robin.thoni
/
docker-roundcube-server
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 10 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23 Commits
2 Branches
Tree: 6486178dfa
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '6486178dfa'
${ noResults }
docker-roundcube-server/roundcube/roundcubemail-1.3.6/plugins/authres_status/authres_status.php

authres_status.php 21KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492 
  1. <?php

  2. 

  3. /**

  4.  * This plugin displays an icon showing the status

  5.  * of an authentication results header of the message

  6.  *

  7.  * @version 0.4.0

  8.  * @author pimlie

  9.  * @mail pimlie@hotmail.com

  10.  *

  11.  * based on dkimstatus plugin by Julien vehent - julien@linuxwall.info

  12.  * original plugin from Vladimir Mach - wladik@gmail.com

  13.  *

  14.  * icons by brankic1970: http://brankic1979.com/icons/

  15.  *

  16.  */

  17. 

  18. class authres_status extends rcube_plugin

  19. {

  20.     public $task = 'mail|settings';

  21. 

  22.     const STATUS_NOSIG = 1;

  23.     const STATUS_NORES = 2;

  24.     const STATUS_PASS  = 4;

  25.     const STATUS_PARS  = 8;

  26.     const STATUS_THIRD = 16;

  27.     const STATUS_WARN  = 32;

  28.     const STATUS_FAIL  = 64;

  29.     const STATUS_ALL   = 127;

  30. 

  31.     private static $RFC5451_authentication_methods = array(

  32.         "auth",

  33.         "dkim",

  34.         "domainkeys",

  35.         "sender-id",

  36.         "spf",

  37.         "arc",

  38.     );

  39. 

  40.     private static $RFC5451_authentication_results = array(

  41.         "none"      => self::STATUS_NOSIG,

  42.         "pass"      => self::STATUS_PASS,

  43.         "fail"      => self::STATUS_FAIL,

  44.         "policy"    => self::STATUS_FAIL,

  45.         "neutral"   => self::STATUS_WARN,

  46.         "temperror" => self::STATUS_WARN,

  47.         "permerror" => self::STATUS_FAIL,

  48.         "hardfail"  => self::STATUS_FAIL,

  49.         "softfail"  => self::STATUS_WARN

  50.     );

  51. 

  52.     private static $RFC5451_ptypes = array("smtp", "header", "body", "policy");

  53.     private static $RFC5451_properties = array("auth", "d", "i", "from", "sender", "iprev", "mailfrom", "helo");

  54. 

  55.     private $override;

  56.     private $img_status;

  57.     private $message_headers_done = false;

  58.     private $trusted_mtas = [];

  59. 

  60.     public function init()

  61.     {

  62.         $this->add_texts('localization', true);

  63. 

  64.         $rcmail = rcmail::get_instance();

  65.         $this->load_config();

  66. 

  67.         $this->add_hook('storage_init', array($this, 'storage_init'));

  68.         $this->add_hook('messages_list', array($this, 'messages_list'));

  69.         $this->add_hook('message_headers_output', array($this, 'message_headers'));

  70. 

  71.         $dont_override = $rcmail->config->get('dont_override', array());

  72. 

  73.         $this->override = array(

  74.             'list_cols'     => !in_array('list_cols', $dont_override),

  75.             'column'        => !in_array('enable_authres_status_column', $dont_override),

  76.             'fallback'      => !in_array('use_fallback_verifier', $dont_override),

  77.             'statuses'      => !in_array('show_statuses', $dont_override),

  78.             'trusted_mtas'    => !in_array('trusted_mtas', $dont_override),

  79.         );

  80. 

  81.         if ($this->override['list_cols']) {

  82.             $this->include_stylesheet($this->local_skin_path() . '/authres_status.css');

  83.             if ($rcmail->config->get('enable_authres_status_column')) {

  84.                 $this->include_script('authres_status.js');

  85.             }

  86. 

  87.             if ($this->override['column'] || $this->override['fallback'] || $this->override['statuses']) {

  88.                 $this->add_hook('preferences_list', array($this, 'preferences_list'));

  89.                 $this->add_hook('preferences_sections_list', array($this, 'preferences_section'));

  90.                 $this->add_hook('preferences_save', array($this, 'preferences_save'));

  91.             }

  92.         }

  93. 

  94.         $this->trusted_mtas = $rcmail->config->get('trusted_mtas', array());

  95.     }

  96. 

  97.     public function storage_init($p)

  98.     {

  99.         $p['fetch_headers'] = trim($p['fetch_headers'] . ' ' . strtoupper('Authentication-Results') . ' ' . strtoupper('X-DKIM-Authentication-Results') . ' ' . strtoupper('X-Spam-Status') . ' ' . strtoupper('DKIM-Signature') . ' ' . strtoupper('DomainKey-Signature'));

  100.         return $p;

  101.     }

  102. 

  103.     public function preferences_list($args)

  104.     {

  105.         if ($args['section'] == 'authres_status') {

  106.             $rcmail = rcmail::get_instance();

  107. 

  108.             if ($this->override['column'] || $this->override['fallback']) {

  109.                 $args['blocks']['authrescolumn']['name'] = $this->gettext('title_enable_column');

  110. 

  111.                 if ($this->override['column']) {

  112.                     $args['blocks']['authrescolumn']['options']['enable']['title'] = $this->gettext('label_enable_column');

  113.                     $input = new html_checkbox(array('name' => '_enable_authres_status_column', 'id' => 'enable_authres_status_column', 'value' => 1));

  114.                     $args['blocks']['authrescolumn']['options']['enable']['content'] = $input->show($rcmail->config->get('enable_authres_status_column'));

  115.                 }

  116. 

  117.                 if ($this->override['fallback']) {

  118.                     $args['blocks']['authrescolumn']['options']['fallback']['title'] = $this->gettext('label_fallback_verifier');

  119.                     $input = new html_checkbox(array('name' => '_use_fallback_verifier', 'id' => 'use_fallback_verifier', 'value' => 1));

  120.                     $args['blocks']['authrescolumn']['options']['fallback']['content'] = $input->show($rcmail->config->get('use_fallback_verifier'));

  121.                 }

  122.             }

  123. 

  124.             if ($this->override['trusted_mtas']) {

  125.                 $args['blocks']['authrestrusted']['name'] = $this->gettext('title_trusted_mtas');

  126.                 

  127.                 $args['blocks']['authrestrusted']['options']['trusted_mtas']['title'] = $this->gettext('label_trusted_mtas');

  128.                 $input = new html_inputfield(array('name' => '_trusted_mtas', 'id' => 'trusted_mtas'));

  129.                 $args['blocks']['authrestrusted']['options']['trusted_mtas']['content'] = $input->show(implode(",", (array)$rcmail->config->get('trusted_mtas')));

  130.             }

  131. 

  132.             if ($this->override['statuses']) {

  133.                 $statuses = array(1, 2, 4, 8, 16, 32, 64);

  134.                 $show_statuses = $rcmail->config->get('show_statuses');

  135.                 if ($show_statuses === null) {

  136.                     $show_statuses = array_sum($statuses) - self::STATUS_NOSIG;

  137.                 }

  138. 

  139.                 foreach ($statuses as $status) {

  140.                     $args['blocks']['authresstatus']['name'] = $this->gettext('title_include_status');

  141. 

  142.                     $args['blocks']['authresstatus']['options']['enable' . $status]['title'] = $this->gettext('label_include_status' . $status);

  143.                     $input = new html_checkbox(array('name' => '_show_statuses[]', 'id' => 'enable_authres_status_column', 'value' => $status));

  144.                     $args['blocks']['authresstatus']['options']['enable' . $status]['content'] = $input->show(($show_statuses & $status));

  145.                 }

  146.             }

  147.         }

  148. 

  149.         return $args;

  150.     }

  151. 

  152.     public function preferences_section($args)

  153.     {

  154.         $args['list']['authres_status'] = array(

  155.             'id' => 'authres_status',

  156.             'section' => rcube::Q($this->gettext('section_title'))

  157.         );

  158. 

  159.         return $args;

  160.     }

  161. 

  162.     public function preferences_save($args)

  163.     {

  164.         if ($args['section'] == 'authres_status') {

  165.             $args['prefs']['enable_authres_status_column'] = isset($_POST["_enable_authres_status_column"]) && $_POST["_enable_authres_status_column"] == 1;

  166.             $list_cols = rcmail::get_instance()->config->get('list_cols');

  167. 

  168.             $args['prefs']['use_fallback_verifier'] = isset($_POST["_use_fallback_verifier"]) && $_POST["_use_fallback_verifier"] == 1;

  169. 

  170.             if (isset($_POST['_trusted_mtas'])) {

  171.                 $trusted_mtas = array_map(function($value) {

  172.                     return trim($value);

  173.                 }, explode(",", $_POST["_trusted_mtas"]));

  174. 

  175.                 $args['prefs']['trusted_mtas'] = array_diff($trusted_mtas, array(""));

  176.             } else {

  177.                 $args['prefs']['trusted_mtas'] = array();

  178.             }

  179. 

  180.             if (!is_array($list_cols)) {

  181.                 $list_cols = array();

  182.             }

  183. 

  184.             if ($args['prefs']['enable_authres_status_column']) {

  185.                 if (!in_array('authres_status', $list_cols)) {

  186.                     $list_cols[] = 'authres_status';

  187.                 }

  188.             } else {

  189.                 $list_cols = array_diff($list_cols, array('authres_status'));

  190.             }

  191. 

  192.             $args['prefs']['list_cols'] = $list_cols;

  193. 

  194.             if (is_array($_POST["_show_statuses"])) {

  195.                 $args['prefs']['show_statuses'] = (int)array_sum($_POST["_show_statuses"]);

  196.             }

  197.         }

  198. 

  199.         return $args;

  200.     }

  201. 

  202.     public function messages_list($p)

  203.     {

  204.         if (!empty($p['messages'])) {

  205.             $rcmail = rcmail::get_instance();

  206.             if ($rcmail->config->get('enable_authres_status_column')) {

  207.                 $layout = $rcmail->config->get('layout');

  208.                 if ($layout == 'widescreen') {

  209.                     $authres_flags = array();

  210.                 }

  211. 

  212.                 $show_statuses = (int)$rcmail->config->get('show_statuses');

  213.                 foreach ($p['messages'] as $index => $message) {

  214.                     $img_status = $this->get_authentication_status($message, $show_statuses, $message->uid);

  215. 

  216.                     if ($layout == 'widescreen') {

  217.                         $authres_flags[$message->uid] = $img_status;

  218.                     } else {

  219.                         $p['messages'][$index]->list_cols['authres_status'] = $img_status;

  220.                     }

  221.                 }

  222. 

  223.                 if ($layout == 'widescreen') {

  224.                     $rcmail->output->set_env('authres_flags', $authres_flags);

  225.                 }

  226.             }

  227.         }

  228. 

  229.         return $p;

  230.     }

  231. 

  232.     public function message_headers($p)

  233.     {

  234.         /* We only have to check the headers once and this method is executed more than once,

  235.         /* so let's cache the result

  236.         */

  237.         if (!$this->message_headers_done) {

  238.             $this->message_headers_done = true;

  239. 

  240.             $show_statuses = (int)rcmail::get_instance()->config->get('show_statuses');

  241.             $this->img_status = $this->get_authentication_status($p['headers'], $show_statuses, (int)$_GET["_uid"]);

  242.         }

  243. 

  244.         $p['output']['from']['value'] = $this->img_status . $p['output']['from']['value'];

  245.         $p['output']['from']['html'] = true;

  246. 

  247.         return $p;

  248.     }

  249. 

  250.     /* See https://tools.ietf.org/html/rfc5451

  251.     */

  252.     public function rfc5451_extract_authresheader($headers)

  253.     {

  254.         if (!is_array($headers)) {

  255.             $headers = array($headers);

  256.         }

  257. 

  258.         //rfc2822 token setup

  259.         $crlf        = "(?:\r\n)";

  260.         $wsp         = "[\t ]";

  261.         $text        = "[\\x01-\\x09\\x0B\\x0C\\x0E-\\x7F]";

  262.         $quoted_pair = "(?:\\\\$text)";

  263.         $fws         = "(?:(?:$wsp*$crlf)?$wsp+)";

  264.         $ctext       = "[\\x01-\\x08\\x0B\\x0C\\x0E-\\x1F" . "!-'*-[\\]-\\x7F]";

  265.         $comment     = "(\\((?:$fws?(?:$ctext|$quoted_pair|(?1)))*" . "$fws?\\))";

  266.         $cfws        = "(?:(?:$fws?$comment)*(?:(?:$fws?$comment)|$fws))" . "?";

  267.         $atom        = "[a-z0-9!#$%&\'*+-\/=?^_`{|}~]+";

  268. 

  269.         $results = array();

  270.         foreach ($headers as $header) {

  271.             $authservid = false;

  272.             if (preg_match('/^' . $cfws . '((?=.{1,254}$)((?=[a-z0-9-]{1,63}\.)(xn--)?[a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,63}(\/[^\s]*)?)' . $cfws . '(\(.*?\))?' . $cfws . ';/i', trim($header), $m)) {

  273.                 $authservid = $m[3];

  274.                 $header = substr($header, strlen($m[0]));

  275.             }

  276. 

  277.             if (!$authservid || !count($this->trusted_mtas) || in_array($authservid, $this->trusted_mtas)) {

  278.                 $resinfos = array();

  279.                 $header_parts = explode(";", $header);

  280.                 while (count($header_parts)) {

  281.                     $header_part = array_shift($header_parts);

  282. 

  283.                     // check whether part is not from within comment, eg 'dkim=pass    (1024-bit key; insecure key)' should be matched as one

  284.                     if (preg_match('/\([^)]*$/', $header_part)) {

  285.                         $resinfos[] = trim($header_part . ';' . array_shift($header_parts));

  286.                     } else {

  287.                         $resinfos[] = trim($header_part);

  288.                     }

  289.                 }

  290. 

  291.                 foreach ($resinfos as $resinfo) {

  292.                     if (preg_match('/(' . implode("|", self::$RFC5451_authentication_methods) . ')' . $cfws . '=' . $cfws . '(' . implode("|", array_keys(self::$RFC5451_authentication_results)) . ')' . $cfws . '(\(.*?\))?/i', $resinfo, $m, PREG_OFFSET_CAPTURE)) {

  293.                         $parsed_resinfo = array(

  294.                             'title'  => trim($m[0][0]),

  295.                             'method' => $m[1][0],

  296.                             'result' => $m[6][0],

  297.                             'reason' => isset($m[7]) ? $m[7][0] : '',

  298.                             'props'  => array()

  299.                         );

  300. 

  301.                         $propspec = trim(($m[0][1] > 0 ? substr($resinfo, 0, $m[0][1]) : '') . substr($resinfo, strlen($m[0][0])));

  302.                         if ($propspec) {

  303.                             if (preg_match_all('/(' . implode("|", self::$RFC5451_ptypes) . ')' . $cfws . '\.' . $cfws . '(' . implode("|", self::$RFC5451_properties) . ')' . $cfws . '=' . $cfws . '([^\s]*)/i', $propspec, $m)) {

  304.                                 foreach ($m[0] as $k => $v) {

  305.                                     if (!isset($parsed_resinfo['props'][$m[1][$k]])) {

  306.                                         $parsed_resinfo['props'][$m[1][$k]] = array();

  307.                                     }

  308. 

  309.                                     $parsed_resinfo['props'][$m[1][$k]] [$m[6][$k]] = $m[11][$k];

  310.                                 }

  311.                             }

  312.                         }

  313. 

  314.                         $results[] = $parsed_resinfo;

  315.                     }

  316.                 }

  317.             }

  318.         }

  319. 

  320.         return $results;

  321.     }

  322. 

  323.     public function get_authentication_status($headers, $show_statuses = 0, $uid = 0)

  324.     {

  325.         /* If dkimproxy did not find a signature, stop here

  326.         */

  327.         if (($results = $headers->others['x-dkim-authentication-results']) && strpos($results, 'none') !== false) {

  328.             $status = self::STATUS_NOSIG;

  329.         } else {

  330.             if ($headers->others['authentication-results']) {

  331.                 $results = $this->rfc5451_extract_authresheader($headers->others['authentication-results']);

  332.                 $status = 0;

  333.                 $title = '';

  334. 

  335.                 foreach ($results as $result) {

  336.                     $status = $status | (isset(self::$RFC5451_authentication_results[$result['result']]) ? self::$RFC5451_authentication_results[$result['result']] : self::STATUS_FAIL);

  337. 

  338.                     $title .= ($title ? '; ' : '') . $result['title'];

  339.                 }

  340. 

  341.                 if ($status == self::STATUS_PASS) {

  342.                     /* Verify if its an author's domain signature or a third party

  343.                     */

  344.                     if (preg_match("/[@]([a-zA-Z0-9]+([.][a-zA-Z0-9]+)?\.[a-zA-Z]{2,4})/", $headers->from, $m)) {

  345.                         $title = '';

  346.                         $authorDomain = $m[1];

  347.                         $authorDomainFound = false;

  348. 

  349.                         foreach ($results as $result) {

  350.                             if ($result['method'] == 'dkim' || $result['method'] == 'domainkeys') {

  351.                                 if (is_array($result['props']) && isset($result['props']['header'])) {

  352.                                     $pvalue = '';

  353. 

  354.                                     // d is required, but still not always present

  355.                                     if (isset($result['props']['header']['d'])) {

  356.                                         $pvalue = $result['props']['header']['d'];

  357.                                     } elseif (isset($result['props']['header']['i'])) {

  358.                                         $pvalue = substr($result['props']['header']['i'], strpos($result['props']['header']['i'], '@') + 1);

  359.                                     }

  360. 

  361.                                     if ($pvalue == $authorDomain || substr($authorDomain, -1 * strlen($pvalue)) == $pvalue) {

  362.                                         $authorDomainFound = true;

  363. 

  364.                                         if ($status != self::STATUS_PASS) {

  365.                                             $status = self::STATUS_PASS;

  366.                                             $title = $result['title'];

  367.                                         } else {

  368.                                             $title.= ($title ? '; ' : '') . $result['title'];

  369.                                         }

  370.                                     } else {

  371.                                         if ($status == self::STATUS_THIRD) {

  372.                                             $title .= '; ' . $this->gettext('for') . ' ' . $pvalue . ' ' . $this->gettext('by') . ' ' . $result['title'];

  373.                                         } elseif (!$authorDomainFound) {

  374.                                             $status = self::STATUS_THIRD;

  375.                                             $title = $pvalue . ' ' . $this->gettext('by') . ' ' . $result['title'];

  376.                                         }

  377.                                     }

  378.                                 }

  379.                             }

  380.                         }

  381.                     }

  382.                 }

  383. 

  384.                 if (!$status) {

  385.                     $status = self::STATUS_NOSIG;

  386.                 }

  387. 

  388.                 /* Check for spamassassin's X-Spam-Status

  389.                 */

  390.             } elseif ($headers->others['x-spam-status']) {

  391.                 $status = self::STATUS_NOSIG;

  392. 

  393.                 /* DKIM_* are defined at: http://search.cpan.org/~kmcgrail/Mail-SpamAssassin-3.3.2/lib/Mail/SpamAssassin/Plugin/DKIM.pm */

  394.                 $results = $headers->others['x-spam-status'];

  395.                 if (is_array($results)) {

  396.                     $results = end($results); // Should we take first or last header found? Last has probably been added by our own MTA

  397.                 }

  398. 

  399.                 if (preg_match_all('/DKIM_[^,=]+/', $results, $m)) {

  400.                     if (array_search('DKIM_SIGNED', $m[0]) !== false) {

  401.                         if (array_search('DKIM_VALID', $m[0]) !== false) {

  402.                             if (array_search('DKIM_VALID_AU', $m[0])) {

  403.                                 $status = self::STATUS_PASS;

  404.                                 $title = 'DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU';

  405.                             } else {

  406.                                 $status = self::STATUS_THIRD;

  407.                                 $title = 'DKIM_SIGNED, DKIM_VALID';

  408.                             }

  409.                         } else {

  410.                             $status = self::STATUS_FAIL;

  411.                             $title = 'DKIM_SIGNED';

  412.                         }

  413.                     }

  414.                 }

  415.             } elseif ($headers->others['dkim-signature'] || $headers->others['domainkey-signature']) {

  416.                 $status = 0;

  417. 

  418.                 if ($uid) {

  419.                     $rcmail = rcmail::get_instance();

  420.                     if ($headers->others['dkim-signature'] && $rcmail->config->get('use_fallback_verifier')) {

  421.                         if (!class_exists('Crypt_RSA')) {

  422.                             $autoload = require __DIR__ . "/../../vendor/autoload.php";

  423.                             $autoload->loadClass('Crypt_RSA'); // Preload for use in DKIM_Verify

  424.                         }

  425. 

  426.                         $dkimVerify = new DKIM_Verify($rcmail->imap->get_raw_body($uid));

  427.                         $results = $dkimVerify->validate();

  428. 

  429.                         if (count($results)) {

  430.                             $status = 0;

  431.                             $title = '';

  432.                             foreach ($results as $result) {

  433.                                 foreach ($result as $res) {

  434.                                     if (count($res)) {

  435.                                         $status = $status | (isset(self::$RFC5451_authentication_results[$res['status']]) ? self::$RFC5451_authentication_results[$res['status']] : self::STATUS_FAIL);

  436. 

  437.                                         if ($res['status'] == 'pass') {

  438.                                             $title .= ($title ? '; ' : '') . "dkim=pass (internal verifier)";

  439.                                         }

  440.                                     }

  441.                                 }

  442.                             }

  443. 

  444.                             if (!$title) {

  445.                                 $title = $res['reason'];

  446.                             }

  447.                         }

  448.                     }

  449.                 }

  450. 

  451.                 if (!$status) {

  452.                     $status = self::STATUS_NORES;

  453.                 }

  454.             } else {

  455.                 $status = self::STATUS_NOSIG;

  456.             }

  457.         }

  458. 

  459.         if ($status == self::STATUS_NOSIG) {

  460.             $image = 'status_nosig.png';

  461.             $alt = 'nosignature';

  462.         } elseif ($status == self::STATUS_NORES) {

  463.             $image = 'status_nores.png';

  464.             $alt = 'noauthresults';

  465.         } elseif ($status == self::STATUS_PASS) {

  466.             $image = 'status_pass.png';

  467.             $alt = 'signaturepass';

  468.         } else {

  469.             // at least one auth method was passed, show partial pass

  470.             if (($status & self::STATUS_PASS)) {

  471.                 $status = self::STATUS_PARS;

  472.                 $image = 'status_partial_pass.png';

  473.                 $alt = 'partialpass';

  474.             } elseif ($status >= self::STATUS_FAIL) {

  475.                 $image = 'status_fail.png';

  476.                 $alt = 'invalidsignature';

  477.             } elseif ($status >= self::STATUS_WARN) {

  478.                 $image = 'status_warn.png';

  479.                 $alt = 'temporaryinvalid';

  480.             } elseif ($status >= self::STATUS_THIRD) {

  481.                 $image = 'status_third.png';

  482.                 $alt = 'thirdparty';

  483.             }

  484.         }

  485. 

  486.         if (!$show_statuses || ($show_statuses & $status)) {

  487.             return '<img src="plugins/authres_status/images/' . $image . '" alt="' . $alt . '" title="' . $this->gettext($alt) . htmlentities($title) . '" class="authres-status-img" /> ';

  488.         }

  489. 

  490.         return '';

  491.     }

  492. }