|
0
|
1 <?php
|
|
|
2
|
|
|
3 /**
|
|
|
4 +-----------------------------------------------------------------------+
|
|
|
5 | program/steps/mail/get.inc |
|
|
|
6 | |
|
|
|
7 | This file is part of the Roundcube Webmail client |
|
|
|
8 | Copyright (C) 2005-2016, The Roundcube Dev Team |
|
|
|
9 | |
|
|
|
10 | Licensed under the GNU General Public License version 3 or |
|
|
|
11 | any later version with exceptions for skins & plugins. |
|
|
|
12 | See the README file for a full license statement. |
|
|
|
13 | |
|
|
|
14 | PURPOSE: |
|
|
|
15 | Delivering a specific uploaded file or mail message attachment |
|
|
|
16 | |
|
|
|
17 +-----------------------------------------------------------------------+
|
|
|
18 | Author: Thomas Bruederli <roundcube@gmail.com> |
|
|
|
19 | Author: Aleksander Machniak <alec@alec.pl> |
|
|
|
20 +-----------------------------------------------------------------------+
|
|
|
21 */
|
|
|
22
|
|
|
23
|
|
|
24 // show loading page
|
|
|
25 if (!empty($_GET['_preload'])) {
|
|
|
26 unset($_GET['_preload']);
|
|
|
27 unset($_GET['_safe']);
|
|
|
28
|
|
|
29 $url = $RCMAIL->url($_GET + array('_mimewarning' => 1, '_embed' => 1));
|
|
|
30 $message = $RCMAIL->gettext('loadingdata');
|
|
|
31
|
|
|
32 header('Content-Type: text/html; charset=' . RCUBE_CHARSET);
|
|
|
33 print "<html>\n<head>\n"
|
|
|
34 . '<meta http-equiv="refresh" content="0; url='.rcube::Q($url).'">' . "\n"
|
|
|
35 . '<meta http-equiv="content-type" content="text/html; charset='.RCUBE_CHARSET.'">' . "\n"
|
|
|
36 . "</head>\n<body>\n$message\n</body>\n</html>";
|
|
|
37 exit;
|
|
|
38 }
|
|
|
39
|
|
|
40 $attachment = new rcmail_attachment_handler;
|
|
|
41 $mimetype = $attachment->mimetype;
|
|
|
42 $filename = $attachment->filename;
|
|
|
43
|
|
|
44 // show part page
|
|
|
45 if (!empty($_GET['_frame'])) {
|
|
|
46 $OUTPUT->set_pagetitle($filename);
|
|
|
47
|
|
|
48 // register UI objects
|
|
|
49 $OUTPUT->add_handlers(array(
|
|
|
50 'messagepartframe' => 'rcmail_message_part_frame',
|
|
|
51 'messagepartcontrols' => 'rcmail_message_part_controls',
|
|
|
52 ));
|
|
|
53
|
|
|
54 $part_id = rcube_utils::get_input_value('_part', rcube_utils::INPUT_GET);
|
|
|
55 $uid = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_GET);
|
|
|
56
|
|
|
57 // message/rfc822 preview (Note: handle also multipart/ parts, they can
|
|
|
58 // come from Enigma, which replaces message/rfc822 with real mimetype)
|
|
|
59 if ($part_id && ($mimetype == 'message/rfc822' || strpos($mimetype, 'multipart/') === 0)) {
|
|
|
60 $uid = preg_replace('/\.[0-9.]+/', '', $uid);
|
|
|
61 $uid .= '.' . $part_id;
|
|
|
62
|
|
|
63 $OUTPUT->set_env('is_message', true);
|
|
|
64 }
|
|
|
65
|
|
|
66 $OUTPUT->set_env('mailbox', $RCMAIL->storage->get_folder());
|
|
|
67 $OUTPUT->set_env('uid', $uid);
|
|
|
68 $OUTPUT->set_env('part', $part_id);
|
|
|
69 $OUTPUT->set_env('filename', $filename);
|
|
|
70 $OUTPUT->set_env('mimetype', $mimetype);
|
|
|
71
|
|
|
72 $OUTPUT->send('messagepart');
|
|
|
73 exit;
|
|
|
74 }
|
|
|
75
|
|
|
76 // render thumbnail of an image attachment
|
|
|
77 if (!empty($_GET['_thumb']) && $attachment->is_valid()) {
|
|
|
78 $thumbnail_size = $RCMAIL->config->get('image_thumbnail_size', 240);
|
|
|
79 $temp_dir = $RCMAIL->config->get('temp_dir');
|
|
|
80 $file_ident = $attachment->ident;
|
|
|
81 $cache_basename = $temp_dir . '/' . md5($file_ident . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size);
|
|
|
82 $cache_file = $cache_basename . '.thumb';
|
|
|
83
|
|
|
84 // render thumbnail image if not done yet
|
|
|
85 if (!is_file($cache_file) && $attachment->body_to_file($orig_name = $cache_basename . '.tmp')) {
|
|
|
86 $image = new rcube_image($orig_name);
|
|
|
87
|
|
|
88 if ($imgtype = $image->resize($thumbnail_size, $cache_file, true)) {
|
|
|
89 $mimetype = 'image/' . $imgtype;
|
|
|
90 }
|
|
|
91 else {
|
|
|
92 // Resize failed, we need to check the file mimetype
|
|
|
93 // So, we do not exit here, but goto generic file body handler below
|
|
|
94 $_GET['_thumb'] = 0;
|
|
|
95 $_REQUEST['_embed'] = 1;
|
|
|
96 }
|
|
|
97 }
|
|
|
98
|
|
|
99 if (!empty($_GET['_thumb'])) {
|
|
|
100 if (is_file($cache_file)) {
|
|
|
101 $RCMAIL->output->future_expire_header(3600);
|
|
|
102 header('Content-Type: ' . $mimetype);
|
|
|
103 header('Content-Length: ' . filesize($cache_file));
|
|
|
104 readfile($cache_file);
|
|
|
105 }
|
|
|
106
|
|
|
107 exit;
|
|
|
108 }
|
|
|
109 }
|
|
|
110
|
|
|
111 // Handle attachment body (display or download)
|
|
|
112 if (empty($_GET['_thumb']) && $attachment->is_valid()) {
|
|
|
113 // require CSRF protected url for downloads
|
|
|
114 if (!empty($_GET['_download'])) {
|
|
|
115 $RCMAIL->request_security_check(rcube_utils::INPUT_GET);
|
|
|
116 }
|
|
|
117
|
|
|
118 $extensions = rcube_mime::get_mime_extensions($mimetype);
|
|
|
119
|
|
|
120 // compare file mimetype with the stated content-type headers and file extension to avoid malicious operations
|
|
|
121 if (!empty($_REQUEST['_embed']) && empty($_REQUEST['_nocheck'])) {
|
|
|
122 $file_extension = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
|
|
|
123
|
|
|
124 // 1. compare filename suffix with expected suffix derived from mimetype
|
|
|
125 $valid = $file_extension && in_array($file_extension, (array)$extensions) || empty($extensions) || !empty($_REQUEST['_mimeclass']);
|
|
|
126
|
|
|
127 // 2. detect the real mimetype of the attachment part and compare it with the stated mimetype and filename extension
|
|
|
128 if ($valid || !$file_extension || $mimetype == 'application/octet-stream' || stripos($mimetype, 'text/') === 0) {
|
|
|
129 $tmp_body = $attachment->body(2048);
|
|
|
130
|
|
|
131 // detect message part mimetype
|
|
|
132 $real_mimetype = rcube_mime::file_content_type($tmp_body, $filename, $mimetype, true, true);
|
|
|
133 list($real_ctype_primary, $real_ctype_secondary) = explode('/', $real_mimetype);
|
|
|
134
|
|
|
135 // accept text/plain with any extension
|
|
|
136 if ($real_mimetype == 'text/plain' && $real_mimetype == $mimetype) {
|
|
|
137 $valid_extension = true;
|
|
|
138 }
|
|
|
139 // ignore differences in text/* mimetypes. Filetype detection isn't very reliable here
|
|
|
140 else if ($real_ctype_primary == 'text' && strpos($mimetype, $real_ctype_primary) === 0) {
|
|
|
141 $real_mimetype = $mimetype;
|
|
|
142 $valid_extension = true;
|
|
|
143 }
|
|
|
144 // ignore filename extension if mimeclass matches (#1489029)
|
|
|
145 else if (!empty($_REQUEST['_mimeclass']) && $real_ctype_primary == $_REQUEST['_mimeclass']) {
|
|
|
146 $valid_extension = true;
|
|
|
147 }
|
|
|
148 else {
|
|
|
149 // get valid file extensions
|
|
|
150 $extensions = rcube_mime::get_mime_extensions($real_mimetype);
|
|
|
151 $valid_extension = !$file_extension || empty($extensions) || in_array($file_extension, (array)$extensions);
|
|
|
152 }
|
|
|
153
|
|
|
154 // fix mimetype for images wrongly declared as octet-stream
|
|
|
155 if ($mimetype == 'application/octet-stream' && strpos($real_mimetype, 'image/') === 0 && $valid_extension) {
|
|
|
156 $mimetype = $real_mimetype;
|
|
|
157 }
|
|
|
158 // fix mimetype for images with wrong mimetype
|
|
|
159 else if (strpos($real_mimetype, 'image/') === 0 && strpos($mimetype, 'image/') === 0) {
|
|
|
160 $mimetype = $real_mimetype;
|
|
|
161 }
|
|
|
162
|
|
|
163 // "fix" real mimetype the same way the original is before comparison
|
|
|
164 $real_mimetype = rcmail_fix_mimetype($real_mimetype);
|
|
|
165
|
|
|
166 $valid = $real_mimetype == $mimetype && $valid_extension;
|
|
|
167 }
|
|
|
168 else {
|
|
|
169 $real_mimetype = $mimetype;
|
|
|
170 }
|
|
|
171
|
|
|
172 // show warning if validity checks failed
|
|
|
173 if (!$valid) {
|
|
|
174 // send blocked.gif for expected images
|
|
|
175 if (empty($_REQUEST['_mimewarning']) && strpos($mimetype, 'image/') === 0) {
|
|
|
176 // Do not cache. Failure might be the result of a misconfiguration, thus real content should be returned once fixed.
|
|
|
177 $content = $RCMAIL->get_resource_content('blocked.gif');
|
|
|
178 $OUTPUT->nocacheing_headers();
|
|
|
179 header("Content-Type: image/gif");
|
|
|
180 header("Content-Transfer-Encoding: binary");
|
|
|
181 header("Content-Length: " . strlen($content));
|
|
|
182 echo $content;
|
|
|
183 }
|
|
|
184 else { // html warning with a button to load the file anyway
|
|
|
185 $OUTPUT = new rcmail_html_page();
|
|
|
186 $OUTPUT->write(html::tag('html', null, html::tag('body', 'embed',
|
|
|
187 html::div(array('class' => 'rcmail-inline-message rcmail-inline-warning'),
|
|
|
188 $RCMAIL->gettext(array(
|
|
|
189 'name' => 'attachmentvalidationerror',
|
|
|
190 'vars' => array(
|
|
|
191 'expected' => $mimetype . ($file_extension ? " (.$file_extension)" : ''),
|
|
|
192 'detected' => $real_mimetype . ($extensions[0] ? " (.$extensions[0])" : ''),
|
|
|
193 )
|
|
|
194 ))
|
|
|
195 . html::p(array('class' => 'rcmail-inline-buttons'),
|
|
|
196 html::tag('button', array(
|
|
|
197 'onclick' => "location.href='" . $RCMAIL->url(array_merge($_GET, array('_nocheck' => 1))) . "'"
|
|
|
198 ),
|
|
|
199 $RCMAIL->gettext('showanyway'))
|
|
|
200 )
|
|
|
201 ))));
|
|
|
202 }
|
|
|
203
|
|
|
204 exit;
|
|
|
205 }
|
|
|
206 }
|
|
|
207
|
|
|
208 // TIFF/WEBP to JPEG conversion, if needed
|
|
|
209 foreach (array('tiff', 'webp') as $type) {
|
|
|
210 $img_support = !empty($_SESSION['browser_caps']) && !empty($_SESSION['browser_caps'][$type]);
|
|
|
211 if (!empty($_REQUEST['_embed']) && !$img_support
|
|
|
212 && $attachment->image_type() == 'image/' . $type
|
|
|
213 && rcube_image::is_convertable('image/' . $type)
|
|
|
214 ) {
|
|
|
215 $convert2jpeg = true;
|
|
|
216 $mimetype = 'image/jpeg';
|
|
|
217 break;
|
|
|
218 }
|
|
|
219 }
|
|
|
220
|
|
|
221 $browser = $RCMAIL->output->browser;
|
|
|
222 list($ctype_primary, $ctype_secondary) = explode('/', $mimetype);
|
|
|
223
|
|
|
224 if (!empty($_GET['_download']) && $ctype_primary == 'text') {
|
|
|
225 header("Content-Type: text/$ctype_secondary; charset=" . $attachment->charset);
|
|
|
226 }
|
|
|
227 else {
|
|
|
228 header("Content-Type: $mimetype");
|
|
|
229 header("Content-Transfer-Encoding: binary");
|
|
|
230 }
|
|
|
231
|
|
|
232 // deliver part content
|
|
|
233 if ($mimetype == 'text/html' && empty($_GET['_download'])) {
|
|
|
234 // Check if we have enough memory to handle the message in it
|
|
|
235 // #1487424: we need up to 10x more memory than the body
|
|
|
236 if (!rcube_utils::mem_check($attachment->size * 10)) {
|
|
|
237 $out = '<html><body>'
|
|
|
238 . $RCMAIL->gettext('messagetoobig'). ' '
|
|
|
239 . html::a($RCMAIL->url(array_merge($_GET, array('download' => 1))), $RCMAIL->gettext('download'))
|
|
|
240 . '</body></html>';
|
|
|
241 }
|
|
|
242 else {
|
|
|
243 // render HTML body
|
|
|
244 $out = $attachment->html();
|
|
|
245
|
|
|
246 // insert remote objects warning into HTML body
|
|
|
247 if ($REMOTE_OBJECTS) {
|
|
|
248 $body_start = 0;
|
|
|
249 if ($body_pos = strpos($out, '<body')) {
|
|
|
250 $body_start = strpos($out, '>', $body_pos) + 1;
|
|
|
251 }
|
|
|
252
|
|
|
253 $out = substr($out, 0, $body_start)
|
|
|
254 . html::div(array('class' => 'rcmail-inline-message rcmail-inline-warning'),
|
|
|
255 rcube::Q($RCMAIL->gettext('blockedimages')) . ' ' .
|
|
|
256 html::tag('button',
|
|
|
257 array('onclick' => "location.href='" . $RCMAIL->url(array_merge($_GET, array('_safe' => 1))) . "'"),
|
|
|
258 rcube::Q($RCMAIL->gettext('showimages')))
|
|
|
259 )
|
|
|
260 . substr($out, $body_start);
|
|
|
261 }
|
|
|
262 }
|
|
|
263
|
|
|
264 $OUTPUT = new rcmail_html_page();
|
|
|
265 $OUTPUT->write($out);
|
|
|
266 exit;
|
|
|
267 }
|
|
|
268
|
|
|
269 // don't kill the connection if download takes some more time
|
|
|
270 @set_time_limit(3600);
|
|
|
271
|
|
|
272 $filename = $browser->ie ? rawurlencode($filename) : addcslashes($filename, '"');
|
|
|
273 $disposition = !empty($_GET['_download']) ? 'attachment' : 'inline';
|
|
|
274
|
|
|
275 // add filename extension if missing
|
|
|
276 if (!pathinfo($filename, PATHINFO_EXTENSION) && ($extensions = rcube_mime::get_mime_extensions($mimetype))) {
|
|
|
277 $filename .= '.' . $extensions[0];
|
|
|
278 }
|
|
|
279
|
|
|
280 header("Content-Disposition: $disposition; filename=\"$filename\"");
|
|
|
281
|
|
|
282 // handle tiff to jpeg conversion
|
|
|
283 if (!empty($convert2jpeg)) {
|
|
|
284 $temp_dir = unslashify($RCMAIL->config->get('temp_dir'));
|
|
|
285 $file_path = tempnam($temp_dir, 'rcmAttmnt');
|
|
|
286
|
|
|
287 // convert image to jpeg and send it to the browser
|
|
|
288 if ($attachment->body_to_file($file_path)) {
|
|
|
289 $image = new rcube_image($file_path);
|
|
|
290 if ($image->convert(rcube_image::TYPE_JPG, $file_path)) {
|
|
|
291 header("Content-Length: " . filesize($file_path));
|
|
|
292 readfile($file_path);
|
|
|
293 }
|
|
|
294 }
|
|
|
295 }
|
|
|
296 else {
|
|
|
297 $attachment->output($mimetype);
|
|
|
298 }
|
|
|
299
|
|
|
300 exit;
|
|
|
301 }
|
|
|
302
|
|
|
303 // if we arrive here, the requested part was not found
|
|
|
304 header('HTTP/1.1 404 Not Found');
|
|
|
305 exit;
|
|
|
306
|
|
|
307
|
|
|
308 /**
|
|
|
309 * Attachment properties table
|
|
|
310 */
|
|
|
311 function rcmail_message_part_controls($attrib)
|
|
|
312 {
|
|
|
313 global $attachment, $RCMAIL;
|
|
|
314
|
|
|
315 if (!$attachment->is_valid()) {
|
|
|
316 return '';
|
|
|
317 }
|
|
|
318
|
|
|
319 $table = new html_table(array('cols' => 2));
|
|
|
320
|
|
|
321 $table->add('title', rcube::Q($RCMAIL->gettext('namex')).':');
|
|
|
322 $table->add('header', rcube::Q($attachment->filename));
|
|
|
323
|
|
|
324 $table->add('title', rcube::Q($RCMAIL->gettext('type')).':');
|
|
|
325 $table->add('header', rcube::Q($attachment->mimetype));
|
|
|
326
|
|
|
327 $table->add('title', rcube::Q($RCMAIL->gettext('size')).':');
|
|
|
328 $table->add('header', rcube::Q($attachment->size()));
|
|
|
329
|
|
|
330 return $table->show($attrib);
|
|
|
331 }
|
|
|
332
|
|
|
333 /**
|
|
|
334 * Attachment preview frame
|
|
|
335 */
|
|
|
336 function rcmail_message_part_frame($attrib)
|
|
|
337 {
|
|
|
338 global $RCMAIL;
|
|
|
339
|
|
|
340 if ($RCMAIL->output->get_env('is_message')) {
|
|
|
341 $attrib['src'] = $RCMAIL->url(array(
|
|
|
342 'task' => 'mail',
|
|
|
343 'action' => 'preview',
|
|
|
344 'uid' => $RCMAIL->output->get_env('uid'),
|
|
|
345 'mbox' => $RCMAIL->output->get_env('mailbox'),
|
|
|
346 'framed' => 1,
|
|
|
347 ));
|
|
|
348 }
|
|
|
349 else {
|
|
|
350 $mimetype = $RCMAIL->output->get_env('mimetype');
|
|
|
351 $frame_replace = strpos($mimetype, 'text/') === 0 ? '_embed=' : '_preload=';
|
|
|
352 $attrib['src'] = './?' . str_replace('_frame=', $frame_replace, $_SERVER['QUERY_STRING']);
|
|
|
353 }
|
|
|
354
|
|
|
355 $RCMAIL->output->add_gui_object('messagepartframe', $attrib['id']);
|
|
|
356
|
|
|
357 return html::iframe($attrib);
|
|
|
358 }
|
|
|
359
|
|
|
360 /**
|
|
|
361 * Wrapper class with unified access to attachment properties and body
|
|
|
362 *
|
|
|
363 * Unified for message parts as well as uploaded attachments
|
|
|
364 */
|
|
|
365 class rcmail_attachment_handler
|
|
|
366 {
|
|
|
367 public $filename;
|
|
|
368 public $size;
|
|
|
369 public $mimetype;
|
|
|
370 public $ident;
|
|
|
371 public $charset = RCUBE_CHARSET;
|
|
|
372
|
|
|
373 private $message;
|
|
|
374 private $part;
|
|
|
375 private $upload;
|
|
|
376 private $body;
|
|
|
377 private $body_file;
|
|
|
378 private $download = false;
|
|
|
379
|
|
|
380 /**
|
|
|
381 * Class constructor.
|
|
|
382 * Reads request parameters and initializes attachment/part props.
|
|
|
383 */
|
|
|
384 public function __construct()
|
|
|
385 {
|
|
|
386 ob_end_clean();
|
|
|
387
|
|
|
388 $part_id = rcube_utils::get_input_value('_part', rcube_utils::INPUT_GET);
|
|
|
389 $file_id = rcube_utils::get_input_value('_file', rcube_utils::INPUT_GET);
|
|
|
390 $compose_id = rcube_utils::get_input_value('_id', rcube_utils::INPUT_GET);
|
|
|
391 $uid = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_GET);
|
|
|
392 $rcube = rcube::get_instance();
|
|
|
393
|
|
|
394 $this->download = !empty($_GET['_download']);
|
|
|
395
|
|
|
396 // similar code as in program/steps/mail/show.inc
|
|
|
397 if (!empty($uid)) {
|
|
|
398 $rcube->config->set('prefer_html', true);
|
|
|
399 $this->message = new rcube_message($uid, null, intval($_GET['_safe']));
|
|
|
400
|
|
|
401 if ($this->part = $this->message->mime_parts[$part_id]) {
|
|
|
402 $this->filename = rcmail_attachment_name($this->part);
|
|
|
403 $this->mimetype = $this->part->mimetype;
|
|
|
404 $this->size = $this->part->size;
|
|
|
405 $this->ident = $this->message->headers->messageID . ':' . $this->part->mime_id . ':' . $this->size . ':' . $this->mimetype;
|
|
|
406 $this->charset = $this->part->charset ?: RCUBE_CHARSET;
|
|
|
407
|
|
|
408 if (empty($_GET['_frame'])) {
|
|
|
409 // allow post-processing of the attachment body
|
|
|
410 $plugin = $rcube->plugins->exec_hook('message_part_get', array(
|
|
|
411 'uid' => $uid,
|
|
|
412 'id' => $this->part->mime_id,
|
|
|
413 'mimetype' => $this->mimetype,
|
|
|
414 'part' => $this->part,
|
|
|
415 'download' => $this->download,
|
|
|
416 ));
|
|
|
417
|
|
|
418 if ($plugin['abort']) {
|
|
|
419 exit;
|
|
|
420 }
|
|
|
421
|
|
|
422 // overwrite modified vars from plugin
|
|
|
423 $this->mimetype = $plugin['mimetype'];
|
|
|
424
|
|
|
425 if ($plugin['body']) {
|
|
|
426 $this->body = $plugin['body'];
|
|
|
427 $this->size = strlen($this->body);
|
|
|
428 }
|
|
|
429 }
|
|
|
430 }
|
|
|
431 }
|
|
|
432 else if ($file_id && $compose_id) {
|
|
|
433 $file_id = preg_replace('/^rcmfile/', '', $file_id);
|
|
|
434
|
|
|
435 if (($compose = $_SESSION['compose_data_' . $compose_id])
|
|
|
436 && ($this->upload = $compose['attachments'][$file_id])
|
|
|
437 ) {
|
|
|
438 $this->filename = $this->upload['name'];
|
|
|
439 $this->mimetype = $this->upload['mimetype'];
|
|
|
440 $this->size = $this->upload['size'];
|
|
|
441 $this->ident = sprintf('%s:%s%s', $compose_id, $file_id, $this->size);
|
|
|
442 $this->charset = $this->upload['charset'] ?: RCUBE_CHARSET;
|
|
|
443 }
|
|
|
444 }
|
|
|
445
|
|
|
446 if (empty($this->part) && empty($this->upload)) {
|
|
|
447 header('HTTP/1.1 404 Not Found');
|
|
|
448 exit;
|
|
|
449 }
|
|
|
450
|
|
|
451 // check connection status
|
|
|
452 self::check_storage_status();
|
|
|
453
|
|
|
454 $this->mimetype = rcmail_fix_mimetype($this->mimetype);
|
|
|
455 }
|
|
|
456
|
|
|
457 /**
|
|
|
458 * Remove temp files, etc.
|
|
|
459 */
|
|
|
460 public function __destruct()
|
|
|
461 {
|
|
|
462 if ($this->body_file) {
|
|
|
463 @unlink($this->body_file);
|
|
|
464 }
|
|
|
465 }
|
|
|
466
|
|
|
467 /**
|
|
|
468 * Check if the object is a message part not uploaded file
|
|
|
469 *
|
|
|
470 * @return bool True if the object is a meesage part
|
|
|
471 */
|
|
|
472 public function is_message_part()
|
|
|
473 {
|
|
|
474 return !empty($this->message);
|
|
|
475 }
|
|
|
476
|
|
|
477 /**
|
|
|
478 * Object/request status
|
|
|
479 *
|
|
|
480 * @return bool Status
|
|
|
481 */
|
|
|
482 public function is_valid()
|
|
|
483 {
|
|
|
484 return !empty($this->part) || !empty($this->upload);
|
|
|
485 }
|
|
|
486
|
|
|
487 /**
|
|
|
488 * Return attachment/part mimetype if this is an image
|
|
|
489 * of supported type.
|
|
|
490 *
|
|
|
491 * @return string Image mimetype
|
|
|
492 */
|
|
|
493 public function image_type()
|
|
|
494 {
|
|
|
495 $part = (object) array(
|
|
|
496 'filename' => $this->filename,
|
|
|
497 'mimetype' => $this->mimetype,
|
|
|
498 );
|
|
|
499
|
|
|
500 return rcmail_part_image_type($part);
|
|
|
501 }
|
|
|
502
|
|
|
503 /**
|
|
|
504 * Formatted attachment/part size (with units)
|
|
|
505 *
|
|
|
506 * @return string Attachment/part size (with units)
|
|
|
507 */
|
|
|
508 public function size()
|
|
|
509 {
|
|
|
510 $part = $this->part ?: ((object) array('size' => $this->size, 'exact_size' => true));
|
|
|
511 return rcube::get_instance()->message_part_size($part);
|
|
|
512 }
|
|
|
513
|
|
|
514 /**
|
|
|
515 * Returns, prints or saves the attachment/part body
|
|
|
516 */
|
|
|
517 public function body($size = null, $fp = null)
|
|
|
518 {
|
|
|
519 // we may have the body in memory or file already
|
|
|
520 if ($this->body !== null) {
|
|
|
521 if ($fp == -1) {
|
|
|
522 echo $size ? substr($this->body, 0, $size) : $this->body;
|
|
|
523 }
|
|
|
524 else if ($fp) {
|
|
|
525 $result = fwrite($fp, $size ? substr($this->body, $size) : $this->body) !== false;
|
|
|
526 }
|
|
|
527 else {
|
|
|
528 $result = $size ? substr($this->body, 0, $size) : $this->body;
|
|
|
529 }
|
|
|
530 }
|
|
|
531 else if ($this->body_file) {
|
|
|
532 if ($size) {
|
|
|
533 $result = file_get_contents($this->body_file, false, null, 0, $size);
|
|
|
534 }
|
|
|
535 else {
|
|
|
536 $result = file_get_contents($this->body_file);
|
|
|
537 }
|
|
|
538
|
|
|
539 if ($fp == -1) {
|
|
|
540 echo $result;
|
|
|
541 }
|
|
|
542 else if ($fp) {
|
|
|
543 $result = fwrite($fp, $result) !== false;
|
|
|
544 }
|
|
|
545 }
|
|
|
546 else if ($this->message) {
|
|
|
547 $result = $this->message->get_part_body($this->part->mime_id, false, 0, $fp);
|
|
|
548
|
|
|
549 // check connection status
|
|
|
550 if (!$fp && $this->size && empty($result)) {
|
|
|
551 self::check_storage_status();
|
|
|
552 }
|
|
|
553 }
|
|
|
554 else if ($this->upload) {
|
|
|
555 // This hook retrieves the attachment contents from the file storage backend
|
|
|
556 $attachment = rcube::get_instance()->plugins->exec_hook('attachment_get', $this->upload);
|
|
|
557
|
|
|
558 if ($fp && $fp != -1) {
|
|
|
559 if ($attachment['data']) {
|
|
|
560 $result = fwrite($fp, $size ? substr($attachment['data'], 0, $size) : $attachment['data']) !== false;
|
|
|
561 }
|
|
|
562 else if ($attachment['path']) {
|
|
|
563 if ($fh = fopen($attachment['path'], 'rb')) {
|
|
|
564 $result = stream_copy_to_stream($fh, $fp, $size ? $size : -1);
|
|
|
565 }
|
|
|
566 }
|
|
|
567 }
|
|
|
568 else {
|
|
|
569 $data = $attachment['data'];
|
|
|
570 if (!$data && $attachment['path']) {
|
|
|
571 $data = file_get_contents($attachment['path']);
|
|
|
572 }
|
|
|
573
|
|
|
574 if ($fp == -1) {
|
|
|
575 echo $size ? substr($data, 0, $size) : $data;
|
|
|
576 }
|
|
|
577 else {
|
|
|
578 $result = $size ? substr($data, 0, $size) : $data;
|
|
|
579 }
|
|
|
580 }
|
|
|
581 }
|
|
|
582
|
|
|
583 return $result;
|
|
|
584 }
|
|
|
585
|
|
|
586 /**
|
|
|
587 * Save the body to a file
|
|
|
588 *
|
|
|
589 * @param string $filename File name with path
|
|
|
590 *
|
|
|
591 * @return bool True on success, False on failure
|
|
|
592 */
|
|
|
593 public function body_to_file($filename)
|
|
|
594 {
|
|
|
595 if ($filename && $this->size && ($fp = fopen($filename, 'w'))) {
|
|
|
596 $this->body(0, $fp);
|
|
|
597 $this->body_file = $filename;
|
|
|
598 fclose($fp);
|
|
|
599 @chmod(filename, 0600);
|
|
|
600
|
|
|
601 return true;
|
|
|
602 }
|
|
|
603
|
|
|
604 return false;
|
|
|
605 }
|
|
|
606
|
|
|
607 /**
|
|
|
608 * Output attachment body with content filtering
|
|
|
609 */
|
|
|
610 public function output($mimetype)
|
|
|
611 {
|
|
|
612 if (!$this->size) {
|
|
|
613 return false;
|
|
|
614 }
|
|
|
615
|
|
|
616 $secure = stripos($mimetype, 'image/') === false || $this->download;
|
|
|
617
|
|
|
618 // Remove <script> in SVG images
|
|
|
619 if (!$secure && stripos($mimetype, 'image/svg') === 0) {
|
|
|
620 if (!$this->body) {
|
|
|
621 $this->body = $this->body();
|
|
|
622 if (empty($this->body)) {
|
|
|
623 return false;
|
|
|
624 }
|
|
|
625 }
|
|
|
626
|
|
|
627 echo self::svg_filter($this->body);
|
|
|
628 return true;
|
|
|
629 }
|
|
|
630
|
|
|
631 if ($this->body !== null && !$this->download) {
|
|
|
632 header("Content-Length: " . strlen($this->body));
|
|
|
633 echo $this->body;
|
|
|
634 return true;
|
|
|
635 }
|
|
|
636
|
|
|
637 // Don't be tempted to set Content-Length to $part->d_parameters['size'] (#1490482)
|
|
|
638 // RFC2183 says "The size parameter indicates an approximate size"
|
|
|
639
|
|
|
640 return $this->body(0, -1);
|
|
|
641 }
|
|
|
642
|
|
|
643 /**
|
|
|
644 * Returns formatted HTML if the attachment is HTML
|
|
|
645 */
|
|
|
646 public function html()
|
|
|
647 {
|
|
|
648 list($type, $subtype) = explode($this->mimetype, '/');
|
|
|
649 $part = (object) array(
|
|
|
650 'charset' => $this->charset,
|
|
|
651 'ctype_secondary' => $subtype,
|
|
|
652 );
|
|
|
653
|
|
|
654 // get part body if not available
|
|
|
655 // fix formatting and charset
|
|
|
656 $body = rcube_message::format_part_body($this->body(), $part);
|
|
|
657
|
|
|
658 // show images?
|
|
|
659 $is_safe = $this->is_safe();
|
|
|
660
|
|
|
661 return rcmail_wash_html($body, array('safe' => $is_safe, 'inline_html' => false));
|
|
|
662 }
|
|
|
663
|
|
|
664 /**
|
|
|
665 * Remove <script> in SVG images
|
|
|
666 */
|
|
|
667 public static function svg_filter($body)
|
|
|
668 {
|
|
|
669 // clean SVG with washtml
|
|
|
670 $wash_opts = array(
|
|
|
671 'show_washed' => false,
|
|
|
672 'allow_remote' => false,
|
|
|
673 'charset' => RCUBE_CHARSET,
|
|
|
674 'html_elements' => array('title'),
|
|
|
675 // 'blocked_src' => 'program/resources/blocked.gif',
|
|
|
676 );
|
|
|
677
|
|
|
678 // initialize HTML washer
|
|
|
679 $washer = new rcube_washtml($wash_opts);
|
|
|
680
|
|
|
681 // allow CSS styles, will be sanitized by rcmail_washtml_callback()
|
|
|
682 $washer->add_callback('style', 'rcmail_washtml_callback');
|
|
|
683
|
|
|
684 return $washer->wash($body);
|
|
|
685 }
|
|
|
686
|
|
|
687 /**
|
|
|
688 * Handles nicely storage connection errors
|
|
|
689 */
|
|
|
690 public static function check_storage_status()
|
|
|
691 {
|
|
|
692 $error = rcmail::get_instance()->storage->get_error_code();
|
|
|
693
|
|
|
694 // Check if we have a connection error
|
|
|
695 if ($error == rcube_imap_generic::ERROR_BAD) {
|
|
|
696 ob_end_clean();
|
|
|
697
|
|
|
698 // Get action is often executed simultaneously.
|
|
|
699 // Some servers have MAXPERIP or other limits.
|
|
|
700 // To workaround this we'll wait for some time
|
|
|
701 // and try again (once).
|
|
|
702 // Note: Random sleep interval is used to minimize concurency
|
|
|
703 // in getting message parts
|
|
|
704
|
|
|
705 if (!isset($_GET['_redirected'])) {
|
|
|
706 usleep(rand(10,30)*100000); // 1-3 sec.
|
|
|
707 header('Location: ' . $_SERVER['REQUEST_URI'] . '&_redirected=1');
|
|
|
708 }
|
|
|
709 else {
|
|
|
710 rcube::raise_error(array(
|
|
|
711 'code' => 500, 'file' => __FILE__, 'line' => __LINE__,
|
|
|
712 'message' => 'Unable to get/display message part. IMAP connection error'),
|
|
|
713 true, true);
|
|
|
714 }
|
|
|
715
|
|
|
716 // Don't kill session, just quit (#1486995)
|
|
|
717 exit;
|
|
|
718 }
|
|
|
719 }
|
|
|
720
|
|
|
721 public function is_safe()
|
|
|
722 {
|
|
|
723 if ($this->message) {
|
|
|
724 return rcmail_check_safe($this->message);
|
|
|
725 }
|
|
|
726
|
|
|
727 return !empty($_GET['_safe']);
|
|
|
728 }
|
|
|
729 }
|
