read attachment data from etemplate request, use tmpname only to identify it

This commit is contained in:
Ralf Becker 2015-02-14 20:10:26 +00:00
parent 36bc17a442
commit 2eb5b6f097
2 changed files with 29 additions and 51 deletions

View File

@ -1785,27 +1785,37 @@ class mail_compose
function getAttachment() function getAttachment()
{ {
if(isset($_GET['tmpname'])) $attachment['tmp_name'] = $_GET['tmpname']; // read attachment data from etemplate request, use tmpname only to identify it
if(isset($_GET['name'])) $attachment['name'] = $_GET['name']; if (($request = etemplate_request::read($_GET['etemplate_exec_id'])))
//if(isset($_GET['size'])) $attachment['size'] = $_GET['size']; {
if(isset($_GET['type'])) $attachment['type'] = $_GET['type']; foreach($request->preserv['attachments'] as $attachment)
{
if ($_GET['tmpname'] === $attachment['tmp_name']) break;
}
}
if (!$request || $_GET['tmpname'] !== $attachment['tmp_name'])
{
header('HTTP/1.1 404 Not found');
die('Attachment '.htmlspecialchars($_GET['tmpname']).' NOT found!');
}
//error_log(__METHOD__.__LINE__.array2string($_GET)); //error_log(__METHOD__.__LINE__.array2string($_GET));
if (isset($attachment['tmp_name']) && parse_url($attachment['tmp_name'],PHP_URL_SCHEME) == 'vfs') if (parse_url($attachment['tmp_name'],PHP_URL_SCHEME) == 'vfs')
{ {
egw_vfs::load_wrapper('vfs'); egw_vfs::load_wrapper('vfs');
$attachment['attachment'] = file_get_contents($attachment['tmp_name']);
} }
// attachment data in temp_dir, only use basename of given name, to not allow path traversal // attachment data in temp_dir, only use basename of given name, to not allow path traversal
elseif(!file_exists($tmp_path = $GLOBALS['egw_info']['server']['temp_dir'].SEP.basename($attachment['tmp_name']))) else
{
$attachment['tmp_name'] = $GLOBALS['egw_info']['server']['temp_dir'].SEP.basename($attachment['tmp_name']);
}
if(!file_exists($attachment['tmp_name']))
{ {
header('HTTP/1.1 404 Not found'); header('HTTP/1.1 404 Not found');
die('Attachment '.htmlspecialchars($attachment['tmp_name']).' NOT found!'); die('Attachment '.htmlspecialchars($attachment['tmp_name']).' NOT found!');
} }
else $attachment['attachment'] = file_get_contents($attachment['tmp_name']);
{
$attachment['attachment'] = file_get_contents($tmp_path);
}
//error_log(__METHOD__.__LINE__.' FileSize:'.filesize($attachment['tmp_name'])); //error_log(__METHOD__.__LINE__.' FileSize:'.filesize($attachment['tmp_name']));
if ($_GET['mode'] != "save") if ($_GET['mode'] != "save")
{ {

View File

@ -2348,10 +2348,14 @@ app.classes.mail = AppJS.extend(
this.displayAttachment(tag_info, widget, true); this.displayAttachment(tag_info, widget, true);
return; return;
} }
var url = window.egw_webserverUrl+'/index.php?'; var get_param = {
menuaction: 'mail.mail_compose.getAttachment', // todo compose for Draft folder
tmpname: attgrid.tmp_name,
etemplate_exec_id: this.et2._inst.etemplate_exec_id
};
var width; var width;
var height; var height;
var windowName ='mail'; var windowName ='maildisplayAttachment_'+attgrid.file.replace(/\//g,"_");
switch(attgrid.type.toUpperCase()) switch(attgrid.type.toUpperCase())
{ {
case 'IMAGE/JPEG': case 'IMAGE/JPEG':
@ -2362,29 +2366,10 @@ app.classes.mail = AppJS.extend(
case 'TEXT/PLAIN': case 'TEXT/PLAIN':
case 'TEXT/HTML': case 'TEXT/HTML':
case 'TEXT/DIRECTORY': case 'TEXT/DIRECTORY':
/*
$sfxMimeType = $value['mimeType'];
$buff = explode('.',$value['name']);
$suffix = '';
if (is_array($buff)) $suffix = array_pop($buff); // take the last extension to check with ext2mime
if (!empty($suffix)) $sfxMimeType = mime_magic::ext2mime($suffix);
if (strtoupper($sfxMimeType) == 'TEXT/VCARD' || strtoupper($sfxMimeType) == 'TEXT/X-VCARD')
{
$attachments[$key]['mimeType'] = $sfxMimeType;
$value['mimeType'] = strtoupper($sfxMimeType);
}
*/
case 'TEXT/X-VCARD': case 'TEXT/X-VCARD':
case 'TEXT/VCARD': case 'TEXT/VCARD':
case 'TEXT/CALENDAR': case 'TEXT/CALENDAR':
case 'TEXT/X-VCALENDAR': case 'TEXT/X-VCALENDAR':
url += 'menuaction=mail.mail_compose.getAttachment'; // todo compose for Draft folder
url += '&tmpname='+attgrid.tmp_name;
url += '&name='+attgrid.name;
//url += '&size='+attgrid.size;
url += '&type='+attgrid.type;
windowName = windowName+'displayAttachment_'+attgrid.file.replace(/\//g,"_");
var reg = '800x600'; var reg = '800x600';
var reg2; var reg2;
// handle calendar/vcard // handle calendar/vcard
@ -2411,30 +2396,13 @@ app.classes.mail = AppJS.extend(
height = w_h[1]; height = w_h[1];
break; break;
case 'MESSAGE/RFC822': case 'MESSAGE/RFC822':
/*
url += 'menuaction=mail.mail_ui.displayMessage'; // todo compose for Draft folder
url += '&id='+mailid;
url += '&part='+attgrid.partID;
url += '&is_winmail='+attgrid.winmailFlag;
windowName = windowName+'displayMessage_'+mailid+'_'+attgrid.partID;
width = 870;
height = egw_getWindowOuterHeight();
break;
*/
default: default:
url += 'menuaction=mail.mail_compose.getAttachment'; // todo compose for Draft folder get_param.mode = 'save';
url += '&tmpname='+attgrid.tmp_name;
url += '&name='+attgrid.name;
//url += '&size='+attgrid.size;
url += '&type='+attgrid.type;
url += '&mode='+'save';
windowName = windowName+'displayAttachment_'+attgrid.file.replace(/\//g,"_");
width = 870; width = 870;
height = 600; height = 600;
break; break;
} }
egw_openWindowCentered(url,windowName,width,height); egw.openPopup(egw.link('/index.php', get_param), width, height, windowName);
}, },
saveAttachment: function(tag_info, widget) saveAttachment: function(tag_info, widget)