git subrepo clone https://github.com/mailcow/mailcow-dockerized.git mailcow/src/mailcow-dockerized
subrepo: subdir: "mailcow/src/mailcow-dockerized"
merged: "a832becb"
upstream: origin: "https://github.com/mailcow/mailcow-dockerized.git"
branch: "master"
commit: "a832becb"
git-subrepo: version: "0.4.3"
origin: "???"
commit: "???"
Change-Id: If5be2d621a211e164c9b6577adaa7884449f16b5
diff --git a/mailcow/src/mailcow-dockerized/data/web/inc/ajax/qitem_details.php b/mailcow/src/mailcow-dockerized/data/web/inc/ajax/qitem_details.php
new file mode 100644
index 0000000..35e599c
--- /dev/null
+++ b/mailcow/src/mailcow-dockerized/data/web/inc/ajax/qitem_details.php
@@ -0,0 +1,206 @@
+<?php
+header("Content-Type: application/json");
+require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
+
+function rrmdir($src) {
+ $dir = opendir($src);
+ while(false !== ( $file = readdir($dir)) ) {
+ if (( $file != '.' ) && ( $file != '..' )) {
+ $full = $src . '/' . $file;
+ if ( is_dir($full) ) {
+ rrmdir($full);
+ }
+ else {
+ unlink($full);
+ }
+ }
+ }
+ closedir($dir);
+ rmdir($src);
+}
+
+function addAddresses(&$list, $mail, $headerName) {
+ $addresses = $mail->getAddresses($headerName);
+ foreach ($addresses as $address) {
+ if (filter_var($address['address'], FILTER_VALIDATE_EMAIL)) {
+ $list[] = array('address' => $address['address'], 'type' => $headerName);
+ }
+ }
+}
+
+if (!empty($_GET['hash']) && ctype_alnum($_GET['hash'])) {
+ $mailc = quarantine('hash_details', $_GET['hash']);
+ if ($mailc === false) {
+ echo json_encode(array('error' => 'Message invalid'));
+ exit;
+ }
+ if (strlen($mailc['msg']) > 10485760) {
+ echo json_encode(array('error' => 'Message size exceeds 10 MiB.'));
+ exit;
+ }
+ if (!empty($mailc['msg'])) {
+ // Init message array
+ $data = array();
+ // Init parser
+ $mail_parser = new PhpMimeMailParser\Parser();
+ $html2text = new Html2Text\Html2Text();
+ // Load msg to parser
+ $mail_parser->setText($mailc['msg']);
+ // Get mail recipients
+ {
+ $recipientsList = array();
+ addAddresses($recipientsList, $mail_parser, 'to');
+ addAddresses($recipientsList, $mail_parser, 'cc');
+ addAddresses($recipientsList, $mail_parser, 'bcc');
+ $recipientsList[] = array('address' => $mailc['rcpt'], 'type' => 'smtp');
+ $data['recipients'] = $recipientsList;
+ }
+ // Get from
+ $data['header_from'] = $mail_parser->getHeader('from');
+ $data['env_from'] = $mailc['sender'];
+ // Get rspamd score
+ $data['score'] = $mailc['score'];
+ // Get rspamd action
+ $data['action'] = $mailc['action'];
+ // Get rspamd symbols
+ $data['symbols'] = json_decode($mailc['symbols']);
+ // Get fuzzy hashes
+ $data['fuzzy_hashes'] = json_decode($mailc['fuzzy_hashes']);
+ $data['subject'] = mb_convert_encoding($mail_parser->getHeader('subject'), "UTF-8", "auto");
+ (empty($data['subject'])) ? $data['subject'] = '-' : null;
+ echo json_encode($data);
+ }
+}
+elseif (!empty($_GET['id']) && ctype_alnum($_GET['id'])) {
+ if (!isset($_SESSION['mailcow_cc_role'])) {
+ echo json_encode(array('error' => 'Access denied'));
+ exit();
+ }
+ $tmpdir = '/tmp/' . $_GET['id'] . '/';
+ $mailc = quarantine('details', $_GET['id']);
+ if ($mailc === false) {
+ echo json_encode(array('error' => 'Access denied'));
+ exit;
+ }
+ if (strlen($mailc['msg']) > 10485760) {
+ echo json_encode(array('error' => 'Message size exceeds 10 MiB.'));
+ exit;
+ }
+ if (!empty($mailc['msg'])) {
+ if (isset($_GET['quick_release'])) {
+ $hash = hash('sha256', $mailc['id'] . $mailc['qid']);
+ header('Location: /qhandler/release/' . $hash);
+ exit;
+ }
+ if (isset($_GET['quick_delete'])) {
+ $hash = hash('sha256', $mailc['id'] . $mailc['qid']);
+ header('Location: /qhandler/delete/' . $hash);
+ exit;
+ }
+ // Init message array
+ $data = array();
+ // Init parser
+ $mail_parser = new PhpMimeMailParser\Parser();
+ $html2text = new Html2Text\Html2Text();
+ // Load msg to parser
+ $mail_parser->setText($mailc['msg']);
+
+ // Get mail recipients
+ {
+ $recipientsList = array();
+ addAddresses($recipientsList, $mail_parser, 'to');
+ addAddresses($recipientsList, $mail_parser, 'cc');
+ addAddresses($recipientsList, $mail_parser, 'bcc');
+ $recipientsList[] = array('address' => $mailc['rcpt'], 'type' => 'smtp');
+ $data['recipients'] = $recipientsList;
+ }
+ // Get from
+ $data['header_from'] = $mail_parser->getHeader('from');
+ $data['env_from'] = $mailc['sender'];
+ // Get rspamd score
+ $data['score'] = $mailc['score'];
+ // Get rspamd action
+ $data['action'] = $mailc['action'];
+ // Get rspamd symbols
+ $data['symbols'] = json_decode($mailc['symbols']);
+ // Get fuzzy hashes
+ $data['fuzzy_hashes'] = json_decode($mailc['fuzzy_hashes']);
+ // Get text/plain content
+ $data['text_plain'] = $mail_parser->getMessageBody('text');
+ // Get html content and convert to text
+ $data['text_html'] = $html2text->convert($mail_parser->getMessageBody('html'));
+ if (empty($data['text_plain']) && empty($data['text_html'])) {
+ // Failed to parse content, try raw
+ $text = trim(substr($mailc['msg'], strpos($mailc['msg'], "\r\n\r\n") + 1));
+ // Only return html->text
+ $data['text_plain'] = 'Parser failed, assuming HTML';
+ $data['text_html'] = $html2text->convert($text);
+ }
+ (empty($data['text_plain'])) ? $data['text_plain'] = '-' : null;
+ // Get subject
+ $data['subject'] = $mail_parser->getHeader('subject');
+ $data['subject'] = mb_convert_encoding($mail_parser->getHeader('subject'), "UTF-8", "auto");
+ (empty($data['subject'])) ? $data['subject'] = '-' : null;
+ // Get attachments
+ if (is_dir($tmpdir)) {
+ rrmdir($tmpdir);
+ }
+ mkdir('/tmp/' . $_GET['id']);
+ $mail_parser->saveAttachments($tmpdir, true);
+ $atts = $mail_parser->getAttachments(true);
+ if (count($atts) > 0) {
+ foreach ($atts as $key => $val) {
+ $data['attachments'][$key] = array(
+ // Index
+ // 0 => file name
+ // 1 => mime type
+ // 2 => file size
+ // 3 => vt link by sha256
+ $val->getFilename(),
+ $val->getContentType(),
+ filesize($tmpdir . $val->getFilename()),
+ 'https://www.virustotal.com/file/' . hash_file('SHA256', $tmpdir . $val->getFilename()) . '/analysis/'
+ );
+ }
+ }
+ if (isset($_GET['eml'])) {
+ $dl_filename = filter_var($data['subject'], FILTER_SANITIZE_STRING);
+ $dl_filename = strlen($dl_filename) > 30 ? substr($dl_filename,0,30) : $dl_filename;
+ header('Pragma: public');
+ header('Expires: 0');
+ header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
+ header('Cache-Control: private', false);
+ header('Content-Type: message/rfc822');
+ header('Content-Disposition: attachment; filename="'. $dl_filename . '.eml";');
+ header('Content-Transfer-Encoding: binary');
+ header('Content-Length: ' . strlen($mailc['msg']));
+ echo $mailc['msg'];
+ exit;
+ }
+ if (isset($_GET['att'])) {
+ if ($_SESSION['acl']['quarantine_attachments'] == 0) {
+ exit(json_encode('Forbidden'));
+ }
+ $dl_id = intval($_GET['att']);
+ $dl_filename = filter_var($data['attachments'][$dl_id][0], FILTER_SANITIZE_STRING);
+ $dl_filename_short = strlen($dl_filename) > 20 ? substr($dl_filename, 0, 20) : $dl_filename;
+ $dl_filename_extension = pathinfo($tmpdir . $dl_filename)['extension'];
+ $dl_filename_short = preg_replace('/\.' . $dl_filename_extension . '$/', '', $dl_filename_short);
+ if (!is_dir($tmpdir . $dl_filename) && file_exists($tmpdir . $dl_filename)) {
+ header('Pragma: public');
+ header('Expires: 0');
+ header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
+ header('Cache-Control: private', false);
+ header('Content-Type: ' . $data['attachments'][$dl_id][1]);
+ header('Content-Disposition: attachment; filename="'. $dl_filename_short . '.' . $dl_filename_extension . '";');
+ header('Content-Transfer-Encoding: binary');
+ header('Content-Length: ' . $data['attachments'][$dl_id][2]);
+ readfile($tmpdir . $dl_filename);
+ exit;
+ }
+ }
+ echo json_encode($data);
+ }
+
+}
+?>