move output handling to page for "download"
This commit is contained in:
Synox
parent
598117c021
commit
a029be91c0
|
|
@ -10,7 +10,7 @@ class ImapClient {
|
|||
}
|
||||
|
||||
/**
|
||||
* print all mails for the given $user.
|
||||
* returns all mails for the given $user.
|
||||
* @param $user User
|
||||
* @return array
|
||||
*/
|
||||
|
|
@ -34,7 +34,7 @@ class ImapClient {
|
|||
* @return true if success
|
||||
*/
|
||||
public function delete_email(string $mailid, User $user): bool {
|
||||
if ($this->_load_one_email($mailid, $user) !== null) {
|
||||
if ($this->load_one_email($mailid, $user) !== null) {
|
||||
$this->mailbox->deleteMail($mailid);
|
||||
$this->mailbox->expungeDeletedMails();
|
||||
return true;
|
||||
|
|
@ -43,34 +43,10 @@ class ImapClient {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* download email by id and username. The $address must match the recipient in the email.
|
||||
*
|
||||
* @param $mailid integer imap email id
|
||||
* @param $user User
|
||||
* @internal param the $username matching username
|
||||
*/
|
||||
|
||||
public function download_email(int $mailid, User $user): bool {
|
||||
if ($this->_load_one_email($mailid, $user) !== null) {
|
||||
header("Content-Type: message/rfc822; charset=utf-8");
|
||||
header("Content-Disposition: attachment; filename=\"" . $user->address . "-" . $mailid . ".eml\"");
|
||||
|
||||
$headers = imap_fetchheader($this->mailbox->getImapStream(), $mailid, FT_UID);
|
||||
$body = imap_body($this->mailbox->getImapStream(), $mailid, FT_UID);
|
||||
print $headers . "\n" . $body;
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Load exactly one email, the $address in TO or CC has to match.
|
||||
*/
|
||||
private function _load_one_email(int $mailid, User $user): \PhpImap\IncomingMail {
|
||||
public function load_one_email(int $mailid, User $user): \PhpImap\IncomingMail {
|
||||
// in order to avoid https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References
|
||||
// the recipient in the email has to match the $address.
|
||||
$emails = $this->_load_emails(array($mailid), $user);
|
||||
|
|
|
|||
|
|
@ -76,7 +76,14 @@ class DownloadEmailPage extends Page {
|
|||
$this->if_invalid_redirect_to_random($user, $this->config_domains);
|
||||
|
||||
$download_email_id = filter_var($this->email_id, FILTER_SANITIZE_NUMBER_INT);
|
||||
if (!$imapClient->download_email($download_email_id, $user)) {
|
||||
if ($imapClient->load_one_email($download_email_id, $user) !== null) {
|
||||
header("Content-Type: message/rfc822; charset=utf-8");
|
||||
header("Content-Disposition: attachment; filename=\"" . $user->address . "-" . $download_email_id . ".eml\"");
|
||||
|
||||
$headers = imap_fetchheader($this->mailbox->getImapStream(), $download_email_id, FT_UID);
|
||||
$body = imap_body($this->mailbox->getImapStream(), $download_email_id, FT_UID);
|
||||
print $headers . "\n" . $body;
|
||||
} else {
|
||||
$this->error(404, 'download error: invalid username/mailid combination');
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user