From 041c93ce0bc00cb6417ce2e4bdce2ed84d37f50a Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 22 May 2012 06:31:37 -0400
Subject: [PATCH] Removed $Id$
---
program/steps/mail/get.inc | 166 +++++++++++++++++++++++++++++++++++++++++++++----------
1 files changed, 136 insertions(+), 30 deletions(-)
diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc
index 9ebdf43..750011f 100644
--- a/program/steps/mail/get.inc
+++ b/program/steps/mail/get.inc
@@ -4,9 +4,12 @@
+-----------------------------------------------------------------------+
| program/steps/mail/get.inc |
| |
- | This file is part of the RoundCube Webmail client |
- | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland |
- | Licensed under the GNU GPL |
+ | This file is part of the Roundcube Webmail client |
+ | Copyright (C) 2005-2011, The Roundcube Dev Team |
+ | |
+ | Licensed under the GNU General Public License version 3 or |
+ | any later version with exceptions for skins & plugins. |
+ | See the README file for a full license statement. |
| |
| PURPOSE: |
| Delivering a specific part of a mail message |
@@ -14,15 +17,12 @@
+-----------------------------------------------------------------------+
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-----------------------------------------------------------------------+
-
- $Id$
-
*/
// show loading page
if (!empty($_GET['_preload'])) {
- $url = str_replace('&_preload=1', '', $_SERVER['REQUEST_URI']);
+ $url = preg_replace('/[&?]+_preload=1/', '', $_SERVER['REQUEST_URI']);
$message = rcube_label('loadingdata');
header('Content-Type: text/html; charset=' . RCMAIL_CHARSET);
@@ -41,25 +41,49 @@
$MESSAGE = new rcube_message(get_input_value('_uid', RCUBE_INPUT_GET));
}
-send_nocacheing_headers();
+// check connection status
+check_storage_status();
// show part page
if (!empty($_GET['_frame'])) {
+ if (($part_id = get_input_value('_part', RCUBE_INPUT_GPC)) && ($part = $MESSAGE->mime_parts[$part_id])) {
+ $filename = $part->filename;
+ if (empty($filename) && $part->mimetype == 'text/html') {
+ $filename = rcube_label('htmlmessage');
+ }
+ if (!empty($filename)) {
+ $OUTPUT->set_pagetitle($filename);
+ }
+ }
+
$OUTPUT->send('messagepart');
exit;
}
-else if ($pid = get_input_value('_part', RCUBE_INPUT_GET)) {
+else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) {
if ($part = $MESSAGE->mime_parts[$pid]) {
$ctype_primary = strtolower($part->ctype_primary);
$ctype_secondary = strtolower($part->ctype_secondary);
$mimetype = sprintf('%s/%s', $ctype_primary, $ctype_secondary);
-
- $browser = new rcube_browser;
+
+ // allow post-processing of the message body
+ $plugin = $RCMAIL->plugins->exec_hook('message_part_get',
+ array('uid' => $MESSAGE->uid, 'id' => $part->mime_id, 'mimetype' => $mimetype, 'part' => $part, 'download' => !empty($_GET['_download'])));
+
+ if ($plugin['abort'])
+ exit;
+
+ // overwrite modified vars from plugin
+ $mimetype = $plugin['mimetype'];
+ list($ctype_primary, $ctype_secondary) = explode('/', $mimetype);
+ if ($plugin['body'])
+ $part->body = $plugin['body'];
+
+ $browser = $RCMAIL->output->browser;
// send download headers
- if ($_GET['_download']) {
+ if ($plugin['download']) {
header("Content-Type: application/octet-stream");
if ($browser->ie)
header("Content-Type: application/force-download");
@@ -68,41 +92,92 @@
header("Content-Type: text/$ctype_secondary; charset=" . ($part->charset ? $part->charset : RCMAIL_CHARSET));
}
else {
+ $mimetype = rcmail_fix_mimetype($mimetype);
header("Content-Type: $mimetype");
header("Content-Transfer-Encoding: binary");
}
// deliver part content
- if ($ctype_primary == 'text' && $ctype_secondary == 'html' && empty($_GET['_download'])) {
- // get part body if not available
- if (!$part->body)
- $part->body = $MESSAGE->get_part_content($part->mime_id);
+ if ($ctype_primary == 'text' && $ctype_secondary == 'html' && empty($plugin['download'])) {
+ // Check if we have enough memory to handle the message in it
+ // #1487424: we need up to 10x more memory than the body
+ if (!rcmail_mem_check($part->size * 10)) {
+ $out = '<body>' . rcube_label('messagetoobig'). ' '
+ . html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part='.$part->mime_id
+ .'&_mbox='. urlencode($RCMAIL->storage->get_folder()), rcube_label('download')) . '</body></html>';
+ }
+ else {
+ // get part body if not available
+ if (!$part->body)
+ $part->body = $MESSAGE->get_part_content($part->mime_id);
- $OUTPUT = new rcube_html_page();
- $OUTPUT->write(rcmail_print_body($part, array('safe' => $MESSAGE->is_safe, 'inline_html' => false)));
+ $out = rcmail_print_body($part, array('safe' => $MESSAGE->is_safe, 'inline_html' => false));
+ }
+
+ // check connection status
+ if ($part->size && empty($part->body)) {
+ check_storage_status();
+ }
+
+ $OUTPUT = new rcube_output_html();
+ $OUTPUT->write($out);
}
else {
// don't kill the connection if download takes more than 30 sec.
@set_time_limit(0);
-
- $filename = $part->filename ? $part->filename : ($MESSAGE->subject ? $MESSAGE->subject : 'roundcube') . '.'.$ctype_secondary;
-
+
+ if ($part->filename) {
+ $filename = $part->filename;
+ }
+ else if ($part->mimetype == 'text/html') {
+ $filename = rcube_label('htmlmessage');
+ }
+ else {
+ $ext = '.' . ($mimetype == 'text/plain' ? 'txt' : $ctype_secondary);
+ $filename = ($MESSAGE->subject ? $MESSAGE->subject : 'roundcube') . $ext;
+ }
+
+ $filename = preg_replace('[\r\n]', '', $filename);
+
if ($browser->ie && $browser->ver < 7)
$filename = rawurlencode(abbreviate_string($filename, 55));
else if ($browser->ie)
$filename = rawurlencode($filename);
else
$filename = addcslashes($filename, '"');
-
- $disposition = !empty($_GET['_download']) ? 'attachment' : 'inline';
-
+
+ $disposition = !empty($plugin['download']) ? 'attachment' : 'inline';
+
header("Content-Disposition: $disposition; filename=\"$filename\"");
-
- // turn off output buffering and print part content
- if ($part->body)
- echo $part->body;
- else if ($part->size)
- $IMAP->get_message_part($MESSAGE->uid, $part->mime_id, $part, true);
+
+ // do content filtering to avoid XSS through fake images
+ if (!empty($_REQUEST['_embed']) && $browser->ie && $browser->ver <= 8) {
+ if ($part->body) {
+ echo preg_match('/<(script|iframe|object)/i', $part->body) ? '' : $part->body;
+ $sent = true;
+ }
+ else if ($part->size) {
+ $stdout = fopen('php://output', 'w');
+ stream_filter_register('rcube_content', 'rcube_content_filter') or die('Failed to register content filter');
+ stream_filter_append($stdout, 'rcube_content');
+ $sent = $RCMAIL->storage->get_message_part($MESSAGE->uid, $part->mime_id, $part, false, $stdout);
+ }
+ }
+ else {
+ // turn off output buffering and print part content
+ if ($part->body) {
+ echo $part->body;
+ $sent = true;
+ }
+ else if ($part->size) {
+ $sent = $RCMAIL->storage->get_message_part($MESSAGE->uid, $part->mime_id, $part, true);
+ }
+ }
+
+ // check connection status
+ if ($part->size && !$sent) {
+ check_storage_status();
+ }
}
exit;
@@ -130,3 +205,34 @@
exit;
+function check_storage_status()
+{
+ $error = rcmail::get_instance()->storage->get_error_code();
+
+ // Check if we have a connection error
+ if ($error == rcube_imap_generic::ERROR_BAD) {
+ ob_end_clean();
+
+ // Get action is often executed simultanously.
+ // Some servers have MAXPERIP or other limits.
+ // To workaround this we'll wait for some time
+ // and try again (once).
+ // Note: Random sleep interval is used to minimize concurency
+ // in getting message parts
+
+ if (!isset($_GET['_redirected'])) {
+ usleep(rand(10,30)*100000); // 1-3 sec.
+ header('Location: ' . $_SERVER['REQUEST_URI'] . '&_redirected=1');
+ }
+ else {
+ raise_error(array(
+ 'code' => 500, 'type' => 'php',
+ 'file' => __FILE__, 'line' => __LINE__,
+ 'message' => 'Unable to get/display message part. IMAP connection error'),
+ true, true);
+ }
+
+ // Don't kill session, just quit (#1486995)
+ exit;
+ }
+}
--
Gitblit v1.9.1