source: github/program/steps/mail/get.inc @ 21e7241

HEADcourier-fixdev-browser-capabilitiespdorelease-0.6release-0.7release-0.8
Last change on this file since 21e7241 was 21e7241, checked in by thomascube <thomas@…>, 5 years ago

Improve HTML sanitization with washtml
  • Property mode set to 100644
File size: 4.4 KB
Line 
1<?php
2
3/*
4 +-----------------------------------------------------------------------+
5 | program/steps/mail/get.inc                                            |
6 |                                                                       |
7 | This file is part of the RoundCube Webmail client                     |
8 | Copyright (C) 2005-2008, RoundCube Dev. - Switzerland                 |
9 | Licensed under the GNU GPL                                            |
10 |                                                                       |
11 | PURPOSE:                                                              |
12 |   Delivering a specific part of a mail message                        |
13 |                                                                       |
14 +-----------------------------------------------------------------------+
15 | Author: Thomas Bruederli <roundcube@gmail.com>                        |
16 +-----------------------------------------------------------------------+
17
18 $Id$
19
20*/
21
22require_once('Mail/mimeDecode.php');
23
24
25// show loading page
26if (!empty($_GET['_preload'])) {
27  $url = str_replace('&_preload=1', '', $_SERVER['REQUEST_URI']);
28  $message = rcube_label('loadingdata');
29
30  print "<html>\n<head>\n" .
31        '<meta http-equiv="refresh" content="0; url='.Q($url).'">' .
32        "\n</head>\n<body>" .
33        $message .
34        "\n</body>\n</html>";
35  exit;
36}
37
38
39// similar code as in program/steps/mail/show.inc
40if (!empty($_GET['_uid'])) {
41  $RCMAIL->config->set('prefer_html', true);
42  $MESSAGE = new rcube_message(get_input_value('_uid', RCUBE_INPUT_GET));
43}
44
45
46// show part page
47if (!empty($_GET['_frame'])) {
48  $OUTPUT->send('messagepart');
49  exit;
50}
51
52else if ($pid = get_input_value('_part', RCUBE_INPUT_GET)) {
53  if ($part = $MESSAGE->mime_parts[$pid]) {
54    $ctype_primary = strtolower($part->ctype_primary);
55    $ctype_secondary = strtolower($part->ctype_secondary);
56    $mimetype = sprintf('%s/%s', $ctype_primary, $ctype_secondary);
57
58    header("Expires: 0");
59    header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
60    header("Cache-Control: private", false);
61    header("Content-Transfer-Encoding: binary");
62
63    // send download headers
64    if ($_GET['_download']) {
65      header("Cache-Control: private", false);
66      header("Content-Type: application/octet-stream");
67    }
68    else if ($ctype_primary == 'text')
69      header("Content-Type: text/$ctype_secondary; charset=" . RCMAIL_CHARSET);
70    else
71      header("Content-Type: $mimetype");
72
73    // We need to set the following headers to make downloads work using IE in HTTPS mode.
74    if (isset($_SERVER['HTTPS'])) {
75      header('Pragma: ');
76      header('Cache-Control: ');
77    }
78
79    // deliver part content
80    if ($ctype_primary == 'text' && $ctype_secondary == 'html') {
81      // we have to analyze the whole structure again to find inline objects
82      /* what was this good for again ?
83      list($new_parts, $new_attachments) =
84        rcmail_parse_message($MESSAGE['structure'],
85                             array('safe' => intval($_GET['_safe']),
86                                   'prefer_html' => TRUE,
87                                   'get_url' => $GET_URL.'&_part=%s'));
88
89      $all_parts = array_merge($new_parts, $new_attachments);
90      for ($partix = 0; $partix < sizeof($all_parts); $partix++)
91        if ($all_parts[$partix]->mime_id == $pid)
92          $part = &$all_parts[$partix];
93      */
94
95      // get part body if not available
96      if (!$part->body)
97        $part->body = $MESSAGE->get_part_content($part->mime_id);
98
99      $OUTPUT = new rcube_html_page();
100      $OUTPUT->write(rcmail_print_body($part, array('safe' => $MESSAGE->is_safe, 'inline_html' => false)));
101    }
102    else {
103      header(sprintf('Content-Disposition: %s; filename="%s";',
104                     $_GET['_download'] ? 'attachment' : 'inline',
105                     $part->filename ? abbreviate_string($part->filename, 55) : "roundcube.$ctype_secondary"));
106
107      // turn off output buffering and print part content
108      $IMAP->get_message_part($MESSAGE->uid, $part->mime_id, $part, true);
109    }
110
111    exit;
112  }
113}
114
115// print message
116else {
117  // send correct headers for content type
118  header("Content-Type: text/html");
119
120  $cont = "<html>\n<head><title></title>\n</head>\n<body>";
121  $cont .= rcmail_message_body(array());
122  $cont .= "\n</body>\n</html>";
123
124  $OUTPUT = new rcube_html_page();
125  $OUTPUT->write($cont);
126
127  exit;
128}
129
130
131// if we arrive here, the requested part was not found
132header('HTTP/1.1 404 Not Found');
133exit;
134
135?>
Note: See TracBrowser for help on using the repository browser.