| +-----------------------------------------------------------------------+ */ // show loading page if (!empty($_GET['_preload'])) { $url = preg_replace('/([&?]+)_preload=/', '\\1_embed=', $_SERVER['REQUEST_URI']); $message = rcube_label('loadingdata'); header('Content-Type: text/html; charset=' . RCMAIL_CHARSET); print "\n
\n" . '' . "\n" . '' . "\n" . "\n\n$message\n\n"; exit; } ob_end_clean(); // similar code as in program/steps/mail/show.inc if (!empty($_GET['_uid'])) { $RCMAIL->config->set('prefer_html', true); $MESSAGE = new rcube_message(get_input_value('_uid', RCUBE_INPUT_GET)); } // check connection status check_storage_status(); // show part page if (!empty($_GET['_frame'])) { if (($part_id = get_input_value('_part', RCUBE_INPUT_GPC)) && ($part = $MESSAGE->mime_parts[$part_id])) { $filename = $part->filename; if (empty($filename) && $part->mimetype == 'text/html') { $filename = rcube_label('htmlmessage'); } if (!empty($filename)) { $OUTPUT->set_pagetitle($filename); } } $OUTPUT->send('messagepart'); exit; } // render thumbnail of an image attachment else if ($_GET['_thumb']) { $pid = get_input_value('_part', RCUBE_INPUT_GET); if ($part = $MESSAGE->mime_parts[$pid]) { $thumbnail_size = $RCMAIL->config->get('image_thumbnail_size', 240); $temp_dir = $RCMAIL->config->get('temp_dir'); list(,$ext) = explode('/', $part->mimetype); $cache_basename = $temp_dir . '/' . md5($MESSAGE->headers->messageID . $part->mime_id . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size); $cache_file = $cache_basename . '.' . $ext; $mimetype = $part->mimetype; // render thumbnail image if not done yet if (!is_file($cache_file)) { $fp = fopen(($orig_name = $cache_basename . '.orig.' . $ext), 'w'); $MESSAGE->get_part_content($part->mime_id, $fp); fclose($fp); $image = new rcube_image($orig_name); if ($imgtype = $image->resize($RCMAIL->config->get('image_thumbnail_size', 240), $cache_file, true)) { $mimetype = 'image/' . $imgtype; unlink($orig_name); } else { rename($orig_name, $cache_file); } } if (is_file($cache_file)) { header('Content-Type: ' . $mimetype); readfile($cache_file); } } exit; } else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) { if ($part = $MESSAGE->mime_parts[$pid]) { $ctype_primary = strtolower($part->ctype_primary); $ctype_secondary = strtolower($part->ctype_secondary); $mimetype = sprintf('%s/%s', $ctype_primary, $ctype_secondary); // allow post-processing of the message body $plugin = $RCMAIL->plugins->exec_hook('message_part_get', array('uid' => $MESSAGE->uid, 'id' => $part->mime_id, 'mimetype' => $mimetype, 'part' => $part, 'download' => !empty($_GET['_download']))); if ($plugin['abort']) exit; // overwrite modified vars from plugin $mimetype = $plugin['mimetype']; $extensions = rcube_mime::get_mime_extensions($mimetype); if ($plugin['body']) $part->body = $plugin['body']; // compare file mimetype with the stated content-type headers and file extension to avoid malicious operations if (!empty($_REQUEST['_embed']) && empty($_REQUEST['_nocheck'])) { $file_extension = strtolower(pathinfo($part->filename, PATHINFO_EXTENSION)); // 1. compare filename suffix with expected suffix derived from mimetype $valid = $file_extension && in_array($file_extension, (array)$extensions); // 2. detect the real mimetype of the attachment part and compare it with the stated mimetype and filename extension if ($valid || !$file_extension || $mimetype == 'application/octet-stream') { if ($part->body) // part body is already loaded $body = $part->body; else if ($part->size && $part->size < 1024*1024) // load the entire part if it's small enough $body = $part->body = $MESSAGE->get_part_content($part->mime_id); else // fetch the first 2K of the message part $body = $MESSAGE->get_part_content($part->mime_id, null, true, 2048); // detect message part mimetype $real_mimetype = rcube_mime::file_content_type($body, $part->filename, $mimetype, true, true); list($real_ctype_primary, $real_ctype_secondary) = explode('/', $real_mimetype); // ignore differences in text/* mimetypes. Filetype detection isn't very reliable here if ($real_ctype_primary == 'text' && strpos($mimetype, $real_ctype_primary) === 0) $real_mimetype = $mimetype; // get valid file extensions $extensions = rcube_mime::get_mime_extensions($real_mimetype); $valid_extension = (!$file_extension || in_array($file_extension, (array)$extensions)); // fix mimetype for images wrongly declared as octet-stream if ($mimetype == 'application/octet-stream' && strpos($real_mimetype, 'image/') === 0 && $valid_extension) $mimetype = $real_mimetype; $valid = ($real_mimetype == $mimetype && $valid_extension); } else { $real_mimetype = $mimetype; } // show warning if validity checks failed if (!$valid) { $OUTPUT = new rcmail_html_page(); $OUTPUT->write(html::tag('html', null, html::tag('body', array('style' => 'font-family:sans-serif; margin:1em'), html::div(array('class' => 'warning', 'style' => 'border:2px solid #ffdf0e; background:#fef893; padding:1em 1em 0 1em;'), rcube_label(array( 'name' => 'attachmentvalidationerror', 'vars' => array('expected' => "$mimetype (.$file_extension)", 'detected' => "$real_mimetype (.$extensions[0])") )) . html::p('buttons', html::a(array( 'href' => $RCMAIL->url(array_merge($_GET, array('_nocheck' => 1))), 'style' => 'text-decoration:none;color:#000', ), html::tag('button', null, rcube_label('showanyway')))) ) ))); exit; } } // TIFF to JPEG conversion, if needed $tiff_support = !empty($_SESSION['browser_caps']) && !empty($_SESSION['browser_caps']['tif']); if (!empty($_REQUEST['_embed']) && !$tiff_support && $RCMAIL->config->get('im_convert_path') && rcmail_part_image_type($part) == 'image/tiff' ) { $tiff2jpeg = true; $mimetype = 'image/jpeg'; } $browser = $RCMAIL->output->browser; list($ctype_primary, $ctype_secondary) = explode('/', $mimetype); // send download headers if ($plugin['download']) { header("Content-Type: application/octet-stream"); if ($browser->ie) header("Content-Type: application/force-download"); } else if ($ctype_primary == 'text') { header("Content-Type: text/$ctype_secondary; charset=" . ($part->charset ? $part->charset : RCMAIL_CHARSET)); } else { $mimetype = rcmail_fix_mimetype($mimetype); header("Content-Type: $mimetype"); header("Content-Transfer-Encoding: binary"); } // deliver part content if ($ctype_primary == 'text' && $ctype_secondary == 'html' && empty($plugin['download'])) { // Check if we have enough memory to handle the message in it // #1487424: we need up to 10x more memory than the body if (!rcmail_mem_check($part->size * 10)) { $out = '' . rcube_label('messagetoobig'). ' ' . html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part='.$part->mime_id .'&_mbox='. urlencode($RCMAIL->storage->get_folder()), rcube_label('download')) . '