robin.thoni
/
docker-roundcube-server
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 10 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
2 Branches
Tree: 12b8b02570
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '12b8b02570'
${ noResults }
docker-roundcube-server/roundcube/roundcubemail-1.2.2/program/steps/mail/get.inc

get.inc 21KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538 
  1. <?php

  2. 

  3. /**

  4.  +-----------------------------------------------------------------------+

  5.  | program/steps/mail/get.inc                                            |

  6.  |                                                                       |

  7.  | This file is part of the Roundcube Webmail client                     |

  8.  | Copyright (C) 2005-2013, The Roundcube Dev Team                       |

  9.  |                                                                       |

  10.  | Licensed under the GNU General Public License version 3 or            |

  11.  | any later version with exceptions for skins & plugins.                |

  12.  | See the README file for a full license statement.                     |

  13.  |                                                                       |

  14.  | PURPOSE:                                                              |

  15.  |   Delivering a specific part of a mail message                        |

  16.  |                                                                       |

  17.  +-----------------------------------------------------------------------+

  18.  | Author: Thomas Bruederli <roundcube@gmail.com>                        |

  19.  +-----------------------------------------------------------------------+

  20. */

  21. 

  22. 

  23. // show loading page

  24. if (!empty($_GET['_preload'])) {

  25.     $_get = $_GET + array('_mimewarning' => 1, '_embed' => 1);

  26.     unset($_get['_preload']);

  27.     $url = $RCMAIL->url($_get);

  28.     $message = $RCMAIL->gettext('loadingdata');

  29. 

  30.     header('Content-Type: text/html; charset=' . RCUBE_CHARSET);

  31.     print "<html>\n<head>\n"

  32.         . '<meta http-equiv="refresh" content="0; url='.rcube::Q($url).'">' . "\n"

  33.         . '<meta http-equiv="content-type" content="text/html; charset='.RCUBE_CHARSET.'">' . "\n"

  34.         . "</head>\n<body>\n$message\n</body>\n</html>";

  35.     exit;

  36. }

  37. 

  38. ob_end_clean();

  39. 

  40. // similar code as in program/steps/mail/show.inc

  41. if (!empty($_GET['_uid'])) {

  42.     $uid = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_GET);

  43.     $RCMAIL->config->set('prefer_html', true);

  44.     $MESSAGE = new rcube_message($uid, null, intval($_GET['_safe']));

  45. }

  46. 

  47. // check connection status

  48. check_storage_status();

  49. 

  50. $part_id = rcube_utils::get_input_value('_part', rcube_utils::INPUT_GPC);

  51. 

  52. // show part page

  53. if (!empty($_GET['_frame'])) {

  54.     if ($part_id && ($part = $MESSAGE->mime_parts[$part_id])) {

  55.         $filename = rcmail_attachment_name($part);

  56.         $OUTPUT->set_pagetitle($filename);

  57.     }

  58. 

  59.     // register UI objects

  60.     $OUTPUT->add_handlers(array(

  61.         'messagepartframe'    => 'rcmail_message_part_frame',

  62.         'messagepartcontrols' => 'rcmail_message_part_controls',

  63.     ));

  64. 

  65.     $OUTPUT->set_env('mailbox', $RCMAIL->storage->get_folder());

  66.     $OUTPUT->set_env('uid', $uid);

  67.     $OUTPUT->set_env('part', $part_id);

  68.     $OUTPUT->set_env('filename', $filename);

  69. 

  70.     $OUTPUT->send('messagepart');

  71.     exit;

  72. }

  73. 

  74. // render thumbnail of an image attachment

  75. else if ($_GET['_thumb']) {

  76.     $pid = rcube_utils::get_input_value('_part', rcube_utils::INPUT_GET);

  77.     if ($part = $MESSAGE->mime_parts[$pid]) {

  78.         $thumbnail_size = $RCMAIL->config->get('image_thumbnail_size', 240);

  79.         $temp_dir       = $RCMAIL->config->get('temp_dir');

  80.         $mimetype       = $part->mimetype;

  81.         $file_ident     = $MESSAGE->headers->messageID . ':' . $part->mime_id . ':' . $part->size . ':' . $part->mimetype;

  82.         $cache_basename = $temp_dir . '/' . md5($file_ident . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size);

  83.         $cache_file     = $cache_basename . '.thumb';

  84. 

  85.         // render thumbnail image if not done yet

  86.         if (!is_file($cache_file)) {

  87.             if ($fp = fopen(($orig_name = $cache_basename . '.tmp'), 'w')) {

  88.                 $MESSAGE->get_part_body($part->mime_id, false, 0, $fp);

  89.                 fclose($fp);

  90. 

  91.                 $image = new rcube_image($orig_name);

  92.                 if ($imgtype = $image->resize($thumbnail_size, $cache_file, true)) {

  93.                     $mimetype = 'image/' . $imgtype;

  94.                     unlink($orig_name);

  95.                 }

  96.                 else if (stripos($mimetype, 'image/svg') === 0) {

  97.                     $content = rcmail_svg_filter(file_get_contents($orig_name));

  98.                     file_put_contents($cache_file, $content);

  99.                     unlink($orig_name);

  100.                 }

  101.                 else {

  102.                     rename($orig_name, $cache_file);

  103.                 }

  104.             }

  105.         }

  106. 

  107.         if (is_file($cache_file)) {

  108.             header('Content-Type: ' . $mimetype);

  109.             readfile($cache_file);

  110.         }

  111.     }

  112. 

  113.     exit;

  114. }

  115. else if (strlen($part_id)) {

  116.     if ($part = $MESSAGE->mime_parts[$part_id]) {

  117.         $mimetype = rcmail_fix_mimetype($part->mimetype);

  118. 

  119.         // allow post-processing of the message body

  120.         $plugin = $RCMAIL->plugins->exec_hook('message_part_get', array(

  121.             'uid'      => $MESSAGE->uid,

  122.             'id'       => $part->mime_id,

  123.             'mimetype' => $mimetype,

  124.             'part'     => $part,

  125.             'download' => !empty($_GET['_download'])

  126.         ));

  127. 

  128.         if ($plugin['abort']) {

  129.             exit;

  130.         }

  131. 

  132.         // require CSRF protected url for downloads

  133.         if ($plugin['download'])

  134.             $RCMAIL->request_security_check(rcube_utils::INPUT_GET);

  135. 

  136.         // overwrite modified vars from plugin

  137.         $mimetype   = $plugin['mimetype'];

  138.         $extensions = rcube_mime::get_mime_extensions($mimetype);

  139. 

  140.         if ($plugin['body']) {

  141.             $body = $plugin['body'];

  142.         }

  143. 

  144.         // compare file mimetype with the stated content-type headers and file extension to avoid malicious operations

  145.         if (!empty($_REQUEST['_embed']) && empty($_REQUEST['_nocheck'])) {

  146.             $file_extension = strtolower(pathinfo($part->filename, PATHINFO_EXTENSION));

  147. 

  148.             // 1. compare filename suffix with expected suffix derived from mimetype

  149.             $valid = $file_extension && in_array($file_extension, (array)$extensions) || empty($extensions) || !empty($_REQUEST['_mimeclass']);

  150. 

  151.             // 2. detect the real mimetype of the attachment part and compare it with the stated mimetype and filename extension

  152.             if ($valid || !$file_extension || $mimetype == 'application/octet-stream' || stripos($mimetype, 'text/') === 0) {

  153.                 $tmp_body = $body ?: $MESSAGE->get_part_body($part->mime_id, false, 2048);

  154. 

  155.                 // detect message part mimetype

  156.                 $real_mimetype = rcube_mime::file_content_type($tmp_body, $part->filename, $mimetype, true, true);

  157.                 list($real_ctype_primary, $real_ctype_secondary) = explode('/', $real_mimetype);

  158. 

  159.                 // accept text/plain with any extension

  160.                 if ($real_mimetype == 'text/plain' && $real_mimetype == $mimetype) {

  161.                     $valid_extension = true;

  162.                 }

  163.                 // ignore differences in text/* mimetypes. Filetype detection isn't very reliable here

  164.                 else if ($real_ctype_primary == 'text' && strpos($mimetype, $real_ctype_primary) === 0) {

  165.                     $real_mimetype   = $mimetype;

  166.                     $valid_extension = true;

  167.                 }

  168.                 // ignore filename extension if mimeclass matches (#1489029)

  169.                 else if (!empty($_REQUEST['_mimeclass']) && $real_ctype_primary == $_REQUEST['_mimeclass']) {

  170.                     $valid_extension = true;

  171.                 }

  172.                 else {

  173.                     // get valid file extensions

  174.                     $extensions      = rcube_mime::get_mime_extensions($real_mimetype);

  175.                     $valid_extension = !$file_extension || empty($extensions) || in_array($file_extension, (array)$extensions);

  176.                 }

  177. 

  178.                 // fix mimetype for images wrongly declared as octet-stream

  179.                 if ($mimetype == 'application/octet-stream' && strpos($real_mimetype, 'image/') === 0 && $valid_extension) {

  180.                     $mimetype = $real_mimetype;

  181.                 }

  182. 

  183.                 // "fix" real mimetype the same way the original is before comparison

  184.                 $real_mimetype = rcmail_fix_mimetype($real_mimetype);

  185. 

  186.                 $valid = $real_mimetype == $mimetype && $valid_extension;

  187.             }

  188.             else {

  189.                 $real_mimetype = $mimetype;

  190.             }

  191. 

  192.             // show warning if validity checks failed

  193.             if (!$valid) {

  194.                 // send blocked.gif for expected images

  195.                 if (empty($_REQUEST['_mimewarning']) && strpos($mimetype, 'image/') === 0) {

  196.                     // Do not cache. Failure might be the result of a misconfiguration, thus real content should be returned once fixed. 

  197.                     $content = $RCMAIL->get_resource_content('blocked.gif');

  198.                     $OUTPUT->nocacheing_headers();

  199.                     header("Content-Type: image/gif");

  200.                     header("Content-Transfer-Encoding: binary");

  201.                     header("Content-Length: " . strlen($content));

  202.                     echo $content;

  203.                 }

  204.                 else {  // html warning with a button to load the file anyway

  205.                     $OUTPUT = new rcmail_html_page();

  206.                     $OUTPUT->write(html::tag('html', null, html::tag('body', 'embed',

  207.                         html::div(array('class' => 'rcmail-inline-message rcmail-inline-warning'),

  208.                             $RCMAIL->gettext(array(

  209.                                 'name' => 'attachmentvalidationerror',

  210.                                 'vars' => array(

  211.                                     'expected' => $mimetype . ($file_extension ? " (.$file_extension)" : ''),

  212.                                     'detected' => $real_mimetype . ($extensions[0] ? " (.$extensions[0])" : ''),

  213.                                 )

  214.                             ))

  215.                             . html::p(array('class' => 'rcmail-inline-buttons'),

  216.                                 html::tag('button', array(

  217.                                     'onclick' => "location.href='" . $RCMAIL->url(array_merge($_GET, array('_nocheck' => 1))) . "'"

  218.                                 ),

  219.                                 $RCMAIL->gettext('showanyway'))

  220.                             )

  221.                         ))));

  222.                 }

  223. 

  224.                 exit;

  225.             }

  226.         }

  227. 

  228. 

  229.         // TIFF to JPEG conversion, if needed

  230.         $tiff_support = !empty($_SESSION['browser_caps']) && !empty($_SESSION['browser_caps']['tif']);

  231.         if (!empty($_REQUEST['_embed']) && !$tiff_support

  232.             && rcube_image::is_convertable('image/tiff')

  233.             && rcmail_part_image_type($part) == 'image/tiff'

  234.         ) {

  235.             $tiff2jpeg = true;

  236.             $mimetype  = 'image/jpeg';

  237.         }

  238. 

  239. 

  240.         $browser = $RCMAIL->output->browser;

  241.         list($ctype_primary, $ctype_secondary) = explode('/', $mimetype);

  242. 

  243.         if (!$plugin['download'] && $ctype_primary == 'text') {

  244.             header("Content-Type: text/$ctype_secondary; charset=" . ($part->charset ?: RCUBE_CHARSET));

  245.         }

  246.         else {

  247.             header("Content-Type: $mimetype");

  248.             header("Content-Transfer-Encoding: binary");

  249.         }

  250. 

  251.         // deliver part content

  252.         if ($ctype_primary == 'text' && $ctype_secondary == 'html' && empty($plugin['download'])) {

  253.             // Check if we have enough memory to handle the message in it

  254.             // #1487424: we need up to 10x more memory than the body

  255.             if (!rcube_utils::mem_check($part->size * 10)) {

  256.                 $out = '<body>' . $RCMAIL->gettext('messagetoobig'). ' '

  257.                     . html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part='.$part->mime_id

  258.                         .'&_mbox='. urlencode($MESSAGE->folder), $RCMAIL->gettext('download')) . '</body></html>';

  259.             }

  260.             else {

  261.                 // get part body if not available

  262.                 if (!isset($body)) {

  263.                     $body = $MESSAGE->get_part_body($part->mime_id, true);

  264.                 }

  265. 

  266.                 // show images?

  267.                 rcmail_check_safe($MESSAGE);

  268. 

  269.                 // render HTML body

  270.                 $out = rcmail_print_body($body, $part, array('safe' => $MESSAGE->is_safe, 'inline_html' => false));

  271. 

  272.                 // insert remote objects warning into HTML body

  273.                 if ($REMOTE_OBJECTS) {

  274.                     $body_start = 0;

  275.                     if ($body_pos = strpos($out, '<body')) {

  276.                         $body_start = strpos($out, '>', $body_pos) + 1;

  277.                     }

  278. 

  279.                     $out = substr($out, 0, $body_start)

  280.                         . html::div(array('class' => 'rcmail-inline-message rcmail-inline-warning'),

  281.                             rcube::Q($RCMAIL->gettext('blockedimages')) . '&nbsp;' .

  282.                             html::tag('button',

  283.                                 array('onclick' => "location.href='" . $RCMAIL->url(array_merge($_GET, array('_safe' => 1))) . "'"),

  284.                                 rcube::Q($RCMAIL->gettext('showimages')))

  285.                         )

  286.                         . substr($out, $body_start);

  287.                 }

  288.             }

  289. 

  290.             // check connection status

  291.             if ($part->size && empty($body)) {

  292.                 check_storage_status();

  293.             }

  294. 

  295.             $OUTPUT = new rcmail_html_page();

  296.             $OUTPUT->write($out);

  297.         }

  298.         else {

  299.             // don't kill the connection if download takes more than 30 sec.

  300.             @set_time_limit(0);

  301. 

  302.             $filename = rcmail_attachment_name($part);

  303. 

  304.             if ($browser->ie)

  305.                 $filename = rawurlencode($filename);

  306.             else

  307.                 $filename = addcslashes($filename, '"');

  308. 

  309.             $disposition = !empty($plugin['download']) ? 'attachment' : 'inline';

  310. 

  311.             // Workaround for nasty IE bug (#1488844)

  312.             // If Content-Disposition header contains string "attachment" e.g. in filename

  313.             // IE handles data as attachment not inline

  314.             if ($disposition == 'inline' && $browser->ie && $browser->ver < 9) {

  315.                 $filename = str_ireplace('attachment', 'attach', $filename);

  316.             }

  317. 

  318.             // add filename extension if missing

  319.             if (!pathinfo($filename, PATHINFO_EXTENSION) && ($extensions = rcube_mime::get_mime_extensions($mimetype))) {

  320.                 $filename .= '.' . $extensions[0];

  321.             }

  322. 

  323.             header("Content-Disposition: $disposition; filename=\"$filename\"");

  324. 

  325.             // handle tiff to jpeg conversion

  326.             if (!empty($tiff2jpeg)) {

  327.                 $temp_dir  = unslashify($RCMAIL->config->get('temp_dir'));

  328.                 $file_path = tempnam($temp_dir, 'rcmAttmnt');

  329. 

  330.                 // write content to temp file

  331.                 if ($body) {

  332.                     $saved = file_put_contents($file_path, $body);

  333.                 }

  334.                 else if ($part->size) {

  335.                     $fd    = fopen($file_path, 'w');

  336.                     $saved = $MESSAGE->get_part_body($part->mime_id, false, 0, $fd);

  337.                     fclose($fd);

  338.                 }

  339. 

  340.                 // convert image to jpeg and send it to the browser

  341.                 if ($sent = $saved) {

  342.                     $image = new rcube_image($file_path);

  343.                     if ($image->convert(rcube_image::TYPE_JPG, $file_path)) {

  344.                         header("Content-Length: " . filesize($file_path));

  345.                         readfile($file_path);

  346.                     }

  347.                     unlink($file_path);

  348.                 }

  349.             }

  350.             else {

  351.                 $sent = rcmail_message_part_output($body, $part, $mimetype, $plugin['download']);

  352.             }

  353. 

  354.             // check connection status

  355.             if ($part->size && !$sent) {

  356.                 check_storage_status();

  357.             }

  358.         }

  359. 

  360.         exit;

  361.     }

  362. }

  363. // print message

  364. else {

  365.     // send correct headers for content type

  366.     header("Content-Type: text/html");

  367. 

  368.     $cont = "<html>\n<head><title></title>\n</head>\n<body>";

  369.     $cont .= rcmail_message_body(array());

  370.     $cont .= "\n</body>\n</html>";

  371. 

  372.     $OUTPUT = new rcmail_html_page();

  373.     $OUTPUT->write($cont);

  374. 

  375.     exit;

  376. }

  377. 

  378. 

  379. // if we arrive here, the requested part was not found

  380. header('HTTP/1.1 404 Not Found');

  381. exit;

  382. 

  383. /**

  384.  * Handles nicely storage connection errors

  385.  */

  386. function check_storage_status()

  387. {

  388.     $error = rcmail::get_instance()->storage->get_error_code();

  389. 

  390.     // Check if we have a connection error

  391.     if ($error == rcube_imap_generic::ERROR_BAD) {

  392.         ob_end_clean();

  393. 

  394.         // Get action is often executed simultanously.

  395.         // Some servers have MAXPERIP or other limits.

  396.         // To workaround this we'll wait for some time

  397.         // and try again (once).

  398.         // Note: Random sleep interval is used to minimize concurency

  399.         // in getting message parts

  400. 

  401.         if (!isset($_GET['_redirected'])) {

  402.             usleep(rand(10,30)*100000); // 1-3 sec.

  403.             header('Location: ' . $_SERVER['REQUEST_URI'] . '&_redirected=1');

  404.         }

  405.         else {

  406.             rcube::raise_error(array(

  407.                 'code' => 500, 'type' => 'php',

  408.                 'file' => __FILE__, 'line' => __LINE__,

  409.                 'message' => 'Unable to get/display message part. IMAP connection error'),

  410.                 true, true);

  411.         }

  412. 

  413.         // Don't kill session, just quit (#1486995)

  414.         exit;

  415.     }

  416. }

  417. 

  418. /**

  419.  * Attachment properties table

  420.  */

  421. function rcmail_message_part_controls($attrib)

  422. {

  423.     global $MESSAGE, $RCMAIL;

  424. 

  425.     $part = asciiwords(rcube_utils::get_input_value('_part', rcube_utils::INPUT_GPC));

  426.     if (!is_object($MESSAGE) || !is_array($MESSAGE->parts)

  427.         || !($_GET['_uid'] && $_GET['_part']) || !$MESSAGE->mime_parts[$part]

  428.     ) {

  429.         return '';

  430.     }

  431. 

  432.     $part  = $MESSAGE->mime_parts[$part];

  433.     $table = new html_table(array('cols' => 2));

  434. 

  435.     $table->add('title', rcube::Q($RCMAIL->gettext('namex')).':');

  436.     $table->add('header', rcube::Q(rcmail_attachment_name($part)));

  437. 

  438.     $table->add('title', rcube::Q($RCMAIL->gettext('type')).':');

  439.     $table->add('header', rcube::Q($part->mimetype));

  440. 

  441.     $table->add('title', rcube::Q($RCMAIL->gettext('size')).':');

  442.     $table->add('header', rcube::Q($RCMAIL->message_part_size($part)));

  443. 

  444.     return $table->show($attrib);

  445. }

  446. 

  447. /**

  448.  * Attachment preview frame

  449.  */

  450. function rcmail_message_part_frame($attrib)

  451. {

  452.     global $MESSAGE, $RCMAIL;

  453. 

  454.     $part = $MESSAGE->mime_parts[asciiwords(rcube_utils::get_input_value('_part', rcube_utils::INPUT_GPC))];

  455.     $ctype_primary = strtolower($part->ctype_primary);

  456. 

  457.     $attrib['src'] = './?' . str_replace('_frame=', ($ctype_primary=='text' ? '_embed=' : '_preload='), $_SERVER['QUERY_STRING']);

  458. 

  459.     $RCMAIL->output->add_gui_object('messagepartframe', $attrib['id']);

  460. 

  461.     return html::iframe($attrib);

  462. }

  463. 

  464. /**

  465.  * Output attachment body with content filtering

  466.  */

  467. function rcmail_message_part_output($body, $part, $mimetype, $download)

  468. {

  469.     global $MESSAGE, $RCMAIL;

  470. 

  471.     if (!$part->size && !$body) {

  472.         return false;

  473.     }

  474. 

  475.     $browser = $RCMAIL->output->browser;

  476.     $secure  = stripos($mimetype, 'image/') === false || $download;

  477. 

  478.     // Remove <script> in SVG images

  479.     if (!$secure && stripos($mimetype, 'image/svg') === 0) {

  480.         if (!$body) {

  481.             $body = $MESSAGE->get_part_body($part->mime_id, false);

  482.             if (empty($body)) {

  483.                 return false;

  484.             }

  485.         }

  486. 

  487.         echo rcmail_svg_filter($body);

  488.         return true;

  489.     }

  490. 

  491.     // Remove dangerous content in images for older IE (to be removed)

  492.     if (!$secure && $browser->ie && $browser->ver <= 8) {

  493.         if ($body) {

  494.             echo preg_match('/<(script|iframe|object)/i', $body) ? '' : $body;

  495.             return true;

  496.         }

  497.         else {

  498.             $stdout = fopen('php://output', 'w');

  499.             stream_filter_register('rcube_content', 'rcube_content_filter') or die('Failed to register content filter');

  500.             stream_filter_append($stdout, 'rcube_content');

  501.             return $MESSAGE->get_part_body($part->mime_id, true, 0, $stdout);

  502.         }

  503.     }

  504. 

  505.     if ($body && !$download) {

  506.         header("Content-Length: " . strlen($body));

  507.         echo $body;

  508.         return true;

  509.     }

  510. 

  511.     // Don't be tempted to set Content-Length to $part->d_parameters['size'] (#1490482)

  512.     // RFC2183 says "The size parameter indicates an approximate size"

  513. 

  514.     return $MESSAGE->get_part_body($part->mime_id, false, 0, -1);

  515. }

  516. 

  517. /**

  518.  * Remove <script> in SVG images

  519.  */

  520. function rcmail_svg_filter($body)

  521. {

  522.     // clean SVG with washhtml

  523.     $wash_opts = array(

  524.         'show_washed'   => false,

  525.         'allow_remote'  => false,

  526.         'charset'       => RCUBE_CHARSET,

  527.         'html_elements' => array('title'),

  528. //        'blocked_src'   => 'program/resources/blocked.gif',

  529.     );

  530. 

  531.     // initialize HTML washer

  532.     $washer = new rcube_washtml($wash_opts);

  533. 

  534.     // allow CSS styles, will be sanitized by rcmail_washtml_callback()

  535.     $washer->add_callback('style', 'rcmail_washtml_callback');

  536. 

  537.     return $washer->wash($body);

  538. }