Gitiles
Code Review Sign In
gerrit.benkard.de / kubeia / 1ba5381a59770700b02f1f1023d2b2dca73c5e8d / . / mailcow / src / mailcow-dockerized / data / web / inc / ajax / qitem_details.php
blob: 1611c82277b43658039de84a51b89bcb2673f72d [file] [log] [blame]
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]1<?php
2header("Content-Type: application/json");
3require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
4
5function rrmdir($src) {
6 $dir = opendir($src);
7 while(false !== ( $file = readdir($dir)) ) {
8 if (( $file != '.' ) && ( $file != '..' )) {
9 $full = $src . '/' . $file;
10 if ( is_dir($full) ) {
11 rrmdir($full);
12 }
13 else {
14 unlink($full);
15 }
16 }
17 }
18 closedir($dir);
19 rmdir($src);
20}
21
22function addAddresses(&$list, $mail, $headerName) {
23 $addresses = $mail->getAddresses($headerName);
24 foreach ($addresses as $address) {
25 if (filter_var($address['address'], FILTER_VALIDATE_EMAIL)) {
26 $list[] = array('address' => $address['address'], 'type' => $headerName);
27 }
28 }
29}
30
31if (!empty($_GET['hash']) && ctype_alnum($_GET['hash'])) {
32 $mailc = quarantine('hash_details', $_GET['hash']);
33 if ($mailc === false) {
34 echo json_encode(array('error' => 'Message invalid'));
35 exit;
36 }
37 if (strlen($mailc['msg']) > 10485760) {
38 echo json_encode(array('error' => 'Message size exceeds 10 MiB.'));
39 exit;
40 }
41 if (!empty($mailc['msg'])) {
42 // Init message array
43 $data = array();
44 // Init parser
45 $mail_parser = new PhpMimeMailParser\Parser();
46 $html2text = new Html2Text\Html2Text();
47 // Load msg to parser
48 $mail_parser->setText($mailc['msg']);
49 // Get mail recipients
50 {
51 $recipientsList = array();
52 addAddresses($recipientsList, $mail_parser, 'to');
53 addAddresses($recipientsList, $mail_parser, 'cc');
54 addAddresses($recipientsList, $mail_parser, 'bcc');
55 $recipientsList[] = array('address' => $mailc['rcpt'], 'type' => 'smtp');
56 $data['recipients'] = $recipientsList;
57 }
58 // Get from
59 $data['header_from'] = $mail_parser->getHeader('from');
60 $data['env_from'] = $mailc['sender'];
61 // Get rspamd score
62 $data['score'] = $mailc['score'];
63 // Get rspamd action
64 $data['action'] = $mailc['action'];
65 // Get rspamd symbols
66 $data['symbols'] = json_decode($mailc['symbols']);
67 // Get fuzzy hashes
68 $data['fuzzy_hashes'] = json_decode($mailc['fuzzy_hashes']);
69 $data['subject'] = mb_convert_encoding($mail_parser->getHeader('subject'), "UTF-8", "auto");
70 (empty($data['subject'])) ? $data['subject'] = '-' : null;
71 echo json_encode($data);
72 }
73}
74elseif (!empty($_GET['id']) && ctype_alnum($_GET['id'])) {
75 if (!isset($_SESSION['mailcow_cc_role'])) {
76 echo json_encode(array('error' => 'Access denied'));
77 exit();
78 }
79 $tmpdir = '/tmp/' . $_GET['id'] . '/';
80 $mailc = quarantine('details', $_GET['id']);
81 if ($mailc === false) {
82 echo json_encode(array('error' => 'Access denied'));
83 exit;
84 }
85 if (strlen($mailc['msg']) > 10485760) {
86 echo json_encode(array('error' => 'Message size exceeds 10 MiB.'));
87 exit;
88 }
89 if (!empty($mailc['msg'])) {
90 if (isset($_GET['quick_release'])) {
91 $hash = hash('sha256', $mailc['id'] . $mailc['qid']);
92 header('Location: /qhandler/release/' . $hash);
93 exit;
94 }
95 if (isset($_GET['quick_delete'])) {
96 $hash = hash('sha256', $mailc['id'] . $mailc['qid']);
97 header('Location: /qhandler/delete/' . $hash);
98 exit;
99 }
100 // Init message array
101 $data = array();
102 // Init parser
103 $mail_parser = new PhpMimeMailParser\Parser();
104 $html2text = new Html2Text\Html2Text();
105 // Load msg to parser
106 $mail_parser->setText($mailc['msg']);
107
108 // Get mail recipients
109 {
110 $recipientsList = array();
111 addAddresses($recipientsList, $mail_parser, 'to');
112 addAddresses($recipientsList, $mail_parser, 'cc');
113 addAddresses($recipientsList, $mail_parser, 'bcc');
114 $recipientsList[] = array('address' => $mailc['rcpt'], 'type' => 'smtp');
115 $data['recipients'] = $recipientsList;
116 }
117 // Get from
118 $data['header_from'] = $mail_parser->getHeader('from');
119 $data['env_from'] = $mailc['sender'];
120 // Get rspamd score
121 $data['score'] = $mailc['score'];
122 // Get rspamd action
123 $data['action'] = $mailc['action'];
124 // Get rspamd symbols
125 $data['symbols'] = json_decode($mailc['symbols']);
126 // Get fuzzy hashes
127 $data['fuzzy_hashes'] = json_decode($mailc['fuzzy_hashes']);
128 // Get text/plain content
129 $data['text_plain'] = $mail_parser->getMessageBody('text');
Matthias Andreas Benkard1ba53812022-12-27 17:32:58 +0100[diff] [blame^]130 if (!json_encode($data['text_plain'])) $data['text_plain'] = '';
Matthias Andreas Benkardb382b102021-01-02 15:32:21 +0100[diff] [blame]131 // Get html content and convert to text
132 $data['text_html'] = $html2text->convert($mail_parser->getMessageBody('html'));
133 if (empty($data['text_plain']) && empty($data['text_html'])) {
134 // Failed to parse content, try raw
135 $text = trim(substr($mailc['msg'], strpos($mailc['msg'], "\r\n\r\n") + 1));
136 // Only return html->text
137 $data['text_plain'] = 'Parser failed, assuming HTML';
138 $data['text_html'] = $html2text->convert($text);
139 }
140 (empty($data['text_plain'])) ? $data['text_plain'] = '-' : null;
141 // Get subject
142 $data['subject'] = $mail_parser->getHeader('subject');
143 $data['subject'] = mb_convert_encoding($mail_parser->getHeader('subject'), "UTF-8", "auto");
144 (empty($data['subject'])) ? $data['subject'] = '-' : null;
145 // Get attachments
146 if (is_dir($tmpdir)) {
147 rrmdir($tmpdir);
148 }
149 mkdir('/tmp/' . $_GET['id']);
150 $mail_parser->saveAttachments($tmpdir, true);
151 $atts = $mail_parser->getAttachments(true);
152 if (count($atts) > 0) {
153 foreach ($atts as $key => $val) {
154 $data['attachments'][$key] = array(
155 // Index
156 // 0 => file name
157 // 1 => mime type
158 // 2 => file size
159 // 3 => vt link by sha256
160 $val->getFilename(),
161 $val->getContentType(),
162 filesize($tmpdir . $val->getFilename()),
163 'https://www.virustotal.com/file/' . hash_file('SHA256', $tmpdir . $val->getFilename()) . '/analysis/'
164 );
165 }
166 }
167 if (isset($_GET['eml'])) {
168 $dl_filename = filter_var($data['subject'], FILTER_SANITIZE_STRING);
169 $dl_filename = strlen($dl_filename) > 30 ? substr($dl_filename,0,30) : $dl_filename;
170 header('Pragma: public');
171 header('Expires: 0');
172 header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
173 header('Cache-Control: private', false);
174 header('Content-Type: message/rfc822');
175 header('Content-Disposition: attachment; filename="'. $dl_filename . '.eml";');
176 header('Content-Transfer-Encoding: binary');
177 header('Content-Length: ' . strlen($mailc['msg']));
178 echo $mailc['msg'];
179 exit;
180 }
181 if (isset($_GET['att'])) {
182 if ($_SESSION['acl']['quarantine_attachments'] == 0) {
183 exit(json_encode('Forbidden'));
184 }
185 $dl_id = intval($_GET['att']);
186 $dl_filename = filter_var($data['attachments'][$dl_id][0], FILTER_SANITIZE_STRING);
187 $dl_filename_short = strlen($dl_filename) > 20 ? substr($dl_filename, 0, 20) : $dl_filename;
188 $dl_filename_extension = pathinfo($tmpdir . $dl_filename)['extension'];
189 $dl_filename_short = preg_replace('/\.' . $dl_filename_extension . '$/', '', $dl_filename_short);
190 if (!is_dir($tmpdir . $dl_filename) && file_exists($tmpdir . $dl_filename)) {
191 header('Pragma: public');
192 header('Expires: 0');
193 header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
194 header('Cache-Control: private', false);
195 header('Content-Type: ' . $data['attachments'][$dl_id][1]);
196 header('Content-Disposition: attachment; filename="'. $dl_filename_short . '.' . $dl_filename_extension . '";');
197 header('Content-Transfer-Encoding: binary');
198 header('Content-Length: ' . $data['attachments'][$dl_id][2]);
199 readfile($tmpdir . $dl_filename);
200 exit;
201 }
202 }
203 echo json_encode($data);
204 }
205
206}
207?>