Matthias Andreas Benkard | b382b10 | 2021-01-02 15:32:21 +0100 | [diff] [blame] | 1 | <?php
|
| 2 | header("Content-Type: application/json");
|
| 3 | require_once $_SERVER['DOCUMENT_ROOT'] . '/inc/prerequisites.inc.php';
|
| 4 |
|
| 5 | function rrmdir($src) {
|
| 6 | $dir = opendir($src);
|
| 7 | while(false !== ( $file = readdir($dir)) ) {
|
| 8 | if (( $file != '.' ) && ( $file != '..' )) {
|
| 9 | $full = $src . '/' . $file;
|
| 10 | if ( is_dir($full) ) {
|
| 11 | rrmdir($full);
|
| 12 | }
|
| 13 | else {
|
| 14 | unlink($full);
|
| 15 | }
|
| 16 | }
|
| 17 | }
|
| 18 | closedir($dir);
|
| 19 | rmdir($src);
|
| 20 | }
|
| 21 |
|
| 22 | function addAddresses(&$list, $mail, $headerName) {
|
| 23 | $addresses = $mail->getAddresses($headerName);
|
| 24 | foreach ($addresses as $address) {
|
| 25 | if (filter_var($address['address'], FILTER_VALIDATE_EMAIL)) {
|
| 26 | $list[] = array('address' => $address['address'], 'type' => $headerName);
|
| 27 | }
|
| 28 | }
|
| 29 | }
|
| 30 |
|
| 31 | if (!empty($_GET['hash']) && ctype_alnum($_GET['hash'])) {
|
| 32 | $mailc = quarantine('hash_details', $_GET['hash']);
|
| 33 | if ($mailc === false) {
|
| 34 | echo json_encode(array('error' => 'Message invalid'));
|
| 35 | exit;
|
| 36 | }
|
| 37 | if (strlen($mailc['msg']) > 10485760) {
|
| 38 | echo json_encode(array('error' => 'Message size exceeds 10 MiB.'));
|
| 39 | exit;
|
| 40 | }
|
| 41 | if (!empty($mailc['msg'])) {
|
| 42 | // Init message array
|
| 43 | $data = array();
|
| 44 | // Init parser
|
| 45 | $mail_parser = new PhpMimeMailParser\Parser();
|
| 46 | $html2text = new Html2Text\Html2Text();
|
| 47 | // Load msg to parser
|
| 48 | $mail_parser->setText($mailc['msg']);
|
| 49 | // Get mail recipients
|
| 50 | {
|
| 51 | $recipientsList = array();
|
| 52 | addAddresses($recipientsList, $mail_parser, 'to');
|
| 53 | addAddresses($recipientsList, $mail_parser, 'cc');
|
| 54 | addAddresses($recipientsList, $mail_parser, 'bcc');
|
| 55 | $recipientsList[] = array('address' => $mailc['rcpt'], 'type' => 'smtp');
|
| 56 | $data['recipients'] = $recipientsList;
|
| 57 | }
|
| 58 | // Get from
|
| 59 | $data['header_from'] = $mail_parser->getHeader('from');
|
| 60 | $data['env_from'] = $mailc['sender'];
|
| 61 | // Get rspamd score
|
| 62 | $data['score'] = $mailc['score'];
|
| 63 | // Get rspamd action
|
| 64 | $data['action'] = $mailc['action'];
|
| 65 | // Get rspamd symbols
|
| 66 | $data['symbols'] = json_decode($mailc['symbols']);
|
| 67 | // Get fuzzy hashes
|
| 68 | $data['fuzzy_hashes'] = json_decode($mailc['fuzzy_hashes']);
|
| 69 | $data['subject'] = mb_convert_encoding($mail_parser->getHeader('subject'), "UTF-8", "auto");
|
| 70 | (empty($data['subject'])) ? $data['subject'] = '-' : null;
|
| 71 | echo json_encode($data);
|
| 72 | }
|
| 73 | }
|
| 74 | elseif (!empty($_GET['id']) && ctype_alnum($_GET['id'])) {
|
| 75 | if (!isset($_SESSION['mailcow_cc_role'])) {
|
| 76 | echo json_encode(array('error' => 'Access denied'));
|
| 77 | exit();
|
| 78 | }
|
| 79 | $tmpdir = '/tmp/' . $_GET['id'] . '/';
|
| 80 | $mailc = quarantine('details', $_GET['id']);
|
| 81 | if ($mailc === false) {
|
| 82 | echo json_encode(array('error' => 'Access denied'));
|
| 83 | exit;
|
| 84 | }
|
| 85 | if (strlen($mailc['msg']) > 10485760) {
|
| 86 | echo json_encode(array('error' => 'Message size exceeds 10 MiB.'));
|
| 87 | exit;
|
| 88 | }
|
| 89 | if (!empty($mailc['msg'])) {
|
| 90 | if (isset($_GET['quick_release'])) {
|
| 91 | $hash = hash('sha256', $mailc['id'] . $mailc['qid']);
|
| 92 | header('Location: /qhandler/release/' . $hash);
|
| 93 | exit;
|
| 94 | }
|
| 95 | if (isset($_GET['quick_delete'])) {
|
| 96 | $hash = hash('sha256', $mailc['id'] . $mailc['qid']);
|
| 97 | header('Location: /qhandler/delete/' . $hash);
|
| 98 | exit;
|
| 99 | }
|
| 100 | // Init message array
|
| 101 | $data = array();
|
| 102 | // Init parser
|
| 103 | $mail_parser = new PhpMimeMailParser\Parser();
|
| 104 | $html2text = new Html2Text\Html2Text();
|
| 105 | // Load msg to parser
|
| 106 | $mail_parser->setText($mailc['msg']);
|
| 107 |
|
| 108 | // Get mail recipients
|
| 109 | {
|
| 110 | $recipientsList = array();
|
| 111 | addAddresses($recipientsList, $mail_parser, 'to');
|
| 112 | addAddresses($recipientsList, $mail_parser, 'cc');
|
| 113 | addAddresses($recipientsList, $mail_parser, 'bcc');
|
| 114 | $recipientsList[] = array('address' => $mailc['rcpt'], 'type' => 'smtp');
|
| 115 | $data['recipients'] = $recipientsList;
|
| 116 | }
|
| 117 | // Get from
|
| 118 | $data['header_from'] = $mail_parser->getHeader('from');
|
| 119 | $data['env_from'] = $mailc['sender'];
|
| 120 | // Get rspamd score
|
| 121 | $data['score'] = $mailc['score'];
|
| 122 | // Get rspamd action
|
| 123 | $data['action'] = $mailc['action'];
|
| 124 | // Get rspamd symbols
|
| 125 | $data['symbols'] = json_decode($mailc['symbols']);
|
| 126 | // Get fuzzy hashes
|
| 127 | $data['fuzzy_hashes'] = json_decode($mailc['fuzzy_hashes']);
|
| 128 | // Get text/plain content
|
| 129 | $data['text_plain'] = $mail_parser->getMessageBody('text');
|
| 130 | // Get html content and convert to text
|
| 131 | $data['text_html'] = $html2text->convert($mail_parser->getMessageBody('html'));
|
| 132 | if (empty($data['text_plain']) && empty($data['text_html'])) {
|
| 133 | // Failed to parse content, try raw
|
| 134 | $text = trim(substr($mailc['msg'], strpos($mailc['msg'], "\r\n\r\n") + 1));
|
| 135 | // Only return html->text
|
| 136 | $data['text_plain'] = 'Parser failed, assuming HTML';
|
| 137 | $data['text_html'] = $html2text->convert($text);
|
| 138 | }
|
| 139 | (empty($data['text_plain'])) ? $data['text_plain'] = '-' : null;
|
| 140 | // Get subject
|
| 141 | $data['subject'] = $mail_parser->getHeader('subject');
|
| 142 | $data['subject'] = mb_convert_encoding($mail_parser->getHeader('subject'), "UTF-8", "auto");
|
| 143 | (empty($data['subject'])) ? $data['subject'] = '-' : null;
|
| 144 | // Get attachments
|
| 145 | if (is_dir($tmpdir)) {
|
| 146 | rrmdir($tmpdir);
|
| 147 | }
|
| 148 | mkdir('/tmp/' . $_GET['id']);
|
| 149 | $mail_parser->saveAttachments($tmpdir, true);
|
| 150 | $atts = $mail_parser->getAttachments(true);
|
| 151 | if (count($atts) > 0) {
|
| 152 | foreach ($atts as $key => $val) {
|
| 153 | $data['attachments'][$key] = array(
|
| 154 | // Index
|
| 155 | // 0 => file name
|
| 156 | // 1 => mime type
|
| 157 | // 2 => file size
|
| 158 | // 3 => vt link by sha256
|
| 159 | $val->getFilename(),
|
| 160 | $val->getContentType(),
|
| 161 | filesize($tmpdir . $val->getFilename()),
|
| 162 | 'https://www.virustotal.com/file/' . hash_file('SHA256', $tmpdir . $val->getFilename()) . '/analysis/'
|
| 163 | );
|
| 164 | }
|
| 165 | }
|
| 166 | if (isset($_GET['eml'])) {
|
| 167 | $dl_filename = filter_var($data['subject'], FILTER_SANITIZE_STRING);
|
| 168 | $dl_filename = strlen($dl_filename) > 30 ? substr($dl_filename,0,30) : $dl_filename;
|
| 169 | header('Pragma: public');
|
| 170 | header('Expires: 0');
|
| 171 | header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
|
| 172 | header('Cache-Control: private', false);
|
| 173 | header('Content-Type: message/rfc822');
|
| 174 | header('Content-Disposition: attachment; filename="'. $dl_filename . '.eml";');
|
| 175 | header('Content-Transfer-Encoding: binary');
|
| 176 | header('Content-Length: ' . strlen($mailc['msg']));
|
| 177 | echo $mailc['msg'];
|
| 178 | exit;
|
| 179 | }
|
| 180 | if (isset($_GET['att'])) {
|
| 181 | if ($_SESSION['acl']['quarantine_attachments'] == 0) {
|
| 182 | exit(json_encode('Forbidden'));
|
| 183 | }
|
| 184 | $dl_id = intval($_GET['att']);
|
| 185 | $dl_filename = filter_var($data['attachments'][$dl_id][0], FILTER_SANITIZE_STRING);
|
| 186 | $dl_filename_short = strlen($dl_filename) > 20 ? substr($dl_filename, 0, 20) : $dl_filename;
|
| 187 | $dl_filename_extension = pathinfo($tmpdir . $dl_filename)['extension'];
|
| 188 | $dl_filename_short = preg_replace('/\.' . $dl_filename_extension . '$/', '', $dl_filename_short);
|
| 189 | if (!is_dir($tmpdir . $dl_filename) && file_exists($tmpdir . $dl_filename)) {
|
| 190 | header('Pragma: public');
|
| 191 | header('Expires: 0');
|
| 192 | header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
|
| 193 | header('Cache-Control: private', false);
|
| 194 | header('Content-Type: ' . $data['attachments'][$dl_id][1]);
|
| 195 | header('Content-Disposition: attachment; filename="'. $dl_filename_short . '.' . $dl_filename_extension . '";');
|
| 196 | header('Content-Transfer-Encoding: binary');
|
| 197 | header('Content-Length: ' . $data['attachments'][$dl_id][2]);
|
| 198 | readfile($tmpdir . $dl_filename);
|
| 199 | exit;
|
| 200 | }
|
| 201 | }
|
| 202 | echo json_encode($data);
|
| 203 | }
|
| 204 |
|
| 205 | }
|
| 206 | ?>
|