From 230ee7302f88ad4ad8a2e7f1ed58701d483f478d Mon Sep 17 00:00:00 2001 From: Janos SUTO Date: Sun, 28 May 2023 18:53:28 +0200 Subject: [PATCH] Sanitize emails after retrieving the from archive by adding proper CRLF line termination Signed-off-by: Janos SUTO --- webui/model/search/message.php | 8 ++++++++ webui/system/helper/mime.php | 10 ---------- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/webui/model/search/message.php b/webui/model/search/message.php index 395fbfd9..bd575e9e 100644 --- a/webui/model/search/message.php +++ b/webui/model/search/message.php @@ -40,6 +40,12 @@ class ModelSearchMessage extends Model { } + private function normalize_message($data = '') { + $a = preg_split("/\r?\n/", $data); + return implode("\r\n", $a); + } + + public function get_raw_message($id = '') { $s = ''; @@ -65,6 +71,8 @@ class ModelSearchMessage extends Model { $this->verification = $this->verify_message($id, $s); } + $s = $this->normalize_message($s); + if(Registry::get('auditor_user') == 0 && HEADER_LINE_TO_HIDE) { $s = preg_replace("/" . HEADER_LINE_TO_HIDE . ".{1,}(\n(\ |\t){1,}.{1,}){0,}" . "\n/i", "", $s); } diff --git a/webui/system/helper/mime.php b/webui/system/helper/mime.php index 9e5d5857..d50727de 100644 --- a/webui/system/helper/mime.php +++ b/webui/system/helper/mime.php @@ -144,22 +144,12 @@ class Piler_Mime_Decode { public static function removeJournal(&$message, $EOL = "\n") { $has_journal = 0; - $crlfs = substr_count($message, "\r\n"); - self::splitMessageRaw($message, $headers, $journal, $body); if($journal) { $has_journal = 1; } - // If the message has >10 CRLF sequences, then we assume - // that we need to restore the removed LF characters - if($crlfs > 10) { - $headers = str_replace("\n", "\r\n", $headers); - $body = str_replace("\n", "\r\n", $body); - $EOL = "\r\n"; - } - $message = $headers . $EOL . $EOL . $body; return $has_journal;