amorfo77/sogo
1
0
Fork 0
mirror of https://github.com/inverse-inc/sogo.git synced 2026-03-10 01:11:22 +00:00
Code Issues Projects Releases Wiki Activity

fix(mail): don't allow XML inline attachments

Browse Source
This commit is contained in:
Francis Lachapelle
2022-01-20 14:47:23 -05:00
parent 5575a4c3c8
commit ca9d2d1cdc
1 changed files with 12 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
UI/MailerUI/UIxMailView.m
View File

@@ -221,12 +221,18 @@ static NSString *mailETag = nil;
for (count = 0; count < max; count++)
{
attributes = [[self attachmentAttrs] objectAtIndex: count];
filename = [NSString stringWithFormat: @"<%@>", [attributes objectForKey: @"filename"]];
[attachmentIds setObject: [attributes objectForKey: @"url"]
forKey: filename];
if ([[attributes objectForKey: @"bodyId"] length])
[attachmentIds setObject: [attributes objectForKey: @"url"]
forKey: [attributes objectForKey: @"bodyId"]];
// Don't allow XML inline attachments
if (![[attributes objectForKey: @"mimetype"] hasSuffix: @"xml"] &&
![[[attributes objectForKey: @"filename"] lowercaseString] hasSuffix: @"svg"])
{
filename = [NSString stringWithFormat: @"<%@>", [attributes objectForKey: @"filename"]];
[attachmentIds setObject: [attributes objectForKey: @"url"]
forKey: filename];
if ([[attributes objectForKey: @"bodyId"] length])
[attachmentIds setObject: [attributes objectForKey: @"url"]
forKey: [attributes objectForKey: @"bodyId"]];
}
}
// Attachment IDs will be decoded in UIxMailPartEncryptedViewer for
// S/MIME encrypted emails with file attachments.