Esempio n. 1
0
def image_fixups(content, msgid, archive, richformat, allowimgs):
    "Replace the CID links stored messages"
    html = local_fromstring(content)
    for element, attribute, link, _ in iterlinks(html):
        if not link.startswith('cid:'):
            if not allowimgs and attribute == 'src':
                element.attrib['src'] = '%simgs/blocked.gif' % media_url()
                element.attrib['title'] = link
                if richformat:
                    if archive:
                        displayurl = url('message-preview-archived-with-imgs',
                                        msgid=msgid)
                    else:
                        displayurl = url('message-preview-with-imgs',
                                        msgid=msgid)
                    flash(ugettext('This message contains external'
                        ' images, which have been blocked. ') +
                        literal(link_to(ugettext('Display images'),
                                displayurl)))
        else:
            imgname = link.replace('cid:', '')
            if archive:
                imgurl = url('messages-preview-archived-img',
                            img=imgname.replace('/', '__xoxo__'),
                            msgid=msgid)
            else:
                imgurl = url('messages-preview-img',
                            img=imgname.replace('/', '__xoxo__'),
                            msgid=msgid)
            element.attrib['src'] = imgurl            
    return tostring(html)
Esempio n. 2
0
def image_fixups(content, msgid, archive, richformat, allowimgs):
    "Replace the CID links stored messages"
    html = local_fromstring(content)
    for element, attribute, link, _ in iterlinks(html):
        if not link.startswith('cid:'):
            if not allowimgs and attribute == 'src':
                element.attrib['src'] = '%simgs/blocked.gif' % media_url()
                element.attrib['title'] = link
                if richformat:
                    if archive:
                        displayurl = url('message-preview-archived-with-imgs',
                                         msgid=msgid)
                    else:
                        displayurl = url('message-preview-with-imgs',
                                         msgid=msgid)
                    flash(
                        ugettext('This message contains external'
                                 ' images, which have been blocked. ') +
                        literal(link_to(ugettext('Display images'),
                                        displayurl)))
        else:
            imgname = link.replace('cid:', '')
            if archive:
                imgurl = url('messages-preview-archived-img',
                             img=imgname.replace('/', '__xoxo__'),
                             msgid=msgid)
            else:
                imgurl = url('messages-preview-img',
                             img=imgname.replace('/', '__xoxo__'),
                             msgid=msgid)
            element.attrib['src'] = imgurl
    return tostring(html)
Esempio n. 3
0
def img_fixups(content, queueid, allowimgs, richformat):
    "Replace the CID links in Queued messages"
    html = local_fromstring(content)
    for element, attribute, link, _ in iterlinks(html):
        if not link.startswith('cid:'):
            if not allowimgs and attribute == 'src':
                element.attrib['src'] = '%simgs/blocked.gif' % media_url()
                element.attrib['title'] = link
                if richformat:
                    flash(ugettext('This message contains external '
                    'images, which have been blocked. ') +
                    literal(link_to(ugettext('Display images'),
                    url('queue-preview-with-imgs', queueid=queueid))))
        else:
            imgname = link.replace('cid:', '')
            element.attrib['src'] = url('queue-preview-img',
                                    imgid=imgname.replace('/', '__xoxo__'),
                                    queueid=queueid)
    return tostring(html)
Esempio n. 4
0
def img_fixups(content, queueid, allowimgs, richformat):
    "Replace the CID links in Queued messages"
    html = local_fromstring(content)
    for element, attribute, link, _ in iterlinks(html):
        if not link.startswith('cid:'):
            if not allowimgs and attribute == 'src':
                element.attrib['src'] = '%simgs/blocked.gif' % media_url()
                element.attrib['title'] = link
                if richformat:
                    flash(
                        ugettext('This message contains external '
                                 'images, which have been blocked. ') +
                        literal(
                            link_to(
                                ugettext('Display images'),
                                url('queue-preview-with-imgs',
                                    queueid=queueid))))
        else:
            imgname = link.replace('cid:', '')
            element.attrib['src'] = url('queue-preview-img',
                                        imgid=imgname.replace('/', '__xoxo__'),
                                        queueid=queueid)
    return tostring(html)
Esempio n. 5
0
    def preview(self, id, archive=None, attachment=None, img=None,
                allowimgs=None):
        """Preview a message stored in the quarantine
        
        :param id: the database message id
        :param archive: optional. message archived status
        :param attachment: optional. request is for an attachmeny
        :param img: optional request is for an image
        :param allowimgs: optional allow display of remote images
        
        """
        if archive:
            message = self._get_archive(id)
        else:
            message = self._get_message(id)
        if not message:
            abort(404)

        try:
            localtmz = config.get('baruwa.timezone', 'Africa/Johannesburg')
            args = [message.messageid,
                    convert_date(message.timestamp, localtmz).strftime('%Y%m%d'),
                    attachment,
                    img,
                    allowimgs]
            task = preview_msg.apply_async(args=args,
                    queue=message.hostname.strip())
            task.wait(30)
            if task.result:
                if img:
                    if message.isdangerous and c.user.is_peleb:
                        abort(404)
                    response.content_type = task.result['content_type']
                    if task.result and 'img' in task.result:
                        info = MSGDOWNLOAD_MSG % dict(m=message.id,
                                                a=task.result['name'])
                        audit_log(c.user.username,
                                1, unicode(info), request.host,
                                request.remote_addr, now())
                        return base64.decodestring(task.result['img'])
                    abort(404)
                if attachment:
                    if message.isdangerous and c.user.is_peleb:
                        raise ValueError
                    info = MSGDOWNLOAD_MSG % dict(m=message.id,
                                            a=task.result['name'])
                    audit_log(c.user.username,
                            1, unicode(info), request.host,
                            request.remote_addr, now())
                    response.content_type = task.result['mimetype']
                    content_disposition = 'attachment; filename="%s"' % \
                        task.result['name'].encode('ascii', 'replace')
                    response.headers['Content-Disposition'] = str(content_disposition)
                    response.headers['Content-Length'] = len(task.result['attachment'])
                    response.headers['Pragma'] = 'public'
                    response.headers['Cache-Control'] = 'max-age=0'
                    return base64.decodestring(task.result['attachment'])
                for part in task.result['parts']:
                    if part['type'] == 'html':
                        html = fromstring(part['content'])
                        for element, attribute, link, pos in iterlinks(html):
                            if not link.startswith('cid:'):
                                if not allowimgs and attribute == 'src':
                                    element.attrib['src'] = '%simgs/blocked.gif' % media_url()
                                    element.attrib['title'] = link
                                    flash(_('This message contains external images, which have been blocked. ') +
                                    literal(link_to(_('Display images'),
                                    url('message-preview-archived-with-imgs', id=id) \
                                    if archive else url('message-preview-with-imgs', id=id),
                                    class_='uline')))
                            else:
                                imgname = link.replace('cid:', '')
                                element.attrib['src'] = url('messages-preview-archived-img', img=imgname.replace('/', '__xoxo__'), id=id) \
                                if archive else url('messages-preview-img', img=imgname.replace('/', '__xoxo__'), id=id)
                        part['content'] = tostring(html)
                c.message = task.result
                info = MSGPREVIEW_MSG % dict(m=message.id)
                audit_log(c.user.username,
                        1, unicode(info), request.host,
                        request.remote_addr, now())
            else:
                c.message = {}
        except (socket.error, TimeoutError, QueueNotFound):
            flash_alert(_('The message could not be previewed, try again later'))
            whereto = url('message-archive', id=id) if archive else url('message-detail', id=id)
            redirect(whereto)
        except ValueError:
            flash_alert(_('The attachment is either prohibited or dangerous.'
            ' Contact your system admin for assistance'))
            whereto = url('message-archive', msgid=msgid) if archive \
                        else url('message-detail', msgid=msgid)
            redirect(whereto)
        c.messageid = message.messageid
        c.id = message.id
        c.archived = archive
        c.isdangerous = message.isdangerous
        return render('/messages/preview.html')
Esempio n. 6
0
    def mailq_preview(self, queueid, attachid=None, imgid=None, allowimgs=None):
        "preview a queued message"
        query = Session.query(MailQueueItem)
        uquery = UserFilter(Session, c.user, query, model=MailQueueItem)
        query = uquery.filter()

        try:
            mailqitem = query.filter(MailQueueItem.id == queueid).one()
        except NoResultFound:
            flash_alert(_('The requested queued message was not found.'))
            redirect(url('mailq-status'))

        try:
            task = preview_queued_msg.apply_async(args=[mailqitem.messageid,
                    mailqitem.direction, attachid, imgid],
                    queue=mailqitem.hostname)
            task.wait(30)
            if task.result:
                if imgid:
                    response.content_type = task.result['content_type']
                    if task.result and 'img' in task.result:
                        info = QUEUEDOWNLOAD_MSG % dict(m=mailqitem.messageid,
                                                        a=task.result['name'])
                        audit_log(c.user.username,
                                1, info, request.host,
                                request.remote_addr, now())
                        return base64.decodestring(task.result['img'])
                    abort(404)
                if attachid:
                    info = QUEUEDOWNLOAD_MSG % dict(m=mailqitem.messageid,
                                                    a=task.result['name'])
                    audit_log(c.user.username,
                            1, info, request.host,
                            request.remote_addr, now())
                    response.content_type = task.result['mimetype']
                    dispos = 'attachment; filename="%s"' % task.result['name']
                    response.headers['Content-Disposition'] = str(dispos)
                    content_len = len(task.result['attachment'])
                    response.headers['Content-Length'] = content_len
                    response.headers['Pragma'] = 'public'
                    response.headers['Cache-Control'] = 'max-age=0'
                    return base64.decodestring(task.result['attachment'])
                for part in task.result['parts']:
                    if part['type'] == 'html':
                        html = fromstring(part['content'])
                        for element, attribute, link, pos in iterlinks(html):
                            if not link.startswith('cid:'):
                                if not allowimgs and attribute == 'src':
                                    element.attrib['src'] = '%simgs/blocked.gif' % media_url()
                                    element.attrib['title'] = link
                                    flash(_('This message contains external images, which have been blocked. ') +
                                    literal(link_to(_('Display images'),
                                    url('queue-preview-with-imgs', queueid=queueid), class_='uline')))
                            else:
                                imgname = link.replace('cid:', '')
                                element.attrib['src'] = url('queue-preview-img',
                                                        imgid=imgname.replace('/', '__xoxo__'),
                                                        queueid=queueid)
                        part['content'] = tostring(html)
                c.message = task.result
                info = QUEUEPREVIEW_MSG % dict(m=mailqitem.messageid)
                audit_log(c.user.username,
                        1, info, request.host,
                        request.remote_addr, now())
            else:
                raise TimeoutError
        except (TimeoutError, QueueNotFound):
            flash_alert(_('The message could not be processed'))
            redirect(url('mailq-status'))
        c.queueid = queueid
        c.messageid = mailqitem.messageid
        return render('/status/preview.html')
Esempio n. 7
0
    def preview(self, id, archive=None, attachment=None, img=None,
                allowimgs=None):
        if archive:
            message = self._get_archive(id)
        else:
            message = self._get_message(id)
        if not message:
            abort(404)

        try:
            args = [message.messageid,
                    str(message.date),
                    attachment,
                    img,
                    allowimgs]
            task = preview_msg.apply_async(args=args,
                    queue=message.hostname.strip())
            task.wait(30)
            if task.result:
                if img:
                    response.content_type = task.result['content_type']
                    if task.result and 'img' in task.result:
                        info = MSGDOWNLOAD_MSG % dict(m=message.id,
                                                a=task.result['name'])
                        audit_log(c.user.username,
                                1, info, request.host,
                                request.remote_addr, datetime.now())
                        return base64.decodestring(task.result['img'])
                    abort(404)
                if attachment:
                    info = MSGDOWNLOAD_MSG % dict(m=message.id,
                                            a=task.result['name'])
                    audit_log(c.user.username,
                            1, info, request.host,
                            request.remote_addr, datetime.now())
                    response.content_type = task.result['mimetype']
                    response.headers['Content-Disposition'] = 'attachment; filename="%s"' % task.result['name']
                    response.headers['Content-Length'] = len(task.result['attachment'])
                    response.headers['Pragma'] = 'public'
                    response.headers['Cache-Control'] = 'max-age=0'
                    return base64.decodestring(task.result['attachment'])
                for part in task.result['parts']:
                    if part['type'] == 'html':
                        html = fromstring(part['content'])
                        for element, attribute, link, pos in iterlinks(html):
                            if not link.startswith('cid:'):
                                if not allowimgs and attribute == 'src':
                                    element.attrib['src'] = '%simgs/blocked.gif' % media_url()
                                    element.attrib['title'] = link
                                    flash(_('This message contains external images, which have been blocked. ') +
                                    literal(link_to(_('Display images'),
                                    url('message-preview-archived-with-imgs', id=id) \
                                    if archive else url('message-preview-with-imgs', id=id),
                                    class_='uline')))
                            else:
                                imgname = link.replace('cid:', '')
                                element.attrib['src'] = url('messages-preview-archived-img', img=imgname.replace('/', '__xoxo__'), id=id) \
                                if archive else url('messages-preview-img', img=imgname.replace('/', '__xoxo__'), id=id)
                        part['content'] = tostring(html)
                c.message = task.result
                info = MSGPREVIEW_MSG % dict(m=message.id)
                audit_log(c.user.username,
                        1, info, request.host,
                        request.remote_addr, datetime.now())
            else:
                c.message = {}
        except (socket.error, TimeoutError, QueueNotFound):
            flash_alert(_('The message could not be previewed, try again later'))
            whereto = url('message-archive', id=id) if archive else url('message-detail', id=id)
            redirect(whereto)
        c.messageid = message.messageid
        c.id = message.id
        c.archived = archive
        return render('/messages/preview.html')
Esempio n. 8
0
    def mailq_preview(self, queueid, attachid=None, imgid=None, allowimgs=None):
        "preview a queued message"
        query = Session.query(MailQueueItem)
        uquery = UserFilter(Session, c.user, query, model=MailQueueItem)
        query = uquery.filter()

        try:
            mailqitem = query.filter(MailQueueItem.id == queueid).one()
        except NoResultFound:
            flash_alert(_('The requested queued message was not found.'))
            redirect(url('mailq-status'))

        try:
            task = preview_queued_msg.apply_async(args=[mailqitem.messageid,
                    mailqitem.direction, attachid, imgid],
                    queue=mailqitem.hostname)
            task.wait(30)
            if task.result:
                if imgid:
                    response.content_type = task.result['content_type']
                    if task.result and 'img' in task.result:
                        info = QUEUEDOWNLOAD_MSG % dict(m=mailqitem.messageid,
                                                        a=task.result['name'])
                        audit_log(c.user.username,
                                1, info, request.host,
                                request.remote_addr, datetime.now())
                        return base64.decodestring(task.result['img'])
                    abort(404)
                if attachid:
                    info = QUEUEDOWNLOAD_MSG % dict(m=mailqitem.messageid,
                                                    a=task.result['name'])
                    audit_log(c.user.username,
                            1, info, request.host,
                            request.remote_addr, datetime.now())
                    response.content_type = task.result['mimetype']
                    dispos = 'attachment; filename="%s"' % task.result['name']
                    response.headers['Content-Disposition'] = dispos
                    content_len = len(task.result['attachment'])
                    response.headers['Content-Length'] = content_len
                    response.headers['Pragma'] = 'public'
                    response.headers['Cache-Control'] = 'max-age=0'
                    return base64.decodestring(task.result['attachment'])
                for part in task.result['parts']:
                    if part['type'] == 'html':
                        html = fromstring(part['content'])
                        for element, attribute, link, pos in iterlinks(html):
                            if not link.startswith('cid:'):
                                if not allowimgs and attribute == 'src':
                                    element.attrib['src'] = '%simgs/blocked.gif' % media_url()
                                    element.attrib['title'] = link
                                    flash(_('This message contains external images, which have been blocked. ') +
                                    literal(link_to(_('Display images'),
                                    url('queue-preview-with-imgs', queueid=queueid), class_='uline')))
                            else:
                                imgname = link.replace('cid:', '')
                                element.attrib['src'] = url('queue-preview-img',
                                                        imgid=imgname.replace('/', '__xoxo__'),
                                                        queueid=queueid)
                        part['content'] = tostring(html)
                c.message = task.result
                info = QUEUEPREVIEW_MSG % dict(m=mailqitem.messageid)
                audit_log(c.user.username,
                        1, info, request.host,
                        request.remote_addr, datetime.now())
            else:
                raise TimeoutError
        except (TimeoutError, QueueNotFound):
            flash_alert(_('The message could not be processed'))
            redirect(url('mailq-status'))
        c.queueid = queueid
        c.messageid = mailqitem.messageid
        return render('/status/preview.html')