From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports

---
 program/steps/mail/sendmail.inc |   36 +++++++++++++++++++++++++++++++++---
 1 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc
index 6866c51..dbd6f98 100644
--- a/program/steps/mail/sendmail.inc
+++ b/program/steps/mail/sendmail.inc
@@ -234,7 +234,7 @@
 
 // sending aborted by plugin
 if ($data['abort'] && !$savedraft) {
-    $OUTPUT->show_message($data['message'] ? $data['message'] : 'sendingfailed');
+    $OUTPUT->show_message($data['message'] ?: 'sendingfailed');
     $OUTPUT->send('iframe');
 }
 else {
@@ -245,6 +245,19 @@
 
 // fetch message body
 $message_body = rcube_utils::get_input_value('_message', rcube_utils::INPUT_POST, TRUE, $message_charset);
+
+if (isset($_POST['_pgpmime'])) {
+    $pgp_mime     = rcube_utils::get_input_value('_pgpmime', rcube_utils::INPUT_POST);
+    $isHtml       = false;
+    $message_body = '';
+
+    // clear unencrypted attachments
+    foreach ((array) $COMPOSE['attachments'] as $attach) {
+        $RCMAIL->plugins->exec_hook('attachment_delete', $attach);
+    }
+
+    $COMPOSE['attachments'] = array();
+}
 
 if ($isHtml) {
     $bstyle = array();
@@ -442,7 +455,7 @@
         }
         else {
             $ctype   = str_replace('image/pjpeg', 'image/jpeg', $attachment['mimetype']); // #1484914
-            $file    = $attachment['data'] ? $attachment['data'] : $attachment['path'];
+            $file    = $attachment['data'] ?: $attachment['path'];
             $folding = (int) $RCMAIL->config->get('mime_param_folding');
 
             $MAIL_MIME->addAttachment($file,
@@ -473,6 +486,23 @@
 
 if ($flowed) {
     $text_charset .= ";\r\n format=flowed";
+}
+
+// compose PGP/Mime message
+if ($pgp_mime) {
+    $MAIL_MIME->addAttachment(new Mail_mimePart('Version: 1', array(
+            'content_type' => 'application/pgp-encrypted',
+            'description'  => 'PGP/MIME version identification',
+    )));
+
+    $MAIL_MIME->addAttachment(new Mail_mimePart($pgp_mime, array(
+            'content_type' => 'application/octet-stream',
+            'filename'     => 'encrypted.asc',
+            'disposition'  => 'inline',
+    )));
+
+    $MAIL_MIME->setContentType('multipart/encrypted', array('protocol' => 'application/pgp-encrypted'));
+    $MAIL_MIME->setParam('preamble', 'This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)');
 }
 
 // encoding settings for mail composing
@@ -643,7 +673,7 @@
             array('msgid' => $message_id, 'uid' => $saved, 'folder' => $store_target));
 
         // display success
-        $OUTPUT->show_message($plugin['message'] ? $plugin['message'] : 'messagesaved', 'confirmation');
+        $OUTPUT->show_message($plugin['message'] ?: 'messagesaved', 'confirmation');
 
         // update "_draft_saveid" and the "cmp_hash" to prevent "Unsaved changes" warning
         $COMPOSE['param']['draft_uid'] = $plugin['uid'];

--
Gitblit v1.9.1