From bd0551b22076b82a6d49e9f7a2b2e0c90a1b2326 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Fri, 05 Feb 2016 07:25:27 -0500
Subject: [PATCH] Secure also downloads of addressbook exports, managesieve script exports and Enigma keys exports
---
program/steps/mail/sendmail.inc | 57 +++++++++++++++++++--------------------------------------
1 files changed, 19 insertions(+), 38 deletions(-)
diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc
index bb32f6e..dbd6f98 100644
--- a/program/steps/mail/sendmail.inc
+++ b/program/steps/mail/sendmail.inc
@@ -234,7 +234,7 @@
// sending aborted by plugin
if ($data['abort'] && !$savedraft) {
- $OUTPUT->show_message($data['message'] ? $data['message'] : 'sendingfailed');
+ $OUTPUT->show_message($data['message'] ?: 'sendingfailed');
$OUTPUT->send('iframe');
}
else {
@@ -247,14 +247,15 @@
$message_body = rcube_utils::get_input_value('_message', rcube_utils::INPUT_POST, TRUE, $message_charset);
if (isset($_POST['_pgpmime'])) {
- $pgp_mime = rcube_utils::get_input_value('_pgpmime', rcube_utils::INPUT_POST);
- $message_body = 'This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)';
- $isHtml = false;
+ $pgp_mime = rcube_utils::get_input_value('_pgpmime', rcube_utils::INPUT_POST);
+ $isHtml = false;
+ $message_body = '';
// clear unencrypted attachments
- foreach ($COMPOSE['attachments'] as $attach) {
+ foreach ((array) $COMPOSE['attachments'] as $attach) {
$RCMAIL->plugins->exec_hook('attachment_delete', $attach);
}
+
$COMPOSE['attachments'] = array();
}
@@ -454,7 +455,7 @@
}
else {
$ctype = str_replace('image/pjpeg', 'image/jpeg', $attachment['mimetype']); // #1484914
- $file = $attachment['data'] ? $attachment['data'] : $attachment['path'];
+ $file = $attachment['data'] ?: $attachment['path'];
$folding = (int) $RCMAIL->config->get('mime_param_folding');
$MAIL_MIME->addAttachment($file,
@@ -489,39 +490,19 @@
// compose PGP/Mime message
if ($pgp_mime) {
- $MAIL_MIME->addAttachment(
- 'Version: 1',
- 'application/pgp-encrypted',
- 'version.txt', // required by Mail_mime::addAttachment()
- false,
- '8bit',
- '', // $disposition
- '', // $charset
- '', // $language
- '', // $location
- null, // $n_encoding
- null, // $f_encoding
- 'PGP/MIME version identification'
- );
+ $MAIL_MIME->addAttachment(new Mail_mimePart('Version: 1', array(
+ 'content_type' => 'application/pgp-encrypted',
+ 'description' => 'PGP/MIME version identification',
+ )));
- // patch filename out of the version part
- foreach ($MAIL_MIME->_parts as $_i => $_part) {
- if ($_part['c_type'] == 'application/pgp-encrypted') {
- $MAIL_MIME->_parts[$_i]['name'] = '';
- break;
- }
- }
+ $MAIL_MIME->addAttachment(new Mail_mimePart($pgp_mime, array(
+ 'content_type' => 'application/octet-stream',
+ 'filename' => 'encrypted.asc',
+ 'disposition' => 'inline',
+ )));
- $MAIL_MIME->addAttachment(
- $pgp_mime,
- 'application/octet-stream',
- 'encrypted.asc',
- false,
- '8bit',
- 'inline'
- );
-
- $MAIL_MIME->setContentType('multipart/encrypted', array('protocol' => "application/pgp-encrypted"));
+ $MAIL_MIME->setContentType('multipart/encrypted', array('protocol' => 'application/pgp-encrypted'));
+ $MAIL_MIME->setParam('preamble', 'This is an OpenPGP/MIME encrypted message (RFC 2440 and 3156)');
}
// encoding settings for mail composing
@@ -692,7 +673,7 @@
array('msgid' => $message_id, 'uid' => $saved, 'folder' => $store_target));
// display success
- $OUTPUT->show_message($plugin['message'] ? $plugin['message'] : 'messagesaved', 'confirmation');
+ $OUTPUT->show_message($plugin['message'] ?: 'messagesaved', 'confirmation');
// update "_draft_saveid" and the "cmp_hash" to prevent "Unsaved changes" warning
$COMPOSE['param']['draft_uid'] = $plugin['uid'];
--
Gitblit v1.9.1