From a3b85d7b8560cdc1057fcaffa3acbd247b4b5b7a Mon Sep 17 00:00:00 2001
From: Thomas B. <thomas@roundcube.net>
Date: Mon, 07 Oct 2013 13:19:03 -0400
Subject: [PATCH] Merge pull request #133 from cwickert/release-0.9-canned-responses
---
program/steps/mail/get.inc | 117 ++++++++++++++++++++++++++++++++++------------------------
1 files changed, 69 insertions(+), 48 deletions(-)
diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc
index 314a437..3727577 100644
--- a/program/steps/mail/get.inc
+++ b/program/steps/mail/get.inc
@@ -22,7 +22,7 @@
// show loading page
if (!empty($_GET['_preload'])) {
- $url = preg_replace('/([&?]+)_preload=/', '\\1_embed=', $_SERVER['REQUEST_URI']);
+ $url = preg_replace('/([&?]+)_preload=/', '\\1_mimewarning=1&_embed=', $_SERVER['REQUEST_URI']);
$message = rcube_label('loadingdata');
header('Content-Type: text/html; charset=' . RCMAIL_CHARSET);
@@ -34,6 +34,7 @@
}
ob_end_clean();
+
// similar code as in program/steps/mail/show.inc
if (!empty($_GET['_uid'])) {
@@ -47,13 +48,7 @@
// show part page
if (!empty($_GET['_frame'])) {
if (($part_id = get_input_value('_part', RCUBE_INPUT_GPC)) && ($part = $MESSAGE->mime_parts[$part_id])) {
- $filename = $part->filename;
- if (empty($filename) && $part->mimetype == 'text/html') {
- $filename = rcube_label('htmlmessage');
- }
- if (!empty($filename)) {
- $OUTPUT->set_pagetitle($filename);
- }
+ $OUTPUT->set_pagetitle(rcmail_attachment_name($part));
}
$OUTPUT->send('messagepart');
@@ -65,11 +60,12 @@
$pid = get_input_value('_part', RCUBE_INPUT_GET);
if ($part = $MESSAGE->mime_parts[$pid]) {
$thumbnail_size = $RCMAIL->config->get('image_thumbnail_size', 240);
- $temp_dir = $RCMAIL->config->get('temp_dir');
- list(,$ext) = explode('/', $part->mimetype);
- $cache_basename = $temp_dir . '/' . md5($MESSAGE->headers->messageID . $part->mime_id . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size);
- $cache_file = $cache_basename . '.' . $ext;
- $mimetype = $part->mimetype;
+ $temp_dir = $RCMAIL->config->get('temp_dir');
+ list(,$ext) = explode('/', $part->mimetype);
+ $mimetype = $part->mimetype;
+ $file_ident = $MESSAGE->headers->messageID . ':' . $part->mime_id . ':' . $part->size . ':' . $part->mimetype;
+ $cache_basename = $temp_dir . '/' . md5($file_ident . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size);
+ $cache_file = $cache_basename . '.' . $ext;
// render thumbnail image if not done yet
if (!is_file($cache_file)) {
@@ -78,7 +74,7 @@
fclose($fp);
$image = new rcube_image($orig_name);
- if ($imgtype = $image->resize($RCMAIL->config->get('image_thumbnail_size', 240), $cache_file, true)) {
+ if ($imgtype = $image->resize($thumbnail_size, $cache_file, true)) {
$mimetype = 'image/' . $imgtype;
unlink($orig_name);
}
@@ -99,9 +95,7 @@
else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) {
if ($part = $MESSAGE->mime_parts[$pid]) {
- $ctype_primary = strtolower($part->ctype_primary);
- $ctype_secondary = strtolower($part->ctype_secondary);
- $mimetype = sprintf('%s/%s', $ctype_primary, $ctype_secondary);
+ $mimetype = rcmail_fix_mimetype($part->mimetype);
// allow post-processing of the message body
$plugin = $RCMAIL->plugins->exec_hook('message_part_get',
@@ -111,7 +105,7 @@
exit;
// overwrite modified vars from plugin
- $mimetype = $plugin['mimetype'];
+ $mimetype = $plugin['mimetype'];
$extensions = rcube_mime::get_mime_extensions($mimetype);
if ($plugin['body'])
@@ -123,10 +117,10 @@
$file_extension = strtolower(pathinfo($part->filename, PATHINFO_EXTENSION));
// 1. compare filename suffix with expected suffix derived from mimetype
- $valid = $file_extension && in_array($file_extension, (array)$extensions);
+ $valid = $file_extension && in_array($file_extension, (array)$extensions) || !empty($_REQUEST['_mimeclass']);
// 2. detect the real mimetype of the attachment part and compare it with the stated mimetype and filename extension
- if ($valid || !$file_extension || $mimetype == 'application/octet-stream') {
+ if ($valid || !$file_extension || $mimetype == 'application/octet-stream' || $mimetype == 'text/plain') {
if ($part->body) // part body is already loaded
$body = $part->body;
else if ($part->size && $part->size < 1024*1024) // load the entire part if it's small enough
@@ -138,6 +132,10 @@
$real_mimetype = rcube_mime::file_content_type($body, $part->filename, $mimetype, true, true);
list($real_ctype_primary, $real_ctype_secondary) = explode('/', $real_mimetype);
+ // accept text/plain with any extension
+ if ($real_mimetype == 'text/plain' && $real_mimetype == $mimetype)
+ $file_extension = 'txt';
+
// ignore differences in text/* mimetypes. Filetype detection isn't very reliable here
if ($real_ctype_primary == 'text' && strpos($mimetype, $real_ctype_primary) === 0)
$real_mimetype = $mimetype;
@@ -145,6 +143,10 @@
// get valid file extensions
$extensions = rcube_mime::get_mime_extensions($real_mimetype);
$valid_extension = (!$file_extension || in_array($file_extension, (array)$extensions));
+
+ // ignore filename extension if mimeclass matches (#1489029)
+ if (!empty($_REQUEST['_mimeclass']) && $real_ctype_primary == $_REQUEST['_mimeclass'])
+ $valid_extension = true;
// fix mimetype for images wrongly declared as octet-stream
if ($mimetype == 'application/octet-stream' && strpos($real_mimetype, 'image/') === 0 && $valid_extension)
@@ -158,21 +160,32 @@
// show warning if validity checks failed
if (!$valid) {
- $OUTPUT = new rcmail_html_page();
- $OUTPUT->write(html::tag('html', null, html::tag('body', array('style' => 'font-family:sans-serif; margin:1em'),
- html::div(array('class' => 'warning', 'style' => 'border:2px solid #ffdf0e; background:#fef893; padding:1em 1em 0 1em;'),
- rcube_label(array(
- 'name' => 'attachmentvalidationerror',
- 'vars' => array('expected' => "$mimetype (.$file_extension)", 'detected' => "$real_mimetype (.$extensions[0])")
- )) .
- html::p('buttons',
- html::tag('button', null,
- html::a(array(
- 'href' => $RCMAIL->url(array_merge($_GET, array('_nocheck' => 1))),
- 'style' => 'text-decoration:none;color:#000',
- ), rcube_label('showanyway')))
- ))
- )));
+ // send blocked.gif for expected images
+ if (empty($_REQUEST['_mimewarning']) && strpos($mimetype, 'image/') === 0) {
+ // Do not cache. Failure might be the result of a misconfiguration, thus real content should be returned once fixed.
+ $OUTPUT->nocacheing_headers();
+ header("Content-Type: image/gif");
+ header("Content-Transfer-Encoding: binary");
+ readfile(INSTALL_PATH . 'program/resources/blocked.gif');
+ }
+ else { // html warning with a button to load the file anyway
+ $OUTPUT = new rcmail_html_page();
+ $OUTPUT->write(html::tag('html', null, html::tag('body', 'embed',
+ html::div(array('class' => 'rcmail-inline-message rcmail-inline-warning'),
+ rcube_label(array(
+ 'name' => 'attachmentvalidationerror',
+ 'vars' => array(
+ 'expected' => $mimetype . ($file_extension ? "(.$file_extension)" : ''),
+ 'detected' => $real_mimetype . ($extensions[0] ? "(.$extensions[0])" : ''),
+ )
+ )) .
+ html::p(array('class' => 'rcmail-inline-buttons'),
+ html::tag('button',
+ array('onclick' => "location.href='" . $RCMAIL->url(array_merge($_GET, array('_nocheck' => 1))) . "'"),
+ rcube_label('showanyway')))
+ )
+ )));
+ }
exit;
}
}
@@ -202,7 +215,6 @@
header("Content-Type: text/$ctype_secondary; charset=" . ($part->charset ? $part->charset : RCMAIL_CHARSET));
}
else {
- $mimetype = rcmail_fix_mimetype($mimetype);
header("Content-Type: $mimetype");
header("Content-Transfer-Encoding: binary");
}
@@ -222,7 +234,27 @@
if (!$part->body)
$part->body = $MESSAGE->get_part_content($part->mime_id);
+ // show images?
+ rcmail_check_safe($MESSAGE);
+
+ // render HTML body
$out = rcmail_print_body($part, array('safe' => $MESSAGE->is_safe, 'inline_html' => false));
+
+ // insert remote objects warning into HTML body
+ if ($REMOTE_OBJECTS) {
+ $body_start = 0;
+ if ($body_pos = strpos($out, '<body')) {
+ $body_start = strpos($out, '>', $body_pos) + 1;
+ }
+ $out = substr($out, 0, $body_start) .
+ html::div(array('class' => 'rcmail-inline-message rcmail-inline-warning'),
+ Q(rcube_label('blockedimages')) . ' ' .
+ html::tag('button',
+ array('onclick' => "location.href='" . $RCMAIL->url(array_merge($_GET, array('_safe' => 1))) . "'"),
+ Q(rcube_label('showimages')))
+ ) .
+ substr($out, $body_start);
+ }
}
// check connection status
@@ -237,18 +269,7 @@
// don't kill the connection if download takes more than 30 sec.
@set_time_limit(0);
- if ($part->filename) {
- $filename = $part->filename;
- }
- else if ($part->mimetype == 'text/html') {
- $filename = rcube_label('htmlmessage');
- }
- else {
- $ext = '.' . ($mimetype == 'text/plain' ? 'txt' : $ctype_secondary);
- $filename = ($MESSAGE->subject ? $MESSAGE->subject : 'roundcube') . $ext;
- }
-
- $filename = preg_replace('[\r\n]', '', $filename);
+ $filename = rcmail_attachment_name($part);
if ($browser->ie && $browser->ver < 7)
$filename = rawurlencode(abbreviate_string($filename, 55));
--
Gitblit v1.9.1