public function sanitizeHtmlMailBody($mailBody, array $messageParameters, Closure $mapCidToAttachmentId)
{
$config = HTMLPurifier_Config::createDefault();
// Append target="_blank" to all link (a) elements
$config->set('HTML.TargetBlank', true);
// allow cid, http and ftp
$config->set('URI.AllowedSchemes', ['cid' => true, 'http' => true, 'https' => true, 'ftp' => true, 'mailto' => true]);
$config->set('URI.Host', Util::getServerHostName());
// Disable the cache since ownCloud has no really appcache
// TODO: Fix this - requires https://github.com/owncloud/core/issues/10767 to be fixed
$config->set('Cache.DefinitionImpl', null);
// Rewrite URL for redirection and proxying of content
$html = $config->getDefinition('HTML');
$html->info_attr_transform_post['imagesrc'] = new TransformImageSrc($this->urlGenerator);
$html->info_attr_transform_post['cssbackground'] = new TransformCSSBackground($this->urlGenerator);
$html->info_attr_transform_post['htmllinks'] = new TransformHTMLLinks();
$uri = $config->getDefinition('URI');
$uri->addFilter(new TransformURLScheme($messageParameters, $mapCidToAttachmentId, $this->urlGenerator), $config);
HTMLPurifier_URISchemeRegistry::instance()->register('cid', new CidURIScheme());
$purifier = new HTMLPurifier($config);
$result = $purifier->purify($mailBody);
// eat xml parse errors within HTMLPurifier
libxml_clear_errors();
return $result;
}
/**
* Validates an assertion
* @param String $assertion
* @return String
*/
public static function Validate($assertion)
{
self::$_isPersona = true;
$data = array('assertion' => $assertion, 'audience' => \OCP\Util::getServerProtocol() . '://' . \OCP\Util::getServerHostName());
$response = self::_query($data);
return self::_parseResponse($response);
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*
* @throws \Exception If the URL is not valid.
* @return TemplateResponse
*/
public function redirect()
{
$templateName = 'redirect';
$route = 'mail.page.index';
$mailURL = $this->urlGenerator->linkToRoute($route);
$url = $this->request->getParam('src');
$authorizedRedirect = false;
if (strpos($url, 'http://') !== 0 && strpos($url, 'https://') !== 0) {
throw new \Exception('URL is not valid.', 1);
}
// If the request has a referrer from this domain redirect the user without interaction
// this is there to prevent an open redirector.
// Since we can't prevent the referrer from being added with a HTTP only header we rely on an
// additional JS file here.
if (parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST) === Util::getServerHostName()) {
Util::addScript('mail', 'autoredirect');
$authorizedRedirect = true;
}
$params = ['authorizedRedirect' => $authorizedRedirect, 'url' => $url, 'urlHost' => parse_url($url, PHP_URL_HOST), 'mailURL' => $mailURL];
return new TemplateResponse($this->appName, $templateName, $params, 'guest');
}
/**
* @param array $attr
* @param HTMLPurifier_Config $config
* @param HTMLPurifier_Context $context
* @return array
*/
public function transform($attr, $config, $context)
{
if ($context->get('CurrentToken')->name !== 'img' || !isset($attr['src'])) {
return $attr;
}
// Block tracking pixels
if (isset($attr['width']) && isset($attr['height']) && (int) $attr['width'] < 5 && (int) $attr['height'] < 5) {
// Replace with a transparent png in case it's important for the layout
$attr['src'] = Util::imagePath('mail', 'blocked-image.png');
$attr = $this->setDisplayNone($attr);
return $attr;
}
// Do not block images attached to the email
$url = $this->parser->parse($attr['src']);
if ($url->host === Util::getServerHostName() && $url->path === $this->urlGenerator->linkToRoute('mail.proxy.proxy')) {
$attr['data-original-src'] = $attr['src'];
$attr['src'] = Util::imagePath('mail', 'blocked-image.png');
$attr = $this->setDisplayNone($attr);
}
return $attr;
}
public function __construct(array $urlParams = array())
{
parent::__construct('mail', $urlParams);
$container = $this->getContainer();
/**
* Controllers
*/
$container->registerService('PageController', function ($c) {
/** @var IAppContainer $c */
return new PageController($c->query('AppName'), $c->query('Request'), $c->query('MailAccountMapper'), $c->query('ServerContainer')->getURLGenerator(), $c->query('UserId'));
});
$container->registerService('AccountService', function ($c) {
/** @var IAppContainer $c */
return new AccountService($c->query('MailAccountMapper'), $c->getServer()->getL10N('mail'));
});
$container->registerService('AccountsController', function ($c) {
/** @var IAppContainer $c */
return new AccountsController($c->query('AppName'), $c->query('Request'), $c->query('AccountService'), $c->query('UserId'), $c->getServer()->getUserFolder(), $c->query('ContactsIntegration'), $c->query('AutoConfig'), $c->query('Logger'), $c->getServer()->getL10N('mail'), $c->getServer()->getCrypto());
});
$container->registerService('FoldersController', function ($c) {
/** @var IAppContainer $c */
return new FoldersController($c->query('AppName'), $c->query('Request'), $c->query('AccountService'), $c->query('UserId'));
});
$container->registerService('MessagesController', function ($c) {
/** @var IAppContainer $c */
return new MessagesController($c->query('AppName'), $c->query('Request'), $c->query('AccountService'), $c->query('UserId'), $c->getServer()->getUserFolder(), $c->query('ContactsIntegration'), $c->query('Logger'), $c->getServer()->getL10N('mail'));
});
$container->registerService('ProxyController', function ($c) {
/** @var IAppContainer $c */
return new ProxyController($c->query('AppName'), $c->query('Request'), $c->query('ServerContainer')->getURLGenerator(), $c->query('ServerContainer')->getSession(), $c->getServer()->getHelper(), isset($_SERVER['HTTP_REFERER']) ?: null, \OCP\Util::getServerHostName());
});
/**
* Mappers
*/
$container->registerService('MailAccountMapper', function ($c) {
/** @var IAppContainer $c */
return new MailAccountMapper($c->getServer()->getDb());
});
/**
* Services
*/
$container->registerService('ContactsIntegration', function ($c) {
/** @var IAppContainer $c */
return new ContactsIntegration($c->getServer()->getContactsManager());
});
$container->registerService('ImapConnectivityTester', function ($c) {
/** @var IAppContainer $c */
return new ImapConnectivityTester($c->query('ImapConnector'), $c->query('Logger'), $c->query('UserId'));
});
$container->registerService('ImapConnector', function ($c) {
/** @var IAppContainer $c */
return new ImapConnector($c->getServer()->getCrypto(), $c->query('Logger'), $c->query('UserId'));
});
$container->registerService('ImapServerDetector', function ($c) {
/** @var IAppContainer $c */
return new ImapServerDetector($c->query('MxRecord'), $c->query('ImapConnectivityTester'));
});
$container->registerService('SmtpConnectivityTester', function ($c) {
/** @var IAppContainer $c */
return new SmtpConnectivityTester($c->getServer()->getCrypto(), $c->query('Logger'), $c->query('UserId'));
});
$container->registerService('SmtpServerDetector', function ($c) {
$transport = $c->getServer()->getConfig()->getSystemValue('app.mail.transport', 'smtp');
/** @var IAppContainer $c */
return new SmtpServerDetector($c->query('MxRecord'), $c->query('SmtpConnectivityTester'), $transport === 'smtp');
});
$container->registerService('MozillaIspDb', function ($c) {
/** @var IAppContainer $c */
return new MozillaIspDb($c->query('Logger'));
});
$container->registerService('MxRecord', function ($c) {
/** @var IAppContainer $c */
return new MxRecord($c->query('Logger'));
});
$container->registerService('AutoConfig', function ($c) {
/** @var IAppContainer $c */
return new AutoConfig($c->query('Logger'), $c->query('UserId'), $c->query('MozillaIspDb'), $c->query('MxRecord'), $c->query('ImapConnectivityTester'), $c->query('ImapServerDetector'), $c->query('SmtpConnectivityTester'), $c->query('SmtpServerDetector'), $c->query('ImapConnector'), $c->getServer()->getCrypto());
});
$container->registerService('Logger', function ($c) {
/** @var IAppContainer $c */
return new Logger($c->query('AppName'), $c->query('ServerContainer')->getLogger());
});
/**
* Core
*/
$container->registerService('UserId', function () {
return \OCP\User::getUser();
});
}
public static function generateUID($app = 'contacts') {
$uuid = new UUID();
return $uuid->get() . '@' . \OCP\Util::getServerHostName();
}
/**
* @return string
*/
public static function generateUID()
{
$uuid = UUIDUtil::getUUID();
return $uuid . '@' . \OCP\Util::getServerHostName();
}
public static function generateUID($app = 'contacts')
{
return date('Ymd\\THis') . '.' . substr(md5(rand() . time()), 0, 10) . '@' . \OCP\Util::getServerHostName();
}
