Secure also downloads of addressbook exports, managesieve script exports an...

Aleksander Machniak

2016-02-05 bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326

 program/steps/mail/sendmail.inc

@@ -234,7 +234,7 @@

// sending aborted by plugin
if ($data['abort'] && !$savedraft) {
    $OUTPUT->show_message($data['message'] ? $data['message'] : 'sendingfailed');
    $OUTPUT->show_message($data['message'] ?: 'sendingfailed');
    $OUTPUT->send('iframe');
}
else {
@@ -247,9 +247,9 @@
$message_body = rcube_utils::get_input_value('_message', rcube_utils::INPUT_POST, TRUE, $message_charset);

if (isset($_POST['_pgpmime'])) {
    $pgp_mime = rcube_utils::get_input_value('_pgpmime', rcube_utils::INPUT_POST);
    $message_body = 'This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)';
    $isHtml = false;
    $pgp_mime     = rcube_utils::get_input_value('_pgpmime', rcube_utils::INPUT_POST);
    $isHtml       = false;
    $message_body = '';

    // clear unencrypted attachments
    foreach ((array) $COMPOSE['attachments'] as $attach) {
@@ -455,7 +455,7 @@
        }
        else {
            $ctype   = str_replace('image/pjpeg', 'image/jpeg', $attachment['mimetype']); // #1484914
            $file    = $attachment['data'] ? $attachment['data'] : $attachment['path'];
            $file    = $attachment['data'] ?: $attachment['path'];
            $folding = (int) $RCMAIL->config->get('mime_param_folding');

            $MAIL_MIME->addAttachment($file,
@@ -490,33 +490,19 @@

// compose PGP/Mime message
if ($pgp_mime) {
    $MAIL_MIME->addAttachment(
        'Version: 1',
        'application/pgp-encrypted',
        'version.txt',  // required by Mail_mime::addAttachment()
        false,
        '8bit',
        '',    // $disposition
        '',    // $charset
        '',    // $language
        '',    // $location
        null,  // $n_encoding
        null,  // $f_encoding
        'PGP/MIME version identification'
    );
    $MAIL_MIME->addAttachment(new Mail_mimePart('Version: 1', array(
            'content_type' => 'application/pgp-encrypted',
            'description'  => 'PGP/MIME version identification',
    )));

    // @TODO: remove filename out of the version part, required Mail_Mime changes
    $MAIL_MIME->addAttachment(new Mail_mimePart($pgp_mime, array(
            'content_type' => 'application/octet-stream',
            'filename'     => 'encrypted.asc',
            'disposition'  => 'inline',
    )));

    $MAIL_MIME->addAttachment(
        $pgp_mime,
        'application/octet-stream',
        'encrypted.asc',
        false,
        '8bit',
        'inline'
    );

    $MAIL_MIME->setContentType('multipart/encrypted', array('protocol' => "application/pgp-encrypted"));
    $MAIL_MIME->setContentType('multipart/encrypted', array('protocol' => 'application/pgp-encrypted'));
    $MAIL_MIME->setParam('preamble', 'This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)');
}

// encoding settings for mail composing
@@ -687,7 +673,7 @@
            array('msgid' => $message_id, 'uid' => $saved, 'folder' => $store_target));

        // display success
        $OUTPUT->show_message($plugin['message'] ? $plugin['message'] : 'messagesaved', 'confirmation');
        $OUTPUT->show_message($plugin['message'] ?: 'messagesaved', 'confirmation');

        // update "_draft_saveid" and the "cmp_hash" to prevent "Unsaved changes" warning
        $COMPOSE['param']['draft_uid'] = $plugin['uid'];