mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-20 12:58:46 +01:00
read attachment data from etemplate request, use tmpname only to identify it
This commit is contained in:
parent
36bc17a442
commit
2eb5b6f097
@ -1785,27 +1785,37 @@ class mail_compose
|
|||||||
|
|
||||||
function getAttachment()
|
function getAttachment()
|
||||||
{
|
{
|
||||||
if(isset($_GET['tmpname'])) $attachment['tmp_name'] = $_GET['tmpname'];
|
// read attachment data from etemplate request, use tmpname only to identify it
|
||||||
if(isset($_GET['name'])) $attachment['name'] = $_GET['name'];
|
if (($request = etemplate_request::read($_GET['etemplate_exec_id'])))
|
||||||
//if(isset($_GET['size'])) $attachment['size'] = $_GET['size'];
|
{
|
||||||
if(isset($_GET['type'])) $attachment['type'] = $_GET['type'];
|
foreach($request->preserv['attachments'] as $attachment)
|
||||||
|
{
|
||||||
|
if ($_GET['tmpname'] === $attachment['tmp_name']) break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (!$request || $_GET['tmpname'] !== $attachment['tmp_name'])
|
||||||
|
{
|
||||||
|
header('HTTP/1.1 404 Not found');
|
||||||
|
die('Attachment '.htmlspecialchars($_GET['tmpname']).' NOT found!');
|
||||||
|
}
|
||||||
|
|
||||||
//error_log(__METHOD__.__LINE__.array2string($_GET));
|
//error_log(__METHOD__.__LINE__.array2string($_GET));
|
||||||
if (isset($attachment['tmp_name']) && parse_url($attachment['tmp_name'],PHP_URL_SCHEME) == 'vfs')
|
if (parse_url($attachment['tmp_name'],PHP_URL_SCHEME) == 'vfs')
|
||||||
{
|
{
|
||||||
egw_vfs::load_wrapper('vfs');
|
egw_vfs::load_wrapper('vfs');
|
||||||
$attachment['attachment'] = file_get_contents($attachment['tmp_name']);
|
|
||||||
}
|
}
|
||||||
// attachment data in temp_dir, only use basename of given name, to not allow path traversal
|
// attachment data in temp_dir, only use basename of given name, to not allow path traversal
|
||||||
elseif(!file_exists($tmp_path = $GLOBALS['egw_info']['server']['temp_dir'].SEP.basename($attachment['tmp_name'])))
|
else
|
||||||
|
{
|
||||||
|
$attachment['tmp_name'] = $GLOBALS['egw_info']['server']['temp_dir'].SEP.basename($attachment['tmp_name']);
|
||||||
|
}
|
||||||
|
if(!file_exists($attachment['tmp_name']))
|
||||||
{
|
{
|
||||||
header('HTTP/1.1 404 Not found');
|
header('HTTP/1.1 404 Not found');
|
||||||
die('Attachment '.htmlspecialchars($attachment['tmp_name']).' NOT found!');
|
die('Attachment '.htmlspecialchars($attachment['tmp_name']).' NOT found!');
|
||||||
}
|
}
|
||||||
else
|
$attachment['attachment'] = file_get_contents($attachment['tmp_name']);
|
||||||
{
|
|
||||||
$attachment['attachment'] = file_get_contents($tmp_path);
|
|
||||||
}
|
|
||||||
//error_log(__METHOD__.__LINE__.' FileSize:'.filesize($attachment['tmp_name']));
|
//error_log(__METHOD__.__LINE__.' FileSize:'.filesize($attachment['tmp_name']));
|
||||||
if ($_GET['mode'] != "save")
|
if ($_GET['mode'] != "save")
|
||||||
{
|
{
|
||||||
|
@ -2348,10 +2348,14 @@ app.classes.mail = AppJS.extend(
|
|||||||
this.displayAttachment(tag_info, widget, true);
|
this.displayAttachment(tag_info, widget, true);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
var url = window.egw_webserverUrl+'/index.php?';
|
var get_param = {
|
||||||
|
menuaction: 'mail.mail_compose.getAttachment', // todo compose for Draft folder
|
||||||
|
tmpname: attgrid.tmp_name,
|
||||||
|
etemplate_exec_id: this.et2._inst.etemplate_exec_id
|
||||||
|
};
|
||||||
var width;
|
var width;
|
||||||
var height;
|
var height;
|
||||||
var windowName ='mail';
|
var windowName ='maildisplayAttachment_'+attgrid.file.replace(/\//g,"_");
|
||||||
switch(attgrid.type.toUpperCase())
|
switch(attgrid.type.toUpperCase())
|
||||||
{
|
{
|
||||||
case 'IMAGE/JPEG':
|
case 'IMAGE/JPEG':
|
||||||
@ -2362,29 +2366,10 @@ app.classes.mail = AppJS.extend(
|
|||||||
case 'TEXT/PLAIN':
|
case 'TEXT/PLAIN':
|
||||||
case 'TEXT/HTML':
|
case 'TEXT/HTML':
|
||||||
case 'TEXT/DIRECTORY':
|
case 'TEXT/DIRECTORY':
|
||||||
/*
|
|
||||||
$sfxMimeType = $value['mimeType'];
|
|
||||||
$buff = explode('.',$value['name']);
|
|
||||||
$suffix = '';
|
|
||||||
if (is_array($buff)) $suffix = array_pop($buff); // take the last extension to check with ext2mime
|
|
||||||
if (!empty($suffix)) $sfxMimeType = mime_magic::ext2mime($suffix);
|
|
||||||
if (strtoupper($sfxMimeType) == 'TEXT/VCARD' || strtoupper($sfxMimeType) == 'TEXT/X-VCARD')
|
|
||||||
{
|
|
||||||
$attachments[$key]['mimeType'] = $sfxMimeType;
|
|
||||||
$value['mimeType'] = strtoupper($sfxMimeType);
|
|
||||||
}
|
|
||||||
*/
|
|
||||||
case 'TEXT/X-VCARD':
|
case 'TEXT/X-VCARD':
|
||||||
case 'TEXT/VCARD':
|
case 'TEXT/VCARD':
|
||||||
case 'TEXT/CALENDAR':
|
case 'TEXT/CALENDAR':
|
||||||
case 'TEXT/X-VCALENDAR':
|
case 'TEXT/X-VCALENDAR':
|
||||||
url += 'menuaction=mail.mail_compose.getAttachment'; // todo compose for Draft folder
|
|
||||||
url += '&tmpname='+attgrid.tmp_name;
|
|
||||||
url += '&name='+attgrid.name;
|
|
||||||
//url += '&size='+attgrid.size;
|
|
||||||
url += '&type='+attgrid.type;
|
|
||||||
|
|
||||||
windowName = windowName+'displayAttachment_'+attgrid.file.replace(/\//g,"_");
|
|
||||||
var reg = '800x600';
|
var reg = '800x600';
|
||||||
var reg2;
|
var reg2;
|
||||||
// handle calendar/vcard
|
// handle calendar/vcard
|
||||||
@ -2411,30 +2396,13 @@ app.classes.mail = AppJS.extend(
|
|||||||
height = w_h[1];
|
height = w_h[1];
|
||||||
break;
|
break;
|
||||||
case 'MESSAGE/RFC822':
|
case 'MESSAGE/RFC822':
|
||||||
/*
|
|
||||||
url += 'menuaction=mail.mail_ui.displayMessage'; // todo compose for Draft folder
|
|
||||||
url += '&id='+mailid;
|
|
||||||
url += '&part='+attgrid.partID;
|
|
||||||
url += '&is_winmail='+attgrid.winmailFlag;
|
|
||||||
windowName = windowName+'displayMessage_'+mailid+'_'+attgrid.partID;
|
|
||||||
width = 870;
|
|
||||||
height = egw_getWindowOuterHeight();
|
|
||||||
break;
|
|
||||||
*/
|
|
||||||
default:
|
default:
|
||||||
url += 'menuaction=mail.mail_compose.getAttachment'; // todo compose for Draft folder
|
get_param.mode = 'save';
|
||||||
url += '&tmpname='+attgrid.tmp_name;
|
|
||||||
url += '&name='+attgrid.name;
|
|
||||||
//url += '&size='+attgrid.size;
|
|
||||||
url += '&type='+attgrid.type;
|
|
||||||
url += '&mode='+'save';
|
|
||||||
|
|
||||||
windowName = windowName+'displayAttachment_'+attgrid.file.replace(/\//g,"_");
|
|
||||||
width = 870;
|
width = 870;
|
||||||
height = 600;
|
height = 600;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
egw_openWindowCentered(url,windowName,width,height);
|
egw.openPopup(egw.link('/index.php', get_param), width, height, windowName);
|
||||||
},
|
},
|
||||||
|
|
||||||
saveAttachment: function(tag_info, widget)
|
saveAttachment: function(tag_info, widget)
|
||||||
|
Loading…
Reference in New Issue
Block a user