Esempio n. 1
0
    def preview(self, id, archive=None, attachment=None, img=None,
                allowimgs=None):
        """Preview a message stored in the quarantine
        
        :param id: the database message id
        :param archive: optional. message archived status
        :param attachment: optional. request is for an attachmeny
        :param img: optional request is for an image
        :param allowimgs: optional allow display of remote images
        
        """
        if archive:
            message = self._get_archive(id)
        else:
            message = self._get_message(id)
        if not message:
            abort(404)

        try:
            localtmz = config.get('baruwa.timezone', 'Africa/Johannesburg')
            args = [message.messageid,
                    convert_date(message.timestamp, localtmz).strftime('%Y%m%d'),
                    attachment,
                    img,
                    allowimgs]
            task = preview_msg.apply_async(args=args,
                    queue=message.hostname.strip())
            task.wait(30)
            if task.result:
                if img:
                    if message.isdangerous and c.user.is_peleb:
                        abort(404)
                    response.content_type = task.result['content_type']
                    if task.result and 'img' in task.result:
                        info = MSGDOWNLOAD_MSG % dict(m=message.id,
                                                a=task.result['name'])
                        audit_log(c.user.username,
                                1, unicode(info), request.host,
                                request.remote_addr, now())
                        return base64.decodestring(task.result['img'])
                    abort(404)
                if attachment:
                    if message.isdangerous and c.user.is_peleb:
                        raise ValueError
                    info = MSGDOWNLOAD_MSG % dict(m=message.id,
                                            a=task.result['name'])
                    audit_log(c.user.username,
                            1, unicode(info), request.host,
                            request.remote_addr, now())
                    response.content_type = task.result['mimetype']
                    content_disposition = 'attachment; filename="%s"' % \
                        task.result['name'].encode('ascii', 'replace')
                    response.headers['Content-Disposition'] = str(content_disposition)
                    response.headers['Content-Length'] = len(task.result['attachment'])
                    response.headers['Pragma'] = 'public'
                    response.headers['Cache-Control'] = 'max-age=0'
                    return base64.decodestring(task.result['attachment'])
                for part in task.result['parts']:
                    if part['type'] == 'html':
                        html = fromstring(part['content'])
                        for element, attribute, link, pos in iterlinks(html):
                            if not link.startswith('cid:'):
                                if not allowimgs and attribute == 'src':
                                    element.attrib['src'] = '%simgs/blocked.gif' % media_url()
                                    element.attrib['title'] = link
                                    flash(_('This message contains external images, which have been blocked. ') +
                                    literal(link_to(_('Display images'),
                                    url('message-preview-archived-with-imgs', id=id) \
                                    if archive else url('message-preview-with-imgs', id=id),
                                    class_='uline')))
                            else:
                                imgname = link.replace('cid:', '')
                                element.attrib['src'] = url('messages-preview-archived-img', img=imgname.replace('/', '__xoxo__'), id=id) \
                                if archive else url('messages-preview-img', img=imgname.replace('/', '__xoxo__'), id=id)
                        part['content'] = tostring(html)
                c.message = task.result
                info = MSGPREVIEW_MSG % dict(m=message.id)
                audit_log(c.user.username,
                        1, unicode(info), request.host,
                        request.remote_addr, now())
            else:
                c.message = {}
        except (socket.error, TimeoutError, QueueNotFound):
            flash_alert(_('The message could not be previewed, try again later'))
            whereto = url('message-archive', id=id) if archive else url('message-detail', id=id)
            redirect(whereto)
        except ValueError:
            flash_alert(_('The attachment is either prohibited or dangerous.'
            ' Contact your system admin for assistance'))
            whereto = url('message-archive', msgid=msgid) if archive \
                        else url('message-detail', msgid=msgid)
            redirect(whereto)
        c.messageid = message.messageid
        c.id = message.id
        c.archived = archive
        c.isdangerous = message.isdangerous
        return render('/messages/preview.html')
Esempio n. 2
0
    def preview(self,
                msgid,
                archive=None,
                attachment=None,
                img=None,
                allowimgs=None,
                richformat=None):
        """Preview a message stored in the quarantine

        :param msgid: the database message id
        :param archive: optional. message archived status
        :param attachment: optional. request is for an attachmeny
        :param img: optional request is for an image
        :param allowimgs: optional allow display of remote images
        :param richformat: show html format

        """
        if archive:
            message = self._get_archive(msgid)
        else:
            message = self._get_message(msgid)
        if not message:
            abort(404)

        try:
            if message.isdangerous and c.user.is_peleb:
                raise ValueError
            localtmz = config.get('baruwa.timezone', 'Africa/Johannesburg')
            cdte = convert_date(message.timestamp, localtmz).strftime('%Y%m%d')
            args = [
                message.messageid, cdte, message.msgfiles, attachment, img,
                allowimgs
            ]
            task = preview_msg.apply_async(
                args=args,
                routing_key=system_hostname() if asbool(
                    config.get('ms.quarantine.shared',
                               'false')) else message.hostname.strip())
            task.wait(30)
            if task.result:
                if img:
                    if message.isdangerous and c.user.is_peleb:
                        abort(404)
                    response.content_type = task.result['content_type']
                    if task.result and 'img' in task.result:
                        info = MSGDOWNLOAD_MSG % dict(m=message.id,
                                                      a=task.result['name'])
                        audit_log(c.user.username, 1, unicode(info),
                                  request.host, request.remote_addr,
                                  arrow.utcnow().datetime)
                        return base64.decodestring(task.result['img'])
                    abort(404)
                if attachment:
                    info = MSGDOWNLOAD_MSG % dict(m=message.id,
                                                  a=task.result['name'])
                    audit_log(c.user.username, 1, unicode(info), request.host,
                              request.remote_addr,
                              arrow.utcnow().datetime)
                    response.content_type = task.result['mimetype']
                    content_disposition = 'attachment; filename="%s"' % \
                        task.result['name'].encode('ascii', 'replace')
                    response.headers['Content-Disposition'] = \
                                    str(content_disposition)
                    response.headers['Content-Length'] = \
                                    len(task.result['attachment'])
                    response.headers['Pragma'] = 'public'
                    response.headers['Cache-Control'] = 'max-age=0'
                    return base64.decodestring(task.result['attachment'])
                for part in task.result['parts']:
                    if part['type'] == 'text/html':
                        local_rf = (not task.result['is_multipart']
                                    or richformat)
                        part['content'] = image_fixups(part['content'], msgid,
                                                       archive, local_rf,
                                                       allowimgs)
                c.message = task.result
                info = MSGPREVIEW_MSG % dict(m=message.id)
                audit_log(c.user.username, 1, unicode(info), request.host,
                          request.remote_addr,
                          arrow.utcnow().datetime)
            else:
                c.message = {}
        except (socket.error, TimeoutError, QueueNotFound):
            lmsg = _('The message could not be previewed, try again later')
            flash_alert(lmsg)
            log.info(lmsg)
            whereto = url('message-archive', msgid=msgid) if archive \
                        else url('message-detail', msgid=msgid)
            redirect(whereto)
        except ValueError:
            lmsg = _('The message/attachments are either prohibited or'
                     ' dangerous. Contact your system admin for assistance')
            flash_alert(lmsg)
            log.info(lmsg)
            whereto = url('message-archive', msgid=msgid) if archive \
                        else url('message-detail', msgid=msgid)
            redirect(whereto)
        c.messageid = message.messageid
        c.msgid = message.id
        c.archived = archive
        c.richformat = richformat
        c.isdangerous = message.isdangerous
        # print c.message
        return self.render('/messages/preview.html')
Esempio n. 3
0
    def preview(self, id, archive=None, attachment=None, img=None,
                allowimgs=None):
        if archive:
            message = self._get_archive(id)
        else:
            message = self._get_message(id)
        if not message:
            abort(404)

        try:
            args = [message.messageid,
                    str(message.date),
                    attachment,
                    img,
                    allowimgs]
            task = preview_msg.apply_async(args=args,
                    queue=message.hostname.strip())
            task.wait(30)
            if task.result:
                if img:
                    response.content_type = task.result['content_type']
                    if task.result and 'img' in task.result:
                        info = MSGDOWNLOAD_MSG % dict(m=message.id,
                                                a=task.result['name'])
                        audit_log(c.user.username,
                                1, info, request.host,
                                request.remote_addr, datetime.now())
                        return base64.decodestring(task.result['img'])
                    abort(404)
                if attachment:
                    info = MSGDOWNLOAD_MSG % dict(m=message.id,
                                            a=task.result['name'])
                    audit_log(c.user.username,
                            1, info, request.host,
                            request.remote_addr, datetime.now())
                    response.content_type = task.result['mimetype']
                    response.headers['Content-Disposition'] = 'attachment; filename="%s"' % task.result['name']
                    response.headers['Content-Length'] = len(task.result['attachment'])
                    response.headers['Pragma'] = 'public'
                    response.headers['Cache-Control'] = 'max-age=0'
                    return base64.decodestring(task.result['attachment'])
                for part in task.result['parts']:
                    if part['type'] == 'html':
                        html = fromstring(part['content'])
                        for element, attribute, link, pos in iterlinks(html):
                            if not link.startswith('cid:'):
                                if not allowimgs and attribute == 'src':
                                    element.attrib['src'] = '%simgs/blocked.gif' % media_url()
                                    element.attrib['title'] = link
                                    flash(_('This message contains external images, which have been blocked. ') +
                                    literal(link_to(_('Display images'),
                                    url('message-preview-archived-with-imgs', id=id) \
                                    if archive else url('message-preview-with-imgs', id=id),
                                    class_='uline')))
                            else:
                                imgname = link.replace('cid:', '')
                                element.attrib['src'] = url('messages-preview-archived-img', img=imgname.replace('/', '__xoxo__'), id=id) \
                                if archive else url('messages-preview-img', img=imgname.replace('/', '__xoxo__'), id=id)
                        part['content'] = tostring(html)
                c.message = task.result
                info = MSGPREVIEW_MSG % dict(m=message.id)
                audit_log(c.user.username,
                        1, info, request.host,
                        request.remote_addr, datetime.now())
            else:
                c.message = {}
        except (socket.error, TimeoutError, QueueNotFound):
            flash_alert(_('The message could not be previewed, try again later'))
            whereto = url('message-archive', id=id) if archive else url('message-detail', id=id)
            redirect(whereto)
        c.messageid = message.messageid
        c.id = message.id
        c.archived = archive
        return render('/messages/preview.html')
Esempio n. 4
0
    def preview(self, msgid, archive=None, attachment=None, img=None,
                allowimgs=None, richformat=None):
        """Preview a message stored in the quarantine

        :param msgid: the database message id
        :param archive: optional. message archived status
        :param attachment: optional. request is for an attachmeny
        :param img: optional request is for an image
        :param allowimgs: optional allow display of remote images
        :param richformat: show html format

        """
        if archive:
            message = self._get_archive(msgid)
        else:
            message = self._get_message(msgid)
        if not message:
            abort(404)

        try:
            if message.isdangerous and c.user.is_peleb:
                raise ValueError
            localtmz = config.get('baruwa.timezone', 'Africa/Johannesburg')
            cdte = convert_date(message.timestamp, localtmz).strftime('%Y%m%d')
            args = [message.messageid,
                    cdte,
                    message.msgfiles,
                    attachment,
                    img,
                    allowimgs]
            task = preview_msg.apply_async(args=args,
                        routing_key=system_hostname() if
                        asbool(config.get('ms.quarantine.shared', 'false'))
                        else message.hostname.strip())
            task.wait(30)
            if task.result:
                if img:
                    if message.isdangerous and c.user.is_peleb:
                        abort(404)
                    response.content_type = task.result['content_type']
                    if task.result and 'img' in task.result:
                        info = MSGDOWNLOAD_MSG % dict(m=message.id,
                                                a=task.result['name'])
                        audit_log(c.user.username,
                                1, unicode(info), request.host,
                                request.remote_addr, arrow.utcnow().datetime)
                        return base64.decodestring(task.result['img'])
                    abort(404)
                if attachment:
                    info = MSGDOWNLOAD_MSG % dict(m=message.id,
                                            a=task.result['name'])
                    audit_log(c.user.username,
                            1, unicode(info), request.host,
                            request.remote_addr, arrow.utcnow().datetime)
                    response.content_type = task.result['mimetype']
                    content_disposition = 'attachment; filename="%s"' % \
                        task.result['name'].encode('ascii', 'replace')
                    response.headers['Content-Disposition'] = \
                                    str(content_disposition)
                    response.headers['Content-Length'] = \
                                    len(task.result['attachment'])
                    response.headers['Pragma'] = 'public'
                    response.headers['Cache-Control'] = 'max-age=0'
                    return base64.decodestring(task.result['attachment'])
                for part in task.result['parts']:
                    if part['type'] == 'text/html':
                        local_rf = (not task.result['is_multipart']
                                    or richformat)
                        part['content'] = image_fixups(
                                            part['content'],
                                            msgid, archive,
                                            local_rf, allowimgs)
                c.message = task.result
                info = MSGPREVIEW_MSG % dict(m=message.id)
                audit_log(c.user.username,
                        1, unicode(info), request.host,
                        request.remote_addr, arrow.utcnow().datetime)
            else:
                c.message = {}
        except (socket.error, TimeoutError, QueueNotFound):
            lmsg = _('The message could not be previewed, try again later')
            flash_alert(lmsg)
            log.info(lmsg)
            whereto = url('message-archive', msgid=msgid) if archive \
                        else url('message-detail', msgid=msgid)
            redirect(whereto)
        except ValueError:
            lmsg = _('The message/attachments are either prohibited or'
                    ' dangerous. Contact your system admin for assistance')
            flash_alert(lmsg)
            log.info(lmsg)
            whereto = url('message-archive', msgid=msgid) if archive \
                        else url('message-detail', msgid=msgid)
            redirect(whereto)
        c.messageid = message.messageid
        c.msgid = message.id
        c.archived = archive
        c.richformat = richformat
        c.isdangerous = message.isdangerous
        # print c.message
        return self.render('/messages/preview.html')