beenull/disposable-mailbox-2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

extract method _load_one_email

Browse source
This commit is contained in:
Synox 2017-01-20 23:04:07 +01:00
parent 9b7fbacb74
commit 69ae3b8d43
1 changed files with 17 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
src/backend.php
View file

@ -49,10 +49,8 @@ function print_emails($username, $address) {
function delete_email($mailid, $address) { function delete_email($mailid, $address) {
global $mailbox; global $mailbox;
// in order to avoid https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References $email = _load_one_email($mailid, $address);
// the recipient in the email has to match the $address. if ($email !== null) {
$emails = _load_emails(array($mailid), $address);
if (count($emails) === 1) {
$mailbox->deleteMail($mailid); $mailbox->deleteMail($mailid);
$mailbox->expungeDeletedMails(); $mailbox->expungeDeletedMails();
header('Content-type: application/json'); header('Content-type: application/json');
@ -73,23 +71,32 @@ function delete_email($mailid, $address) {
function download_email($mailid, $address) { function download_email($mailid, $address) {
global $mailbox; global $mailbox;
// in order to avoid https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References $email = _load_one_email($mailid, $address);
// the recipient in the email has to match the $address. if ($email !== null) {
$emails = _load_emails(array($mailid), $address);
if (count($emails) === 1) {
header("Content-Type: message/rfc822; charset=utf-8"); header("Content-Type: message/rfc822; charset=utf-8");
header("Content-Disposition: attachment; filename=\"$address-$mailid.eml\""); header("Content-Disposition: attachment; filename=\"$address-$mailid.eml\"");
$headers = imap_fetchheader($mailbox->getImapStream(), $mailid, FT_UID); $headers = imap_fetchheader($mailbox->getImapStream(), $mailid, FT_UID);
$body = imap_body($mailbox->getImapStream(), $mailid, FT_UID); $body = imap_body($mailbox->getImapStream(), $mailid, FT_UID);
print ($headers . "\n" . $body); print ($headers . "\n" . $body);
} else { } else {
error(404, 'download error: invalid username/mailid combination'); error(404, 'download error: invalid username/mailid combination');
} }
} }
/**
* Load exactly one email, the $address in TO or CC has to match.
* @param $mailid integer
* @param $address String address
* @return email or null
*/
function _load_one_email($mailid, $address) {
// in order to avoid https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References
// the recipient in the email has to match the $address.
$emails = _load_emails(array($mailid), $address);
return count($emails) === 1 ? $emails[0] : null;
}
/** /**
* Load emails using the $mail_ids, the mails have to match the $address in TO or CC. * Load emails using the $mail_ids, the mails have to match the $address in TO or CC.