diff --git a/snappymail/v/0.0.0/app/libraries/RainLoop/Actions.php b/snappymail/v/0.0.0/app/libraries/RainLoop/Actions.php index e64e787cf..461fef627 100644 --- a/snappymail/v/0.0.0/app/libraries/RainLoop/Actions.php +++ b/snappymail/v/0.0.0/app/libraries/RainLoop/Actions.php @@ -832,19 +832,6 @@ class Actions return $this->DefaultResponse(APP_VERSION === (string)$this->GetActionParam('version', '')); } - public function MainClearFileName(string $sFileName, string $sContentType, string $sMimeIndex, int $iMaxLength = 250): string - { - $sFileName = !\strlen($sFileName) ? \preg_replace('/[^a-zA-Z0-9]/', '.', (empty($sMimeIndex) ? '' : $sMimeIndex . '.') . $sContentType) : $sFileName; - $sClearedFileName = \MailSo\Base\Utils::StripSpaces(\preg_replace('/[\.]+/', '.', $sFileName)); - $sExt = \MailSo\Base\Utils::GetFileExtension($sClearedFileName); - - if (10 < $iMaxLength && $iMaxLength < \strlen($sClearedFileName) - \strlen($sExt)) { - $sClearedFileName = \substr($sClearedFileName, 0, $iMaxLength) . (empty($sExt) ? '' : '.' . $sExt); - } - - return \MailSo\Base\Utils::SecureFileName(\MailSo\Base\Utils::Utf8Clear($sClearedFileName)); - } - public function Upload(?array $aFile, int $iError): array { $oAccount = $this->getAccountFromToken(); diff --git a/snappymail/v/0.0.0/app/libraries/RainLoop/Actions/Messages.php b/snappymail/v/0.0.0/app/libraries/RainLoop/Actions/Messages.php index a258cc97e..5beda56f7 100644 --- a/snappymail/v/0.0.0/app/libraries/RainLoop/Actions/Messages.php +++ b/snappymail/v/0.0.0/app/libraries/RainLoop/Actions/Messages.php @@ -695,7 +695,6 @@ trait Messages ?: \SnappyMail\File\MimeType::fromFilename($sFileName) ?: 'application/octet-stream'; // 'text/plain' -// $sFileName = $self->MainClearFileName($sFileName, $sContentType, $sMimeIndex); $sTempName .= \SnappyMail\File\MimeType::toExtension($sContentType); if ($self->FilesProvider()->PutFile($oAccount, $sTempName, $rResource)) { @@ -714,7 +713,7 @@ trait Messages ?: \SnappyMail\File\MimeType::fromFilename($sTempName) ?: 'application/octet-stream'; // 'text/plain' $aAttachments[$mIndex] = [ -// 'name' => $sFileName, +// 'name' => '', 'tempName' => $sTempName, 'mimeType' => $sContentType // 'size' => $oFilesProvider->FileSize($oAccount, $sTempName) diff --git a/snappymail/v/0.0.0/app/libraries/RainLoop/Actions/Raw.php b/snappymail/v/0.0.0/app/libraries/RainLoop/Actions/Raw.php index 05590dc6b..18d45ea0b 100644 --- a/snappymail/v/0.0.0/app/libraries/RainLoop/Actions/Raw.php +++ b/snappymail/v/0.0.0/app/libraries/RainLoop/Actions/Raw.php @@ -76,6 +76,19 @@ trait Raw return false; } + private function clearFileName(string $sFileName, string $sContentType, string $sMimeIndex, int $iMaxLength = 250): string + { + $sFileName = !\strlen($sFileName) ? \preg_replace('/[^a-zA-Z0-9]/', '.', (empty($sMimeIndex) ? '' : $sMimeIndex . '.') . $sContentType) : $sFileName; + $sClearedFileName = \MailSo\Base\Utils::StripSpaces(\preg_replace('/[\.]+/', '.', $sFileName)); + $sExt = \MailSo\Base\Utils::GetFileExtension($sClearedFileName); + + if (10 < $iMaxLength && $iMaxLength < \strlen($sClearedFileName) - \strlen($sExt)) { + $sClearedFileName = \substr($sClearedFileName, 0, $iMaxLength) . (empty($sExt) ? '' : '.' . $sExt); + } + + return \MailSo\Base\Utils::SecureFileName(\MailSo\Base\Utils::Utf8Clear($sClearedFileName)); + } + /** * Message, Message Attachment or Zip */ @@ -99,6 +112,8 @@ trait Raw $sRangeStart = $aMatch[1]; $sRangeEnd = $aMatch[2]; $bIsRangeRequest = true; + } else { + $this->verifyCacheByKey($sRawKey); } $sMimeIndex = isset($aValues['mimeIndex']) ? (string) $aValues['mimeIndex'] : ''; @@ -106,8 +121,10 @@ trait Raw $sFileNameIn = isset($aValues['fileName']) ? (string) $aValues['fileName'] : ''; if (!empty($aValues['fileHash'])) { - $this->verifyCacheByKey($sRawKey); - + $rResource = $this->FilesProvider()->GetFile($oAccount, (string) $aValues['fileHash']); + if (!\is_resource($rResource)) { + return false; + } // https://github.com/the-djmaze/snappymail/issues/144 if ('.pdf' === \substr($sFileNameIn,-4)) { $sContentTypeOut = 'application/pdf'; // application/octet-stream @@ -116,23 +133,14 @@ trait Raw ?: \SnappyMail\File\MimeType::fromFilename($sFileNameIn) ?: 'application/octet-stream'; } - - $sFileNameOut = $this->MainClearFileName($sFileNameIn, $sContentTypeIn, $sMimeIndex); - - $rResource = $this->FilesProvider()->GetFile($oAccount, (string) $aValues['fileHash']); - if (\is_resource($rResource)) { - \header('Content-Type: '.$sContentTypeOut); - \header('Content-Disposition: attachment; '. - \trim(\MailSo\Base\Utils::EncodeHeaderUtf8AttributeValue('filename', $sFileNameOut))); - - \header('Accept-Ranges: none'); - \header('Content-Transfer-Encoding: binary'); - - \MailSo\Base\Utils::FpassthruWithTimeLimitReset($rResource); - return true; - } - - return false; + $sFileNameOut = $this->clearFileName($sFileNameIn, $sContentTypeIn, $sMimeIndex); + \header('Content-Type: '.$sContentTypeOut); + \header('Content-Disposition: attachment; '. + \trim(\MailSo\Base\Utils::EncodeHeaderUtf8AttributeValue('filename', $sFileNameOut))); + \header('Accept-Ranges: none'); + \header('Content-Transfer-Encoding: binary'); + \MailSo\Base\Utils::FpassthruWithTimeLimitReset($rResource); + return true; } $sFolder = isset($aValues['folder']) ? (string) $aValues['folder'] : ''; @@ -141,8 +149,6 @@ trait Raw return false; } - $this->verifyCacheByKey($sRawKey); - $this->initMailClientConnection(); $self = $this; @@ -166,7 +172,7 @@ trait Raw if ($sFileNameIn) { $sFileName = $sFileNameIn; } - $sFileName = $self->MainClearFileName($sFileName, $sContentType, $sMimeIndex); + $sFileName = $self->clearFileName($sFileName, $sContentType, $sMimeIndex); if ('.pdf' === \substr($sFileName, -4)) { // https://github.com/the-djmaze/snappymail/issues/144 @@ -257,7 +263,8 @@ trait Raw \MailSo\Base\Utils::FpassthruWithTimeLimitReset($rResource); } } - }, $sFolder, $iUid, $sMimeIndex); + }, $sFolder, $iUid, $sMimeIndex + ); } private static function loadImage($resource, bool $bDetectImageOrientation = false, int $iThumbnailBoxSize = 0) : \SnappyMail\Image