From 4a408843b0ef816daf70a472a02b78cd6073a4d5 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Sun, 06 Mar 2016 08:31:07 -0500
Subject: [PATCH] Protect download urls against CSRF using unique request tokens (#1490642) Send X-Frame-Options headers with every HTTP response
---
program/lib/Roundcube/rcube_message.php | 705 +++++++++++++++++++++++++++++++++++++++-------------------
1 files changed, 476 insertions(+), 229 deletions(-)
diff --git a/program/lib/Roundcube/rcube_message.php b/program/lib/Roundcube/rcube_message.php
index 3f14266..10ebbf6 100644
--- a/program/lib/Roundcube/rcube_message.php
+++ b/program/lib/Roundcube/rcube_message.php
@@ -1,9 +1,9 @@
<?php
-/*
+/**
+-----------------------------------------------------------------------+
| This file is part of the Roundcube Webmail client |
- | Copyright (C) 2008-2010, The Roundcube Dev Team |
+ | Copyright (C) 2008-2014, The Roundcube Dev Team |
| |
| Licensed under the GNU General Public License version 3 or |
| any later version with exceptions for skins & plugins. |
@@ -53,13 +53,15 @@
public $uid;
public $folder;
public $headers;
- public $parts = array();
- public $mime_parts = array();
+ public $sender;
+ public $parts = array();
+ public $mime_parts = array();
public $inline_parts = array();
- public $attachments = array();
- public $subject = '';
- public $sender = null;
- public $is_safe = false;
+ public $attachments = array();
+ public $subject = '';
+ public $is_safe = false;
+
+ const BODY_MAX_SIZE = 1048576; // 1MB
/**
@@ -67,40 +69,47 @@
*
* Provide a uid, and parse message structure.
*
- * @param string $uid The message UID.
- * @param string $folder Folder name
+ * @param string $uid The message UID.
+ * @param string $folder Folder name
+ * @param bool $is_safe Security flag
*
* @see self::$app, self::$storage, self::$opt, self::$parts
*/
- function __construct($uid, $folder = null)
+ function __construct($uid, $folder = null, $is_safe = false)
{
- $this->uid = $uid;
- $this->app = rcube::get_instance();
+ // decode combined UID-folder identifier
+ if (preg_match('/^\d+-.+/', $uid)) {
+ list($uid, $folder) = explode('-', $uid, 2);
+ }
+
+ $this->uid = $uid;
+ $this->app = rcube::get_instance();
$this->storage = $this->app->get_storage();
$this->folder = strlen($folder) ? $folder : $this->storage->get_folder();
- $this->storage->set_options(array('all_headers' => true));
// Set current folder
$this->storage->set_folder($this->folder);
+ $this->storage->set_options(array('all_headers' => true));
$this->headers = $this->storage->get_message($uid);
- if (!$this->headers)
+ if (!$this->headers) {
return;
+ }
- $this->mime = new rcube_mime($this->headers->charset);
-
- $this->subject = $this->mime->decode_mime_string($this->headers->subject);
+ $this->mime = new rcube_mime($this->headers->charset);
+ $this->subject = $this->headers->get('subject');
list(, $this->sender) = each($this->mime->decode_address_list($this->headers->from, 1));
- $this->set_safe((intval($_GET['_safe']) || $_SESSION['safe_messages'][$uid]));
+ $this->set_safe($is_safe || $_SESSION['safe_messages'][$this->folder.':'.$uid]);
$this->opt = array(
- 'safe' => $this->is_safe,
+ 'safe' => $this->is_safe,
'prefer_html' => $this->app->config->get('prefer_html'),
- 'get_url' => $this->app->url(array(
- 'action' => 'get',
- 'mbox' => $this->storage->get_folder(),
- 'uid' => $uid))
+ 'get_url' => $this->app->url(array(
+ 'action' => 'get',
+ 'mbox' => $this->folder,
+ 'uid' => $uid),
+ false, false, true)
);
if (!empty($this->headers->structure)) {
@@ -115,7 +124,6 @@
$this->app->plugins->exec_hook('message_load', array('object' => $this));
}
-
/**
* Return a (decoded) message header
*
@@ -125,17 +133,12 @@
*/
public function get_header($name, $raw = false)
{
- if (empty($this->headers))
+ if (empty($this->headers)) {
return null;
+ }
- if ($this->headers->$name)
- $value = $this->headers->$name;
- else if ($this->headers->others[$name])
- $value = $this->headers->others[$name];
-
- return $raw ? $value : $this->mime->decode_header($value);
+ return $this->headers->get($name, !$raw);
}
-
/**
* Set is_safe var and session data
@@ -144,25 +147,23 @@
*/
public function set_safe($safe = true)
{
- $this->is_safe = $safe;
- $_SESSION['safe_messages'][$this->uid] = $this->is_safe;
+ $_SESSION['safe_messages'][$this->folder.':'.$this->uid] = $this->is_safe = $safe;
}
-
/**
* Compose a valid URL for getting a message part
*
* @param string $mime_id Part MIME-ID
+ * @param mixed $embed Mimetype class for parts to be embedded
* @return string URL or false if part does not exist
*/
public function get_part_url($mime_id, $embed = false)
{
if ($this->mime_parts[$mime_id])
- return $this->opt['get_url'] . '&_part=' . $mime_id . ($embed ? '&_embed=1' : '');
+ return $this->opt['get_url'] . '&_part=' . $mime_id . ($embed ? '&_embed=1&_mimeclass=' . $embed : '');
else
return false;
}
-
/**
* Get content of a specific part of this message
@@ -171,10 +172,12 @@
* @param resource $fp File pointer to save the message part
* @param boolean $skip_charset_conv Disables charset conversion
* @param int $max_bytes Only read this number of bytes
+ * @param boolean $formatted Enables formatting of text/* parts bodies
*
* @return string Part content
+ * @deprecated
*/
- public function get_part_content($mime_id, $fp = null, $skip_charset_conv = false, $max_bytes = 0)
+ public function get_part_content($mime_id, $fp = null, $skip_charset_conv = false, $max_bytes = 0, $formatted = true)
{
if ($part = $this->mime_parts[$mime_id]) {
// stored in message structure (winmail/inline-uuencode)
@@ -188,100 +191,277 @@
// get from IMAP
$this->storage->set_folder($this->folder);
- return $this->storage->get_message_part($this->uid, $mime_id, $part, NULL, $fp, $skip_charset_conv, $max_bytes);
+ return $this->storage->get_message_part($this->uid, $mime_id, $part,
+ NULL, $fp, $skip_charset_conv, $max_bytes, $formatted);
}
}
+ /**
+ * Get content of a specific part of this message
+ *
+ * @param string $mime_id Part ID
+ * @param boolean $formatted Enables formatting of text/* parts bodies
+ * @param int $max_bytes Only return/read this number of bytes
+ * @param mixed $mode NULL to return a string, -1 to print body
+ * or file pointer to save the body into
+ *
+ * @return string|bool Part content or operation status
+ */
+ public function get_part_body($mime_id, $formatted = false, $max_bytes = 0, $mode = null)
+ {
+ if (!($part = $this->mime_parts[$mime_id])) {
+ return;
+ }
+
+ // allow plugins to modify part body
+ $plugin = $this->app->plugins->exec_hook('message_part_body',
+ array('object' => $this, 'part' => $part));
+
+ // only text parts can be formatted
+ $formatted = $formatted && $part->ctype_primary == 'text';
+
+ // part body not fetched yet... save in memory if it's small enough
+ if ($part->body === null && is_numeric($mime_id) && $part->size < self::BODY_MAX_SIZE) {
+ $this->storage->set_folder($this->folder);
+ // Warning: body here should be always unformatted
+ $part->body = $this->storage->get_message_part($this->uid, $mime_id, $part,
+ null, null, true, 0, false);
+ }
+
+ // body stored in message structure (winmail/inline-uuencode)
+ if ($part->body !== null || $part->encoding == 'stream') {
+ $body = $part->body;
+
+ if ($formatted && $body) {
+ $body = self::format_part_body($body, $part, $this->headers->charset);
+ }
+
+ if ($max_bytes && strlen($body) > $max_bytes) {
+ $body = substr($body, 0, $max_bytes);
+ }
+
+ if (is_resource($mode)) {
+ if ($body !== false) {
+ fwrite($mode, $body);
+ rewind($mode);
+ }
+
+ return $body !== false;
+ }
+
+ if ($mode === -1) {
+ if ($body !== false) {
+ print($body);
+ }
+
+ return $body !== false;
+ }
+
+ return $body;
+ }
+
+ // get the body from IMAP
+ $this->storage->set_folder($this->folder);
+
+ $body = $this->storage->get_message_part($this->uid, $mime_id, $part,
+ $mode === -1, is_resource($mode) ? $mode : null,
+ !($mode && $formatted), $max_bytes, $mode && $formatted);
+
+ if (is_resource($mode)) {
+ rewind($mode);
+ return $body !== false;
+ }
+
+ if (!$mode && $body && $formatted) {
+ $body = self::format_part_body($body, $part, $this->headers->charset);
+ }
+
+ return $body;
+ }
/**
- * Determine if the message contains a HTML part
+ * Format text message part for display
*
- * @param bool $recursive Enables checking in all levels of the structure
- * @param bool $enriched Enables checking for text/enriched parts too
+ * @param string $body Part body
+ * @param rcube_message_part $part Part object
+ * @param string $default_charset Fallback charset if part charset is not specified
+ *
+ * @return string Formatted body
+ */
+ public static function format_part_body($body, $part, $default_charset = null)
+ {
+ // remove useless characters
+ $body = preg_replace('/[\t\r\0\x0B]+\n/', "\n", $body);
+
+ // remove NULL characters if any (#1486189)
+ if (strpos($body, "\x00") !== false) {
+ $body = str_replace("\x00", '', $body);
+ }
+
+ // detect charset...
+ if (!$part->charset || strtoupper($part->charset) == 'US-ASCII') {
+ // try to extract charset information from HTML meta tag (#1488125)
+ if ($part->ctype_secondary == 'html' && preg_match('/<meta[^>]+charset=([a-z0-9-_]+)/i', $body, $m)) {
+ $part->charset = strtoupper($m[1]);
+ }
+ else if ($default_charset) {
+ $part->charset = $default_charset;
+ }
+ else {
+ $rcube = rcube::get_instance();
+ $part->charset = $rcube->config->get('default_charset', RCUBE_CHARSET);
+ }
+ }
+
+ // ..convert charset encoding
+ $body = rcube_charset::convert($body, $part->charset);
+
+ return $body;
+ }
+
+ /**
+ * Determine if the message contains a HTML part. This must to be
+ * a real part not an attachment (or its part)
+ *
+ * @param bool $enriched Enables checking for text/enriched parts too
+ * @param rcube_message_part &$part Reference to the part if found
*
* @return bool True if a HTML is available, False if not
*/
- function has_html_part($recursive = true, $enriched = false)
+ public function has_html_part($enriched = false, &$part = null)
{
// check all message parts
- foreach ($this->parts as $part) {
+ foreach ($this->mime_parts as $part) {
if ($part->mimetype == 'text/html' || ($enriched && $part->mimetype == 'text/enriched')) {
- // Level check, we'll skip e.g. HTML attachments
- if (!$recursive) {
- $level = explode('.', $part->mime_id);
+ // Skip if part is an attachment, don't use is_attachment() here
+ if ($part->filename) {
+ continue;
+ }
- // Skip if part is an attachment
- if ($this->is_attachment($part)) {
- continue;
+ $level = explode('.', $part->mime_id);
+ $depth = count($level);
+ $last = '';
+
+ // Check if the part belongs to higher-level's multipart part
+ // this can be alternative/related/signed/encrypted or mixed
+ while (array_pop($level) !== null) {
+ $parent_depth = count($level);
+ if (!$parent_depth) {
+ return true;
}
- // Check if the part belongs to higher-level's alternative/related
- while (array_pop($level) !== null) {
- if (!count($level)) {
- return true;
- }
+ $parent = $this->mime_parts[join('.', $level)];
+ $max_delta = $depth - (1 + ($last == 'multipart/alternative' ? 1 : 0));
+ $last = $parent->mimetype;
- $parent = $this->mime_parts[join('.', $level)];
- if ($parent->mimetype != 'multipart/alternative' && $parent->mimetype != 'multipart/related') {
- continue 2;
- }
+ if (!preg_match('/^multipart\/(alternative|related|signed|encrypted|mixed)$/', $parent->mimetype)
+ || ($parent->mimetype == 'multipart/mixed' && $parent_depth < $max_delta)) {
+ continue 2;
}
}
- return true;
- }
- }
-
- return false;
- }
-
-
- /**
- * Return the first HTML part of this message
- *
- * @return string HTML message part content
- */
- function first_html_part()
- {
- // check all message parts
- foreach ($this->mime_parts as $pid => $part) {
- if ($part->mimetype == 'text/html') {
- return $this->get_part_content($pid);
- }
- }
- }
-
-
- /**
- * Return the first text part of this message
- *
- * @param rcube_message_part $part Reference to the part if found
- * @return string Plain text message/part content
- */
- function first_text_part(&$part=null)
- {
- // no message structure, return complete body
- if (empty($this->parts))
- return $this->body;
-
- // check all message parts
- foreach ($this->mime_parts as $mime_id => $part) {
- if ($part->mimetype == 'text/plain') {
- return $this->get_part_content($mime_id);
- }
- else if ($part->mimetype == 'text/html') {
- $out = $this->get_part_content($mime_id);
-
- // create instance of html2text class
- $txt = new rcube_html2text($out);
- return $txt->get_text();
+ if ($part->size) {
+ return true;
+ }
}
}
$part = null;
- return null;
+
+ return false;
}
+ /**
+ * Determine if the message contains a text/plain part. This must to be
+ * a real part not an attachment (or its part)
+ *
+ * @param rcube_message_part &$part Reference to the part if found
+ *
+ * @return bool True if a plain text part is available, False if not
+ */
+ public function has_text_part(&$part = null)
+ {
+ // check all message parts
+ foreach ($this->mime_parts as $part) {
+ if ($part->mimetype == 'text/plain') {
+ // Skip if part is an attachment, don't use is_attachment() here
+ if ($part->filename) {
+ continue;
+ }
+
+ $level = explode('.', $part->mime_id);
+
+ // Check if the part belongs to higher-level's alternative/related
+ while (array_pop($level) !== null) {
+ if (!count($level)) {
+ return true;
+ }
+
+ $parent = $this->mime_parts[join('.', $level)];
+ if ($parent->mimetype != 'multipart/alternative' && $parent->mimetype != 'multipart/related') {
+ continue 2;
+ }
+ }
+
+ if ($part->size) {
+ return true;
+ }
+ }
+ }
+
+ $part = null;
+
+ return false;
+ }
+
+ /**
+ * Return the first HTML part of this message
+ *
+ * @param rcube_message_part &$part Reference to the part if found
+ * @param bool $enriched Enables checking for text/enriched parts too
+ *
+ * @return string HTML message part content
+ */
+ public function first_html_part(&$part = null, $enriched = false)
+ {
+ if ($this->has_html_part($enriched, $part)) {
+ $body = $this->get_part_body($part->mime_id, true);
+
+ if ($part->mimetype == 'text/enriched') {
+ $body = rcube_enriched::to_html($body);
+ }
+
+ return $body;
+ }
+ }
+
+ /**
+ * Return the first text part of this message.
+ * If there's no text/plain part but $strict=true and text/html part
+ * exists, it will be returned in text/plain format.
+ *
+ * @param rcube_message_part &$part Reference to the part if found
+ * @param bool $strict Check only text/plain parts
+ *
+ * @return string Plain text message/part content
+ */
+ public function first_text_part(&$part = null, $strict = false)
+ {
+ // no message structure, return complete body
+ if (empty($this->parts)) {
+ return $this->body;
+ }
+
+ if ($this->has_text_part($part)) {
+ return $this->get_part_body($part->mime_id, true);
+ }
+
+ if (!$strict && ($body = $this->first_html_part($part, true))) {
+ // create instance of html2text class
+ $h2t = new rcube_html2text($body);
+ return $h2t->get_text();
+ }
+ }
/**
* Checks if part of the message is an attachment (or part of it)
@@ -308,6 +488,27 @@
return false;
}
+ /**
+ * In a multipart/encrypted encrypted message,
+ * find the encrypted message payload part.
+ *
+ * @return rcube_message_part
+ */
+ public function get_multipart_encrypted_part()
+ {
+ foreach ($this->mime_parts as $mime_id => $mpart) {
+ if ($mpart->mimetype == 'multipart/encrypted') {
+ $this->pgp_mime = true;
+ }
+ if ($this->pgp_mime && ($mpart->mimetype == 'application/octet-stream' ||
+ (!empty($mpart->filename) && $mpart->filename != 'version.txt'))) {
+ $this->encrypted_part = $mime_id;
+ return $mpart;
+ }
+ }
+
+ return false;
+ }
/**
* Read the message structure returend by the IMAP server
@@ -324,15 +525,17 @@
// parse headers from message/rfc822 part
if (!isset($structure->headers['subject']) && !isset($structure->headers['from'])) {
- list($headers, $dump) = explode("\r\n\r\n", $this->get_part_content($structure->mime_id, null, true, 8192));
+ list($headers, ) = explode("\r\n\r\n", $this->get_part_body($structure->mime_id, false, 32768));
$structure->headers = rcube_mime::parse_headers($headers);
}
}
- else
+ else {
$mimetype = $structure->mimetype;
+ }
// show message headers
- if ($recursive && is_array($structure->headers) && (isset($structure->headers['subject']) || isset($structure->headers['from']))) {
+ if ($recursive && is_array($structure->headers) &&
+ (isset($structure->headers['subject']) || $structure->headers['from'] || $structure->headers['to'])) {
$c = new stdClass;
$c->type = 'headers';
$c->headers = $structure->headers;
@@ -344,11 +547,15 @@
array('object' => $this, 'structure' => $structure,
'mimetype' => $mimetype, 'recursive' => $recursive));
- if ($plugin['abort'])
+ if ($plugin['abort']) {
return;
+ }
$structure = $plugin['structure'];
- list($message_ctype_primary, $message_ctype_secondary) = explode('/', $plugin['mimetype']);
+ $mimetype = $plugin['mimetype'];
+ $recursive = $plugin['recursive'];
+
+ list($message_ctype_primary, $message_ctype_secondary) = explode('/', $mimetype);
// print body if message doesn't have multiple parts
if ($message_ctype_primary == 'text' && !$recursive) {
@@ -378,12 +585,6 @@
else if ($mimetype == 'multipart/alternative'
&& is_array($structure->parts) && count($structure->parts) > 1
) {
- $plain_part = null;
- $html_part = null;
- $print_part = null;
- $related_part = null;
- $attach_part = null;
-
// get html/plaintext parts, other add to attachments list
foreach ($structure->parts as $p => $sub_part) {
$sub_mimetype = $sub_part->mimetype;
@@ -394,17 +595,26 @@
continue;
}
+ // We've encountered (malformed) messages with more than
+ // one text/plain or text/html part here. There's no way to choose
+ // which one is better, so we'll display first of them and add
+ // others as attachments (#1489358)
+
// check if sub part is
if ($is_multipart)
$related_part = $p;
- else if ($sub_mimetype == 'text/plain')
+ else if ($sub_mimetype == 'text/plain' && !$plain_part)
$plain_part = $p;
- else if ($sub_mimetype == 'text/html')
+ else if ($sub_mimetype == 'text/html' && !$html_part) {
$html_part = $p;
- else if ($sub_mimetype == 'text/enriched')
+ $this->got_html_part = true;
+ }
+ else if ($sub_mimetype == 'text/enriched' && !$enriched_part)
$enriched_part = $p;
- else
- $attach_part = $p;
+ else {
+ // add unsupported/unrecognized parts to attachments list
+ $this->attachments[] = $sub_part;
+ }
}
// parse related part (alternative part could be in here)
@@ -445,19 +655,6 @@
$this->parts[] = $c;
}
-
- // add html part as attachment
- if ($html_part !== null && $structure->parts[$html_part] !== $print_part) {
- $html_part = $structure->parts[$html_part];
- $html_part->mimetype = 'text/html';
-
- $this->attachments[] = $html_part;
- }
-
- // add unsupported/unrecognized parts to attachments list
- if ($attach_part) {
- $this->attachments[] = $structure->parts[$attach_part];
- }
}
// this is an ecrypted message -> create a plaintext body with the according message
else if ($mimetype == 'multipart/encrypted') {
@@ -467,8 +664,19 @@
$p->ctype_secondary = 'plain';
$p->mimetype = 'text/plain';
$p->realtype = 'multipart/encrypted';
+ $p->mime_id = $structure->mime_id;
$this->parts[] = $p;
+
+ // add encrypted payload part as attachment
+ if (is_array($structure->parts)) {
+ for ($i=0; $i < count($structure->parts); $i++) {
+ $subpart = $structure->parts[$i];
+ if ($subpart->mimetype == 'application/octet-stream' || !empty($subpart->filename)) {
+ $this->attachments[] = $subpart;
+ }
+ }
+ }
}
// this is an S/MIME ecrypted message -> create a plaintext body with the according message
else if ($mimetype == 'application/pkcs7-mime') {
@@ -478,8 +686,13 @@
$p->ctype_secondary = 'plain';
$p->mimetype = 'text/plain';
$p->realtype = 'application/pkcs7-mime';
+ $p->mime_id = $structure->mime_id;
$this->parts[] = $p;
+
+ if (!empty($structure->filename)) {
+ $this->attachments[] = $structure;
+ }
}
// message contains multiple parts
else if (is_array($structure->parts) && !empty($structure->parts)) {
@@ -488,23 +701,16 @@
$mail_part = &$structure->parts[$i];
$primary_type = $mail_part->ctype_primary;
$secondary_type = $mail_part->ctype_secondary;
+ $part_mimetype = $mail_part->mimetype;
- // real content-type of message/rfc822
- if ($mail_part->real_mimetype) {
- $part_orig_mimetype = $mail_part->mimetype;
- $part_mimetype = $mail_part->real_mimetype;
- list($primary_type, $secondary_type) = explode('/', $part_mimetype);
- }
- else
- $part_mimetype = $mail_part->mimetype;
-
- // multipart/alternative
- if ($primary_type == 'multipart') {
+ // multipart/alternative or message/rfc822
+ if ($primary_type == 'multipart' || $part_mimetype == 'message/rfc822') {
$this->parse_structure($mail_part, true);
// list message/rfc822 as attachment as well (mostly .eml)
- if ($part_orig_mimetype == 'message/rfc822' && !empty($mail_part->filename))
+ if ($primary_type == 'message' && !empty($mail_part->filename)) {
$this->attachments[] = $mail_part;
+ }
}
// part text/[plain|html] or delivery status
else if ((($part_mimetype == 'text/plain' || $part_mimetype == 'text/html') && $mail_part->disposition != 'attachment') ||
@@ -515,11 +721,12 @@
array('object' => $this, 'structure' => $mail_part,
'mimetype' => $part_mimetype, 'recursive' => true));
- if ($plugin['abort'])
+ if ($plugin['abort']) {
continue;
+ }
if ($part_mimetype == 'text/html' && $mail_part->size) {
- $got_html_part = true;
+ $this->got_html_part = true;
}
$mail_part = $plugin['structure'];
@@ -538,18 +745,6 @@
if (!empty($mail_part->filename)) {
$this->attachments[] = $mail_part;
}
- // list html part as attachment (here the part is most likely inside a multipart/related part)
- else if ($this->parse_alternative && ($secondary_type == 'html' && !$this->opt['prefer_html'])) {
- $this->attachments[] = $mail_part;
- }
- }
- // part message/*
- else if ($primary_type == 'message') {
- $this->parse_structure($mail_part, true);
-
- // list as attachment as well (mostly .eml)
- if (!empty($mail_part->filename))
- $this->attachments[] = $mail_part;
}
// ignore "virtual" protocol parts
else if ($primary_type == 'protocol') {
@@ -557,9 +752,16 @@
}
// part is Microsoft Outlook TNEF (winmail.dat)
else if ($part_mimetype == 'application/ms-tnef') {
- foreach ((array)$this->tnef_decode($mail_part) as $tpart) {
+ $tnef_parts = (array) $this->tnef_decode($mail_part);
+ foreach ($tnef_parts as $tpart) {
$this->mime_parts[$tpart->mime_id] = $tpart;
$this->attachments[] = $tpart;
+ }
+
+ // add winmail.dat to the list if it's content is unknown
+ if (empty($tnef_parts) && !empty($mail_part->filename)) {
+ $this->mime_parts[$mail_part->mime_id] = $mail_part;
+ $this->attachments[] = $mail_part;
}
}
// part is a file/attachment
@@ -574,21 +776,14 @@
// part belongs to a related message and is linked
if (preg_match('/^multipart\/(related|relative)/', $mimetype)
- && ($mail_part->headers['content-id'] || $mail_part->headers['content-location'])) {
+ && ($mail_part->headers['content-id'] || $mail_part->headers['content-location'])
+ ) {
if ($mail_part->headers['content-id'])
$mail_part->content_id = preg_replace(array('/^</', '/>$/'), '', $mail_part->headers['content-id']);
if ($mail_part->headers['content-location'])
$mail_part->content_location = $mail_part->headers['content-base'] . $mail_part->headers['content-location'];
$this->inline_parts[] = $mail_part;
- }
- // attachment encapsulated within message/rfc822 part needs further decoding (#1486743)
- else if ($part_orig_mimetype == 'message/rfc822') {
- $this->parse_structure($mail_part, true);
-
- // list as attachment as well (mostly .eml)
- if (!empty($mail_part->filename))
- $this->attachments[] = $mail_part;
}
// regular attachment with valid content type
// (content-type name regexp according to RFC4288.4.2)
@@ -605,9 +800,13 @@
$this->attachments[] = $mail_part;
}
}
- // attachment part as message/rfc822 (#1488026)
- else if ($mail_part->mimetype == 'message/rfc822') {
- $this->parse_structure($mail_part);
+ // calendar part not marked as attachment (#1490325)
+ else if ($part_mimetype == 'text/calendar') {
+ if (!$mail_part->filename) {
+ $mail_part->filename = 'calendar.ics';
+ }
+
+ $this->attachments[] = $mail_part;
}
}
@@ -617,7 +816,7 @@
$img_regexp = '/^image\/(gif|jpe?g|png|tiff|bmp|svg)/';
foreach ($this->inline_parts as $inline_object) {
- $part_url = $this->get_part_url($inline_object->mime_id, true);
+ $part_url = $this->get_part_url($inline_object->mime_id, $inline_object->ctype_primary);
if (isset($inline_object->content_id))
$a_replaces['cid:'.$inline_object->content_id] = $part_url;
if ($inline_object->content_location) {
@@ -628,7 +827,7 @@
// MS Outlook sends sometimes non-related attachments as related
// In this case multipart/related message has only one text part
// We'll add all such attachments to the attachments list
- if (!isset($got_html_part) && empty($inline_object->content_id)) {
+ if (!isset($this->got_html_part)) {
$this->attachments[] = $inline_object;
}
// MS Outlook sometimes also adds non-image attachments as related
@@ -661,7 +860,6 @@
}
}
-
/**
* Fill aflat array with references to all parts, indexed by part numbers
*
@@ -677,7 +875,6 @@
$this->get_mime_numbers($part->parts[$i]);
}
-
/**
* Decode a Microsoft Outlook TNEF part (winmail.dat)
*
@@ -686,20 +883,18 @@
*/
function tnef_decode(&$part)
{
- // @TODO: attachment may be huge, hadle it via file
- if (!isset($part->body)) {
- $this->storage->set_folder($this->folder);
- $part->body = $this->storage->get_message_part($this->uid, $part->mime_id, $part);
- }
+ // @TODO: attachment may be huge, handle body via file
+ $body = $this->get_part_body($part->mime_id);
+ $tnef = new rcube_tnef_decoder;
+ $tnef_arr = $tnef->decompress($body);
+ $parts = array();
- $parts = array();
- $tnef = new tnef_decoder;
- $tnef_arr = $tnef->decompress($part->body);
+ unset($body);
foreach ($tnef_arr as $pid => $winatt) {
$tpart = new rcube_message_part;
- $tpart->filename = trim($winatt['name']);
+ $tpart->filename = $this->fix_attachment_name(trim($winatt['name']), $part);
$tpart->encoding = 'stream';
$tpart->ctype_primary = trim(strtolower($winatt['type']));
$tpart->ctype_secondary = trim(strtolower($winatt['subtype']));
@@ -715,7 +910,6 @@
return $parts;
}
-
/**
* Parse message body for UUencoded attachments bodies
*
@@ -724,55 +918,109 @@
*/
function uu_decode(&$part)
{
- // @TODO: messages may be huge, hadle body via file
- if (!isset($part->body)) {
- $this->storage->set_folder($this->folder);
- $part->body = $this->storage->get_message_part($this->uid, $part->mime_id, $part);
- }
+ // @TODO: messages may be huge, handle body via file
+ $part->body = $this->get_part_body($part->mime_id);
+ $parts = array();
+ $pid = 0;
- $parts = array();
// FIXME: line length is max.65?
- $uu_regexp = '/begin [0-7]{3,4} ([^\n]+)\n/s';
+ $uu_regexp_begin = '/begin [0-7]{3,4} ([^\r\n]+)\r?\n/s';
+ $uu_regexp_end = '/`\r?\nend((\r?\n)|($))/s';
- if (preg_match_all($uu_regexp, $part->body, $matches, PREG_SET_ORDER)) {
- // update message content-type
- $part->ctype_primary = 'multipart';
- $part->ctype_secondary = 'mixed';
- $part->mimetype = $part->ctype_primary . '/' . $part->ctype_secondary;
- $uu_endstring = "`\nend\n";
+ while (preg_match($uu_regexp_begin, $part->body, $matches, PREG_OFFSET_CAPTURE)) {
+ $startpos = $matches[0][1];
- // add attachments to the structure
- foreach ($matches as $pid => $att) {
- $startpos = strpos($part->body, $att[1]) + strlen($att[1]) + 1; // "\n"
- $endpos = strpos($part->body, $uu_endstring);
- $filebody = substr($part->body, $startpos, $endpos-$startpos);
-
- // remove attachments bodies from the message body
- $part->body = substr_replace($part->body, "", $startpos, $endpos+strlen($uu_endstring)-$startpos);
-
- $uupart = new rcube_message_part;
-
- $uupart->filename = trim($att[1]);
- $uupart->encoding = 'stream';
- $uupart->body = convert_uudecode($filebody);
- $uupart->size = strlen($uupart->body);
- $uupart->mime_id = 'uu.' . $part->mime_id . '.' . $pid;
-
- $ctype = rcube_mime::content_type($uupart->body, $uupart->filename, 'application/octet-stream', true);
- $uupart->mimetype = $ctype;
- list($uupart->ctype_primary, $uupart->ctype_secondary) = explode('/', $ctype);
-
- $parts[] = $uupart;
- unset($matches[$pid]);
+ if (!preg_match($uu_regexp_end, $part->body, $m, PREG_OFFSET_CAPTURE, $startpos)) {
+ break;
}
- // remove attachments bodies from the message body
- $part->body = preg_replace($uu_regexp, '', $part->body);
+ $endpos = $m[0][1];
+ $begin_len = strlen($matches[0][0]);
+ $end_len = strlen($m[0][0]);
+
+ // extract attachment body
+ $filebody = substr($part->body, $startpos + $begin_len, $endpos - $startpos - $begin_len - 1);
+ $filebody = str_replace("\r\n", "\n", $filebody);
+
+ // remove attachment body from the message body
+ $part->body = substr_replace($part->body, '', $startpos, $endpos + $end_len - $startpos);
+ // mark body as modified so it will not be cached by rcube_imap_cache
+ $part->body_modified = true;
+
+ // add attachments to the structure
+ $uupart = new rcube_message_part;
+ $uupart->filename = trim($matches[1][0]);
+ $uupart->encoding = 'stream';
+ $uupart->body = convert_uudecode($filebody);
+ $uupart->size = strlen($uupart->body);
+ $uupart->mime_id = 'uu.' . $part->mime_id . '.' . $pid;
+
+ $ctype = rcube_mime::file_content_type($uupart->body, $uupart->filename, 'application/octet-stream', true);
+ $uupart->mimetype = $ctype;
+ list($uupart->ctype_primary, $uupart->ctype_secondary) = explode('/', $ctype);
+
+ $parts[] = $uupart;
+ $pid++;
}
return $parts;
}
+ /**
+ * Fix attachment name encoding if needed/possible
+ */
+ protected function fix_attachment_name($name, $part)
+ {
+ if ($name == rcube_charset::clean($name)) {
+ return $name;
+ }
+
+ // find charset from part or its parent(s)
+ if ($part->charset) {
+ $charsets[] = $part->charset;
+ }
+ else {
+ // check first part (common case)
+ $n = strpos($part->mime_id, '.') ? preg_replace('/\.[0-9]+$/', '', $part->mime_id) . '.1' : 1;
+ if (($_part = $this->mime_parts[$n]) && $_part->charset) {
+ $charsets[] = $_part->charset;
+ }
+
+ // check parents' charset
+ $items = explode('.', $part->mime_id);
+ for ($i = count($items)-1; $i > 0; $i--) {
+ $last = array_pop($items);
+ $parent = $this->mime_parts[join('.', $items)];
+
+ if ($parent && $parent->charset) {
+ $charsets[] = $parent->charset;
+ }
+ }
+ }
+
+ if ($this->headers->charset) {
+ $charsets[] = $this->headers->charset;
+ }
+
+ if (empty($charsets)) {
+ $rcube = rcube::get_instance();
+ $charsets[] = rcube_charset::detect($name, $rcube->config->get('default_charset', RCUBE_CHARSET));
+ }
+
+ foreach (array_unique($charsets) as $charset) {
+ $_name = rcube_charset::convert($name, $charset);
+
+ if ($_name == rcube_charset::clean($_name)) {
+ if (!$part->charset) {
+ $part->charset = $charset;
+ }
+
+ return $_name;
+ }
+ }
+
+ return $name;
+ }
/**
* Deprecated methods (to be removed)
@@ -787,5 +1035,4 @@
{
return rcube_mime::format_flowed($text, $length);
}
-
}
--
Gitblit v1.9.1