borekon/disposable-mailbox
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

_load_one_email

Browse Source
This commit is contained in:
Synox 2018-02-23 22:16:19 +01:00
parent 228e816831
commit bad2f7d95b
2 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/imap_client.php
View File

@ -1,6 +1,7 @@
<?php
// TODO: return Either<Success,Failure>
// TODO: define return types
class ImapClient {
/*PhpImap\Mailbox */
@ -34,7 +35,7 @@ class ImapClient {
* @internal param the $username matching username
*/
function delete_email(string $mailid, User $user) {
if (_load_one_email($mailid, $user) !== null) {
if ($this->_load_one_email($mailid, $user) !== null) {
$this->mailbox->deleteMail($mailid);
$this->mailbox->expungeDeletedMails();
} else {
@ -52,7 +53,7 @@ class ImapClient {
*/
function download_email(string $mailid, User $user) {
if (_load_one_email($mailid, $user) !== null) {
if ($this->_load_one_email($mailid, $user) !== null) {
header("Content-Type: message/rfc822; charset=utf-8");
header("Content-Disposition: attachment; filename=\"" . $user->address . "-" . $mailid . ".eml\"");
@ -63,4 +64,18 @@ class ImapClient {
error(404, 'download error: invalid username/mailid combination');
}
}
/**
* Load exactly one email, the $address in TO or CC has to match.
* @param $mailid integer
* @param $user User
* @return email or null
*/
function _load_one_email(string $mailid, User $user) {
// in order to avoid https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References
// the recipient in the email has to match the $address.
$emails = _load_emails(array($mailid), $user);
return count($emails) === 1 ? $emails[0] : null;
}
}

12
src/index.php
View File

@ -42,18 +42,6 @@ function error($status, $text) {
/**
* Load exactly one email, the $address in TO or CC has to match.
* @param $mailid integer
* @param $user User
* @return email or null
*/
function _load_one_email($mailid, $user) {
// in order to avoid https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References
// the recipient in the email has to match the $address.
$emails = _load_emails(array($mailid), $user);
return count($emails) === 1 ? $emails[0] : null;
}
/**
* Load emails using the $mail_ids, the mails have to match the $address in TO or CC.