = wp_get_attachment_url($file_id);
753
  }
754
  $attachments["html"][$filename] = parseTemplate($file_id, $part->ctype_primary, $audioTemplate);
755
  break;
756
+
757
  case 'video':
758
  $file_id = postie_media_handle_upload($part, $post_id, $poster);
759
  $file = wp_get_attachment_url($file_id);
868
  function HTML2HTML($content) {
869
  $html = str_get_html($content);
870
  if ($html) {
871
+ foreach ($html->find('script, style') as $node) {
872
+ $node->outertext = '';
873
+ }
874
+ $html->load($html->save());
875
+
876
  $b = $html->find('body');
877
  if ($b) {
878
+ $content = $b[0]->innertext;
879
  }
880
  }
881
  return $content;
886
  * @return integer|NULL
887
  */
888
  function ValidatePoster(&$mimeDecodedEmail, $config) {
889
+ $test_email = '';
890
  extract($config);
891
  global $wpdb;
892
  $poster = NULL;
907
  $poster = $user_ID;
908
  EchoInfo("posting as user $poster");
909
  } else {
910
+ $poster = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_login = '$admin_username'");
 
911
  }
912
  } elseif ($turn_authorization_off || CheckEmailAddress($from, $authorized_addresses) || CheckEmailAddress($resentFrom, $authorized_addresses)) {
913
  $poster = $wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_login = '$admin_username'");
914
  }
915
+
916
  $validSMTP = checkSMTP($mimeDecodedEmail, $smtp);
917
  if (!$poster || !$validSMTP) {
918
  EchoInfo('Invalid sender: ' . htmlentities($from) . "! Not adding email!");
924
  EchoInfo("The message was unable to be forwarded to the adminstrator.");
925
  }
926
  }
927
+ return '';
928
  }
929
  return $poster;
930
  }
931
 
932
  function post_as_admin($admin_username) {
933
  EchoInfo("$from is authorized to post as the administrator");
 
 
 
934
  return $poster;
935
  }
936
 
937
  function checkSMTP($mimeDecodedEmail, $smtpservers) {
938
  if (empty($smtpservers))
939
  return true;
940
+
941
  foreach ((array) $mimeDecodedEmail->headers['received'] as $received) {
942
  foreach ($smtpservers as $smtp) {
943
+ if (stristr($received, $smtp) !== false) {
944
+ EchoInfo("Sent from valid SMTP server.");
945
  return true;
946
+ }
947
  }
948
  }
949
+
950
+ EchoInfo("Sent from invalid SMTP server.");
951
  return false;
952
  }
953
 
1039
  ' ',
1040
  ''
1041
  );
1042
+ return preg_replace($search, $replace, $content);
 
 
1043
  }
1044
 
1045
  function ConvertUTF8ToISO_8859_1($contenttransferencoding, $currentcharset, $body) {
1059
  $charset = strtolower($charset);
1060
  $contenttransferencoding = strtolower($contenttransferencoding);
1061
 
1062
+ DebugEcho("before HandleMessageEncoding");
1063
  DebugEcho("charset: $charset");
1064
  DebugEcho("encoding: $contenttransferencoding");
1065
 
1073
  $body = iconv($charset, $blogEncoding, quoted_printable_decode($body));
1074
  }
1075
 
1076
+ DebugEcho("after HandleMessageEncoding");
1077
  return $body;
1078
  }
1079
 
1157
  if (array_key_exists('content-transfer-encoding', $part->headers)) {
1158
  if (strtolower($part->headers['content-transfer-encoding']) == 'base64') {
1159
  DebugEcho("DecodeBase64Part: base64 detected");
1160
+ //DebugDump($part);
1161
+ if (is_array($part->ctype_parameters) && array_key_exists('charset', $part->ctype_parameters)) {
1162
  $part->body = iconv($part->ctype_parameters['charset'], 'UTF-8', base64_decode($part->body));
1163
  } else {
1164
  $part->body = base64_decode($part->body);
1165
  }
1166
+ $part->headers['content-transfer-encoding'] = '';
1167
  }
1168
  }
1169
  }
1271
 
1272
  function postie_media_handle_upload($part, $post_id, $poster, $post_data = array()) {
1273
  $overrides = array('test_form' => false);
 
 
1274
  $tmpFile = tempnam(getenv('TEMP'), 'postie');
1275
  if (!is_writable($tmpFile)) {
1276
  $uploadDir = wp_upload_dir();
1283
  } else {
1284
  EchoInfo("could not write to temp file: '$tmpFile' ");
1285
  }
1286
+
1287
+ $name = 'postie-media.' . $part->ctype_secondary;
1288
+ if (!is_array($part->ctype_parameters) || $part->ctype_parameters['name'] == '') {
1289
  if ($part->d_parameters['filename'] != '') {
1290
  $name = $part->d_parameters['filename'];
 
 
1291
  }
1292
  } else {
1293
  $name = $part->ctype_parameters['name'];
1294
  }
1295
+
1296
  $the_file = array('name' => $name,
1297
  'tmp_name' => $tmpFile,
1298
  'size' => filesize($tmpFile),
1312
  if (substr($post->post_date, 0, 4) > 0)
1313
  $time = $post->post_date;
1314
 
 
1315
  $file = postie_handle_upload($the_file, $overrides, $time);
1316
  //unlink($tmpFile);
1317
 
1495
  }
1496
  if ($found && $newParts) {
1497
  //This is now the filtered list of just the preferred type.
1498
+ DebugEcho(count($newParts) . " parts");
1499
  $mimeDecodedEmail->parts = $newParts;
1500
  }
1501
  }
1531
  $headers .= "Cc: " . $recipient . "\r\n";
1532
  }
1533
  }
1534
+ // Set email subject
1535
  if ($reject) {
1536
  $alert_subject = $blogname . ": Unauthorized Post Attempt from $from";
1537
  if ($mail_content->ctype_parameters['boundary']) {
1539
  } else {
1540
  $boundary = uniqid("B_");
1541
  }
1542
+ // Set sender details
1543
  /*
1544
  if (isset($mail_content->headers["mime-version"])) {
1545
  $headers .= "Mime-Version: ". $mail_content->headers["mime-version"] . "\r\n";
1550
  */
1551
 
1552
  $headers.="Content-Type:multipart/alternative; boundary=\"$boundary\"\r\n";
1553
+ // SDM 20041123
1554
+ // construct mail message
1555
  $message = "An unauthorized message has been sent to $blogname.\n";
1556
  $message .= "Sender: $from\n";
1557
  $message .= "Subject: $subject\n";
1558
  $message .= "\n\nIf you wish to allow posts from this address, please add " . $from . " to the registered users list and manually add the content of the e-mail found below.";
1559
  $message .= "\n\nOtherwise, the e-mail has already been deleted from the server and you can ignore this message.";
1560
+ $message .= "\n\nIf you would like to prevent postie from forwarding mail in the future, please change the FORWARD_REJECTED_MAIL setting in the Postie settings panel";
 
 
1561
  $message .= "\n\nThe original content of the e-mail has been attached.\n\n";
1562
  $mailtext = "--$boundary\r\n";
1563
  $mailtext .= "Content-Type: text/plain;format=flowed;charset=\"iso-8859-1\";reply-type=original\n";
1571
  }
1572
  foreach ($mailparts as $part) {
1573
  $mailtext .= "--$boundary\r\n";
1574
+ if (array_key_exists('content-type', $part->headers))
1575
+ $mailtext .= "Content-Type: " . $part->headers["content-type"] . "\n";
1576
+ if (array_key_exists('content-transfer-encoding', $part->headers))
1577
+ $mailtext .= "Content-Transfer-Encoding: " . $part->headers["content-transfer-encoding"] . "\n";
1578
+ if (array_key_exists('content-disposition', $part->headers)) {
1579
  $mailtext .= "Content-Disposition: " . $part->headers["content-disposition"] . "\n";
1580
  }
1581
  $mailtext .= "\n";
1582
+ if (property_exists($part, 'body'))
1583
+ $mailtext .= $part->body;
1584
  }
1585
  } else {
1586
  $alert_subject = "Successfully posted to $blogname";
1587
+ $mailtext = "Your post '$subject' has been successfully published to $blogname <$blogurl>.\n";
 
1588
  }
1589
 
1590
 
1800
  * @param array - array of HTML for images for post
1801
  */
1802
  function ReplaceImageCIDs(&$content, &$attachments) {
1803
+ DebugEcho("ReplaceImageCIDs");
1804
  $used = array();
1805
  foreach ($attachments["cids"] as $key => $info) {
1806
  $key = str_replace('/', '\/', $key);
1813
  //DebugEcho("# cid attachments: " . count($used));
1814
 
1815
  $html = array();
1816
+ // $att = array_values($attachments["html"]); //make sure there are numeric indexes
1817
+ // DebugEcho('$attachments');
1818
+ // DebugDump($attachments);
1819
+ // DebugEcho('$used');
1820
+ // DebugDump($used);
1821
+
1822
+ // for ($i = 0; $i < count($attachments["html"]); $i++) {
1823
+ // if (!in_array($i, $used)) {
1824
+ // $html[] = $att[$i];
1825
+ // }
1826
+ // }
1827
 
1828
+ foreach ($attachments['html'] as $key => $value) {
1829
+ if (!in_array($value, $used)) {
1830
+ $html[$key] = $value;
1831
  }
1832
  }
1833
+
1834
  $attachments["html"] = $html;
1835
+ //DebugDump($attachments);
1836
  }
1837
 
1838
  /**
1905
  extract($config);
1906
  global $charset;
1907
  //assign the default title/subject
1908
+ if (!array_key_exists('subject', $mimeDecodedEmail->headers) || empty($mimeDecodedEmail->headers['subject'])) {
1909
  DebugEcho("No subject in email");
1910
  if ($allow_subject_in_mail) {
1911
  list($subject, $content) = ParseInMessageSubject($content, $default_title);
1924
  $encoding = '7bit';
1925
  }
1926
  DebugEcho("Subject encoding: $encoding");
1927
+
1928
  if (function_exists('imap_mime_header_decode')) {
1929
  $subject = '';
1930
  $text = $mimeDecodedEmail->headers['subject'];
1931
 
1932
  $elements = imap_mime_header_decode($text);
1933
+ //DebugEcho("MIME Header");
1934
+ //DebugDump($elements);
1935
+
1936
  for ($i = 0; $i < count($elements); $i++) {
1937
  $thischarset = $elements[$i]->charset;
1938
  if ($thischarset == 'default')
1940
 
1941
  $subject.=HandleMessageEncoding($encoding, $thischarset, $elements[$i]->text, $message_encoding, $message_dequote);
1942
  }
 
1943
  }
1944
  if (!$allow_html_in_subject) {
1945
  DebugEcho("subject before htmlentities: $subject");
2048
  function DisplayEmailPost($details) {
2049
  //DebugDump($details);
2050
  // Report
2051
+ EchoInfo('Post Author: ' . $details["post_author"]);
2052
+ EchoInfo('Date: ' . $details["post_date"]);
2053
  foreach ($details["post_category"] as $category) {
2054
+ EchoInfo('Category: ' . $category);
2055
+ }
2056
+ EchoInfo('Ping Status: ' . $details["ping_status"]);
2057
+ EchoInfo('Comment Status: ' . $details["comment_status"]);
2058
+ EchoInfo('Subject: ' . $details["post_title"]);
2059
+ EchoInfo('Postname: ' . $details["post_name"]);
2060
+ EchoInfo('Post Id: ' . $details["ID"]);
2061
+ EchoInfo('Post Type: ' . $details["post_type"]); /* Added by Raam Dev <raam@raamdev.com> */
2062
+ EchoInfo('Posted content:');
2063
  EchoInfo($details["post_content"]);
2064
  }
2065
 
2606
 
2607
  function DebugEmailOutput(&$email, &$mimeDecodedEmail) {
2608
  if (IsDebugMode()) {
2609
+ //DebugDump($email);
2610
+ //DebugDump($mimeDecodedEmail);
2611
 
2612
  $fname = POSTIE_ROOT . DIRECTORY_SEPARATOR . "test_emails" . DIRECTORY_SEPARATOR . SafeFileName($mimeDecodedEmail->headers["message-id"]);
2613
  $file = fopen($fname . ".txt ", "w");
2631
  function SpecialMessageParsing(&$content, &$attachments, $config) {
2632
  extract($config);
2633
  if (preg_match('/You have been sent a message from Vodafone mobile/', $content)) {
2634
+ DebugEcho("Vodafone message");
2635
+ VodafoneHandler($content, $attachments);
2636
  return;
2637
  }
2638
  if ($message_start) {
2651
  ReplaceImagePlaceHolders($content, $attachments["html"], $config);
2652
  } else {
2653
  $customImages = array();
2654
+ DebugEcho("Looking for custom images");
2655
+ //DebugDump($attachments["html"]);
2656
+
2657
+ foreach ($attachments["html"] as $key => $value) {
2658
+ //DebugEcho("checking " . htmlentities($value));
2659
+ if (preg_match("/src\s*=\s*['\"]([^'\"]*)['\"]/i", $value, $matches)) {
2660
+ DebugEcho("found custom image: " . $matches[1]);
2661
+ array_push($customImages, $matches[1]);
2662
+ }
2663
  }
2664
 
2665
  return $customImages;
postie.php CHANGED
@@ -4,7 +4,7 @@
4
  Plugin Name: Postie
5
  Plugin URI: http://PostiePlugin.com/
6
  Description: Signifigantly upgrades the posting by mail features of Word Press (See <a href='options-general.php?page=postie/postie.php'>Settings and options</a>) to configure your e-mail settings. See the <a href='http://wordpress.org/extend/plugins/postie/other_notes'>Readme</a> for usage. Visit the <a href='http://wordpress.org/support/plugin/postie'>postie forum</a> for support.
7
- Version: 1.4.9
8
  Author: Wayne Allen
9
  Author URI: http://allens-home.com/
10
  License: GPL2
@@ -27,7 +27,7 @@
27
  */
28
 
29
  /*
30
- $Id: postie.php 636795 2012-12-10 22:00:12Z WayneAllen $
31
  * -= Requests Pending =-
32
  * German Umlats don't work
33
  * Problems under PHP5
4
  Plugin Name: Postie
5
  Plugin URI: http://PostiePlugin.com/
6
  Description: Signifigantly upgrades the posting by mail features of Word Press (See <a href='options-general.php?page=postie/postie.php'>Settings and options</a>) to configure your e-mail settings. See the <a href='http://wordpress.org/extend/plugins/postie/other_notes'>Readme</a> for usage. Visit the <a href='http://wordpress.org/support/plugin/postie'>postie forum</a> for support.
7
+ Version: 1.4.10
8
  Author: Wayne Allen
9
  Author URI: http://allens-home.com/
10
  License: GPL2
27
  */
28
 
29
  /*
30
+ $Id: postie.php 637396 2012-12-12 00:48:27Z WayneAllen $
31
  * -= Requests Pending =-
32
  * German Umlats don't work
33
  * Problems under PHP5
readme.html CHANGED
@@ -52,7 +52,7 @@ Examples:</p>
52
  <h3>Upgrade Notice</h3>
53
  <dl>
54
  <dt>Attachments are now processed in the order they were attached.
55
- XSS detection only issues a warning now</dt>
56
  <dd></dd>
57
  </dl>
58
 
52
  <h3>Upgrade Notice</h3>
53
  <dl>
54
  <dt>Attachments are now processed in the order they were attached.
55
+ All script, style and body tags are stripped from html emails.</dt>
56
  <dd></dd>
57
  </dl>
58
 
readme.txt CHANGED
@@ -6,7 +6,7 @@ Plugin URI: http://PostiePlugin.com/
6
  Tags: e-mail, email
7
  Requires at least: 3.0
8
  Tested up to: 3.4.2
9
- Stable tag: 1.4.9
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
@@ -355,9 +355,16 @@ It is also possible to turn the WordPress cron off. Please make sure something l
355
  `define('DISABLE_WP_CRON', true);` is not in your wp-config.php file.
356
  == Upgrade Notice ==
357
  * Attachments are now processed in the order they were attached.
358
- * XSS detection only issues a warning now
359
 
360
  == CHANGELOG ==
 
 
 
 
 
 
 
361
 
362
  = 1.4.9 (2012.12.10) =
363
  * Fixed bug where date, author, etc didn't get set.
@@ -367,9 +374,9 @@ It is also possible to turn the WordPress cron off. Please make sure something l
367
  * Fixed bug where base64 strings were being double decoded.
368
 
369
  = 1.4.8 (2012.12.09) =
370
- * fix collisions with simple_html_dom
371
- * fix bug when trying to get file name from MIME part
372
- * fix bug causing Cannot modify header information warning
373
 
374
  = 1.4.7 (2012.12.07) =
375
  * Fixed bug in cron setup that was preventing Weekly, twice an hour and every ten minute schedules from running.
@@ -388,7 +395,7 @@ It is also possible to turn the WordPress cron off. Please make sure something l
388
  * Fixed numerous warning messages
389
  * Added phpUnit tests
390
  * Allow wp-config.php to be in alternate location as described here: http://codex.wordpress.org/Hardening_WordPress#Securing_wp-config.php
391
- * Fix a bug that didn't replace the #img# tags correctly.
392
 
393
  = 1.4.5 (2012.11.14) =
394
  * Fixed bug in XSS attack vulnerability code. Thanks to R Reid http://blog.strictly-software.com/2012/03/fixing-postie-plugin-for-wordpress-to.html
6
  Tags: e-mail, email
7
  Requires at least: 3.0
8
  Tested up to: 3.4.2
9
+ Stable tag: 1.4.10
10
  License: GPLv2 or later
11
  License URI: http://www.gnu.org/licenses/gpl-2.0.html
12
 
355
  `define('DISABLE_WP_CRON', true);` is not in your wp-config.php file.
356
  == Upgrade Notice ==
357
  * Attachments are now processed in the order they were attached.
358
+ * All script, style and body tags are stripped from html emails.
359
 
360
  == CHANGELOG ==
361
+ = 1.4.10 (2012.12.11) =
362
+ * Fixed warning when there is no subject
363
+ * Removed all script and style tags from HTML content in place of XSS warning
364
+ * Removed XSS warning
365
+ * Fixed bug where post type was not being detected if only case is different
366
+ * Fixed bug with custom post type and leading spaces in the subject
367
+ * Fixed bug where custom fields were not being populated for images
368
 
369
  = 1.4.9 (2012.12.10) =
370
  * Fixed bug where date, author, etc didn't get set.
374
  * Fixed bug where base64 strings were being double decoded.
375
 
376
  = 1.4.8 (2012.12.09) =
377
+ * Fixed collisions with simple_html_dom
378
+ * Fixed bug when trying to get file name from MIME part
379
+ * Fixed bug causing Cannot modify header information warning
380
 
381
  = 1.4.7 (2012.12.07) =
382
  * Fixed bug in cron setup that was preventing Weekly, twice an hour and every ten minute schedules from running.
395
  * Fixed numerous warning messages
396
  * Added phpUnit tests
397
  * Allow wp-config.php to be in alternate location as described here: http://codex.wordpress.org/Hardening_WordPress#Securing_wp-config.php
398
+ * Fixed a bug that didn't replace the #img# tags correctly.
399
 
400
  = 1.4.5 (2012.11.14) =
401
  * Fixed bug in XSS attack vulnerability code. Thanks to R Reid http://blog.strictly-software.com/2012/03/fixing-postie-plugin-for-wordpress-to.html
test/postie-functionsTest.php CHANGED
@@ -201,6 +201,18 @@ class postiefunctionsTest extends PHPUnit_Framework_TestCase {
201
  $subject = "//";
202
  $this->assertEquals("post", GetPostType($subject));
203
  $this->assertEquals("", $subject);
 
 
 
 
 
 
 
 
 
 
 
 
204
  }
205
 
206
  public function testGetPostExcerpt() {
@@ -265,9 +277,9 @@ class postiefunctionsTest extends PHPUnit_Framework_TestCase {
265
  public function testHTML2HTML() {
266
  $this->assertEquals("", HTML2HTML(""));
267
  $this->assertEquals("test", HTML2HTML("test"));
268
- $this->assertEquals("<body>test</body>", HTML2HTML("<html lang='en'><body>test</body></html>"));
269
- $this->assertEquals("<body>test</body>", HTML2HTML("<html lang='en'><head><title>title</title></head><body>test</body></html>"));
270
- $this->assertEquals("<body>test</body>", HTML2HTML("<body>test</body>"));
271
  $this->assertEquals("<strong>test</strong>", HTML2HTML("<strong>test</strong>"));
272
  }
273
 
@@ -289,7 +301,7 @@ class postiefunctionsTest extends PHPUnit_Framework_TestCase {
289
 
290
  public function testmore_reccurences() {
291
  $sched = array();
292
- $newsched = more_reccurences($sched);
293
  $this->assertEquals(3, count($newsched));
294
  }
295
 
201
  $subject = "//";
202
  $this->assertEquals("post", GetPostType($subject));
203
  $this->assertEquals("", $subject);
204
+
205
+ $subject = "Image//test";
206
+ $this->assertEquals("image", GetPostType($subject));
207
+ $this->assertEquals("test", $subject);
208
+
209
+ $subject = "Image // test";
210
+ $this->assertEquals("image", GetPostType($subject));
211
+ $this->assertEquals("test", $subject);
212
+
213
+ $subject = "video//test";
214
+ $this->assertEquals("video", GetPostType($subject));
215
+ $this->assertEquals("test", $subject);
216
  }
217
 
218
  public function testGetPostExcerpt() {
277
  public function testHTML2HTML() {
278
  $this->assertEquals("", HTML2HTML(""));
279
  $this->assertEquals("test", HTML2HTML("test"));
280
+ $this->assertEquals("test", HTML2HTML("<html lang='en'><body>test</body></html>"));
281
+ $this->assertEquals("test", HTML2HTML("<html lang='en'><head><title>title</title></head><body>test</body></html>"));
282
+ $this->assertEquals("test", HTML2HTML("<body>test</body>"));
283
  $this->assertEquals("<strong>test</strong>", HTML2HTML("<strong>test</strong>"));
284
  }
285
 
301
 
302
  public function testmore_reccurences() {
303
  $sched = array();
304
+ $newsched = postie_more_reccurences($sched);
305
  $this->assertEquals(3, count($newsched));
306
  }
307
 
test/wpstub.php CHANGED
@@ -1,6 +1,7 @@
1
  <?php
2
 
3
  define('ABSPATH', dirname(__FILE__) . '/');
 
4
 
5
  class wpdb {
6
 
@@ -24,7 +25,7 @@ function get_option($option, $default = false) {
24
  }
25
 
26
  function get_post_types() {
27
- return array("post", "page", "custom");
28
  }
29
 
30
  function current_time() {
1
  <?php
2
 
3
  define('ABSPATH', dirname(__FILE__) . '/');
4
+ define('WP_PLUGIN_URL', 'localhost');
5
 
6
  class wpdb {
7
 
25
  }
26
 
27
  function get_post_types() {
28
+ return array("post", "page", "custom", "image", "Video");
29
  }
30
 
31
  function current_time() {