X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=program%2Fsteps%2Fmail%2Fget.inc;h=16f7acf63b67aa6aab2a8bf70ce4b79131dd4c80;hb=76507f7c63a660742e76889ad6e3919f3dde3bb0;hp=d20714a6cc80c6cff988b7d92140b4d27368ba53;hpb=e8a0682b96f5b7f297e58d101735ba20a0cc3a89;p=roundcube.git diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc index d20714a..16f7acf 100644 --- a/program/steps/mail/get.inc +++ b/program/steps/mail/get.inc @@ -4,8 +4,8 @@ +-----------------------------------------------------------------------+ | program/steps/mail/get.inc | | | - | This file is part of the RoundCube Webmail client | - | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland | + | This file is part of the Roundcube Webmail client | + | Copyright (C) 2005-2009, The Roundcube Dev Team | | Licensed under the GNU GPL | | | | PURPOSE: | @@ -15,14 +15,14 @@ | Author: Thomas Bruederli | +-----------------------------------------------------------------------+ - $Id: get.inc 2979 2009-09-22 07:50:32Z alec $ + $Id: get.inc 5514 2011-11-30 11:35:43Z alec $ */ // show loading page if (!empty($_GET['_preload'])) { - $url = str_replace('&_preload=1', '', $_SERVER['REQUEST_URI']); + $url = preg_replace('/[&?]+_preload=1/', '', $_SERVER['REQUEST_URI']); $message = rcube_label('loadingdata'); header('Content-Type: text/html; charset=' . RCMAIL_CHARSET); @@ -35,13 +35,35 @@ if (!empty($_GET['_preload'])) { ob_end_clean(); +// Now we need IMAP connection +if (!$RCMAIL->imap_connect()) { + // Get action is often executed simultanously. + // Some servers have MAXPERIP or other limits. + // To workaround this we'll wait for some time + // and try again (once). + // Note: Random sleep interval is used to minimize concurency + // in getting message parts + if (!isset($_GET['_redirected'])) { + usleep(rand(10,30)*100000); // 1-3 sec. + header('Location: ' . $_SERVER['REQUEST_URI'] . '&_redirected=1'); + } + else { + raise_error(array( + 'code' => 500, 'type' => 'php', + 'file' => __FILE__, 'line' => __LINE__, + 'message' => 'Unable to get/display message part. IMAP connection error'), + true, true); + } + // Don't kill session, just quit (#1486995) + exit; +} + // similar code as in program/steps/mail/show.inc if (!empty($_GET['_uid'])) { $RCMAIL->config->set('prefer_html', true); $MESSAGE = new rcube_message(get_input_value('_uid', RCUBE_INPUT_GET)); } - // show part page if (!empty($_GET['_frame'])) { $OUTPUT->send('messagepart'); @@ -49,27 +71,29 @@ if (!empty($_GET['_frame'])) { } else if ($pid = get_input_value('_part', RCUBE_INPUT_GET)) { - // TNEF encoded attachment part - if (preg_match('/^winmail\.([0-9.]+)\.([0-9]+)$/', $pid, $nt)) { - $pid = $nt[1]; $i = $nt[2]; - if ($part = $MESSAGE->mime_parts[$pid]) { - $tnef_arr = $IMAP->tnef_decode($part, $MESSAGE->uid); - if (is_a($tnef_arr[$i], 'rcube_message_part')) - $MESSAGE->mime_parts[$pid] = $tnef_arr[$i]; - } - } - + if ($part = $MESSAGE->mime_parts[$pid]) { $ctype_primary = strtolower($part->ctype_primary); $ctype_secondary = strtolower($part->ctype_secondary); $mimetype = sprintf('%s/%s', $ctype_primary, $ctype_secondary); - - $browser = new rcube_browser; - send_nocacheing_headers(); - + // allow post-processing of the message body + $plugin = $RCMAIL->plugins->exec_hook('message_part_get', + array('id' => $part->mime_id, 'mimetype' => $mimetype, 'part' => $part, 'download' => !empty($_GET['_download']))); + + if ($plugin['abort']) + exit; + + // overwrite modified vars from plugin + $mimetype = $plugin['mimetype']; + list($ctype_primary, $ctype_secondary) = explode('/', $mimetype); + if ($plugin['body']) + $part->body = $plugin['body']; + + $browser = $RCMAIL->output->browser; + // send download headers - if ($_GET['_download']) { + if ($plugin['download']) { header("Content-Type: application/octet-stream"); if ($browser->ie) header("Content-Type: application/force-download"); @@ -78,12 +102,13 @@ else if ($pid = get_input_value('_part', RCUBE_INPUT_GET)) { header("Content-Type: text/$ctype_secondary; charset=" . ($part->charset ? $part->charset : RCMAIL_CHARSET)); } else { + $mimetype = rcmail_fix_mimetype($mimetype); header("Content-Type: $mimetype"); header("Content-Transfer-Encoding: binary"); } // deliver part content - if ($ctype_primary == 'text' && $ctype_secondary == 'html') { + if ($ctype_primary == 'text' && $ctype_secondary == 'html' && empty($plugin['download'])) { // get part body if not available if (!$part->body) $part->body = $MESSAGE->get_part_content($part->mime_id); @@ -94,25 +119,39 @@ else if ($pid = get_input_value('_part', RCUBE_INPUT_GET)) { else { // don't kill the connection if download takes more than 30 sec. @set_time_limit(0); - + $filename = $part->filename ? $part->filename : ($MESSAGE->subject ? $MESSAGE->subject : 'roundcube') . '.'.$ctype_secondary; - + $filename = preg_replace('[\r\n]', '', $filename); + if ($browser->ie && $browser->ver < 7) $filename = rawurlencode(abbreviate_string($filename, 55)); else if ($browser->ie) $filename = rawurlencode($filename); else $filename = addcslashes($filename, '"'); - - $disposition = !empty($_GET['_download']) ? 'attachment' : 'inline'; - + + $disposition = !empty($plugin['download']) ? 'attachment' : 'inline'; + header("Content-Disposition: $disposition; filename=\"$filename\""); - - // turn off output buffering and print part content - if ($part->body) - echo $part->body; - else if ($part->size) - $IMAP->get_message_part($MESSAGE->uid, $part->mime_id, $part, true); + + // do content filtering to avoid XSS through fake images + if (!empty($_REQUEST['_embed']) && $browser->ie && $browser->ver <= 8) { + if ($part->body) + echo preg_match('/<(script|iframe|object)/i', $part->body) ? '' : $part->body; + else if ($part->size) { + $stdout = fopen('php://output', 'w'); + stream_filter_register('rcube_content', 'rcube_content_filter') or die('Failed to register content filter'); + stream_filter_append($stdout, 'rcube_content'); + $IMAP->get_message_part($MESSAGE->uid, $part->mime_id, $part, false, $stdout); + } + } + else { + // turn off output buffering and print part content + if ($part->body) + echo $part->body; + else if ($part->size) + $IMAP->get_message_part($MESSAGE->uid, $part->mime_id, $part, true); + } } exit; @@ -139,4 +178,40 @@ else { header('HTTP/1.1 404 Not Found'); exit; -?> + + +/** + * PHP stream filter to detect html/javascript code in attachments + */ +class rcube_content_filter extends php_user_filter +{ + private $buffer = ''; + private $cutoff = 2048; + + function onCreate() + { + $this->cutoff = rand(2048, 3027); + return true; + } + + function filter($in, $out, &$consumed, $closing) + { + while ($bucket = stream_bucket_make_writeable($in)) { + $this->buffer .= $bucket->data; + + // check for evil content and abort + if (preg_match('/<(script|iframe|object)/i', $this->buffer)) + return PSFS_ERR_FATAL; + + // keep buffer small enough + if (strlen($this->buffer) > 4096) + $this->buffer = substr($this->buffer, $this->cutoff); + + $consumed += $bucket->datalen; + stream_bucket_append($out, $bucket); + } + + return PSFS_PASS_ON; + } +} +