Fix download of attachments that are part of TNEF message (#1490091)

Rcube_message_part::body content should never be modified by code out of the rcube_message.
Added convenient rcube_message::get_part_body() method, making rcube_message::get_part_content() deprecated.

1 files changed, 17 insertions, 23 deletions

diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc
index b260d2c85..948465604 100644
--- a/program/steps/mail/get.inc
+++ b/program/steps/mail/get.inc
@@ -130,7 +130,7 @@ else if (strlen($part_id)) {
         $extensions = rcube_mime::get_mime_extensions($mimetype);
 
         if ($plugin['body']) {
-            $part->body = $plugin['body'];
+            $body = $plugin['body'];
         }
 
         // compare file mimetype with the stated content-type headers and file extension to avoid malicious operations
@@ -142,15 +142,10 @@ else if (strlen($part_id)) {
 
             // 2. detect the real mimetype of the attachment part and compare it with the stated mimetype and filename extension
             if ($valid || !$file_extension || $mimetype == 'application/octet-stream' || stripos($mimetype, 'text/') === 0) {
-                if ($part->body)  // part body is already loaded
-                    $body = $part->body;
-                else if ($part->size && $part->size < 1024*1024)   // load the entire part if it's small enough
-                    $body = $part->body = $MESSAGE->get_part_content($part->mime_id);
-                else  // fetch the first 2K of the message part
-                    $body = $MESSAGE->get_part_content($part->mime_id, null, true, 2048);
+                $tmp_body = $body ?: $MESSAGE->get_part_body($part->mime_id, false, 2048);
 
                 // detect message part mimetype
-                $real_mimetype = rcube_mime::file_content_type($body, $part->filename, $mimetype, true, true);
+                $real_mimetype = rcube_mime::file_content_type($tmp_body, $part->filename, $mimetype, true, true);
                 list($real_ctype_primary, $real_ctype_secondary) = explode('/', $real_mimetype);
 
                 // accept text/plain with any extension
@@ -251,15 +246,15 @@ else if (strlen($part_id)) {
             }
             else {
                 // get part body if not available
-                if (!$part->body) {
-                    $part->body = $MESSAGE->get_part_content($part->mime_id);
+                if (!isset($body)) {
+                    $body = $MESSAGE->get_part_body($part->mime_id, true);
                 }
 
                 // show images?
                 rcmail_check_safe($MESSAGE);
 
                 // render HTML body
-                $out = rcmail_print_body($part, array('safe' => $MESSAGE->is_safe, 'inline_html' => false));
+                $out = rcmail_print_body($body, $part, array('safe' => $MESSAGE->is_safe, 'inline_html' => false));
 
                 // insert remote objects warning into HTML body
                 if ($REMOTE_OBJECTS) {
@@ -280,7 +275,7 @@ else if (strlen($part_id)) {
             }
 
             // check connection status
-            if ($part->size && empty($part->body)) {
+            if ($part->size && empty($body)) {
                 check_storage_status();
             }
 
@@ -320,12 +315,12 @@ else if (strlen($part_id)) {
                 $file_path = tempnam($temp_dir, 'rcmAttmnt');
 
                 // write content to temp file
-                if ($part->body) {
-                    $saved = file_put_contents($file_path, $part->body);
+                if ($body) {
+                    $saved = file_put_contents($file_path, $body);
                 }
                 else if ($part->size) {
                     $fd    = fopen($file_path, 'w');
-                    $saved = $RCMAIL->storage->get_message_part($MESSAGE->uid, $part->mime_id, $part, false, $fd);
+                    $saved = $MESSAGE->get_part_body($part->mime_id, false, 0, $fd);
                     fclose($fd);
                 }
 
@@ -341,22 +336,22 @@ else if (strlen($part_id)) {
             }
             // do content filtering to avoid XSS through fake images
             else if (!empty($_REQUEST['_embed']) && $browser->ie && $browser->ver <= 8) {
-                if ($part->body) {
-                    echo preg_match('/<(script|iframe|object)/i', $part->body) ? '' : $part->body;
+                if ($body) {
+                    echo preg_match('/<(script|iframe|object)/i', $body) ? '' : $body;
                     $sent = true;
                 }
                 else if ($part->size) {
                     $stdout = fopen('php://output', 'w');
                     stream_filter_register('rcube_content', 'rcube_content_filter') or die('Failed to register content filter');
                     stream_filter_append($stdout, 'rcube_content');
-                    $sent = $RCMAIL->storage->get_message_part($MESSAGE->uid, $part->mime_id, $part, false, $stdout);
+                    $sent = $MESSAGE->get_part_body($part->mime_id, true, 0, $stdout);
                 }
             }
             // send part as-it-is
             else {
-                if ($part->body && empty($plugin['download'])) {
-                    header("Content-Length: " . strlen($part->body));
-                    echo $part->body;
+                if ($body && empty($plugin['download'])) {
+                    header("Content-Length: " . strlen($body));
+                    echo $body;
                     $sent = true;
                 }
                 else if ($part->size) {
@@ -364,8 +359,7 @@ else if (strlen($part_id)) {
                         header("Content-Length: $size");
                     }
 
-                    // 8th argument disables re-formatting of text/* parts (#1489267)
-                    $sent = $RCMAIL->storage->get_message_part($MESSAGE->uid, $part->mime_id, $part, true, null, false, 0, false);
+                    $sent = $MESSAGE->get_part_body($part->mime_id, false, 0, -1);
                 }
             }