From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
program/lib/Roundcube/rcube_message.php | 69 ++++++++++++++++------------------
1 files changed, 33 insertions(+), 36 deletions(-)
diff --git a/program/lib/Roundcube/rcube_message.php b/program/lib/Roundcube/rcube_message.php
index 884141a..d065ac3 100644
--- a/program/lib/Roundcube/rcube_message.php
+++ b/program/lib/Roundcube/rcube_message.php
@@ -108,7 +108,8 @@
'get_url' => $this->app->url(array(
'action' => 'get',
'mbox' => $this->folder,
- 'uid' => $uid))
+ 'uid' => $uid),
+ false, false, true)
);
if (!empty($this->headers->structure)) {
@@ -484,6 +485,28 @@
}
/**
+ * In a multipart/encrypted encrypted message,
+ * find the encrypted message payload part.
+ *
+ * @return rcube_message_part
+ */
+ public function get_multipart_encrypted_part()
+ {
+ foreach ($this->mime_parts as $mime_id => $mpart) {
+ if ($mpart->mimetype == 'multipart/encrypted') {
+ $this->pgp_mime = true;
+ }
+ if ($this->pgp_mime && ($mpart->mimetype == 'application/octet-stream' ||
+ (!empty($mpart->filename) && $mpart->filename != 'version.txt'))) {
+ $this->encrypted_part = $mime_id;
+ return $mpart;
+ }
+ }
+
+ return false;
+ }
+
+ /**
* Read the message structure returend by the IMAP server
* and build flat lists of content parts and attachments
*
@@ -674,24 +697,16 @@
$mail_part = &$structure->parts[$i];
$primary_type = $mail_part->ctype_primary;
$secondary_type = $mail_part->ctype_secondary;
+ $part_mimetype = $mail_part->mimetype;
- // real content-type of message/rfc822
- if ($mail_part->real_mimetype) {
- $part_orig_mimetype = $mail_part->mimetype;
- $part_mimetype = $mail_part->real_mimetype;
- list($primary_type, $secondary_type) = explode('/', $part_mimetype);
- }
- else {
- $part_mimetype = $part_orig_mimetype = $mail_part->mimetype;
- }
-
- // multipart/alternative
- if ($primary_type == 'multipart') {
+ // multipart/alternative or message/rfc822
+ if ($primary_type == 'multipart' || $part_mimetype == 'message/rfc822') {
$this->parse_structure($mail_part, true);
// list message/rfc822 as attachment as well (mostly .eml)
- if ($part_orig_mimetype == 'message/rfc822' && !empty($mail_part->filename))
+ if ($primary_type == 'message' && !empty($mail_part->filename)) {
$this->attachments[] = $mail_part;
+ }
}
// part text/[plain|html] or delivery status
else if ((($part_mimetype == 'text/plain' || $part_mimetype == 'text/html') && $mail_part->disposition != 'attachment') ||
@@ -702,8 +717,9 @@
array('object' => $this, 'structure' => $mail_part,
'mimetype' => $part_mimetype, 'recursive' => true));
- if ($plugin['abort'])
+ if ($plugin['abort']) {
continue;
+ }
if ($part_mimetype == 'text/html' && $mail_part->size) {
$this->got_html_part = true;
@@ -725,14 +741,6 @@
if (!empty($mail_part->filename)) {
$this->attachments[] = $mail_part;
}
- }
- // part message/*
- else if ($primary_type == 'message') {
- $this->parse_structure($mail_part, true);
-
- // list as attachment as well (mostly .eml)
- if (!empty($mail_part->filename))
- $this->attachments[] = $mail_part;
}
// ignore "virtual" protocol parts
else if ($primary_type == 'protocol') {
@@ -764,21 +772,14 @@
// part belongs to a related message and is linked
if (preg_match('/^multipart\/(related|relative)/', $mimetype)
- && ($mail_part->headers['content-id'] || $mail_part->headers['content-location'])) {
+ && ($mail_part->headers['content-id'] || $mail_part->headers['content-location'])
+ ) {
if ($mail_part->headers['content-id'])
$mail_part->content_id = preg_replace(array('/^</', '/>$/'), '', $mail_part->headers['content-id']);
if ($mail_part->headers['content-location'])
$mail_part->content_location = $mail_part->headers['content-base'] . $mail_part->headers['content-location'];
$this->inline_parts[] = $mail_part;
- }
- // attachment encapsulated within message/rfc822 part needs further decoding (#1486743)
- else if ($part_orig_mimetype == 'message/rfc822') {
- $this->parse_structure($mail_part, true);
-
- // list as attachment as well (mostly .eml)
- if (!empty($mail_part->filename))
- $this->attachments[] = $mail_part;
}
// regular attachment with valid content type
// (content-type name regexp according to RFC4288.4.2)
@@ -794,10 +795,6 @@
$this->attachments[] = $mail_part;
}
- }
- // attachment part as message/rfc822 (#1488026)
- else if ($mail_part->mimetype == 'message/rfc822') {
- $this->parse_structure($mail_part);
}
// calendar part not marked as attachment (#1490325)
else if ($part_mimetype == 'text/calendar') {
--
Gitblit v1.9.1