githubFork/roundcubemail.git

			@@ -1,6 +1,6 @@
			<?php

			/*
			/**
			+-----------------------------------------------------------------------+
			\| program/steps/mail/get.inc \|
			\| \|
			@@ -22,7 +22,9 @@

			// show loading page
			if (!empty($_GET['_preload'])) {
			$url = preg_replace('/([&?]+)_preload=/', '\\1_mimewarning=1&_embed=', $_SERVER['REQUEST_URI']);
			$_get = $_GET + array('_mimewarning' => 1, '_embed' => 1);
			unset($_get['_preload']);
			$url = $RCMAIL->url($_get);
			$message = $RCMAIL->gettext('loadingdata');

			header('Content-Type: text/html; charset=' . RCUBE_CHARSET);
			@@ -35,12 +37,11 @@

			ob_end_clean();


			// similar code as in program/steps/mail/show.inc
			if (!empty($_GET['_uid'])) {
			$uid = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_GET);
			$RCMAIL->config->set('prefer_html', true);
			$MESSAGE = new rcube_message($uid);
			$MESSAGE = new rcube_message($uid, null, intval($_GET['_safe']));
			}

			// check connection status
			@@ -61,10 +62,22 @@
			'messagepartcontrols' => 'rcmail_message_part_controls',
			));

			$mimetype = $part ? rcmail_fix_mimetype($part->mimetype) : '';

			// message/rfc822 preview (Note: handle also multipart/ parts, they can
			// come from Enigma, which replaces message/rfc822 with real mimetype)
			if ($part_id && ($mimetype == 'message/rfc822' \|\| strpos($mimetype, 'multipart/') === 0)) {
			$uid = preg_replace('/\.[0-9.]+/', '', $uid);
			$uid .= '.' . $part_id;

			$OUTPUT->set_env('is_message', true);
			}

			$OUTPUT->set_env('mailbox', $RCMAIL->storage->get_folder());
			$OUTPUT->set_env('uid', $uid);
			$OUTPUT->set_env('part', $part_id);
			$OUTPUT->set_env('filename', $filename);
			$OUTPUT->set_env('mimetype', $mimetype);

			$OUTPUT->send('messagepart');
			exit;
			@@ -76,21 +89,25 @@
			if ($part = $MESSAGE->mime_parts[$pid]) {
			$thumbnail_size = $RCMAIL->config->get('image_thumbnail_size', 240);
			$temp_dir = $RCMAIL->config->get('temp_dir');
			list(,$ext) = explode('/', $part->mimetype);
			$mimetype = $part->mimetype;
			$file_ident = $MESSAGE->headers->messageID . ':' . $part->mime_id . ':' . $part->size . ':' . $part->mimetype;
			$cache_basename = $temp_dir . '/' . md5($file_ident . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size);
			$cache_file = $cache_basename . '.' . $ext;
			$cache_file = $cache_basename . '.thumb';

			// render thumbnail image if not done yet
			if (!is_file($cache_file)) {
			if ($fp = fopen(($orig_name = $cache_basename . '.orig.' . $ext), 'w')) {
			$MESSAGE->get_part_content($part->mime_id, $fp);
			if ($fp = fopen(($orig_name = $cache_basename . '.tmp'), 'w')) {
			$MESSAGE->get_part_body($part->mime_id, false, 0, $fp);
			fclose($fp);

			$image = new rcube_image($orig_name);
			if ($imgtype = $image->resize($thumbnail_size, $cache_file, true)) {
			$mimetype = 'image/' . $imgtype;
			unlink($orig_name);
			}
			else if (stripos($mimetype, 'image/svg') === 0) {
			$content = rcmail_svg_filter(file_get_contents($orig_name));
			file_put_contents($cache_file, $content);
			unlink($orig_name);
			}
			else {
			@@ -107,7 +124,6 @@

			exit;
			}

			else if (strlen($part_id)) {
			if ($part = $MESSAGE->mime_parts[$part_id]) {
			$mimetype = rcmail_fix_mimetype($part->mimetype);
			@@ -125,6 +141,10 @@
			exit;
			}

			// require CSRF protected url for downloads
			if ($plugin['download'])
			$RCMAIL->request_security_check(rcube_utils::INPUT_GET);

			// overwrite modified vars from plugin
			$mimetype = $plugin['mimetype'];
			$extensions = rcube_mime::get_mime_extensions($mimetype);
			@@ -138,7 +158,7 @@
			$file_extension = strtolower(pathinfo($part->filename, PATHINFO_EXTENSION));

			// 1. compare filename suffix with expected suffix derived from mimetype
			$valid = $file_extension && in_array($file_extension, (array)$extensions) \|\| !empty($_REQUEST['_mimeclass']);
			$valid = $file_extension && in_array($file_extension, (array)$extensions) \|\| empty($extensions) \|\| !empty($_REQUEST['_mimeclass']);

			// 2. detect the real mimetype of the attachment part and compare it with the stated mimetype and filename extension
			if ($valid \|\| !$file_extension \|\| $mimetype == 'application/octet-stream' \|\| stripos($mimetype, 'text/') === 0) {
			@@ -150,21 +170,21 @@

			// accept text/plain with any extension
			if ($real_mimetype == 'text/plain' && $real_mimetype == $mimetype) {
			$file_extension = 'txt';
			}

			// ignore differences in text/* mimetypes. Filetype detection isn't very reliable here
			if ($real_ctype_primary == 'text' && strpos($mimetype, $real_ctype_primary) === 0) {
			$real_mimetype = $mimetype;
			}

			// get valid file extensions
			$extensions = rcube_mime::get_mime_extensions($real_mimetype);
			$valid_extension = (!$file_extension \|\| in_array($file_extension, (array)$extensions));

			// ignore filename extension if mimeclass matches (#1489029)
			if (!empty($_REQUEST['_mimeclass']) && $real_ctype_primary == $_REQUEST['_mimeclass']) {
			$valid_extension = true;
			}
			// ignore differences in text/* mimetypes. Filetype detection isn't very reliable here
			else if ($real_ctype_primary == 'text' && strpos($mimetype, $real_ctype_primary) === 0) {
			$real_mimetype = $mimetype;
			$valid_extension = true;
			}
			// ignore filename extension if mimeclass matches (#1489029)
			else if (!empty($_REQUEST['_mimeclass']) && $real_ctype_primary == $_REQUEST['_mimeclass']) {
			$valid_extension = true;
			}
			else {
			// get valid file extensions
			$extensions = rcube_mime::get_mime_extensions($real_mimetype);
			$valid_extension = !$file_extension \|\| empty($extensions) \|\| in_array($file_extension, (array)$extensions);
			}

			// fix mimetype for images wrongly declared as octet-stream
			@@ -172,7 +192,10 @@
			$mimetype = $real_mimetype;
			}

			$valid = ($real_mimetype == $mimetype && $valid_extension);
			// "fix" real mimetype the same way the original is before comparison
			$real_mimetype = rcmail_fix_mimetype($real_mimetype);

			$valid = $real_mimetype == $mimetype && $valid_extension;
			}
			else {
			$real_mimetype = $mimetype;
			@@ -183,10 +206,12 @@
			// send blocked.gif for expected images
			if (empty($_REQUEST['_mimewarning']) && strpos($mimetype, 'image/') === 0) {
			// Do not cache. Failure might be the result of a misconfiguration, thus real content should be returned once fixed.
			$content = $RCMAIL->get_resource_content('blocked.gif');
			$OUTPUT->nocacheing_headers();
			header("Content-Type: image/gif");
			header("Content-Transfer-Encoding: binary");
			readfile(INSTALL_PATH . 'program/resources/blocked.gif');
			header("Content-Length: " . strlen($content));
			echo $content;
			}
			else { // html warning with a button to load the file anyway
			$OUTPUT = new rcmail_html_page();
			@@ -228,7 +253,7 @@
			list($ctype_primary, $ctype_secondary) = explode('/', $mimetype);

			if (!$plugin['download'] && $ctype_primary == 'text') {
			header("Content-Type: text/$ctype_secondary; charset=" . ($part->charset ? $part->charset : RCUBE_CHARSET));
			header("Content-Type: text/$ctype_secondary; charset=" . ($part->charset ?: RCUBE_CHARSET));
			}
			else {
			header("Content-Type: $mimetype");
			@@ -242,7 +267,7 @@
			if (!rcube_utils::mem_check($part->size * 10)) {
			$out = '<body>' . $RCMAIL->gettext('messagetoobig'). ' '
			. html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part='.$part->mime_id
			.'&_mbox='. urlencode($RCMAIL->storage->get_folder()), $RCMAIL->gettext('download')) . '</body></html>';
			.'&_mbox='. urlencode($MESSAGE->folder), $RCMAIL->gettext('download')) . '</body></html>';
			}
			else {
			// get part body if not available
			@@ -325,7 +350,7 @@
			}

			// convert image to jpeg and send it to the browser
			if ($saved) {
			if ($sent = $saved) {
			$image = new rcube_image($file_path);
			if ($image->convert(rcube_image::TYPE_JPG, $file_path)) {
			header("Content-Length: " . filesize($file_path));
			@@ -334,33 +359,8 @@
			unlink($file_path);
			}
			}
			// do content filtering to avoid XSS through fake images
			else if (!empty($_REQUEST['_embed']) && $browser->ie && $browser->ver <= 8) {
			if ($body) {
			echo preg_match('/<(script\|iframe\|object)/i', $body) ? '' : $body;
			$sent = true;
			}
			else if ($part->size) {
			$stdout = fopen('php://output', 'w');
			stream_filter_register('rcube_content', 'rcube_content_filter') or die('Failed to register content filter');
			stream_filter_append($stdout, 'rcube_content');
			$sent = $MESSAGE->get_part_body($part->mime_id, true, 0, $stdout);
			}
			}
			// send part as-it-is
			else {
			if ($body && empty($plugin['download'])) {
			header("Content-Length: " . strlen($body));
			echo $body;
			$sent = true;
			}
			else if ($part->size) {
			if ($size = (int)$part->d_parameters['size']) {
			header("Content-Length: $size");
			}

			$sent = $MESSAGE->get_part_body($part->mime_id, false, 0, -1);
			}
			$sent = rcmail_message_part_output($body, $part, $mimetype, $plugin['download']);
			}

			// check connection status
			@@ -461,14 +461,101 @@
			*/
			function rcmail_message_part_frame($attrib)
			{
			global $MESSAGE, $RCMAIL;
			global $RCMAIL;

			$part = $MESSAGE->mime_parts[asciiwords(rcube_utils::get_input_value('_part', rcube_utils::INPUT_GPC))];
			$ctype_primary = strtolower($part->ctype_primary);

			$attrib['src'] = './?' . str_replace('_frame=', ($ctype_primary=='text' ? '_embed=' : '_preload='), $_SERVER['QUERY_STRING']);
			if ($RCMAIL->output->get_env('is_message')) {
			$attrib['src'] = $RCMAIL->url(array(
			'task' => 'mail',
			'action' => 'preview',
			'uid' => $RCMAIL->output->get_env('uid'),
			'mbox' => $RCMAIL->output->get_env('mailbox'),
			'framed' => 1,
			));
			}
			else {
			$mimetype = $RCMAIL->output->get_env('mimetype');
			$frame_replace = strpos($mimetype, 'text/') === 0 ? '_embed=' : '_preload=';
			$attrib['src'] = './?' . str_replace('_frame=', $frame_replace, $_SERVER['QUERY_STRING']);
			}

			$RCMAIL->output->add_gui_object('messagepartframe', $attrib['id']);

			return html::iframe($attrib);
			}

			/**
			* Output attachment body with content filtering
			*/
			function rcmail_message_part_output($body, $part, $mimetype, $download)
			{
			global $MESSAGE, $RCMAIL;

			if (!$part->size && !$body) {
			return false;
			}

			$browser = $RCMAIL->output->browser;
			$secure = stripos($mimetype, 'image/') === false \|\| $download;

			// Remove <script> in SVG images
			if (!$secure && stripos($mimetype, 'image/svg') === 0) {
			if (!$body) {
			$body = $MESSAGE->get_part_body($part->mime_id, false);
			if (empty($body)) {
			return false;
			}
			}

			echo rcmail_svg_filter($body);
			return true;
			}

			// Remove dangerous content in images for older IE (to be removed)
			if (!$secure && $browser->ie && $browser->ver <= 8) {
			if ($body) {
			echo preg_match('/<(script\|iframe\|object)/i', $body) ? '' : $body;
			return true;
			}
			else {
			$stdout = fopen('php://output', 'w');
			stream_filter_register('rcube_content', 'rcube_content_filter') or die('Failed to register content filter');
			stream_filter_append($stdout, 'rcube_content');
			return $MESSAGE->get_part_body($part->mime_id, true, 0, $stdout);
			}
			}

			if ($body && !$download) {
			header("Content-Length: " . strlen($body));
			echo $body;
			return true;
			}

			// Don't be tempted to set Content-Length to $part->d_parameters['size'] (#1490482)
			// RFC2183 says "The size parameter indicates an approximate size"

			return $MESSAGE->get_part_body($part->mime_id, false, 0, -1);
			}

			/**
			* Remove <script> in SVG images
			*/
			function rcmail_svg_filter($body)
			{
			// clean SVG with washhtml
			$wash_opts = array(
			'show_washed' => false,
			'allow_remote' => false,
			'charset' => RCUBE_CHARSET,
			'html_elements' => array('title'),
			// 'blocked_src' => 'program/resources/blocked.gif',
			);

			// initialize HTML washer
			$washer = new rcube_washtml($wash_opts);

			// allow CSS styles, will be sanitized by rcmail_washtml_callback()
			$washer->add_callback('style', 'rcmail_washtml_callback');

			return $washer->wash($body);
			}