From a021d6f1873be1df373ad9cd4985aebb1198c230 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Wed, 10 Apr 2013 23:12:23 +0200
Subject: Skip filename suffix check for embedded images; return blocked.gif
 instead of HTML warning when embedded (#1489029)

---
 program/lib/Roundcube/rcube_message.php |  5 ++--
 program/steps/mail/func.inc             |  4 +--
 program/steps/mail/get.inc              | 48 +++++++++++++++++++++------------
 3 files changed, 36 insertions(+), 21 deletions(-)

diff --git a/program/lib/Roundcube/rcube_message.php b/program/lib/Roundcube/rcube_message.php
index 69735fc52..cfe501ba5 100644
--- a/program/lib/Roundcube/rcube_message.php
+++ b/program/lib/Roundcube/rcube_message.php
@@ -149,12 +149,13 @@ class rcube_message
      * Compose a valid URL for getting a message part
      *
      * @param string $mime_id Part MIME-ID
+     * @param mixed  $embed Mimetype class for parts to be embedded
      * @return string URL or false if part does not exist
      */
     public function get_part_url($mime_id, $embed = false)
     {
         if ($this->mime_parts[$mime_id])
-            return $this->opt['get_url'] . '&_part=' . $mime_id . ($embed ? '&_embed=1' : '');
+            return $this->opt['get_url'] . '&_part=' . $mime_id . ($embed ? '&_embed=1&_mimeclass=' . $embed : '');
         else
             return false;
     }
@@ -642,7 +643,7 @@ class rcube_message
                 $img_regexp = '/^image\/(gif|jpe?g|png|tiff|bmp|svg)/';
 
                 foreach ($this->inline_parts as $inline_object) {
-                    $part_url = $this->get_part_url($inline_object->mime_id, true);
+                    $part_url = $this->get_part_url($inline_object->mime_id, $inline_object->ctype_primary);
                     if (isset($inline_object->content_id))
                         $a_replaces['cid:'.$inline_object->content_id] = $part_url;
                     if ($inline_object->content_location) {
diff --git a/program/steps/mail/func.inc b/program/steps/mail/func.inc
index 6333cf46d..dd8e6b7f9 100644
--- a/program/steps/mail/func.inc
+++ b/program/steps/mail/func.inc
@@ -1194,7 +1194,7 @@ function rcmail_message_body($attrib)
              html::a($show_link + array('class' => 'image-link', 'style' => sprintf('width:%dpx', $thumbnail_size)),
                html::img(array(
                 'class' => 'image-thumbnail',
-                'src'   => $MESSAGE->get_part_url($attach_prop->mime_id, true) . '&_thumb=1',
+                'src'   => $MESSAGE->get_part_url($attach_prop->mime_id, 'image') . '&_thumb=1',
                 'title' => $attach_prop->filename,
                 'alt'   => $attach_prop->filename,
                 'style' => sprintf('max-width:%dpx; max-height:%dpx', $thumbnail_size, $thumbnail_size),
@@ -1214,7 +1214,7 @@ function rcmail_message_body($attrib)
             html::tag('legend', 'image-filename', Q($attach_prop->filename)) .
             html::p(array('align' => "center"),
               html::img(array(
-                'src'   => $MESSAGE->get_part_url($attach_prop->mime_id, true),
+                'src'   => $MESSAGE->get_part_url($attach_prop->mime_id, 'image'),
                 'title' => $attach_prop->filename,
                 'alt'   => $attach_prop->filename,
               )))
diff --git a/program/steps/mail/get.inc b/program/steps/mail/get.inc
index 23dc22b7c..8218aec73 100644
--- a/program/steps/mail/get.inc
+++ b/program/steps/mail/get.inc
@@ -22,7 +22,7 @@
 
 // show loading page
 if (!empty($_GET['_preload'])) {
-  $url = preg_replace('/([&?]+)_preload=/', '\\1_embed=', $_SERVER['REQUEST_URI']);
+  $url = preg_replace('/([&?]+)_preload=/', '\\1_mimewarning=1&_embed=', $_SERVER['REQUEST_URI']);
   $message = rcube_label('loadingdata');
 
   header('Content-Type: text/html; charset=' . RCMAIL_CHARSET);
@@ -118,7 +118,7 @@ else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) {
       $file_extension = strtolower(pathinfo($part->filename, PATHINFO_EXTENSION));
 
       // 1. compare filename suffix with expected suffix derived from mimetype
-      $valid = $file_extension && in_array($file_extension, (array)$extensions);
+      $valid = $file_extension && in_array($file_extension, (array)$extensions) || !empty($_REQUEST['_mimeclass']);
 
       // 2. detect the real mimetype of the attachment part and compare it with the stated mimetype and filename extension
       if ($valid || !$file_extension || $mimetype == 'application/octet-stream' || $mimetype == 'text/plain') {
@@ -145,6 +145,10 @@ else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) {
         $extensions = rcube_mime::get_mime_extensions($real_mimetype);
         $valid_extension = (!$file_extension || in_array($file_extension, (array)$extensions));
 
+        // ignore filename extension if mimeclass matches (#1489029)
+        if (!empty($_REQUEST['_mimeclass']) && $real_ctype_primary == $_REQUEST['_mimeclass'])
+          $valid_extension = true;
+
         // fix mimetype for images wrongly declared as octet-stream
         if ($mimetype == 'application/octet-stream' && strpos($real_mimetype, 'image/') === 0 && $valid_extension)
           $mimetype = $real_mimetype;
@@ -157,22 +161,32 @@ else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) {
 
       // show warning if validity checks failed
       if (!$valid) {
-        $OUTPUT = new rcmail_html_page();
-        $OUTPUT->write(html::tag('html', null, html::tag('body', 'embed',
-          html::div(array('class' => 'rcmail-inline-message rcmail-inline-warning'),
-            rcube_label(array(
-              'name' => 'attachmentvalidationerror',
-              'vars' => array(
-                'expected' => $mimetype . ($file_extension ? "(.$file_extension)" : ''),
-                'detected' => $real_mimetype . ($extensions[0] ? "(.$extensions[0])" : ''),
+        // send blocked.gif for expected images
+        if (empty($_REQUEST['_mimewarning']) && strpos($mimetype, 'image/') === 0) {
+          // Do not cache. Failure might be the result of a misconfiguration, thus real content should be returned once fixed. 
+          $OUTPUT->nocacheing_headers();
+          header("Content-Type: image/gif");
+          header("Content-Transfer-Encoding: binary");
+          readfile(INSTALL_PATH . 'program/resources/blocked.gif');
+        }
+        else {  // html warning with a button to load the file anyway
+          $OUTPUT = new rcmail_html_page();
+          $OUTPUT->write(html::tag('html', null, html::tag('body', 'embed',
+            html::div(array('class' => 'rcmail-inline-message rcmail-inline-warning'),
+              rcube_label(array(
+                'name' => 'attachmentvalidationerror',
+                'vars' => array(
+                  'expected' => $mimetype . ($file_extension ? "(.$file_extension)" : ''),
+                  'detected' => $real_mimetype . ($extensions[0] ? "(.$extensions[0])" : ''),
+                )
+              )) .
+              html::p(array('class' => 'rcmail-inline-buttons'),
+                html::tag('button',
+                  array('onclick' => "location.href='" . $RCMAIL->url(array_merge($_GET, array('_nocheck' => 1))) . "'"),
+                  rcube_label('showanyway')))
               )
-            )) .
-            html::p(array('class' => 'rcmail-inline-buttons'),
-              html::tag('button',
-                array('onclick' => "location.href='" . $RCMAIL->url(array_merge($_GET, array('_nocheck' => 1))) . "'"),
-                rcube_label('showanyway')))
-            )
-        )));
+          )));
+        }
         exit;
       }
     }
-- 
cgit v1.2.3