diff --git a/src/postorius/lib/__init__.py b/src/postorius/lib/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/src/postorius/lib/__init__.py diff --git a/src/postorius/lib/scrub.py b/src/postorius/lib/scrub.py new file mode 100644 index 0000000..f0995df --- /dev/null +++ b/src/postorius/lib/scrub.py @@ -0,0 +1,173 @@ +# Copyright (C) 2011-2012 by the Free Software Foundation, Inc. +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, +# USA. + +"""Cleanse a message for archiving.""" + +from __future__ import absolute_import, unicode_literals + +import os +import re +import binascii +from mimetypes import guess_all_extensions +from email.header import decode_header, make_header +from email.errors import HeaderParseError + +pre = re.compile(r'[/\\:]') +sre = re.compile(r'[^-\w.]') +dre = re.compile(r'^\.*') + +BR = '
\n' + +NEXT_PART = re.compile(r'--------------[ ]next[ ]part[ ]--------------\n') + + +def guess_extension(ctype, ext): + all_exts = guess_all_extensions(ctype, strict=False) + if ext in all_exts: + return ext + return all_exts and all_exts[0] + + +def get_charset(message, default="ascii", guess=False): + if message.get_content_charset(): + return message.get_content_charset().decode("ascii") + if message.get_charset(): + return message.get_charset().decode("ascii") + charset = default + if not guess: + return charset + text = message.get_payload(decode=True) + for encoding in ["ascii", "utf-8", "iso-8859-15"]: + try: + text.decode(encoding) + except UnicodeDecodeError: + continue + else: + charset = encoding + break + return charset + + +def oneline(s): + """Inspired by mailman.utilities.string.oneline""" + try: + h = make_header(decode_header(s)) + ustr = h.__unicode__() + return ''.join(ustr.splitlines()) + except (LookupError, UnicodeError, ValueError, HeaderParseError): + return ''.join(s.splitlines()) + + +class Scrubber(object): + def __init__(self, msg): + self.msg = msg + + def scrub(self): + attachments = [] + for part_num, part in enumerate(self.msg.walk()): + ctype = part.get_content_type() + if not isinstance(ctype, unicode): + ctype = ctype.decode("ascii") + if ctype == 'text/plain': + disposition = part.get('content-disposition') + if disposition and disposition.decode( + "ascii", "replace").strip().startswith("attachment"): + attachments.append(self.parse_attachment(part, part_num)) + part.set_payload('') + elif ctype == 'text/html': + attachments.append(self.parse_attachment(part, part_num, + filter_html=False)) + part.set_payload('') + elif ctype == 'message/rfc822': + attachments.append(self.parse_attachment(part, part_num)) + part.set_payload('') + elif part.get_payload() and not part.is_multipart(): + payload = part.get_payload(decode=True) + ctype = part.get_content_type() + if not isinstance(ctype, unicode): + ctype.decode("ascii") + if payload is None: + continue + attachments.append(self.parse_attachment(part, part_num)) + if self.msg.is_multipart(): + text = [] + for part in self.msg.walk(): + if not part.get_payload() or part.is_multipart(): + continue + partctype = part.get_content_type() + if partctype != 'text/plain' and partctype != 'text/html': + continue + try: + t = part.get_payload(decode=True) or '' + except (binascii.Error, TypeError): + t = part.get_payload() or '' + partcharset = get_charset(part, guess=True) + try: + t = t.decode(partcharset, 'replace') + except (UnicodeError, LookupError, ValueError, + AssertionError): + t = t.decode('ascii', 'replace') + if isinstance(t, basestring): + if not t.endswith('\n'): + t += '\n' + text.append(t) + + text = u"\n".join(text) + else: + text = self.msg.get_payload(decode=True) + charset = get_charset(self.msg, guess=True) + try: + text = text.decode(charset, "replace") + except (UnicodeError, LookupError, ValueError, AssertionError): + text = text.decode('ascii', 'replace') + + next_part_match = NEXT_PART.search(text) + if next_part_match: + text = text[0:next_part_match.start(0)] + + return (text, attachments) + + def parse_attachment(self, part, counter, filter_html=True): + decodedpayload = part.get_payload(decode=True) + ctype = part.get_content_type() + if not isinstance(ctype, unicode): + ctype = ctype.decode("ascii") + charset = get_charset(part, default=None, guess=False) + try: + filename = oneline(part.get_filename('')) + except (TypeError, UnicodeDecodeError): + filename = u"attachment.bin" + filename, fnext = os.path.splitext(filename) + ext = fnext or guess_extension(ctype, fnext) + if not ext: + if ctype == 'message/rfc822': + ext = '.txt' + else: + ext = '.bin' + ext = sre.sub('', ext) + if not filename: + filebase = u'attachment' + else: + parts = pre.split(filename) + filename = parts[-1] + filename = dre.sub('', filename) + filename = sre.sub('', filename) + filebase = filename + if ctype == 'message/rfc822': + submsg = part.get_payload() + decodedpayload = str(submsg) + return (counter, filebase+ext, ctype, charset, decodedpayload) diff --git a/src/postorius/static/postorius/js/held_messages.js b/src/postorius/static/postorius/js/held_messages.js index 653c33b..f177560 100644 --- a/src/postorius/static/postorius/js/held_messages.js +++ b/src/postorius/static/postorius/js/held_messages.js @@ -5,19 +5,24 @@ $('.show-modal-btn').click(function() { var msgid = $(this).data('msgid'); $.ajax({ - url: rest_url + msgid, + url: rest_url.slice(0, rest_url.length - 1) + msgid, success: function(data) { $('#message-source-btn').attr('href', rest_url + msgid + '?raw') $('#message-title').html(data.msg.subject); $('.modal-footer form input[name="msgid"]').attr('value', msgid); if (data.msg.body) { $('#held-message-content').text(data.msg.body); - } - else if (data.msg.html) { - $('#held-message-content').text(data.msg.html); } else { $('#held-message-content').html('

Message content could not be extracted

'); } + attachments = ''; + for (i = 0; i < data.attachments.length; i++) { + attachments += '' + data.attachments[i][1] + '
'; + } + if (attachments != '') { + $('#held-message-attachment-header').removeClass('hidden'); + $('#held-message-attachments').html(attachments); + } $('#held-message-content').html($('#held-message-content').html().replace(/\n/g, "
")); $('#held-message-headers').text(data.msg.headers); $('#held-message-headers').html($('#held-message-headers').html().replace(/\n/g, "
") + '
'); @@ -44,5 +49,7 @@ $('#held-message-headers').addClass('hidden'); $('#message-title').html(''); $('#toggle-headers').removeClass('active'); + $('#held-message-attachment-header').addClass('hidden'); + $('#held-message-attachments').text(''); }); } diff --git a/src/postorius/templates/postorius/lists/held_messages.html b/src/postorius/templates/postorius/lists/held_messages.html index 5277ba0..c433565 100644 --- a/src/postorius/templates/postorius/lists/held_messages.html +++ b/src/postorius/templates/postorius/lists/held_messages.html @@ -76,6 +76,11 @@
+ +
@@ -105,6 +110,6 @@ {% block additionaljs %} {% endblock %} diff --git a/src/postorius/urls.py b/src/postorius/urls.py index b386bcc..04884a0 100644 --- a/src/postorius/urls.py +++ b/src/postorius/urls.py @@ -100,8 +100,10 @@ url(r'^users/address_activation/(?P[A-Za-z0-9]+)/$', user_views.address_activation_link, name='address_activation_link'), - url(r'^api/list/(?P[^/]+)/held_message/$', - rest_views.get_held_message, name='uncomplete_rest_held_message'), url(r'^api/list/(?P[^/]+)/held_message/(?P\d+)/$', rest_views.get_held_message, name='rest_held_message'), + url(r'^api/list/(?P[^/]+)/held_message/(?P\d+)/' + 'attachment/(?P\d+)/$', + rest_views.get_attachment_for_held_message, + name='rest_attachment_for_held_message'), ] diff --git a/src/postorius/views/list.py b/src/postorius/views/list.py index ec6a659..1c69bce 100644 --- a/src/postorius/views/list.py +++ b/src/postorius/views/list.py @@ -19,7 +19,7 @@ import logging import csv -from django.http import HttpResponse +from django.http import HttpResponse, HttpResponseNotAllowed, Http404 from django.contrib import messages from django.contrib.auth.decorators import login_required, user_passes_test @@ -30,7 +30,6 @@ from django.core.exceptions import ValidationError from django.utils.decorators import method_decorator from django.utils.translation import gettext as _ -from django.http import Http404 try: from urllib2 import HTTPError except ImportError: @@ -424,7 +423,7 @@ @list_moderator_required def moderate_held_message(request, list_id): if request.method != 'POST': - return HttpReponseNotAllowed(['POST',]) + return HttpResponseNotAllowed(['POST']) msg_id = request.POST['msgid'] try: mailing_list = List.objects.get_or_404(fqdn_listname=list_id) @@ -442,6 +441,7 @@ return redirect('list_held_messages', list_id) + @login_required @list_owner_required def csv_view(request, list_id): diff --git a/src/postorius/views/rest.py b/src/postorius/views/rest.py index 95ab919..550c19b 100644 --- a/src/postorius/views/rest.py +++ b/src/postorius/views/rest.py @@ -1,5 +1,5 @@ # -*- coding: utf-8 -*- -# Copyright (C) 1998-2015 by the Free Software Foundation, Inc. +# Copyright (C) 1998-2016 by the Free Software Foundation, Inc. # # This file is part of Postorius. # @@ -16,106 +16,52 @@ # You should have received a copy of the GNU General Public License along with # Postorius. If not, see . import json -import email -import sys from email.Header import decode_header -from base64 import b64decode -from email.Parser import Parser as EmailParser +from email.parser import Parser as EmailParser from email.parser import HeaderParser -from email.utils import parseaddr -from StringIO import StringIO from django.http import HttpResponse, Http404 from django.contrib.auth.decorators import login_required from django.utils.translation import gettext as _ +from django.core.urlresolvers import reverse -from postorius.auth.decorators import * +from postorius.auth.decorators import list_moderator_required +from postorius.models import List +from postorius.lib.scrub import Scrubber -# based on https://www.ianlewis.org/en/parsing-email-attachments-python -def parse_attachment(message_part, counter): - content_disposition = message_part.get("Content-Disposition", None) - if content_disposition: - dispositions = content_disposition.strip().split(";") - if bool(content_disposition and dispositions[0].lower() == "attachment"): - - file_data = message_part.get_payload(decode=True) - attachment = StringIO(file_data) - attachment.content_type = message_part.get_content_type() - attachment.size = len(file_data) - attachment.name = message_part.get_filename() - - if not attachment.name: - ext = mimetypes.guess_extension(part.get_content_type()) - if not ext: - ext = '.bin' - attachment.name = 'part-%03d%s' % (counter, ext) - - return attachment - return None - -def parse(content): - p = EmailParser() - msgobj = p.parsestr(content) +def parse(message): + msgobj = EmailParser().parsestr(message) header_parser = HeaderParser() if msgobj['Subject'] is not None: decodefrag = decode_header(msgobj['Subject']) subj_fragments = [] - for s , enc in decodefrag: + for s, enc in decodefrag: if enc: - s = unicode(s , enc).encode('utf8','replace') + s = unicode(s, enc).encode('utf8', 'replace') subj_fragments.append(s) subject = ''.join(subj_fragments) else: subject = None - attachments = [] - body = None - html = None - counter = 1 - for part in msgobj.walk(): - attachment = parse_attachment(part, counter) - if attachment: - attachments.append(attachment) - counter += 1 - elif part.get_content_type() == "text/plain": - if body is None: - body = "" - if part.get_content_charset(): - body += unicode( - part.get_payload(decode=True), - part.get_content_charset(), - 'replace' - ).encode('utf8','replace') - else: - body += part.get_payload(decode=True) - elif part.get_content_type() == "text/html": - if html is None: - html = "" - if part.get_content_charset(): - html += unicode( - part.get_payload(decode=True), - part.get_content_charset(), - 'replace' - ).encode('utf8','replace') - else: - html += part.get_payload(decode=True) headers = [] - headers_dict = header_parser.parsestr(content) + headers_dict = header_parser.parsestr(message) for key in headers_dict.keys(): headers += ['{}: {}'.format(key, headers_dict[key])] + content = Scrubber(msgobj).scrub()[0] return { - 'subject' : subject, - 'body' : body, - 'html' : html, - 'from' : parseaddr(msgobj.get('From'))[1], - 'to' : parseaddr(msgobj.get('To'))[1], + 'subject': subject, + 'body': content, 'headers': '\n'.join(headers), - #'attachments': attachments, } +def get_attachments(message): + message = EmailParser().parsestr(message) + return Scrubber(message).scrub()[1] + + @login_required @list_moderator_required def get_held_message(request, list_id, held_id=-1): @@ -124,7 +70,8 @@ if held_id == -1: raise Http404(_('Message does not exist')) - held_message = List.objects.get_or_404(fqdn_listname=list_id).get_held_message(held_id) + held_message = List.objects.get_or_404( + fqdn_listname=list_id).get_held_message(held_id) if 'raw' in request.GET: return HttpResponse(held_message.msg, content_type='text/plain') response_data = dict() @@ -137,6 +84,28 @@ response_data['hold_date'] = held_message.hold_date response_data['msg'] = parse(held_message.msg) response_data['msgid'] = held_message.request_id - response_data['subject'] = held_message.subject + response_data['attachments'] = [] + attachments = get_attachments(held_message.msg) + for attachment in attachments: + counter, name, content_type, encoding, content = attachment + response_data['attachments'].append( + (reverse('rest_attachment_for_held_message', + args=(list_id, held_id, counter)), name)) - return HttpResponse(json.dumps(response_data), content_type='application/json') + return HttpResponse(json.dumps(response_data), + content_type='application/json') + + +@login_required +@list_moderator_required +def get_attachment_for_held_message(request, list_id, held_id, attachment_id): + held_message = List.objects.get_or_404( + fqdn_listname=list_id).get_held_message(held_id) + attachments = get_attachments(held_message.msg) + for attachment in attachments: + if attachment[0] == int(attachment_id): + response = HttpResponse(attachment[4], content_type=attachment[2]) + response['Content-Disposition'] = \ + 'attachment;filename="{}"'.format(attachment[1]) + return response + raise Http404(_('Attachment does not exist'))