forked from extern/egroupware
do not use full path of attachments in compose popup
This commit is contained in:
parent
9a2cfa0782
commit
a020858d5a
@ -1745,25 +1745,34 @@ class mail_compose
|
|||||||
|
|
||||||
function getAttachment()
|
function getAttachment()
|
||||||
{
|
{
|
||||||
if(isset($_GET['filename'])) $attachment['filename'] = $_GET['filename'];
|
|
||||||
if(isset($_GET['tmpname'])) $attachment['tmp_name'] = $_GET['tmpname'];
|
if(isset($_GET['tmpname'])) $attachment['tmp_name'] = $_GET['tmpname'];
|
||||||
if(isset($_GET['name'])) $attachment['name'] = $_GET['name'];
|
if(isset($_GET['name'])) $attachment['name'] = $_GET['name'];
|
||||||
//if(isset($_GET['size'])) $attachment['size'] = $_GET['size'];
|
//if(isset($_GET['size'])) $attachment['size'] = $_GET['size'];
|
||||||
if(isset($_GET['type'])) $attachment['type'] = $_GET['type'];
|
if(isset($_GET['type'])) $attachment['type'] = $_GET['type'];
|
||||||
|
|
||||||
//error_log(__METHOD__.__LINE__.array2string($_GET));
|
//error_log(__METHOD__.__LINE__.array2string($_GET));
|
||||||
if (isset($attachment['filename']) && parse_url($attachment['filename'],PHP_URL_SCHEME) == 'vfs')
|
if (isset($attachment['tmp_name']) && parse_url($attachment['tmp_name'],PHP_URL_SCHEME) == 'vfs')
|
||||||
{
|
{
|
||||||
egw_vfs::load_wrapper('vfs');
|
egw_vfs::load_wrapper('vfs');
|
||||||
|
$attachment['attachment'] = file_get_contents($attachment['tmp_name']);
|
||||||
|
}
|
||||||
|
// attachment data in temp_dir, only use basename of given name, to not allow path traversal
|
||||||
|
elseif(!file_exists($tmp_path = $GLOBALS['egw_info']['server']['temp_dir'].SEP.basename($attachment['tmp_name'])))
|
||||||
|
{
|
||||||
|
header('HTTP/1.1 404 Not found');
|
||||||
|
die('Attachment '.htmlspecialchars($attachment['tmp_name']).' NOT found!');
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$attachment['attachment'] = file_get_contents($tmp_path);
|
||||||
}
|
}
|
||||||
$attachment['attachment'] = file_get_contents($attachment['tmp_name']);
|
|
||||||
//error_log(__METHOD__.__LINE__.' FileSize:'.filesize($attachment['tmp_name']));
|
//error_log(__METHOD__.__LINE__.' FileSize:'.filesize($attachment['tmp_name']));
|
||||||
if ($_GET['mode'] != "save")
|
if ($_GET['mode'] != "save")
|
||||||
{
|
{
|
||||||
if (strtoupper($attachment['type']) == 'TEXT/DIRECTORY')
|
if (strtoupper($attachment['type']) == 'TEXT/DIRECTORY')
|
||||||
{
|
{
|
||||||
$sfxMimeType = $attachment['type'];
|
$sfxMimeType = $attachment['type'];
|
||||||
$buff = explode('.',$attachment['filename']);
|
$buff = explode('.',$attachment['tmp_name']);
|
||||||
$suffix = '';
|
$suffix = '';
|
||||||
if (is_array($buff)) $suffix = array_pop($buff); // take the last extension to check with ext2mime
|
if (is_array($buff)) $suffix = array_pop($buff); // take the last extension to check with ext2mime
|
||||||
if (!empty($suffix)) $sfxMimeType = mime_magic::ext2mime($suffix);
|
if (!empty($suffix)) $sfxMimeType = mime_magic::ext2mime($suffix);
|
||||||
@ -1821,12 +1830,10 @@ class mail_compose
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
//error_log(__METHOD__.__LINE__.'->'.array2string($attachment));
|
//error_log(__METHOD__.__LINE__.'->'.array2string($attachment));
|
||||||
$filename = ($attachment['name']?$attachment['name']:($attachment['filename']?$attachment['filename']:$mailbox.'_uid'.$uid.'_part'.$part));
|
html::content_header($attachment['name'], $attachment['type'], 0, True, $_GET['mode'] == "save");
|
||||||
html::content_header($filename,$attachment['type'],0,True,($_GET['mode'] == "save"));
|
|
||||||
echo $attachment['attachment'];
|
echo $attachment['attachment'];
|
||||||
|
|
||||||
$GLOBALS['egw']->common->egw_exit();
|
common::egw_exit();
|
||||||
exit;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -2284,22 +2291,29 @@ class mail_compose
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
}
|
}
|
||||||
} else {
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
if (isset($attachment['file']) && parse_url($attachment['file'],PHP_URL_SCHEME) == 'vfs')
|
if (isset($attachment['file']) && parse_url($attachment['file'],PHP_URL_SCHEME) == 'vfs')
|
||||||
{
|
{
|
||||||
egw_vfs::load_wrapper('vfs');
|
egw_vfs::load_wrapper('vfs');
|
||||||
|
$tmp_path = $attachment['file'];
|
||||||
|
}
|
||||||
|
else // non-vfs file has to be in temp_dir
|
||||||
|
{
|
||||||
|
$tmp_path = $GLOBALS['egw_info']['server']['temp_dir'].SEP.basename($attachment['file']);
|
||||||
}
|
}
|
||||||
if (isset($attachment['type']) && stripos($attachment['type'],"text/calendar; method=")!==false )
|
if (isset($attachment['type']) && stripos($attachment['type'],"text/calendar; method=")!==false )
|
||||||
{
|
{
|
||||||
$_mailObject->AltExtended = file_get_contents($attachment['file']);
|
$_mailObject->AltExtended = file_get_contents($tmp_path);
|
||||||
$_mailObject->AltExtendedContentType = $attachment['type'];
|
$_mailObject->AltExtendedContentType = $attachment['type'];
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
$_mailObject->AddAttachment (
|
$_mailObject->AddAttachment (
|
||||||
$attachment['file'],
|
$tmp_path,
|
||||||
$_mailObject->EncodeHeader($attachment['name']),
|
$_mailObject->EncodeHeader($attachment['name']),
|
||||||
(strtoupper($attachment['type'])=='MESSAGE/RFC822'?'7bit':'base64'),
|
strtoupper($attachment['type'])=='MESSAGE/RFC822' ? '7bit' : 'base64',
|
||||||
$attachment['type']
|
$attachment['type']
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
@ -2346,7 +2346,6 @@ app.classes.mail = AppJS.extend(
|
|||||||
case 'TEXT/CALENDAR':
|
case 'TEXT/CALENDAR':
|
||||||
case 'TEXT/X-VCALENDAR':
|
case 'TEXT/X-VCALENDAR':
|
||||||
url += 'menuaction=mail.mail_compose.getAttachment'; // todo compose for Draft folder
|
url += 'menuaction=mail.mail_compose.getAttachment'; // todo compose for Draft folder
|
||||||
url += '&filename='+attgrid.file;
|
|
||||||
url += '&tmpname='+attgrid.tmp_name;
|
url += '&tmpname='+attgrid.tmp_name;
|
||||||
url += '&name='+attgrid.name;
|
url += '&name='+attgrid.name;
|
||||||
//url += '&size='+attgrid.size;
|
//url += '&size='+attgrid.size;
|
||||||
@ -2391,7 +2390,6 @@ app.classes.mail = AppJS.extend(
|
|||||||
*/
|
*/
|
||||||
default:
|
default:
|
||||||
url += 'menuaction=mail.mail_compose.getAttachment'; // todo compose for Draft folder
|
url += 'menuaction=mail.mail_compose.getAttachment'; // todo compose for Draft folder
|
||||||
url += '&filename='+attgrid.file;
|
|
||||||
url += '&tmpname='+attgrid.tmp_name;
|
url += '&tmpname='+attgrid.tmp_name;
|
||||||
url += '&name='+attgrid.name;
|
url += '&name='+attgrid.name;
|
||||||
//url += '&size='+attgrid.size;
|
//url += '&size='+attgrid.size;
|
||||||
|
Loading…
Reference in New Issue
Block a user