borekon/disposable-mailbox
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

move output handling to page for "download"

Browse Source
This commit is contained in:
Synox 2018-02-23 23:05:52 +01:00
parent 598117c021
commit a029be91c0
2 changed files with 11 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/imap_client.php
View File

@ -10,7 +10,7 @@ class ImapClient {
} }
/** /**
* print all mails for the given $user. * returns all mails for the given $user.
* @param $user User * @param $user User
* @return array * @return array
*/ */
@ -34,7 +34,7 @@ class ImapClient {
* @return true if success * @return true if success
*/ */
public function delete_email(string $mailid, User $user): bool { public function delete_email(string $mailid, User $user): bool {
if ($this->_load_one_email($mailid, $user) !== null) { if ($this->load_one_email($mailid, $user) !== null) {
$this->mailbox->deleteMail($mailid); $this->mailbox->deleteMail($mailid);
$this->mailbox->expungeDeletedMails(); $this->mailbox->expungeDeletedMails();
return true; return true;
@ -43,34 +43,10 @@ class ImapClient {
} }
} }
/**
* download email by id and username. The $address must match the recipient in the email.
*
* @param $mailid integer imap email id
* @param $user User
* @internal param the $username matching username
*/
public function download_email(int $mailid, User $user): bool {
if ($this->_load_one_email($mailid, $user) !== null) {
header("Content-Type: message/rfc822; charset=utf-8");
header("Content-Disposition: attachment; filename=\"" . $user->address . "-" . $mailid . ".eml\"");
$headers = imap_fetchheader($this->mailbox->getImapStream(), $mailid, FT_UID);
$body = imap_body($this->mailbox->getImapStream(), $mailid, FT_UID);
print $headers . "\n" . $body;
return true;
} else {
return false;
}
}
/** /**
* Load exactly one email, the $address in TO or CC has to match. * Load exactly one email, the $address in TO or CC has to match.
*/ */
private function _load_one_email(int $mailid, User $user): \PhpImap\IncomingMail { public function load_one_email(int $mailid, User $user): \PhpImap\IncomingMail {
// in order to avoid https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References // in order to avoid https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References
// the recipient in the email has to match the $address. // the recipient in the email has to match the $address.
$emails = $this->_load_emails(array($mailid), $user); $emails = $this->_load_emails(array($mailid), $user);

9
src/pages.php
View File

@ -76,7 +76,14 @@ class DownloadEmailPage extends Page {
$this->if_invalid_redirect_to_random($user, $this->config_domains); $this->if_invalid_redirect_to_random($user, $this->config_domains);
$download_email_id = filter_var($this->email_id, FILTER_SANITIZE_NUMBER_INT); $download_email_id = filter_var($this->email_id, FILTER_SANITIZE_NUMBER_INT);
if (!$imapClient->download_email($download_email_id, $user)) { if ($imapClient->load_one_email($download_email_id, $user) !== null) {
header("Content-Type: message/rfc822; charset=utf-8");
header("Content-Disposition: attachment; filename=\"" . $user->address . "-" . $download_email_id . ".eml\"");
$headers = imap_fetchheader($this->mailbox->getImapStream(), $download_email_id, FT_UID);
$body = imap_body($this->mailbox->getImapStream(), $download_email_id, FT_UID);
print $headers . "\n" . $body;
} else {
$this->error(404, 'download error: invalid username/mailid combination'); $this->error(404, 'download error: invalid username/mailid combination');
} }
} }