Commit b6504f4e authored by sikeda's avatar sikeda
Browse files

[bug] WWSympa: Cannot view attachements in bounce messages and moderated...

[bug] WWSympa: Cannot view attachements in bounce messages and moderated messages.  Fixed by correcting inappropriate relative URL paths.


git-svn-id: https://subversion.renater.fr/sympa/branches/sympa-6.2-branch@12685 05aa8bb8-cd2b-0410-b1d7-8918dfa770ce
parent ae1fe5ea
......@@ -9412,7 +9412,11 @@ sub do_viewmod {
wwslog('info', '(%s, %s)', $in{'id'}, $in{'file'});
 
# Prevent directory traversal.
delete $in{'file'} if $in{'file'} and $in{'file'} =~ m{/};
if ($in{'file'}) {
my $subpath = $in{'file'};
$subpath =~ s{\Amsg00000/}{};
delete $in{'file'} if $subpath =~ m{/};
}
 
my $msg;
my $tmp_dir;
......@@ -9440,7 +9444,10 @@ sub do_viewmod {
return undef;
}
 
if ($in{'file'} and $in{'file'} ne 'msg00000.html') {
if ( $in{'file'}
and $in{'file'} ne 'msg00000.html'
and -f $html_dir . '/' . $in{'file'}
and -r $html_dir . '/' . $in{'file'}) {
$in{'file'} =~ /\.(\w+)$/;
$param->{'file_extension'} = $1;
$param->{'file'} = $html_dir . '/' . $in{'file'};
......@@ -9455,9 +9462,6 @@ sub do_viewmod {
push @other_include_path, $html_dir;
}
 
$param->{'base'} = sprintf "%s/viewmod/%s/%s/",
Conf::get_robot_conf($robot, 'wwsympa_url'), $param->{'list'},
$in{'id'};
$param->{'id'} = $in{'id'};
 
if ($list->is_there_msg_topic()) {
......@@ -11601,7 +11605,11 @@ sub do_viewbounce {
$in{'email'}, $in{'file'}, $in{'envid'});
 
# Prevent directory traversal.
delete $in{'file'} if $in{'file'} and $in{'file'} =~ m{/};
if ($in{'file'}) {
my $subpath = $in{'file'};
$subpath =~ s{\Amsg00000/}{};
delete $in{'file'} if $subpath =~ m{/};
}
 
my $escaped_email = Sympa::Tools::Text::escape_chars($in{'email'});
 
......@@ -11621,10 +11629,13 @@ sub do_viewbounce {
 
my $html_relpath =
$in{'envid'}
? sprintf('%s/%s_%08s',
$list->get_list_id(), $escaped_email, $in{'envid'})
: sprintf('%s/%s', $list->get_list_id(), $escaped_email);
my $html_dir = $Conf::Conf{'viewmail_dir'} . '/bounce/' . $html_relpath;
? sprintf('%s_%08s', $escaped_email, $in{'envid'})
: $escaped_email;
my $html_dir =
$Conf::Conf{'viewmail_dir'}
. '/bounce/'
. $list->get_id . '/'
. $html_relpath;
 
unless (-d $html_dir) {
my $bounce_message =
......@@ -11633,7 +11644,8 @@ sub do_viewbounce {
Sympa::Archive::html_format(
$bounce_message,
'destination_dir' => $html_dir,
'attachment_url' => '../viewbounce/' . $html_relpath
'attachment_url' =>
sprintf('viewbounce/%s/%s', $list->{'name'}, $html_relpath),
) if $bounce_message;
}
 
......@@ -11646,7 +11658,10 @@ sub do_viewbounce {
return undef;
}
 
if ($in{'file'} and $in{'file'} ne 'msg00000.html') {
if ( $in{'file'}
and $in{'file'} ne 'msg00000.html'
and -f $html_dir . '/' . $in{'file'}
and -r $html_dir . '/' . $in{'file'}) {
$in{'file'} =~ /\.(\w+)$/;
$param->{'file_extension'} = $1;
$param->{'file'} = $html_dir . '/' . $in{'file'};
......
......@@ -931,9 +931,10 @@ sub html_format {
),
'-outdir' => $destination_dir,
'-attachmentdir' => $destination_dir,
'-attachmenturl' => $attachment_url,
'-umask' => $Conf::Conf{'umask'},
'-stdout' => "$destination_dir/msg00000.html",
'-attachmenturl' =>
sprintf('(%s%% path_cgi %%%s)/%s', $tag, $tag, $attachment_url),
'-umask' => $Conf::Conf{'umask'},
'-stdout' => "$destination_dir/msg00000.html",
'--',
$msg_file
) >> 8;
......
......@@ -108,7 +108,7 @@ sub html_store {
$message,
destination_dir =>
join('/', $self->{html_base_directory}, $list_id, $modkey),
attachment_url => join('/', '..', 'viewmod', $listname, $modkey)
attachment_url => sprintf('viewmod/%s/%s', $listname, $modkey),
);
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment