diff --git a/mail/inc/class.mail_compose.inc.php b/mail/inc/class.mail_compose.inc.php index d376d3f415..f08c6eaeaf 100644 --- a/mail/inc/class.mail_compose.inc.php +++ b/mail/inc/class.mail_compose.inc.php @@ -1745,25 +1745,34 @@ class mail_compose function getAttachment() { - if(isset($_GET['filename'])) $attachment['filename'] = $_GET['filename']; if(isset($_GET['tmpname'])) $attachment['tmp_name'] = $_GET['tmpname']; if(isset($_GET['name'])) $attachment['name'] = $_GET['name']; //if(isset($_GET['size'])) $attachment['size'] = $_GET['size']; if(isset($_GET['type'])) $attachment['type'] = $_GET['type']; //error_log(__METHOD__.__LINE__.array2string($_GET)); - if (isset($attachment['filename']) && parse_url($attachment['filename'],PHP_URL_SCHEME) == 'vfs') + if (isset($attachment['tmp_name']) && parse_url($attachment['tmp_name'],PHP_URL_SCHEME) == 'vfs') { egw_vfs::load_wrapper('vfs'); + $attachment['attachment'] = file_get_contents($attachment['tmp_name']); + } + // attachment data in temp_dir, only use basename of given name, to not allow path traversal + elseif(!file_exists($tmp_path = $GLOBALS['egw_info']['server']['temp_dir'].SEP.basename($attachment['tmp_name']))) + { + header('HTTP/1.1 404 Not found'); + die('Attachment '.htmlspecialchars($attachment['tmp_name']).' NOT found!'); + } + else + { + $attachment['attachment'] = file_get_contents($tmp_path); } - $attachment['attachment'] = file_get_contents($attachment['tmp_name']); //error_log(__METHOD__.__LINE__.' FileSize:'.filesize($attachment['tmp_name'])); if ($_GET['mode'] != "save") { if (strtoupper($attachment['type']) == 'TEXT/DIRECTORY') { $sfxMimeType = $attachment['type']; - $buff = explode('.',$attachment['filename']); + $buff = explode('.',$attachment['tmp_name']); $suffix = ''; if (is_array($buff)) $suffix = array_pop($buff); // take the last extension to check with ext2mime if (!empty($suffix)) $sfxMimeType = mime_magic::ext2mime($suffix); @@ -1821,12 +1830,10 @@ class mail_compose } } //error_log(__METHOD__.__LINE__.'->'.array2string($attachment)); - $filename = ($attachment['name']?$attachment['name']:($attachment['filename']?$attachment['filename']:$mailbox.'_uid'.$uid.'_part'.$part)); - html::content_header($filename,$attachment['type'],0,True,($_GET['mode'] == "save")); + html::content_header($attachment['name'], $attachment['type'], 0, True, $_GET['mode'] == "save"); echo $attachment['attachment']; - $GLOBALS['egw']->common->egw_exit(); - exit; + common::egw_exit(); } /** @@ -2284,22 +2291,29 @@ class mail_compose break; } - } else { + } + else + { if (isset($attachment['file']) && parse_url($attachment['file'],PHP_URL_SCHEME) == 'vfs') { egw_vfs::load_wrapper('vfs'); + $tmp_path = $attachment['file']; + } + else // non-vfs file has to be in temp_dir + { + $tmp_path = $GLOBALS['egw_info']['server']['temp_dir'].SEP.basename($attachment['file']); } if (isset($attachment['type']) && stripos($attachment['type'],"text/calendar; method=")!==false ) { - $_mailObject->AltExtended = file_get_contents($attachment['file']); + $_mailObject->AltExtended = file_get_contents($tmp_path); $_mailObject->AltExtendedContentType = $attachment['type']; } else { $_mailObject->AddAttachment ( - $attachment['file'], + $tmp_path, $_mailObject->EncodeHeader($attachment['name']), - (strtoupper($attachment['type'])=='MESSAGE/RFC822'?'7bit':'base64'), + strtoupper($attachment['type'])=='MESSAGE/RFC822' ? '7bit' : 'base64', $attachment['type'] ); } diff --git a/mail/js/app.js b/mail/js/app.js index 71a4205d22..30f593afc6 100644 --- a/mail/js/app.js +++ b/mail/js/app.js @@ -2363,7 +2363,6 @@ app.classes.mail = AppJS.extend( case 'TEXT/CALENDAR': case 'TEXT/X-VCALENDAR': url += 'menuaction=mail.mail_compose.getAttachment'; // todo compose for Draft folder - url += '&filename='+attgrid.file; url += '&tmpname='+attgrid.tmp_name; url += '&name='+attgrid.name; //url += '&size='+attgrid.size; @@ -2408,7 +2407,6 @@ app.classes.mail = AppJS.extend( */ default: url += 'menuaction=mail.mail_compose.getAttachment'; // todo compose for Draft folder - url += '&filename='+attgrid.file; url += '&tmpname='+attgrid.tmp_name; url += '&name='+attgrid.name; //url += '&size='+attgrid.size; @@ -2860,10 +2858,10 @@ app.classes.mail = AppJS.extend( messages['all'] = _allMessagesChecked; if (messages['all']=='cancel') return false; if (messages['all']) messages['activeFilters'] = this.mail_getActiveFilters(_action); - - // Make sure a default target folder is set in case of drop target is parent 0 (mail account name) + + // Make sure a default target folder is set in case of drop target is parent 0 (mail account name) if (!target.match(/::/g)) target += '::INBOX'; - + var self = this; egw.json('mail.mail_ui.ajax_copyMessages',[target, messages, 'move'], function(){self.unlock_tree();}) .sendRequest(); @@ -3636,15 +3634,15 @@ app.classes.mail = AppJS.extend( widget:{}, jQClass: '.mailComposeJQueryFolder' }}; - + for(var widget in widgets) { var expanderBtn = widget + '_expander'; widgets[widget].widget = this.et2.getWidgetById(widget); // Add expander button widget to the widgets object widgets[expanderBtn] = {widget:this.et2.getWidgetById(expanderBtn)}; - - if (typeof widgets[widget].widget != 'undefined' + + if (typeof widgets[widget].widget != 'undefined' && typeof widgets[expanderBtn].widget != 'undefined' && widgets[widget].widget.get_value().length == 0) {