def preview(self, id, archive=None, attachment=None, img=None, allowimgs=None): """Preview a message stored in the quarantine :param id: the database message id :param archive: optional. message archived status :param attachment: optional. request is for an attachmeny :param img: optional request is for an image :param allowimgs: optional allow display of remote images """ if archive: message = self._get_archive(id) else: message = self._get_message(id) if not message: abort(404) try: localtmz = config.get('baruwa.timezone', 'Africa/Johannesburg') args = [message.messageid, convert_date(message.timestamp, localtmz).strftime('%Y%m%d'), attachment, img, allowimgs] task = preview_msg.apply_async(args=args, queue=message.hostname.strip()) task.wait(30) if task.result: if img: if message.isdangerous and c.user.is_peleb: abort(404) response.content_type = task.result['content_type'] if task.result and 'img' in task.result: info = MSGDOWNLOAD_MSG % dict(m=message.id, a=task.result['name']) audit_log(c.user.username, 1, unicode(info), request.host, request.remote_addr, now()) return base64.decodestring(task.result['img']) abort(404) if attachment: if message.isdangerous and c.user.is_peleb: raise ValueError info = MSGDOWNLOAD_MSG % dict(m=message.id, a=task.result['name']) audit_log(c.user.username, 1, unicode(info), request.host, request.remote_addr, now()) response.content_type = task.result['mimetype'] content_disposition = 'attachment; filename="%s"' % \ task.result['name'].encode('ascii', 'replace') response.headers['Content-Disposition'] = str(content_disposition) response.headers['Content-Length'] = len(task.result['attachment']) response.headers['Pragma'] = 'public' response.headers['Cache-Control'] = 'max-age=0' return base64.decodestring(task.result['attachment']) for part in task.result['parts']: if part['type'] == 'html': html = fromstring(part['content']) for element, attribute, link, pos in iterlinks(html): if not link.startswith('cid:'): if not allowimgs and attribute == 'src': element.attrib['src'] = '%simgs/blocked.gif' % media_url() element.attrib['title'] = link flash(_('This message contains external images, which have been blocked. ') + literal(link_to(_('Display images'), url('message-preview-archived-with-imgs', id=id) \ if archive else url('message-preview-with-imgs', id=id), class_='uline'))) else: imgname = link.replace('cid:', '') element.attrib['src'] = url('messages-preview-archived-img', img=imgname.replace('/', '__xoxo__'), id=id) \ if archive else url('messages-preview-img', img=imgname.replace('/', '__xoxo__'), id=id) part['content'] = tostring(html) c.message = task.result info = MSGPREVIEW_MSG % dict(m=message.id) audit_log(c.user.username, 1, unicode(info), request.host, request.remote_addr, now()) else: c.message = {} except (socket.error, TimeoutError, QueueNotFound): flash_alert(_('The message could not be previewed, try again later')) whereto = url('message-archive', id=id) if archive else url('message-detail', id=id) redirect(whereto) except ValueError: flash_alert(_('The attachment is either prohibited or dangerous.' ' Contact your system admin for assistance')) whereto = url('message-archive', msgid=msgid) if archive \ else url('message-detail', msgid=msgid) redirect(whereto) c.messageid = message.messageid c.id = message.id c.archived = archive c.isdangerous = message.isdangerous return render('/messages/preview.html')
def preview(self, msgid, archive=None, attachment=None, img=None, allowimgs=None, richformat=None): """Preview a message stored in the quarantine :param msgid: the database message id :param archive: optional. message archived status :param attachment: optional. request is for an attachmeny :param img: optional request is for an image :param allowimgs: optional allow display of remote images :param richformat: show html format """ if archive: message = self._get_archive(msgid) else: message = self._get_message(msgid) if not message: abort(404) try: if message.isdangerous and c.user.is_peleb: raise ValueError localtmz = config.get('baruwa.timezone', 'Africa/Johannesburg') cdte = convert_date(message.timestamp, localtmz).strftime('%Y%m%d') args = [ message.messageid, cdte, message.msgfiles, attachment, img, allowimgs ] task = preview_msg.apply_async( args=args, routing_key=system_hostname() if asbool( config.get('ms.quarantine.shared', 'false')) else message.hostname.strip()) task.wait(30) if task.result: if img: if message.isdangerous and c.user.is_peleb: abort(404) response.content_type = task.result['content_type'] if task.result and 'img' in task.result: info = MSGDOWNLOAD_MSG % dict(m=message.id, a=task.result['name']) audit_log(c.user.username, 1, unicode(info), request.host, request.remote_addr, arrow.utcnow().datetime) return base64.decodestring(task.result['img']) abort(404) if attachment: info = MSGDOWNLOAD_MSG % dict(m=message.id, a=task.result['name']) audit_log(c.user.username, 1, unicode(info), request.host, request.remote_addr, arrow.utcnow().datetime) response.content_type = task.result['mimetype'] content_disposition = 'attachment; filename="%s"' % \ task.result['name'].encode('ascii', 'replace') response.headers['Content-Disposition'] = \ str(content_disposition) response.headers['Content-Length'] = \ len(task.result['attachment']) response.headers['Pragma'] = 'public' response.headers['Cache-Control'] = 'max-age=0' return base64.decodestring(task.result['attachment']) for part in task.result['parts']: if part['type'] == 'text/html': local_rf = (not task.result['is_multipart'] or richformat) part['content'] = image_fixups(part['content'], msgid, archive, local_rf, allowimgs) c.message = task.result info = MSGPREVIEW_MSG % dict(m=message.id) audit_log(c.user.username, 1, unicode(info), request.host, request.remote_addr, arrow.utcnow().datetime) else: c.message = {} except (socket.error, TimeoutError, QueueNotFound): lmsg = _('The message could not be previewed, try again later') flash_alert(lmsg) log.info(lmsg) whereto = url('message-archive', msgid=msgid) if archive \ else url('message-detail', msgid=msgid) redirect(whereto) except ValueError: lmsg = _('The message/attachments are either prohibited or' ' dangerous. Contact your system admin for assistance') flash_alert(lmsg) log.info(lmsg) whereto = url('message-archive', msgid=msgid) if archive \ else url('message-detail', msgid=msgid) redirect(whereto) c.messageid = message.messageid c.msgid = message.id c.archived = archive c.richformat = richformat c.isdangerous = message.isdangerous # print c.message return self.render('/messages/preview.html')
def preview(self, id, archive=None, attachment=None, img=None, allowimgs=None): if archive: message = self._get_archive(id) else: message = self._get_message(id) if not message: abort(404) try: args = [message.messageid, str(message.date), attachment, img, allowimgs] task = preview_msg.apply_async(args=args, queue=message.hostname.strip()) task.wait(30) if task.result: if img: response.content_type = task.result['content_type'] if task.result and 'img' in task.result: info = MSGDOWNLOAD_MSG % dict(m=message.id, a=task.result['name']) audit_log(c.user.username, 1, info, request.host, request.remote_addr, datetime.now()) return base64.decodestring(task.result['img']) abort(404) if attachment: info = MSGDOWNLOAD_MSG % dict(m=message.id, a=task.result['name']) audit_log(c.user.username, 1, info, request.host, request.remote_addr, datetime.now()) response.content_type = task.result['mimetype'] response.headers['Content-Disposition'] = 'attachment; filename="%s"' % task.result['name'] response.headers['Content-Length'] = len(task.result['attachment']) response.headers['Pragma'] = 'public' response.headers['Cache-Control'] = 'max-age=0' return base64.decodestring(task.result['attachment']) for part in task.result['parts']: if part['type'] == 'html': html = fromstring(part['content']) for element, attribute, link, pos in iterlinks(html): if not link.startswith('cid:'): if not allowimgs and attribute == 'src': element.attrib['src'] = '%simgs/blocked.gif' % media_url() element.attrib['title'] = link flash(_('This message contains external images, which have been blocked. ') + literal(link_to(_('Display images'), url('message-preview-archived-with-imgs', id=id) \ if archive else url('message-preview-with-imgs', id=id), class_='uline'))) else: imgname = link.replace('cid:', '') element.attrib['src'] = url('messages-preview-archived-img', img=imgname.replace('/', '__xoxo__'), id=id) \ if archive else url('messages-preview-img', img=imgname.replace('/', '__xoxo__'), id=id) part['content'] = tostring(html) c.message = task.result info = MSGPREVIEW_MSG % dict(m=message.id) audit_log(c.user.username, 1, info, request.host, request.remote_addr, datetime.now()) else: c.message = {} except (socket.error, TimeoutError, QueueNotFound): flash_alert(_('The message could not be previewed, try again later')) whereto = url('message-archive', id=id) if archive else url('message-detail', id=id) redirect(whereto) c.messageid = message.messageid c.id = message.id c.archived = archive return render('/messages/preview.html')
def preview(self, msgid, archive=None, attachment=None, img=None, allowimgs=None, richformat=None): """Preview a message stored in the quarantine :param msgid: the database message id :param archive: optional. message archived status :param attachment: optional. request is for an attachmeny :param img: optional request is for an image :param allowimgs: optional allow display of remote images :param richformat: show html format """ if archive: message = self._get_archive(msgid) else: message = self._get_message(msgid) if not message: abort(404) try: if message.isdangerous and c.user.is_peleb: raise ValueError localtmz = config.get('baruwa.timezone', 'Africa/Johannesburg') cdte = convert_date(message.timestamp, localtmz).strftime('%Y%m%d') args = [message.messageid, cdte, message.msgfiles, attachment, img, allowimgs] task = preview_msg.apply_async(args=args, routing_key=system_hostname() if asbool(config.get('ms.quarantine.shared', 'false')) else message.hostname.strip()) task.wait(30) if task.result: if img: if message.isdangerous and c.user.is_peleb: abort(404) response.content_type = task.result['content_type'] if task.result and 'img' in task.result: info = MSGDOWNLOAD_MSG % dict(m=message.id, a=task.result['name']) audit_log(c.user.username, 1, unicode(info), request.host, request.remote_addr, arrow.utcnow().datetime) return base64.decodestring(task.result['img']) abort(404) if attachment: info = MSGDOWNLOAD_MSG % dict(m=message.id, a=task.result['name']) audit_log(c.user.username, 1, unicode(info), request.host, request.remote_addr, arrow.utcnow().datetime) response.content_type = task.result['mimetype'] content_disposition = 'attachment; filename="%s"' % \ task.result['name'].encode('ascii', 'replace') response.headers['Content-Disposition'] = \ str(content_disposition) response.headers['Content-Length'] = \ len(task.result['attachment']) response.headers['Pragma'] = 'public' response.headers['Cache-Control'] = 'max-age=0' return base64.decodestring(task.result['attachment']) for part in task.result['parts']: if part['type'] == 'text/html': local_rf = (not task.result['is_multipart'] or richformat) part['content'] = image_fixups( part['content'], msgid, archive, local_rf, allowimgs) c.message = task.result info = MSGPREVIEW_MSG % dict(m=message.id) audit_log(c.user.username, 1, unicode(info), request.host, request.remote_addr, arrow.utcnow().datetime) else: c.message = {} except (socket.error, TimeoutError, QueueNotFound): lmsg = _('The message could not be previewed, try again later') flash_alert(lmsg) log.info(lmsg) whereto = url('message-archive', msgid=msgid) if archive \ else url('message-detail', msgid=msgid) redirect(whereto) except ValueError: lmsg = _('The message/attachments are either prohibited or' ' dangerous. Contact your system admin for assistance') flash_alert(lmsg) log.info(lmsg) whereto = url('message-archive', msgid=msgid) if archive \ else url('message-detail', msgid=msgid) redirect(whereto) c.messageid = message.messageid c.msgid = message.id c.archived = archive c.richformat = richformat c.isdangerous = message.isdangerous # print c.message return self.render('/messages/preview.html')