githubFork/roundcubemail.git

			@@ -5,8 +5,11 @@
			\| program/steps/mail/get.inc \|
			\| \|
			\| This file is part of the Roundcube Webmail client \|
			\| Copyright (C) 2005-2009, The Roundcube Dev Team \|
			\| Licensed under the GNU GPL \|
			\| Copyright (C) 2005-2011, The Roundcube Dev Team \|
			\| \|
			\| Licensed under the GNU General Public License version 3 or \|
			\| any later version with exceptions for skins & plugins. \|
			\| See the README file for a full license statement. \|
			\| \|
			\| PURPOSE: \|
			\| Delivering a specific part of a mail message \|
			@@ -36,7 +39,7 @@
			ob_end_clean();

			// Now we need IMAP connection
			if (!$RCMAIL->imap_connect()) {
			if (!$RCMAIL->storage_connect()) {
			// Get action is often executed simultanously.
			// Some servers have MAXPERIP or other limits.
			// To workaround this we'll wait for some time
			@@ -82,7 +85,7 @@

			// allow post-processing of the message body
			$plugin = $RCMAIL->plugins->exec_hook('message_part_get',
			array('id' => $part->mime_id, 'mimetype' => $mimetype, 'part' => $part, 'download' => !empty($_GET['_download'])));
			array('uid' => $MESSAGE->uid, 'id' => $part->mime_id, 'mimetype' => $mimetype, 'part' => $part, 'download' => !empty($_GET['_download'])));

			if ($plugin['abort'])
			exit;
			@@ -117,7 +120,7 @@
			if (!rcmail_mem_check($part->size * 10)) {
			$out = '<body>' . rcube_label('messagetoobig'). ' '
			. html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part='.$part->mime_id
			.'&_mbox='. urlencode($RCMAIL->imap->get_mailbox_name()), rcube_label('download')) . '</body></html>';
			.'&_mbox='. urlencode($RCMAIL->storage->get_folder()), rcube_label('download')) . '</body></html>';
			}
			else {
			// get part body if not available
			@@ -147,6 +150,13 @@

			$disposition = !empty($plugin['download']) ? 'attachment' : 'inline';

			// Workaround for nasty IE bug (#1488844)
			// If Content-Disposition header contains string "attachment" e.g. in filename
			// IE handles data as attachment not inline
			if ($disposition == 'inline' && $browser->ie && $browser->ver < 9) {
			$filename = str_ireplace('attachment', 'attach', $filename);
			}

			header("Content-Disposition: $disposition; filename=\"$filename\"");

			// do content filtering to avoid XSS through fake images
			@@ -157,7 +167,7 @@
			$stdout = fopen('php://output', 'w');
			stream_filter_register('rcube_content', 'rcube_content_filter') or die('Failed to register content filter');
			stream_filter_append($stdout, 'rcube_content');
			$RCMAIL->imap->get_message_part($MESSAGE->uid, $part->mime_id, $part, false, $stdout);
			$RCMAIL->storage->get_message_part($MESSAGE->uid, $part->mime_id, $part, false, $stdout);
			}
			}
			else {
			@@ -165,7 +175,7 @@
			if ($part->body)
			echo $part->body;
			else if ($part->size)
			$RCMAIL->imap->get_message_part($MESSAGE->uid, $part->mime_id, $part, true);
			$RCMAIL->storage->get_message_part($MESSAGE->uid, $part->mime_id, $part, true);
			}
			}

			@@ -193,40 +203,4 @@
			header('HTTP/1.1 404 Not Found');
			exit;



			/**
			* PHP stream filter to detect html/javascript code in attachments
			*/
			class rcube_content_filter extends php_user_filter
			{
			private $buffer = '';
			private $cutoff = 2048;

			function onCreate()
			{
			$this->cutoff = rand(2048, 3027);
			return true;
			}

			function filter($in, $out, &$consumed, $closing)
			{
			while ($bucket = stream_bucket_make_writeable($in)) {
			$this->buffer .= $bucket->data;

			// check for evil content and abort
			if (preg_match('/<(script\|iframe\|object)/i', $this->buffer))
			return PSFS_ERR_FATAL;

			// keep buffer small enough
			if (strlen($this->buffer) > 4096)
			$this->buffer = substr($this->buffer, $this->cutoff);

			$consumed += $bucket->datalen;
			stream_bucket_append($out, $bucket);
			}

			return PSFS_PASS_ON;
			}
			}