githubFork/roundcubemail.git

Roundcubemail devel

parent: 97f3972c | patch | commit | ignore whitespace

Aleksander Machniak

2016-01-28 43165ac07a8ad8d28b7b5c336b3ca9e186f1881e

Really secure viewsource downloads

2 files modified

	program/js/app.js	2 ●●●●● patch \| view \| raw \| blame \| history
	program/steps/mail/viewsource.inc	4 ●●●●● patch \| view \| raw \| blame \| history

 program/js/app.js

@@ -1228,7 +1228,7 @@
          location.href = this.secure_url(location.href.replace(/_frame=/, '_download='));
        }
        else if (uid = this.get_single_uid()) {
          this.goto_url('viewsource', this.params_from_uid(uid, {_save: 1}));
          this.goto_url('viewsource', this.params_from_uid(uid, {_save: 1}), false, true);
        }
        break;


 program/steps/mail/viewsource.inc

@@ -19,6 +19,10 @@
 +-----------------------------------------------------------------------+
*/

if (!empty($_GET['_save'])) {
    $RCMAIL->request_security_check(rcube_utils::INPUT_GET);
}

ob_end_clean();

// similar code as in program/steps/mail/get.inc

			@@ -1228,7 +1228,7 @@
			location.href = this.secure_url(location.href.replace(/_frame=/, '_download='));
			}
			else if (uid = this.get_single_uid()) {
			this.goto_url('viewsource', this.params_from_uid(uid, {_save: 1}));
			this.goto_url('viewsource', this.params_from_uid(uid, {_save: 1}), false, true);
			}
			break;

			@@ -19,6 +19,10 @@
			+-----------------------------------------------------------------------+
			*/

			if (!empty($_GET['_save'])) {
			$RCMAIL->request_security_check(rcube_utils::INPUT_GET);
			}

			ob_end_clean();

			// similar code as in program/steps/mail/get.inc