| +-----------------------------------------------------------------------+ */ // show loading page if (!empty($_GET['_preload'])) { $url = preg_replace('/([&?]+)_preload=/', '\\1_mimewarning=1&_embed=', $_SERVER['REQUEST_URI']); $message = rcube_label('loadingdata'); header('Content-Type: text/html; charset=' . RCMAIL_CHARSET); print "\n
\n" . '' . "\n" . '' . "\n" . "\n\n$message\n\n"; exit; } ob_end_clean(); // similar code as in program/steps/mail/show.inc if (!empty($_GET['_uid'])) { $RCMAIL->config->set('prefer_html', true); $MESSAGE = new rcube_message(get_input_value('_uid', RCUBE_INPUT_GET)); } // check connection status check_storage_status(); // show part page if (!empty($_GET['_frame'])) { if (($part_id = get_input_value('_part', RCUBE_INPUT_GPC)) && ($part = $MESSAGE->mime_parts[$part_id])) { $OUTPUT->set_pagetitle(rcmail_attachment_name($part)); } $OUTPUT->send('messagepart'); exit; } // render thumbnail of an image attachment else if ($_GET['_thumb']) { $pid = get_input_value('_part', RCUBE_INPUT_GET); if ($part = $MESSAGE->mime_parts[$pid]) { $thumbnail_size = $RCMAIL->config->get('image_thumbnail_size', 240); $temp_dir = $RCMAIL->config->get('temp_dir'); list(,$ext) = explode('/', $part->mimetype); $mimetype = $part->mimetype; $file_ident = $MESSAGE->headers->messageID . ':' . $part->mime_id . ':' . $part->size . ':' . $part->mimetype; $cache_basename = $temp_dir . '/' . md5($file_ident . ':' . $RCMAIL->user->ID . ':' . $thumbnail_size); $cache_file = $cache_basename . '.' . $ext; // render thumbnail image if not done yet if (!is_file($cache_file)) { $fp = fopen(($orig_name = $cache_basename . '.orig.' . $ext), 'w'); $MESSAGE->get_part_content($part->mime_id, $fp); fclose($fp); $image = new rcube_image($orig_name); if ($imgtype = $image->resize($thumbnail_size, $cache_file, true)) { $mimetype = 'image/' . $imgtype; unlink($orig_name); } else { rename($orig_name, $cache_file); } } if (is_file($cache_file)) { header('Content-Type: ' . $mimetype); readfile($cache_file); } } exit; } else if (strlen($pid = get_input_value('_part', RCUBE_INPUT_GET))) { if ($part = $MESSAGE->mime_parts[$pid]) { $mimetype = rcmail_fix_mimetype($part->mimetype); // allow post-processing of the message body $plugin = $RCMAIL->plugins->exec_hook('message_part_get', array('uid' => $MESSAGE->uid, 'id' => $part->mime_id, 'mimetype' => $mimetype, 'part' => $part, 'download' => !empty($_GET['_download']))); if ($plugin['abort']) exit; // overwrite modified vars from plugin $mimetype = $plugin['mimetype']; $extensions = rcube_mime::get_mime_extensions($mimetype); if ($plugin['body']) $part->body = $plugin['body']; // compare file mimetype with the stated content-type headers and file extension to avoid malicious operations if (!empty($_REQUEST['_embed']) && empty($_REQUEST['_nocheck'])) { $file_extension = strtolower(pathinfo($part->filename, PATHINFO_EXTENSION)); // 1. compare filename suffix with expected suffix derived from mimetype $valid = $file_extension && in_array($file_extension, (array)$extensions) || !empty($_REQUEST['_mimeclass']); // 2. detect the real mimetype of the attachment part and compare it with the stated mimetype and filename extension if ($valid || !$file_extension || $mimetype == 'application/octet-stream' || $mimetype == 'text/plain') { if ($part->body) // part body is already loaded $body = $part->body; else if ($part->size && $part->size < 1024*1024) // load the entire part if it's small enough $body = $part->body = $MESSAGE->get_part_content($part->mime_id); else // fetch the first 2K of the message part $body = $MESSAGE->get_part_content($part->mime_id, null, true, 2048); // detect message part mimetype $real_mimetype = rcube_mime::file_content_type($body, $part->filename, $mimetype, true, true); list($real_ctype_primary, $real_ctype_secondary) = explode('/', $real_mimetype); // accept text/plain with any extension if ($real_mimetype == 'text/plain' && $real_mimetype == $mimetype) $file_extension = 'txt'; // ignore differences in text/* mimetypes. Filetype detection isn't very reliable here if ($real_ctype_primary == 'text' && strpos($mimetype, $real_ctype_primary) === 0) $real_mimetype = $mimetype; // get valid file extensions $extensions = rcube_mime::get_mime_extensions($real_mimetype); $valid_extension = (!$file_extension || in_array($file_extension, (array)$extensions)); // ignore filename extension if mimeclass matches (#1489029) if (!empty($_REQUEST['_mimeclass']) && $real_ctype_primary == $_REQUEST['_mimeclass']) $valid_extension = true; // fix mimetype for images wrongly declared as octet-stream if ($mimetype == 'application/octet-stream' && strpos($real_mimetype, 'image/') === 0 && $valid_extension) $mimetype = $real_mimetype; $valid = ($real_mimetype == $mimetype && $valid_extension); } else { $real_mimetype = $mimetype; } // show warning if validity checks failed if (!$valid) { // send blocked.gif for expected images if (empty($_REQUEST['_mimewarning']) && strpos($mimetype, 'image/') === 0) { // Do not cache. Failure might be the result of a misconfiguration, thus real content should be returned once fixed. $OUTPUT->nocacheing_headers(); header("Content-Type: image/gif"); header("Content-Transfer-Encoding: binary"); readfile(INSTALL_PATH . 'program/resources/blocked.gif'); } else { // html warning with a button to load the file anyway $OUTPUT = new rcmail_html_page(); $OUTPUT->write(html::tag('html', null, html::tag('body', 'embed', html::div(array('class' => 'rcmail-inline-message rcmail-inline-warning'), rcube_label(array( 'name' => 'attachmentvalidationerror', 'vars' => array( 'expected' => $mimetype . ($file_extension ? "(.$file_extension)" : ''), 'detected' => $real_mimetype . ($extensions[0] ? "(.$extensions[0])" : ''), ) )) . html::p(array('class' => 'rcmail-inline-buttons'), html::tag('button', array('onclick' => "location.href='" . $RCMAIL->url(array_merge($_GET, array('_nocheck' => 1))) . "'"), rcube_label('showanyway'))) ) ))); } exit; } } // TIFF to JPEG conversion, if needed $tiff_support = !empty($_SESSION['browser_caps']) && !empty($_SESSION['browser_caps']['tif']); if (!empty($_REQUEST['_embed']) && !$tiff_support && $RCMAIL->config->get('im_convert_path') && rcmail_part_image_type($part) == 'image/tiff' ) { $tiff2jpeg = true; $mimetype = 'image/jpeg'; } $browser = $RCMAIL->output->browser; list($ctype_primary, $ctype_secondary) = explode('/', $mimetype); // send download headers if ($plugin['download']) { header("Content-Type: application/octet-stream"); if ($browser->ie) header("Content-Type: application/force-download"); } else if ($ctype_primary == 'text') { header("Content-Type: text/$ctype_secondary; charset=" . ($part->charset ? $part->charset : RCMAIL_CHARSET)); } else { header("Content-Type: $mimetype"); header("Content-Transfer-Encoding: binary"); } // deliver part content if ($ctype_primary == 'text' && $ctype_secondary == 'html' && empty($plugin['download'])) { // Check if we have enough memory to handle the message in it // #1487424: we need up to 10x more memory than the body if (!rcmail_mem_check($part->size * 10)) { $out = '' . rcube_label('messagetoobig'). ' ' . html::a('?_task=mail&_action=get&_download=1&_uid='.$MESSAGE->uid.'&_part='.$part->mime_id .'&_mbox='. urlencode($RCMAIL->storage->get_folder()), rcube_label('download')) . '