githubFork/roundcubemail.git

			@@ -22,7 +22,7 @@

			// show loading page
			if (!empty($_GET['_preload'])) {
			$url = preg_replace('/([&?]+)_preload=/', '\\1_embed=', $_SERVER['REQUEST_URI']);
			$url = preg_replace('/([&?]+)_preload=/', '\\1_mimewarning=1&_embed=', $_SERVER['REQUEST_URI']);
			$message = rcube_label('loadingdata');

			header('Content-Type: text/html; charset=' . RCMAIL_CHARSET);
			@@ -38,18 +38,33 @@

			// similar code as in program/steps/mail/show.inc
			if (!empty($_GET['_uid'])) {
			$uid = get_input_value('_uid', RCUBE_INPUT_GET);
			$RCMAIL->config->set('prefer_html', true);
			$MESSAGE = new rcube_message(get_input_value('_uid', RCUBE_INPUT_GET));
			$MESSAGE = new rcube_message($uid);
			}

			// check connection status
			check_storage_status();

			$part_id = get_input_value('_part', RCUBE_INPUT_GPC);

			// show part page
			if (!empty($_GET['_frame'])) {
			if (($part_id = get_input_value('_part', RCUBE_INPUT_GPC)) && ($part = $MESSAGE->mime_parts[$part_id])) {
			$OUTPUT->set_pagetitle(rcmail_attachment_name($part));
			if ($part_id && ($part = $MESSAGE->mime_parts[$part_id])) {
			$filename = rcmail_attachment_name($part);
			$OUTPUT->set_pagetitle($filename);
			}

			// register UI objects
			$OUTPUT->add_handlers(array(
			'messagepartframe' => 'rcmail_message_part_frame',
			'messagepartcontrols' => 'rcmail_message_part_controls',
			));

			$OUTPUT->set_env('mailbox', $RCMAIL->storage->get_folder());
			$OUTPUT->set_env('uid', $uid);
			$OUTPUT->set_env('part', $part_id);
			$OUTPUT->set_env('filename', $filename);

			$OUTPUT->send('messagepart');
			exit;
			@@ -60,11 +75,12 @@
			$pid = get_input_value('_part', RCUBE_INPUT_GET);
			if ($part = $MESSAGE->mime_parts[$pid]) {
			$thumbnail_size = $RCMAIL->config->get('image_thumbnail_size', 240);
			$temp_dir = $RCMAIL->config->get('temp_dir');
			list(,$ext) = explode('/', $part->mimetype);
			$cache_basename = $temp_dir . '/' . md5($MESSAGE->headers->messageID . $part->mime_id . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size);
			$cache_file = $cache_basename . '.' . $ext;
			$mimetype = $part->mimetype;
			$temp_dir = $RCMAIL->config->get('temp_dir');
			list(,$ext) = explode('/', $part->mimetype);
			$mimetype = $part->mimetype;
			$file_ident = $MESSAGE->headers->messageID . ':' . $part->mime_id . ':' . $part->size . ':' . $part->mimetype;
			$cache_basename = $temp_dir . '/' . md5($file_ident . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size);
			$cache_file = $cache_basename . '.' . $ext;

			// render thumbnail image if not done yet
			if (!is_file($cache_file)) {
			@@ -73,7 +89,7 @@
			fclose($fp);

			$image = new rcube_image($orig_name);
			if ($imgtype = $image->resize($RCMAIL->config->get('image_thumbnail_size', 240), $cache_file, true)) {
			if ($imgtype = $image->resize($thumbnail_size, $cache_file, true)) {
			$mimetype = 'image/' . $imgtype;
			unlink($orig_name);
			}
			@@ -91,12 +107,9 @@
			exit;
			}

			else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) {

			if ($part = $MESSAGE->mime_parts[$pid]) {
			$ctype_primary = strtolower($part->ctype_primary);
			$ctype_secondary = strtolower($part->ctype_secondary);
			$mimetype = sprintf('%s/%s', $ctype_primary, $ctype_secondary);
			else if (strlen($part_id)) {
			if ($part = $MESSAGE->mime_parts[$part_id]) {
			$mimetype = rcmail_fix_mimetype($part->mimetype);

			// allow post-processing of the message body
			$plugin = $RCMAIL->plugins->exec_hook('message_part_get',
			@@ -106,7 +119,7 @@
			exit;

			// overwrite modified vars from plugin
			$mimetype = $plugin['mimetype'];
			$mimetype = $plugin['mimetype'];
			$extensions = rcube_mime::get_mime_extensions($mimetype);

			if ($plugin['body'])
			@@ -118,10 +131,10 @@
			$file_extension = strtolower(pathinfo($part->filename, PATHINFO_EXTENSION));

			// 1. compare filename suffix with expected suffix derived from mimetype
			$valid = $file_extension && in_array($file_extension, (array)$extensions);
			$valid = $file_extension && in_array($file_extension, (array)$extensions) \|\| !empty($_REQUEST['_mimeclass']);

			// 2. detect the real mimetype of the attachment part and compare it with the stated mimetype and filename extension
			if ($valid \|\| !$file_extension \|\| $mimetype == 'application/octet-stream' \|\| $mimetype == 'text/plain') {
			if ($valid \|\| !$file_extension \|\| $mimetype == 'application/octet-stream' \|\| stripos($mimetype, 'text/') === 0) {
			if ($part->body) // part body is already loaded
			$body = $part->body;
			else if ($part->size && $part->size < 1024*1024) // load the entire part if it's small enough
			@@ -145,6 +158,10 @@
			$extensions = rcube_mime::get_mime_extensions($real_mimetype);
			$valid_extension = (!$file_extension \|\| in_array($file_extension, (array)$extensions));

			// ignore filename extension if mimeclass matches (#1489029)
			if (!empty($_REQUEST['_mimeclass']) && $real_ctype_primary == $_REQUEST['_mimeclass'])
			$valid_extension = true;

			// fix mimetype for images wrongly declared as octet-stream
			if ($mimetype == 'application/octet-stream' && strpos($real_mimetype, 'image/') === 0 && $valid_extension)
			$mimetype = $real_mimetype;
			@@ -157,22 +174,32 @@

			// show warning if validity checks failed
			if (!$valid) {
			$OUTPUT = new rcmail_html_page();
			$OUTPUT->write(html::tag('html', null, html::tag('body', 'embed',
			html::div(array('class' => 'rcmail-inline-message rcmail-inline-warning'),
			rcube_label(array(
			'name' => 'attachmentvalidationerror',
			'vars' => array(
			'expected' => $mimetype . ($file_extension ? "(.$file_extension)" : ''),
			'detected' => $real_mimetype . ($extensions[0] ? "(.$extensions[0])" : ''),
			// send blocked.gif for expected images
			if (empty($_REQUEST['_mimewarning']) && strpos($mimetype, 'image/') === 0) {
			// Do not cache. Failure might be the result of a misconfiguration, thus real content should be returned once fixed.
			$OUTPUT->nocacheing_headers();
			header("Content-Type: image/gif");
			header("Content-Transfer-Encoding: binary");
			readfile(INSTALL_PATH . 'program/resources/blocked.gif');
			}
			else { // html warning with a button to load the file anyway
			$OUTPUT = new rcmail_html_page();
			$OUTPUT->write(html::tag('html', null, html::tag('body', 'embed',
			html::div(array('class' => 'rcmail-inline-message rcmail-inline-warning'),
			rcube_label(array(
			'name' => 'attachmentvalidationerror',
			'vars' => array(
			'expected' => $mimetype . ($file_extension ? " (.$file_extension)" : ''),
			'detected' => $real_mimetype . ($extensions[0] ? " (.$extensions[0])" : ''),
			)
			)) .
			html::p(array('class' => 'rcmail-inline-buttons'),
			html::tag('button',
			array('onclick' => "location.href='" . $RCMAIL->url(array_merge($_GET, array('_nocheck' => 1))) . "'"),
			rcube_label('showanyway')))
			)
			)) .
			html::p(array('class' => 'rcmail-inline-buttons'),
			html::tag('button',
			array('onclick' => "location.href='" . $RCMAIL->url(array_merge($_GET, array('_nocheck' => 1))) . "'"),
			rcube_label('showanyway')))
			)
			)));
			)));
			}
			exit;
			}
			}
			@@ -202,11 +229,9 @@
			header("Content-Type: text/$ctype_secondary; charset=" . ($part->charset ? $part->charset : RCMAIL_CHARSET));
			}
			else {
			$mimetype = rcmail_fix_mimetype($mimetype);
			header("Content-Type: $mimetype");
			header("Content-Transfer-Encoding: binary");
			}


			// deliver part content
			if ($ctype_primary == 'text' && $ctype_secondary == 'html' && empty($plugin['download'])) {
			@@ -332,7 +357,8 @@
			header("Content-Length: $size");
			}

			$sent = $RCMAIL->storage->get_message_part($MESSAGE->uid, $part->mime_id, $part, true);
			// 8th argument disables re-formatting of text/* parts (#1489267)
			$sent = $RCMAIL->storage->get_message_part($MESSAGE->uid, $part->mime_id, $part, true, null, false, 0, false);
			}
			}

			@@ -366,7 +392,9 @@
			header('HTTP/1.1 404 Not Found');
			exit;


			/**
			* Handles nicely storage connection errors
			*/
			function check_storage_status()
			{
			$error = rcmail::get_instance()->storage->get_error_code();
			@@ -398,3 +426,49 @@
			exit;
			}
			}

			/**
			* Attachment properties table
			*/
			function rcmail_message_part_controls($attrib)
			{
			global $MESSAGE, $RCMAIL;

			$part = asciiwords(get_input_value('_part', RCUBE_INPUT_GPC));
			if (!is_object($MESSAGE) \|\| !is_array($MESSAGE->parts)
			\|\| !($_GET['_uid'] && $_GET['_part']) \|\| !$MESSAGE->mime_parts[$part]
			) {
			return '';
			}

			$part = $MESSAGE->mime_parts[$part];
			$table = new html_table(array('cols' => 2));

			$table->add('title', Q(rcube_label('namex')).':');
			$table->add('header', Q(rcmail_attachment_name($part)));

			$table->add('title', Q(rcube_label('type')).':');
			$table->add('header', Q($part->mimetype));

			$table->add('title', Q(rcube_label('size')).':');
			$table->add('header', Q($RCMAIL->message_part_size($part)));

			return $table->show($attrib);
			}

			/**
			* Attachment preview frame
			*/
			function rcmail_message_part_frame($attrib)
			{
			global $MESSAGE, $RCMAIL;

			$part = $MESSAGE->mime_parts[asciiwords(get_input_value('_part', RCUBE_INPUT_GPC))];
			$ctype_primary = strtolower($part->ctype_primary);

			$attrib['src'] = './?' . str_replace('_frame=', ($ctype_primary=='text' ? '_embed=' : '_preload='), $_SERVER['QUERY_STRING']);

			$RCMAIL->output->add_gui_object('messagepartframe', $attrib['id']);

			return html::iframe($attrib);
			}