Context Navigation

source: github/program/steps/mail/get.inc @ b6da0b7

Visit:

HEADcourier-fixdev-browser-capabilitiespdorelease-0.8

Last change on this file since b6da0b7 was b6da0b7, checked in by alecpl <alec@…>, 18 months ago
Remove deprecated global $IMAP variable usage (#1488148)
Property mode set to `100644`
File size: 7.7 KB

Line
1	<?php
2
3	/*
4	+-----------------------------------------------------------------------+
5	\| program/steps/mail/get.inc \|
6	\| \|
7	\| This file is part of the Roundcube Webmail client \|
8	\| Copyright (C) 2005-2009, The Roundcube Dev Team \|
9	\| Licensed under the GNU GPL \|
10	\| \|
11	\| PURPOSE: \|
12	\| Delivering a specific part of a mail message \|
13	\| \|
14	+-----------------------------------------------------------------------+
15	\| Author: Thomas Bruederli <roundcube@gmail.com> \|
16	+-----------------------------------------------------------------------+
17
18	$Id$
19
20	*/
21
22
23	// show loading page
24	if (!empty($_GET['_preload'])) {
25	$url = preg_replace('/[&?]+_preload=1/', '', $_SERVER['REQUEST_URI']);
26	$message = rcube_label('loadingdata');
27
28	header('Content-Type: text/html; charset=' . RCMAIL_CHARSET);
29	print "<html>\n<head>\n"
30	. '<meta http-equiv="refresh" content="0; url='.Q($url).'">' . "\n"
31	. '<meta http-equiv="content-type" content="text/html; charset='.RCMAIL_CHARSET.'">' . "\n"
32	. "</head>\n<body>\n$message\n</body>\n</html>";
33	exit;
34	}
35
36	ob_end_clean();
37
38	// Now we need IMAP connection
39	if (!$RCMAIL->imap_connect()) {
40	// Get action is often executed simultanously.
41	// Some servers have MAXPERIP or other limits.
42	// To workaround this we'll wait for some time
43	// and try again (once).
44	// Note: Random sleep interval is used to minimize concurency
45	// in getting message parts
46	if (!isset($_GET['_redirected'])) {
47	usleep(rand(10,30)*100000); // 1-3 sec.
48	header('Location: ' . $_SERVER['REQUEST_URI'] . '&_redirected=1');
49	}
50	else {
51	raise_error(array(
52	'code' => 500, 'type' => 'php',
53	'file' => __FILE__, 'line' => __LINE__,
54	'message' => 'Unable to get/display message part. IMAP connection error'),
55	true, true);
56	}
57	// Don't kill session, just quit (#1486995)
58	exit;
59	}
60
61	// similar code as in program/steps/mail/show.inc
62	if (!empty($_GET['_uid'])) {
63	$RCMAIL->config->set('prefer_html', true);
64	$MESSAGE = new rcube_message(get_input_value('_uid', RCUBE_INPUT_GET));
65	}
66
67	// show part page
68	if (!empty($_GET['_frame'])) {
69	if (($part_id = get_input_value('_part', RCUBE_INPUT_GPC)) && ($part = $MESSAGE->mime_parts[$part_id]) && $part->filename)
70	$OUTPUT->set_pagetitle($part->filename);
71
72	$OUTPUT->send('messagepart');
73	exit;
74	}
75
76	else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) {
77
78	if ($part = $MESSAGE->mime_parts[$pid]) {
79	$ctype_primary = strtolower($part->ctype_primary);
80	$ctype_secondary = strtolower($part->ctype_secondary);
81	$mimetype = sprintf('%s/%s', $ctype_primary, $ctype_secondary);
82
83	// allow post-processing of the message body
84	$plugin = $RCMAIL->plugins->exec_hook('message_part_get',
85	array('id' => $part->mime_id, 'mimetype' => $mimetype, 'part' => $part, 'download' => !empty($_GET['_download'])));
86
87	if ($plugin['abort'])
88	exit;
89
90	// overwrite modified vars from plugin
91	$mimetype = $plugin['mimetype'];
92	list($ctype_primary, $ctype_secondary) = explode('/', $mimetype);
93	if ($plugin['body'])
94	$part->body = $plugin['body'];
95
96	$browser = $RCMAIL->output->browser;
97
98	// send download headers
99	if ($plugin['download']) {
100	header("Content-Type: application/octet-stream");
101	if ($browser->ie)
102	header("Content-Type: application/force-download");
103	}
104	else if ($ctype_primary == 'text') {
105	header("Content-Type: text/$ctype_secondary; charset=" . ($part->charset ? $part->charset : RCMAIL_CHARSET));
106	}
107	else {
108	$mimetype = rcmail_fix_mimetype($mimetype);
109	header("Content-Type: $mimetype");
110	header("Content-Transfer-Encoding: binary");
111	}
112
113	// deliver part content
114	if ($ctype_primary == 'text' && $ctype_secondary == 'html' && empty($plugin['download'])) {
115	// Check if we have enough memory to handle the message in it
116	// #1487424: we need up to 10x more memory than the body
117	if (!rcmail_mem_check($part->size * 10)) {
118	$out = '<body>' . rcube_label('messagetoobig'). ' '
119	. html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part='.$part->mime_id
120	.'&_mbox='. urlencode($RCMAIL->imap->get_mailbox_name()), rcube_label('download')) . '</body></html>';
121	}
122	else {
123	// get part body if not available
124	if (!$part->body)
125	$part->body = $MESSAGE->get_part_content($part->mime_id);
126
127	$out = rcmail_print_body($part, array('safe' => $MESSAGE->is_safe, 'inline_html' => false));
128	}
129
130	$OUTPUT = new rcube_html_page();
131	$OUTPUT->write($out);
132	}
133	else {
134	// don't kill the connection if download takes more than 30 sec.
135	@set_time_limit(0);
136
137	$ext = '.' . ($mimetype == 'text/plain' ? 'txt' : $ctype_secondary);
138	$filename = $part->filename ? $part->filename : ($MESSAGE->subject ? $MESSAGE->subject : 'roundcube') . $ext;
139	$filename = preg_replace('[\r\n]', '', $filename);
140
141	if ($browser->ie && $browser->ver < 7)
142	$filename = rawurlencode(abbreviate_string($filename, 55));
143	else if ($browser->ie)
144	$filename = rawurlencode($filename);
145	else
146	$filename = addcslashes($filename, '"');
147
148	$disposition = !empty($plugin['download']) ? 'attachment' : 'inline';
149
150	header("Content-Disposition: $disposition; filename=\"$filename\"");
151
152	// do content filtering to avoid XSS through fake images
153	if (!empty($_REQUEST['_embed']) && $browser->ie && $browser->ver <= 8) {
154	if ($part->body)
155	echo preg_match('/<(script\|iframe\|object)/i', $part->body) ? '' : $part->body;
156	else if ($part->size) {
157	$stdout = fopen('php://output', 'w');
158	stream_filter_register('rcube_content', 'rcube_content_filter') or die('Failed to register content filter');
159	stream_filter_append($stdout, 'rcube_content');
160	$RCMAIL->imap->get_message_part($MESSAGE->uid, $part->mime_id, $part, false, $stdout);
161	}
162	}
163	else {
164	// turn off output buffering and print part content
165	if ($part->body)
166	echo $part->body;
167	else if ($part->size)
168	$RCMAIL->imap->get_message_part($MESSAGE->uid, $part->mime_id, $part, true);
169	}
170	}
171
172	exit;
173	}
174	}
175
176	// print message
177	else {
178	// send correct headers for content type
179	header("Content-Type: text/html");
180
181	$cont = "<html>\n<head><title></title>\n</head>\n<body>";
182	$cont .= rcmail_message_body(array());
183	$cont .= "\n</body>\n</html>";
184
185	$OUTPUT = new rcube_html_page();
186	$OUTPUT->write($cont);
187
188	exit;
189	}
190
191
192	// if we arrive here, the requested part was not found
193	header('HTTP/1.1 404 Not Found');
194	exit;
195
196
197
198	/**
199	* PHP stream filter to detect html/javascript code in attachments
200	*/
201	class rcube_content_filter extends php_user_filter
202	{
203	private $buffer = '';
204	private $cutoff = 2048;
205
206	function onCreate()
207	{
208	$this->cutoff = rand(2048, 3027);
209	return true;
210	}
211
212	function filter($in, $out, &$consumed, $closing)
213	{
214	while ($bucket = stream_bucket_make_writeable($in)) {
215	$this->buffer .= $bucket->data;
216
217	// check for evil content and abort
218	if (preg_match('/<(script\|iframe\|object)/i', $this->buffer))
219	return PSFS_ERR_FATAL;
220
221	// keep buffer small enough
222	if (strlen($this->buffer) > 4096)
223	$this->buffer = substr($this->buffer, $this->cutoff);
224
225	$consumed += $bucket->datalen;
226	stream_bucket_append($out, $bucket);
227	}
228
229	return PSFS_PASS_ON;
230	}
231	}
232

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format