diff options
author | Aleksander Machniak <alec@alec.pl> | 2022-04-10 11:11:56 +0300 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2022-04-10 11:11:56 +0300 |
commit | a2aa107f1aa03c05725857122e2f71fb71b8bcb4 (patch) | |
tree | abbc4cfff303ae86bb88aebd46b2e877e08e6583 | |
parent | 78211afcf9459de24c4e86ca2273f96c74ba2534 (diff) |
Don't list images attached to multipart/related part as attachments (#7184)
-rw-r--r-- | CHANGELOG.md | 1 | ||||
-rw-r--r-- | program/actions/mail/index.php | 7 | ||||
-rw-r--r-- | program/actions/mail/show.php | 79 |
3 files changed, 78 insertions, 9 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index c37458644..bbfa89c2e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ - Update to jQuery-UI 1.13.1 (#8455) - Use navigator.pdfViewerEnabled for PDF viewer detection - Remove use of unreliable charset detection (#8344) +- Don't list images attached to multipart/related part as attachments (#7184) - Password: Add support for ssha256 algorithm (#8459) - Fix slow loading of long HTML content into the HTML editor (#8108) - Fix bug where SMTP password didn't work if it contained '%p' (#8435) diff --git a/program/actions/mail/index.php b/program/actions/mail/index.php index c297bbba4..7447d5d05 100644 --- a/program/actions/mail/index.php +++ b/program/actions/mail/index.php @@ -1113,6 +1113,13 @@ class rcmail_action_mail_index extends rcmail_action return $out; } + /** + * Detect if a message attachment is an image (that can be displayed in the browser). + * + * @param rcube_message_part $part Message part - attachment + * + * @return string|null Image MIME type + */ public static function part_image_type($part) { $mimetype = strtolower($part->mimetype); diff --git a/program/actions/mail/show.php b/program/actions/mail/show.php index b47f91e49..beedd78fd 100644 --- a/program/actions/mail/show.php +++ b/program/actions/mail/show.php @@ -176,6 +176,13 @@ class rcmail_action_mail_show extends rcmail_action_mail_index exit; } + /** + * Handler for the template object 'messageattachments'. + * + * @param array $attrib Named parameters + * + * @return string HTML content showing the message attachments list + */ public static function message_attachments($attrib) { if (empty(self::$MESSAGE->attachments)) { @@ -198,6 +205,11 @@ class rcmail_action_mail_show extends rcmail_action_mail_index $mimetype = $type; } + // Skip inline images + if (strpos($mimetype, 'image/') === 0 && !self::is_attachment(self::$MESSAGE, $attach_prop)) { + continue; + } + if (!empty($attrib['maxlength']) && mb_strlen($filename) > $attrib['maxlength']) { $title = $filename; $filename = abbreviate_string($filename, $attrib['maxlength']); @@ -329,6 +341,14 @@ class rcmail_action_mail_show extends rcmail_action_mail_index return html::div($attrib, $msg); } + /** + * Handler for the template object 'messageobjects' that contains + * warning/info boxes, buttons, etc. related to the displayed message. + * + * @param array $attrib Named parameters + * + * @return string HTML content showing the message objects + */ public static function message_objects($attrib) { if (empty($attrib['id'])) { @@ -350,6 +370,13 @@ class rcmail_action_mail_show extends rcmail_action_mail_index return html::div($attrib, $content); } + /** + * Handler for the template object 'contactphoto'. + * + * @param array $attrib Named parameters + * + * @return string HTML content for the IMG tag + */ public static function message_contactphoto($attrib) { $rcmail = rcmail::get_instance(); @@ -755,13 +782,13 @@ class rcmail_action_mail_show extends rcmail_action_mail_index $download_label = rcube::Q($rcmail->gettext('download')); foreach (self::$MESSAGE->attachments as $attach_prop) { - // skip inline images - if (!empty($attach_prop->content_id) && $attach_prop->disposition == 'inline') { - continue; - } - // Content-Type: image/*... if ($mimetype = self::part_image_type($attach_prop)) { + // Skip inline images + if (!self::is_attachment(self::$MESSAGE, $attach_prop)) { + continue; + } + // display thumbnails if ($thumbnail_size) { $supported = in_array($mimetype, self::$CLIENT_MIMETYPES); @@ -824,8 +851,13 @@ class rcmail_action_mail_show extends rcmail_action_mail_index /** * Returns a HTML notice element for too big message parts + * + * @param rcube_message $message Email message object + * @param string $part_id Message part identifier + * + * @return string HTML content */ - public static function part_too_big_message($MESSAGE, $part_id) + public static function part_too_big_message($message, $part_id) { $rcmail = rcmail::get_instance(); $token = $rcmail->get_request_token(); @@ -833,17 +865,20 @@ class rcmail_action_mail_show extends rcmail_action_mail_index 'task' => 'mail', 'action' => 'get', 'download' => 1, - 'uid' => $MESSAGE->uid, + 'uid' => $message->uid, 'part' => $part_id, - 'mbox' => $MESSAGE->folder, + 'mbox' => $message->folder, 'token' => $token, ]); - return html::span('part-notice', $rcmail->gettext('messagetoobig') . ' ' . html::a($url, $rcmail->gettext('download'))); + return html::span('part-notice', $rcmail->gettext('messagetoobig') + . ' ' . html::a($url, $rcmail->gettext('download'))); } /** * Handle disposition notification requests + * + * @param rcube_message $message Email message object */ public static function mdn_request_handler($message) { @@ -899,4 +934,30 @@ class rcmail_action_mail_show extends rcmail_action_mail_index } } } + + /** + * Check whether the message part is a normal attachment + * + * @param rcube_message $message Message object + * @param rcube_message_part $part Message part + * + * @return bool + */ + protected static function is_attachment($message, $part) + { + // Inline attachment with Content-Id specified + if (!empty($part->content_id) && $part->disposition == 'inline') { + return false; + } + + // Any image attached to multipart/related message (#7184) + $parent_id = preg_replace('/\.[0-9]+$/', '', $part->mime_id); + $parent = $message->mime_parts[$parent_id] ?? null; + + if ($parent && $parent->mimetype == 'multipart/related') { + return false; + } + + return true; + } } |