novabbs
/
rocksolid-light
3
0
Fork 1
Code Issues 25 Pull Requests Releases Wiki Activity

Merge branch 'devel'

This commit is contained in:
Retro_Guy 2024-09-20 04:04:54 -07:00
parent 7683d40bd4 8b9f385e72
commit f810eadfb9
8 changed files with 101 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Rocksolid_Light/common/themes/style.css
View File

@ -310,8 +310,8 @@ textarea.postbody {
background-color: var(--color-medium); background-color: var(--color-medium);
border: none; border: none;
color: var(--color-text); color: var(--color-text);
height: calc(1em * 1.5 * 20); height: calc(1em * 40);
width: calc(1em * 1.5 * 40); width: auto;
} }
textarea.configuration { textarea.configuration {

2
Rocksolid_Light/common/version.txt
View File

@ -1 +1 @@
0.9.152 0.9.153

1
Rocksolid_Light/rocksolid/config.inc.php
View File

@ -216,6 +216,7 @@ if (isset($_SERVER["HTTP_HOST"])) {
} }
$post_autoquote = false; $post_autoquote = false;
$post_captcha = false; $post_captcha = false;
$wrap_width = 72;
/* /*
* Attachments * Attachments

127
Rocksolid_Light/rocksolid/lib/message.inc.php
View File

@ -38,7 +38,7 @@ function message_parse($rawmessage)
$i = 0; $i = 0;
while ($rawmessage[$i] != "") { while ($rawmessage[$i] != "") {
$rawheader[] = $rawmessage[$i]; $rawheader[] = $rawmessage[$i];
$i ++; $i++;
} }
// Parse the Header: // Parse the Header:
$message->header = parse_header($rawheader); $message->header = parse_header($rawheader);
@ -50,19 +50,19 @@ function message_parse($rawmessage)
$boundary = "--" . $message->header->content_type_boundary; $boundary = "--" . $message->header->content_type_boundary;
// lets find the first part // lets find the first part
while ($rawmessage[$i] != $boundary) { while ($rawmessage[$i] != $boundary) {
$i ++; $i++;
// Missing boundary line? // Missing boundary line?
if(!$rawmessage[$i]) { if (!$rawmessage[$i]) {
break; break;
} }
} }
$i ++; $i++;
$part = array(); $part = array();
while ($i <= $count_rawmessage) { while ($i <= $count_rawmessage) {
if (($rawmessage[$i] == $boundary) || ($i == $count_rawmessage - 1) || ($rawmessage[$i] == $boundary . '--')) { if (($rawmessage[$i] == $boundary) || ($i == $count_rawmessage - 1) || ($rawmessage[$i] == $boundary . '--')) {
$partmessage = message_parse($part); $partmessage = message_parse($part);
// merge the content-types of the message with those of the part // merge the content-types of the message with those of the part
for ($o = 0; $o < count($partmessage->header->content_type); $o ++) { for ($o = 0; $o < count($partmessage->header->content_type); $o++) {
$message->header->content_type[] = $partmessage->header->content_type[$o]; $message->header->content_type[] = $partmessage->header->content_type[$o];
$message->header->content_type_charset[] = $partmessage->header->content_type_charset[$o]; $message->header->content_type_charset[] = $partmessage->header->content_type_charset[$o];
$message->header->content_type_name[] = $partmessage->header->content_type_name[$o]; $message->header->content_type_name[] = $partmessage->header->content_type_name[$o];
@ -76,18 +76,18 @@ function message_parse($rawmessage)
} }
if ($rawmessage[$i] == $boundary . '--') if ($rawmessage[$i] == $boundary . '--')
break; break;
$i ++; $i++;
} }
// Is this a multipart/alternative multipart-message? Do we have to // Is this a multipart/alternative multipart-message? Do we have to
// delete all non plain/text parts? // delete all non plain/text parts?
if (($attachment_delete_alternative) && ($content_type[1] == "alternative")) { if (($attachment_delete_alternative) && ($content_type[1] == "alternative")) {
$plaintext = false; $plaintext = false;
for ($o = 0; $o < count($message->header->content_type); $o ++) { for ($o = 0; $o < count($message->header->content_type); $o++) {
if ($message->header->content_type[$o] == "text/plain") if ($message->header->content_type[$o] == "text/plain")
$plaintext = true; // we found at least one text/plain $plaintext = true; // we found at least one text/plain
} }
if ($plaintext) { // now we can delete the other parts if ($plaintext) { // now we can delete the other parts
for ($o = 0; $o < count($message->header->content_type); $o ++) { for ($o = 0; $o < count($message->header->content_type); $o++) {
if ($message->header->content_type[$o] != "text/plain") { if ($message->header->content_type[$o] != "text/plain") {
unset($message->header->content_type[$o]); unset($message->header->content_type[$o]);
unset($message->header->content_type_name[$o]); unset($message->header->content_type_name[$o]);
@ -102,8 +102,8 @@ function message_parse($rawmessage)
// No mime-attachments in the message: // No mime-attachments in the message:
$body = ""; $body = "";
$uueatt = 0; // as default we have no uuencoded attachments $uueatt = 0; // as default we have no uuencoded attachments
// Handle inline attachments // Handle inline attachments
for ($i ++; $i < $count_rawmessage; $i ++) { for ($i++; $i < $count_rawmessage; $i++) {
// do we have an inlay uuencoded file? // do we have an inlay uuencoded file?
if ((strtolower(substr($rawmessage[$i], 0, 10)) != "begin 644 ") || ($attachment_uudecode == false)) { if ((strtolower(substr($rawmessage[$i], 0, 10)) != "begin 644 ") || ($attachment_uudecode == false)) {
$body .= $rawmessage[$i] . "\n"; $body .= $rawmessage[$i] . "\n";
@ -115,12 +115,12 @@ function message_parse($rawmessage)
$uue_infoline_raw = $rawmessage[$i]; $uue_infoline_raw = $rawmessage[$i];
$uue_infoline = explode(" ", $uue_infoline_raw); $uue_infoline = explode(" ", $uue_infoline_raw);
$uue_data = ""; $uue_data = "";
$i ++; $i++;
$no_end = 0; $no_end = 0;
while ($rawmessage[$i] != "end") { while ($rawmessage[$i] != "end") {
if (strlen(trim($rawmessage[$i])) > 2) if (strlen(trim($rawmessage[$i])) > 2)
$uue_data .= $rawmessage[$i] . "\n"; $uue_data .= $rawmessage[$i] . "\n";
$i ++; $i++;
if ($i > $count_rawmessage) { if ($i > $count_rawmessage) {
$no_end = 1; $no_end = 1;
break; break;
@ -128,10 +128,10 @@ function message_parse($rawmessage)
} }
// now write the data in an attachment // now write the data in an attachment
if ($no_end != 1) { if ($no_end != 1) {
$uueatt ++; $uueatt++;
$message->body[$uueatt] = uudecode($uue_data); $message->body[$uueatt] = uudecode($uue_data);
$message->header->content_type_name[$uueatt] = ""; $message->header->content_type_name[$uueatt] = "";
for ($o = 2; $o < count($uue_infoline); $o ++) for ($o = 2; $o < count($uue_infoline); $o++)
$message->header->content_type_name[$uueatt] .= $uue_infoline[$o]; $message->header->content_type_name[$uueatt] .= $uue_infoline[$o];
$message->header->content_type[$uueatt] = get_mimetype_by_string($message->body[$uueatt]); $message->header->content_type[$uueatt] = get_mimetype_by_string($message->body[$uueatt]);
} }
@ -164,7 +164,7 @@ function message_parse($rawmessage)
$message->header->content_type_format = array( $message->header->content_type_format = array(
"fixed" "fixed"
); );
for ($o = 0; $o < count($message->body); $o ++) { for ($o = 0; $o < count($message->body); $o++) {
if (! isset($message->header->content_type_charset[$o])) if (! isset($message->header->content_type_charset[$o]))
$message->header->content_type_charset[$o] = $www_charset; $message->header->content_type_charset[$o] = $www_charset;
if (! isset($message->header->content_type_name[$o])) if (! isset($message->header->content_type_name[$o]))
@ -234,15 +234,15 @@ function message_read($id, $bodynum = 0, $group = "")
unset($message->header); unset($message->header);
} }
// Is a non-existing attachment of an article requested? // Is a non-existing attachment of an article requested?
if ((isset($message->header)) && ($bodynum != - 1) && (! isset($message->header->content_type[$bodynum]))) if ((isset($message->header)) && ($bodynum != -1) && (! isset($message->header->content_type[$bodynum])))
return false; return false;
if ((file_exists($cachefilename_body . $bodynum)) && ($bodynum != - 1)) { if ((file_exists($cachefilename_body . $bodynum)) && ($bodynum != -1)) {
$cachefile = fopen($cachefilename_body . $bodynum, "r"); $cachefile = fopen($cachefilename_body . $bodynum, "r");
$message->body[$bodynum] = fread($cachefile, filesize($cachefilename_body . $bodynum)); $message->body[$bodynum] = fread($cachefile, filesize($cachefilename_body . $bodynum));
fclose($cachefile); fclose($cachefile);
} }
} }
if ((! isset($message->header)) || ((! isset($message->body[$bodynum])) && ($bodynum != - 1))) { if ((! isset($message->header)) || ((! isset($message->body[$bodynum])) && ($bodynum != -1))) {
// Pull article from spool if exists, else from server // Pull article from spool if exists, else from server
if (trim($group) == '') { if (trim($group) == '') {
return false; return false;
@ -301,7 +301,7 @@ function message_read($id, $bodynum = 0, $group = "")
fputs($cachefile, serialize($message->header)); fputs($cachefile, serialize($message->header));
} }
fclose($cachefile); fclose($cachefile);
for ($i = 0; $i < count($message->header->content_type); $i ++) { for ($i = 0; $i < count($message->header->content_type); $i++) {
if (isset($message->body[$i])) { if (isset($message->body[$i])) {
$cachefile = fopen($cachefilename_body . $i, "w"); $cachefile = fopen($cachefilename_body . $i, "w");
fwrite($cachefile, $message->body[$i]); fwrite($cachefile, $message->body[$i]);
@ -328,10 +328,10 @@ function textwrap($text, $wrap = 80, $break = "\n", $maxlen = false)
$lastWhite = 0; // position of last whitespace char $lastWhite = 0; // position of last whitespace char
$lastChar = 0; // position of last char $lastChar = 0; // position of last char
$lastBreak = 0; // position of last break $lastBreak = 0; // position of last break
// while there is text to process // while there is text to process
while ($lastChar < $len && (($maxlen == false) || (strlen($h) < $maxlen))) { while ($lastChar < $len && (($maxlen == false) || (strlen($h) < $maxlen))) {
$char = substr($text, $lastChar, 1); // get the next character $char = substr($text, $lastChar, 1); // get the next character
// if we are beyond the wrap boundry and there is a place to break // if we are beyond the wrap boundry and there is a place to break
if (($lastChar - $lastBreak > $wrap) && ($lastWhite > $lastBreak)) { if (($lastChar - $lastBreak > $wrap) && ($lastWhite > $lastBreak)) {
$h .= substr($text, $lastBreak, ($lastWhite - $lastBreak)) . $break; $h .= substr($text, $lastBreak, ($lastWhite - $lastBreak)) . $break;
$lastChar = $lastWhite + 1; $lastChar = $lastWhite + 1;
@ -425,9 +425,9 @@ function show_header($head, $group, $local_poster = false)
if ($endname > 8) if ($endname > 8)
$endname = 8; $endname = 8;
if ($endname < 3) if ($endname < 3)
$endname ++; $endname++;
if ($endname < 3) if ($endname < 3)
$endname ++; $endname++;
} else { } else {
$endname = $namelen; $endname = $namelen;
} }
@ -476,7 +476,7 @@ function show_header($head, $group, $local_poster = false)
} }
if (($article_show["References"]) && (isset($head->references[0]))) { if (($article_show["References"]) && (isset($head->references[0]))) {
echo $text_header["references"]; echo $text_header["references"];
for ($i = 0; $i <= count($head->references) - 1; $i ++) { for ($i = 0; $i <= count($head->references) - 1; $i++) {
$ref = $head->references[$i]; $ref = $head->references[$i];
echo ' ' . '<a href="' . $file_article . '?group=' . urlencode($group) . '&id=' . urlencode($ref) . '">' . ($i + 1) . '</a>'; echo ' ' . '<a href="' . $file_article . '?group=' . urlencode($group) . '&id=' . urlencode($ref) . '">' . ($i + 1) . '</a>';
} }
@ -491,7 +491,7 @@ function show_header($head, $group, $local_poster = false)
} }
if ((isset($attachment_show)) && ($attachment_show == true) && (isset($head->content_type[1]))) { if ((isset($attachment_show)) && ($attachment_show == true) && (isset($head->content_type[1]))) {
echo $text_header["attachments"]; echo $text_header["attachments"];
for ($i = 1; $i < count($head->content_type); $i ++) { for ($i = 1; $i < count($head->content_type); $i++) {
if (! strcmp($head->content_type[$i], "text/html")) { if (! strcmp($head->content_type[$i], "text/html")) {
$contype = "HTML Version"; $contype = "HTML Version";
} else { } else {
@ -559,22 +559,22 @@ function show_header_short($head, $group, $local_poster = false)
echo 'window.getSelection().removeAllRanges();'; echo 'window.getSelection().removeAllRanges();';
echo '}'; echo '}';
echo '</script> '; echo '</script> ';
?> ?>
<p id="<?php echo $head->id; ?>" <p id="<?php echo $head->id; ?>"
style="position: absolute; z-index: -9999;"><?php echo htmlspecialchars($head->id); ?></p> style="position: absolute; z-index: -9999;"><?php echo htmlspecialchars($head->id); ?></p>
&nbsp; &nbsp;
<a href="<?php echo $sitelink . '/' . $config_name . '/article-flat.php?id=' . $head->number . '&group=' . urlencode($group) . '#' . $head->number; ?>" <a href="<?php echo $sitelink . '/' . $config_name . '/article-flat.php?id=' . $head->number . '&group=' . urlencode($group) . '#' . $head->number; ?>"
onclick="CopyToClipboard('<?php echo $head->id; ?>');return false;" onclick="CopyToClipboard('<?php echo $head->id; ?>');return false;"
style="text-decoration: none" title="Copy message-id to clipboard"><i>copy style="text-decoration: none" title="Copy message-id to clipboard"><i>copy
mid</i></a> mid</i></a>
<p id="<?php echo $head->number . 'copy'; ?>" <p id="<?php echo $head->number . 'copy'; ?>"
style="position: absolute; z-index: -9999;"><?php echo $sitelink . '/' . $config_name . '/article-flat.php?id=' . $head->number . '&group=' . urlencode($group) . '#' . $head->number; ?></p> style="position: absolute; z-index: -9999;"><?php echo $sitelink . '/' . $config_name . '/article-flat.php?id=' . $head->number . '&group=' . urlencode($group) . '#' . $head->number; ?></p>
&nbsp; &nbsp;
<a href="<?php echo $sitelink . '/' . $config_name . '/article-flat.php?id=' . $head->number . '&group=' . urlencode($group) . '#' . $head->number; ?>" <a href="<?php echo $sitelink . '/' . $config_name . '/article-flat.php?id=' . $head->number . '&group=' . urlencode($group) . '#' . $head->number; ?>"
onclick="CopyToClipboard('<?php echo $head->number . 'copy'; ?>');return false;" onclick="CopyToClipboard('<?php echo $head->number . 'copy'; ?>');return false;"
style="text-decoration: none" title="Copy article link to clipboard"><i>copy style="text-decoration: none" title="Copy article link to clipboard"><i>copy
link</i></a> link</i></a>
<?php <?php
echo '&nbsp;&nbsp;Newsgroups: '; echo '&nbsp;&nbsp;Newsgroups: ';
$ngroups = preg_replace("/\,|\ /", "\t", $head->newsgroups); $ngroups = preg_replace("/\,|\ /", "\t", $head->newsgroups);
@ -607,7 +607,7 @@ function show_header_short($head, $group, $local_poster = false)
if ((isset($attachment_show)) && ($attachment_show == true) && (isset($head->content_type[1]))) { if ((isset($attachment_show)) && ($attachment_show == true) && (isset($head->content_type[1]))) {
echo '<div class=np_ob_posted_date>'; echo '<div class=np_ob_posted_date>';
echo $text_header["attachments"]; echo $text_header["attachments"];
for ($i = 1; $i < count($head->content_type); $i ++) { for ($i = 1; $i < count($head->content_type); $i++) {
if (! strcmp($head->content_type[$i], "text/html")) { if (! strcmp($head->content_type[$i], "text/html")) {
$contype = "HTML Version"; $contype = "HTML Version";
} else { } else {
@ -708,14 +708,14 @@ function decode_textbody($body, $format = "fixed")
$depth = 0; $depth = 0;
$paragraph = ""; // empty paragraph $paragraph = ""; // empty paragraph
$lastline = ""; $lastline = "";
for ($i = 0; $i < count($body) + 1; $i ++) { for ($i = 0; $i < count($body) + 1; $i++) {
// calculate the quote depth of the actual line // calculate the quote depth of the actual line
$ndepth = 0; $ndepth = 0;
$tdepth = 0; $tdepth = 0;
for ($j = 0; $j <= strlen(@$body[$i]); $j ++) { for ($j = 0; $j <= strlen(@$body[$i]); $j++) {
$tdepth = $j; $tdepth = $j;
if (@$body[$i][$j] == '>') { if (@$body[$i][$j] == '>') {
$ndepth ++; $ndepth++;
} else { } else {
if ((@$body[$i][$j] != ' ') || (@$body[$i][$j - 1] == ' ') || ($j == 0)) { if ((@$body[$i][$j] != ' ') || (@$body[$i][$j - 1] == ' ') || ($j == 0)) {
break; break;
@ -839,16 +839,24 @@ function message_show($group, $id, $attachment = 0, $article_data = false, $maxl
// Any header checks to display notice in article display // Any header checks to display notice in article display
$notice = display_header_notice($head); $notice = display_header_notice($head);
if (isset($head->content_type[0])) {
if(isset($head->content_type[0])) { if (!strpos($head->content_type[0], "/")) {
if(!strpos($head->content_type[0], "/")) {
echo '<hr><p class=np_ob_posted_date>(message #' . $head->number . ' not displayed - malformed header)</p><hr>'; echo '<hr><p class=np_ob_posted_date>(message #' . $head->number . ' not displayed - malformed header)</p><hr>';
return "blocked"; return "blocked";
} }
} }
if (($head->content_type[$attachment] == "text/plain") && ($attachment == 0)) { if (($head->content_type[$attachment] == "text/plain") && ($attachment == 0)) {
// If we can't find the actual text in 'zero', check 'one' just in case
if (trim($body) == '') { // There is no text in the text/plain body, it seems
if ($head->content_type[$attachment + 1] == "text/plain") { // There's another text/plain body. Lucky us!
$body = $article_data->body[$attachment + 1];
}
}
show_header($head, $group, $local_poster); show_header($head, $group, $local_poster);
echo $notice; echo $notice;
// X-Face // X-Face
if (($face = display_full_headers($head->number, $group, $head->name, $head->from, true)) && ($OVERRIDES['disable_xface'] != true)) { if (($face = display_full_headers($head->number, $group, $head->name, $head->from, true)) && ($OVERRIDES['disable_xface'] != true)) {
$pngfile = '../tmp/face-' . hash('ripemd160', $face); $pngfile = '../tmp/face-' . hash('ripemd160', $face);
@ -901,13 +909,13 @@ function message_show($group, $id, $attachment = 0, $article_data = false, $maxl
echo '<div class="np_article_body">'; echo '<div class="np_article_body">';
} }
$currentlen = 0; // needed if $maxlen is set $currentlen = 0; // needed if $maxlen is set
for ($i = 0; $i <= count($body) && (($currentlen < $maxlen) || ($maxlen == false)); $i ++) { for ($i = 0; $i <= count($body) && (($currentlen < $maxlen) || ($maxlen == false)); $i++) {
// HTMLized Quotings instead of boring > ? // HTMLized Quotings instead of boring > ?
if ($article_graphicquotes) { if ($article_graphicquotes) {
// HTMLized Quotings // HTMLized Quotings
for ($j = $depth; $j < @$body[$i]->depth; $j ++) for ($j = $depth; $j < @$body[$i]->depth; $j++)
echo '<blockquote class="np_article_quote">'; echo '<blockquote class="np_article_quote">';
for ($j = @$body[$i]->depth; $j < $depth; $j ++) for ($j = @$body[$i]->depth; $j < $depth; $j++)
echo '</blockquote>'; echo '</blockquote>';
$t = @$body[$i]->text; $t = @$body[$i]->text;
echo display_links_in_body($t); echo display_links_in_body($t);
@ -934,7 +942,7 @@ function message_show($group, $id, $attachment = 0, $article_data = false, $maxl
// If attachment is image embed into article // If attachment is image embed into article
if ((isset($attachment_show)) && ($attachment_show == true) && (isset($head->content_type[1]))) { if ((isset($attachment_show)) && ($attachment_show == true) && (isset($head->content_type[1]))) {
echo $text_header["attachments"]; echo $text_header["attachments"];
for ($i = 1; $i < count($head->content_type); $i ++) { for ($i = 1; $i < count($head->content_type); $i++) {
if (! strcmp($head->content_type[$i], "text/html")) { if (! strcmp($head->content_type[$i], "text/html")) {
$contype = "HTML Version"; $contype = "HTML Version";
} else { } else {
@ -981,13 +989,13 @@ function message_decrypt($key, $group, $id, $attachment = 0, $article_data = fal
echo '<div class="np_article_body">'; echo '<div class="np_article_body">';
echo "(Copy text below to quote in reply)<br /><br />"; echo "(Copy text below to quote in reply)<br /><br />";
$currentlen = 0; // needed if $maxlen is set $currentlen = 0; // needed if $maxlen is set
for ($i = 0; $i <= count($body) && (($currentlen < $maxlen) || ($maxlen == false)); $i ++) { for ($i = 0; $i <= count($body) && (($currentlen < $maxlen) || ($maxlen == false)); $i++) {
// HTMLized Quotings instead of boring > ? // HTMLized Quotings instead of boring > ?
if ($article_graphicquotes) { if ($article_graphicquotes) {
// HTMLized Quotings // HTMLized Quotings
for ($j = $depth; $j < $body[$i]->depth; $j ++) for ($j = $depth; $j < $body[$i]->depth; $j++)
echo '<blockquote class="np_article_quote">'; echo '<blockquote class="np_article_quote">';
for ($j = $body[$i]->depth; $j < $depth; $j ++) for ($j = $body[$i]->depth; $j < $depth; $j++)
echo '</blockquote>'; echo '</blockquote>';
$t = html_parse(text2html($body[$i]->text)) . '<br>'; $t = html_parse(text2html($body[$i]->text)) . '<br>';
echo $t; echo $t;
@ -1030,7 +1038,7 @@ function articleflat_pageselect($group, $id, $article_count, $first)
$return = ""; $return = "";
if ($article_count > $articleflat_articles_per_page) if ($article_count > $articleflat_articles_per_page)
$return .= $text_thread["pages"]; $return .= $text_thread["pages"];
for ($i = 0; $i < $pages; $i ++) { for ($i = 0; $i < $pages; $i++) {
if ($first != $i * $articleflat_articles_per_page + 1) if ($first != $i * $articleflat_articles_per_page + 1)
$return .= '<a class="np_pages_unselected" href="' . $file_article . '?group=' . urlencode($group) . '&amp;id=' . urlencode($id) . '&amp;first=' . ($i * $articleflat_articles_per_page + 1) . '&amp;last=' . ($i + 1) * $articleflat_articles_per_page . '#start">'; $return .= '<a class="np_pages_unselected" href="' . $file_article . '?group=' . urlencode($group) . '&amp;id=' . urlencode($id) . '&amp;first=' . ($i * $articleflat_articles_per_page + 1) . '&amp;last=' . ($i + 1) * $articleflat_articles_per_page . '#start">';
else else
@ -1047,12 +1055,13 @@ function articleflat_pageselect($group, $id, $article_count, $first)
return $return; return $return;
} }
function display_header_notice($head) { function display_header_notice($head)
{
$notice = false; $notice = false;
if(stripos($head->subject, "Re: ") === 0) { if (stripos($head->subject, "Re: ") === 0) {
if(!isset($head->references)) { if (!isset($head->references)) {
$notice = '<hr><p class=np_ob_posted_date>(article missing references header)</p><hr>'; $notice = '<hr><p class=np_ob_posted_date>(article missing references header)</p><hr>';
} }
} }
return $notice; return $notice;
} }

23
Rocksolid_Light/rocksolid/newsportal.php
View File

@ -1302,9 +1302,11 @@ function verify_logged_in($name) {
$logged_in = false; $logged_in = false;
$ip_pass = false; $ip_pass = false;
if(!isset($_COOKIE['mail_name']) || trim($_COOKIE['mail_name'] == '')) { // /* This may cause issues if cookies or javascript disabled
return false; // if(!isset($_COOKIE['mail_name']) || trim($_COOKIE['mail_name'] == '')) {
} // return false;
// }
// For checking session expire stuff // For checking session expire stuff
if(!isset($_SESSION['start_stamp'])) { if(!isset($_SESSION['start_stamp'])) {
@ -3005,9 +3007,14 @@ function check_article_integrity($rawmessage)
return $returnval; return $returnval;
} }
/* Remove or replace characters in a string */
function sanitize_header($text) {
return preg_replace("/\`/", "'", $text);
}
function wrap_post($body) function wrap_post($body)
{ {
$line_length = 72; global $wrap_width;
$lines = preg_split("/\n/", $body); $lines = preg_split("/\n/", $body);
$wrapped = ''; $wrapped = '';
foreach ($lines as $line) { foreach ($lines as $line) {
@ -3024,11 +3031,11 @@ function wrap_post($body)
break; break;
} }
} }
if (strlen($line) > $line_length) { if (strlen($line) > $wrap_width) {
// HERE is where we wrap quoted lines (not so easy) // HERE is where we wrap quoted lines (not so easy)
$start = substr($line, 0, $depth + 1); $start = substr($line, 0, $depth + 1);
$end = substr($line, $depth + 1); $end = substr($line, $depth + 1);
$line_wrapped = $start . mb_wordwrap($end, $line_length); $line_wrapped = $start . mb_wordwrap($end, $wrap_width);
$line_wrapped = preg_split("/\n/", $line_wrapped); $line_wrapped = preg_split("/\n/", $line_wrapped);
foreach ($line_wrapped as $lw) { foreach ($line_wrapped as $lw) {
if ($lw[0] != '>') { if ($lw[0] != '>') {
@ -3045,9 +3052,9 @@ function wrap_post($body)
$wrapped .= $line . "\n"; $wrapped .= $line . "\n";
} }
} else { } else {
if (strlen($line) > $line_length) { if (strlen($line) > $wrap_width) {
// HERE is where we wrap NON quoted lines (easy) // HERE is where we wrap NON quoted lines (easy)
$wrapped .= mb_wordwrap($line, $line_length) . "\n"; $wrapped .= mb_wordwrap($line, $wrap_width) . "\n";
} else { } else {
$wrapped .= $line . "\n"; $wrapped .= $line . "\n";
} }

14
Rocksolid_Light/rocksolid/post.php
View File

@ -54,9 +54,16 @@ $logfile = $logdir . '/post.log';
if (isset($_REQUEST['followupto']) && trim($_REQUEST['followupto']) != '') { if (isset($_REQUEST['followupto']) && trim($_REQUEST['followupto']) != '') {
$followupto = trim($_REQUEST['followupto']); $followupto = trim($_REQUEST['followupto']);
$followupto = sanitize_header($followupto);
} else { } else {
$followupto = null; $followupto = null;
} }
// Check some header strings for bad characters
$newsgroups = sanitize_header($newsgroups);
$subject = sanitize_header($subject);
$email = sanitize_header($email);
// Load name from cookies // Load name from cookies
if ($setcookies) { if ($setcookies) {
if ((isset($_COOKIE["mail_name"])) && (! isset($name))) if ((isset($_COOKIE["mail_name"])) && (! isset($name)))
@ -65,6 +72,7 @@ if ($setcookies) {
// Truncate username at 30 characters to avoid abuse // Truncate username at 30 characters to avoid abuse
$name = substr($name, 0, 30); $name = substr($name, 0, 30);
$name = sanitize_header($name);
$logged_in = false; $logged_in = false;
if (trim($name) != '') { if (trim($name) != '') {
@ -590,8 +598,10 @@ if ($show == 1) {
echo '<div class="np_post_body">'; echo '<div class="np_post_body">';
echo '<table><tr>'; echo '<table><tr>';
echo '<td><b>' . $text_post["message"] . '</b><br> <textarea '; echo '<td><b>' . $text_post["message"] . '</b>';
echo 'class="postbody" id="postbody" '; echo '&nbsp;&nbsp;<font size="2em">(Lines will wrap at ' . $wrap_width . ' characters after posting)</font>';
echo '<br> <textarea cols="' . $wrap_width . '"';
echo 'class="postbody" id="postbody" cols="72"';
echo 'name="' . md5($fieldencrypt . "body") . '" wrap="soft">'; echo 'name="' . md5($fieldencrypt . "body") . '" wrap="soft">';
$bodyzeile = wrap_post($bodyzeile); $bodyzeile = wrap_post($bodyzeile);

2
Rocksolid_Light/rslight/scripts/rslight-lib.php
View File

@ -93,7 +93,7 @@ function interact($msgsock, $use_crypto = false)
$tempfilehandle = fopen($tempfilename, 'wb'); $tempfilehandle = fopen($tempfilename, 'wb');
fwrite($msgsock, $msg, strlen($msg)); fwrite($msgsock, $msg, strlen($msg));
$buf = fgets($msgsock, 2048); $buf = fgets($msgsock, 2048);
while (trim($buf) !== '.') { while (rtrim($buf) !== '.') {
fwrite($tempfilehandle, $buf); fwrite($tempfilehandle, $buf);
$buf = fgets($msgsock, 2048); $buf = fgets($msgsock, 2048);
} }

2
Rocksolid_Light/rslight/scripts/spoolnews.php
View File

@ -252,7 +252,7 @@ function get_articles($ns, $group)
file_put_contents($logfile, "\n" . format_log_date() . " " . $config_name . " Cannot get overview from " . $CONFIG['remote_server'] . " for " . $group . " (requested: xover " . $article . "-" . $getlast . " received " . $response . ")", FILE_APPEND); file_put_contents($logfile, "\n" . format_log_date() . " " . $config_name . " Cannot get overview from " . $CONFIG['remote_server'] . " for " . $group . " (requested: xover " . $article . "-" . $getlast . " received " . $response . ")", FILE_APPEND);
return false; return false;
} }
while (trim($response = line_read($ns)) !== '.') { while (rtrim($response = line_read($ns)) !== '.') {
$ov = preg_split("/\t/", $response); $ov = preg_split("/\t/", $response);
$overview_msgid[$ov[0]] = $ov[4]; $overview_msgid[$ov[0]] = $ov[4];
} }