def image_fixups(content, msgid, archive, richformat, allowimgs): "Replace the CID links stored messages" html = local_fromstring(content) for element, attribute, link, _ in iterlinks(html): if not link.startswith('cid:'): if not allowimgs and attribute == 'src': element.attrib['src'] = '%simgs/blocked.gif' % media_url() element.attrib['title'] = link if richformat: if archive: displayurl = url('message-preview-archived-with-imgs', msgid=msgid) else: displayurl = url('message-preview-with-imgs', msgid=msgid) flash(ugettext('This message contains external' ' images, which have been blocked. ') + literal(link_to(ugettext('Display images'), displayurl))) else: imgname = link.replace('cid:', '') if archive: imgurl = url('messages-preview-archived-img', img=imgname.replace('/', '__xoxo__'), msgid=msgid) else: imgurl = url('messages-preview-img', img=imgname.replace('/', '__xoxo__'), msgid=msgid) element.attrib['src'] = imgurl return tostring(html)
def image_fixups(content, msgid, archive, richformat, allowimgs): "Replace the CID links stored messages" html = local_fromstring(content) for element, attribute, link, _ in iterlinks(html): if not link.startswith('cid:'): if not allowimgs and attribute == 'src': element.attrib['src'] = '%simgs/blocked.gif' % media_url() element.attrib['title'] = link if richformat: if archive: displayurl = url('message-preview-archived-with-imgs', msgid=msgid) else: displayurl = url('message-preview-with-imgs', msgid=msgid) flash( ugettext('This message contains external' ' images, which have been blocked. ') + literal(link_to(ugettext('Display images'), displayurl))) else: imgname = link.replace('cid:', '') if archive: imgurl = url('messages-preview-archived-img', img=imgname.replace('/', '__xoxo__'), msgid=msgid) else: imgurl = url('messages-preview-img', img=imgname.replace('/', '__xoxo__'), msgid=msgid) element.attrib['src'] = imgurl return tostring(html)
def img_fixups(content, queueid, allowimgs, richformat): "Replace the CID links in Queued messages" html = local_fromstring(content) for element, attribute, link, _ in iterlinks(html): if not link.startswith('cid:'): if not allowimgs and attribute == 'src': element.attrib['src'] = '%simgs/blocked.gif' % media_url() element.attrib['title'] = link if richformat: flash(ugettext('This message contains external ' 'images, which have been blocked. ') + literal(link_to(ugettext('Display images'), url('queue-preview-with-imgs', queueid=queueid)))) else: imgname = link.replace('cid:', '') element.attrib['src'] = url('queue-preview-img', imgid=imgname.replace('/', '__xoxo__'), queueid=queueid) return tostring(html)
def img_fixups(content, queueid, allowimgs, richformat): "Replace the CID links in Queued messages" html = local_fromstring(content) for element, attribute, link, _ in iterlinks(html): if not link.startswith('cid:'): if not allowimgs and attribute == 'src': element.attrib['src'] = '%simgs/blocked.gif' % media_url() element.attrib['title'] = link if richformat: flash( ugettext('This message contains external ' 'images, which have been blocked. ') + literal( link_to( ugettext('Display images'), url('queue-preview-with-imgs', queueid=queueid)))) else: imgname = link.replace('cid:', '') element.attrib['src'] = url('queue-preview-img', imgid=imgname.replace('/', '__xoxo__'), queueid=queueid) return tostring(html)
def preview(self, id, archive=None, attachment=None, img=None, allowimgs=None): """Preview a message stored in the quarantine :param id: the database message id :param archive: optional. message archived status :param attachment: optional. request is for an attachmeny :param img: optional request is for an image :param allowimgs: optional allow display of remote images """ if archive: message = self._get_archive(id) else: message = self._get_message(id) if not message: abort(404) try: localtmz = config.get('baruwa.timezone', 'Africa/Johannesburg') args = [message.messageid, convert_date(message.timestamp, localtmz).strftime('%Y%m%d'), attachment, img, allowimgs] task = preview_msg.apply_async(args=args, queue=message.hostname.strip()) task.wait(30) if task.result: if img: if message.isdangerous and c.user.is_peleb: abort(404) response.content_type = task.result['content_type'] if task.result and 'img' in task.result: info = MSGDOWNLOAD_MSG % dict(m=message.id, a=task.result['name']) audit_log(c.user.username, 1, unicode(info), request.host, request.remote_addr, now()) return base64.decodestring(task.result['img']) abort(404) if attachment: if message.isdangerous and c.user.is_peleb: raise ValueError info = MSGDOWNLOAD_MSG % dict(m=message.id, a=task.result['name']) audit_log(c.user.username, 1, unicode(info), request.host, request.remote_addr, now()) response.content_type = task.result['mimetype'] content_disposition = 'attachment; filename="%s"' % \ task.result['name'].encode('ascii', 'replace') response.headers['Content-Disposition'] = str(content_disposition) response.headers['Content-Length'] = len(task.result['attachment']) response.headers['Pragma'] = 'public' response.headers['Cache-Control'] = 'max-age=0' return base64.decodestring(task.result['attachment']) for part in task.result['parts']: if part['type'] == 'html': html = fromstring(part['content']) for element, attribute, link, pos in iterlinks(html): if not link.startswith('cid:'): if not allowimgs and attribute == 'src': element.attrib['src'] = '%simgs/blocked.gif' % media_url() element.attrib['title'] = link flash(_('This message contains external images, which have been blocked. ') + literal(link_to(_('Display images'), url('message-preview-archived-with-imgs', id=id) \ if archive else url('message-preview-with-imgs', id=id), class_='uline'))) else: imgname = link.replace('cid:', '') element.attrib['src'] = url('messages-preview-archived-img', img=imgname.replace('/', '__xoxo__'), id=id) \ if archive else url('messages-preview-img', img=imgname.replace('/', '__xoxo__'), id=id) part['content'] = tostring(html) c.message = task.result info = MSGPREVIEW_MSG % dict(m=message.id) audit_log(c.user.username, 1, unicode(info), request.host, request.remote_addr, now()) else: c.message = {} except (socket.error, TimeoutError, QueueNotFound): flash_alert(_('The message could not be previewed, try again later')) whereto = url('message-archive', id=id) if archive else url('message-detail', id=id) redirect(whereto) except ValueError: flash_alert(_('The attachment is either prohibited or dangerous.' ' Contact your system admin for assistance')) whereto = url('message-archive', msgid=msgid) if archive \ else url('message-detail', msgid=msgid) redirect(whereto) c.messageid = message.messageid c.id = message.id c.archived = archive c.isdangerous = message.isdangerous return render('/messages/preview.html')
def mailq_preview(self, queueid, attachid=None, imgid=None, allowimgs=None): "preview a queued message" query = Session.query(MailQueueItem) uquery = UserFilter(Session, c.user, query, model=MailQueueItem) query = uquery.filter() try: mailqitem = query.filter(MailQueueItem.id == queueid).one() except NoResultFound: flash_alert(_('The requested queued message was not found.')) redirect(url('mailq-status')) try: task = preview_queued_msg.apply_async(args=[mailqitem.messageid, mailqitem.direction, attachid, imgid], queue=mailqitem.hostname) task.wait(30) if task.result: if imgid: response.content_type = task.result['content_type'] if task.result and 'img' in task.result: info = QUEUEDOWNLOAD_MSG % dict(m=mailqitem.messageid, a=task.result['name']) audit_log(c.user.username, 1, info, request.host, request.remote_addr, now()) return base64.decodestring(task.result['img']) abort(404) if attachid: info = QUEUEDOWNLOAD_MSG % dict(m=mailqitem.messageid, a=task.result['name']) audit_log(c.user.username, 1, info, request.host, request.remote_addr, now()) response.content_type = task.result['mimetype'] dispos = 'attachment; filename="%s"' % task.result['name'] response.headers['Content-Disposition'] = str(dispos) content_len = len(task.result['attachment']) response.headers['Content-Length'] = content_len response.headers['Pragma'] = 'public' response.headers['Cache-Control'] = 'max-age=0' return base64.decodestring(task.result['attachment']) for part in task.result['parts']: if part['type'] == 'html': html = fromstring(part['content']) for element, attribute, link, pos in iterlinks(html): if not link.startswith('cid:'): if not allowimgs and attribute == 'src': element.attrib['src'] = '%simgs/blocked.gif' % media_url() element.attrib['title'] = link flash(_('This message contains external images, which have been blocked. ') + literal(link_to(_('Display images'), url('queue-preview-with-imgs', queueid=queueid), class_='uline'))) else: imgname = link.replace('cid:', '') element.attrib['src'] = url('queue-preview-img', imgid=imgname.replace('/', '__xoxo__'), queueid=queueid) part['content'] = tostring(html) c.message = task.result info = QUEUEPREVIEW_MSG % dict(m=mailqitem.messageid) audit_log(c.user.username, 1, info, request.host, request.remote_addr, now()) else: raise TimeoutError except (TimeoutError, QueueNotFound): flash_alert(_('The message could not be processed')) redirect(url('mailq-status')) c.queueid = queueid c.messageid = mailqitem.messageid return render('/status/preview.html')
def preview(self, id, archive=None, attachment=None, img=None, allowimgs=None): if archive: message = self._get_archive(id) else: message = self._get_message(id) if not message: abort(404) try: args = [message.messageid, str(message.date), attachment, img, allowimgs] task = preview_msg.apply_async(args=args, queue=message.hostname.strip()) task.wait(30) if task.result: if img: response.content_type = task.result['content_type'] if task.result and 'img' in task.result: info = MSGDOWNLOAD_MSG % dict(m=message.id, a=task.result['name']) audit_log(c.user.username, 1, info, request.host, request.remote_addr, datetime.now()) return base64.decodestring(task.result['img']) abort(404) if attachment: info = MSGDOWNLOAD_MSG % dict(m=message.id, a=task.result['name']) audit_log(c.user.username, 1, info, request.host, request.remote_addr, datetime.now()) response.content_type = task.result['mimetype'] response.headers['Content-Disposition'] = 'attachment; filename="%s"' % task.result['name'] response.headers['Content-Length'] = len(task.result['attachment']) response.headers['Pragma'] = 'public' response.headers['Cache-Control'] = 'max-age=0' return base64.decodestring(task.result['attachment']) for part in task.result['parts']: if part['type'] == 'html': html = fromstring(part['content']) for element, attribute, link, pos in iterlinks(html): if not link.startswith('cid:'): if not allowimgs and attribute == 'src': element.attrib['src'] = '%simgs/blocked.gif' % media_url() element.attrib['title'] = link flash(_('This message contains external images, which have been blocked. ') + literal(link_to(_('Display images'), url('message-preview-archived-with-imgs', id=id) \ if archive else url('message-preview-with-imgs', id=id), class_='uline'))) else: imgname = link.replace('cid:', '') element.attrib['src'] = url('messages-preview-archived-img', img=imgname.replace('/', '__xoxo__'), id=id) \ if archive else url('messages-preview-img', img=imgname.replace('/', '__xoxo__'), id=id) part['content'] = tostring(html) c.message = task.result info = MSGPREVIEW_MSG % dict(m=message.id) audit_log(c.user.username, 1, info, request.host, request.remote_addr, datetime.now()) else: c.message = {} except (socket.error, TimeoutError, QueueNotFound): flash_alert(_('The message could not be previewed, try again later')) whereto = url('message-archive', id=id) if archive else url('message-detail', id=id) redirect(whereto) c.messageid = message.messageid c.id = message.id c.archived = archive return render('/messages/preview.html')
def mailq_preview(self, queueid, attachid=None, imgid=None, allowimgs=None): "preview a queued message" query = Session.query(MailQueueItem) uquery = UserFilter(Session, c.user, query, model=MailQueueItem) query = uquery.filter() try: mailqitem = query.filter(MailQueueItem.id == queueid).one() except NoResultFound: flash_alert(_('The requested queued message was not found.')) redirect(url('mailq-status')) try: task = preview_queued_msg.apply_async(args=[mailqitem.messageid, mailqitem.direction, attachid, imgid], queue=mailqitem.hostname) task.wait(30) if task.result: if imgid: response.content_type = task.result['content_type'] if task.result and 'img' in task.result: info = QUEUEDOWNLOAD_MSG % dict(m=mailqitem.messageid, a=task.result['name']) audit_log(c.user.username, 1, info, request.host, request.remote_addr, datetime.now()) return base64.decodestring(task.result['img']) abort(404) if attachid: info = QUEUEDOWNLOAD_MSG % dict(m=mailqitem.messageid, a=task.result['name']) audit_log(c.user.username, 1, info, request.host, request.remote_addr, datetime.now()) response.content_type = task.result['mimetype'] dispos = 'attachment; filename="%s"' % task.result['name'] response.headers['Content-Disposition'] = dispos content_len = len(task.result['attachment']) response.headers['Content-Length'] = content_len response.headers['Pragma'] = 'public' response.headers['Cache-Control'] = 'max-age=0' return base64.decodestring(task.result['attachment']) for part in task.result['parts']: if part['type'] == 'html': html = fromstring(part['content']) for element, attribute, link, pos in iterlinks(html): if not link.startswith('cid:'): if not allowimgs and attribute == 'src': element.attrib['src'] = '%simgs/blocked.gif' % media_url() element.attrib['title'] = link flash(_('This message contains external images, which have been blocked. ') + literal(link_to(_('Display images'), url('queue-preview-with-imgs', queueid=queueid), class_='uline'))) else: imgname = link.replace('cid:', '') element.attrib['src'] = url('queue-preview-img', imgid=imgname.replace('/', '__xoxo__'), queueid=queueid) part['content'] = tostring(html) c.message = task.result info = QUEUEPREVIEW_MSG % dict(m=mailqitem.messageid) audit_log(c.user.username, 1, info, request.host, request.remote_addr, datetime.now()) else: raise TimeoutError except (TimeoutError, QueueNotFound): flash_alert(_('The message could not be processed')) redirect(url('mailq-status')) c.queueid = queueid c.messageid = mailqitem.messageid return render('/status/preview.html')