You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

get.inc 26KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729
  1. <?php
  2. /**
  3. +-----------------------------------------------------------------------+
  4. | program/steps/mail/get.inc |
  5. | |
  6. | This file is part of the Roundcube Webmail client |
  7. | Copyright (C) 2005-2016, The Roundcube Dev Team |
  8. | |
  9. | Licensed under the GNU General Public License version 3 or |
  10. | any later version with exceptions for skins & plugins. |
  11. | See the README file for a full license statement. |
  12. | |
  13. | PURPOSE: |
  14. | Delivering a specific uploaded file or mail message attachment |
  15. | |
  16. +-----------------------------------------------------------------------+
  17. | Author: Thomas Bruederli <roundcube@gmail.com> |
  18. | Author: Aleksander Machniak <alec@alec.pl> |
  19. +-----------------------------------------------------------------------+
  20. */
  21. // show loading page
  22. if (!empty($_GET['_preload'])) {
  23. unset($_GET['_preload']);
  24. unset($_GET['_safe']);
  25. $url = $RCMAIL->url($_GET + array('_mimewarning' => 1, '_embed' => 1));
  26. $message = $RCMAIL->gettext('loadingdata');
  27. header('Content-Type: text/html; charset=' . RCUBE_CHARSET);
  28. print "<html>\n<head>\n"
  29. . '<meta http-equiv="refresh" content="0; url='.rcube::Q($url).'">' . "\n"
  30. . '<meta http-equiv="content-type" content="text/html; charset='.RCUBE_CHARSET.'">' . "\n"
  31. . "</head>\n<body>\n$message\n</body>\n</html>";
  32. exit;
  33. }
  34. $attachment = new rcmail_attachment_handler;
  35. $mimetype = $attachment->mimetype;
  36. $filename = $attachment->filename;
  37. // show part page
  38. if (!empty($_GET['_frame'])) {
  39. $OUTPUT->set_pagetitle($filename);
  40. // register UI objects
  41. $OUTPUT->add_handlers(array(
  42. 'messagepartframe' => 'rcmail_message_part_frame',
  43. 'messagepartcontrols' => 'rcmail_message_part_controls',
  44. ));
  45. $part_id = rcube_utils::get_input_value('_part', rcube_utils::INPUT_GET);
  46. $uid = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_GET);
  47. // message/rfc822 preview (Note: handle also multipart/ parts, they can
  48. // come from Enigma, which replaces message/rfc822 with real mimetype)
  49. if ($part_id && ($mimetype == 'message/rfc822' || strpos($mimetype, 'multipart/') === 0)) {
  50. $uid = preg_replace('/\.[0-9.]+/', '', $uid);
  51. $uid .= '.' . $part_id;
  52. $OUTPUT->set_env('is_message', true);
  53. }
  54. $OUTPUT->set_env('mailbox', $RCMAIL->storage->get_folder());
  55. $OUTPUT->set_env('uid', $uid);
  56. $OUTPUT->set_env('part', $part_id);
  57. $OUTPUT->set_env('filename', $filename);
  58. $OUTPUT->set_env('mimetype', $mimetype);
  59. $OUTPUT->send('messagepart');
  60. exit;
  61. }
  62. // render thumbnail of an image attachment
  63. if (!empty($_GET['_thumb']) && $attachment->is_valid()) {
  64. $thumbnail_size = $RCMAIL->config->get('image_thumbnail_size', 240);
  65. $temp_dir = $RCMAIL->config->get('temp_dir');
  66. $file_ident = $attachment->ident;
  67. $cache_basename = $temp_dir . '/' . md5($file_ident . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size);
  68. $cache_file = $cache_basename . '.thumb';
  69. // render thumbnail image if not done yet
  70. if (!is_file($cache_file) && $attachment->body_to_file($orig_name = $cache_basename . '.tmp')) {
  71. $image = new rcube_image($orig_name);
  72. if ($imgtype = $image->resize($thumbnail_size, $cache_file, true)) {
  73. $mimetype = 'image/' . $imgtype;
  74. }
  75. else {
  76. // Resize failed, we need to check the file mimetype
  77. // So, we do not exit here, but goto generic file body handler below
  78. $_GET['_thumb'] = 0;
  79. $_REQUEST['_embed'] = 1;
  80. }
  81. }
  82. if (!empty($_GET['_thumb'])) {
  83. if (is_file($cache_file)) {
  84. $RCMAIL->output->future_expire_header(3600);
  85. header('Content-Type: ' . $mimetype);
  86. header('Content-Length: ' . filesize($cache_file));
  87. readfile($cache_file);
  88. }
  89. exit;
  90. }
  91. }
  92. // Handle attachment body (display or download)
  93. if (empty($_GET['_thumb']) && $attachment->is_valid()) {
  94. // require CSRF protected url for downloads
  95. if (!empty($_GET['_download'])) {
  96. $RCMAIL->request_security_check(rcube_utils::INPUT_GET);
  97. }
  98. $extensions = rcube_mime::get_mime_extensions($mimetype);
  99. // compare file mimetype with the stated content-type headers and file extension to avoid malicious operations
  100. if (!empty($_REQUEST['_embed']) && empty($_REQUEST['_nocheck'])) {
  101. $file_extension = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
  102. // 1. compare filename suffix with expected suffix derived from mimetype
  103. $valid = $file_extension && in_array($file_extension, (array)$extensions) || empty($extensions) || !empty($_REQUEST['_mimeclass']);
  104. // 2. detect the real mimetype of the attachment part and compare it with the stated mimetype and filename extension
  105. if ($valid || !$file_extension || $mimetype == 'application/octet-stream' || stripos($mimetype, 'text/') === 0) {
  106. $tmp_body = $attachment->body(2048);
  107. // detect message part mimetype
  108. $real_mimetype = rcube_mime::file_content_type($tmp_body, $filename, $mimetype, true, true);
  109. list($real_ctype_primary, $real_ctype_secondary) = explode('/', $real_mimetype);
  110. // accept text/plain with any extension
  111. if ($real_mimetype == 'text/plain' && $real_mimetype == $mimetype) {
  112. $valid_extension = true;
  113. }
  114. // ignore differences in text/* mimetypes. Filetype detection isn't very reliable here
  115. else if ($real_ctype_primary == 'text' && strpos($mimetype, $real_ctype_primary) === 0) {
  116. $real_mimetype = $mimetype;
  117. $valid_extension = true;
  118. }
  119. // ignore filename extension if mimeclass matches (#1489029)
  120. else if (!empty($_REQUEST['_mimeclass']) && $real_ctype_primary == $_REQUEST['_mimeclass']) {
  121. $valid_extension = true;
  122. }
  123. else {
  124. // get valid file extensions
  125. $extensions = rcube_mime::get_mime_extensions($real_mimetype);
  126. $valid_extension = !$file_extension || empty($extensions) || in_array($file_extension, (array)$extensions);
  127. }
  128. // fix mimetype for images wrongly declared as octet-stream
  129. if ($mimetype == 'application/octet-stream' && strpos($real_mimetype, 'image/') === 0 && $valid_extension) {
  130. $mimetype = $real_mimetype;
  131. }
  132. // fix mimetype for images with wrong mimetype
  133. else if (strpos($real_mimetype, 'image/') === 0 && strpos($mimetype, 'image/') === 0) {
  134. $mimetype = $real_mimetype;
  135. }
  136. // "fix" real mimetype the same way the original is before comparison
  137. $real_mimetype = rcmail_fix_mimetype($real_mimetype);
  138. $valid = $real_mimetype == $mimetype && $valid_extension;
  139. }
  140. else {
  141. $real_mimetype = $mimetype;
  142. }
  143. // show warning if validity checks failed
  144. if (!$valid) {
  145. // send blocked.gif for expected images
  146. if (empty($_REQUEST['_mimewarning']) && strpos($mimetype, 'image/') === 0) {
  147. // Do not cache. Failure might be the result of a misconfiguration, thus real content should be returned once fixed.
  148. $content = $RCMAIL->get_resource_content('blocked.gif');
  149. $OUTPUT->nocacheing_headers();
  150. header("Content-Type: image/gif");
  151. header("Content-Transfer-Encoding: binary");
  152. header("Content-Length: " . strlen($content));
  153. echo $content;
  154. }
  155. else { // html warning with a button to load the file anyway
  156. $OUTPUT = new rcmail_html_page();
  157. $OUTPUT->write(html::tag('html', null, html::tag('body', 'embed',
  158. html::div(array('class' => 'rcmail-inline-message rcmail-inline-warning'),
  159. $RCMAIL->gettext(array(
  160. 'name' => 'attachmentvalidationerror',
  161. 'vars' => array(
  162. 'expected' => $mimetype . ($file_extension ? " (.$file_extension)" : ''),
  163. 'detected' => $real_mimetype . ($extensions[0] ? " (.$extensions[0])" : ''),
  164. )
  165. ))
  166. . html::p(array('class' => 'rcmail-inline-buttons'),
  167. html::tag('button', array(
  168. 'onclick' => "location.href='" . $RCMAIL->url(array_merge($_GET, array('_nocheck' => 1))) . "'"
  169. ),
  170. $RCMAIL->gettext('showanyway'))
  171. )
  172. ))));
  173. }
  174. exit;
  175. }
  176. }
  177. // TIFF/WEBP to JPEG conversion, if needed
  178. foreach (array('tiff', 'webp') as $type) {
  179. $img_support = !empty($_SESSION['browser_caps']) && !empty($_SESSION['browser_caps'][$type]);
  180. if (!empty($_REQUEST['_embed']) && !$img_support
  181. && $attachment->image_type() == 'image/' . $type
  182. && rcube_image::is_convertable('image/' . $type)
  183. ) {
  184. $convert2jpeg = true;
  185. $mimetype = 'image/jpeg';
  186. break;
  187. }
  188. }
  189. $browser = $RCMAIL->output->browser;
  190. list($ctype_primary, $ctype_secondary) = explode('/', $mimetype);
  191. if (!empty($_GET['_download']) && $ctype_primary == 'text') {
  192. header("Content-Type: text/$ctype_secondary; charset=" . $attachment->charset);
  193. }
  194. else {
  195. header("Content-Type: $mimetype");
  196. header("Content-Transfer-Encoding: binary");
  197. }
  198. // deliver part content
  199. if ($mimetype == 'text/html' && empty($_GET['_download'])) {
  200. // Check if we have enough memory to handle the message in it
  201. // #1487424: we need up to 10x more memory than the body
  202. if (!rcube_utils::mem_check($attachment->size * 10)) {
  203. $out = '<html><body>'
  204. . $RCMAIL->gettext('messagetoobig'). ' '
  205. . html::a($RCMAIL->url(array_merge($_GET, array('download' => 1))), $RCMAIL->gettext('download'))
  206. . '</body></html>';
  207. }
  208. else {
  209. // render HTML body
  210. $out = $attachment->html();
  211. // insert remote objects warning into HTML body
  212. if ($REMOTE_OBJECTS) {
  213. $body_start = 0;
  214. if ($body_pos = strpos($out, '<body')) {
  215. $body_start = strpos($out, '>', $body_pos) + 1;
  216. }
  217. $out = substr($out, 0, $body_start)
  218. . html::div(array('class' => 'rcmail-inline-message rcmail-inline-warning'),
  219. rcube::Q($RCMAIL->gettext('blockedimages')) . '&nbsp;' .
  220. html::tag('button',
  221. array('onclick' => "location.href='" . $RCMAIL->url(array_merge($_GET, array('_safe' => 1))) . "'"),
  222. rcube::Q($RCMAIL->gettext('showimages')))
  223. )
  224. . substr($out, $body_start);
  225. }
  226. }
  227. $OUTPUT = new rcmail_html_page();
  228. $OUTPUT->write($out);
  229. exit;
  230. }
  231. // don't kill the connection if download takes some more time
  232. @set_time_limit(3600);
  233. $filename = $browser->ie ? rawurlencode($filename) : addcslashes($filename, '"');
  234. $disposition = !empty($_GET['_download']) ? 'attachment' : 'inline';
  235. // add filename extension if missing
  236. if (!pathinfo($filename, PATHINFO_EXTENSION) && ($extensions = rcube_mime::get_mime_extensions($mimetype))) {
  237. $filename .= '.' . $extensions[0];
  238. }
  239. header("Content-Disposition: $disposition; filename=\"$filename\"");
  240. // handle tiff to jpeg conversion
  241. if (!empty($convert2jpeg)) {
  242. $temp_dir = unslashify($RCMAIL->config->get('temp_dir'));
  243. $file_path = tempnam($temp_dir, 'rcmAttmnt');
  244. // convert image to jpeg and send it to the browser
  245. if ($attachment->body_to_file($file_path)) {
  246. $image = new rcube_image($file_path);
  247. if ($image->convert(rcube_image::TYPE_JPG, $file_path)) {
  248. header("Content-Length: " . filesize($file_path));
  249. readfile($file_path);
  250. }
  251. }
  252. }
  253. else {
  254. $attachment->output($mimetype);
  255. }
  256. exit;
  257. }
  258. // if we arrive here, the requested part was not found
  259. header('HTTP/1.1 404 Not Found');
  260. exit;
  261. /**
  262. * Attachment properties table
  263. */
  264. function rcmail_message_part_controls($attrib)
  265. {
  266. global $attachment, $RCMAIL;
  267. if (!$attachment->is_valid()) {
  268. return '';
  269. }
  270. $table = new html_table(array('cols' => 2));
  271. $table->add('title', rcube::Q($RCMAIL->gettext('namex')).':');
  272. $table->add('header', rcube::Q($attachment->filename));
  273. $table->add('title', rcube::Q($RCMAIL->gettext('type')).':');
  274. $table->add('header', rcube::Q($attachment->mimetype));
  275. $table->add('title', rcube::Q($RCMAIL->gettext('size')).':');
  276. $table->add('header', rcube::Q($attachment->size()));
  277. return $table->show($attrib);
  278. }
  279. /**
  280. * Attachment preview frame
  281. */
  282. function rcmail_message_part_frame($attrib)
  283. {
  284. global $RCMAIL;
  285. if ($RCMAIL->output->get_env('is_message')) {
  286. $attrib['src'] = $RCMAIL->url(array(
  287. 'task' => 'mail',
  288. 'action' => 'preview',
  289. 'uid' => $RCMAIL->output->get_env('uid'),
  290. 'mbox' => $RCMAIL->output->get_env('mailbox'),
  291. 'framed' => 1,
  292. ));
  293. }
  294. else {
  295. $mimetype = $RCMAIL->output->get_env('mimetype');
  296. $frame_replace = strpos($mimetype, 'text/') === 0 ? '_embed=' : '_preload=';
  297. $attrib['src'] = './?' . str_replace('_frame=', $frame_replace, $_SERVER['QUERY_STRING']);
  298. }
  299. $RCMAIL->output->add_gui_object('messagepartframe', $attrib['id']);
  300. return html::iframe($attrib);
  301. }
  302. /**
  303. * Wrapper class with unified access to attachment properties and body
  304. *
  305. * Unified for message parts as well as uploaded attachments
  306. */
  307. class rcmail_attachment_handler
  308. {
  309. public $filename;
  310. public $size;
  311. public $mimetype;
  312. public $ident;
  313. public $charset = RCUBE_CHARSET;
  314. private $message;
  315. private $part;
  316. private $upload;
  317. private $body;
  318. private $body_file;
  319. private $download = false;
  320. /**
  321. * Class constructor.
  322. * Reads request parameters and initializes attachment/part props.
  323. */
  324. public function __construct()
  325. {
  326. ob_end_clean();
  327. $part_id = rcube_utils::get_input_value('_part', rcube_utils::INPUT_GET);
  328. $file_id = rcube_utils::get_input_value('_file', rcube_utils::INPUT_GET);
  329. $compose_id = rcube_utils::get_input_value('_id', rcube_utils::INPUT_GET);
  330. $uid = rcube_utils::get_input_value('_uid', rcube_utils::INPUT_GET);
  331. $rcube = rcube::get_instance();
  332. $this->download = !empty($_GET['_download']);
  333. // similar code as in program/steps/mail/show.inc
  334. if (!empty($uid)) {
  335. $rcube->config->set('prefer_html', true);
  336. $this->message = new rcube_message($uid, null, intval($_GET['_safe']));
  337. if ($this->part = $this->message->mime_parts[$part_id]) {
  338. $this->filename = rcmail_attachment_name($this->part);
  339. $this->mimetype = $this->part->mimetype;
  340. $this->size = $this->part->size;
  341. $this->ident = $this->message->headers->messageID . ':' . $this->part->mime_id . ':' . $this->size . ':' . $this->mimetype;
  342. $this->charset = $this->part->charset ?: RCUBE_CHARSET;
  343. if (empty($_GET['_frame'])) {
  344. // allow post-processing of the attachment body
  345. $plugin = $rcube->plugins->exec_hook('message_part_get', array(
  346. 'uid' => $uid,
  347. 'id' => $this->part->mime_id,
  348. 'mimetype' => $this->mimetype,
  349. 'part' => $this->part,
  350. 'download' => $this->download,
  351. ));
  352. if ($plugin['abort']) {
  353. exit;
  354. }
  355. // overwrite modified vars from plugin
  356. $this->mimetype = $plugin['mimetype'];
  357. if ($plugin['body']) {
  358. $this->body = $plugin['body'];
  359. $this->size = strlen($this->body);
  360. }
  361. }
  362. }
  363. }
  364. else if ($file_id && $compose_id) {
  365. $file_id = preg_replace('/^rcmfile/', '', $file_id);
  366. if (($compose = $_SESSION['compose_data_' . $compose_id])
  367. && ($this->upload = $compose['attachments'][$file_id])
  368. ) {
  369. $this->filename = $this->upload['name'];
  370. $this->mimetype = $this->upload['mimetype'];
  371. $this->size = $this->upload['size'];
  372. $this->ident = sprintf('%s:%s%s', $compose_id, $file_id, $this->size);
  373. $this->charset = $this->upload['charset'] ?: RCUBE_CHARSET;
  374. }
  375. }
  376. if (empty($this->part) && empty($this->upload)) {
  377. header('HTTP/1.1 404 Not Found');
  378. exit;
  379. }
  380. // check connection status
  381. self::check_storage_status();
  382. $this->mimetype = rcmail_fix_mimetype($this->mimetype);
  383. }
  384. /**
  385. * Remove temp files, etc.
  386. */
  387. public function __destruct()
  388. {
  389. if ($this->body_file) {
  390. @unlink($this->body_file);
  391. }
  392. }
  393. /**
  394. * Check if the object is a message part not uploaded file
  395. *
  396. * @return bool True if the object is a meesage part
  397. */
  398. public function is_message_part()
  399. {
  400. return !empty($this->message);
  401. }
  402. /**
  403. * Object/request status
  404. *
  405. * @return bool Status
  406. */
  407. public function is_valid()
  408. {
  409. return !empty($this->part) || !empty($this->upload);
  410. }
  411. /**
  412. * Return attachment/part mimetype if this is an image
  413. * of supported type.
  414. *
  415. * @return string Image mimetype
  416. */
  417. public function image_type()
  418. {
  419. $part = (object) array(
  420. 'filename' => $this->filename,
  421. 'mimetype' => $this->mimetype,
  422. );
  423. return rcmail_part_image_type($part);
  424. }
  425. /**
  426. * Formatted attachment/part size (with units)
  427. *
  428. * @return string Attachment/part size (with units)
  429. */
  430. public function size()
  431. {
  432. $part = $this->part ?: ((object) array('size' => $this->size, 'exact_size' => true));
  433. return rcube::get_instance()->message_part_size($part);
  434. }
  435. /**
  436. * Returns, prints or saves the attachment/part body
  437. */
  438. public function body($size = null, $fp = null)
  439. {
  440. // we may have the body in memory or file already
  441. if ($this->body !== null) {
  442. if ($fp == -1) {
  443. echo $size ? substr($this->body, 0, $size) : $this->body;
  444. }
  445. else if ($fp) {
  446. $result = fwrite($fp, $size ? substr($this->body, $size) : $this->body) !== false;
  447. }
  448. else {
  449. $result = $size ? substr($this->body, 0, $size) : $this->body;
  450. }
  451. }
  452. else if ($this->body_file) {
  453. if ($size) {
  454. $result = file_get_contents($this->body_file, false, null, 0, $size);
  455. }
  456. else {
  457. $result = file_get_contents($this->body_file);
  458. }
  459. if ($fp == -1) {
  460. echo $result;
  461. }
  462. else if ($fp) {
  463. $result = fwrite($fp, $result) !== false;
  464. }
  465. }
  466. else if ($this->message) {
  467. $result = $this->message->get_part_body($this->part->mime_id, false, 0, $fp);
  468. // check connection status
  469. if (!$fp && $this->size && empty($result)) {
  470. self::check_storage_status();
  471. }
  472. }
  473. else if ($this->upload) {
  474. // This hook retrieves the attachment contents from the file storage backend
  475. $attachment = rcube::get_instance()->plugins->exec_hook('attachment_get', $this->upload);
  476. if ($fp && $fp != -1) {
  477. if ($attachment['data']) {
  478. $result = fwrite($fp, $size ? substr($attachment['data'], 0, $size) : $attachment['data']) !== false;
  479. }
  480. else if ($attachment['path']) {
  481. if ($fh = fopen($attachment['path'], 'rb')) {
  482. $result = stream_copy_to_stream($fh, $fp, $size ? $size : -1);
  483. }
  484. }
  485. }
  486. else {
  487. $data = $attachment['data'];
  488. if (!$data && $attachment['path']) {
  489. $data = file_get_contents($attachment['path']);
  490. }
  491. if ($fp == -1) {
  492. echo $size ? substr($data, 0, $size) : $data;
  493. }
  494. else {
  495. $result = $size ? substr($data, 0, $size) : $data;
  496. }
  497. }
  498. }
  499. return $result;
  500. }
  501. /**
  502. * Save the body to a file
  503. *
  504. * @param string $filename File name with path
  505. *
  506. * @return bool True on success, False on failure
  507. */
  508. public function body_to_file($filename)
  509. {
  510. if ($filename && $this->size && ($fp = fopen($filename, 'w'))) {
  511. $this->body(0, $fp);
  512. $this->body_file = $filename;
  513. fclose($fp);
  514. @chmod(filename, 0600);
  515. return true;
  516. }
  517. return false;
  518. }
  519. /**
  520. * Output attachment body with content filtering
  521. */
  522. public function output($mimetype)
  523. {
  524. if (!$this->size) {
  525. return false;
  526. }
  527. $secure = stripos($mimetype, 'image/') === false || $this->download;
  528. // Remove <script> in SVG images
  529. if (!$secure && stripos($mimetype, 'image/svg') === 0) {
  530. if (!$this->body) {
  531. $this->body = $this->body();
  532. if (empty($this->body)) {
  533. return false;
  534. }
  535. }
  536. echo self::svg_filter($this->body);
  537. return true;
  538. }
  539. if ($this->body !== null && !$this->download) {
  540. header("Content-Length: " . strlen($this->body));
  541. echo $this->body;
  542. return true;
  543. }
  544. // Don't be tempted to set Content-Length to $part->d_parameters['size'] (#1490482)
  545. // RFC2183 says "The size parameter indicates an approximate size"
  546. return $this->body(0, -1);
  547. }
  548. /**
  549. * Returns formatted HTML if the attachment is HTML
  550. */
  551. public function html()
  552. {
  553. list($type, $subtype) = explode($this->mimetype, '/');
  554. $part = (object) array(
  555. 'charset' => $this->charset,
  556. 'ctype_secondary' => $subtype,
  557. );
  558. // get part body if not available
  559. // fix formatting and charset
  560. $body = rcube_message::format_part_body($this->body(), $part);
  561. // show images?
  562. $is_safe = $this->is_safe();
  563. return rcmail_wash_html($body, array('safe' => $is_safe, 'inline_html' => false));
  564. }
  565. /**
  566. * Remove <script> in SVG images
  567. */
  568. public static function svg_filter($body)
  569. {
  570. // clean SVG with washtml
  571. $wash_opts = array(
  572. 'show_washed' => false,
  573. 'allow_remote' => false,
  574. 'charset' => RCUBE_CHARSET,
  575. 'html_elements' => array('title'),
  576. // 'blocked_src' => 'program/resources/blocked.gif',
  577. );
  578. // initialize HTML washer
  579. $washer = new rcube_washtml($wash_opts);
  580. // allow CSS styles, will be sanitized by rcmail_washtml_callback()
  581. $washer->add_callback('style', 'rcmail_washtml_callback');
  582. return $washer->wash($body);
  583. }
  584. /**
  585. * Handles nicely storage connection errors
  586. */
  587. public static function check_storage_status()
  588. {
  589. $error = rcmail::get_instance()->storage->get_error_code();
  590. // Check if we have a connection error
  591. if ($error == rcube_imap_generic::ERROR_BAD) {
  592. ob_end_clean();
  593. // Get action is often executed simultaneously.
  594. // Some servers have MAXPERIP or other limits.
  595. // To workaround this we'll wait for some time
  596. // and try again (once).
  597. // Note: Random sleep interval is used to minimize concurency
  598. // in getting message parts
  599. if (!isset($_GET['_redirected'])) {
  600. usleep(rand(10,30)*100000); // 1-3 sec.
  601. header('Location: ' . $_SERVER['REQUEST_URI'] . '&_redirected=1');
  602. }
  603. else {
  604. rcube::raise_error(array(
  605. 'code' => 500, 'file' => __FILE__, 'line' => __LINE__,
  606. 'message' => 'Unable to get/display message part. IMAP connection error'),
  607. true, true);
  608. }
  609. // Don't kill session, just quit (#1486995)
  610. exit;
  611. }
  612. }
  613. public function is_safe()
  614. {
  615. if ($this->message) {
  616. return rcmail_check_safe($this->message);
  617. }
  618. return !empty($_GET['_safe']);
  619. }
  620. }